├── tests ├── inventory ├── requirements.yml └── test.yml ├── requirements.txt ├── handlers └── main.yml ├── .yamllint ├── .ansible-lint ├── .github └── workflows │ ├── release.yml │ └── ci.yml ├── .gitignore ├── tasks ├── main.yml ├── reload.yml ├── configure.yml ├── upload.yml └── secrets.yml ├── .gitattributes ├── meta └── main.yml ├── files └── groovy │ └── jcasc │ ├── reload.groovy │ └── configure.groovy ├── defaults └── main.yml ├── README.md └── LICENSE /tests/inventory: -------------------------------------------------------------------------------- 1 | [test] 2 | localhost 3 | 4 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | # This role needs to have the following PIP components installed -------------------------------------------------------------------------------- /tests/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: wcm_io_devops.jenkins_plugins 3 | version: master 4 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: wcm_io_devops.jenkins_configuration_as_code reload 3 | include_tasks: reload.yml 4 | -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: test role syntax 3 | hosts: test 4 | roles: 5 | - ansible-jenkins-configuration-as-code 6 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | rules: 5 | line-length: 6 | max: 120 7 | level: warning 8 | truthy: 9 | allowed-values: ['true', 'false', 'yes', 'no'] 10 | 11 | ignore: | 12 | .travis.yml 13 | tests/requirements/ 14 | -------------------------------------------------------------------------------- /.ansible-lint: -------------------------------------------------------------------------------- 1 | --- 2 | exclude_paths: 3 | - ./tests/requirements 4 | - .github 5 | 6 | warn_list: 7 | - experimental # all rules tagged as experimental 8 | - fqcn-builtins # Use FQCN for builtin actions. 9 | - yaml # Violations reported by yamllint. 10 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Release 3 | 4 | 'on': 5 | release: 6 | types: 7 | - published 8 | 9 | jobs: 10 | 11 | release: 12 | name: Release 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Trigger a new import on Galaxy. 16 | uses: robertdebock/galaxy-action@1.2.1 17 | with: 18 | galaxy_api_key: ${{ secrets.GALAXY_API_KEY }} -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | pom.xml.tag 3 | pom.xml.releaseBackup 4 | pom.xml.versionsBackup 5 | pom.xml.next 6 | release.properties 7 | maven-eclipse.xml 8 | infinitest.filters 9 | 10 | node_modules/ 11 | npm-debug.log 12 | 13 | .nodejs 14 | .project 15 | .classpath 16 | .settings 17 | .externalToolBuilders 18 | .pmd 19 | .checkstyle 20 | .idea 21 | .vagrant 22 | *.iml 23 | .DS_Store 24 | *.retry 25 | .rubygems 26 | .sass-cache 27 | .rubygems-gem-maven-plugin 28 | *.sublime-* 29 | *nbactions*.xml 30 | .temp/ 31 | *.pyc -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - ansible.builtin.include_tasks: secrets.yml 3 | tags: 4 | - jcasc-secrets 5 | when: jenkins_casc_secrets | length > 0 6 | 7 | - ansible.builtin.include_tasks: upload.yml 8 | tags: 9 | - jcasc-upload 10 | 11 | - ansible.builtin.include_tasks: configure.yml 12 | tags: 13 | - jcasc-configure 14 | when: jenkins_casc_config_path_configure 15 | 16 | - name: "trigger reload handler when necessary." 17 | ansible.builtin.command: /bin/true 18 | changed_when: true 19 | when: 20 | # only trigger when configure result is false, since this will do a implicit reload 21 | - not ((_jenkins_casc_plugin_configure_result | default({})).changed | default(false)) 22 | # and only trigger reload when upload files have changed or unmanaged files have been deleted 23 | - (_jenkins_casc_upload_files_result | default({})).changed | default(false) or 24 | (_jenkins_casc_unmanaged_result | default({})).changed | default(false) 25 | notify: 26 | - wcm_io_devops.jenkins_configuration_as_code reload 27 | tags: 28 | - skip_ansible_lint 29 | -------------------------------------------------------------------------------- /tasks/reload.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "reload : reload Jenkins configuration as code configuration." 3 | jenkins_script: 4 | script: "{{ lookup('file', 'files/groovy/jcasc/reload.groovy') }}" 5 | user: "{{ jenkins_casc_admin_username }}" 6 | password: "{{ jenkins_casc_admin_password }}" 7 | url: "{{ jenkins_casc_jenkins_base_url }}" 8 | timeout: "{{ jenkins_casc_script_timeout }}" 9 | args: 10 | jcasc_path: "{{ jenkins_casc_config_path }}" 11 | register: _jenkins_casc_upload_files_result 12 | tags: 13 | - jcasc-reload 14 | 15 | - name: "reload : set _jenkins_casc_upload_files_result fact." 16 | ansible.builtin.set_fact: 17 | _jenkins_casc_upload_files_result: 18 | "{{ (_jenkins_casc_upload_files_result.output | regex_replace('\\s*Result:\\s*(.*)\\n*$', '\\1') | from_json) }}" 19 | 20 | - name: "reload : fail when configuration throws exception." 21 | ansible.builtin.fail: 22 | msg: 23 | - Exception thrown during applying of configuration, check your configuration! 24 | - "{{ _jenkins_casc_upload_files_result.msg }}" 25 | when: _jenkins_casc_upload_files_result.failed 26 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: CI 3 | 4 | on: 5 | push: 6 | branches: [ master ] 7 | pull_request: 8 | branches: [ master ] 9 | 10 | jobs: 11 | 12 | lint: 13 | name: "lint & syntax check" 14 | runs-on: ubuntu-latest 15 | 16 | steps: 17 | - name: Checkout 18 | uses: actions/checkout@v2 19 | 20 | - name: Cache PIP 21 | uses: actions/cache@v2 22 | with: 23 | path: ~/.cache/pip 24 | key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} 25 | restore-keys: | 26 | ${{ runner.os }}-pip- 27 | 28 | - name: Install role requirements 29 | uses: BSFishy/pip-action@v1 30 | with: 31 | requirements: "requirements.txt" 32 | 33 | - name: Create ansible.cfg 34 | run: "printf '[defaults]\nroles_path=./tests/requirements/:../' > ansible.cfg" 35 | 36 | - name: ansible-lint 37 | uses: ansible-community/ansible-lint-action@v6.2.1 38 | 39 | - name: ansible-playbook syntax check 40 | uses: dawidd6/action-ansible-playbook@v2.5.0 41 | with: 42 | playbook: tests/test.yml 43 | directory: "." 44 | requirements: tests/requirements.yml 45 | options: --syntax-check -i tests/inventory 46 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Declare text files with unix file ending 2 | *.conf text eol=lf 3 | *.config text eol=lf 4 | *.css text eol=lf 5 | *.dtd text eol=lf 6 | *.esp text eol=lf 7 | *.ecma text eol=lf 8 | *.groovy text eol=lf 9 | *.hbrs text eol=lf 10 | *.hbs text eol=lf 11 | *.htm text eol=lf 12 | *.html text eol=lf 13 | *.java text eol=lf 14 | *.jpage text eol=lf 15 | *.js text eol=lf 16 | *.json text eol=lf 17 | *.jsp text eol=lf 18 | *.mustache text eol=lf 19 | *.tld text eol=lf 20 | *.launch text eol=lf 21 | *.log text eol=lf 22 | *.php text eol=lf 23 | *.pl text eol=lf 24 | *.project text eol=lf 25 | *.properties text eol=lf 26 | *.props text eol=lf 27 | *.sass text eol=lf 28 | *.scss text eol=lf 29 | *.sh text eol=lf 30 | *.shtm text eol=lf 31 | *.shtml text eol=lf 32 | *.sql text eol=lf 33 | *.svg text eol=lf 34 | *.txt text eol=lf 35 | *.vm text eol=lf 36 | *.xml text eol=lf 37 | *.xsd text eol=lf 38 | *.xsl text eol=lf 39 | *.xslt text eol=lf 40 | *.yml text eol=lf 41 | *.yaml text eol=lf 42 | 43 | 44 | # Declare windows-specific text files with windows file ending 45 | *.asp text eol=crlf 46 | *.asax text eol=crlf 47 | *.asa text eol=crlf 48 | *.aspx text eol=crlf 49 | *.bat text eol=crlf 50 | *.cmd text eol=crlf 51 | *.cs text eol=crlf 52 | *.csproj text eol=crlf 53 | *.reg text eol=crlf 54 | *.sln text eol=crlf 55 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | role_name: jenkins_configuration_as_code 4 | namespace: wcm_io_devops 5 | author: Tobias Richter 6 | description: Configures Jenkins configuration as code plugin (jcasc). 7 | company: pro!vision 8 | issue_tracker_url: https://wcm-io.atlassian.net 9 | license: Apache 10 | min_ansible_version: "2.7" 11 | 12 | platforms: 13 | - name: EL 14 | versions: 15 | - all 16 | - name: Debian 17 | versions: 18 | - all 19 | - name: Ubuntu 20 | versions: 21 | - all 22 | - name: GenericLinux 23 | versions: 24 | - all 25 | 26 | galaxy_tags: 27 | - wcmio 28 | - jenkins 29 | - jcasc 30 | - casc 31 | 32 | dependencies: 33 | # install plugins 34 | - role: wcm_io_devops.jenkins_plugins 35 | version: 1.6.0 36 | jenkins_plugins_admin_username: "{{ jenkins_casc_admin_username }}" 37 | jenkins_plugins_admin_password: "{{ jenkins_casc_admin_password }}" 38 | jenkins_plugins_jenkins_hostname: "{{ jenkins_casc_jenkins_hostname }}" 39 | jenkins_plugins_jenkins_port: "{{ jenkins_casc_jenkins_port }}" 40 | jenkins_plugins_jenkins_home: "{{ jenkins_casc_jenkins_home }}" 41 | jenkins_plugins_jenkins_url_prefix: "{{ jenkins_casc_jenkins_url_prefix }}" 42 | jenkins_plugins_present: "{{ jenkins_casc_plugins_present }}" 43 | tags: 44 | - "dependency" 45 | - "jenkins_configuration_as_code_plugins" 46 | - "wcm_io_devops.jenkins_plugins" 47 | -------------------------------------------------------------------------------- /files/groovy/jcasc/reload.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * #%L 3 | * wcm.io 4 | * %% 5 | * Copyright (C) 2018 wcm.io 6 | * %% 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | * #L% 19 | */ 20 | 21 | 22 | import groovy.json.JsonOutput 23 | import io.jenkins.plugins.casc.* 24 | 25 | CasCGlobalConfig config = GlobalConfiguration.all().get(CasCGlobalConfig.class) 26 | String currentConfigPath = config.getConfigurationPath() 27 | 28 | String msg = "Success" 29 | Boolean failed = false 30 | 31 | if (currentConfigPath != null) { 32 | try { 33 | ConfigurationAsCode.get().configure() 34 | } catch (Exception ex) { 35 | // set failed to yes 36 | failed = true 37 | msg = ex.toString() 38 | } 39 | } else { 40 | // fail because no config path is set 41 | failed = true 42 | msg = "JCasC as currently no configuration path set! Reloading configuration skipped. Make sure to set a correct configuration path!" 43 | } 44 | 45 | 46 | 47 | def json = JsonOutput.toJson([ 48 | failed: failed, 49 | msg: msg 50 | ]) 51 | 52 | return json.toString() 53 | -------------------------------------------------------------------------------- /files/groovy/jcasc/configure.groovy: -------------------------------------------------------------------------------- 1 | /* 2 | * #%L 3 | * wcm.io 4 | * %% 5 | * Copyright (C) 2018 wcm.io 6 | * %% 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | * #L% 19 | */ 20 | 21 | import io.jenkins.plugins.casc.* 22 | import jenkins.model.* 23 | import groovy.json.JsonOutput 24 | 25 | CasCGlobalConfig config = GlobalConfiguration.all().get(CasCGlobalConfig.class); 26 | 27 | Boolean changed = false 28 | Boolean failed = false 29 | String msg = "Success" 30 | 31 | String newConfigPath = "$jcasc_path" 32 | 33 | if(config != null) { 34 | String currentConfigPath = config.getConfigurationPath() 35 | if (currentConfigPath != newConfigPath) { 36 | changed = true 37 | config.setConfigurationPath(newConfigPath) 38 | config.save() 39 | } 40 | } 41 | 42 | // reload configuration when new config path is detected 43 | if (changed) { 44 | try { 45 | ConfigurationAsCode.get().configure() 46 | } catch (Exception ex) { 47 | // set failed to yes 48 | failed = true 49 | msg = ex.toString() 50 | } 51 | } 52 | 53 | def json = JsonOutput.toJson([ 54 | changed: changed, 55 | failed: failed, 56 | msg: msg 57 | ]) 58 | 59 | return json.toString() 60 | -------------------------------------------------------------------------------- /tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "configure : check if '{{ jenkins_casc_config_path }}' exists." 3 | ansible.builtin.stat: 4 | path: "{{ jenkins_casc_config_path }}" 5 | register: jenkins_casc_config_path_result 6 | 7 | - name: "Fail when '{{ jenkins_casc_config_path }}' does not exist." 8 | ansible.builtin.fail: 9 | msg: >- 10 | No file or directory found with path '{{ jenkins_casc_config_path }}'. 11 | Ensure that the configuration is on the instance before calling this role." 12 | when: not jenkins_casc_config_path_result.stat.exists 13 | 14 | - name: "configure : configure jcasc plugin and apply configuration." 15 | jenkins_script: 16 | script: "{{ lookup('file', 'files/groovy/jcasc/configure.groovy') }}" 17 | user: "{{ jenkins_casc_admin_username }}" 18 | password: "{{ jenkins_casc_admin_password }}" 19 | url: "{{ jenkins_casc_jenkins_base_url }}" 20 | timeout: "{{ jenkins_casc_script_timeout }}" 21 | args: 22 | jcasc_path: "{{ jenkins_casc_config_path }}" 23 | register: _jenkins_casc_plugin_configure_result 24 | failed_when: (_jenkins_casc_plugin_configure_result.output 25 | | regex_replace('\\s*Result:\\s*(.*)\\n*$', '\\1') | from_json).failed 26 | changed_when: (_jenkins_casc_plugin_configure_result.output 27 | | regex_replace('\\s*Result:\\s*(.*)\\n*$', '\\1') | from_json).changed 28 | 29 | - name: "configure : set _jenkins_casc_plugin_configure_result fact." 30 | ansible.builtin.set_fact: 31 | _jenkins_casc_plugin_configure_result: 32 | "{{ (_jenkins_casc_plugin_configure_result.output | regex_replace('\\s*Result:\\s*(.*)\\n*$', '\\1') | from_json) }}" 33 | 34 | - name: "configure : fail when configuration throws exception." 35 | ansible.builtin.fail: 36 | msg: 37 | - Exception thrown during applying of configuration, check your configuration! 38 | - "{{ _jenkins_casc_plugin_configure_result.msg }}" 39 | when: _jenkins_casc_plugin_configure_result.failed 40 | -------------------------------------------------------------------------------- /tasks/upload.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "upload : calculate files to upload order to check that no files exist with overlapping names." 3 | ansible.builtin.set_fact: 4 | _jenkins_casc_found_config_files: "{{ _jenkins_casc_found_config_files | default([]) + [item] }}" 5 | with_fileglob: "{{ jenkins_casc_config_fileglobs }}" 6 | 7 | - name: "upload : fail on overlapping file names." 8 | ansible.builtin.fail: 9 | msg: 10 | - "Found duplicate file(s) to deploy!" 11 | - "Please ensure that the filenames are unique, otherwise unexpected result may occur!" 12 | - "Complete file list: " 13 | - "{{ _jenkins_casc_found_config_files }}" 14 | when: _jenkins_casc_found_config_files | default({}) | map('basename') | list != 15 | _jenkins_casc_found_config_files | default({}) | map('basename') | list | unique 16 | 17 | - name: "upload : create configuration dir." 18 | ansible.builtin.file: 19 | path: "{{ jenkins_casc_config_path }}" 20 | state: directory 21 | owner: "{{ jenkins_casc_owner }}" 22 | group: "{{ jenkins_casc_group }}" 23 | mode: 0770 24 | 25 | - name: "upload : upload files/templates." 26 | ansible.builtin.template: 27 | src: "{{ item }}" 28 | owner: "{{ jenkins_casc_owner }}" 29 | group: "{{ jenkins_casc_group }}" 30 | dest: "{{ jenkins_casc_config_path }}" 31 | mode: 0440 32 | with_fileglob: "{{ jenkins_casc_config_fileglobs }}" 33 | register: _jenkins_casc_upload_files_result 34 | 35 | - name: "upload : unmanaged." 36 | block: 37 | - name: "upload : unmanaged : find files in {{ jenkins_casc_config_path }}." 38 | ansible.builtin.find: 39 | paths: "{{ jenkins_casc_config_path }}" 40 | register: _jenkins_casc_config_existing_files 41 | 42 | - name: "upload : unmanaged : delete unmanaged files." 43 | ansible.builtin.file: 44 | path: "{{ item }}" 45 | state: absent 46 | # build list of uploaded and found file paths and delete the difference 47 | with_items: "{{ _jenkins_casc_config_existing_files.files | map(attribute='path') | list 48 | | difference(_jenkins_casc_upload_files_result.results | map(attribute='dest') | list) }}" 49 | register: _jenkins_casc_unmanaged_result 50 | 51 | when: 52 | - _jenkins_casc_upload_files_result.results | length > 0 53 | - jenkins_casc_config_unmanaged_delete 54 | -------------------------------------------------------------------------------- /tasks/secrets.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "secrets : get user home dir." 3 | become: yes 4 | ansible.builtin.getent: 5 | database: passwd 6 | key: "{{ jenkins_casc_owner }}" 7 | split: ":" 8 | 9 | - name: "secrets : set user home dir." 10 | ansible.builtin.set_fact: 11 | _secrets_home_dir: "{{ getent_passwd[jenkins_casc_owner][4] }}" 12 | failed_when: _secrets_home_dir | length == 0 13 | 14 | - name: "secrets : create secrets dir." 15 | ansible.builtin.file: 16 | path: "{{ jenkins_casc_secrets_dir }}" 17 | state: directory 18 | owner: "{{ jenkins_casc_owner }}" 19 | group: "{{ jenkins_casc_group }}" 20 | mode: 0700 21 | 22 | - name: "secrets : deploy secret." 23 | ansible.builtin.copy: 24 | dest: "{{ jenkins_casc_secrets_dir }}/{{ secret.id }}" 25 | content: "{{ secret.value }}" 26 | owner: "{{ jenkins_casc_owner }}" 27 | group: "{{ jenkins_casc_group }}" 28 | mode: 0600 29 | loop_control: 30 | loop_var: secret 31 | with_items: "{{ jenkins_casc_secrets }}" 32 | no_log: "{{ jenkins_casc_no_log }}" 33 | 34 | - name: "secrets : unmanaged." 35 | block: 36 | - name: "secrets : unmanaged : find files in {{ jenkins_casc_secrets_dir }}." 37 | ansible.builtin.find: 38 | paths: "{{ jenkins_casc_secrets_dir }}" 39 | register: _jenkins_casc_secrets_existing_files 40 | 41 | - name: "secrets : unmanaged : delete unmanaged secrets." 42 | ansible.builtin.file: 43 | path: "{{ jenkins_casc_secrets_dir }}/{{ item }}" 44 | state: absent 45 | with_items: "{{ _jenkins_casc_secrets_existing_files.files | map(attribute='path') | map('basename') | list 46 | | difference(jenkins_casc_secrets | map(attribute='id') | list) }}" 47 | 48 | when: jenkins_casc_secrets_unmanaged_delete 49 | 50 | - name: "secrets : configure secrets env var." 51 | ansible.builtin.blockinfile: 52 | dest: "{{ _secrets_home_dir }}/.profile" 53 | create: yes 54 | owner: "{{ jenkins_casc_owner }}" 55 | group: "{{ jenkins_casc_group }}" 56 | marker: "# {mark} managed by {{ ansible_role_name }}" 57 | mode: 0640 58 | block: 59 | export SECRETS={{ jenkins_casc_secrets_dir }} 60 | register: _profile_result 61 | 62 | - name: Restart Jenkins when required. # noqa 503 63 | ansible.builtin.include_role: 64 | name: wcm_io_devops.jenkins_service 65 | vars: 66 | jenkins_service_state: "restarted" 67 | jenkins_service_admin_username: "{{ jenkins_casc_admin_username }}" 68 | jenkins_service_admin_password: "{{ jenkins_casc_admin_password }}" 69 | when: 70 | - _profile_result.changed 71 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Jenkins admin username 3 | jenkins_casc_admin_username: admin 4 | 5 | # Jenkins admin password 6 | jenkins_casc_admin_password: admin 7 | 8 | # Linux jenkins user 9 | jenkins_casc_owner: jenkins 10 | 11 | # Linux group of jenkins user 12 | jenkins_casc_group: "{{ jenkins_casc_owner }}" 13 | 14 | # Hostname of the jenkins instance 15 | jenkins_casc_jenkins_hostname: localhost 16 | 17 | # HTTP port of the jenkins instance 18 | jenkins_casc_jenkins_port: 8080 19 | 20 | # Url prefix of the jenkins instance, e.g. when running in tomcat 21 | jenkins_casc_jenkins_url_prefix: "" 22 | 23 | # The base url of the jenkins instance 24 | jenkins_casc_jenkins_base_url: "http://{{ jenkins_casc_jenkins_hostname }}:{{ jenkins_casc_jenkins_port }}{{ jenkins_casc_jenkins_url_prefix }}" 25 | 26 | # Path to the jenkins casc directory containing the yaml files for configuration 27 | jenkins_casc_jenkins_home: "/var/lib/jenkins" 28 | 29 | # Path to the jenkins casc directory containing the yaml files for configuration 30 | jenkins_casc_config_path: "{{ jenkins_casc_jenkins_home }}/casc" 31 | 32 | # Enables / Disabling the configuration of the configuration path 33 | jenkins_casc_config_path_configure: false 34 | 35 | # Config files/templates to upload 36 | jenkins_casc_config_fileglobs: [] 37 | 38 | # Controls if files that existing files in the 'jenkins_casc_config_path' are deleted 39 | # when they are not included in the 'jenkins_casc_config_fileglobs'. Deletion will only 40 | # be executed when at least one file was uploaded to the 'jenkins_casc_config_path' 41 | jenkins_casc_config_unmanaged_delete: false 42 | 43 | # The timeout for jenkins_script tasks in seconds 44 | jenkins_casc_script_timeout: 60 45 | 46 | # Controls the no_log behavior of some tasks 47 | jenkins_casc_no_log: true 48 | 49 | # Plugins needed for configuration-as-code 50 | jenkins_casc_plugins_present: 51 | - name: configuration-as-code 52 | version: "1512.vb_79d418d5fc8" 53 | - name: configuration-as-code-groovy 54 | version: "1.1" 55 | - name: snakeyaml-api 56 | version: "1.30.2-76.vc104f7ce9870" 57 | - name: job-dsl 58 | version: "1.81" 59 | 60 | # Plugins no longer needed for configuration-as-code 61 | jenkins_casc_plugins_absent: 62 | - name: configuration-as-code-support 63 | 64 | # Folder where the credentials will be stored on the master 65 | # Path will be configured in environment variable SECRETS 66 | jenkins_casc_secrets_dir: /var/jenkins_secrets 67 | 68 | # Controls if the role will delete existing but not defined credentials from jenkins_casc_secrets_dir 69 | # Deletion will only be executed when at least one secret was uploaded to the 'jenkins_casc_secrets_dir' 70 | jenkins_casc_secrets_unmanaged_delete: true 71 | 72 | # List of id/value credential pairs 73 | jenkins_casc_secrets: [] 74 | # Example: 75 | # - id: credential-id 76 | # value: credential-value 77 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![CI](https://github.com/wcm-io-devops/ansible-jenkins-configuration-as-code/workflows/CI/badge.svg?branch=master&event=push)](https://github.com/wcm-io-devops/ansible-jenkins-configuration-as-code/actions?query=workflow%3ACI) 2 | 3 | # wcm_io_devops.jenkins_configuration_as_code 4 | 5 | This role manages the installation, configuration and update of the 6 | [Jenkins Configuration as Code Plugin aka JCasC](https://github.com/jenkinsci/configuration-as-code-plugin). 7 | 8 | Tasks: 9 | * Install JCasC plugin(s) 10 | * Configure the path for the JCasC plugin 11 | * Deployment of JCasC configuration files 12 | * Reloading of JCasC 13 | 14 | ## Requirements 15 | 16 | This role requires Ansible 2.7 or higher and a running Jenkins on the 17 | target instance. 18 | 19 | ## Role Variables 20 | 21 | Available variables are listed below, along with their default values. 22 | 23 | jenkins_casc_admin_username: admin 24 | 25 | Jenkins admin username. 26 | 27 | jenkins_casc_admin_password: admin 28 | 29 | Jenkins admin password. 30 | 31 | jenkins_casc_owner: jenkins 32 | 33 | Linux jenkins user. 34 | 35 | jenkins_casc_group: "{{ jenkins_casc_owner }}" 36 | 37 | Linux group of jenkins user. 38 | 39 | jenkins_casc_jenkins_hostname: localhost 40 | 41 | Hostname of the jenkins instance. 42 | 43 | jenkins_casc_jenkins_port: 8080 44 | 45 | HTTP port of the jenkins instance. 46 | 47 | jenkins_casc_jenkins_url_prefix: "" 48 | 49 | Url prefix of the jenkins instance, e.g. when running in tomcat. 50 | 51 | jenkins_casc_jenkins_base_url: "http://{{ jenkins_casc_jenkins_hostname }}:{{ jenkins_casc_jenkins_port }}{{ jenkins_casc_jenkins_url_prefix }}" 52 | 53 | The base url of the jenkins instance. 54 | 55 | jenkins_casc_jenkins_home: "/var/lib/jenkins" 56 | 57 | Path to the jenkins casc directory containing the yaml files for configuration. 58 | 59 | jenkins_casc_config_path: "{{ jenkins_casc_jenkins_home }}/jcasc" 60 | 61 | Path to the jenkins casc directory containing the yaml files for configuration. 62 | 63 | jenkins_casc_config_path_configure: false 64 | 65 | Enables / Disabling the configuration of the configuration path. When 66 | this value is set to true the JcasC path in the Jenkins instance is set 67 | to `jenkins_casc_config_path`. When the path differs from the previous 68 | set path the configuration is directly reloaded. 69 | 70 | jenkins_casc_config_fileglobs: [] 71 | 72 | Config files/templates to upload. When the result of this step is 73 | changed the configuration will be reloaded. 74 | 75 | jenkins_casc_config_unmanaged_delete: false 76 | 77 | Controls if files that existing files in the 'jenkins_casc_config_path' are deleted when they are not included in the 'jenkins_casc_config_fileglobs'. 78 | Deletion will only be executed when at least one file was uploaded to the 'jenkins_casc_config_path'. 79 | 80 | jenkins_casc_script_timeout: 60 81 | 82 | The timeout for jenkins_script tasks in seconds. 83 | 84 | jenkins_casc_plugins_present: 85 | - name: configuration-as-code 86 | version: "1.3" 87 | - name: configuration-as-code-support 88 | version: "1.3" 89 | 90 | Plugins needed for configuration-as-code. 91 | 92 | jenkins_casc_secrets_dir: /var/jenkins_secrets 93 | 94 | Folder where the credentials will be stored on the master. 95 | Path will be configured in environment variable SECRETS. 96 | 97 | jenkins_casc_secrets_unmanaged_delete: true 98 | 99 | Controls if the role will delete existing but not defined credentials from jenkins_casc_secrets_dir. 100 | Deletion will only be executed when at least one secret was uploaded to the 'jenkins_casc_secrets_dir'. 101 | 102 | jenkins_casc_secrets: [] 103 | # Example: 104 | # - id: credential-id 105 | # value: credential-value 106 | 107 | List of id/value credential pairs. The `id` can then be referenced in jcasc with `${id}` as value reference. 108 | 109 | ## Dependencies 110 | 111 | This role depends on the 112 | [wcm_io_devops.jenkins_plugins](https://github.com/wcm-io-devops/ansible-jenkins-plugins) 113 | role to install/uninstall the plugins. 114 | 115 | As transitive dependency this role uses the 116 | [wcm_io_devops.jenkins_facts](https://github.com/wcm-io-devops/ansible-jenkins-facts) 117 | role to retrieve the list of installed plugins from the Jenkins 118 | instance. 119 | 120 | ## Example Playbook 121 | 122 | This playbook will set the JCasC configuration path to 123 | `/var/lib/jenkins/jcasc-folder` and will deploy all `.yml` and 124 | `.yaml` files found below `file/jcasc/my-jenkins/` to this folder. 125 | 126 | - name: "Deploy jcasc" 127 | hosts: jenkins 128 | vars: 129 | jenkins_casc_config_path_configure: true 130 | jenkins_casc_config_path: "/var/lib/jenkins/jcasc-folder" 131 | jenkins_casc_config_fileglobs: 132 | - file/jcasc/my-jenkins/*.yml 133 | - file/jcasc/my-jenkins/*.yaml 134 | roles: 135 | - wcm_io_devops.jenkins_configuration_as_code 136 | 137 | ## License 138 | 139 | Apache 2.0 140 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | --------------------------------------------------------------------------------