This Ansible role can be used to install and manage Jenkins 2.
OTHER License
This Ansible role can be used to install and manage Jenkins 2.
This role requires Ansible 2.4 or later, with either Ansible pipelining available or setfacl
available on the system being managed (per Becoming an Unprivileged User).
The role currently supports Ubuntu 14.04 (Trusty) and Ubuntu 16.04 (Xenial), though contributtions for additional platform support are welcome!
This role supports the following variables, listed here with their default values from defaults/main.yml:
jenkins_release_line
: 'weekly'
long_term_support
, the role will install the LTS releases of Jenkins.weekly
, the role will install the weekly releases of Jenkins.jenkins_release_update
: true
true
, the Jenkins package (YUM, APT, etc.) will be upgraded to the latest version when this role is run.jenkins_home
: /var/lib/jenkins
jenkins
service account will still use the default as its home directory. This should really only come into play for SSH keys.jenkins_port
: 8080
root
.jenkins_context_path
: ''
/foo
in http://localhost:8080/foo
. Leave as ''
to host at root path.jenkins_url_external
: ''
jenkins_admin_username
: (undefined)
jenkins_admin_username
and jenkins_admin_password
are defined, both must be.jenkins_admin_password
: (undefined)
jenkins_admin_username
and jenkins_admin_password
are defined, both must be.jenkins_session_timeout
: 30
0
to never timeout.jenkins_plugins_extra
: []
jenkins_plugins_recommended
in defaults/main.yml).jenkins_plugins_timeout
: 60
jenkins_plugin
module. (See here for details: http://docs.ansible.com/ansible/latest/jenkins_plugin_module.html#options.)jenkins_plugins_update
: true
true
, the Jenkins plugins will be updated when this role is run. (Note that missing plugins will always be installed.)jenkins_java_args_extra
: ''
JAVA_ARGS
for the Jenkins process, such as the JVM memory settings, e.g. -Xmx4g
.jenkins_http_proxy_server
, jenkins_http_proxy_port
, jenkins_http_proxy_no_proxy_hosts
: (all undefined)
http.proxyHost
, http.proxyPort
, and http.nonProxyHosts
system properties, except that the settings will be used for both HTTP and HTTPS requests.http.proxyHost
, http.proxyPort
, https.proxyHost
, https.proxyPort
, and http.nonProxyHosts
system properties, as documented on Java Networking and Proxies.jenkins_http_proxy_no_proxy_hosts
should be a list, e.g. ['localhost', 'example.com']
.This role does not have direct dependencies on other Ansible roles. However, it does require that a Java JRE be available on the system path.
This role can be installed, as follows:
$ ansible-galaxy install karlmdavis.jenkins2
This role can be applied, as follows:
- hosts: some_box
tasks:
- import_role:
name: karlmdavis.ansible-jenkins2
vars:
jenkins_plugins_extra:
- github-oauth
After installing Jenkins, Groovy scripts can be run via Ansible to further customize Jenkins.
For example, here's how to install Jenkins and then configure Jenkins to use its HudsonPrivateSecurityRealm
, for local Jenkins accounts:
- hosts: some_box
tasks:
- import_role:
name: karlmdavis.ansible-jenkins2
vars:
# Won't be required on first run, but will be on prior runs (after
# security has been enabled, per below).
jenkins_admin_username: test
jenkins_admin_password: supersecret
# Ensure that Jenkins has restarted, if it needs to.
- meta: flush_handlers
# Configure security to use Jenkins-local accounts.
- name: Configure Security
jenkins_script:
url: "{{ jenkins_url_local }}"
user: "{{ jenkins_dynamic_admin_username | default(omit) }}"
password: "{{ jenkins_dynamic_admin_password | default(omit) }}"
script: |
// These are the basic imports that Jenkin's interactive script console
// automatically includes.
import jenkins.*;
import jenkins.model.*;
import hudson.*;
import hudson.model.*;
// Configure the security realm, which handles authentication.
def securityRealm = new hudson.security.HudsonPrivateSecurityRealm(false)
if(!securityRealm.equals(Jenkins.instance.getSecurityRealm())) {
Jenkins.instance.setSecurityRealm(securityRealm)
// Create a user to login with. Ensure that user is bound to the
// system-local `jenkins` user's SSH key, to ensure that this
// account can be used with Jenkins' CLI.
def testUser = securityRealm.createAccount("test", "supersecret")
testUser.addProperty(new hudson.tasks.Mailer.UserProperty("[email protected]"));
testUser.save()
Jenkins.instance.save()
println "Changed authentication."
}
// Configure the authorization strategy, which specifies who can do
// what.
def authorizationStrategy = new hudson.security.FullControlOnceLoggedInAuthorizationStrategy()
if(!authorizationStrategy.equals(Jenkins.instance.getAuthorizationStrategy())) {
authorizationStrategy.setAllowAnonymousRead(false)
Jenkins.instance.setAuthorizationStrategy(authorizationStrategy)
Jenkins.instance.save()
println "Changed authorization."
}
register: shell_jenkins_security
changed_when: "(shell_jenkins_security | success) and 'Changed' not in shell_jenkins_security.stdout"
Alternatively, the Groovy scripts can be stored as separate files and pulled in using a lookup(...)
, as below:
- hosts: some_box
tasks:
- import_role:
name: karlmdavis.ansible-jenkins2
vars:
# Won't be required on first run, but will be on prior runs (after
# security has been enabled, per below).
jenkins_admin_username: test
jenkins_admin_password: supersecret
# Ensure that Jenkins has restarted, if it needs to.
- meta: flush_handlers
# Configure security to use Jenkins-local accounts.
- name: Configure Security
jenkins_script:
url: "{{ jenkins_url_local }}"
user: "{{ jenkins_dynamic_admin_username | default(omit) }}"
password: "{{ jenkins_dynamic_admin_password | default(omit) }}"
script: "{{ lookup('template', 'templates/jenkins_security.groovy.j2') }}"
This project is in the worldwide public domain. As stated in CONTRIBUTING:
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.
This plugin was authored by Karl M. Davis (https://justdavis.com/karl/).