diff options
author | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-10-15 21:36:20 +0300 |
---|---|---|
committer | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-10-15 21:36:20 +0300 |
commit | ed2e7da744a90100065e79d3ebeda4e896a98478 (patch) | |
tree | fd39b602c93d76e8f2a6f0c7130d6e3010741f5b | |
parent | 82e8618980d178b26acf2389db9fab15d2f90552 (diff) |
Support crowd auth for Jenkins (while retaining "own user db" support).
-rw-r--r-- | ansible-deploy/jenkins.yml | 2 | ||||
-rw-r--r-- | ansible-deploy/roles/jenkins/tasks/main.yml | 9 | ||||
-rw-r--r-- | ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml (renamed from ansible-deploy/roles/jenkins/files/jenkins-config/config.xml) | 17 | ||||
-rw-r--r-- | ansible-deploy/roles/jenkins/vars/main.yml | 2 |
4 files changed, 28 insertions, 2 deletions
diff --git a/ansible-deploy/jenkins.yml b/ansible-deploy/jenkins.yml index 17cb3dd..ffed10e 100644 --- a/ansible-deploy/jenkins.yml +++ b/ansible-deploy/jenkins.yml @@ -7,6 +7,8 @@ - jenkins_version: 1.509.2 - site_name: android-build.linaro.org - ssl_cert: /etc/ssl/private/android-build.linaro.org.crt + vars_files: + - ../ansible-private-vars/main.yml roles: - common - apache diff --git a/ansible-deploy/roles/jenkins/tasks/main.yml b/ansible-deploy/roles/jenkins/tasks/main.yml index 3bd5bca..8d97d65 100644 --- a/ansible-deploy/roles/jenkins/tasks/main.yml +++ b/ansible-deploy/roles/jenkins/tasks/main.yml @@ -20,10 +20,17 @@ line='JENKINS_ARGS="\1 --prefix=/jenkins"' dest=/etc/default/jenkins backrefs=yes sudo: yes -- name: Set up minimal Jenkins configuration +- name: Set up minimal Jenkins configuration skeleton # This requires recursive copy patch copy: backup=yes src=jenkins-config/ dest=/var/lib/jenkins/ owner=jenkins sudo: yes + notify: + - Restart Jenkins +- name: Set up Jenkins config file + template: backup=yes src=jenkins-config/config.xml dest=/var/lib/jenkins/ owner=jenkins + sudo: yes + notify: + - Restart Jenkins - name: Create Jenkins plugin dir file: state=directory path=~jenkins/plugins/ owner=jenkins sudo: yes diff --git a/ansible-deploy/roles/jenkins/files/jenkins-config/config.xml b/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml index 4efa391..3952708 100644 --- a/ansible-deploy/roles/jenkins/files/jenkins-config/config.xml +++ b/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml @@ -4,8 +4,9 @@ <numExecutors>0</numExecutors> <mode>NORMAL</mode> <useSecurity>true</useSecurity> - <authorizationStrategy class="hudson.security.GlobalMatrixAuthorizationStrategy"> + <authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy"> <permission>hudson.model.Hudson.Administer:admin</permission> + <permission>hudson.model.Hudson.Administer:infrastructure</permission> <permission>hudson.model.Hudson.Read:anonymous</permission> <permission>hudson.model.Hudson.Read:frontend</permission> <permission>hudson.model.Item.Build:frontend</permission> @@ -15,9 +16,23 @@ <permission>hudson.model.Item.Read:anonymous</permission> <permission>hudson.model.Item.Read:frontend</permission> </authorizationStrategy> +{% if jenkins_auth == "native" %} <securityRealm class="hudson.security.HudsonPrivateSecurityRealm"> <disableSignup>false</disableSignup> </securityRealm> +{% elif jenkins_auth == "crowd" %} + <securityRealm class="de.theit.jenkins.crowd.CrowdSecurityRealm" plugin="crowd2@1.6-SNAPSHOT"> + <url>https://login.linaro.org:8443/crowd</url> + <applicationName>{{crowd_user}}</applicationName> + <password>{{crowd_passwd}}</password> + <group>linaro-android-builders</group> + <nestedGroups>false</nestedGroups> + <useSSO>false</useSSO> + <sessionValidationInterval>10</sessionValidationInterval> + </securityRealm> +{% else %} + {{ fail("Unknown jenkins_auth value: " + jenkins_auth) }} +{% endif %} <markupFormatter class="hudson.markup.RawHtmlMarkupFormatter"/> <jdks/> <viewsTabBar class="hudson.views.DefaultViewsTabBar"/> diff --git a/ansible-deploy/roles/jenkins/vars/main.yml b/ansible-deploy/roles/jenkins/vars/main.yml index 264ce61..b7888fd 100644 --- a/ansible-deploy/roles/jenkins/vars/main.yml +++ b/ansible-deploy/roles/jenkins/vars/main.yml @@ -4,3 +4,5 @@ jenkins_plugins: - http://people.linaro.org/~paul.sokolovsky/jenkins/crowd2-1.6-SNAPSHOT-20130816.hpi - http://updates.jenkins-ci.org/download/plugins/greenballs/1.12/greenballs.hpi - http://updates.jenkins-ci.org/download/plugins/build-timeout/1.8/build-timeout.hpi +# "native" or "crowd" +jenkins_auth: crowd |