This role:
- installs jenkins2 on Ubuntu, Centos7, RHEL7
- make minimal configuration (e.g. smtp config, plugins install)
- Install Jenkins
- Install plugins
- Configure plugins via JCasC
- Configure SMTP settings via JCasC
- Add credentials via JCasC
- Configure plugins via groovy scripts
- Configure SMTP settings via groovy scripts
- Add credentials via groovy scripts
- Generate ssh keys and copy them to slave servers
- Minimal Version of the ansible for installation: 2.7
- Java 8
- Supported OS:
- CentOS
- 8
- RHEL
- 8
- Amazon Linux 2
- Ubuntu 18
- Debian 9
- CentOS
jenkins2_user- OS user and group used for jenkins start
default:jenkinsjenkins2_package_version- package name for jenkins install
default:jenkinsjenkins2_release_line- package version to be installed: stable or latest
default:stablejenkins2_disable_gpg_check- gpg check skipped (only for yum)
default:falsejenkins2_key_validate_certs- validate certs during key install (only for yum)
default:truejenkins2_context_path- Jenkins context path
default:''jenkins2_cli_username- user for jenkins cli connection
default:adminjenkins2_cli_password- user password for jenkins cli connection
default:adminjenkins2_home_directory- Directory where Jenkins store its configuration and working files (checkouts, build reports, artifacts, ...)
default:/var/lib/jenkins
jenkins2_config_java_cmd- Java executable to run Jenkins
default:''jenkins2_config_java_options- Options to pass to java when running Jenkins.
default:-Djava.awt.headless=true -Djenkins.install.runSetupWizard=false -Dmail.smtp.starttls.enable='true' -Dhudson.slaves.WorkspaceList=_jenkins2_config_http_port- Port Jenkins is listening on.
default:8080jenkins2_config_listen_address- IP address Jenkins listens on for HTTP requests. Default is all interfaces (0.0.0.0).
default:''jenkins2_config_debug_level- Debug level for logs -- the higher the value, the more verbose. 5 is INFO.
default:5jenkins2_config_enable_access_log- Whether to enable access logging or not.
default:nojenkins2_config_handler_max- Maximum number of HTTP worker threads.
default:100jenkins2_config_handler_idle- Maximum number of idle HTTP worker threads.
default:20jenkins2_config_args- Pass arbitrary arguments to Jenkins. Full option list: java -jar jenkins.war --help
default:''
jenkins2_https_enabled- Use or not use secure connection.
default:truejenkins2_http_disabled- Disable insecure connection.
default:falsejenkins2_config_https_port- Jenkins port for secure connection (https).
default:8443jenkins2_local_keystore- If true - to search for keystore on ansible host on {{ jenkins2_local_keystore_path }}. If false - to check keystore on remote host. default:falsejenkins2_local_keystore_path- Path to local keystore file (in order not to create self-signed)
default:{{ role_path }}/files/{{ jenkins2_ssl_key_store_name }}jenkins2_ssl_configure- Configure or not ssl connection for jenkins.
default:truejenkins2_ssl_key_store_name- Keystore file name. If file with such name exists in role folder/files - it will be used as keystore.
default:jenkins2-ssl.keystore.jksjenkins2_ssl_key_size- Certificate key size.
default:4096jenkins2_ssl_key_store_password- Keystore password.
default:123456jenkins2_ssl_key_store- Full path to keystore file.
default: '{{ jenkins2_home_directory }}/{{ jenkins2_ssl_key_store_name }}'jenkins2_ssl_certificate_provider- Only for Linux os. https://docs.ansible.com/ansible/latest/openssl_certificate_module.html.
default:selfsigned
jenkins2_ca_domain- Certificate domain name.
default:example.comjenkins2_local_pkey_file_name- Private cert name.
default:{{ ansible_hostname }}.ca-pkey.pemjenkins2_local_cert_file_name- Public cert name.
default:{{ ansible_hostname }}.ca-cert.pem
jenkins2_proxy_url- Proxy url for plugins download config
default:''jenkins2_proxy_host- Proxy server host name
default:''jenkins2_proxy_port- Proxy server port
default:0jenkins2_proxy_username- Username for proxy connection
default:''jenkins2_proxy_password- Password for proxy connection
default:''jenkins2_proxy_no_proxy_hosts- Hosts to skip from proxying
default:''
jenkins2_ssh_keys_generate- add ability to generate SSH key pairs under jenkins user
default:falsejenkins2_ssh_keys_private_keyname- private key name
default:id_rsajenkins2_ssh_keys_size- ssh rsa key strength size
default:4096jenkins2_ssh_keys_inv_slave_groupname- slave group name in inventory file
default:jenkins_ssh_slaves
jenkins2_configure_by_casc- Set configuration by JCasC jenkins2_configure_by_groovy should be = false default:truejenkins2_jcasc_directory- Realitive path where JCasC would be search for yaml files default:jcascjenkins2_jcasc_config- Configuration for JCasC that could be copied from the existing config as is and paste into this variable Sometimes configuration that was copied from Jenkins UI isn't applicable to load, it should be tested first
If jenkins2_configure_by_casc was chosen follow configuration shouldn't used:
- Global Tool Configuration
- smtp settings
- jenkins plugins configuration
- credentials configuration
- bitbucket project configuration
- sonarqube configuration
- custom files copy
- Gitlab configuration
- Github configuration
- Jira configuration
- EC2 plugin configuration
- Security and Authorization configuration
- Default `active-directory` plugin configuration
- Default `LDAP` plugin configuration
Use JCasC configuration only! Please see examples of playbooks bellow
jenkins2_configure_by_groovy- Set configuration by groovy, could be used if configuration by groovy is more convenient jenkins2_configure_by_casc should be = false default :false
jenkins2_globaltools_enable- enable autoconfiguration for all global tools
default:falsejenkins2_globaltools_jdk_enable- enable autoconfiguration for JDK
default:truejenkins2_globaltools_jdk_version- list of version for JDK (defined as a list)
default:[]jenkins2_globaltools_jdk_cred_user-username for oracle repository
default:'user'jenkins2_globaltools_jdk_cred_password- password for oracle repository
default:'password'jenkins2_globaltools_jdk_template- JDK configuration template file name without .j2. Do not forget to setup all needed variables for template default:globaltools\jdk.groovyjenkins2_globaltools_maven_enable- enable autoconfiguration for Maven
default:truejenkins2_globaltools_maven_version- list of version for Maven (defined as a list)
default:[]jenkins2_globaltools_maven_template- Maven configuration template file name without .j2. Do not forget to setup all needed variables for template default:globaltools\maven.groovyjenkins2_globaltools_ant_enable- enable autoconfiguration for Ant
default:truejenkins2_globaltools_ant_version- list of version for Ant (defined as a list)
default:[]jenkins2_globaltools_ant_template- Ant configuration template file name without .j2. Do not forget to setup all needed variables for template default:globaltools\ant.groovyjenkins2_globaltools_nodejs_enable- enable autoconfiguration for Node.js
default:truejenkins2_globaltools_nodejs_version- list of version for Node.js (defined as a list)
default:[]jenkins2_globaltools_nodejs_template- Node.js configuration template file name without .j2. Do not forget to setup all needed variables for template default:globaltools\nodejs.groovyjenkins2_globaltools_sonarscanner_enable- enable autoconfiguration for SonarQube Scanner
default:truejenkins2_globaltools_sonarscanner_version- list of version for SonarQube Scanner (defined as a list)
default:[]jenkins2_globaltools_sonarscanner_template- SonarQube Scaner configuration template file name without .j2. Do not forget to setup all needed variables for template default:globaltools\sonarscanner.groovyjenkins2_globaltools_sonarscannermsbuild_enable- enable autoconfiguration for SonarQube Scanner for MSBuild
default:truejenkins2_globaltools_sonarscannermsbuild_version- list of version for SonarQube Scanner for MSBuild (defined as a list)
default:[]jenkins2_globaltools_sonarscannermsbuild_template- SonarQube Scaner for MSBuild configuration template file name without .j2. Do not forget to setup all needed variables for template default:globaltools\sonarscannermsbuild.groovyjenkins2_globaltools_gradle_enable- enable autoconfiguration for Gradle
default:truejenkins2_globaltools_gradle_version- list of version for SonarQube Scanner for Gradle (defined as a list)
default:[]jenkins2_globaltools_gradle_template- Gradle configuration template file name without .j2. Do not forget to setup all needed variables for template default:globaltools\gradle.groovyjenkins2_globaltools_docker_enable- enable autoconfiguration for Docker
default:truejenkins2_globaltools_docker_version- list of version for Docker (defined as a list)
default:[]jenkins2_globaltools_docker_template- Docker configuration template file name without .j2. Do not forget to setup all needed variables for template default:globaltools\docker.groovy
jenkins2_smtp_enabled- to set the smtp configuration
default:truejenkins2_smtp_sysad_email- jenkins admin email
default:[email protected]jenkins2_smtp_user- jenkins admin email
default:[email protected]jenkins2_smtp_password- smtp user password
default:passwordjenkins2_smtp_port- smtp server port
default:587jenkins2_smtp_host- smtp server host name
default:smtp.office365.com
jenkins2_updates_url- URL of the Update Centre. Used as the base URL to download the plugins and the update-center.json JSON file.
default:https://updates.jenkins.iojenkins2_plugins_timeout- plugin installation timeout
default:2000jenkins2_plugins_list- list of plugins (will be merged with suggested list)
default:[]jenkins2_plugins_version- Enable to specifie version numbers. All plugin dependencies must be provided in jenkins2_plugins_dict.
default:falsejenkins2_plugins_install_dependencies- Install plugins dependencies if exact plugins version is not provided.
default:truejenkins2_plugins_dict- dict of plugins used instead of lists if version enabled. Quote the version to prevent the value to be interpreted as float. Example:ssh-slaves: '1.30.0'default:{}
jenkins2_plugins_version: false
jenkins2_credentials_enabled- to add credentials
default:truejenkins2_credentials- credentials map
jenkins2_pipeline_libraries_enabled- to configure Global Pipeline Libraries
default:falsejenkins2_pipeline_libraries_name- Library Name to be used in the @Library annotation
default:Pipeline_Librariesjenkins2_pipeline_libraries_url- URL of remote repository
default:''jenkins2_pipeline_libraries_version- A default version of the library to load if a script does not select another. Might be a branch name, tag, commit hash, etc., according to the SCM.
default:'master'
jenkins2_bitbucket_project_enabled- to configure Bitbucket Team/Project
default:falsejenkins2_bitbucket_project_owner- Name of the Bitbucket Team or Bitbucket User Account. It could be a Bitbucket Project also, if using Bitbucket Server. In this case (Bitbucket Server): Use the project key, not the project name. If using a user account instead of a project, add a "~" character before the username, i.e. "~joe".
default:Bitbucket_Project_Ownerjenkins2_bitbucket_project_repo_regexp- A Java regular expression to restrict the repo names. Repo names that do not match the supplied regular expression will be ignored.
default:''jenkins2_bitbucket_project_discover_branches_strategy- Determines which branches are discovered. 1 - Exclude branches that are also filed as PRs, 2 - Only branches that are also filed as PRs, 3 - All branches.
default:1jenkins2_bitbucket_project_discover_pr_strategy- Determines how pull requests are discovered. 1 - Merging the pull request with the current target branch revision, 2 - The current pull request revision, 3 - Both the current pull request revision and the pull request merged with the current target branch revision.
default:1jenkins2_bitbucket_project_scan_interval- The maximum amount of time since the last indexing that is allowed to elapse before an indexing is triggered. default:60jenkins2_bitbucket_project_autobuild_branches- Matching branches will be triggered automatically.
default:'master|develop|PR-[0-9]+'
jenkins2_sonarqube_enabled- to add SonarQube configuration
default:falsejenkins2_sonarqube_name- SonarQube Name
default:SonarQubejenkins2_sonarqube_url- SonarQube Server URL
default:http://localhost:9000jenkins2_sonarqube_token- SonarQube authentication token. Mandatory when anonymous access is disabled.
default:''jenkins2_sonarqube_maven_plugin- Version of sonar-maven-plugin. If not specified, the goal will be sonar:sonar.
default:''jenkins2_sonarqube_arguments- Additional command line arguments to be passed to the SonarQube scanner. For example, -X.
default:''jenkins2_sonarqube_analysis_properties- Additional analysis properties in the form of key-value pairs. For example, sonar.analysis.mode=issues.
default:''
jenkins2_custom_files_enabled- to copy custom files to Jenkins
default:falsejenkins2_custom_files- map with files parameters
default:log_parser: src: '{{ role_path }}/files/pipeline_error_in_init_console' dest: '{{ jenkins2_home_directory }}' owner: '{{ jenkins2_user }}' group: '{{ jenkins2_user }}' mode: '0755'
jenkins2_gitlab_enabled- to enable gitlab config
default:falsegitlab_external_url- gitlab external url
default:https://localhostjenkins2_gitlab_token_cred- gitlab token ID (from credentials: gitlabtoken in example below)
default:gitlab_token
jenkins2_github_enabled- to enable github config
default:falsegithub_external_url- github external url
default:https://localhostgithub_manage_hooks- manage github hooks
default:truegithub_client_cache_size- github client cache size
default:20jenkins2_github_token_cred- github token ID (from credentials: secrettext in example below)
default:github_token
jenkins2_jira_enabled- to enable jira config
default:falsejenkins2_jira_url- jira url
default:https://jira.example.comjenkins2_jira_alternative_url- jira alternative url
default:https://jira.example.comjenkins2_jira_use_http_auth- This option forces Jenkins to connect to JIRA using HTTP Basic Authentication, instead of logging in over RPC
default:truejenkins2_jira_support_wiki_notation- if true JIRA supports Wiki notations in comments. When true, Jenkins will post comments that take advantage of the Wiki notation. If false, Jenkins will only post plain-text comments
default:truejenkins2_jira_record_scm_changes- If true, scm changes will be recorded in JIRA : link to the scm repository browser and paths changes
default:falsejenkins2_jira_disable_changelog_annotations- Disable creating JIRA hyperlinks in the changeset
default:falsejenkins2_jira_issue_pattern- You can define your own pattern to search for JIRA issue ids in the SCM logs
default:PATTERN.*jenkins2_jira_update_relevant_issues- If false, issues will be only updated if the build is SUCCESSful or UNSTABLE. If true, related JIRA issues will be always updated, regardless of the build result
default:truejenkins2_jira_credentials_id- Jenkins credentials ID for jira
default:jirauserjenkins2_jira_connection_timeout- Connection timeout for JIRA REST API calls (in seconds)
default:10jenkins2_jira_read_timeout- Read timeout for JIRA REST API calls (in seconds)
default:30jenkins2_jira_thread_executor_size- Size of the Thread Pool Executor to query Jira
default:10jenkins2_jira_visible_for_group- Enter the name of the JIRA group that has permission to view the comment, leave the field empty to make the comment available to all JIRA users
default: ``jenkins2_jira_visible_for_project_role- Enter the name of the JIRA project role that has permission to view the comment, leave the field empty to make the comment available to all JIRA users
default: ``jenkins2_jira_add_timestamps_for_comments- If true, SCM change entries date and time will be recorded in JIRA
default:truejenkins2_jira_timestamp_format- See javadoc for SimpleDateFormat for help. If not set, DateFormat.SHORT for the current locale will be used.
default:EEE, d MMM yyyy HH:mm:ss Z
jenkins2_permissive_script_enabled-enable permissive script security.
default:true
More info about DSL https://jenkinsci.github.io/job-dsl-plugin/ https://github.com/jenkinsci/job-dsl-plugin
jenkins2_seed_job_enable- enable jenkins seed job
default:falsejenkins2_seed_job_template- DSL template file name without .j2. Do not forget to setup all needed variables for template For default template need following variables: gitlab_external_url, gitlab_project_group, gitlab_project_name, ci_test_jenkins_slave_label, feature_verification_jenkins_slave_label
default:dsl_hybris_create_job.groovyjenkins2_seed_job_ignore_existing- to ignore existing jobs and do not rewrite them
default:truejenkins2_seed_job_name- Jenkins seed job name
default:'seed_job'
Use variable jenkins2_credentials to set properties of credentials
- aws_access_key
- aws_secret_key
- gitlab_master_password
- gitlab_master_username
- gitlab_master_token
- github_master_token
jenkins2_credentials_enabled: true # Set false to disable credentials configuration
jenkins2_credentials:
slave:
type: 'password'
id: 'ci_slave'
description: 'credentials for jenkins slave'
username: 'user'
password: 'password'
jira:
type: 'password'
id: 'jirauser'
description: 'username and password for jira'
username: 'jiraUser'
password: 'JiraUserPassword'
pipeline_libraries:
type: 'password'
id: 'pipeline_libraries'
description: 'username and password for pipeline libraries'
username: 'pipelineLibrariesUser'
password: 'pipelineLibrariesPassword'
sshconnection:
type: 'key'
keySource: 0
key: >
-----BEGIN RSA PRIVATE KEY-----
Here could be placed your private key,
but we strongly recommend keeping private keys in vault service,
like Ansible-vault or Hashicorp-vault, e.t.c
-----END RSA PRIVATE KEY-----
id: 'sshagent'
username: 'hybris'
passphrase: ''
description: 'credentials for hybris user to connect remotely'
cidbsysuser:
type: 'password'
id: 'ciDBsysUser'
description: 'sys user for CI db'
username: 'root'
password: 'Qwerty_123'
fqa1dbuser:
type: 'password'
id: 'fqa1DBuser'
description: 'fqa1 DB user'
username: 'fqa1user'
password: 'fqa1password'
dbtempuser:
type: 'password'
id: 'tempDBuser'
description: 'DB user for datacut'
username: 'DB_TEMP'
password: 'DB_TEMP'
gitlab_creds:
type: 'password'
id: 'GIT_CREDENTIALS'
description: 'gitlab credentials username with password'
username: '{{ gitlab_master_username | default("admin") }}'
password: '{{ gitlab_master_password | default("password") }}'
jenkinshttpconnectionuser:
type: 'password'
id: 'Jenkins_http_connection'
description: 'for connection via jenkins cli; used for pipeline syntax check'
username: '{{ jenkins2_cli_username }}'
password: '{{ jenkins2_cli_password }}'
gitlabusertoken:
type: 'password'
id: 'GIT_CREDENTIALS_TOKEN'
description: 'to use with GL10.2+ but could be used with earlier versions'
username: '{{ gitlab_master_username | default("admin") }}'
password: '{{ gitlab_master_token | default("ToKen12345") }}'
aws_credentials:
type: 'password'
id: 'AWS_CREDENTIALS'
description: 'for operations in AWS'
username: '{{ aws_access_key | default("AWSaccessKey") }}'
password: '{{ aws_secret_key | default("AWSsecretKey") }}'
gitlabtoken:
type: 'gitlabtoken'
id: 'gitlab_token'
description: 'gitlab connection with token'
token: '{{ gitlab_master_token | default("ToKen12345") }}'
githubtoken:
type: 'secrettext'
id: 'github_token'
description: 'GiHub connection with token'
token: '{{ github_master_token | default("ToKen12345") }}'
aws_ec2_credentials:
type: 'aws_creds'
id: 'AWS_EC2_CREDS'
description: 'for ec2 plugin to create ec2 for slave instances'
access_key: '{{ aws_access_key | default("AWSaccessKey") }}'
sec_key: '{{ aws_secret_key | default("AWSsecretKey") }}'
bitbucket_project:
type: 'password'
id: 'bitbucket_project'
description: 'username and password for bitbucket project'
username: 'bitbucketProjectUser'
password: 'bitbucketProjectPassword'type has available options:
key- if you want to configure SSH Private keypassword- if you want to configure username/password bundlegitlabtoken- if you want to configure gitlab token (need gitlab plugin to be installed)aws_creds- if you want to configure ec2 creds (need ec2 plugin to be installed)secrettext- if you want to configure the secret text kind token (used by the GITHUB plugin, token should be registered with scopes "admin:repo_hook", "repo", "repo:status")
keySource specifies method of private key providing:
0- DirectEntryPrivateKeySource. If this value is set you need to place your private key to variablekeyin plain text.1- FileOnMasterPrivateKeySource. If this value is set you need to place absolute path to your private key to variablekey.2- UsersPrivateKeySource. If this value is set Jenkins will use default private keys from~/.ssh.
jenkins2_ec2_enable- enable jenkins ec2 plugin configure https://wiki.jenkins.io/display/JENKINS/Amazon+EC2+Plugin
default:false
jenkins2_ec2_cloud_parameters:
cloud_name: 'AWS_cloud'
credentials_id: 'AWS_EC2_CREDS'
ssh_keys_credentials_id: 'SSH_CREDS'
instance_cap_str: '2'
private_key: |
-----BEGIN RSA PRIVATE KEY-----
Here could be placed your private key,
but we strongly recommend keeping private keys in vault service,
like Ansible-vault or Hashicorp-vault, e.t.c
-----END RSA PRIVATE KEY-----
region: 'us-east-1'
use_instance_profile_for_credentials: false
role_arn: ''
role_session_name: ''
jenkins2_ec2_ami_list:
ci_ami:
ami: 'ami-AAAAAAAA'
associatePublicIp: false
connectBySSHProcess: true
connectUsingPublicIp: false
customDeviceMapping: ''
deleteRootOnTermination: true
description: 'Jenkins slave for CI'
ebsOptimized: false
iamInstanceProfile: ''
idleTerminationMinutes: '5'
initScript: ''
instanceCapStr: '5'
jvmopts: ''
labelString: 'ci_slaves'
launchTimeoutStr: ''
numExecutors: '1'
remoteAdmin: 'ec2-user'
remoteFS: '/opt/jenkins'
securityGroups: 'sg-11111111'
stopOnTerminate: false
subnetId: 'subnet-SSSSSSSS'
tags:
- {name: 'Name', value: 'CI Slave'}
- {name: 'Name2', value: 'CI2 Slave'}
tmpDir: ''
type: 't2.medium'
useEphemeralDevices: true
usePrivateDnsName: true
userData: ''
zone: 'us-east-1a,us-east-1b'
monitoring: false
SpotConfiguration:
enabled: true
useBidPrice: true
spotMaxBidPrice: '0.0139'
spotBlockReservationDuration: '0'
fallbackToOndemand: false
t2Unlimited: false
fv_ami:
ami: 'ami-BBBBBBBB'
associatePublicIp: false
connectBySSHProcess: true
connectUsingPublicIp: false
customDeviceMapping: ''
deleteRootOnTermination: true
description: 'Jenkins slave for FV'
ebsOptimized: false
iamInstanceProfile: ''
idleTerminationMinutes: '5'
initScript: ''
instanceCapStr: '5'
jvmopts: ''
labelString: 'ci_slaves'
launchTimeoutStr: ''
numExecutors: '1'
remoteAdmin: 'ec2-user'
remoteFS: '/opt/jenkins'
securityGroups: 'sg-11111111'
stopOnTerminate: false
subnetId: 'subnet-SSSSSSSS'
tags:
- {name: 'Name', value: 'FV Slave'}
tmpDir: ''
type: 't2.medium'
useEphemeralDevices: true
usePrivateDnsName: true
userData: ''
zone: 'us-east-1a,us-east-1b'
monitoring: false
SpotConfiguration:
enabled: false
useBidPrice: true
spotMaxBidPrice: '0.0139'
spotBlockReservationDuration: '0'
fallbackToOndemand: false
t2Unlimited: false-
jenkins2_security_enable: enable Jenkins security.
default:true -
jenkins2_security_realm: Select type of Jenkins security. Avaible:basic,ldap,active-directorydefault:'basic'jenkins2_active_directory_domain_name: 'domain.com' jenkins2_active_directory_domain_controller: 'server.domain.com:3268' jenkins2_active_directory_site: 'null' jenkins2_active_directory_bind_name: '[email protected]' jenkins2_active_directory_bind_pass: 'password' jenkins2_active_directory_start_tls: true jenkins2_active_directory_remove_irrelevant_groups: false
jenkins2_ldap_server: 'ldap.server.com:3268' jenkins2_ldap_root_dn: 'dc=server,dc=com' jenkins2_ldap_user_search_base: '' jenkins2_ldap_user_search: 'mail={0}' jenkins2_ldap_group_search_base: '' jenkins2_ldap_group_search_filter: '' jenkins2_ldap_group_membership_filter: 'null' jenkins2_ldap_manager_dn: 'CN=User,OU=Auto Users,OU=Service,OU=Managed by Enterprise Admins,DC=server,DC=com' jenkins2_ldap_manager_password: 'Pa$$word' jenkins2_ldap_inhibit_infer_root_dn: true jenkins2_ldap_disable_mail_address_resolver: false jenkins2_ldap_display_name_attribute_name: 'displayname' jenkins2_ldap_mail_address_attribute_name: 'mail'
-
jenkins2_authorization_strategy_configure: enable authorization strategy configuration
default:true -
jenkins2_authorization_strategy: type of authorization strategy. Available:logged-in,matrix-based
default:"logged-in" -
jenkins2_authorization_strategy_logged_in_allow_anonymous_read: allow anonymous read access
default:false
=======
-
jenkins2_ssh_keys_slave_hosts - dict that describes slave hosts with remote ssh users, ex:
jenkins2_ssh_keys_slave_hosts:
- host: test-jenkins-s1
users:
- user1
- user2
vars: jenkins2_ssh_keys_slave_hosts: - {host: 'test-jenkins-s1', users: ['user1', 'user2']}
- host: test-jenkins-s1
users:
NOTE: - Please use reserved word for vars way - Please use <jenkins_ssh_user> reserved word for inventory way
[jenkins] server.example.com
[jenkins_ssh_slaves] slave1.example.com slave2.example.com
- name: Install and Configure Jenkins
hosts: jenkins
vars:
jenkins2_ssh_keys_generate: true
jenkins2_ssh_keys_slave_hosts:
- {host: 'slave1.example.com', users: ['root', 'jenkins']}
- {host: 'slave2.example.com', users: ['root', 'jenkins']}
roles:
- role: lean_delivery.java
java_distribution: openjdk
java_major_version: 11
transport: repositories
- role: lean_delivery.jenkinsApache
authors:
- Lean Delivery Team [email protected]