From c26ad7dd104a2f9b68552712f98cef501667dc97 Mon Sep 17 00:00:00 2001 From: Trevor Bramwell Date: Fri, 28 Sep 2018 13:11:18 -0700 Subject: [PATCH] Convert Init Container and Scripts to Ansible The init container ran a script that was not fully idempotent. Migrating that script to Ansible allows for strong idempotency (ensuring things that change get changed), and reduces the overhead of maintaining bash. This change also splits up the docker-compose.yml file in preperation for Zuul support. Jenkins groovy init scripts are renamed to run-parts syntax in order to ensure ordering, and the Gerrit groovy configuration is set to run immediately instead of waiting for plugins to finish loading. Change-Id: Ib6d355e15a13a6d03769c6a8c0b3bfb6056dd3e7 Signed-off-by: Trevor Bramwell --- .gitignore | 3 + docker-compose.override.yml | 44 +++++ docker-compose.yml | 43 +---- init/Dockerfile | 31 +-- init/config-ci-environment.sh | 213 --------------------- init/inventory.ini | 1 + init/playbooks/files/.gitreview | 6 + init/playbooks/files/jjb/ci-management.yaml | 10 + init/playbooks/files/jjb/defaults.yaml | 8 + init/playbooks/files/jjb/jenkins.ini | 11 ++ init/playbooks/files/nexus-repo-schema.yaml | 15 ++ init/playbooks/files/nexus-repo.json | 15 ++ init/playbooks/site.yaml | 141 ++++++++++++++ init/playbooks/tasks/jenkins.yaml | 76 ++++++++ init/playbooks/vars/default.yaml | 11 ++ jenkins/Dockerfile | 28 +-- ...operties.groovy => 00_global-properties.groovy} | 0 ...reate-jjbini.groovy => 10_create-jjbini.groovy} | 0 ...agent.groovy => 20_create-jenkins-agent.groovy} | 0 ...setup.groovy => 30_basic-security-setup.groovy} | 0 ...ings.groovy => 40_create-nexus-settings.groovy} | 0 jenkins/scripts/50_gerrit-config.groovy | 56 ++++++ jenkins/scripts/{ldap.groovy => 60_ldap.groovy} | 0 jenkins/scripts/gerrit-config.groovy | 59 ------ 24 files changed, 424 insertions(+), 347 deletions(-) create mode 100644 docker-compose.override.yml delete mode 100644 init/config-ci-environment.sh create mode 100644 init/inventory.ini create mode 100644 init/playbooks/files/.gitreview create mode 100644 init/playbooks/files/jjb/ci-management.yaml create mode 100644 init/playbooks/files/jjb/defaults.yaml create mode 100644 init/playbooks/files/jjb/jenkins.ini create mode 100644 init/playbooks/files/nexus-repo-schema.yaml create mode 100644 init/playbooks/files/nexus-repo.json create mode 100644 init/playbooks/site.yaml create mode 100644 init/playbooks/tasks/jenkins.yaml create mode 100644 init/playbooks/vars/default.yaml rename jenkins/scripts/{global-properties.groovy => 00_global-properties.groovy} (100%) rename jenkins/scripts/{create-jjbini.groovy => 10_create-jjbini.groovy} (100%) rename jenkins/scripts/{create-jenkins-agent.groovy => 20_create-jenkins-agent.groovy} (100%) rename jenkins/scripts/{basic-security-setup.groovy => 30_basic-security-setup.groovy} (100%) rename jenkins/scripts/{create-nexus-settings.groovy => 40_create-nexus-settings.groovy} (100%) create mode 100644 jenkins/scripts/50_gerrit-config.groovy rename jenkins/scripts/{ldap.groovy => 60_ldap.groovy} (100%) delete mode 100644 jenkins/scripts/gerrit-config.groovy diff --git a/.gitignore b/.gitignore index 5e12c98..b906be4 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,6 @@ MANIFEST All-Projects All-Users ci-management + +# Ansible files +*.retry diff --git a/docker-compose.override.yml b/docker-compose.override.yml new file mode 100644 index 0000000..f19664c --- /dev/null +++ b/docker-compose.override.yml @@ -0,0 +1,44 @@ +--- +version: '3' +services: + init: + environment: + - CI_SYSTEM=jenkins + - GLOBAL_JJB_VERSION=v0.19.2 + volumes: + - jenkins:/jenkins + links: + - jenkins + jenkins: + build: + context: ./jenkins + args: + - JENKINS_VERSION=$JENKINS_CONTAINER_VERSION + container_name: releng-jenkins + env_file: config.env + environment: + - JAVA_OPTS="-Djenkins.install.runSetupWizard=false" + - VIRTUAL_HOST=jenkins.localhost + - VIRTUAL_PORT=8080 + volumes: + - jenkins:/var/jenkins_home + expose: + - "8080" + depends_on: + - ldap + - nginx + links: + - ldap + - nginx + jenkins-agent: + build: ./jenkins/agent + container_name: releng-agent + env_file: config.env + ports: + - "22" + links: + - "nginx:jenkins.localhost" + - "nginx:nexus.localhost" + - "nginx:gerrit.localhost" +volumes: + jenkins: diff --git a/docker-compose.yml b/docker-compose.yml index 3d227aa..99f3080 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,15 +3,15 @@ version: '3' services: init: - build: ./init + build: + dockerfile: Dockerfile + context: ./init/ container_name: releng-init - environment: - - GLOBAL_JJB_VERSION=v0.19.2 volumes: + - ./init/inventory.ini:/etc/ansible/inventory.ini + - ./init/playbooks:/usr/src/ansible - init:/init/ - - jenkins:/jenkins links: - - jenkins - gerrit - nexus ldap: @@ -23,37 +23,6 @@ services: - ./ldap/bootstrap/groups.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-groups.ldif ports: - "636:636" - jenkins: - build: - context: ./jenkins - args: - - JENKINS_VERSION=$JENKINS_CONTAINER_VERSION - container_name: releng-jenkins - env_file: config.env - environment: - - JAVA_OPTS="-Djenkins.install.runSetupWizard=false" - - VIRTUAL_HOST=jenkins.localhost - - VIRTUAL_PORT=8080 - volumes: - - jenkins:/var/jenkins_home - expose: - - "8080" - depends_on: - - ldap - - nginx - links: - - ldap - - nginx - jenkins-agent: - build: ./jenkins/agent - container_name: releng-agent - env_file: config.env - ports: - - "22" - links: - - "nginx:jenkins.localhost" - - "nginx:nexus.localhost" - - "nginx:gerrit.localhost" gerrit: image: "openfrontier/gerrit:$GERRIT_CONTAINER_VERSION" container_name: releng-gerrit @@ -90,6 +59,7 @@ services: - nginx postgres: image: postgres:latest + container_name: releng-postgres env_file: config.env expose: - "5432" @@ -101,7 +71,6 @@ services: volumes: - /var/run/docker.sock:/tmp/docker.sock:ro volumes: - jenkins: gerrit: nexus: init: diff --git a/init/Dockerfile b/init/Dockerfile index 8f19b38..20b5e01 100644 --- a/init/Dockerfile +++ b/init/Dockerfile @@ -7,32 +7,15 @@ # which accompanies this distribution, and is available at # http://www.eclipse.org/legal/epl-v10.html ############################################################################## +FROM python:3 -FROM ubuntu:16.04 +ENV CI_SYSTEM=jenkins -RUN DEBIAN_FRONTEND=noninteractive \ - apt-get update -qq \ - && apt-get install --no-install-recommends -y \ - curl \ - git \ - libyaml-dev \ - openssh-client \ - python \ - python-dev \ - python-pip \ - python-setuptools \ - realpath \ - && rm -rf /var/lib/apt/lists/* +RUN pip install --no-cache-dir ansible docker-py -RUN mkdir /docker-entrypoint-init.d/ +RUN mkdir /etc/ansible +RUN mkdir /usr/src/ansible -WORKDIR /docker-entrypoint-init.d/ +WORKDIR /usr/src/ansible -RUN /usr/bin/curl -sSL -O https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh -RUN /bin/chmod +x wait-for-it.sh - -COPY config-ci-environment.sh /docker-entrypoint-init.d/ - -RUN chmod +x /docker-entrypoint-init.d/*.sh - -CMD ["/docker-entrypoint-init.d/config-ci-environment.sh"] +CMD ["ansible-playbook", "/usr/src/ansible/site.yaml", "-i", "/etc/ansible/inventory.ini"] diff --git a/init/config-ci-environment.sh b/init/config-ci-environment.sh deleted file mode 100644 index 2ca527b..0000000 --- a/init/config-ci-environment.sh +++ /dev/null @@ -1,213 +0,0 @@ -#!/bin/bash -ex - -# -# Each step is idempotent by creating a 'step-#.done' file after -# successfully executing. -# - -GERRIT_KEY=/init/id_rsa-workshop -JENKINS_KEY=/jenkins/.ssh/id_rsa -SSH_OPTIONS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" -CI_MANAGEMENT_REPO=/init/ci-management -GLOBAL_JJB_VERSION=${GLOBAL_JJB_VERSION:-v0.19.2} -JJB_VERSION=${JJB_VERSION:-2.0.3} - -# Generate a key for the workshop user -if [ ! -f /init/ssh-key-workshop.done ]; then -ssh-keygen -t rsa -N '' -f $GERRIT_KEY -touch /init/ssh-key-workshop.done -fi - -## -# Jenkins Setup -## -/docker-entrypoint-init.d/wait-for-it.sh jenkins:8080 -t 30 - -# Generate a key for the jenkins user -if [ ! -f /init/ssh-key-jenkins.done ]; then -mkdir -p /jenkins/.ssh/ -ssh-keygen -t rsa -N '' -f $JENKINS_KEY -chown -R 1000:1000 /jenkins/.ssh/ -touch /init/ssh-key-jenkins.done -fi - -## -# Gerrit Login -## -/docker-entrypoint-init.d/wait-for-it.sh gerrit:8080 -t 90 - -# Be the first to login to gain Administrative rights -if [ ! -f /init/step-1.done ]; then -curl -X POST --data "username=workshop&password=workshop" http://gerrit:8080/login \ - && touch /init/step-1.done -fi - -## -# Gerrit Setup -## -./wait-for-it.sh gerrit:29418 -t 90 - -# Add generated ssh-pubkey to Gerrit keypairs -if [ ! -f /init/step-2.done ]; then -curl -X POST --user "workshop:workshop" -H "Content-type: plain/text" \ - --data @"$GERRIT_KEY.pub" "http://gerrit:8080/a/accounts/self/sshkeys" \ - && touch /init/step-2.done -fi - -# Create Jenkins ssh user in Gerrit -if [ ! -f /init/step-3.done ]; then -ssh $SSH_OPTIONS -p 29418 workshop@gerrit -i $GERRIT_KEY \ - gerrit create-account jenkins-workshop --full-name "Jenkins\ Workshop" \ - --group "Non-Interactive\ Users" --ssh-key - < "$JENKINS_KEY.pub" \ - && touch /init/step-3.done -fi - -# Create ci-management repository -if [ ! -f /init/step-4.done ]; then -ssh $SSH_OPTIONS -p 29418 workshop@gerrit -i $GERRIT_KEY \ - gerrit create-project ci-management --id --so --empty-commit \ - -d "Workshop\ CI-Management\ Repo" -p "All-Projects" \ - && touch /init/step-4.done -fi - -# Populate ci-management repository with global-jjb -if [ ! -f /init/step-5.done ]; then - ssh-keyscan -p 29418 gerrit >> /etc/ssh/ssh_known_hosts - git config --file ~/.gitconfig user.email "workshop@example.org" - git config --file ~/.gitconfig user.name "workshop" - eval "$(ssh-agent)" - ssh-add $GERRIT_KEY - git clone ssh://workshop@gerrit:29418/ci-management.git $CI_MANAGEMENT_REPO - mkdir -p $CI_MANAGEMENT_REPO/jjb - cd $CI_MANAGEMENT_REPO/jjb - git submodule add https://github.com/lfit/releng-global-jjb global-jjb - cd $CI_MANAGEMENT_REPO/jjb/global-jjb - git checkout $GLOBAL_JJB_VERSION - cd $CI_MANAGEMENT_REPO - git add jjb/global-jjb - git commit -am "Install global-jjb $GLOBAL_JJB_VERSION" - git push origin HEAD:refs/heads/master - touch /init/step-5.done -fi - -# Populate ci-management with defaults -if [ ! -f /init/step-6.done ]; then - cd $CI_MANAGEMENT_REPO - cat > $CI_MANAGEMENT_REPO/.gitreview <<-EOF -[gerrit] -host=gerrit.localhost -port=29418 -username=workshop -project=ci-management.git -defaultbranch=master -EOF - - cat > $CI_MANAGEMENT_REPO/jjb/ci-management.yaml <<-EOF ---- -- project: - name: ci-jobs - - jobs: - - '{project-name}-ci-jobs' - - project: ci-management - project-name: ci-management - build-node: ciworkshop -EOF - - cat > $CI_MANAGEMENT_REPO/jjb/defaults.yaml <<-EOF ---- -- defaults: - name: global - - # lf-infra defaults - jenkins-ssh-credential: ciworkshop-jenkins-ssh - gerrit-server-name: ciworkshop - lftools-version: '<1.0.0' -EOF - git add . - git commit -am "Initial JJB Files & gitreview" - git push origin HEAD:refs/heads/master - touch /init/step-6.done -fi - -# Upload Jenkins Jobs -if [ ! -f /init/step-7.done ]; then - cd $CI_MANAGEMENT_REPO - pip install --upgrade "pip<10.0.0" setuptools wheel - pip install "jenkins-job-builder==$JJB_VERSION" - cat > $CI_MANAGEMENT_REPO/jenkins.ini <<-EOF -[job_builder] -ignore_cache=True -keep_descriptions=False -include_path=.:scripts:~/git/ -recursive=True - -[jenkins] -url=http://jenkins:8080/ -user=workshop -password=workshop -query_plugins_info=True -EOF - # Ensure JJB is installed first - jenkins-jobs --conf jenkins.ini update -r jjb/ - touch /init/step-7.done -fi - -# Add Verified Label -if [ ! -f /init/step-8.done ]; then - eval "$(ssh-agent)" - ssh-add $GERRIT_KEY - - ALL_PROJECTS=/tmp/All-Projects - mkdir -p /tmp/All-Projects - - cd $ALL_PROJECTS - git init - git remote add origin ssh://workshop@gerrit:29418/All-Projects.git - git fetch origin refs/meta/config:refs/remotes/origin/meta/config - git checkout meta/config - - git config -f project.config label.Verified.function MaxWithBlock - git config -f project.config --add label.Verified.defaultValue 0 - git config -f project.config --add label.Verified.value "-1 Fails" - git config -f project.config --add label.Verified.value "0 No score" - git config -f project.config --add label.Verified.value "+1 Verified" - git config -f project.config --add access.refs/heads/*.label-Verified "-1..+1 group Non-Interactive Users" - - git commit -am "Create Verified Label" - git push origin meta/config:meta/config - - touch /init/step-8.done -fi - -## -# Nexus Setup -## -/docker-entrypoint-init.d/wait-for-it.sh nexus:8081 -t 30 - - -# Create Nexus Repos -if [ ! -f /init/step-9.done ]; then - cat > /init/repo.json <<-EOF -{ - "data": { - "name": "logs", - "repoType": "hosted", - "providerRole": "org.sonatype.nexus.proxy.repository.WebSiteRepository", - "exposed": true, - "id": "logs", - "provider": "site", - "writePolicy": "ALLOW_WRITE", - "browseable": true, - "indexable": true, - "notFoundCacheTTL": 1440, - "repoPolicy": "MIXED" - } -} -EOF - curl -H "Content-Type: application/json" -X POST -d @/init/repo.json \ - -u admin:admin123 http://nexus:8081/nexus/service/local/repositories - - touch /init/step-9.done -fi diff --git a/init/inventory.ini b/init/inventory.ini new file mode 100644 index 0000000..2302eda --- /dev/null +++ b/init/inventory.ini @@ -0,0 +1 @@ +localhost ansible_connection=local diff --git a/init/playbooks/files/.gitreview b/init/playbooks/files/.gitreview new file mode 100644 index 0000000..228badf --- /dev/null +++ b/init/playbooks/files/.gitreview @@ -0,0 +1,6 @@ +[gerrit] +host=gerrit.localhost +port=29418 +username=workshop +project=ci-management.git +defaultbranch=master diff --git a/init/playbooks/files/jjb/ci-management.yaml b/init/playbooks/files/jjb/ci-management.yaml new file mode 100644 index 0000000..b594016 --- /dev/null +++ b/init/playbooks/files/jjb/ci-management.yaml @@ -0,0 +1,10 @@ +--- +- project: + name: ci-jobs + + jobs: + - '{project-name}-ci-jobs' + + project: ci-management + project-name: ci-management + build-node: ciworkshop diff --git a/init/playbooks/files/jjb/defaults.yaml b/init/playbooks/files/jjb/defaults.yaml new file mode 100644 index 0000000..0779162 --- /dev/null +++ b/init/playbooks/files/jjb/defaults.yaml @@ -0,0 +1,8 @@ +--- +- defaults: + name: global + + # lf-infra defaults + jenkins-ssh-credential: ciworkshop-jenkins-ssh + gerrit-server-name: ciworkshop + lftools-version: '<1.0.0' diff --git a/init/playbooks/files/jjb/jenkins.ini b/init/playbooks/files/jjb/jenkins.ini new file mode 100644 index 0000000..faaae0f --- /dev/null +++ b/init/playbooks/files/jjb/jenkins.ini @@ -0,0 +1,11 @@ +[job_builder] +ignore_cache=True +keep_descriptions=False +include_path=.:scripts:~/git/ +recursive=True + +[jenkins] +url=http://jenkins:8080/ +user=workshop +password=workshop +query_plugins_info=True diff --git a/init/playbooks/files/nexus-repo-schema.yaml b/init/playbooks/files/nexus-repo-schema.yaml new file mode 100644 index 0000000..97066b7 --- /dev/null +++ b/init/playbooks/files/nexus-repo-schema.yaml @@ -0,0 +1,15 @@ +--- +# We only grab the ID from the Nexus XML response as we don't care about +# any values right now: just whether or not the repo already exists. +vars: + repositories_item: + key: "{{ item.id }}" + values: + id: "{{ item.id }}" + +keys: + repositories: + top: data/repositories-item + value: "{{ repositories_item }}" + items: + id: id diff --git a/init/playbooks/files/nexus-repo.json b/init/playbooks/files/nexus-repo.json new file mode 100644 index 0000000..893df84 --- /dev/null +++ b/init/playbooks/files/nexus-repo.json @@ -0,0 +1,15 @@ +{ + "data": { + "name": "logs", + "repoType": "hosted", + "providerRole": "org.sonatype.nexus.proxy.repository.WebSiteRepository", + "exposed": true, + "id": "logs", + "provider": "site", + "writePolicy": "ALLOW_WRITE", + "browseable": true, + "indexable": true, + "notFoundCacheTTL": 1440, + "repoPolicy": "MIXED" + } +} diff --git a/init/playbooks/site.yaml b/init/playbooks/site.yaml new file mode 100644 index 0000000..abd1974 --- /dev/null +++ b/init/playbooks/site.yaml @@ -0,0 +1,141 @@ +--- +- hosts: all + vars: + ci_system: "{{ lookup('env', 'CI_SYSTEM') }}" + tasks: + - name: Include Base Variables + include_vars: + file: vars/default.yaml + - name: Create workshop user and ssh key + user: + name: 'workshop' + generate_ssh_key: true + uid: 1005 + ssh_key_bits: 2048 + ssh_key_file: '{{ workshop_ssh_keyfile }}' + - name: Wait for Gerrit UI + wait_for: + host: 'gerrit' + port: '8080' + - name: Login to Gerrit to claim Admin rights + uri: + url: 'http://gerrit:8080/login' + method: 'POST' + body: "username=workshop&password=workshop" + status_code: 302 + - name: Upload sshkey to Admin user + uri: + url: 'http://gerrit:8080/a/accounts/self/sshkeys' + method: 'POST' + user: 'workshop' + password: 'workshop' + body: "{{ lookup('file', '{{ workshop_ssh_keyfile }}.pub') }}" + status_code: 201 + - name: Wait for Gerrit SSH Interface + wait_for: + host: 'gerrit' + port: '29418' + - name: Configure Git User Email + git_config: + name: user.email + scope: global + value: "workshop@example.org" + - name: Configure Git User Name + git_config: + name: user.name + scope: global + value: "workshop" + - name: Configure Git SSH Command/Key + git_config: + name: core.sshCommand + scope: global + value: "ssh -i {{ workshop_ssh_keyfile }} -F /dev/null -o StrictHostKeyChecking=no" + - name: Clone All-Projects + git: + repo: 'ssh://workshop@gerrit:29418/All-Projects.git' + refspec: 'refs/meta/config:refs/remotes/origin/meta/config' + version: 'meta/config' + dest: '{{ all_projects_repo }}' + key_file: '{{ workshop_ssh_keyfile }}' + update: false + - name: Configure Verified Label + blockinfile: + path: '{{ all_projects_repo }}/project.config' + marker: "; {mark}1 Ansible Managed" + block: | + [label "Verified"] + function = MaxWithBlock + defaultValue = 0 + value = -1 Fails + value = 0 No score + value = +1 Verified + copyAllScoresIfNoCodeChange = true + - name: Allow non-interactive users Verified Rights + blockinfile: + path: '{{ all_projects_repo }}/project.config' + marker: "; {mark}2 Ansible Managed" + insertafter: '\[access "refs/heads/\*"\]' + block: | + label-Verified = -1..+1 group Administrators + label-Verified = -1..+1 group Non-Interactive Users + label-Verified = -1..+1 group Project Owners + - name: Create verified label commit in All-Projects + shell: | + git add . + git commit -am "Create Verified Label" + git push origin HEAD:refs/meta/config + args: + chdir: '{{ all_projects_repo }}' + - name: Collect list of Repositories + uri: + url: 'http://gerrit:8080/projects/' + return_content: true + register: projects + - name: Create ci-management Repository + command: > + ssh {{ ssh_options }} -p 29418 workshop@gerrit -i {{ workshop_ssh_keyfile }} + gerrit create-project ci-management --id --so --empty-commit -d "Workshop\ CI-Management\ Repo" -p "All-Projects" + # [5:] is used to skip the XSS token added by Gerrit + when: '(projects.content[5:] | from_json)["ci-management"] is not defined' + - name: Clone ci-management repository + git: + repo: 'ssh://workshop@gerrit:29418/ci-management.git' + dest: '{{ ci_management_repo }}' + key_file: '{{ workshop_ssh_keyfile }}' + update: false + - name: Copy gitreview file to ci-managment + copy: + src: .gitreview + dest: '{{ ci_management_repo }}/.gitreview' + - name: Create initial commit to ci-management + shell: | + git add . + git commit -am "Initial Commit" + git push origin HEAD:refs/heads/master + args: + chdir: '{{ ci_management_repo }}' + - name: Wait for Nexus Web + wait_for: + host: 'nexus' + port: '8081' + - name: Copy repo.json to tmp directory + copy: + src: nexus-repo.json + dest: '/var/tmp/repo.json' + - name: Check for Logs repo in Nexus + uri: + url: http://nexus:8081/nexus/service/local/repositories + return_content: true + register: nexus_repos + - name: Create Logs repo in Nexus + uri: + url: http://nexus:8081/nexus/service/local/repositories + method: POST + body: "{{ lookup('file', '/var/tmp/repo.json') }}" + user: admin + password: admin123 + body_format: json + status_code: 201 + when: '(nexus_repos.content | parse_xml("files/nexus-repo-schema.yaml"))["repositories"]["logs"] is not defined' + - name: Include {{ ci_system }} Tasks + include_tasks: "tasks/{{ ci_system }}.yaml" diff --git a/init/playbooks/tasks/jenkins.yaml b/init/playbooks/tasks/jenkins.yaml new file mode 100644 index 0000000..4157107 --- /dev/null +++ b/init/playbooks/tasks/jenkins.yaml @@ -0,0 +1,76 @@ +--- +- name: Include Base Variables + include_vars: + file: vars/default.yaml +- name: Create jenkins user and ssh key + user: + name: 'jenkins' + generate_ssh_key: true + uid: 1000 + ssh_key_bits: 2048 + ssh_key_file: '{{ jenkins_ssh_keyfile }}' +- name: Wait for Gerrit SSH Interface + wait_for: + host: 'gerrit' + port: '29418' +- name: Check existance of Jenkins Workshop Gerrit user + uri: + url: 'http://gerrit:8080/accounts/?q=username:jenkins-workshop&o=DETAILS' + return_content: true + register: jenkins_gerrit_account_json +- name: Create fact containing Gerrit accounts + set_fact: + jenkins_gerrit_account: '{{ jenkins_gerrit_account_json.content[5:] }}' +- name: Debug Gerrit Accounts + debug: + msg: '{{ jenkins_gerrit_account }}' +- name: Create Jenkins Workshop User + shell: > + cat {{ jenkins_ssh_keyfile }}.pub | ssh {{ ssh_options }} -p 29418 workshop@gerrit -i {{ workshop_ssh_keyfile }} + gerrit create-account jenkins-workshop --full-name "Jenkins\ Workshop" + --group "Non-Interactive\ Users" --ssh-key - + when: (jenkins_gerrit_account | length == 0) +- name: Clone ci-management repository + git: + repo: 'ssh://workshop@gerrit:29418/ci-management.git' + dest: '{{ ci_management_repo }}' + key_file: '{{ workshop_ssh_keyfile }}' + update: false +- name: Create JJB Directory + file: + path: '{{ ci_management_repo }}/jjb' + state: directory +- name: Add Global-JJB to ci-management + command: 'git submodule add {{ global_jjb_url }} global-jjb' + args: + chdir: '{{ ci_management_repo }}/jjb' + creates: '{{ ci_management_repo }}/jjb/global-jjb' +- name: Add ci-management defaults + copy: + dest: '{{ ci_management_repo }}/{{ item }}' + src: 'files/{{ item }}' + with_items: + - 'jjb/ci-management.yaml' + - 'jjb/defaults.yaml' +- name: Add jenkins.ini + copy: + dest: '{{ ci_management_repo }}/jenkins.ini' + src: 'files/jjb/jenkins.ini' +- name: Create initial commit for the ci-management repo + shell: | + cd jjb/global-jjb + git checkout {{ global_jjb_version }} + cd .. + git add . + git commit -am "Initial JJB Files" + git push origin HEAD:refs/heads/master + args: + chdir: '{{ ci_management_repo }}' +- name: Install Jenkins Job Builder + pip: + name: 'jenkins-job-builder' + version: '{{ jjb_version }}' +- name: Upload Jobs to Jenkins + command: 'jenkins-jobs --conf jenkins.ini update -r jjb' + args: + chdir: '{{ ci_management_repo }}' diff --git a/init/playbooks/vars/default.yaml b/init/playbooks/vars/default.yaml new file mode 100644 index 0000000..a95e792 --- /dev/null +++ b/init/playbooks/vars/default.yaml @@ -0,0 +1,11 @@ +--- +ci_management_repo: '/init/ci-management' +all_projects_repo: '/init/all-projects' +workshop_ssh_keyfile: '/init/id_rsa-workshop' +jenkins_ssh_keyfile: '/jenkins/.ssh/id_rsa' +# Options to pass to ssh when cloning repos +ssh_options: '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' +# Version of Global JJB the ci-management repo should initially contain +global_jjb_version: "{{ lookup('env', 'GLOBAL_JJB_VERSION') | default('v0.19.2', true) }}" +global_jjb_url: https://github.com/lfit/releng-global-jjb +jjb_version: "{{ lookup('env', 'JJB_VERSION') | default('2.0.3', true) }}" diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile index 434d529..5ddc011 100644 --- a/jenkins/Dockerfile +++ b/jenkins/Dockerfile @@ -25,23 +25,23 @@ RUN curl --fail -sSL \ ENV JENKINS_GROOVY_INIT /usr/share/jenkins/ref/init.groovy.d/ -# Configure Basic Security -COPY scripts/basic-security-setup.groovy $JENKINS_GROOVY_INIT - -# Configure LDAP -COPY scripts/ldap.groovy $JENKINS_GROOVY_INIT - -# Configure Gerrit-Trigger -COPY scripts/gerrit-config.groovy $JENKINS_GROOVY_INIT - # Set Global Properties -COPY scripts/global-properties.groovy $JENKINS_GROOVY_INIT +COPY scripts/00_global-properties.groovy $JENKINS_GROOVY_INIT + +# Create JJB INI in Config File Plugin +COPY scripts/10_create-jjbini.groovy $JENKINS_GROOVY_INIT # Create Jenkins SSH Agent -COPY scripts/create-jenkins-agent.groovy $JENKINS_GROOVY_INIT +COPY scripts/20_create-jenkins-agent.groovy $JENKINS_GROOVY_INIT -# Create JJB INI in Config File Plugin -COPY scripts/create-jjbini.groovy $JENKINS_GROOVY_INIT +# Configure Basic Security +COPY scripts/30_basic-security-setup.groovy $JENKINS_GROOVY_INIT # Create Nexus settings.xml -COPY scripts/create-nexus-settings.groovy $JENKINS_GROOVY_INIT +COPY scripts/40_create-nexus-settings.groovy $JENKINS_GROOVY_INIT + +# Configure Gerrit-Trigger +COPY scripts/50_gerrit-config.groovy $JENKINS_GROOVY_INIT + +# Configure LDAP +COPY scripts/60_ldap.groovy $JENKINS_GROOVY_INIT diff --git a/jenkins/scripts/global-properties.groovy b/jenkins/scripts/00_global-properties.groovy similarity index 100% rename from jenkins/scripts/global-properties.groovy rename to jenkins/scripts/00_global-properties.groovy diff --git a/jenkins/scripts/create-jjbini.groovy b/jenkins/scripts/10_create-jjbini.groovy similarity index 100% rename from jenkins/scripts/create-jjbini.groovy rename to jenkins/scripts/10_create-jjbini.groovy diff --git a/jenkins/scripts/create-jenkins-agent.groovy b/jenkins/scripts/20_create-jenkins-agent.groovy similarity index 100% rename from jenkins/scripts/create-jenkins-agent.groovy rename to jenkins/scripts/20_create-jenkins-agent.groovy diff --git a/jenkins/scripts/basic-security-setup.groovy b/jenkins/scripts/30_basic-security-setup.groovy similarity index 100% rename from jenkins/scripts/basic-security-setup.groovy rename to jenkins/scripts/30_basic-security-setup.groovy diff --git a/jenkins/scripts/create-nexus-settings.groovy b/jenkins/scripts/40_create-nexus-settings.groovy similarity index 100% rename from jenkins/scripts/create-nexus-settings.groovy rename to jenkins/scripts/40_create-nexus-settings.groovy diff --git a/jenkins/scripts/50_gerrit-config.groovy b/jenkins/scripts/50_gerrit-config.groovy new file mode 100644 index 0000000..072c2bb --- /dev/null +++ b/jenkins/scripts/50_gerrit-config.groovy @@ -0,0 +1,56 @@ +/* + * SPDX-License-Identifier: EPL-1.0 + * + * Copyright (c) 2017 The Linux Foundation and others. + * + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + */ +import com.sonyericsson.hudson.plugins.gerrit.trigger.GerritServer; +import com.sonyericsson.hudson.plugins.gerrit.trigger.hudsontrigger.GerritConnectionListener; +import com.sonyericsson.hudson.plugins.gerrit.trigger.PluginImpl; +import com.sonyericsson.hudson.plugins.gerrit.trigger.config.Config; + +import net.sf.json.JSONObject; +import net.sf.json.JSONSerializer; + +println "--> Configuring the CI Workshop Gerrit Server" +def GerritServerName = "ciworkshop" +def plugin = PluginImpl.getInstance() + +GerritServer gerritServer = new GerritServer(GerritServerName); + +def configJSONString = """{"gerritFrontEndUrl":"http://gerrit.localhost", +"gerritHostName":"gerrit", +"gerritSshPort":"29418", +"gerritUserName":"jenkins-workshop", +"verdictCategories":[ +{"verdictValue":"Code-Review","verdictDescription":"Code Review"}, +{"verdictValue":"Verified","verdictDescription":"Verified"}], +"gerritBuildStartedVerifiedValue":"0", +"gerritBuildSuccessfulVerifiedValue":"1", +"gerritBuildFailedVerifiedValue":"-1", +"gerritBuildUnstableVerifiedValue":"0", +"gerritBuildNotBuiltVerifiedValue":"0", +"gerritBuildStartedCodeReviewValue":"0", +"gerritBuildSuccessfulCodeReviewValue":"0", +"gerritBuildFailedCodeReviewValue":"0", +"gerritBuildUnstableCodeReviewValue":"-1", +"gerritBuildNotBuiltCodeReviewValue":"0"}""" +JSONObject configObject = (JSONObject)JSONSerializer.toJSON(configJSONString); +Config config = new Config(configObject); + +gerritServer.setConfig(config); +gerritServer.addListener(new GerritConnectionListener(GerritServerName)); + +if (plugin.containsServer(GerritServerName)) { + plugin.removeServer(plugin.getServer(GerritServerName)) +} +plugin.addServer(gerritServer) + +gerritServer.start() +gerritServer.startConnection() +println "--> Configuring the CI Workshop Gerrit Server...done" diff --git a/jenkins/scripts/ldap.groovy b/jenkins/scripts/60_ldap.groovy similarity index 100% rename from jenkins/scripts/ldap.groovy rename to jenkins/scripts/60_ldap.groovy diff --git a/jenkins/scripts/gerrit-config.groovy b/jenkins/scripts/gerrit-config.groovy deleted file mode 100644 index 73a491a..0000000 --- a/jenkins/scripts/gerrit-config.groovy +++ /dev/null @@ -1,59 +0,0 @@ -/* - * SPDX-License-Identifier: EPL-1.0 - * - * Copyright (c) 2017 The Linux Foundation and others. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - * - */ -import com.sonyericsson.hudson.plugins.gerrit.trigger.GerritServer; -import com.sonyericsson.hudson.plugins.gerrit.trigger.hudsontrigger.GerritConnectionListener; -import com.sonyericsson.hudson.plugins.gerrit.trigger.PluginImpl; -import com.sonyericsson.hudson.plugins.gerrit.trigger.config.Config; - -import net.sf.json.JSONObject; -import net.sf.json.JSONSerializer; - -Thread.start { - sleep 10000 - println "--> Configuring the CI Workshop Gerrit Server" - def GerritServerName = "ciworkshop" - def plugin = PluginImpl.getInstance() - - GerritServer gerritServer = new GerritServer(GerritServerName); - - def configJSONString = """{"gerritFrontEndUrl":"http://gerrit.localhost", - "gerritHostName":"gerrit", - "gerritSshPort":"29418", - "gerritUserName":"jenkins-workshop", - "verdictCategories":[ - {"verdictValue":"Code-Review","verdictDescription":"Code Review"}, - {"verdictValue":"Verified","verdictDescription":"Verified"}], - "gerritBuildStartedVerifiedValue":"0", - "gerritBuildSuccessfulVerifiedValue":"1", - "gerritBuildFailedVerifiedValue":"-1", - "gerritBuildUnstableVerifiedValue":"0", - "gerritBuildNotBuiltVerifiedValue":"0", - "gerritBuildStartedCodeReviewValue":"0", - "gerritBuildSuccessfulCodeReviewValue":"0", - "gerritBuildFailedCodeReviewValue":"0", - "gerritBuildUnstableCodeReviewValue":"-1", - "gerritBuildNotBuiltCodeReviewValue":"0"}""" - JSONObject configObject = (JSONObject)JSONSerializer.toJSON(configJSONString); - Config config = new Config(configObject); - - gerritServer.setConfig(config); - gerritServer.addListener(new GerritConnectionListener(GerritServerName)); - - if (plugin.containsServer(GerritServerName)) { - plugin.removeServer(plugin.getServer(GerritServerName)) - } - plugin.addServer(gerritServer) - - gerritServer.start() - gerritServer.startConnection() - println "--> Configuring the CI Workshop Gerrit Server...done" -} -- 2.16.6