Ansible role for setting up a Jenkins instance for the jenkins-pipeline-library

License: Apache License 2.0

ansible ansible-role jenkins jenkins-pipeline jenkins-pipeline-library jenkins-shared-library

ansible-jenkins-pipeline-library's Introduction

wcm_io_devops.jenkins_pipeline_library

This role is a utility roles to setup jenkins instances for the usage of the wcm-io-devops jenkins-pipeline-library.

This role installs all necessary plugins in specific versions which ensures that the shared pipeline library is always running with the latest compatible plugins.

❗ Starting with version 2.138.1-1 the role will also configure the script security to allow some signatures!

Optionally the role also directly setups a Jenkins instance using geerlingguy.jenkins.

Versioning

The Version number will follow the following versioning schema:

[JenkinsVersion]-[ReleaseCount]

So for example:

2.107.2-1 - first release for Jenkins 2.107.2
2.107.2-2 - second release for Jenkins 2.107.2
2.107.2-N - nth release for Jenkins 2.107.2
2.121.3-1 - first release for Jenkins 2.121.3

Requirements

This role requires Ansible 2.4 or higher and a running Jenkins on the target instance. If this role is taking care about the jenkins installation process you need to have java installed on the target machine. Please also have a look at https://github.com/geerlingguy/ansible-role-jenkins.

For the java installation we recommend:

Role Variables

Available variables are listed below, along with their default values:

jenkins_pipeline_library_jenkins_version: # see defaults.yaml for up-to-date value

The version of the jenkins when it is installed with the jenkins role dependency.

jenkins_pipeline_library_jenkins_install: false

Controls if the jenkins will be installed by the jenkins role dependency.

jenkins_pipeline_library_jenkins_process_user: jenkins

Linux jenkins user.

jenkins_pipeline_library_jenkins_process_group: "{{ jenkins_pipeline_library_jenkins_process_user }}"

Linux group of jenkins user.

URL for the repo key.

jenkins_pipeline_library_admin_username: admin

Jenkins admin username.

jenkins_pipeline_library_admin_password: admin

Jenkins admin password.

jenkins_pipeline_library_jenkins_home: /var/lib/jenkins

Path to the jenkins directory.

jenkins_pipeline_library_jenkins_hostname: localhost

Hostname of the jenkins instance.

jenkins_pipeline_library_jenkins_port: 8080

HTTP port of the jenkins instance.

jenkins_pipeline_library_jenkins_url_prefix: ""

Url prefix of the jenkins instance, e.g. when running in tomcat.

jenkins_pipeline_library_jenkins_update_dir: "{{ jenkins_pipeline_library_jenkins_home }}/updates"

Path to the jenkins update directory.

jenkins_pipeline_library_jenkins_base_url: "http://{{ jenkins_facts_jenkins_hostname }}:{{ jenkins_facts_jenkins_port }}{{ jenkins_facts_jenkins_url_prefix }}"

The base url of the jenkins instance.

jenkins_pipeline_library_updates_expiration: 86400

Maximum seconds since the last jenkins plugin update check.

jenkins_pipeline_library_updates_timeout: 60

Timeout for jenkins update operation.

jenkins_pipeline_library_debug: false

When set to enable the role will log some debug information.

jenkins_pipeline_library_plugins_present: [...]

Plugins and their versions that must be present for jenkins-pipeline-library.

jenkins_pipeline_library_approved_signatures_present:

Signatures that need to be approved for jenkins-pipeline-library, otherwise the signatures will be blocked by script-security.

💡 Since this list is long please refer to defaults

jenkins_pipeline_library_plugins_absent: []

Plugins that must be absent for jenkins-pipeline-library.

Dependencies

This role depends on the wcm_io_devops.jenkins_plugins role to install/uninstall the plugins needed by the jenkins-pipeline-library

In order to allow to run the jenkins-pipeline-library with the Pipeline Supporting APIs 1.18+ (workflow-support) and with Script Security ( script-security) 1.44+ this role also depends on wcm_io_devops.jenkins_script_plugin for whitelisting some signatures in the Groovy Sandbox.

For installing a Jenkins on the target instance the role is using geerlingguy.jenkins.

As transitive dependency this role uses the wcm_io_devops.jenkins_facts role to retrieve the list of installed plugins from the Jenkins instance.

Example Playbook

Prepares the Jenkins instance for the use of the https://github.com/wcm-io-devops/jenkins-pipeline-library on a debian based OS.

- hosts: localhost
  become: yes
  vars:
    # values for geerlingguy.jenkins
    jenkins_prefer_lts: true
    # required until https://github.com/geerlingguy/ansible-role-jenkins/pull/294 is merged    
    jenkins_pkg_url: "https://pkg.jenkins.io/debian-stable/binary"
    
    # values for wcm_io_devops.jenkins_pipeline_library
    jenkins_pipeline_library_jenkins_install: true
  roles:
    - role: geerlingguy.java
    - role: wcm_io_devops.jenkins_pipeline_library

License

Apache 2.0

ansible-jenkins-pipeline-library's People

Contributors

Stargazers

Watchers

Forkers

timblaktu

ansible-jenkins-pipeline-library's Issues

version 2.222.3-1 failing to download jenkins .deb

When I run wcm_io_devops.jenkins_pipeline_library version 2.222.3-1, with jenkins_pipeline_library_jenkins_install: true I get an error downloading the .deb bc that file version doesn't exist:

TASK [geerlingguy.jenkins : Download specific Jenkins version.] *****************************************************************************************************************************fatal: [jmtest3]: FAILED! => changed=false
  dest: /tmp/jenkins_2.222.3_all.deb
  elapsed: 0
  msg: Request failed
  response: 'HTTP Error 404: The specified blob does not exist.'
  status_code: 404
  url: https://pkg.jenkins.io/debian/binary/jenkins_2.222.3_all.deb

I confirmed that this blob doesn't exist in a browser. Also, this file appears to exist on other debian-stable package mirrors like this one, so perhaps this is just a mirroring issue.

I don't think this is related, but my jenkins-master being provisioned is a Debian Buster machine, and I noticed on your ansible galaxy role page, you only list support for Stretch. Curious about that, whether that's something I should worry about. Thanks.

Is Debian Buster Supported?

Your meta/main.yml only indicates support for Debian Stretch. I had been using this meta role successfully for months with Debian Buster 10.5 machines. I've recently run into some problems with this role, which may or may not be related to this, and was wondering if you knew of any reasons why this meta roles shouldn't work fine on Debian Buster as well as Stretch.

Jenkins Startup Errors using wcm_io_devops.jenkins_pipeline_library version 2.249.2-1

After working through the "A later version is already installed" problem and the Java version Check bug in Jenkins Debian Package I'm now running jenkins_pipeline_library version 2.249.2-1, but Jenkins is crashing at first startup, with what looks like a lot of plugin load errors in /var/log/jenkins.log (see below for excerpt).

The only clue that I can see in this so far is that it appears that several of these failed plugins report a version newer than what your release page indicates should be installed for that version. For example, the log indicates Failed to load: Branch API Plugin (2.6.3), however your release page indicates 2.6.0 should be installed by this release. In this example, the Branch API Plugin 2.6.3 fails to load indicating that "Jenkins (2.264) or higher required".

So it appears that something in the plugin version locking is not working properly in this role.

Let me know what I can do to help troubleshoot this.

Running from: /usr/share/jenkins/jenkins.war
2020-12-15 21:53:59.105+0000 [id=1]     INFO    org.eclipse.jetty.util.log.Log#initialized: Logging initialized @317ms to org.eclipse.jetty.util.log.JavaUtilLog
2020-12-15 21:53:59.192+0000 [id=1]     WARNING o.e.j.s.handler.ContextHandler#setContextPath: Empty contextPath
2020-12-15 21:53:59.244+0000 [id=1]     INFO    org.eclipse.jetty.server.Server#doStart: jetty-9.4.30.v20200611; built: 2020-06-11T12:34:51.929Z; git: 271836e4c1f4612f12b7bb13ef5a92a927634b0d; jvm 11.0.9.1+1-post-Debian-1deb10u2
2020-12-15 21:53:59.523+0000 [id=1]     INFO    o.e.j.w.StandardDescriptorProcessor#visitServlet: NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet
2020-12-15 21:53:59.557+0000 [id=1]     INFO    o.e.j.s.s.DefaultSessionIdManager#doStart: DefaultSessionIdManager workerName=node0
2020-12-15 21:53:59.557+0000 [id=1]     INFO    o.e.j.s.s.DefaultSessionIdManager#doStart: No SessionScavenger set, using defaults
2020-12-15 21:53:59.560+0000 [id=1]     INFO    o.e.j.server.session.HouseKeeper#startScavenging: node0 Scavenging every 660000ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.thoughtworks.xstream.core.util.Fields (file:/var/cache/jenkins/war/WEB-INF/lib/xstream-1.4.7-jenkins-1.jar) to field java.util.TreeMap.comparator
WARNING: Please consider reporting this to the maintainers of com.thoughtworks.xstream.core.util.Fields
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
2020-12-15 21:53:59.923+0000 [id=1]     INFO    hudson.WebAppMain#contextInitialized: Jenkins home directory: /home/jenkins/.jenkins found at: EnvVars.masterEnvVars.get("JENKINS_HOME")
2020-12-15 21:54:00.049+0000 [id=1]     INFO    o.e.j.s.handler.ContextHandler#doStart: Started w.@52b56a3e{Jenkins v2.249.2,/,file:///var/cache/jenkins/war/,AVAILABLE}{/var/cache/jenkins/war}
2020-12-15 21:54:00.070+0000 [id=1]     INFO    o.e.j.server.AbstractConnector#doStart: Started ServerConnector@66d1af89{HTTP/1.1, (http/1.1)}{0.0.0.0:8080}
2020-12-15 21:54:00.071+0000 [id=1]     INFO    org.eclipse.jetty.server.Server#doStart: Started @1283ms
2020-12-15 21:54:00.072+0000 [id=34]    INFO    winstone.Logger#logInternal: Winstone Servlet Engine running: controlPort=disabled
2020-12-15 21:54:00.356+0000 [id=44]    INFO    jenkins.InitReactorRunner$1#onAttained: Started initialization
2020-12-15 21:54:00.647+0000 [id=63]    INFO    jenkins.InitReactorRunner$1#onAttained: Listed all plugins
2020-12-15 21:54:01.147+0000 [id=64]    SEVERE  jenkins.InitReactorRunner$1#onTaskFailed: Failed Loading plugin Branch API Plugin v2.6.3 (branch-api)
java.io.IOException: Failed to load: Branch API Plugin (2.6.3)
 - Jenkins (2.264) or higher required
        at hudson.PluginWrapper.resolvePluginDependencies(PluginWrapper.java:952)
        at hudson.PluginManager$2$1$1.run(PluginManager.java:549)
        at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
        at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
        at jenkins.model.Jenkins$5.runTask(Jenkins.java:1131)
        at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
        at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
        at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)
2020-12-15 21:54:01.148+0000 [id=63]    SEVERE  jenkins.InitReactorRunner$1#onTaskFailed: Failed Loading plugin Basic Branch Build Strategies Plugin v1.3.2 (basic-branch-build-strategies)
java.io.IOException: Failed to load: Basic Branch Build Strategies Plugin (1.3.2)
 - Failed to load: Branch API Plugin (2.6.3)
        at hudson.PluginWrapper.resolvePluginDependencies(PluginWrapper.java:952)
        at hudson.PluginManager$2$1$1.run(PluginManager.java:549)
        at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
        at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
        at jenkins.model.Jenkins$5.runTask(Jenkins.java:1131)
        at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
        at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
        at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)
2020-12-15 21:54:01.152+0000 [id=44]    SEVERE  jenkins.InitReactorRunner$1#onTaskFailed: Failed Loading plugin Pipeline: Basic Steps v2.23 (workflow-basic-steps)
java.io.IOException: Failed to load: Pipeline: Basic Steps (2.23)
 - Jenkins (2.263) or higher required
        at hudson.PluginWrapper.resolvePluginDependencies(PluginWrapper.java:952)
        at hudson.PluginManager$2$1$1.run(PluginManager.java:549)
        at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
        at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
        at jenkins.model.Jenkins$5.runTask(Jenkins.java:1131)
        at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
        at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
        at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)
2020-12-15 21:54:01.156+0000 [id=43]    SEVERE  jenkins.InitReactorRunner$1#onTaskFailed: Failed Loading plugin Docker Pipeline v1.25 (docker-workflow)
java.io.IOException: Failed to load: Docker Pipeline (1.25)
 - Failed to load: Pipeline: Basic Steps (2.23)
        at hudson.PluginWrapper.resolvePluginDependencies(PluginWrapper.java:952)
        at hudson.PluginManager$2$1$1.run(PluginManager.java:549)
        at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
        at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
        at jenkins.model.Jenkins$5.runTask(Jenkins.java:1131)
        at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
        at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
        at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)
2020-12-15 21:54:01.157+0000 [id=43]    SEVERE  jenkins.InitReactorRunner$1#onTaskFailed: Failed Loading plugin Pipeline: Multibranch v2.22 (workflow-multibranch)
java.io.IOException: Failed to load: Pipeline: Multibranch (2.22)
 - Failed to load: Branch API Plugin (2.6.3)
        at hudson.PluginWrapper.resolvePluginDependencies(PluginWrapper.java:952)
        at hudson.PluginManager$2$1$1.run(PluginManager.java:549)
        at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
        at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
        at jenkins.model.Jenkins$5.runTask(Jenkins.java:1131)
        at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
        at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
        at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)
2020-12-15 21:54:01.158+0000 [id=56]    SEVERE  jenkins.InitReactorRunner$1#onTaskFailed: Failed Loading plugin Pipeline SCM API for Blue Ocean v1.24.3 (blueocean-pipeline-scm-api)
java.io.IOException: Failed to load: Pipeline SCM API for Blue Ocean (1.24.3)
 - Failed to load: Pipeline: Multibranch (2.22)
        at hudson.PluginWrapper.resolvePluginDependencies(PluginWrapper.java:952)
        at hudson.PluginManager$2$1$1.run(PluginManager.java:549)
        at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
        at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
        at jenkins.model.Jenkins$5.runTask(Jenkins.java:1131)
        at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
        at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
        at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)
2020-12-15 21:54:01.160+0000 [id=44]    SEVERE  jenkins.InitReactorRunner$1#onTaskFailed: Failed Loading plugin Pipeline: Declarative v1.7.2 (pipeline-model-definition)
java.io.IOException: Failed to load: Pipeline: Declarative (1.7.2)
 - Failed to load: Pipeline: Basic Steps (2.23)
        at hudson.PluginWrapper.resolvePluginDependencies(PluginWrapper.java:952)
        at hudson.PluginManager$2$1$1.run(PluginManager.java:549)
        at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
        at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
        at jenkins.model.Jenkins$5.runTask(Jenkins.java:1131)
        at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
        at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
        at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)
2020-12-15 21:54:01.160+0000 [id=60]    SEVERE  jenkins.InitReactorRunner$1#onTaskFailed: Failed Loading plugin Pipeline implementation for Blue Ocean v1.24.3 (blueocean-pipeline-api-impl)
java.io.IOException: Failed to load: Pipeline implementation for Blue Ocean (1.24.3)
 - Failed to load: Pipeline SCM API for Blue Ocean (1.24.3)
        at hudson.PluginWrapper.resolvePluginDependencies(PluginWrapper.java:952)
        at hudson.PluginManager$2$1$1.run(PluginManager.java:549)
        at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
        at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
        at jenkins.model.Jenkins$5.runTask(Jenkins.java:1131)
        at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
        at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
        at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)
.
.
.

Here is the play that is invoking this role:

- name: Install/Configure Jenkins                                                                                                                                                                    tags: ["install", "jenkins"]                                                                                                                                                                       become: true                                                                                                                                                                                       hosts: jenkins_masters
  tasks:
    - include_role:
        name: wcm_io_devops.jenkins_pipeline_library
      vars:
        # Role Variables Documented here: https://github.com/wcm-io-devops/ansible-jenkins-pipeline-library#role-variables

        # Says "do geerlingguy.jenkins role to install jenkins"
        # Jenkins version is dictated by/defaults to the version of wcm_io_devops.jenkins_pipeline_library we're using,
        # whose versioning scheme aligns with Jenkins'.
        jenkins_pipeline_library_jenkins_install: true
        # values for geerlingguy.jenkins
        jenkins_prefer_lts: true
        # required until https://github.com/geerlingguy/ansible-role-jenkins/pull/294 is merged
        jenkins_pkg_url: "https://pkg.jenkins.io/debian-stable/binary"

        jenkins_pipeline_library_jenkins_process_user: "{{ jenkins_linux_user_name }}"
        jenkins_pipeline_library_jenkins_process_group: "{{ jenkins_pipeline_library_jenkins_process_user }}"

        jenkins_pipeline_library_admin_username: "{{ jenkins_admin_active_directory_username }}"
        jenkins_pipeline_library_admin_password: "{{ jenkins_admin_active_directory_password }}"

        jenkins_pipeline_library_jenkins_home: "{{ jenkins_home_dir }}"

        jenkins_pipeline_library_jenkins_hostname: "{{ ansible_fqdn }}"
        jenkins_pipeline_library_jenkins_port: "{{ jenkins_http_port_ }}"
        jenkins_pipeline_library_debug: true

        # Notes about java options:
        # 1. Cloudbees JVM Best Practices:
        #   https://www.jenkins.io/blog/2016/11/21/gc-tuning/
        #   https://docs.cloudbees.com/docs/admin-resources/latest/jvm-troubleshooting/#suggested-specifications
        #   https://support.cloudbees.com/hc/en-us/articles/222446987-Prepare-Jenkins-for-Support
        #   https://support.cloudbees.com/hc/en-us/articles/204859670-Java-Heap-settings-best-practice
        # 2. yaml folded style string format (>) replaces newlines and leading indentation with a single space
        #   Trailing dash (>-) means newline is eliminated at the end of resulting string.
        # 3. -Dhudson.slaves.WorkspaceList=- is there bc poky build cannot handle @ in paths.
        jenkins_java_options_list:
          - "-Djenkins.install.runSetupWizard=false"
          - "-Dhudson.slaves.WorkspaceList=-"
          - "-Dorg.apache.commons.jelly.tags.fmt.timeZone=America/Vancouver"
          - "-Dorg.jenkinsci.plugins.durabletask.BourneShellScript.LAUNCH_DIAGNOSTICS=true"
          - "-Dcom.cloudbees.workflow.rest.external.JobExt.maxRunsPerJob=16"
          # Change Content Security Policy to enable embedding html in job/build pages via htmlpublisher
          # Details:
          # * https://support.cloudbees.com/hc/en-us/articles/360034545912-What-is-Content-Security-Policy-and-how-does-it-impact-Jenkins-
          # * https://wiki.jenkins.io/display/JENKINS/Configuring+Content+Security+Policy
          # * Must include literal \" in string, which is copied into a double-quoted string as JAVA_ARGS in /etc/default/jenkins
          - "-Dhudson.model.DirectoryBrowserSupport.CSP=\\\"sandbox allow-same-origin allow-scripts allow-forms; default-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline' fonts.g
          # Extend default docker daemon timeout (from 180sec)
          # https://issues.jenkins-ci.org/browse/JENKINS-42322?focusedCommentId=303679&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-303679                                  - "-Dorg.jenkinsci.plugins.docker.workflow.client.DockerClient.CLIENT_TIMEOUT=300"                                                                                                                 - "-Djenkins.model.Jenkins.logStartupPerformance=true"                                                                                                                                             - "-Xmx{{ (ansible_memtotal_mb / 4 if ansible_memtotal_mb / 4 <= 16384 else 16384) | round | int }}m"                                                                                              - "-Xms{{ (ansible_memtotal_mb / 4 if ansible_memtotal_mb / 4 <= 16384 else 16384) | round | int }}m"                                                                                              - "-XX:+AlwaysPreTouch"                                                                                                                                                                            - "-XX:+HeapDumpOnOutOfMemoryError"                                                                                                                                                                - "-XX:HeapDumpPath={{ jenkins_path_to_gc_and_heap_dump }}"                                                                                                                                        - "-XX:+UseG1GC"                                                                                                                                                                                   - "-XX:+UseStringDeduplication"                                                                                                                                                                    - "-XX:+ParallelRefProcEnabled"                                                                                                                                                                    - "-XX:+DisableExplicitGC"                                                                                                                                                                         - "-XX:+UnlockDiagnosticVMOptions"                                                                                                                                                                 - "-XX:+UnlockExperimentalVMOptions"                                                                                                                                                               - "-verbose:gc"                                                                                                                                                                                    # See here for details: https://c-guntur.github.io/java-gc/#/8/2                                                                                                                                   # - "-Xloggc:{{ jenkins_path_to_gc_and_heap_dump }}/gc-%t.log"  # unrecognized VM option                                                                                                           - "-Xlog:gc:{{ jenkins_path_to_gc_and_heap_dump }}/gc-%t.log"                                                                                                                                      # - "-XX:NumberOfGCLogFiles=2"  # deprecated                                                                                                                                                       # - "-XX:+UseGCLogFileRotation"  # deprecated                                                                                                                                                      # - "-XX:GCLogFileSize=100m"  # deprecated                                                                                                                                                         - "-XX:+PrintGC"                                                                                                                                                                                   # - "-XX:+PrintGCDateStamps"  # deprecated                                                                                                                                                         - "-XX:+PrintGCDetails"                                                                                                                                                                            # - "-XX:+PrintHeapAtGC"  # unrecognized VM option                                                                                                                                                 # - "-XX:+PrintGCCause"  # unrecognized VM option                                                                                                                                                  # - "-XX:+PrintTenuringDistribution"  # unrecognized VM option                                                                                                                                     # - "-XX:+PrintReferenceGC"  # unrecognized VM option                                                                                                                                              # - "-XX:+PrintAdaptiveSizePolicy"  # unrecognized VM option                                                                                                                                       - "-XX:ErrorFile=/hs_err_%p.log"                                                                                                                                                                   - "-XX:+LogVMOutput"                                                                                                                                                                               - "-XX:LogFile={{ jenkins_path_to_gc_and_heap_dump }}/jvm.log"                                                                                                                                   
        jenkins_pipeline_library_jenkins_java_options: "{{ jenkins_java_options_list | join(' ') }}"                                                                                                       # Jenkins args documented here: https://wiki.jenkins.io/display/JENKINS//Starting+and+Accessing+Jenkins                                                                                                            
        jenkins_pipeline_library_jenkins_args: "--httpsPort=8443 --httpsKeyStore=/etc/jenkins/host.jks --httpsKeyStorePassword={{ 
        jenkins_java_keystore_password }} --httpsListenAddress=0.0.0.0"          jenkins_pipeline_library_plugins_present:                                                                                                                                                            
          - name: active-directory                                                                                                                                                                           
            - name: audit-trail                                                                                                                                                                                          
            - name: antisamy-markup-formatter                                                                                                                                                                  
            - name: atlassian-bitbucket-server-integration                                                                                                                                                     
            - name: basic-branch-build-strategies                                                                                                                                                              
            - name: blueocean                                                                                                                                                                                  
            - name: build-timeout                                                                                                                                                                              
            - name: build-monitor-plugin                                                                                                                                                                       
            - name: configuration-as-code                                                                                                                                                                      
            - name: copyartifact                                                                                                                                                                               
            - name: disk-usage                                                                                                                                                                                 
            - name: docker                                                                                                                                                                                     
            - name: email-ext                                                                                                                                                                             
            - name: extended-choice-parameter                                                                                                                                                                  
            - name: htmlpublisher
            - name: git
            - name: git-parameter
            - name: greenballs                                                                                                                                                                                 
            - name: groovy                                                                                                                                                                                     
            - name: jira                                                                                                                                                                                       
            - name: job-dsl                                                                                                                                                                                    
            - name: leastload                                                                                                                                                                                  
            - name: list-git-branches-parameter                                                                                                                                                                
            - name: lockable-resources                                                                                                                                                                         
            - name: matrix-auth                                                                                                                                                                                
            - name: metrics                                                                                                                                                                                    
            - name: monitoring                                                                                                                                                                                 
            - name: Office-365-Connector                                                                                                                                                                       
            - name: parameterized-trigger                                                                                                                                                                      
            - name: pipeline-model-definition                                                                                                                                                                  
            - name: pipeline-utility-steps                                                                                                                                                                     
            - name: prometheus                                                                                                                                                                                 
            - name: simple-theme-plugin                                                                                                                                                                        
            - name: ssh-slaves                                                                                                                                                                                 
            - name: stashNotifier                                                                                                                                                                              
            - name: support-core                                                                                                                                                                               
            - name: test-results-analyzer                                                                                                                                                                      
            - name: tfs                                                                                                                                                                                        
            - name: timestamper                                                                                                                                                                                
            - name: versioncolumn                                                                                                                                                                              
            - name: xunit                                                                                                                                                                                      
            - name: workflow-job                                                                                                                                                                               
            - name: workflow-multibranch                                                                                                                                                                       
            - name: ws-cleanup                                                                                                                                                                               
        # Add items here to uninstall plugins                                                                                                                                                              
        # jenkins_pipeline_library_plugins_absent: []                                                                                                                                                      
        jenkins_pipeline_library_approved_signatures_present:                                                                                                                                                
          - method hudson.model.Run getDescription                                                                                                                                                           
          -  method hudson.model.Run getId                                                                                                                                                                    
          - method hudson.model.Run getPreviousNotFailedBuild                                                                                                                                                
          - method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper getRawBuild                                                                                                                 
          - staticMethod org.apache.commons.io.FilenameUtils getBaseName java.lang.String                                                                                                                    
          - staticMethod jenkins.model.Jenkins getInstance                                                                                                                                                   
          - staticMethod com.cloudbees.plugins.credentials.CredentialsProvider lookupCredentials                                                                                                             
          - staticMethod com.cloudbees.plugins.credentials.CredentialsProvider lookupCredentials java.lang.Class hudson.model.ItemGroup                                                                      
          - method com.cloudbees.plugins.credentials.common.IdCredentials getId                                                                                                                              
          - method com.cloudbees.plugins.credentials.common.UsernameCredentials getUsername                                                                                                                  
          - method com.cloudbees.plugins.credentials.common.PasswordCredentials getPassword                                                                                                                jenkins_pipeline_library_jenkins_pkg_url: http://mirror.math.princeton.edu/pub/jenkins/debian-stable

and here is my requirements.yml, which I install roles and collections from ansible-galaxy for this project:

roles:
  - name: geerlingguy.nodejs
    version: 5.1.1
  - name: geerlingguy.docker
    version: 2.8.1
  - name: geerlingguy.java
    version: 1.10.0
  - name: wcm_io_devops.jenkins_pipeline_library
    version: 2.249.2-1
  - name: wcm_io_devops.jenkins_configuration_as_code
    version: 1.9.0
  - name: lean_delivery.jenkins_slave
    # version: 2.1.0
    # using my fork/branch since I'm fixing some things as I go
    src: https://github.com/timblaktu/ansible-role-jenkins-slave.git
    version: feature/dont_clobber_existing_jenkins_user_config
  - name: devoinc.systemd_service
    version: v1.2.0
collections:
  - name: ansible.posix
    version: 1.1.1
  - name: community.crypto
    version: 1.2.0
  - name: sbaerlocher.virtualization
    version: 0.0.10

This configuration was working fine using version 2.222.3 of your role. I upgraded over the course of troubleshooting the "A later version is already installed" problem and the Java version Check bug in Jenkins Debian Package.

Perhaps I will revert the cluster of machines I run this on to their post-OS-install snapshots and repeat provisioning with the old version as a sanity check. Let me know if you have any ideas.. Thanks!

Add Java to Role dependencies and/or documentation

I am replacing a section of my jenkins.yml playbook, which was using geerlingguy.jenkins, with this role. I noticed that you are not including java anywhere in your dependencies or documentation. You might want to add java to your Dependencies documentation or perhaps to the role dependencies list in meta .

As you probably know, geerlingguy.jenkins doesn't install java, which is a prerequisite for it. So I e.g. am using geerlingguy.java role to install java, and am invoking it from my``jenkins.ymlbeforewcm_io_devops.jenkins_pipeline_library`. My requirements file now looks like this:

- name: geerlingguy.java
  version: 1.10.0                                                                                                                                                                            - name: geerlingguy.docker
  version: 2.8.1
# This is now installed as a dependency of wcm_io_devops.jenkins_pipeline_library. No need to include here.
# - name: geerlingguy.jenkins
#   version: 4.3.0
- name: wcm_io_devops.jenkins_pipeline_library
  version: 2.222.3-1

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

wcm-io-devops / ansible-jenkins-pipeline-library Goto Github PK