diff --git a/roles/appsmith/defaults/main.yml b/roles/appsmith/defaults/main.yml index 31b1bd7..e0e4d42 100644 --- a/roles/appsmith/defaults/main.yml +++ b/roles/appsmith/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version to deploy -appsmith_version: 1.6.13 +appsmith_version: 1.6.19 # URL of the source archive appsmith_archive_url: https://github.com/appsmithorg/appsmith/archive/v{{ appsmith_version }}.tar.gz # sha1sum of the archive -appsmith_archive_sha1: aaa0a5e1814fbbf14526967e7968810a46bdb4a2 +appsmith_archive_sha1: 76e96d76b830500a3cba95b92abdad45f9b1483f # Root directory where appsmith will be installed appsmith_root_dir: /opt/appsmith diff --git a/roles/jenkins/defaults/main.yml b/roles/jenkins/defaults/main.yml new file mode 100644 index 0000000..08f193e --- /dev/null +++ b/roles/jenkins/defaults/main.yml @@ -0,0 +1,22 @@ +--- + +# version to deploy +jenkins_version: 2.332.2 +# URL of the source archive +jenkins_war_url: http://mirror.gruenehoelle.nl/jenkins/war-stable/{{ jenkins_version }}/jenkins.war +# sha1sum of the archive +jenkins_war_sha256: c7aa41378608437400922b9dbf75b34719204080f939fcdb5c5ddb24b07a117c + +# Root directory where jenkins will be installed +jenkins_root_dir: /opt/jenkins + +# User account under which jenkins will run +jenkins_user: jenkins + +# jenkins server component +jenkins_server_port: 8080 +# List of IP/CIDR having access to jenkins_server_port +jenkins_server_src_ip: [] + +# Public URL used to access jenkins +jenkins_public_url: http://{{ inventory_hostname }} diff --git a/roles/jenkins/handlers/main.yml b/roles/jenkins/handlers/main.yml new file mode 100644 index 0000000..a395ac6 --- /dev/null +++ b/roles/jenkins/handlers/main.yml @@ -0,0 +1,19 @@ +--- + +- name: start jenkins + systemd: + name: jenkins + state: started + +- name: restart jenkins + systemd: + name: jenkins + state: restarted + +- name: reload nginx + systemd: + name: nginx + state: reloaded + +- name: Reload systemd + systemd: daemon_reload=True diff --git a/roles/jenkins/meta/main.yml b/roles/jenkins/meta/main.yml new file mode 100644 index 0000000..cd21505 --- /dev/null +++ b/roles/jenkins/meta/main.yml @@ -0,0 +1,2 @@ +--- + diff --git a/roles/jenkins/tasks/directories.yml b/roles/jenkins/tasks/directories.yml new file mode 100644 index 0000000..80151ca --- /dev/null +++ b/roles/jenkins/tasks/directories.yml @@ -0,0 +1,15 @@ +--- + +- name: Create needed directories + file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} + loop: + - dir: "{{ jenkins_root_dir }}" + mode: 700 + - dir: "{{ jenkins_root_dir }}/meta" + mode: 700 + - dir: "{{ jenkins_root_dir }}/backup" + mode: 700 + - dir: "{{ jenkins_root_dir }}/archives" + mode: 700 + tags: jenkins + diff --git a/roles/jenkins/tasks/install.yml b/roles/jenkins/tasks/install.yml new file mode 100644 index 0000000..5c42a0b --- /dev/null +++ b/roles/jenkins/tasks/install.yml @@ -0,0 +1,44 @@ +--- + +- name: Install requiered + apt: + name: openjdk-11-jre + state: latest + tags: jenkins + +- name: Install nginx + apt: + name: nginx + state: latest + tags: jenkins + +- name: Deploy nginx conf + template: src=nginx.conf.j2 dest=/etc/nginx/ansible_conf.d/jenkins.conf + notify: reload nginx + tags: jenkins + +- name: Download jenkins + get_url: + url: "{{ jenkins_war_url }}" + dest: "{{ jenkins_root_dir }}" + checksum: "sha256:{{ jenkins_war_sha256 }}" + validate_certs: no + tags: jenkins + +- name: Deploy systemd unit + template: src=jenkins.service.j2 dest=/etc/systemd/system/jenkins.service + notify: Reload systemd + tags: jenkins + +- name: Flush handlers + meta: flush_handlers + tags: jenkins + +- name: Enable & start service jenkins + systemd: + name: jenkins + enabled: yes + masked: no + state: started + notify: start jenkins + diff --git a/roles/jenkins/tasks/main.yml b/roles/jenkins/tasks/main.yml new file mode 100644 index 0000000..ecca555 --- /dev/null +++ b/roles/jenkins/tasks/main.yml @@ -0,0 +1,7 @@ +--- + +- include: user.yml +- include: directories.yml +- include: install.yml +- include: write_version.yml + diff --git a/roles/jenkins/tasks/user.yml b/roles/jenkins/tasks/user.yml new file mode 100644 index 0000000..0c07db6 --- /dev/null +++ b/roles/jenkins/tasks/user.yml @@ -0,0 +1,6 @@ +--- + + +- name: Create jenkins user account + user: name={{ jenkins_user }} home={{ jenkins_root_dir }} system=True + tags: jenkins diff --git a/roles/jenkins/tasks/write_version.yml b/roles/jenkins/tasks/write_version.yml new file mode 100644 index 0000000..8650bf0 --- /dev/null +++ b/roles/jenkins/tasks/write_version.yml @@ -0,0 +1,5 @@ +--- + +- name: Write installed version + copy: content={{ jenkins_version }} dest={{ jenkins_root_dir }}/meta/ansible_version + tags: jenkins diff --git a/roles/jenkins/templates/jenkins.service.j2 b/roles/jenkins/templates/jenkins.service.j2 new file mode 100644 index 0000000..7c19f2f --- /dev/null +++ b/roles/jenkins/templates/jenkins.service.j2 @@ -0,0 +1,23 @@ +# /etc/systemd/system/jenkins.service +[Unit] +Description=Standalone Jenkins Master server +Documentation=https://www.jenkins.io/doc + +Wants=network-online.target +After=network-online.target + +[Service] +User=jenkins +Group=jenkins +Environment=HTTP_PORT={{ jenkins_server_port }} +Environment=JAVA_ARGS=-Djava.awt.headless=true +Environment=JENKINS_HOME={{ jenkins_root_dir }}/data/ +Environment=JENKINS_WAR={{ jenkins_root_dir }}/jenkins.war +Environment=LISTEN_ADDRESS=0.0.0.0 +Environment=WEBROOT={{ jenkins_root_dir }}/cache/ +WorkingDirectory={{ jenkins_root_dir }} +LimitNOFILE=8192 +ExecStart=/usr/bin/java ${JAVA_ARGS} -jar ${JENKINS_WAR} --webroot=${WEBROOT} --httpPort=${HTTP_PORT} --httpListenAddress=${LISTEN_ADDRESS} + +[Install] +WantedBy=multi-user.target diff --git a/roles/jenkins/templates/nginx.conf.j2 b/roles/jenkins/templates/nginx.conf.j2 new file mode 100644 index 0000000..546987a --- /dev/null +++ b/roles/jenkins/templates/nginx.conf.j2 @@ -0,0 +1,34 @@ +server { + listen 80; + server_name {{ jenkins_public_url | urlsplit('hostname') }}; + include /etc/nginx/ansible_conf.d/acme.inc; + root {{ jenkins_root_dir }}/client; + client_max_body_size 10M; + + if ($request_method !~ ^(GET|POST|HEAD|PUT|DELETE|PATCH)$ ) { + return 405; + } + + # Send info about the original request to the backend + proxy_set_header X-Forwarded-For "$proxy_add_x_forwarded_for"; + proxy_set_header X-Real-IP "$remote_addr"; + proxy_set_header X-Forwarded-Proto "$scheme"; + proxy_set_header X-Forwarded-Host "$host"; + proxy_set_header Host "$host"; + + location / { + try_files $uri /index.html =404; + } + location /f { + proxy_pass https://cdn.optimizely.com/; + } + location /api { + proxy_pass http://127.0.0.1:{{ jenkins_server_port }}; + } + location /oauth2 { + proxy_pass http://127.0.0.1:{{ jenkins_server_port }}; + } + location /login { + proxy_pass http://127.0.0.1:{{ jenkins_server_port }}; + } +}