-
Notifications
You must be signed in to change notification settings - Fork 165
/
main.yml
285 lines (238 loc) · 9.19 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
---
#
# fetches jenkins and make sure it is started properly
#
- name: set jobs_env from jobs_variants.{{ arch }}
set_fact:
jobs_env: "{{ jobs_variants[arch] }}"
when: jobs_env is undefined and server_jobs is undefined and arch in jobs_variants
- name: set jobs_env from jobs_variants.{{ os|stripversion }}
set_fact:
jobs_env: "{{ jobs_variants[os|stripversion] }}"
when: jobs_env is undefined and server_jobs is undefined and os|stripversion in jobs_variants
- name: set jobs_env from server_jobs or ansible_processor_vcpus
set_fact:
jobs_env: "{{ server_jobs|default(ansible_processor_vcpus) }}"
when: jobs_env is undefined and (server_jobs is defined or ansible_processor_vcpus is defined)
- name: set jobs_env to fall-back value of 2
set_fact:
jobs_env: "2"
when: jobs_env is undefined
- name: create group
when: not os|startswith("zos")
group: name="{{ server_user }}"
- name: create user
when: "not os|startswith('zos')"
user:
name: "{{ server_user }}"
group: "{{ server_user }}"
shell: "{{ bash_path[os|stripversion]|default('/bin/bash') }}"
- name: add ::1 to /etc/hosts for ipv6 compat
when: not os|startswith("zos")
lineinfile:
dest: /etc/hosts
state: present
line: ::1 localhost.localdomain localhost
- name: create NODE_TEST_DIR directory
file: path="{{ home }}/{{ server_user }}/tmp" state=directory
- name: set NODE_TEST_DIR permission and owner
file:
path: "{{ home }}/{{ server_user }}/tmp"
owner: "{{ server_user }}"
group: "{{ server_user }}"
mode: 0755
- name: run raspberry pi jenkins-worker setup
when: "inventory_hostname|regex_search('-arm(v6l|v7l|64)_pi')"
include: "{{ role_path }}/tasks/partials/raspberry-pi.yml"
- name: run scaleway armv7 jenkins-worker setup
when: "'scaleway-ubuntu1804-armv7l' in inventory_hostname"
include: "{{ role_path }}/tasks/partials/scaleway-armv7.yml"
# @TODO(mhdawson): get tap2junit working on zOS
- name: prepare installing tap2junit
when: type != "release" and not os|startswith("zos")
include: "{{ pip_include }}"
loop_control:
loop_var: pip_include
with_first_found:
- files:
- "{{ role_path }}/tasks/partials/tap2junit/{{ os }}.yml"
- "{{ role_path }}/tasks/partials/tap2junit/{{ os|stripversion }}.yml"
- "{{ role_path }}/tasks/partials/tap2junit/pip.yml"
skip: true
- name: Firewall | enable iptables
command: systemctl enable iptables
when: "'rhel7-s390x' in inventory_hostname"
- name: Firewall | check for firewalld
raw: stat /usr/sbin/firewalld
register: has_firewalld
failed_when: has_firewalld.rc > 1
when: "'rhel7-s390x' in inventory_hostname"
- name: Firewall | remove firewalld
when: has_firewalld.rc == 0
raw: yum remove -y firewalld
when: "'rhel7-s390x' in inventory_hostname"
- name: Firewall | add rule to allow accepting multicast
lineinfile:
dest: /etc/sysconfig/iptables
insertafter: ":OUTPUT ACCEPT.*]"
line: "-A INPUT -m pkttype --pkt-type multicast -j ACCEPT"
when: "'rhel7-s390x' in inventory_hostname"
- name: Firewall | add basic rule to allow communication locally
lineinfile:
dest: /etc/sysconfig/iptables
insertafter: ":OUTPUT ACCEPT.*]"
line: "-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT"
when: "'rhel7-s390x' in inventory_hostname"
- name: Firewall | add additional rule to allow communication from 127.0.0.2
lineinfile:
dest: /etc/sysconfig/iptables
insertafter: ":OUTPUT ACCEPT.*]"
line: "-A INPUT -s 127.0.0.2/32 -d 127.0.0.1/32 -j ACCEPT"
when: "'rhel7-s390x' in inventory_hostname"
- name: Firewall | make the new firewall rules take effect
command: systemctl restart iptables
when: "'rhel7-s390x' in inventory_hostname"
- name: download slave.jar
when: not os|startswith("zos")
get_url:
url: "{{ jenkins_worker_jar }}"
dest: '{{ home }}/{{ server_user }}/slave.jar'
mode: 0644
timeout: 60
force: yes
- name: Resolver | ipnodes needs to be present on zos, similar to hosts file
when: os|startswith("zos")
copy:
content: "127.0.0.1 localhost\n::1 localhost\n"
dest: /etc/ipnodes
- name: Resolver | set DNS resolving priorities for zos
when: os|startswith("zos")
copy:
content: "LOOKUP LOCAL DNS"
dest: '{{ home }}/{{ server_user }}/resolve'
# temporary until we get the right cert bundles
- name: download slave.jar -zos
when: os|startswith("zos")
get_url:
url: "{{ jenkins_worker_jar }}"
dest: '{{ home }}/{{ server_user }}/slave.jar'
mode: 0644
timeout: 60
validate_certs: no
force: yes
- name: render git wrapper into place
when: os|startswith("zos")
template:
src: "{{ role_path }}/templates/git-wrapper.j2"
dest: "{{ home }}/{{ server_user }}/git-wrapper"
mode: "{{ jenkins.mode|default('0655') }}"
- stat: path={{ home }}/{{ server_user }}/runAsciiBash
register: runAsciiBashExists
- name: render runAsciiBash into place - part 1
when: os|startswith("zos")
template:
src: "{{ role_path }}/templates/runAsciiBash.c.j2"
dest: "{{ home }}/{{ server_user }}/runAsciiBash.c"
mode: "{{ jenkins.mode|default('0644') }}"
- name: render runAsciiBash into place - part 2
when: os|startswith("zos")
template:
src: "{{ role_path }}/templates/gen_runAsciiBash.j2"
dest: "{{ home }}/{{ server_user }}/gen_runAsciiBash.sh"
mode: "{{ jenkins.mode|default('0655') }}"
- name: render runAsciiBash into place - part 3
when: os|startswith("zos") and runAsciiBashExists.stat.exists == False
shell: "sh {{ home }}/{{ server_user }}/gen_runAsciiBash.sh"
- name: render init script into place
template:
src: "{{ jenkins.src }}"
dest: "{{ jenkins.dest }}"
mode: "{{ jenkins.mode|default('0644') }}"
- name: centos6 | render sysconfig into place
when: "os == 'centos6'"
template:
src: "{{ role_path }}/templates/centos6.sysconfig.j2"
dest: "/etc/sysconfig/jenkins"
mode: "0644"
# TODO - Should this run on every machine?
- name: copy start.sh to {{ home }}/{{ server_user }}/start.sh
when: os|startswith("macos")
template:
src: "start.j2"
dest: "{{ home }}/{{ server_user }}/start.sh"
mode: "0755"
- name: import manifest to svcadm
when: os|startswith("smartos")
raw: "svccfg import {{ jenkins.dest }}"
- name: render gyp into place - Create directory - part 1
when: os|startswith("zos")
file:
path: "{{ home }}/{{ server_user }}/gyp"
state: directory
# zos does not support https:// with git and chromium
# only provides an https endpoint. We store on ci
# instead
- name: render gyp into place - get the zip - part 2
when: os|startswith("zos")
uri:
url: "http://ci.nodejs.org/downloads/zos/gyp.tar.gz"
dest: "{{ home }}/{{ server_user }}/gyp/gyp.tar.gz"
creates: "{{ home }}/{{ server_user }}/gyp/gyp.tar"
# note that unarchive does not work (does not like version
# of tar) so just execute commands directly
- name: render gyp into place - decompress - part 3
when: os|startswith("zos")
command: "gunzip gyp.tar.gz"
args:
chdir: "{{ home }}/{{ server_user }}/gyp"
creates: "{{ home }}/{{ server_user }}/gyp/gyp.tar"
# the user option does not seem to work so
# do that change in separate step below
- name: render gyp into place - extract - part 4
when: os|startswith("zos")
command: "pax -rf gyp.tar -o from=iso8859-1,to=ibm-1047"
args:
chdir: "{{ home }}/{{ server_user }}/gyp"
creates: "{{ home }}/{{ server_user }}/gyp/LICENSE"
- name: render gyp into place - fix up ownership - part 5
when: os|startswith("zos")
command: "chown -R {{ server_user }} {{ home }}/{{ server_user }}/gyp"
# This has to be done before the `service` (and similar) commands because
# java is needed to start the service
- include_role:
name: java-base
- name: enable jenkins at startup - general
when: not os|startswith("zos") and not os|startswith("macos") and not os|startswith("aix")
service: name=jenkins state=restarted enabled=yes
- name: Unload org.nodejs.osx.jenkins.plist from launchctl
when: os|startswith("macos")
command: launchctl unload /Library/LaunchDaemons/org.nodejs.osx.jenkins.plist
- name: Load org.nodejs.osx.jenkins.plist into launchctl
when: os|startswith("macos")
command: launchctl load /Library/LaunchDaemons/org.nodejs.osx.jenkins.plist
- name: Start org.nodejs.osx.jenkins.plist
when: os|startswith("macos")
command: launchctl start org.nodejs.osx.jenkins
# lineinfile does not work on zos due to character conversions
# the inserted line ends up in the wrong character set. We
# tried a few variations to work around this without
# success so for now do it the hard way.
- name: enable jenkins at startup - zos - part 1
when: os|startswith("zos")
template:
src: "{{ role_path }}/templates/zos_rc_patch.j2"
dest: "{{ home }}/{{ server_user }}/rc_patch"
mode: "{{ jenkins.mode|default('0644') }}"
- name: enable jenkins at startup - zos - part 2
when: os|startswith("zos")
template:
src: "{{ role_path }}/templates/zos_rc_patch_apply.j2"
dest: "{{ home }}/{{ server_user }}/rc_patch_apply.sh"
mode: "{{ jenkins.mode|default('0655') }}"
- name: enable jenkins at startup - zos - part 3
when: os|startswith("zos")
shell: "sh {{ home }}/{{ server_user }}/rc_patch_apply.sh"
- name: install monit
when: os in needs_monit
include: monit.yml
static: false