This repository has been archived by the owner on Jan 13, 2018. It is now read-only.
forked from cibox/cibox
/
jenkinsbox.yml
executable file
·240 lines (196 loc) · 6.25 KB
/
jenkinsbox.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
---
- hosts: all
gather_facts: no
remote_user: root
vars_files:
- ../config.yml
vars:
cibox_apt_packages: []
cibox_composer_drush:
version: 6.*
user: "{{ ansible_ssh_user }}"
apache2_modules:
- rewrite
jenkins_configs:
- "jenkins.model.JenkinsLocationConfiguration.xml"
- "org.jenkinsci.plugins.ghprb.GhprbTrigger.xml"
- "jobs/{{ project | upper }}_PR_BUILDER/config.xml"
- "jobs/DEMO/config.xml"
protected_folders:
- "{{ webroot }}/cache"
- "{{ webroot }}/backup"
protected_folders_user: propeople
protected_folders_pass: givemebackup
cibox_ssl_enable_host: true
php_apc_enabled_in_ini: true
pre_tasks:
- include: tasks/project-variable.yml
- name: Update apt cache
sudo: yes
apt:
update_cache: yes
ignore_errors: yes
tags: ["mysql", "apache", "php-stack"]
- name: Setup initial packages onto clean system for ansible
sudo: yes
# Installing sudo on small ubuntu install.
raw: "apt-get -y install python-simplejson sudo curl"
- name: Fixing logger not found
sudo: yes
shell: "apt-get --reinstall install -y bsdutils"
- name: Setup - get environment data for later usage
setup:
register: allmy
tags: ["cibox-jenkins"]
- name: Adding jenkins user to permitted groups
user:
name: jenkins
groups: shadow,adm
append: yes
tags: ["cibox-jenkins"]
- name: Adding jenkins user to nopasswd sudoers
lineinfile:
dest: /etc/sudoers
line: "jenkins ALL=(ALL) NOPASSWD:ALL"
tags: ["cibox-jenkins"]
- name: Install apt packages
apt:
name: "{{ item }}"
state: present
with_items: cibox_apt_packages
tags: ["mysql", "apache", "php-stack"]
# We have to disable mail sending from CI box.
# Does not create a link if sendmail is installed.
- name: Check for sendmail.
file:
src: /bin/true
path: /usr/sbin/sendmail
state: link
tags: ["mysql", "apache", "php-stack"]
- name: Create ansible config directory
sudo: yes
file:
mode: 0775
path: /etc/ansible
state: directory
tags: ["mysql", "apache", "php-stack"]
roles:
- role: cibox-swap
tags: ["cibox-swap"]
when: ansible_virtualization_type != "openvz"
- role: cibox-misc
tags: ["misc"]
- role: ansible-role-php
tags: ["php-stack"]
- role: ansible-role-php-xhprof
tags: ["ansible-php-xhprof", "php-stack"]
- role: ansible-composer
tags: ["ansible-composer", "php-stack"]
- role: cibox-composer-drush
tags: ["ansible-composer", "php-stack", "drush"]
- role: ansible-role-mysql
tags: ["mysql", "php-stack", "ansible-role-mysql"]
- role: cibox-jenkins
tags: ["cibox-jenkins"]
- role: cibox-jetty-solr
tags: ["cibox-jetty-solr"]
- role: cibox-sniffers
tags: ["cibox-sniffers", "php-stack"]
- role: cibox-mysql-config
tags: ["mysql", "php-stack", "cibox-mysql-config"]
- role: cibox-ssl-config
tags: ["apache", "php-stack", "ssl", "cibox-ssl-config"]
- role: cibox-behat-selenium2
tags: ["cibox-behat-selenium", "behat-selenium"]
tasks:
# @todo More smart way to upload jobs. Move job names to options.
- name: Check if job already renamed
stat:
path: "/var/lib/jenkins/jobs/{{ project | upper }}_PR_BUILDER"
register: prbuilder_stat
tags: ["cibox-jenkins"]
- name: Copy local files for enabling jenkins permissions
sudo: yes
synchronize:
src: files/jenkins/
dest: /var/lib/jenkins
archive: no
recursive: yes
when: not prbuilder_stat.stat.exists
tags: ["cibox-jenkins"]
- name: Change owner for jenkins files
file:
path: /var/lib/jenkins
owner: jenkins
group: jenkins
force: yes
state: directory
recurse: yes
tags: ["cibox-jenkins"]
- name: Rename jenkins jobs to meet project name
sudo: yes
shell: "mv /var/lib/jenkins/jobs/PR_BUILDER /var/lib/jenkins/jobs/{{ project | upper }}_PR_BUILDER"
when: not prbuilder_stat.stat.exists
tags: ["cibox-jenkins"]
- name: Remove PR_BUILDER from remote
sudo: yes
file:
path: /var/lib/jenkins/jobs/PR_BUILDER
state: absent
when: prbuilder_stat.stat.exists
tags: ["cibox-jenkins"]
# end of @todo More smart way to upload jobs. Move job names to options.
- name: Change host IP address in Jenkins config
replace:
dest: "/var/lib/jenkins/{{ item }}"
regexp: "ci_server_ip_address"
replace: "{{ allmy.ansible_facts.ansible_default_ipv4.address }}"
with_items: jenkins_configs
tags: ["cibox-jenkins"]
- name: apt-get update
apt:
update_cache: yes
ignore_errors: yes
tags: ["mysql", "apache", "php-stack"]
- name: Apache2 modules
apache2_module:
name: "{{ item }}"
state: present
with_items: apache2_modules
tags: ["apache", "php-stack"]
notify: Restart Apache
- name: Copy Apache vhost file
sudo: yes
synchronize:
src: files/sites-enabled/000-default.conf
dest: /etc/apache2/sites-enabled/000-default.conf
tags: ["apache", "php-stack"]
notify: Restart Apache
- name: Starting random rnd-tools service
sudo: yes
shell: rngd -r /dev/urandom
when: ansible_virtualization_type != "openvz"
- name: Create protected folders
file:
path: "{{ item }}"
owner: www-data
group: jenkins
state: directory
with_items: protected_folders
- name: Copy .htaccess to the protected folders
synchronize:
src: files/backup-folder/.htaccess
dest: "{{ item }}/.htaccess"
with_items: protected_folders
- name: Generate .htpasswd in protected folders
htpasswd:
path: "{{ item }}/.htpasswd"
name: "{{ protected_folders_user }}"
password: "{{ protected_folders_pass }}"
with_items: protected_folders
handlers:
- name: Restart Apache
service:
name: apache2
state: restarted
tags: ["mysql", "apache", "php-stack"]