ansible: inital macOS playbook

ansible/MANUAL_STEPS.md

@@ -0,0 +1,18 @@
+# Manual steps required to run ansible on machines
+
+## macOS
+1. Update Sudoers file:
+
+this requires `NOPASSWD` to be added to the sudoers file to enable elevation
+
+`sudo visudo`
+and change:
+`%admin          ALL = (ALL) ALL`
+to
+`%admin          ALL = (ALL) NOPASSWD:ALL`
+
+2. Allow ssh access
+
+```bash
+sudo systemsetup -setremotelogin on
+```

ansible/roles/baselayout/handlers/main.yml

@@ -5,4 +5,5 @@
 #
 
 - name: restart sshd
+  when: not os|startswith("macos")
   service: name="{{ sshd_service_name }}" state=restarted

ansible/roles/baselayout/tasks/main.yml

@@ -17,6 +17,7 @@
 
 - name: set hostname
   when: not os|startswith("smartos") and not os|startswith("zos")
+        and not os|startswith("macos")
   hostname: name="{{ safe_hostname }}"
 
 - name: disable joyent smartconnect
@@ -60,7 +61,19 @@
     state: absent
 
 - name: install packages
-  when: not os|startswith("zos")
+  when: not os|startswith("zos") and not os|startswith("macos")
+  package: name="{{ package }}" state=present
+  loop_control:
+    loop_var: package
+  with_items:
+    # ansible doesn't like empty lists
+    - "{{ packages[os]|default('[]') }}"
+    - "{{ packages[os|stripversion]|default('[]') }}"
+    - "{{ common_packages|default('[]') }}"
+
+- name: install packages (macos)
+  when: os|startswith("macos")
+  become_user: administrator
   package: name="{{ package }}" state=present
   loop_control:
     loop_var: package
@@ -71,6 +84,20 @@
     - "{{ packages[os|stripversion]|default('[]') }}"
     - "{{ common_packages|default('[]') }}"
 
+- name: Check whether /etc/paths contains "/usr/localopt/ccache/libexec" (macos)
+  when: os|startswith("macos")
+  command: grep -Fxq "/usr/localopt/ccache/libexec" /etc/paths
+  register: ccache_mac
+  check_mode: no
+  ignore_errors: yes
+  changed_when: no
+
+- name: add ccache to the path (macos)
+  when: ccache_mac.rc == 1
+  lineinfile: dest=/etc/paths
+    insertbefore=BOF
+    line='/usr/localopt/ccache/libexec'
+
 - name: ubuntu1404 | update package alternatives
   when: os == "ubuntu1404"
   alternatives: link=/usr/bin/{{ gcc }} name={{ gcc }} path=/usr/bin/{{ gcc }}-4.9

ansible/roles/baselayout/vars/main.yml

@@ -27,53 +27,54 @@ ntp_service: {
 }
 
 common_packages: [
-  'automake,bash,libtool,sudo',
+  'automake,bash,libtool',
 ]
 
 # you can either add os family or os to this list (see smartos)
 # but the playbook chooses os over family - not both
 packages: {
   centos6_x64: ['centos-release-scl'], # only available on x86_64, 32-bit is from https://copr.fedorainfracloud.org/coprs/mlampe
   centos6: [
-    'ccache,git2u,gcc-c++,devtoolset-6', # even need gcc on centos6 so ccache has symlinks
+    'ccache,git2u,gcc-c++,devtoolset-6,sudo', # even need gcc on centos6 so ccache has symlinks
   ],
 
   centos7_arm64: ['git'], # git2u not available for aarch64 (yet)
-  centos7_x64: ['git2u','centos-release-scl'], # centos-release-scl is required to enable SCLo
+  centos7_x64: ['git2u','centos-release-scl',], # centos-release-scl is required to enable SCLo
                                                # but we do it manually in partials/repo/centos7.yml for arm64
   centos7: [
-    'ccache,gcc-c++,devtoolset-6',
+    'ccache,gcc-c++,devtoolset-6,sudo',
   ],
 
   debian7: [
-    'gcc-4.8,g++-4.8',
+    'gcc-4.8,g++-4.8,sudo',
   ],
 
   debian8: [
-    'ccache,git,gcc-4.9,g++-4.9,libfontconfig1,binutils-2.26',
+    'ccache,git,gcc-4.9,g++-4.9,libfontconfig1,binutils-2.26,sudo',
   ],
 
   debian9: [
-    'gcc-6,g++-6,ccache,git,curl,libfontconfig1,apt-transport-https,ca-certificates',
+    'gcc-6,g++-6,ccache,git,curl,libfontconfig1,apt-transport-https,ca-certificates,sudo',
   ],
 
   fedora: [
-    'bzip2,ccache,gcc-c++,git,fontconfig',
+    'bzip2,ccache,gcc-c++,git,fontconfig,sudo',
   ],
 
   freebsd: [
-    'ccache,git,gmake'
+    'ccache,git,gmake,sudo'
   ],
 
   rhel72: [
-    'gcc-c++',
+    'gcc-c++,sudo',
   ],
 
   smartos: [
     'gccmakedep',
     'git',
     'gmake',
-    'xz'
+    'xz',
+    'sudo',
   ],
 
   smartos14: [
@@ -96,7 +97,7 @@ packages: {
   ],
 
   ubuntu: [
-    'ccache,g++,gcc,git,libfontconfig1',
+    'ccache,g++,gcc,git,libfontconfig1,sudo',
   ],
 
   ubuntu1404: [

ansible/roles/java-base/tasks/main.yml

@@ -48,12 +48,18 @@
 
 # if this fails you want to check in vars/main.yml and add package name
 # as appropriate -- try to use generic os family if available.
+
+- name: Check if java is already installed
+  raw: java -version
+  register: java
+  ignore_errors: yes
+
 - name: install java
-  when: not os|startswith("zos") and arch != "ppc64" and not inventory_hostname|regex_search('-arm(v6l|v7l|64)_pi')
+  when: java.rc > 0 and not os|startswith("zos") and arch != "ppc64" and not inventory_hostname|regex_search('-arm(v6l|v7l|64)_pi')
   package: name="{{ java_package_name }}" state=present
 
 - name: install webupd8 oracle java 8 extras
-  when: os in ("ubuntu1204", "ubuntu1404") and arch != "ppc64"
+  when: java.rc > 0 and os in ("ubuntu1204", "ubuntu1404") and arch != "ppc64"
   package: name="{{item}}" state=present
   with_items:
     - ca-certificates

ansible/roles/java-base/vars/main.yml

@@ -12,6 +12,7 @@ packages: {
   'debian9': 'openjdk-8-jre-headless',
   'fedora': 'java-1.8.0-openjdk-headless',
   'freebsd': 'openjdk8-jre',
+  'macos': 'adoptopenjdk-openjdk8'
   'rhel72': 'java-1.8.0-openjdk',
   'smartos': 'openjdk8',
   'ubuntu': 'openjdk-8-jre-headless',

ansible/roles/jenkins-worker/tasks/main.yml

@@ -67,11 +67,11 @@
     line: ::1 localhost.localdomain localhost
 
 - name: create NODE_TEST_DIR directory
-  file: path=/home/{{ server_user }}/tmp state=directory
+  file: path="{{ home }}/{{ server_user }}/tmp" state=directory
 
 - name: set NODE_TEST_DIR permission and owner
   file:
-    path: /home/{{ server_user }}/tmp
+    path: "{{ home }}/{{ server_user }}/tmp"
     owner: "{{ server_user }}"
     group: "{{ server_user }}"
     mode: 0755
@@ -124,7 +124,7 @@
     timeout: 60
     force: yes
 
-# temporary until we get the righ cert bundles
+# temporary until we get the right cert bundles
 - name: download slave.jar -zos
   when: os|startswith("zos")
   get_url:
@@ -176,6 +176,14 @@
     dest: "/etc/sysconfig/jenkins"
     mode: "0644"
 
+# TODO - Should this run on every machine?
+- name: copy start.sh to {{ home }}/{{ server_user }}/start.sh
+  when: os|startswith("macos")
+  template:
+    src: "start.j2"
+    dest: "{{ home }}/{{ server_user }}/start.sh"
+    mode: "0755"
+
 - name: import manifest to svcadm
   when: os|startswith("smartos")
   raw: "svccfg import {{ jenkins.dest }}"
@@ -219,9 +227,17 @@
   command: "chown -R {{ server_user }} {{ home }}/{{ server_user }}/gyp"
 
 - name: enable jenkins at startup - general
-  when: not os|startswith("zos")
+  when: not os|startswith("zos") and not os|startswith("macos")
   service: name=jenkins state=started enabled=yes
 
+- name: Load org.nodejs.osx.jenkins.plist into launchctl
+  when: os|startswith("macos")
+  command: launchctl load /Library/LaunchDaemons/org.nodejs.osx.jenkins.plist
+
+- name: Start org.nodejs.osx.jenkins.plist
+  when: os|startswith("macos")
+  command: launchctl start org.nodejs.osx.jenkins
+
 # lineinfile does not work on zos due to character conversions
 # the inserted line ends up in the wrong character set. We
 # tried a few variations to work around this without

ansible/roles/jenkins-worker/tasks/partials/tap2junit/macos.yml

@@ -0,0 +1,10 @@
+---
+
+#
+# macos: python2.7
+#
+
+- name: install pip
+  pip:
+    name: tap2junit
+    executable: /usr/local/bin/pip2

ansible/roles/jenkins-worker/templates/org.nodejs.osx.jenkins.plist

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+        <dict>
+                <key>Label</key>
+                <string>org.nodejs.osx.jenkins</string>
+
+                <key>UserName</key>
+                <string>iojs</string>
+
+                <key>WorkingDirectory</key>
+                <string>/Users/iojs</string>
+
+                <key>Program</key>
+                <string>/Users/iojs/start.sh</string>
+
+                <key>RunAtLoad</key>
+                <true/>
+
+                <key>KeepAlive</key>
+                <true/>
+
+                <key>StandardErrorPath</key>
+                <string>/Users/iojs/jenkins_err.log</string>
+
+                <key>StandardOutPath</key>
+                <string>/Users/iojs/jenkins.log</string>
+        </dict>
+</plist>

ansible/roles/jenkins-worker/templates/start.j2

@@ -1,10 +1,5 @@
-#!/NODEJS2/bin/bash
-
-su -s - iojs <<'EOF'
-
-export PATH=/NODEJS/bin:$PATH
+#!/bin/bash
 export HOME={{ home }}/{{ server_user }}
-export NODE_COMMON_PIPE="$HOME/test.pipe"
 export NODE_TEST_DIR="$HOME/tmp"
 export JOBS="{{ jobs_env }}"
 export OSTYPE=zos

ansible/roles/jenkins-worker/templates/zos_start.j2

@@ -0,0 +1,26 @@
+#!/NODEJS2/bin/bash
+
+su -s - iojs <<'EOF'
+
+export PATH=/NODEJS/bin:$PATH
+export HOME={{ home }}/{{ server_user }}
+export NODE_COMMON_PIPE="$HOME/test.pipe"
+export NODE_TEST_DIR="$HOME/tmp"
+export JOBS="{{ server_jobs | default(ansible_processor_vcpus) }}"
+export OSTYPE=zos
+
+export _BPXK_AUTOCVT=ON
+export _CEE_RUNOPTS="FILETAG(AUTOCVT,AUTOTAG) POSIX(ON)"
+export _TAG_REDIR_ERR=txt
+export _TAG_REDIR_IN=txt
+export _TAG_REDIR_OUT=txt
+
+export CC=/bin/xlc
+export LINK=/bin/xlc
+export CFLAGS="-q64"
+export LDFLAGS="-q64"
+
+{{ java_path[os] }} -Dfile.encoding=ISO8859_1 -Xmx{{ server_ram|default('128m') }} \
+    -jar {{ home }}/{{ server_user }}/slave.jar -secret {{ secret }} \
+    -jnlpUrl {{ jenkins_url }}/computer/{{ inventory_hostname }}/slave-agent.jnlp >{{ home }}/{{ server_user }}/jenkins.log 2>&1  &
+EOF

ansible/roles/jenkins-worker/vars/main.yml

@@ -9,11 +9,12 @@ init: {
   centos6:  'centos6',
   debian:  ['debian7', 'ubuntu1204'],
   freebsd: 'freebsd',
+  macos:   'macos',
   rhel72: 'rhel72',
   systemd: ['centos7', 'debian8', 'debian9', 'fedora', 'ubuntu1604', 'ubuntu1610', 'ubuntu1710'],
   svc:     'smartos',
   upstart: ['ubuntu12', 'ubuntu1404'],
-  start:   'zos'
+  zos_start:   'zos'
   }
 
 jenkins_init: {
@@ -37,6 +38,11 @@ jenkins_init: {
     src: 'freebsd.initd.j2',
     mode: '0755'
     },
+  macos: {
+    dest: '/Library/LaunchDaemons/org.nodejs.osx.jenkins.plist',
+    src: 'org.nodejs.osx.jenkins.plist',
+    mode: '0755'
+    },
   openrc: {
     dest: '/etc/init.d/jenkins',
     src: 'openrc.initd.j2',
@@ -59,9 +65,9 @@ jenkins_init: {
     dest: '/etc/init/jenkins.conf',
     src: 'upstart.j2'
     },
-  start: {
+  zos_start: {
     dest: '{{ home }}/{{ server_user }}/start.sh',
-    src: 'start.j2'
+    src: 'zos_start.j2'
     },
   }
 

ansible/roles/package-upgrade/files/core-dumps.plist

@@ -0,0 +1,15 @@
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>Label</key>
+    <string>sysctl</string>
+    <key>ProgramArguments</key>
+    <array>
+        <string>/usr/sbin/sysctl</string>
+        <string>-w</string>
+        <string>kern.corefile=core.%P</string>
+    </array>
+    <key>RunAtLoad</key>
+    <true/>
+</dict>
+</plist>

ansible/roles/package-upgrade/files/install-homebrew.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+yes | /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"