Semptember ansible updates

exitfound · Sep 23, 2024 · 349807a · 349807a
1 parent 2ebfbe8
commit 349807a
Show file tree

Hide file tree

Showing 67 changed files with 263 additions and 377 deletions.
diff --git a/ansible/roles/docker-jenkins-agent/molecule/docker-debian/converge.yml b/ansible/roles/docker-jenkins-agent/molecule/docker-debian/converge.yml
@@ -3,7 +3,7 @@
 - name: Converge
   hosts: all
   tasks:
-    # Данный шаг вызывает роль docker-jenkins-agent для прогона тестов:
+    # Данный шаг вызывает роль docker-jenkins-agent для прогона тестов с помощью Molecule:
     - name: "Include docker-jenkins-agent role for testing"
       include_role:
         name: "docker-jenkins-agent"
diff --git a/ansible/roles/docker-jenkins-agent/molecule/docker-debian/molecule.yml b/ansible/roles/docker-jenkins-agent/molecule/docker-debian/molecule.yml
@@ -81,22 +81,22 @@ platforms:
     security_opts:
       - seccomp=unconfined
 
-  # - name: ubuntu24.04
-  #   image: mdd13/ansible-docker-ubuntu:ubuntu24.04
-  #   pre_build_image: true
-  #   tmpfs:
-  #     - /run
-  #     - /tmp
-  #   volumes:
-  #     - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  #   privileged: true
-  #   capabilities:
-  #     - SYS_ADMIN
-  #   cgroup_parent: docker.slice
-  #   cgroupns_mode: host
-  #   override_command: false
-  #   security_opts:
-  #     - seccomp=unconfined
+  - name: ubuntu24.04
+    image: mdd13/ansible-docker-ubuntu:ubuntu24.04
+    pre_build_image: true
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+    capabilities:
+      - SYS_ADMIN
+    cgroup_parent: docker.slice
+    cgroupns_mode: host
+    override_command: false
+    security_opts:
+      - seccomp=unconfined
 
 provisioner:
   name: ansible
@@ -108,7 +108,7 @@ provisioner:
         docker_jenkins_agent_name: "docker-jenkins-agent"
         docker_jenkins_agent_image: "jenkins/ssh-agent:alpine"
         docker_jenkins_agent_ssh_port: "2222"
-        docker_jenkins_agent_public_key: "ssh-rsa yourpublickey"
+        docker_jenkins_agent_public_key: "ssh-rsa testpublickey"
 
 verifier:
   name: ansible

diff --git a/ansible/roles/docker-jenkins-agent/molecule/docker-debian/verify.yml b/ansible/roles/docker-jenkins-agent/molecule/docker-debian/verify.yml
@@ -3,6 +3,6 @@
 - name: Verify
   hosts: all
   tasks:
-    - name: Output the result
+    - name: Output the final result
       assert:
         that: true
diff --git a/ansible/roles/docker-jenkins-agent/molecule/docker-redhat/converge.yml b/ansible/roles/docker-jenkins-agent/molecule/docker-redhat/converge.yml
@@ -3,7 +3,7 @@
 - name: Converge
   hosts: all
   tasks:
-    # Данный шаг вызывает роль docker-jenkins-agent для прогона тестов:
+    # Данный шаг вызывает роль docker-jenkins-agent для прогона тестов с помощью Molecule:
     - name: "Include docker-jenkins-agent role for testing"
       include_role:
         name: "docker-jenkins-agent"
diff --git a/ansible/roles/docker-jenkins-agent/molecule/docker-redhat/molecule.yml b/ansible/roles/docker-jenkins-agent/molecule/docker-redhat/molecule.yml
@@ -36,7 +36,7 @@ provisioner:
         docker_jenkins_agent_name: "docker-jenkins-agent"
         docker_jenkins_agent_image: "jenkins/ssh-agent:alpine"
         docker_jenkins_agent_ssh_port: "2222"
-        docker_jenkins_agent_public_key: "ssh-rsa yourpublickey"
+        docker_jenkins_agent_public_key: "ssh-rsa testpublickey"
 
 verifier:
   name: ansible

diff --git a/ansible/roles/docker-jenkins-agent/molecule/docker-redhat/verify.yml b/ansible/roles/docker-jenkins-agent/molecule/docker-redhat/verify.yml
@@ -3,6 +3,6 @@
 - name: Verify
   hosts: all
   tasks:
-    - name: Output the result
+    - name: Output the final result
       assert:
         that: true
diff --git a/ansible/roles/docker-jenkins-agent/molecule/docker-suse/converge.yml b/ansible/roles/docker-jenkins-agent/molecule/docker-suse/converge.yml
@@ -3,7 +3,7 @@
 - name: Converge
   hosts: all
   tasks:
-    # Данный шаг вызывает роль docker-jenkins-agent для прогона тестов:
+    # Данный шаг вызывает роль docker-jenkins-agent для прогона тестов с помощью Molecule:
     - name: "Include docker-jenkins-agent role for testing"
       include_role:
         name: "docker-jenkins-agent"
diff --git a/ansible/roles/docker-jenkins-agent/molecule/docker-suse/molecule.yml b/ansible/roles/docker-jenkins-agent/molecule/docker-suse/molecule.yml
@@ -6,20 +6,8 @@ driver:
   name: docker
 
 platforms:
-  - name: opensuse15.3
-    image: mdd13/ansible-docker-suse:opensuse15.3
-    pre_build_image: true
-    privileged: true
-    override_command: false
-    cgroupns_mode: host
-    tmpfs:
-      - /var/lib/docker
-      - /tmp
-    security_opts:
-      - seccomp=unconfined
-
-  - name: opensuse15.4
-    image: mdd13/ansible-docker-suse:opensuse15.4
+  - name: opensuse15.5
+    image: mdd13/ansible-docker-suse:opensuse15.5
     pre_build_image: true
     privileged: true
     override_command: false
@@ -30,8 +18,8 @@ platforms:
     security_opts:
       - seccomp=unconfined
 
-  - name: opensuse15.5
-    image: mdd13/ansible-docker-suse:opensuse15.5
+  - name: opensuse15.6
+    image: mdd13/ansible-docker-suse:opensuse15.6
     pre_build_image: true
     privileged: true
     override_command: false
@@ -52,7 +40,7 @@ provisioner:
         docker_jenkins_agent_name: "docker-jenkins-agent"
         docker_jenkins_agent_image: "jenkins/ssh-agent:alpine"
         docker_jenkins_agent_ssh_port: "2222"
-        docker_jenkins_agent_public_key: "ssh-rsa yourpublickey"
+        docker_jenkins_agent_public_key: "ssh-rsa testpublickey"
 
 verifier:
   name: ansible

diff --git a/ansible/roles/docker-jenkins-agent/molecule/docker-suse/verify.yml b/ansible/roles/docker-jenkins-agent/molecule/docker-suse/verify.yml
@@ -3,6 +3,6 @@
 - name: Verify
   hosts: all
   tasks:
-    - name: Output the result
+    - name: Output the final result
       assert:
         that: true
diff --git a/ansible/roles/docker-jenkins-agent/tasks/debian.yaml b/ansible/roles/docker-jenkins-agent/tasks/debian.yaml
@@ -11,7 +11,7 @@
     name: system-docker
     tasks_from: main
 
-# Создание директории для хранения файла docker-compose, для последующего запуска Docker Jenkins Agent:
+# Создание директории для хранения файла Docker Compose, для последующего запуска Docker Jenkins Agent:
 - name: Create Jenkins Agent directories on Debian family distro
   file:
     state: directory
@@ -35,8 +35,8 @@
   changed_when: false
 
 # Запуск Docker Jenkins Agent с помощью docker-compose на удаленном узле:
-- name: Run Jenkins Agent via docker-compose on Debian family distro
-  command: docker-compose -f {{ docker_jenkins_agent_directory }}/{{ docker_jenkins_agent_compose_file }} up -d --build --force-recreate
+- name: Run Jenkins Agent via Docker Compose on Debian family distro
+  command: docker compose -f {{ docker_jenkins_agent_directory }}/{{ docker_jenkins_agent_compose_file }} up -d --build --force-recreate
   register: docker_compose_output
   changed_when: false
 

diff --git a/ansible/roles/docker-jenkins-agent/tasks/redhat.yaml b/ansible/roles/docker-jenkins-agent/tasks/redhat.yaml
@@ -11,7 +11,7 @@
     name: system-docker
     tasks_from: main
 
-# Создание директории для хранения файла docker-compose, для последующего запуска Docker Jenkins Agent:
+# Создание директории для хранения файла Docker Compose, для последующего запуска Docker Jenkins Agent:
 - name: Create Jenkins Agent directories on RedHat family distro
   file:
     state: directory
@@ -34,9 +34,9 @@
     group: "{{ docker_jenkins_agent_group }}"
   changed_when: false
 
-# Запуск Docker Jenkins Agent с помощью docker-compose на удаленном узле:
-- name: Run Jenkins Agent via docker-compose on RedHat family distro
-  command: docker-compose -f {{ docker_jenkins_agent_directory }}/{{ docker_jenkins_agent_compose_file }} up -d --build --force-recreate
+# Запуск Docker Jenkins Agent с помощью Docker Compose на удаленном узле:
+- name: Run Jenkins Agent via Docker Compose on RedHat family distro
+  command: docker compose -f {{ docker_jenkins_agent_directory }}/{{ docker_jenkins_agent_compose_file }} up -d --build --force-recreate
   register: docker_compose_output
   changed_when: false
 

diff --git a/ansible/roles/docker-jenkins-agent/tasks/suse.yaml b/ansible/roles/docker-jenkins-agent/tasks/suse.yaml
@@ -11,7 +11,7 @@
     name: system-docker
     tasks_from: main
 
-# Создание директории для хранения файла docker-compose, для последующего запуска Docker Jenkins Agent:
+# Создание директории для хранения файла Docker Compose, для последующего запуска Docker Jenkins Agent:
 - name: Create Jenkins Agent directories on SUSE family distro
   file:
     state: directory
@@ -34,9 +34,9 @@
     group: "{{ docker_jenkins_agent_group }}"
   changed_when: false
 
-# Запуск Docker Jenkins Agent с помощью docker-compose на удаленном узле:
-- name: Run Jenkins Agent via docker-compose on SUSE family distro
-  command: docker-compose -f {{ docker_jenkins_agent_directory }}/{{ docker_jenkins_agent_compose_file }} up -d --build --force-recreate
+# Запуск Docker Jenkins Agent с помощью Docker Compose на удаленном узле:
+- name: Run Jenkins Agent via Docker Compose on SUSE family distro
+  command: docker compose -f {{ docker_jenkins_agent_directory }}/{{ docker_jenkins_agent_compose_file }} up -d --build --force-recreate
   register: docker_compose_output
   changed_when: false
 

diff --git a/ansible/roles/docker-jenkins-agent/templates/agent-docker-compose.yaml.j2 b/ansible/roles/docker-jenkins-agent/templates/agent-docker-compose.yaml.j2
@@ -5,6 +5,6 @@ services:
     image: {{ docker_jenkins_agent_image }}
     ports:
       - "{{ docker_jenkins_agent_ssh_port }}:22"
-    restart: always
+    restart: on-failure
     environment:
       JENKINS_AGENT_SSH_PUBKEY: {{ docker_jenkins_agent_public_key }}
diff --git a/ansible/roles/docker-jenkins/defaults/main.yaml b/ansible/roles/docker-jenkins/defaults/main.yaml
@@ -2,6 +2,7 @@
 
 # Переменные, необходимые для установки и настройки Jenkins via Docker, применимые ко всем дистрибутивам в равной степени:
 
+jenkins_backup_dir: "/opt/jenkins_backup"
 jenkins_config_dir: "/opt/jenkins_config"
 jenkins_inactive_config_dir: "/opt/jenkins_inactive_config"
 jenkins_data_dir: "/opt/jenkins_data"

diff --git a/ansible/roles/docker-jenkins/files/Dockerfile b/ansible/roles/docker-jenkins/files/Dockerfile
@@ -1,19 +1,21 @@
-FROM jenkins/jenkins:lts-jdk11
+FROM jenkins/jenkins:lts-jdk21
 
 LABEL maintainer="Ivan Medaev"
 
 USER root
 
 RUN mkdir -p /var/jenkins_config/casc_configs/ /var/jenkins_backup \
     && chown -R jenkins:jenkins /var/jenkins_home /var/jenkins_config /var/jenkins_backup \
+    && chmod -R u+s /var/jenkins_home /var/jenkins_config /var/jenkins_backup \
+    && chmod -R 755 /usr/bin/* usr/sbin/unix_chkpwd usr/lib/openssh/ssh-keysign \
     && apt-get update \
     && apt-get -y install --no-install-recommends \
         apt-utils \
-        net-tools \
         iproute2 \
+        net-tools \
     && apt-get clean \
     && apt-get autoremove -y \
-    && rm -rf /var/lib/apt /var/lib/dpkg /tmp/* /var/tmp/*
+    && rm -rf /var/lib/apt/lists /var/lib/dpkg /tmp/* /var/tmp/*
 
 USER jenkins
 
@@ -25,3 +27,5 @@ ENV CASC_JENKINS_CONFIG=/var/jenkins_config/casc_configs/
 COPY --chown=jenkins:jenkins plugins.txt /var/jenkins_config/
 
 RUN jenkins-plugin-cli -f /var/jenkins_config/plugins.txt
+
+HEALTHCHECK --interval=5m --timeout=3s CMD ["curl", "-f", "http://localhost:8080 || exit 1"]
diff --git a/ansible/roles/docker-jenkins/files/jenkins-docker-compose.yaml b/ansible/roles/docker-jenkins/files/jenkins-docker-compose.yaml
@@ -13,6 +13,7 @@ services:
     volumes:
       - /opt/jenkins_config:/var/jenkins_config/casc_configs
       - /opt/jenkins_data:/var/jenkins_home
+      - /opt/jenkins_backup:/var/jenkins_backup
     networks:
       - jenkins
     restart: on-failure

diff --git a/ansible/roles/docker-jenkins/files/plugins.txt b/ansible/roles/docker-jenkins/files/plugins.txt
@@ -1,14 +1,14 @@
-antisamy-markup-formatter
 adoptopenjdk
+antisamy-markup-formatter
 apache-httpcomponents-client-4-api
 authorize-project
-branch-api
 bouncycastle-api
+branch-api
 cloudbees-folder
 checks-api
-configuration-as-code
 credentials
 credentials-binding
+configuration-as-code
 commons-text-api
 display-url-api
 docker-java-api
@@ -37,10 +37,9 @@ mailer
 matrix-auth
 matrix-project
 nodejs
-pam-auth
 okhttp-api
+pam-auth
 periodicbackup
-plain-credentials
 pipeline-build-step
 pipeline-graph-analysis
 pipeline-github-lib
@@ -52,6 +51,7 @@ pipeline-model-extensions
 pipeline-rest-api
 pipeline-stage-tags-metadata 
 pipeline-stage-view
+plain-credentials
 role-strategy
 script-security
 scm-api

diff --git a/ansible/roles/docker-jenkins/molecule/docker-debian/converge.yml b/ansible/roles/docker-jenkins/molecule/docker-debian/converge.yml
@@ -3,7 +3,7 @@
 - name: Converge
   hosts: all
   tasks:
-    # Данный шаг вызывает роль docker-jenkins для прогона тестов:
+    # Данный шаг вызывает роль docker-jenkins для прогона тестов с помощью Molecule:
     - name: "Include docker-jenkins role for testing"
       include_role:
         name: "docker-jenkins"
diff --git a/ansible/roles/docker-jenkins/molecule/docker-debian/verify.yml b/ansible/roles/docker-jenkins/molecule/docker-debian/verify.yml
@@ -4,7 +4,7 @@
   hosts: all
   tasks:
     # Добавление интервала по времени для загрузки Jenkins:
-    - name: Waiting 30 second for checking Jenkins
+    - name: Wait 30 second for checking Jenkins
       wait_for:
         timeout: 30
 
@@ -14,12 +14,6 @@
         url: "http://127.0.0.1:8080"
         method: GET
         timeout: 30
-        return_content: true
+        return_content: false
         validate_certs: no
-        status_code: [200, 403]
-      register: output
-
-    # Результат выполненной ранее проверки:
-    - name: Output the result of a registered variable
-      debug:
-        msg: "{{ output.content }}"
+        status_code: [200,403]
diff --git a/ansible/roles/docker-jenkins/molecule/docker-redhat/converge.yml b/ansible/roles/docker-jenkins/molecule/docker-redhat/converge.yml
@@ -3,7 +3,8 @@
 - name: Converge
   hosts: all
   tasks:
-    # Данный шаг вызывает роль docker-jenkins для прогона тестов:
+
+    # Данный шаг вызывает роль docker-jenkins для прогона тестов с помощью Molecule:
     - name: "Include docker-jenkins role for testing"
       include_role:
         name: "docker-jenkins"
diff --git a/ansible/roles/docker-jenkins/molecule/docker-redhat/verify.yml b/ansible/roles/docker-jenkins/molecule/docker-redhat/verify.yml
@@ -4,7 +4,7 @@
   hosts: all
   tasks:
     # Добавление интервала по времени для загрузки Jenkins:
-    - name: Waiting 30 second for checking Jenkins
+    - name: Wait 30 second for checking Jenkins
       wait_for:
         timeout: 30
 
@@ -14,12 +14,6 @@
         url: "http://127.0.0.1:8080"
         method: GET
         timeout: 30
-        return_content: true
+        return_content: false
         validate_certs: no
-        status_code: [200, 403]
-      register: output
-
-    # Результат выполненной ранее проверки:
-    - name: Output the result of a registered variable
-      debug:
-        msg: "{{ output.content }}"
+        status_code: [200,403]
diff --git a/ansible/roles/docker-jenkins/molecule/docker-suse/converge.yml b/ansible/roles/docker-jenkins/molecule/docker-suse/converge.yml
@@ -3,7 +3,7 @@
 - name: Converge
   hosts: all
   tasks:
-    # Данный шаг вызывает роль docker-jenkins для прогона тестов:
+    # Данный шаг вызывает роль docker-jenkins для прогона тестов с помощью Molecule:
     - name: "Include docker-jenkins role for testing"
       include_role:
         name: "docker-jenkins"