diff --git a/.gitmodules b/.gitmodules index 70e7b8b..d01235b 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,30 +1,27 @@ [submodule "nfs"] path = roles/nfs url = https://github.com/geerlingguy/ansible-role-nfs.git [submodule "roles/swap"] path = roles/swap url = https://github.com/tribou/ansible-swap.git [submodule "roles/yumrepo"] path = roles/yumrepo url = https://github.com/picotrading/ansible-yumrepo.git [submodule "templates/encoder"] path = templates/encoder url = https://github.com/picotrading/config-encoder-macros [submodule "roles/keepalived"] path = roles/keepalived url = https://github.com/tcomerma/ansible-keepalived.git [submodule "roles/glusterfs"] path = roles/glusterfs url = https://github.com/geerlingguy/ansible-role-glusterfs.git [submodule "roles/nagios"] path = roles/nrpe url = https://github.com/Mooash/nagios-nrpe-server.git -[submodule "roles/jenkins"] - path = roles/jenkins - url = https://github.com/rorist/ansible-jenkins [submodule "roles/rolling-reboot"] path = roles/rolling-reboot url = https://github.com/rorist/ansible-rolling-reboot.git [submodule "roles/postfix"] path = roles/postfix url = https://github.com/mrlesmithjr/ansible-postfix.git diff --git a/README.md b/README.md index 4525873..32e16c6 100644 --- a/README.md +++ b/README.md @@ -1,322 +1,270 @@ c4science.ch ========= * Ansible playbook for git infrastructure on openstack INSTALL ------- * Dependencies. You need ansible >= 2.0 ``` cd ~ git clone https://github.com/ansible/ansible.git cd ansible git checkout v2.2.0.0-1 git submodule update --init --recursive sudo python setup.py install sudo pip install shade python-novaclient rfc3986 argcomplete sudo activate-global-python-argcomplete ``` * Repo ``` git clone repourl c4science.ch cd c4science.ch git submodule update --init --recursive ``` USAGE ----- * Ansible is instrumented using the `deploy.py` script ``` ./deploy.py create # Create instance and update local inventory ./deploy.py init # Apply common recipes ./deploy.py update # Apply all recipes but common ./deploy.py update-phab # Update Phabricator on app/phd to the latest stable ``` * After you ran `./deploy.py create` for the first time, you have to manually change the default SSH port on the jump server to 222 in the /etc/ssh/sshd_config file and reload SSH with `service sshd reload` * You must configure SSH so the connections go trough the jump server ~/.ssh/config ``` Host EXTERNAL_IP HostName c4science.ch-jump01 User centos Port 222 StrictHostKeyChecking no UserKnownHostsFile=/dev/null Host 10.0.* User centos ProxyCommand ssh c4science.ch-jump01 -p 222 -W %h:%p StrictHostKeyChecking no UserKnownHostsFile=/dev/null ``` ``` echo 'EXTERNAL_IP c4science.ch-jump01' >> /etc/hosts ``` * You must create floating IPs * One on region_main and put it in external_ip in vars/main.yml * One on region_back and put it in backup_ip in vars/main.yml * You have to copy ssh hostkeys for app servers, so they are all the same ``` rsync -av c4science-app00:/etc/ssh/ssh_host_*_key /tmp/ rsync -av /tmp/ssh_host_*_key c4science-app0X:/etc/ssh/ ssh c4science-app0X 'service sshd_phabricator restart' ``` * You have to copy shibboleth certificate accross instances from app00 ``` rsync -av c4science-app00:/etc/shibboleth/sp-*.pem /tmp/. rsync -av /tmp/sp-*.pem c4science-app01:/etc/shibboleth/. ssh c4science-app01 'service shibd restart' ssh c4science-app00 'openssl x509 -noout \ -fingerprint -sha1 -in /etc/shibboleth/sp-cert.pem' ssh c4science-app01 'openssl x509 -noout \ -fingerprint -sha1 -in /etc/shibboleth/sp-cert.pem' rm /tmp/sp-*.pem ``` * Create a ssh-key without password in app00 and copy the public key to the backup server (root user) * Install the public dashboard * Create a new dashboard * Every Panels must be accessible to Public * The dashboard must be accessible to Public * Install the dashboard for all users * Install the logged dashboard * Create a new dashboard * Get the PHID of the new dashboard ``` mysql> use phabricator_dashboard; mysql> select name,phid from dashboard; ``` * Install the dashboard ``` mysql> insert into dashboard_install (installerPHID, objectPHID, applicationClass, dashboardPHID, dateCreated, dateModified) values ('PHID-USER-wwnpcpwveuiz7uts3oin', 'dashboard:default_loggedin', 'PhabricatorHomeApplication', 'PHID-DSHB-j64cvog4impmcgb7e3sa', 0, 0); ``` -Enable Docker remote API ------------------------- +Jenkins installation and configuration +-------------------------------------- -* For now this part is not ansible'd -* Follow those instructions but change the port to 4243 +* See docker/README +* You'll also have to create a OAuth server in Phabricator + with the Redirect URI http://jenkins.c4science.ch/securityRealm/finishLogin + and the Client ID and Secret configured in the jenkins config.xml file -Build the Jenkins slave docker images -------------------------------------- - -* Build the image on your local machine -``` -mkdir /tmp/docker - -cp roles/ci/templates/jenkins-slave-centos.docker /tmp/docker/Dockerfile -cd /tmp/docker -docker build --rm=true -t jenkins-centos:7 . -docker save jenkins-centos:7 > ../jenkins-centos7.tar - -cd - -cp roles/ci/templates/jenkins-slave-ubuntu.docker /tmp/docker/Dockerfile -cd /tmp/docker -docker build --rm=true -t jenkins-ubuntu:trusty . -docker save jenkins-ubuntu:trusty > ../jenkins-ubuntu14.tar - -``` - -* Copy the tar to the CoreOS machine, import the images and test them -``` -rsync -av jenkins-*.tar c4science-ci-slave00:. -docker load < jenkins-centos7.tar -docker load < jenkins-ubuntu14.tar -docker tag jenkins-centos:7 jenkins-centos:latest -docker tag jenkins-ubuntu:trusty jenkins-ubuntu:latest -docker images -docker run -i -t jenkins-centos:7 /bin/bash -docker run -i -t jenkins-ubuntu:trusty /bin/bash -``` - -## Nagios monitoring of CoreOS - -* Build the image - -``` -mkdir /tmp/docker -cp roles/ci/templates/jenkins-nagios.docker /tmp/docker/Dockerfile -cp roles/ci/templates/*nrpe* /tmp/docker/ -cp roles/ci/templates/gmond.conf /tmp/docker/ -cp roles/common/templates/check_mem.sh /tmp/docker -cd /tmp/docker -docker build --rm=true -t jenkins-nagios . -docker save jenkins-nagios > ../jenkins-nagios.tar -``` - -* Install and run the Nagios image after copying it to the server - -``` -docker load < jenkins-nagios.tar -docker run --restart=always --pid=host --net=host \ - --privileged=true -d -i -t jenkins-nagios -``` SCALING UP ---------- ### Database * Add a database node in tasks/create-instances.yml by an numbered item both in the os_server and add_host actions # Patch example ``` diff --git a/tasks/create-instances.yml b/tasks/create-instances.yml index 3037cc0..a6ac097 100644 --- a/tasks/create-instances.yml +++ b/tasks/create-instances.yml @@ -79,6 +79,7 @@ - 0 - 1 - 2 + - 3 - add_host: name: "{{ openstackdb.results[item].openstack.private_v4 }}" @@ -89,6 +90,7 @@ - 0 - 1 - 2 + - 3 - name: Create Monitoring instance os_server: ``` * Create the instance: `./deploy.py create -t conf-dbs` * Run init playbook: `./deploy.py init` * Check that the node joined mysql replication: `mysql -e "SHOW SLAVE STATUS\G" | grep Running` ### App (Phabricator) * Add an app node in tasks/create-instances.yml by an numbered item both in the os_server and add_host actions * Create the instance: `./deploy.py create -t conf-app` * Run init playbook: `./deploy.py init -t conf-lbs -t -conf-app` ### Fs (Storage) * Add a fs node in tasks/create-instances.yml by an numbered item both in the os_server and add_host actions * Create the instance: `./deploy.py create -t conf-fs` * Run init playbook: `./deploy.py init -t conf-fs` * Check that gluster is running: `gluster volume info` * Probe the new node before being able to add the brick, from an other running instance ``` gluster peer probe ``` * Run init playbook again: `./deploy.py init` * Rebalance the cluster ``` gluster volume rebalance c4science start watch gluster volume rebalance c4science status ``` ### Scaling down * Remove the instance from the configuration file tasks/create-instance.yml * Remove the instance from the inventory file manually * Run init playbook: `./deploy.py init` * Check that all services are running correctly * Stop the instance with: `nova stop ` * Eventually delete the instance: `nova delete ` * The volume is still available, and can be reused TEST ---- * Replication information ``` mysql -e "SHOW STATUS LIKE 'wsrep_cluster%';" ``` * Some benchmarking examples, ``` ## GIT Read cd /tmp parallel -j 10 git clone ssh://git@c4science.ch:2222/diffusion/TEST/test.git \ -- $(for i in $(seq 20); do echo test$i; done) 1> /dev/null ``` ## GIT Write sequential ``` cd /tmp git clone ssh://git@c4science.ch:2222/diffusion/TEST/test.git for i in {1..10}; do time sh -c "echo 'test' >> README.md; git commit -am 'test'; git push" &>/dev/null done ``` ``` ## Conduit API (create repo from remote) REPO=$(echo {A..Z}) # Create some repositories for i in $REPO; do echo "{\"name\":\"test\", \"callsign\": \"TEST$i\", \"vcs\": \"git\", " \ "\"uri\": \"https://git.epfl.ch/repo/repo-test.git\"}" \ | arc call-conduit repository.create done # Clone them (doesnt work) #cd /tmp #for i in $REPO; do # git clone ssh://git@c4science.ch:2222/diffusion/TEST$i/test.git test$i #done # Test commit and push #parallel -i -j 10 sh -c 'cd test{}; # echo "TEST" > README.md; # git commit -am "test"; # git push' -- $(echo $REPO) ``` ``` ## GIT test lock parallel -i -j 5 sh -c 'cd test{}; git pull --no-edit; git commit -am "merge conflicts"; echo "* TEST" >> README.md; git commit -am "test"; git push || git pull --no-edit; git push' -- $(seq 50) ``` ``` ## HTTP ab -C phsid:COOK -C phusr:admin -n 1000 \ -c 10 https://c4science.ch/diffusion/TEST/repository/master/ ``` DEV --- * You can use Vagrant to develop on a single virtualbox instance locally ``` cd utils vagrant up vagrant provision ``` * NB: You need vagrant >= 1.8.0 diff --git a/books/main_servers.yml b/books/main_servers.yml index dd4f502..c4a0522 100644 --- a/books/main_servers.yml +++ b/books/main_servers.yml @@ -1,266 +1,211 @@ --- - name: Get local commit hosts: 127.0.0.1 tags: always connection: local gather_facts: false tasks: - shell: "git show-ref -s --head HEAD | head -n 1" register: commit tags: [ 'always' ] - name: Configure Jump Server hosts: lbs tags: conf-lbs vars_files: - "{{ var }}" vars: nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1" port: 222 user: centos become: yes roles: - role: ../roles/common tags: [ 'common' ] - role: ../roles/swap/roles/swap tags: [ 'common' ] - role: ../roles/ganglia-gmond tags: [ 'common' ] - role: ../roles/nrpe tags: [ 'common', 'conf-monit' ] - role: ../roles/postfix postfix_mynetworks: [ "{{ ip_range }}" ] enable_postfix_relayhost: false - role: ../roles/letsencrypt when: env != "test" - role: ../roles/haproxy - role: ../roles/jump tasks: - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" #- name: Configure keepalived for jump # hosts: c4science-jump00 # roles: # - role: ../rolesepalived # keepalived_shared_ip: "{{ external_ip }}" # keepalived_role: ../rolesaster" #- name: Configure keepalived for jump2 # hosts: c4science-jump01 # roles: # - role: ../rolesepalived # keepalived_shared_ip: "{{ external_ip }}" # keepalived_role: ../roleslave" # tasks: # - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" - name: Configure Monitoring Server hosts: monit tags: conf-monit vars_files: - "{{ var }}" vars: nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1" user: centos become: yes roles: - role: ../roles/common tags: [ 'common' ] - role: ../roles/swap/roles/swap tags: [ 'common' ] - role: ../roles/nrpe tags: [ 'common', 'conf-monit' ] - role: ../roles/postfix tags: [ 'common' ] - role: ../roles/logcheck - role: ../roles/rsyslog - { role: ../roles/apache, apache_config: placeholder.conf, www_user: apache } - role: ../roles/nagios - role: ../roles/ganglia-gmond tags: [ 'common' ] - role: ../roles/ganglia-gmetad tasks: - include: ../roles/galera/tasks/install.yml yum_repo: ../roles/galera/files/yum.repo - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" - name: Configure Databases hosts: dbs tags: conf-dbs vars_files: - "{{ var }}" vars: nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1" user: centos become: yes roles: - role: ../roles/common tags: [ 'common' ] - role: ../roles/swap/roles/swap tags: [ 'common' ] - role: ../roles/nrpe tags: [ 'common', 'conf-monit' ] - role: ../roles/postfix tags: [ 'common' ] - role: ../roles/ganglia-gmond tags: [ 'common' ] - role: ../roles/galera tasks: - include: ../roles/phabricator/tasks/packages.yml - include: ../roles/phabricator/tasks/users.yml - include: ../roles/phabricator/tasks/install.yml myconfig=../roles/phabricator/templates/myconfig.conf.php - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" handlers: - name: reload apache shell: service httpd restart #Because of phabricator/tasks/install.yml - name: Configure App hosts: app tags: conf-app vars_files: - "{{ var }}" vars: nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1" user: centos become: yes roles: - role: ../roles/common tags: [ 'common' ] - role: ../roles/swap/roles/swap tags: [ 'common' ] - role: ../roles/nrpe tags: [ 'common', 'conf-monit' ] - role: ../roles/postfix postfix_mynetworks: [ "127.0.0.0/8", "{{ internal_ip }}" ] tags: [ 'common' ] - role: ../roles/ganglia-gmond tags: [ 'common' ] - { role: ../roles/apache, apache_config: phabricator.conf } - role: ../roles/glusterfs tags: ['gluster'] - role: ../roles/phabricator - role: ../roles/shibboleth tasks: - include: ../roles/phabricator/tasks/notif.yml aphlict_init: ../roles/phabricator/templates/aphlict_init aphlict_conf: ../roles/phabricator/templates/aphlict.custom.json - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" - name: Configure Filesystem for repositories hosts: fs tags: conf-fs vars_files: - "{{ var }}" vars: nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1" user: centos become: yes roles: - role: ../roles/common tags: [ 'common' ] - role: ../roles/swap/roles/swap tags: [ 'common' ] - role: ../roles/nrpe tags: [ 'common', 'conf-monit' ] - role: ../roles/postfix tags: [ 'common' ] - role: ../roles/ganglia-gmond tags: [ 'common' ] - role: ../roles/glusterfs tags: ['gluster'] #- role: ../roles/fs #- tags: ['gluster'] tasks: - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" - name: Configure App Daemons hosts: phd tags: conf-phd vars_files: - "{{ var }}" vars: nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1" user: centos become: yes roles: - role: ../roles/common tags: [ 'common' ] - role: ../roles/swap/roles/swap tags: [ 'common' ] - role: ../roles/nrpe tags: [ 'common', 'conf-monit' ] - role: ../roles/postfix tags: [ 'common' ] - role: ../roles/ganglia-gmond tags: [ 'common' ] - role: ../roles/glusterfs tags: ['gluster'] tasks: - include: ../roles/phabricator/tasks/packages.yml - include: ../roles/phabricator/tasks/users.yml - include: ../roles/phabricator/tasks/glusterfs.yml - include: ../roles/phabricator/tasks/install.yml myconfig=../roles/phabricator/templates/myconfig.conf.php #- include: ../roles/phabricator/tasks/customize.yml #might be needed sometime - include: ../roles/phabricator/tasks/daemons.yml phd_init: ../roles/phabricator/templates/phd_init - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" handlers: - name: reload apache shell: service phd restart #in daemons instance, php is run from phd and not from apache - -- name: Configure Jenkins master - hosts: ci - vars_files: - - "{{ var }}" - vars: - nagios_nrpe_server_allowed_hosts: "{{ groups['monit'][0] }},127.0.0.1" - user: centos - become: yes - roles: - - role: ../roles/common - tags: [ 'common' ] - - role: ../roles/swap/roles/swap - tags: [ 'common' ] - - role: ../roles/nrpe - tags: [ 'common', 'conf-monit' ] - - role: ../roles/postfix - tags: [ 'common' ] - - role: ../roles/ganglia-gmond - tags: [ 'common' ] - - role: ../roles/jenkins - plugins: - - 'ansicolor' - - 'build-monitor-plugin' - - 'build-token-root' - - 'cluster-stats' - - 'docker-plugin' - - 'embeddable-build-status' - - 'git' - - 'jobgenerator' - - 'job-restrictions' - - 'ownership' - - 'phabricator-plugin' - - 'preSCMbuildstep' - - 'project-stats-plugin' - - 'role-strategy' - prefix: "{{ jenkins_prefix }}" - email: - smtp_host: 'localhost' - smtp_ssl: 'false' - default_email_suffix: "@{{ domain }}" - - role: ../roles/ci - tags: [ 'jenkins' ] - tasks: - - shell: "echo {{ hostvars['127.0.0.1']['commit']['stdout'] }} > /{{ project_name }}_version" - -#- name: Configure Jenkins slave -# hosts: ci-slave -# tags: conf-ci-slave -# vars_files: -# - "{{ var }}" -# user: core -# become: yes -# roles: -# - role: ../rolescker diff --git a/books/reboot.yml b/books/reboot.yml index 1a7609a..a144995 100644 --- a/books/reboot.yml +++ b/books/reboot.yml @@ -1,49 +1,39 @@ --- - name: Create Instances hosts: 127.0.0.1 connection: local gather_facts: false vars_files: - "../vars/main.yml" tasks: - include: ../tasks/create-instances.yml - name: Reboot monit instances hosts: monit user: centos become: yes serial: 50% vars_files: - "../vars/main.yml" roles: - role: ../roles/rolling-reboot - name: Reboot database instances hosts: dbs user: centos become: yes serial: 1 vars_files: - "../vars/main.yml" roles: - role: ../roles/rolling-reboot - name: Reboot app instances hosts: app user: centos become: yes serial: 1 vars_files: - "../vars/main.yml" roles: - role: ../roles/rolling-reboot - -- name: Reboot ci instances - hosts: ci - user: centos - become: yes - serial: 50% - vars_files: - - "../vars/main.yml" - roles: - - role: ../roles/rolling-reboot diff --git a/books/security-update.yml b/books/security-update.yml index b132663..6ffe00a 100644 --- a/books/security-update.yml +++ b/books/security-update.yml @@ -1,17 +1,17 @@ --- - name: Apply security updates on Jump server hosts: lbs user: centos become: yes port: 222 tasks: - name: Yum upgrade security shell: sudo yum -y --security upgrade - name: Apply security updates - hosts: app,fs,phd,dbs,monit,ci,backup + hosts: app,fs,phd,dbs,monit,backup user: centos become: yes tasks: - name: Yum upgrade security shell: sudo yum -y --security upgrade diff --git a/books/versions.yml b/books/versions.yml index c533b2e..9c265ec 100644 --- a/books/versions.yml +++ b/books/versions.yml @@ -1,23 +1,23 @@ --- - name: Create Instances hosts: 127.0.0.1 tags: always connection: local gather_facts: false vars_files: - "{{ var }}" tasks: - include: ../tasks/create-instances.yml tags: [ 'always' ] - name: Get c4science versions - hosts: lbs, app, phd, dbs, fs, ci, monit, backup + hosts: lbs, app, phd, dbs, fs, monit, backup user: centos become: yes vars_files: - "{{ var }}" tasks: - shell: "cat /{{ project_name }}_version || echo none" register: res - debug: msg="{{ res.stdout }}" diff --git a/docker/README b/docker/README new file mode 100644 index 0000000..842d14a --- /dev/null +++ b/docker/README @@ -0,0 +1,11 @@ +For now, this is deployed manually: + +- coreos as c4science-ci00 + - systemctl enable docker + - jenkins data using the image in jenkins-data/Dockerfile + - jenkins master using the image in jenkins-master/Dockerfile + +- centos 7 as c4science-ci-slave00 + - Docker installed and available locally + - A jenkins user + - an SSH key installed for the jenkins user's authorized_keys diff --git a/docker/jenkins-data/Dockerfile b/docker/jenkins-data/Dockerfile new file mode 100644 index 0000000..dea3067 --- /dev/null +++ b/docker/jenkins-data/Dockerfile @@ -0,0 +1,11 @@ +FROM debian:jessie +MAINTAINER Jean-Baptiste Aubort + +USER root +RUN useradd -d "/var/jenkins_home" -u 1000 -m -s /bin/bash jenkins +RUN mkdir -p /var/log/jenkins +RUN chown -R jenkins:jenkins /var/log/jenkins + +VOLUME ["/var/log/jenkins", "/var/jenkins_home"] +USER jenkins +CMD ["echo", "Data container for Jenkins"] diff --git a/docker/jenkins-master/Dockerfile b/docker/jenkins-master/Dockerfile new file mode 100644 index 0000000..e6b6e5e --- /dev/null +++ b/docker/jenkins-master/Dockerfile @@ -0,0 +1,32 @@ +FROM jenkins/jenkins:lts +MAINTAINER Jean-Baptiste Aubort + +USER root +RUN mkdir -p /var/log/jenkins +RUN mkdir -p /var/cache/jenkins +RUN chown -R jenkins:jenkins /var/log/jenkins +RUN chown -R jenkins:jenkins /var/cache/jenkins + +USER jenkins +RUN /usr/local/bin/install-plugins.sh \ + ansicolor \ + build-monitor \ + build-token-root \ + embeddable-build-status \ + git \ + phabricator \ + matrix-auth \ + workflow-aggregator \ + warnings \ + email-ext \ + xunit \ + blueocean \ + analysis-collector \ + findbugs \ + checkstyle \ + dashboard-view \ + dry \ + tasks + + +ENV JENKINS_OPTS="--sessionTimeout=43200 --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war" diff --git a/docker/jenkins-slave/Dockerfile b/docker/jenkins-slave/Dockerfile new file mode 100644 index 0000000..d1edcfe --- /dev/null +++ b/docker/jenkins-slave/Dockerfile @@ -0,0 +1,17 @@ +FROM jenkinsci/ssh-slave +MAINTAINER Jean-Baptiste Aubort + +RUN apt-get update && apt-get install -y \ + apt-transport-https \ + ca-certificates \ + curl \ + gnupg2 \ + software-properties-common \ + && curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - \ + && add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian jessie stable" \ + && rm -rf /var/lib/apt/lists/* + +RUN apt-get update \ + && apt-get install -y docker-ce \ + && rm -rf /var/lib/apt/lists/* + diff --git a/docker/jenkins-slave/clean-image.service b/docker/jenkins-slave/clean-image.service new file mode 100644 index 0000000..ef1df42 --- /dev/null +++ b/docker/jenkins-slave/clean-image.service @@ -0,0 +1,7 @@ +[Unit] +Description=Clean unused images + +[Service] +Type=oneshot +ExecStart=/bin/sh -c "/usr/bin/docker images -q | /usr/bin/xargs /usr/bin/docker rmi" + diff --git a/docker/jenkins-slave/clean-image.timer b/docker/jenkins-slave/clean-image.timer new file mode 100644 index 0000000..78d16e1 --- /dev/null +++ b/docker/jenkins-slave/clean-image.timer @@ -0,0 +1,6 @@ +[Unit] +Description=Run clean-image.service every 30 minutes + +[Timer] +OnCalendar=daily + diff --git a/docker/run.sh b/docker/run.sh new file mode 100755 index 0000000..b76c106 --- /dev/null +++ b/docker/run.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +docker run --name=jenkins-data-master jenkins-data + +docker run \ + --restart always \ + -d --volumes-from=jenkins-data-master \ + -p 8080:8080 \ + --name=jenkins-master \ + jenkins-master +# --add-host test-u29-n01.test.cluster:10.91.1.5 \ +# --env JENKINS_OPTS="--prefix=/jenkins/" \ +# -v /var/run/docker.sock:/var/run/docker.sock \ + +docker cp config.xml jenkins-master:/var/jenkins_home/config.xml + +docker restart jenkins-master + diff --git a/roles/ci/handlers/main.yml b/roles/ci/handlers/main.yml deleted file mode 100644 index ee1510c..0000000 --- a/roles/ci/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart jenkins - service: - name: jenkins - state: restarted diff --git a/roles/ci/tasks/main.yml b/roles/ci/tasks/main.yml deleted file mode 100644 index 21b68b6..0000000 --- a/roles/ci/tasks/main.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -# Jenkins configuration -- name: Jenkins configuration - template: - src: config.xml - dest: "/var/lib/jenkins/config.xml" - owner: jenkins - group: jenkins - notify: restart jenkins - -- name: Jenkins Location configuration - template: - src: jenkins.model.JenkinsLocationConfiguration.xml - dest: "/var/lib/jenkins/jenkins.model.JenkinsLocationConfiguration.xml" - owner: jenkins - group: jenkins - notify: restart jenkins - -- name: Configure Jenkins session duration - lineinfile: - dest: /etc/sysconfig/jenkins - regexp: ^JENKINS_ARGS= - line: "JENKINS_ARGS=\"--prefix={{ jenkins_prefix }} --sessionTimeout=43200\"" - notify: restart jenkins - -- name: Create admin user - shell: echo 'hpsr=new hudson.security.HudsonPrivateSecurityRealm(false); hpsr.createAccount("{{ jenkins_admin_user }}", "{{ jenkins_admin_pass }}")' | java -jar /opt/jenkins/jenkins-cli.jar -s http://localhost:8080 groovy = - args: - creates: /var/lib/jenkins/users/admin/config.xml - notify: restart jenkins - -# Install Phabricator CLI -- name: Clone phabricator library repo - git: - repo: https://secure.phabricator.com/source/libphutil.git - dest: /opt/libphutil - version: stable - -- name: Permissions for libphutil - file: - state: directory - path: /opt/libphutil - owner: jenkins - group: jenkins - recurse: yes - -- name: Clone arcanist repo - git: - repo: https://secure.phabricator.com/diffusion/ARC/arcanist.git - dest: /opt/arcanist - version: stable - -- name: Permissions for arcanist - file: - state: directory - path: /opt/arcanist - owner: jenkins - group: jenkins - recurse: yes - -- name: Create symlink for arc - file: - path: /usr/local/bin/arc - src: /opt/arcanist/bin/arc - state: link diff --git a/roles/ci/templates/config.xml b/roles/ci/templates/config.xml deleted file mode 100644 index be9be99..0000000 --- a/roles/ci/templates/config.xml +++ /dev/null @@ -1,240 +0,0 @@ - - - - hudson.diagnosis.ReverseProxySetupMonitor - - 1.656 - 0 - EXCLUSIVE - true - - - - - hudson.model.Item.Cancel - hudson.model.Item.Delete - hudson.model.Item.Read - hudson.model.Run.Delete - hudson.model.Item.Workspace - hudson.model.Item.Build - com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin.Jobs - hudson.model.Item.Configure - hudson.model.Item.Discover - hudson.model.Item.ViewStatus - hudson.model.Run.Update - - - authenticated - - - - - - - hudson.model.Hudson.Read - hudson.model.Item.ViewStatus - - - authenticated - admin - anonymous - - - - - hudson.model.View.Delete - hudson.model.Computer.Connect - hudson.model.Run.Delete - hudson.model.Hudson.UploadPlugins - com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains - hudson.model.Computer.Create - hudson.model.View.Configure - com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin.Jobs - hudson.model.Hudson.ConfigureUpdateCenter - hudson.model.Computer.Build - hudson.model.Item.Configure - hudson.model.Hudson.Administer - hudson.model.Item.Cancel - hudson.model.Item.Read - com.cloudbees.plugins.credentials.CredentialsProvider.View - hudson.model.Computer.Delete - hudson.model.Item.Build - hudson.scm.SCM.Tag - hudson.model.Item.Discover - hudson.model.Item.ViewStatus - hudson.model.Hudson.Read - com.cloudbees.plugins.credentials.CredentialsProvider.Update - hudson.model.Item.Create - hudson.model.Item.Workspace - com.cloudbees.plugins.credentials.CredentialsProvider.Delete - hudson.model.View.Read - hudson.model.Hudson.RunScripts - hudson.model.View.Create - hudson.model.Item.Delete - hudson.model.Computer.Configure - com.cloudbees.plugins.credentials.CredentialsProvider.Create - com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin.Nodes - hudson.model.Computer.Disconnect - hudson.model.Run.Update - - - admin - - - - - hudson.model.Item.Create - - - authenticated - - - - - - {{ jenkins_phab_id }} - {{ jenkins_phab_secret }} - {{ jenkins_phab_url }} - - false - - ${ITEM_ROOTDIR}/workspace - ${ITEM_ROOTDIR}/builds - c4science.ch - - - - - - - docker-coreos - - - 2 - ubuntu ubuntu:trusty - - - 22 - 59c90edd-cfc6-4ae8-83d3-87cb8ae9880f - - - 0 - 0 - - - - /home/jenkins - 2147483647 - NORMAL - - 10 - 10 - - 1 - - jenkins-ubuntu - - - - - - - - - false - 2048 - 256 - false - false - - - - - - false - PULL_LATEST - - - 2 - centos centos:7 - - - 22 - 59c90edd-cfc6-4ae8-83d3-87cb8ae9880f - - - 0 - 0 - - - - /home/jenkins - 2147483647 - NORMAL - - 10 - 10 - - 1 - - jenkins-centos - - - - - - - - - false - 2048 - 256 - false - false - - - - - - false - PULL_LATEST - - - http://{{ groups['ci-slave'][0] }}:4243 - 5 - 15 - - 10 - - - 5 - 0 - - - - All - false - false - - - - All - 0 - - - - - false - - - admin - - - false - false - - - - - true - diff --git a/roles/ci/templates/gmond.conf b/roles/ci/templates/gmond.conf deleted file mode 100644 index 7a94a69..0000000 --- a/roles/ci/templates/gmond.conf +++ /dev/null @@ -1,378 +0,0 @@ -/* This configuration is as close to 2.5.x default behavior as possible - The values closely match ./gmond/metric.h definitions in 2.5.x */ -globals { - daemonize = yes - setuid = yes - user = ganglia - debug_level = 0 - max_udp_msg_len = 1472 - mute = no - deaf = no - allow_extra_data = yes - host_dmax = 86400 /*secs. Expires (removes from web interface) hosts in 1 day */ - host_tmax = 20 /*secs */ - cleanup_threshold = 300 /*secs */ - gexec = no - # By default gmond will use reverse DNS resolution when displaying your hostname - # Uncommeting following value will override that value. - # override_hostname = "mywebserver.domain.com" - # If you are not using multicast this value should be set to something other than 0. - # Otherwise if you restart aggregator gmond you will get empty graphs. 60 seconds is reasonable - send_metadata_interval = 0 /*secs */ - -} - -/* - * The cluster attributes specified will be used as part of the - * tag that will wrap all hosts collected by this instance. - */ -cluster { - name = "c4science" - owner = "EPFL" - latlong = "N46.519964 W6.566713" - url = "http://epfl.ch" -} - -/* The host section describes attributes of the host, like the location */ -host { - location = "Switch Engines" -} - -/* Feel free to specify as many udp_send_channels as you like. Gmond - used to only support having a single channel */ -udp_send_channel { - #bind_hostname = yes # Highly recommended, soon to be default. - # This option tells gmond to use a source address - # that resolves to the machine's hostname. Without - # this, the metrics may appear to come from any - # interface and the DNS names associated with - # those IPs will be used to create the RRDs. - mcast_join = 239.2.11.71 - port = 8649 - ttl = 1 -} - -/* You can specify as many udp_recv_channels as you like as well. */ -udp_recv_channel { - mcast_join = 239.2.11.71 - port = 8649 - bind = 239.2.11.71 - retry_bind = true - # Size of the UDP buffer. If you are handling lots of metrics you really - # should bump it up to e.g. 10MB or even higher. - # buffer = 10485760 -} - -/* You can specify as many tcp_accept_channels as you like to share - an xml description of the state of the cluster */ -tcp_accept_channel { - port = 8649 - # If you want to gzip XML output - gzip_output = no -} - -/* Channel to receive sFlow datagrams */ -#udp_recv_channel { -# port = 6343 -#} - -/* Optional sFlow settings */ -#sflow { -# udp_port = 6343 -# accept_vm_metrics = yes -# accept_jvm_metrics = yes -# multiple_jvm_instances = no -# accept_http_metrics = yes -# multiple_http_instances = no -# accept_memcache_metrics = yes -# multiple_memcache_instances = no -#} - -/* Each metrics module that is referenced by gmond must be specified and - loaded. If the module has been statically linked with gmond, it does - not require a load path. However all dynamically loadable modules must - include a load path. */ -modules { - module { - name = "core_metrics" - } - module { - name = "cpu_module" - path = "modcpu.so" - } - module { - name = "disk_module" - path = "moddisk.so" - } - module { - name = "load_module" - path = "modload.so" - } - module { - name = "mem_module" - path = "modmem.so" - } - module { - name = "net_module" - path = "modnet.so" - } - module { - name = "proc_module" - path = "modproc.so" - } - module { - name = "sys_module" - path = "modsys.so" - } -} - -/* The old internal 2.5.x metric array has been replaced by the following - collection_group directives. What follows is the default behavior for - collecting and sending metrics that is as close to 2.5.x behavior as - possible. */ - -/* This collection group will cause a heartbeat (or beacon) to be sent every - 20 seconds. In the heartbeat is the GMOND_STARTED data which expresses - the age of the running gmond. */ -collection_group { - collect_once = yes - time_threshold = 20 - metric { - name = "heartbeat" - } -} - -/* This collection group will send general info about this host*/ -collection_group { - collect_every = 60 - time_threshold = 60 - metric { - name = "cpu_num" - title = "CPU Count" - } - metric { - name = "cpu_speed" - title = "CPU Speed" - } - metric { - name = "mem_total" - title = "Memory Total" - } - metric { - name = "swap_total" - title = "Swap Space Total" - } - metric { - name = "boottime" - title = "Last Boot Time" - } - metric { - name = "machine_type" - title = "Machine Type" - } - metric { - name = "os_name" - title = "Operating System" - } - metric { - name = "os_release" - title = "Operating System Release" - } - metric { - name = "location" - title = "Location" - } -} - -/* This collection group will send the status of gexecd for this host - every 300 secs.*/ -/* Unlike 2.5.x the default behavior is to report gexecd OFF. */ -collection_group { - collect_once = yes - time_threshold = 300 - metric { - name = "gexec" - title = "Gexec Status" - } -} - -/* This collection group will collect the CPU status info every 20 secs. - The time threshold is set to 90 seconds. In honesty, this - time_threshold could be set significantly higher to reduce - unneccessary network chatter. */ -collection_group { - collect_every = 20 - time_threshold = 90 - /* CPU status */ - metric { - name = "cpu_user" - value_threshold = "1.0" - title = "CPU User" - } - metric { - name = "cpu_system" - value_threshold = "1.0" - title = "CPU System" - } - metric { - name = "cpu_idle" - value_threshold = "5.0" - title = "CPU Idle" - } - metric { - name = "cpu_nice" - value_threshold = "1.0" - title = "CPU Nice" - } - metric { - name = "cpu_aidle" - value_threshold = "5.0" - title = "CPU aidle" - } - metric { - name = "cpu_wio" - value_threshold = "1.0" - title = "CPU wio" - } - metric { - name = "cpu_steal" - value_threshold = "1.0" - title = "CPU steal" - } - /* The next two metrics are optional if you want more detail... - ... since they are accounted for in cpu_system. - metric { - name = "cpu_intr" - value_threshold = "1.0" - title = "CPU intr" - } - metric { - name = "cpu_sintr" - value_threshold = "1.0" - title = "CPU sintr" - } - */ -} - -collection_group { - collect_every = 20 - time_threshold = 90 - /* Load Averages */ - metric { - name = "load_one" - value_threshold = "1.0" - title = "One Minute Load Average" - } - metric { - name = "load_five" - value_threshold = "1.0" - title = "Five Minute Load Average" - } - metric { - name = "load_fifteen" - value_threshold = "1.0" - title = "Fifteen Minute Load Average" - } -} - -/* This group collects the number of running and total processes */ -collection_group { - collect_every = 80 - time_threshold = 950 - metric { - name = "proc_run" - value_threshold = "1.0" - title = "Total Running Processes" - } - metric { - name = "proc_total" - value_threshold = "1.0" - title = "Total Processes" - } -} - -/* This collection group grabs the volatile memory metrics every 40 secs and - sends them at least every 180 secs. This time_threshold can be increased - significantly to reduce unneeded network traffic. */ -collection_group { - collect_every = 40 - time_threshold = 180 - metric { - name = "mem_free" - value_threshold = "1024.0" - title = "Free Memory" - } - metric { - name = "mem_shared" - value_threshold = "1024.0" - title = "Shared Memory" - } - metric { - name = "mem_buffers" - value_threshold = "1024.0" - title = "Memory Buffers" - } - metric { - name = "mem_cached" - value_threshold = "1024.0" - title = "Cached Memory" - } - metric { - name = "swap_free" - value_threshold = "1024.0" - title = "Free Swap Space" - } -} - -collection_group { - collect_every = 40 - time_threshold = 300 - metric { - name = "bytes_out" - value_threshold = 4096 - title = "Bytes Sent" - } - metric { - name = "bytes_in" - value_threshold = 4096 - title = "Bytes Received" - } - metric { - name = "pkts_in" - value_threshold = 256 - title = "Packets Received" - } - metric { - name = "pkts_out" - value_threshold = 256 - title = "Packets Sent" - } -} - -/* Different than 2.5.x default since the old config made no sense */ -collection_group { - collect_every = 1800 - time_threshold = 3600 - metric { - name = "disk_total" - value_threshold = 1.0 - title = "Total Disk Space" - } -} - -collection_group { - collect_every = 40 - time_threshold = 180 - metric { - name = "disk_free" - value_threshold = 1.0 - title = "Disk Space Available" - } - metric { - name = "part_max_used" - value_threshold = 1.0 - title = "Maximum Disk Space Used" - } -} - -include ("/etc/ganglia/conf.d/*.conf") diff --git a/roles/ci/templates/jenkins-nagios.docker b/roles/ci/templates/jenkins-nagios.docker deleted file mode 100644 index 32eef61..0000000 --- a/roles/ci/templates/jenkins-nagios.docker +++ /dev/null @@ -1,28 +0,0 @@ -FROM centos:7 -MAINTAINER Jean-Baptiste Aubort - -# Update packages -RUN yum -y update -RUN yum -y install epel-release - -# Nagios -RUN yum -y install nrpe nagios-plugins-disk nagios-plugins-load nagios-plugins-procs rsyslog - -ADD nrpe.cfg /etc/nagios/nrpe.cfg -ADD nrpe_local.cfg /etc/nagios/nrpe_local.cfg - -ADD check_mem.sh /usr/local/bin/check_mem.sh -RUN chmod +x /usr/local/bin/check_mem.sh - -ADD run-nrpe.sh / -RUN chmod +x /run-nrpe.sh - -# Ganglia client -RUN yum -y install ganglia-gmond -ADD gmond.conf /etc/ganglia/gmond.conf - -# Clean -RUN yum clean all - -EXPOSE 5666 -CMD ["./run-nrpe.sh"] diff --git a/roles/ci/templates/jenkins-slave-centos.docker b/roles/ci/templates/jenkins-slave-centos.docker deleted file mode 100644 index 85c0172..0000000 --- a/roles/ci/templates/jenkins-slave-centos.docker +++ /dev/null @@ -1,62 +0,0 @@ -# This Dockerfile is used to build an image containing basic stuff to be used as a Jenkins slave build node. -FROM centos:7 -MAINTAINER Jean-Baptiste Aubort - -# Make sure the package repository is up to date. -RUN yum update -y - -# Install need packages -RUN yum install -y \ - sudo \ - gcc \ - gcc-c++ \ - gcc-gfortran \ - make \ - cmake \ - openssl-devel \ - git \ - subversion \ - mercurial \ - php-cli \ - php-curl \ - epel-release \ - libffi-devel \ - openssl-devel \ - python-devel \ - maven - -RUN yum update -y && yum install -y python2-pip - - -# Install a basic SSH server -RUN yum install -y openssh-server -RUN ssh-keygen -A -RUN sed -i 's|session required pam_loginuid.so|session optional pam_loginuid.so|g' /etc/pam.d/sshd -RUN mkdir -p /var/run/sshd - -# Install JDK 7 (latest edition) -RUN yum install -y java-1.7.0-openjdk - -# Add user jenkins to the image -RUN adduser jenkins -RUN usermod -a -G wheel jenkins -RUN echo "jenkins:jenkins" | chpasswd -RUN sed -i -e 's/# %wheel/%wheel/g' /etc/sudoers - -# Jenkins -RUN mkdir /home/jenkins/workspace -RUN chown jenkins.jenkins /home/jenkins/workspace - -# Phabricator API -RUN cd /opt; \ - git clone https://secure.phabricator.com/diffusion/ARC/arcanist.git; \ - git clone https://secure.phabricator.com/source/libphutil.git; \ - ln -s /opt/arcanist/bin/arc /usr/local/bin/arc - -# Clean -RUN yum clean all - -# Standard SSH port -EXPOSE 22 - -CMD ["/usr/sbin/sshd", "-D"] diff --git a/roles/ci/templates/jenkins-slave-ubuntu.docker b/roles/ci/templates/jenkins-slave-ubuntu.docker deleted file mode 100644 index 621b896..0000000 --- a/roles/ci/templates/jenkins-slave-ubuntu.docker +++ /dev/null @@ -1,60 +0,0 @@ -# This Dockerfile is used to build an image containing basic stuff to be used as a Jenkins slave build node. -FROM ubuntu:trusty -MAINTAINER Jean-Baptiste Aubort - -# Make sure the package repository is up to date. -RUN apt-get update -RUN apt-get -y upgrade - -# Install need packages -RUN apt-get update && apt-get -y install \ - bash-completion \ - build-essential \ - gfortran \ - cmake \ - git \ - subversion \ - mercurial \ - php5-cli \ - php5-curl \ - python-pip \ - python-dev \ - libffi-dev \ - libssl-dev \ - maven - -# Remove uneeded packages -RUN apt-get -y purge libgl1-mesa-dri - -# Install a basic SSH server -RUN apt-get update && apt-get -y install openssh-server -RUN sed -i 's|session required pam_loginuid.so|session optional pam_loginuid.so|g' /etc/pam.d/sshd -RUN mkdir -p /var/run/sshd - -# Install JDK 7 (latest edition) -RUN apt-get update && apt-get -y install openjdk-7-jdk - -# Add user jenkins to the image -RUN adduser --quiet jenkins -RUN adduser --quiet jenkins sudo -RUN echo "jenkins:jenkins" | chpasswd -RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers - -# Jenkins -RUN mkdir /home/jenkins/workspace -RUN chown jenkins.jenkins /home/jenkins/workspace - -# Phabricator API -RUN cd /opt; \ - git clone https://secure.phabricator.com/diffusion/ARC/arcanist.git; \ - git clone https://secure.phabricator.com/source/libphutil.git; \ - ln -s /opt/arcanist/bin/arc /usr/local/bin/arc - -# Clean -RUN apt-get clean -RUN rm -rf /var/lib/apt/lists/* - -# Standard SSH port -EXPOSE 22 - -CMD ["/usr/sbin/sshd", "-D"] diff --git a/roles/ci/templates/jenkins.model.JenkinsLocationConfiguration.xml b/roles/ci/templates/jenkins.model.JenkinsLocationConfiguration.xml deleted file mode 100644 index 64f9fad..0000000 --- a/roles/ci/templates/jenkins.model.JenkinsLocationConfiguration.xml +++ /dev/null @@ -1,5 +0,0 @@ - - - jenkins@{{ domain }} - {{ jenkins_url }} - diff --git a/roles/ci/templates/nrpe.cfg b/roles/ci/templates/nrpe.cfg deleted file mode 100644 index f7b0aee..0000000 --- a/roles/ci/templates/nrpe.cfg +++ /dev/null @@ -1,12 +0,0 @@ -log_facility=daemon -pid_file=/var/run/nrpe/nrpe.pid -server_port=5666 -nrpe_user=nrpe -nrpe_group=nrpe -allowed_hosts=c4science-monit,127.0.0.1 -dont_blame_nrpe=0 -allow_bash_command_substitution=0 -debug=0 -command_timeout=60 -connection_timeout=300 -include=/etc/nagios/nrpe_local.cfg diff --git a/roles/ci/templates/nrpe_local.cfg b/roles/ci/templates/nrpe_local.cfg deleted file mode 100644 index d5e1ddb..0000000 --- a/roles/ci/templates/nrpe_local.cfg +++ /dev/null @@ -1,4 +0,0 @@ -command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 -command[check_disk_vdb]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p / -command[check_mem]=/usr/local/bin/check_mem.sh -w 80 -c 90 -W 10 -C 50 -command[check_docker_daemon]=/usr/lib64/nagios/plugins/check_procs -C 'docker' -a daemon -c 1 diff --git a/roles/ci/templates/run-nrpe.sh b/roles/ci/templates/run-nrpe.sh deleted file mode 100644 index c63933c..0000000 --- a/roles/ci/templates/run-nrpe.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d -/usr/sbin/gmond -tail -F /var/log/messages & -wait diff --git a/roles/jenkins b/roles/jenkins deleted file mode 160000 index d9fb145..0000000 --- a/roles/jenkins +++ /dev/null @@ -1 +0,0 @@ -Subproject commit d9fb145049df912562839c5b0a7484b01202e277 diff --git a/roles/phabricator/templates/myconfig.conf.php b/roles/phabricator/templates/myconfig.conf.php index fae146a..1f6a7c0 100644 --- a/roles/phabricator/templates/myconfig.conf.php +++ b/roles/phabricator/templates/myconfig.conf.php @@ -1,102 +1,108 @@ '{{ http_scheme }}{{ domain }}/', 'phabricator.timezone' => 'Europe/Berlin', 'phabricator.serious-business' => true, 'phabricator.show-prototypes' => true, 'phabricator.developer-mode' => {{ developer_mode }}, 'phabricator.allowed-uris' => array( '{{ http_scheme }}{{ domain }}/', '{{ http_scheme }}www.{{ domain }}/' ), 'log.access.path' => '/var/log/phabricator/access.log', 'log.ssh.path' => '/var/log/phabricator/ssh.log', 'user.custom-field-definitions' => array( 'c4science:org' => array( 'name' => 'Organization', 'type' => 'text', 'caption' => 'Domain name of a home organization', 'required' => false, 'search' => true ) ), 'debug.sample-rate' => 0, 'phd.log-directory' => '/var/log/phabricator', 'phd.taskmasters' => 10, 'phd.user' => '{{ phd_user }}', 'security.strict-transport-security' => true, 'security.require-https' => true, 'security.alternate-file-domain' => '{{ http_scheme }}{{ file_domain }}/', 'darkconsole.enabled' => false, 'policy.allow-public' => true, 'auth.require-approval' => false, 'auth.require-email-verification' => false, 'cluster.addresses' => array( {% for host in groups['app'] %} "{{ hostvars[host]['inventory_hostname'] }}/32", {% endfor %} ), 'diffusion.ssh-user' => '{{ vcs_user }}', //'diffusion.ssh-port' => {{ vcs_port_front }}, 'diffusion.allow-http-auth' => true, 'cluster.databases' => array( {% for host in groups['dbs'] %} array( 'host' => '{{ host }}', 'role' => '{% if loop.first %}master{% else %}replica{% endif %}' ), {% endfor %} ), 'mysql.pass' => '{{ mysql_app_pass }}', 'mysql.user' => '{{ mysql_app_user }}', 'notification.servers' => array( array( 'type' => 'client', 'host' => '{{ domain }}', 'port' => 22280, 'protocol' => 'https', ), {% for host in groups['app'] %} array( 'type' => 'admin', 'host' => '{{ host }}', 'port' => 22281, 'protocol' => 'http', ), {% endfor %} ), //'amazon-s3.access-key' => '{{ s3_access_key }}', //'amazon-s3.secret-key' => '{{ s3_secret_key }}', //'amazon-s3.endpoint' => '{{ s3_endpoint }}', //'amazon-s3.region' => '{{ s3_region }}', //'storage.s3.bucket' => '{{ s3_bucket }}', 'storage.local-disk.path' => '{{ repositories_path }}files', 'files.enable-imagemagick' => true, #'auth.email-domains' => [ # {% for domain in phabricator_domains %} # "{{ domain }}", # {% endfor %} #], 'pygments.enabled' => true, 'environment.append-paths' => array( "/usr/libexec/git-core", "/bin", "/usr/bin", "/usr/local/bin" ), 'metamta.default-address' => 'phabricator@{{ domain }}', 'metamta.domain' => '{{ domain }}', 'metamta.reply-handler-domain' => '{{ domain }}', 'metamta.single-reply-handler-prefix' => 'phabricator', + + 'jenkins.url' => '{{ jenkins_url }}', + 'jenkins.user' => '{{ jenkins_user }}', + 'jenkins.token' => '{{ jenkins_token }}', + 'jenkins.repo_cred' => '{{ jenkins_cred }}', + ); diff --git a/vars/main.yml.example b/vars/main.yml.example index 7c8914c..fc4cd06 100644 --- a/vars/main.yml.example +++ b/vars/main.yml.example @@ -1,117 +1,115 @@ --- env: prod project_name: "c4science" ansible_ssh_user: "centos" proxy: no http_proxy: "" https_proxy: "" no_proxy: "localhost" proxy_url: "{{ http_proxy }}" __no_proxy: "{{ no_proxy }}" user_pwd_root: "" user_pwd_centos: "" # OpenStack keypair_name: "" image_id: "" image_id_coreos: "" public_net: "" private_net: "" flavor_id_small: "" flavor_id_medium: "" flavor_id_large: "" flavor_id_small_backup: "" private_net_backup: "" image_id_backup: "" region_main: "" region_back: "" # Storage glusterfs_default_release: 38 s3_access_key: "" s3_secret_key: "" s3_endpoint: "" s3_bucket: "" s3_region: "" # Lbs internal_ip: 0.0.0.0 external_ip: 0.0.0.0 backup_ip: 0.0.0.0 ip_range: "10.0.0.0/16" notif_port: 22280 jenkins_port: 8080 stats_port: 8082 monit_port: 8081 monit_user: admin monit_pass: rolling_reboot_proxy_host: "{{ external_ip }}" rolling_reboot_pause: 30 rolling_reboot_wait_delay: 20 # App developer_mode: false http_scheme: 'http://' domain: example.com file_domain: "example-cdn.com" phabricator_branch: production phabricator_path: /srv/ repositories_path: /var/repo/ phd_user: phabricator www_user: apache vcs_user: git vcs_port_front: 22 vcs_port_back: 2222 -jenkins_admin_user: admin -jenkins_admin_password: -jenkins_phab_url: "{{ http_scheme }}{{ domain }}/" -jenkins_phab_id: "PHID-" -jenkins_phab_secret: "" jenkins_prefix: "/" jenkins_url: "{{ http_scheme }}jenkins.{{ domain }}{{ jenkins_prefix }}" +jenkins_user: "admin" +jenkins_token: "" +jenkins_cred: "xxx-yyy-zzz" shib_metadata_file: "metadata.xml" shib_metadata_provider: "http://example.com/{{ shib_metadata_file }}" phabricator_domains: - "{{ domain }}" - 'example.com' google_webmaster_file: "googleXYZ.html" # Dbs mysql_repl_user: "repl" mysql_repl_pass: "" mysql_app_user: "" mysql_app_pass: "" mysql_shib_user: "" mysql_shib_pass: "" mysql_shib_db: "shibboleth" mysql_lbs_user: "haproxy" mysql_cluster_name: "" mysql_host: "10.0.0.0/255.255.0.0" # SSH ssh_keys: - "ssh-rsa mysuperkey1" - "ssh-rsa mysuperkey2" # Swap swap_path: "/swapfile" dd_bs_size_mb: 32 swap_count: 128 swappiness: 10 vfs_cache_pressure: 50 # Email configure_postfix: true enable_postfix_domain_rewrite: true enable_postfix_relayhost: true postfix_relayhost: "[{{ internal_ip }}]" postfix_rewrite_domain: "{{ domain }}" email_alias_phabricator: "" email_alias_postmaster: "" email_alias_admin: "" email_monitoring: ""