Jenkins: Add ci.trustedfirmware.org

Change-Id: Ief85c4898d71986dcc42dda4221e06b62cf3784d Reviewed-on: https://review.linaro.org/29394 Reviewed-by: Kelley Spoon <kelley.spoon@linaro.org> Reviewed-by: Benjamin Copeland <ben.copeland@linaro.org>
author: Benjamin Copeland <ben.copeland@linaro.org> 2018-12-10 15:08:27 +0000
committer: Benjamin Copeland <ben.copeland@linaro.org> 2019-01-11 11:44:44 +0000
commit: bd9d9b3d7991da0af6a6e9892a802e5b8487ee3b (patch)
tree: 5fa18a2a786c62979e6497bd35b1862f1dbb8cf3
parent: 9c63272913402329a3a5f54f3a43b355ee6705e0 (diff)
5 files changed, 110 insertions, 0 deletions
diff --git a/group_vars/jenkins_tf_master b/group_vars/jenkins_tf_master
new file mode 100644
index 00000000..ab052705
--- /dev/null
+++ b/group_vars/jenkins_tf_master
@@ -0,0 +1,31 @@
+# Apache
+hostname: "{{inventory_hostname}}"
+apache_user: www-data
+apache_modules:
+  - ssl
+  - proxy
+  - proxy_http
+  - rewrite
+ssl_cert: /etc/dehydrated/certs/{{hostname}}/fullchain.pem
+ssl_key: /etc/dehydrated/certs/{{hostname}}/privkey.pem
+ssl_ca: "{{ssl_cert}}"
+
+# Docker
+jenkins_master_image: 'trustedfirmware/jenkins-master:latest'
+jenkins_master_container_name: 'jenkins'
+jenkins_master_data_container_name: 'jenkins_data'
+jenkins_master_data_volume: '/srv/jenkins'
+
+jenkins_master_port: '8080'
+jenkins_master_slaves_port: '2233'
+jenkins_master_sshd_port: '2222'
+jenkins_jnlp_port: '50000'
+
+login_groups:
+  - systems
+  - team-builds-and-baselines
+
+sudo_groups:
+  - systems
+  - users
+
diff --git a/hosts b/hosts
index cd4a9876..9cc28b9a 100644
--- a/hosts
+++ b/hosts
@@ -72,6 +72,8 @@ elk.linaro.org
 
 [jenkins_master]
 ci.linaro.org
+
+[jenkins_tf_master]
 ci.trustedfirmware.org
 
 [jenkins_slaves_hetzner]
diff --git a/jenkins-master.yml b/jenkins-master.yml
index 78f6c758..7ae243c9 100644
--- a/jenkins-master.yml
+++ b/jenkins-master.yml
@@ -21,3 +21,14 @@
     - {role: certbot, tags: [certbot]}
     - {role: apache-site, src: "jenkins/ci.linaro.org.conf", config: "ci.linaro.org", tags: [apache]}
     - {role: openvpn-client, tags: [vpn]}
+
+- name: Deploy trustedfirmware
+  hosts: jenkins_tf_master
+  become: yes
+  vars_files:
+    - "{{secrets_dir}}/group_vars/all"
+  roles:
+    - {role: ssh-ldap, tags: [ssh-ldap]}
+    - {role: docker-deps, tags: [jenkins-master,docker]}
+    - {role: docker-tf-jenkins-master, tags: [jenkins-master,docker]}
+    - {role: apache-site, src: "jenkins/ci.linaro.org.conf", config: "ci.trustedfirmware.org", tags: [apache]}
diff --git a/roles/docker-jenkins-master/tasks/main.yml b/roles/docker-jenkins-master/tasks/main.yml
index ef079031..ff427627 100644
--- a/roles/docker-jenkins-master/tasks/main.yml
+++ b/roles/docker-jenkins-master/tasks/main.yml
@@ -1,4 +1,10 @@
 ---
+
+- name: Enable Apache modules
+  apache2_module: name={{item}}
+  with_items: "{{apache_modules}}"
+  notify: reload-apache
+
 - name: Ensure data volume is owned by jenkins
   file:
     path: "{{jenkins_master_data_volume}}"
diff --git a/roles/docker-tf-jenkins-master/tasks/main.yml b/roles/docker-tf-jenkins-master/tasks/main.yml
new file mode 100644
index 00000000..cc5123d4
--- /dev/null
+++ b/roles/docker-tf-jenkins-master/tasks/main.yml
@@ -0,0 +1,60 @@
+---
+- name: Ensure data volume is owned by jenkins
+  file:
+    path: "{{jenkins_master_data_volume}}"
+    state: directory
+    owner: 1000
+    group: 1000
+    recurse: yes
+    follow: no
+
+# This is a *dead* symlink on the host, that becomes active when attached to the docker image.
+# This allows us to have our plugins installed in the docker image instead on the host.
+- name: Ensure data volume has plugins symlink
+  file:
+    dest: "{{jenkins_master_data_volume}}/plugins"
+    src: /var/jenkins_plugins
+    state: link
+    force: yes
+    follow: no
+
+# This controls images available on the system since
+#  we don't allow docker_container to do its own pulls
+- name: Pull latest images from upstream repo
+  docker_image:
+    name: "{{jenkins_master_image}}"
+    state: present
+    force: True
+  when: jenkins_upgrade is defined
+
+- name: Create jenkins data volume container
+  docker_container:
+    name: "{{jenkins_master_data_container_name}}"
+    image: "{{jenkins_master_image}}"
+    pull: False
+    ignore_image: "{{not(jenkins_upgrade is defined)}}"
+    state: present
+
+- name: Create jenkins container
+  docker_container:
+    name: "{{jenkins_master_container_name}}"
+    image: "{{jenkins_master_image}}"
+    pull: False
+    ignore_image: "{{not(jenkins_upgrade is defined)}}"
+    state: started
+    log_driver: journald
+    restart_policy: unless-stopped
+    published_ports:
+      - "{{jenkins_master_port}}:{{jenkins_master_port}}"
+      - "{{jenkins_master_slaves_port}}:{{jenkins_master_slaves_port}}"
+      - "{{jenkins_master_sshd_port}}:{{jenkins_master_sshd_port}}"
+      - "{{jenkins_jnlp_port}}:{{jenkins_jnlp_port}}"
+    volumes:
+      - "{{jenkins_master_data_volume}}:/var/jenkins_home"
+    volumes_from:
+      - "{{jenkins_master_data_container_name}}"
+
+- name: Wait for Jenkins starts
+  wait_for:
+    port: 8080
+    delay: 10
author	Benjamin Copeland <ben.copeland@linaro.org>	2018-12-10 15:08:27 +0000
committer	Benjamin Copeland <ben.copeland@linaro.org>	2019-01-11 11:44:44 +0000
commit	bd9d9b3d7991da0af6a6e9892a802e5b8487ee3b (patch)
tree	5fa18a2a786c62979e6497bd35b1862f1dbb8cf3
parent	9c63272913402329a3a5f54f3a43b355ee6705e0 (diff)