From: Kienan Stewart <kstewart@efficios.com>
Date: Fri, 9 Aug 2024 17:56:50 +0000 (-0400)
Subject: ansible: Add role for installing Jenkins
X-Git-Url: http://git.lttng.org./?a=commitdiff_plain;h=9a78f883c901ce795cdb6f3b3e6c96eb0f6d60b1;p=lttng-ci.git

ansible: Add role for installing Jenkins

Change-Id: Ia24ad484f83763bcff451fda82b64ffcdb008f79
Signed-off-by: Kienan Stewart <kstewart@efficios.com>
---

diff --git a/automation/ansible/roles/jenkins/defaults/main.yml b/automation/ansible/roles/jenkins/defaults/main.yml
new file mode 100644
index 0000000..b2e9ec7
--- /dev/null
+++ b/automation/ansible/roles/jenkins/defaults/main.yml
@@ -0,0 +1,78 @@
+---
+
+jenkins_lts: true
+jenkins_dependencies:
+  - fontconfig
+  - openjdk-17-jre
+jenkins_plugins:
+  - active-directory
+  - ansicolor
+  - authentication-tokens
+  - build-keeper-plugin
+  - build-timeout
+  - checks-api
+  - command-launcher
+  - conditional-buildstep
+  - config-file-provider
+  - copyartifact
+  - coverage
+  - credentials
+  - dark-theme
+  - dashboard-view
+  - email-ext
+  - envinject
+  - environment-script
+  - excludeMatrixParent
+  - extended-read-permission
+  - external-monitor-job
+  - gerrit-checks-api
+  - git
+  - git-server
+  - github
+  - github-api
+  - groovy
+  - htmlpublisher
+  - image-gallery
+  - instance-identity
+  - ircbot
+  - javax-mail-api
+  - jdk-tool
+  - jobConfigHistory
+  - job-dsl
+  - junit
+  - ldap
+  - libvirt-slave
+  - mapdb-api
+  - matrix-project
+  - metrics
+  - monitoring
+  - parameterized-trigger
+  - permissive-script-security
+  - pipeline-github-lib
+  - pipeline-graph-view
+  - 'pipeline-groovy-lib'   # Replaces workflow-cps
+  - pipeline-model-definition
+  - pipeline-rest-api
+  - pipeline-utility-steps
+  - plot
+  - postbuildscript
+  - PrioritySorter
+  - proc-cleaner-plugin
+  - promoted-builds
+  - publish-over-ssh
+  - purge-build-queue-plugin
+  - script-security
+  - simple-theme-plugin
+  - solarized-theme
+  - ssh-slaves
+  - tap
+  - throttle-concurrents
+  - timestamper
+  - versioncolumn
+  - warnings-ng
+  - workflow-aggregator
+  - workflow-api
+  - workflow-basic-steps
+  - workflow-job
+  - ws-cleanup
+jenkins_restart_on_change: false
diff --git a/automation/ansible/roles/jenkins/handlers/main.yml b/automation/ansible/roles/jenkins/handlers/main.yml
new file mode 100644
index 0000000..7ac012c
--- /dev/null
+++ b/automation/ansible/roles/jenkins/handlers/main.yml
@@ -0,0 +1,15 @@
+---
+- name: Systemd daemon-reload
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: Request Jenkins restart
+  when: jenkins_restart_on_change|default(false)
+  community.general.jenkins_script:
+    script: |
+      import jenkins.model.*
+      Jenkins.instance.safeRestart("Changes during Ansible run")
+    url: "{{jenkins_url|default('http://localhost:8080')}}"
+    user: "{{jenkins_url_username|default(lookup('community.general.bitwarden', '5b6f7c60-26ec-4066-8bd0-b05000de8c24', search='id', field='username')[0])}}"
+    password: "{{jenkins_url_password|default(lookup('community.general.bitwarden', '5b6f7c60-26ec-4066-8bd0-b05000de8c24', search='id', field='password')[0])}}"
+
diff --git a/automation/ansible/roles/jenkins/tasks/main.yml b/automation/ansible/roles/jenkins/tasks/main.yml
new file mode 100644
index 0000000..cd64981
--- /dev/null
+++ b/automation/ansible/roles/jenkins/tasks/main.yml
@@ -0,0 +1,51 @@
+---
+
+- name: Install Jenkins keyring
+  ansible.builtin.get_url:
+    url: 'https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key'
+    dest: '/usr/share/keyrings/jenkins-keyring.asc'
+- name: Add Jenkins stable apt repository
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian{{'-stable' if jenkins_lts else ''}} binary/"
+- name: Install Jenkins depencies
+  ansible.builtin.package:
+    name: "{{jenkins_dependencies}}"
+- name: Install Jenkins
+  ansible.builtin.package:
+    name:
+      - jenkins
+- name: Add service override folder
+  ansible.builtin.file:
+    state: 'directory'
+    dest: '/etc/systemd/system/jenkins.service.d'
+    owner: 'root'
+    group: 'root'
+    mode: '0755'
+- name: Add service override
+  when: jenkins_systemd_service_override|default(false)
+  ansible.builtin.copy:
+    dest: '/etc/systemd/system/jenkins.service.d/override.conf'
+    content: "{{jenkins_systemd_service_override}}"
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  notify:
+    - Systemd daemon-reload
+    - Request Jenkins restart
+- name: Jenkins service
+  ansible.builtin.service:
+    name: jenkins
+    enabled: true
+    state: started
+- name: Jenkins plugin
+  community.general.jenkins_plugin:
+    name: "{{item}}"
+    state: "{{item.state|default('present')}}"
+    url: "{{jenkins_url|default('http://localhost:8080')}}"
+    url_username: "{{jenkins_url_username}}"
+    url_password: "{{jenkins_url_password}}"
+  loop: "{{jenkins_plugins}}"
+  notify:
+    - Request Jenkins restart
+  tags:
+    - slow