From 8518325a47d4f932e90667a39318c65db40bcb0b Mon Sep 17 00:00:00 2001 From: Kevin Faulkner Date: Mar 03 2021 14:33:43 +0000 Subject: ssh keys and blocks --- diff --git a/defaults/main.yml b/defaults/main.yml index e9bdaf8..d4e3ce6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,15 +1,16 @@ --- # defaults file for project_build -build_automation_user: janet +automation_user: janet deploy_group: deploy jenkins_master_host: 127.0.0.1 jenkins_master_port: 33100 packer_version: 1.6.6 -packer_artifact_dir: "packer/{{ packer_version }}/" +packer_artifact_dir: "packer/{{ packer_version }}" hashcorp_artifacts: https://releases.hashicorp.com terraform_version: 0.14.7 -terraform_artifact_dir: "terraform/{{ terraform_version }}/" +terraform_artifact_dir: "terraform/{{ terraform_version }}" automation_ssh_pub: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+/sjW6+kMXoZKfrGYznOSfKk2N6as0Us+7Se7i2A6t' -automation_user_home: "/home/{{ build_automation_user }}" +automation_user_home: "/home/{{ automation_user }}" packer_upgrade: false terraform_upgrade: false +jenkins_home: /mnt/containers/jenkins/ diff --git a/tasks/main.yml b/tasks/main.yml index 4eaec96..4fecc69 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,6 +1,6 @@ --- # tasks file for project_build -- name: 'install dovecot' +- name: 'install cli' package: name: java-latest-openjdk-headless state: installed @@ -8,91 +8,112 @@ - name: "override, since we wrote the contents" get_url: url: "http://{{ jenkins_master_host }}:{{ jenkins_master_port }}/jnlpJars/jenkins-cli.jar" - dest: "/usr/local/lib/" + dest: /usr/local/lib/ - name: "create jenkins local automation user" user: - name: "{{ build_automation_user }}" - group: "{{ deploy_group }}" + name: "{{ automation_user }}" + groups: "{{ deploy_group }},wheel" + comment: "remote login FROM jenkins ONLY" + uid: 2999 home: "{{ automation_user_home }}" - name: 'should be there from skel' file: path: "{{ automation_user_home }}/.ssh" mode: 0700 - owner: "{{ build_automation_user }}" + owner: "{{ automation_user }}" group: "{{ deploy_group }}" state: directory + +- name: PATH should be set at etc, and further modified here, lets ensure PATH includes the tools + lineinfile: + owner: "{{ automation_user }}" + group: "{{ deploy_group }}" + path: "{{ automation_user_home }}/.bashrc" + regexp: 'export PATH=' + create: yes + line: 'export PATH=/usr/local/bin:$HOME/.local/bin:$PATH' + - name: jenkins ssh key copy: - owner: "{{ build_automation_user }}" + owner: "{{ automation_user }}" group: "{{ deploy_group }}" mode: 0600 - dest: /mnt/ephemeral/.ssh/authorized_keys - owner: "{{ build_automation_user }}/.ssh/authorized_keys" + dest: "{{ automation_user_home }}/.ssh/authorized_keys" content: | {{ automation_ssh_pub }} -- name: "add thin-backup plugin" - command: "java -jar /usr/local/lib/jenkins-cli.jar -u -s {{ jenkins_master_host }}:{{ jenkins_master_port }}/ install-plugin thin-backup" - when: jenkins_admin_passwd is defined +- name: container host ssh key + command: "ssh-keyscan -t ecdsa-sha2-nistp256 10.88.0.1" + register: container_host_ssh_key -- name: 'install qemu' - package: - name: qemu-kvm - state: installed - -- name: 'packer upgrade' - file: - path: /usr/local/bin/packer - state: absent - when: packer_upgrade - -- name: 'local builder dir' - file: - path: /usr/local/lib/devops/ - mode: 0775 - owner: "{{ build_automation_user }}" +- name: set ssh key in jenkins home volume + lineinfile: + owner: "{{ automation_user }}" group: "{{ deploy_group }}" - state: directory + path: "{{ jenkins_home }}/.ssh/known_hosts" + create: yes + line: "{{ container_host_ssh_key }}" -- name: 'fetch install packer' - get_url: - url: "{{ hashcorp_artifacts }}/{{ packer_artifact_dir }}/packer_{{ packer_version }}_linux_amd64.zip" - dest: "/usr/local/src/packer-{{ packer_version }}.zip" - register: fetched_packer - -- name: extract packer - unarchive: - src: "{{ fetched.dest }}" - owner: "{{ build_automation_user }}" - group: "{{ deploy_group }}" - dest: "/usr/local/bin/" - creates: "/usr/local/bin/packer" - - - - - - - -- name: 'terraform upgrade' - file: - path: /usr/local/bin/terraform - state: absent - when: terraform_upgrade +- name: "add thin-backup plugin" + command: "java -jar /usr/local/lib/jenkins-cli.jar -u -s {{ jenkins_master_host }}:{{ jenkins_master_port }}/ install-plugin thin-backup" + when: jenkins_admin_passwd is defined -- name: 'fetch install tar' - get_url: - url: "{{ hashcorp_artifacts }}/{{ terraform_artifact_dir }}/terraform_{{ terraform_version }}_linux_amd64.zip" - dest: "/usr/local/src/terraform-{{ terraform_version }}.zip" - register: fetched_terraform - -- name: extract terraform - unarchive: - src: "{{ fetched.dest }}" - owner: "{{ build_automation_user }}" - group: "{{ deploy_group }}" - dest: "/usr/local/bin/" - creates: "/usr/local/bin/terraform" +- name: packer + block: + - name: 'install qemu' + package: + name: qemu-kvm + state: installed + + - name: 'packer upgrade' + file: + path: /usr/local/bin/packer + state: absent + when: packer_upgrade + + - name: 'local builder dir' + file: + path: /usr/local/lib/devops/ + mode: 0775 + owner: "{{ automation_user }}" + group: "{{ deploy_group }}" + state: directory + + - name: 'fetch install packer' + get_url: + url: "{{ hashcorp_artifacts }}/{{ packer_artifact_dir }}/packer_{{ packer_version }}_linux_amd64.zip" + dest: "/usr/local/src/packer-{{ packer_version }}.zip" + register: fetched_packer + + - name: extract packer + unarchive: + src: "{{ fetched_packer.dest }}" + owner: "{{ automation_user }}" + group: "{{ deploy_group }}" + dest: /usr/local/bin/ + creates: /usr/local/bin/packer + +- name: terraform + block: + - name: 'terraform upgrade' + file: + path: /usr/local/bin/terraform + state: absent + when: terraform_upgrade + + - name: 'fetch install tar' + get_url: + url: "{{ hashcorp_artifacts }}/{{ terraform_artifact_dir }}/terraform_{{ terraform_version }}_linux_amd64.zip" + dest: "/usr/local/src/terraform-{{ terraform_version }}.zip" + register: fetched_terraform + + - name: extract terraform + unarchive: + src: "{{ fetched_terraform.dest }}" + owner: "{{ automation_user }}" + group: "{{ deploy_group }}" + dest: /usr/local/bin/ + creates: /usr/local/bin/terraform