Refactor for better separation of generic Jenkins vs Android Build setup.

Android Build setup is likely broken and needs further refactor.

17 files changed, 93 insertions, 47 deletions

diff --git a/ansible-deploy/files/apache.conf b/ansible-deploy/files/android-build.linaro.org
index 6f64af8..e61c21d 100644
--- a/ansible-deploy/files/apache.conf
+++ b/ansible-deploy/files/android-build.linaro.org
@@ -11,8 +11,8 @@
     RewriteRule ^/builds/~([a-z][-a-z0-9]+)/([-A-Za-z0-9_.]+)/lastSuccessful/output(.*) http://127.0.0.1:600/$1_$2/lastSuccessful/archive$3 [L,P]
     RewriteRule ^/mockup(.*) $1 [R=301]
 
-    ProxyPass /jenkins http://localhost:9090/jenkins
-    ProxyPassReverse /jenkins http://localhost:9090/jenkins
+    ProxyPass /jenkins http://localhost:8080/jenkins
+    ProxyPassReverse /jenkins http://localhost:8080/jenkins
 
     Alias /static /home/build-system-frontend/frontend/static
     Alias /3.3.0/build /home/build-system-frontend/yui/build
diff --git a/ansible-deploy/files/jenkins b/ansible-deploy/files/jenkins
new file mode 100644
index 0000000..eede3e7
--- /dev/null
+++ b/ansible-deploy/files/jenkins
@@ -0,0 +1,36 @@
+<VirtualHost *:80>
+  ServerAdmin webmaster@localhost
+  ServerName {{site_name}}
+  ServerName {{inventory_hostname}}
+#  ServerAlias rdk.ci
+  ProxyRequests Off
+  <Proxy *>
+    Order deny,allow
+    Allow from all
+  </Proxy>
+  ProxyPreserveHost on
+  ProxyPass / http://localhost:8080/
+
+  RewriteEngine on
+  ReWriteCond %{SERVER_PORT} !^443$
+  RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerAdmin webmaster@localhost
+  ServerName {{site_name}}
+  ServerName {{inventory_hostname}}
+#  ServerAlias rdk.ci
+  ProxyRequests Off
+  <Proxy *>
+    Order deny,allow
+    Allow from all
+  </Proxy>
+  ProxyPreserveHost off
+  ProxyPass / http://localhost:8080/
+  ProxyPassReverse / http://localhost:8080/
+
+  SSLEngine on
+  SSLCertificateFile    {{ssl_cert}}
+  SSLCertificateKeyFile {{ssl_key}}
+</VirtualHost>
diff --git a/ansible-deploy/frontend.yml b/ansible-deploy/frontend.yml
index 49fc8ea..0d41040 100644
--- a/ansible-deploy/frontend.yml
+++ b/ansible-deploy/frontend.yml
@@ -8,4 +8,5 @@
     - ../ansible-private-vars/main.yml
   roles:
     - common
+    - jenkins-user
     - frontend
diff --git a/ansible-deploy/group_vars/ec2 b/ansible-deploy/group_vars/ec2
new file mode 100644
index 0000000..a187b39
--- /dev/null
+++ b/ansible-deploy/group_vars/ec2
@@ -0,0 +1 @@
+ansible_ssh_user: ubuntu
diff --git a/ansible-deploy/group_vars/vagrant b/ansible-deploy/group_vars/vagrant
new file mode 100644
index 0000000..04b66b1
--- /dev/null
+++ b/ansible-deploy/group_vars/vagrant
@@ -0,0 +1,2 @@
+ansible_ssh_user: vagrant
+ansible_ssh_pass: vagrant
diff --git a/ansible-deploy/jenkins.yml b/ansible-deploy/jenkins.yml
index ffed10e..4df2704 100644
--- a/ansible-deploy/jenkins.yml
+++ b/ansible-deploy/jenkins.yml
@@ -1,18 +1,22 @@
 ---
-- hosts: jenkins-master
+- hosts: jenkins-generic
   gather_facts: no
   vars:
     - linaro_android_build_tools_repo: lp:linaro-android-build-tools
     - linaro_android_build_tools_rev: 676
     - jenkins_version: 1.509.2
-    - site_name: android-build.linaro.org
-    - ssl_cert: /etc/ssl/private/android-build.linaro.org.crt
+    - ssl_cert: /etc/ssl/certs/{{site_name}}.crt
+    - ssl_key: /etc/ssl/private/{{site_name}}.key
+    # "native" or "crowd"
+    - jenkins_auth: crowd
   vars_files:
     - ../ansible-private-vars/main.yml
   roles:
     - common
     - apache
+    - sslcert
     - jenkins
+    - {role: apache-site, config: "jenkins"}
   tasks:
   - name: Check out linaro-android-build-tools
     bzr: name={{linaro_android_build_tools_repo}} version={{linaro_android_build_tools_rev}} dest=~/linaro-android-build-tools
diff --git a/ansible-deploy/roles/apache-site/tasks/main.yml b/ansible-deploy/roles/apache-site/tasks/main.yml
new file mode 100644
index 0000000..7d6d7b6
--- /dev/null
+++ b/ansible-deploy/roles/apache-site/tasks/main.yml
@@ -0,0 +1,10 @@
+- name: Install Apache site config
+  template: src=files/{{config}} dest=/etc/apache2/sites-available/{{config}}
+  sudo: yes
+  notify:
+      - Restart Apache
+- name: Enable site config
+  command: a2ensite {{config}} creates=/etc/apache2/sites-enabled/{{config}}
+  sudo: yes
+  notify:
+      - Restart Apache
diff --git a/ansible-deploy/roles/apache/tasks/main.yml b/ansible-deploy/roles/apache/tasks/main.yml
index bfadc03..2db8e3a 100644
--- a/ansible-deploy/roles/apache/tasks/main.yml
+++ b/ansible-deploy/roles/apache/tasks/main.yml
@@ -3,7 +3,6 @@
   sudo: yes
   with_items:
       - apache2
-      - libapache2-mod-wsgi
 - name: Enable Apache modules
   command: a2enmod {{item}} creates=/etc/apache2/mods-enabled/{{item}}.load
   sudo: yes
@@ -14,26 +13,3 @@
       - rewrite
       - expires
       - ssl
-- name: Prepare OpenSSL config
-  copy: src=ssleay.conf dest=/tmp/
-- name: Create self-signed SSL certificate
-  command: openssl req -config /tmp/ssleay.conf -new -x509 -days 3650 -nodes -out {{ssl_cert}} -keyout {{ssl_cert}}
-           creates={{ssl_cert}}
-  sudo: yes
-  notify:
-      - Restart Apache
-- name: Set permissions on certificate
-  file: path={{ssl_cert}} mode=600
-  sudo: yes
-- name: Install Apache site config
-  copy: src=files/apache.conf dest=/etc/apache2/sites-available/{{site_name}}
-  sudo: yes
-  notify:
-      - Restart Apache
-- name: Enable site config
-  command: a2ensite {{item}} creates=/etc/apache2/sites-enabled/{{site_name}}
-  sudo: yes
-  with_items:
-      - "{{site_name}}"
-  notify:
-      - Restart Apache
diff --git a/ansible-deploy/roles/common/tasks/main.yml b/ansible-deploy/roles/common/tasks/main.yml
index 7e6d2f3..e0409be 100644
--- a/ansible-deploy/roles/common/tasks/main.yml
+++ b/ansible-deploy/roles/common/tasks/main.yml
@@ -10,5 +10,3 @@
       - git-core
       - gnupg
       - make
-      # ??
-      - python-pycurl
diff --git a/ansible-deploy/roles/frontend/tasks/main.yml b/ansible-deploy/roles/frontend/tasks/main.yml
index 05f7acd..ec46071 100644
--- a/ansible-deploy/roles/frontend/tasks/main.yml
+++ b/ansible-deploy/roles/frontend/tasks/main.yml
@@ -2,13 +2,17 @@
   apt: pkg={{item}}
   sudo: yes
   with_items:
+      - libapache2-mod-wsgi
       - python-virtualenv
       - python-lxml
       - python-openid
       - tidy
       - unzip
       - python-cssutils
+      - python-lxml
       - sqlite3
+      # ??
+      - python-pycurl
 
 - name: Create frontend user
   user: name=build-system-frontend comment="Android Build Frontend"
diff --git a/ansible-deploy/roles/jenkins-user/tasks/main.yml b/ansible-deploy/roles/jenkins-user/tasks/main.yml
new file mode 100644
index 0000000..13abbfc
--- /dev/null
+++ b/ansible-deploy/roles/jenkins-user/tasks/main.yml
@@ -0,0 +1,8 @@
+- name: Create Jenkins "frontend" user dir
+  file: state=directory dest=/var/lib/jenkins/users/frontend owner=jenkins
+  sudo: yes
+
+- name: Create Jenkins "frontend" user config
+  template: src=jenkins-config/users/frontend/config.xml
+            dest=/var/lib/jenkins/users/frontend/config.xml owner=jenkins
+  sudo: yes
diff --git a/ansible-deploy/roles/jenkins/templates/jenkins-config/users/frontend/config.xml b/ansible-deploy/roles/jenkins-user/tasks/templates/jenkins-config/users/frontend/config.xml
index 4ca3b9f..4ca3b9f 100644
--- a/ansible-deploy/roles/jenkins/templates/jenkins-config/users/frontend/config.xml
+++ b/ansible-deploy/roles/jenkins-user/tasks/templates/jenkins-config/users/frontend/config.xml
diff --git a/ansible-deploy/roles/jenkins/tasks/main.yml b/ansible-deploy/roles/jenkins/tasks/main.yml
index fa854f3..f710a82 100644
--- a/ansible-deploy/roles/jenkins/tasks/main.yml
+++ b/ansible-deploy/roles/jenkins/tasks/main.yml
@@ -2,7 +2,6 @@
   apt: pkg={{item}}
   sudo: yes
   with_items:
-      - python-lxml
       - default-jre
       - daemon
 - name: Download Jenkins {{jenkins_version}} LTS package
@@ -14,12 +13,14 @@
 - name: Configure Jenkins port
   lineinfile: regexp="^HTTP_PORT=" line="HTTP_PORT=9090" dest=/etc/default/jenkins backup=yes
   sudo: yes
+  when: jenkins_port != 8080
 - name: Configure Jenkins URL prefix
   # Add --prefix= arg to existing args if not there yet
   lineinfile: regexp='^JENKINS_ARGS=(?!.*--prefix=/jenkins)"?(.+?)"?$'
               line='JENKINS_ARGS="\1 --prefix=/jenkins"'
               dest=/etc/default/jenkins backrefs=yes
   sudo: yes
+  when: jenkins_prefix != "/"
 
 #- name: Set up minimal Jenkins configuration skeleton
 #  # This requires recursive copy patch
@@ -59,15 +60,6 @@
   notify:
       - Restart Jenkins
 
-- name: Create Jenkins "frontend" user dir
-  file: state=directory dest=/var/lib/jenkins/users/frontend owner=jenkins
-  sudo: yes
-
-- name: Create Jenkins "frontend" user config
-  template: src=jenkins-config/users/frontend/config.xml
-            dest=/var/lib/jenkins/users/frontend/config.xml owner=jenkins
-  sudo: yes
-
 - name: Create Jenkins external address config
   template: src=jenkins-config/hudson.tasks.Mailer.xml
             dest=/var/lib/jenkins/hudson.tasks.Mailer.xml owner=jenkins
diff --git a/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml b/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml
index 3952708..5bebf65 100644
--- a/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml
+++ b/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml
@@ -25,7 +25,7 @@
     <url>https://login.linaro.org:8443/crowd</url>
     <applicationName>{{crowd_user}}</applicationName>
     <password>{{crowd_passwd}}</password>
-    <group>linaro-android-builders</group>
+    <group>linaro-login-users</group>
     <nestedGroups>false</nestedGroups>
     <useSSO>false</useSSO>
     <sessionValidationInterval>10</sessionValidationInterval>
diff --git a/ansible-deploy/roles/jenkins/vars/main.yml b/ansible-deploy/roles/jenkins/vars/main.yml
index b7888fd..b5f7281 100644
--- a/ansible-deploy/roles/jenkins/vars/main.yml
+++ b/ansible-deploy/roles/jenkins/vars/main.yml
@@ -1,8 +1,8 @@
+jenkins_port: 8080
+jenkins_prefix: "/"
 jenkins_plugins:
     - http://updates.jenkins-ci.org/download/plugins/ec2/1.18/ec2.hpi
     - http://people.linaro.org/~paul.sokolovsky/jenkins/shell-status-20120125.hpi
     - http://people.linaro.org/~paul.sokolovsky/jenkins/crowd2-1.6-SNAPSHOT-20130816.hpi
     - http://updates.jenkins-ci.org/download/plugins/greenballs/1.12/greenballs.hpi
     - http://updates.jenkins-ci.org/download/plugins/build-timeout/1.8/build-timeout.hpi
-# "native" or "crowd"
-jenkins_auth: crowd
diff --git a/ansible-deploy/roles/sslcert/tasks/main.yml b/ansible-deploy/roles/sslcert/tasks/main.yml
new file mode 100644
index 0000000..eaf555e
--- /dev/null
+++ b/ansible-deploy/roles/sslcert/tasks/main.yml
@@ -0,0 +1,14 @@
+- name: Prepare OpenSSL config
+  template: src=ssleay.conf dest=/tmp/
+- name: Create self-signed SSL certificate
+  command: openssl req -config /tmp/ssleay.conf -new -x509 -days 3650 -nodes -out {{ssl_cert}} -keyout {{ssl_key}}
+           creates={{ssl_cert}}
+  sudo: yes
+  notify:
+      - Restart Apache
+- name: Set permissions on certificate
+  file: path={{ssl_cert}} mode=600
+  sudo: yes
+- name: Set permissions on certificate key
+  file: path={{ssl_key}} mode=600
+  sudo: yes
diff --git a/ansible-deploy/roles/apache/files/ssleay.conf b/ansible-deploy/roles/sslcert/templates/ssleay.conf
index ff79601..f333d5e 100644
--- a/ansible-deploy/roles/apache/files/ssleay.conf
+++ b/ansible-deploy/roles/sslcert/templates/ssleay.conf
@@ -1,9 +1,9 @@
 RANDFILE                = /dev/urandom
-[ req ]
+[req]
 default_bits            = 1024
 default_keyfile         = privkey.pem
 distinguished_name      = req_distinguished_name
 prompt                  = no
 policy                  = policy_anything
-[ req_distinguished_name ]
-commonName              = android-build.linaro.org
+[req_distinguished_name]
+commonName              = {{site_name}}