diff options
author | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-11-26 03:06:42 +0200 |
---|---|---|
committer | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-11-26 03:06:42 +0200 |
commit | 5ee1ae7ba94e924a42b8b4d0532b94e0e04220ee (patch) | |
tree | 705be8a43e30563ac129a9fe58403a4481249ead | |
parent | 453644808e860c727e3cf7f1bac67c4094763390 (diff) |
Refactor for better separation of generic Jenkins vs Android Build setup.
Android Build setup is likely broken and needs further refactor.
17 files changed, 93 insertions, 47 deletions
diff --git a/ansible-deploy/files/apache.conf b/ansible-deploy/files/android-build.linaro.org index 6f64af8..e61c21d 100644 --- a/ansible-deploy/files/apache.conf +++ b/ansible-deploy/files/android-build.linaro.org @@ -11,8 +11,8 @@ RewriteRule ^/builds/~([a-z][-a-z0-9]+)/([-A-Za-z0-9_.]+)/lastSuccessful/output(.*) http://127.0.0.1:600/$1_$2/lastSuccessful/archive$3 [L,P] RewriteRule ^/mockup(.*) $1 [R=301] - ProxyPass /jenkins http://localhost:9090/jenkins - ProxyPassReverse /jenkins http://localhost:9090/jenkins + ProxyPass /jenkins http://localhost:8080/jenkins + ProxyPassReverse /jenkins http://localhost:8080/jenkins Alias /static /home/build-system-frontend/frontend/static Alias /3.3.0/build /home/build-system-frontend/yui/build diff --git a/ansible-deploy/files/jenkins b/ansible-deploy/files/jenkins new file mode 100644 index 0000000..eede3e7 --- /dev/null +++ b/ansible-deploy/files/jenkins @@ -0,0 +1,36 @@ +<VirtualHost *:80> + ServerAdmin webmaster@localhost + ServerName {{site_name}} + ServerName {{inventory_hostname}} +# ServerAlias rdk.ci + ProxyRequests Off + <Proxy *> + Order deny,allow + Allow from all + </Proxy> + ProxyPreserveHost on + ProxyPass / http://localhost:8080/ + + RewriteEngine on + ReWriteCond %{SERVER_PORT} !^443$ + RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] +</VirtualHost> + +<VirtualHost *:443> + ServerAdmin webmaster@localhost + ServerName {{site_name}} + ServerName {{inventory_hostname}} +# ServerAlias rdk.ci + ProxyRequests Off + <Proxy *> + Order deny,allow + Allow from all + </Proxy> + ProxyPreserveHost off + ProxyPass / http://localhost:8080/ + ProxyPassReverse / http://localhost:8080/ + + SSLEngine on + SSLCertificateFile {{ssl_cert}} + SSLCertificateKeyFile {{ssl_key}} +</VirtualHost> diff --git a/ansible-deploy/frontend.yml b/ansible-deploy/frontend.yml index 49fc8ea..0d41040 100644 --- a/ansible-deploy/frontend.yml +++ b/ansible-deploy/frontend.yml @@ -8,4 +8,5 @@ - ../ansible-private-vars/main.yml roles: - common + - jenkins-user - frontend diff --git a/ansible-deploy/group_vars/ec2 b/ansible-deploy/group_vars/ec2 new file mode 100644 index 0000000..a187b39 --- /dev/null +++ b/ansible-deploy/group_vars/ec2 @@ -0,0 +1 @@ +ansible_ssh_user: ubuntu diff --git a/ansible-deploy/group_vars/vagrant b/ansible-deploy/group_vars/vagrant new file mode 100644 index 0000000..04b66b1 --- /dev/null +++ b/ansible-deploy/group_vars/vagrant @@ -0,0 +1,2 @@ +ansible_ssh_user: vagrant +ansible_ssh_pass: vagrant diff --git a/ansible-deploy/jenkins.yml b/ansible-deploy/jenkins.yml index ffed10e..4df2704 100644 --- a/ansible-deploy/jenkins.yml +++ b/ansible-deploy/jenkins.yml @@ -1,18 +1,22 @@ --- -- hosts: jenkins-master +- hosts: jenkins-generic gather_facts: no vars: - linaro_android_build_tools_repo: lp:linaro-android-build-tools - linaro_android_build_tools_rev: 676 - jenkins_version: 1.509.2 - - site_name: android-build.linaro.org - - ssl_cert: /etc/ssl/private/android-build.linaro.org.crt + - ssl_cert: /etc/ssl/certs/{{site_name}}.crt + - ssl_key: /etc/ssl/private/{{site_name}}.key + # "native" or "crowd" + - jenkins_auth: crowd vars_files: - ../ansible-private-vars/main.yml roles: - common - apache + - sslcert - jenkins + - {role: apache-site, config: "jenkins"} tasks: - name: Check out linaro-android-build-tools bzr: name={{linaro_android_build_tools_repo}} version={{linaro_android_build_tools_rev}} dest=~/linaro-android-build-tools diff --git a/ansible-deploy/roles/apache-site/tasks/main.yml b/ansible-deploy/roles/apache-site/tasks/main.yml new file mode 100644 index 0000000..7d6d7b6 --- /dev/null +++ b/ansible-deploy/roles/apache-site/tasks/main.yml @@ -0,0 +1,10 @@ +- name: Install Apache site config + template: src=files/{{config}} dest=/etc/apache2/sites-available/{{config}} + sudo: yes + notify: + - Restart Apache +- name: Enable site config + command: a2ensite {{config}} creates=/etc/apache2/sites-enabled/{{config}} + sudo: yes + notify: + - Restart Apache diff --git a/ansible-deploy/roles/apache/tasks/main.yml b/ansible-deploy/roles/apache/tasks/main.yml index bfadc03..2db8e3a 100644 --- a/ansible-deploy/roles/apache/tasks/main.yml +++ b/ansible-deploy/roles/apache/tasks/main.yml @@ -3,7 +3,6 @@ sudo: yes with_items: - apache2 - - libapache2-mod-wsgi - name: Enable Apache modules command: a2enmod {{item}} creates=/etc/apache2/mods-enabled/{{item}}.load sudo: yes @@ -14,26 +13,3 @@ - rewrite - expires - ssl -- name: Prepare OpenSSL config - copy: src=ssleay.conf dest=/tmp/ -- name: Create self-signed SSL certificate - command: openssl req -config /tmp/ssleay.conf -new -x509 -days 3650 -nodes -out {{ssl_cert}} -keyout {{ssl_cert}} - creates={{ssl_cert}} - sudo: yes - notify: - - Restart Apache -- name: Set permissions on certificate - file: path={{ssl_cert}} mode=600 - sudo: yes -- name: Install Apache site config - copy: src=files/apache.conf dest=/etc/apache2/sites-available/{{site_name}} - sudo: yes - notify: - - Restart Apache -- name: Enable site config - command: a2ensite {{item}} creates=/etc/apache2/sites-enabled/{{site_name}} - sudo: yes - with_items: - - "{{site_name}}" - notify: - - Restart Apache diff --git a/ansible-deploy/roles/common/tasks/main.yml b/ansible-deploy/roles/common/tasks/main.yml index 7e6d2f3..e0409be 100644 --- a/ansible-deploy/roles/common/tasks/main.yml +++ b/ansible-deploy/roles/common/tasks/main.yml @@ -10,5 +10,3 @@ - git-core - gnupg - make - # ?? - - python-pycurl diff --git a/ansible-deploy/roles/frontend/tasks/main.yml b/ansible-deploy/roles/frontend/tasks/main.yml index 05f7acd..ec46071 100644 --- a/ansible-deploy/roles/frontend/tasks/main.yml +++ b/ansible-deploy/roles/frontend/tasks/main.yml @@ -2,13 +2,17 @@ apt: pkg={{item}} sudo: yes with_items: + - libapache2-mod-wsgi - python-virtualenv - python-lxml - python-openid - tidy - unzip - python-cssutils + - python-lxml - sqlite3 + # ?? + - python-pycurl - name: Create frontend user user: name=build-system-frontend comment="Android Build Frontend" diff --git a/ansible-deploy/roles/jenkins-user/tasks/main.yml b/ansible-deploy/roles/jenkins-user/tasks/main.yml new file mode 100644 index 0000000..13abbfc --- /dev/null +++ b/ansible-deploy/roles/jenkins-user/tasks/main.yml @@ -0,0 +1,8 @@ +- name: Create Jenkins "frontend" user dir + file: state=directory dest=/var/lib/jenkins/users/frontend owner=jenkins + sudo: yes + +- name: Create Jenkins "frontend" user config + template: src=jenkins-config/users/frontend/config.xml + dest=/var/lib/jenkins/users/frontend/config.xml owner=jenkins + sudo: yes diff --git a/ansible-deploy/roles/jenkins/templates/jenkins-config/users/frontend/config.xml b/ansible-deploy/roles/jenkins-user/tasks/templates/jenkins-config/users/frontend/config.xml index 4ca3b9f..4ca3b9f 100644 --- a/ansible-deploy/roles/jenkins/templates/jenkins-config/users/frontend/config.xml +++ b/ansible-deploy/roles/jenkins-user/tasks/templates/jenkins-config/users/frontend/config.xml diff --git a/ansible-deploy/roles/jenkins/tasks/main.yml b/ansible-deploy/roles/jenkins/tasks/main.yml index fa854f3..f710a82 100644 --- a/ansible-deploy/roles/jenkins/tasks/main.yml +++ b/ansible-deploy/roles/jenkins/tasks/main.yml @@ -2,7 +2,6 @@ apt: pkg={{item}} sudo: yes with_items: - - python-lxml - default-jre - daemon - name: Download Jenkins {{jenkins_version}} LTS package @@ -14,12 +13,14 @@ - name: Configure Jenkins port lineinfile: regexp="^HTTP_PORT=" line="HTTP_PORT=9090" dest=/etc/default/jenkins backup=yes sudo: yes + when: jenkins_port != 8080 - name: Configure Jenkins URL prefix # Add --prefix= arg to existing args if not there yet lineinfile: regexp='^JENKINS_ARGS=(?!.*--prefix=/jenkins)"?(.+?)"?$' line='JENKINS_ARGS="\1 --prefix=/jenkins"' dest=/etc/default/jenkins backrefs=yes sudo: yes + when: jenkins_prefix != "/" #- name: Set up minimal Jenkins configuration skeleton # # This requires recursive copy patch @@ -59,15 +60,6 @@ notify: - Restart Jenkins -- name: Create Jenkins "frontend" user dir - file: state=directory dest=/var/lib/jenkins/users/frontend owner=jenkins - sudo: yes - -- name: Create Jenkins "frontend" user config - template: src=jenkins-config/users/frontend/config.xml - dest=/var/lib/jenkins/users/frontend/config.xml owner=jenkins - sudo: yes - - name: Create Jenkins external address config template: src=jenkins-config/hudson.tasks.Mailer.xml dest=/var/lib/jenkins/hudson.tasks.Mailer.xml owner=jenkins diff --git a/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml b/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml index 3952708..5bebf65 100644 --- a/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml +++ b/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml @@ -25,7 +25,7 @@ <url>https://login.linaro.org:8443/crowd</url> <applicationName>{{crowd_user}}</applicationName> <password>{{crowd_passwd}}</password> - <group>linaro-android-builders</group> + <group>linaro-login-users</group> <nestedGroups>false</nestedGroups> <useSSO>false</useSSO> <sessionValidationInterval>10</sessionValidationInterval> diff --git a/ansible-deploy/roles/jenkins/vars/main.yml b/ansible-deploy/roles/jenkins/vars/main.yml index b7888fd..b5f7281 100644 --- a/ansible-deploy/roles/jenkins/vars/main.yml +++ b/ansible-deploy/roles/jenkins/vars/main.yml @@ -1,8 +1,8 @@ +jenkins_port: 8080 +jenkins_prefix: "/" jenkins_plugins: - http://updates.jenkins-ci.org/download/plugins/ec2/1.18/ec2.hpi - http://people.linaro.org/~paul.sokolovsky/jenkins/shell-status-20120125.hpi - http://people.linaro.org/~paul.sokolovsky/jenkins/crowd2-1.6-SNAPSHOT-20130816.hpi - http://updates.jenkins-ci.org/download/plugins/greenballs/1.12/greenballs.hpi - http://updates.jenkins-ci.org/download/plugins/build-timeout/1.8/build-timeout.hpi -# "native" or "crowd" -jenkins_auth: crowd diff --git a/ansible-deploy/roles/sslcert/tasks/main.yml b/ansible-deploy/roles/sslcert/tasks/main.yml new file mode 100644 index 0000000..eaf555e --- /dev/null +++ b/ansible-deploy/roles/sslcert/tasks/main.yml @@ -0,0 +1,14 @@ +- name: Prepare OpenSSL config + template: src=ssleay.conf dest=/tmp/ +- name: Create self-signed SSL certificate + command: openssl req -config /tmp/ssleay.conf -new -x509 -days 3650 -nodes -out {{ssl_cert}} -keyout {{ssl_key}} + creates={{ssl_cert}} + sudo: yes + notify: + - Restart Apache +- name: Set permissions on certificate + file: path={{ssl_cert}} mode=600 + sudo: yes +- name: Set permissions on certificate key + file: path={{ssl_key}} mode=600 + sudo: yes diff --git a/ansible-deploy/roles/apache/files/ssleay.conf b/ansible-deploy/roles/sslcert/templates/ssleay.conf index ff79601..f333d5e 100644 --- a/ansible-deploy/roles/apache/files/ssleay.conf +++ b/ansible-deploy/roles/sslcert/templates/ssleay.conf @@ -1,9 +1,9 @@ RANDFILE = /dev/urandom -[ req ] +[req] default_bits = 1024 default_keyfile = privkey.pem distinguished_name = req_distinguished_name prompt = no policy = policy_anything -[ req_distinguished_name ] -commonName = android-build.linaro.org +[req_distinguished_name] +commonName = {{site_name}} |