diff options
author | Benjamin Copeland <ben.copeland@linaro.org> | 2018-12-10 15:08:27 +0000 |
---|---|---|
committer | Benjamin Copeland <ben.copeland@linaro.org> | 2019-01-11 11:44:44 +0000 |
commit | bd9d9b3d7991da0af6a6e9892a802e5b8487ee3b (patch) | |
tree | 5fa18a2a786c62979e6497bd35b1862f1dbb8cf3 | |
parent | 9c63272913402329a3a5f54f3a43b355ee6705e0 (diff) |
Jenkins: Add ci.trustedfirmware.org
Change-Id: Ief85c4898d71986dcc42dda4221e06b62cf3784d
Reviewed-on: https://review.linaro.org/29394
Reviewed-by: Kelley Spoon <kelley.spoon@linaro.org>
Reviewed-by: Benjamin Copeland <ben.copeland@linaro.org>
-rw-r--r-- | group_vars/jenkins_tf_master | 31 | ||||
-rw-r--r-- | hosts | 2 | ||||
-rw-r--r-- | jenkins-master.yml | 11 | ||||
-rw-r--r-- | roles/docker-jenkins-master/tasks/main.yml | 6 | ||||
-rw-r--r-- | roles/docker-tf-jenkins-master/tasks/main.yml | 60 |
5 files changed, 110 insertions, 0 deletions
diff --git a/group_vars/jenkins_tf_master b/group_vars/jenkins_tf_master new file mode 100644 index 00000000..ab052705 --- /dev/null +++ b/group_vars/jenkins_tf_master @@ -0,0 +1,31 @@ +# Apache +hostname: "{{inventory_hostname}}" +apache_user: www-data +apache_modules: + - ssl + - proxy + - proxy_http + - rewrite +ssl_cert: /etc/dehydrated/certs/{{hostname}}/fullchain.pem +ssl_key: /etc/dehydrated/certs/{{hostname}}/privkey.pem +ssl_ca: "{{ssl_cert}}" + +# Docker +jenkins_master_image: 'trustedfirmware/jenkins-master:latest' +jenkins_master_container_name: 'jenkins' +jenkins_master_data_container_name: 'jenkins_data' +jenkins_master_data_volume: '/srv/jenkins' + +jenkins_master_port: '8080' +jenkins_master_slaves_port: '2233' +jenkins_master_sshd_port: '2222' +jenkins_jnlp_port: '50000' + +login_groups: + - systems + - team-builds-and-baselines + +sudo_groups: + - systems + - users + @@ -72,6 +72,8 @@ elk.linaro.org [jenkins_master] ci.linaro.org + +[jenkins_tf_master] ci.trustedfirmware.org [jenkins_slaves_hetzner] diff --git a/jenkins-master.yml b/jenkins-master.yml index 78f6c758..7ae243c9 100644 --- a/jenkins-master.yml +++ b/jenkins-master.yml @@ -21,3 +21,14 @@ - {role: certbot, tags: [certbot]} - {role: apache-site, src: "jenkins/ci.linaro.org.conf", config: "ci.linaro.org", tags: [apache]} - {role: openvpn-client, tags: [vpn]} + +- name: Deploy trustedfirmware + hosts: jenkins_tf_master + become: yes + vars_files: + - "{{secrets_dir}}/group_vars/all" + roles: + - {role: ssh-ldap, tags: [ssh-ldap]} + - {role: docker-deps, tags: [jenkins-master,docker]} + - {role: docker-tf-jenkins-master, tags: [jenkins-master,docker]} + - {role: apache-site, src: "jenkins/ci.linaro.org.conf", config: "ci.trustedfirmware.org", tags: [apache]} diff --git a/roles/docker-jenkins-master/tasks/main.yml b/roles/docker-jenkins-master/tasks/main.yml index ef079031..ff427627 100644 --- a/roles/docker-jenkins-master/tasks/main.yml +++ b/roles/docker-jenkins-master/tasks/main.yml @@ -1,4 +1,10 @@ --- + +- name: Enable Apache modules + apache2_module: name={{item}} + with_items: "{{apache_modules}}" + notify: reload-apache + - name: Ensure data volume is owned by jenkins file: path: "{{jenkins_master_data_volume}}" diff --git a/roles/docker-tf-jenkins-master/tasks/main.yml b/roles/docker-tf-jenkins-master/tasks/main.yml new file mode 100644 index 00000000..cc5123d4 --- /dev/null +++ b/roles/docker-tf-jenkins-master/tasks/main.yml @@ -0,0 +1,60 @@ +--- +- name: Ensure data volume is owned by jenkins + file: + path: "{{jenkins_master_data_volume}}" + state: directory + owner: 1000 + group: 1000 + recurse: yes + follow: no + +# This is a *dead* symlink on the host, that becomes active when attached to the docker image. +# This allows us to have our plugins installed in the docker image instead on the host. +- name: Ensure data volume has plugins symlink + file: + dest: "{{jenkins_master_data_volume}}/plugins" + src: /var/jenkins_plugins + state: link + force: yes + follow: no + +# This controls images available on the system since +# we don't allow docker_container to do its own pulls +- name: Pull latest images from upstream repo + docker_image: + name: "{{jenkins_master_image}}" + state: present + force: True + when: jenkins_upgrade is defined + +- name: Create jenkins data volume container + docker_container: + name: "{{jenkins_master_data_container_name}}" + image: "{{jenkins_master_image}}" + pull: False + ignore_image: "{{not(jenkins_upgrade is defined)}}" + state: present + +- name: Create jenkins container + docker_container: + name: "{{jenkins_master_container_name}}" + image: "{{jenkins_master_image}}" + pull: False + ignore_image: "{{not(jenkins_upgrade is defined)}}" + state: started + log_driver: journald + restart_policy: unless-stopped + published_ports: + - "{{jenkins_master_port}}:{{jenkins_master_port}}" + - "{{jenkins_master_slaves_port}}:{{jenkins_master_slaves_port}}" + - "{{jenkins_master_sshd_port}}:{{jenkins_master_sshd_port}}" + - "{{jenkins_jnlp_port}}:{{jenkins_jnlp_port}}" + volumes: + - "{{jenkins_master_data_volume}}:/var/jenkins_home" + volumes_from: + - "{{jenkins_master_data_container_name}}" + +- name: Wait for Jenkins starts + wait_for: + port: 8080 + delay: 10 |