1. Patchew
  2. Libvirt
  3. [libvirt] [jenkins-ci PATCH 0/3] guests: Various cleanups
  4. View patch

[libvirt] [jenkins-ci PATCH 1/3] guests: Configure Jenkins agent based on secret availability

Andrea Bolognani posted 3 patches 7 years, 10 months ago
[libvirt] [jenkins-ci PATCH 1/3] guests: Configure Jenkins agent based on secret availability
Posted by Andrea Bolognani 7 years, 10 months ago 
We're going to remove the 'jenkins' pseudo-project from the list
of per-guest projects soon, so we need another way of deciding
whether to install and configure the Jenkins agent.

The availability of the Jenkins secret in the vault is a perfect
candidate, and using it improves things in general because we can
now store the information about which guests are part of the
Jenkins setup in a single place instead of duplicating it.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 guests/site.yml          | 3 ---
 guests/tasks/jenkins.yml | 7 +++++++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/guests/site.yml b/guests/site.yml
index 5f69cfd..8d32561 100644
--- a/guests/site.yml
+++ b/guests/site.yml
@@ -32,6 +32,3 @@
     - include: tasks/jenkins.yml
       when:
         - flavor == 'jenkins'
-        - projects is defined
-        # jenkins is a pseudo-project
-        - ( 'jenkins' in projects )
diff --git a/guests/tasks/jenkins.yml b/guests/tasks/jenkins.yml
index 94c2404..10aeec7 100644
--- a/guests/tasks/jenkins.yml
+++ b/guests/tasks/jenkins.yml
@@ -6,6 +6,8 @@
 - name: Look up Jenkins secret
   set_fact:
     jenkins_secret: '{{ vault.jenkins_secrets[inventory_hostname] }}'
+  when:
+    - vault.jenkins_secrets[inventory_hostname] is defined
 
 - name: Download Jenkins agent
   get_url:
@@ -14,6 +16,8 @@
     owner: jenkins
     group: jenkins
     force: yes
+  when:
+    - jenkins_secret is defined
 
 - name: Configure and enable Jenkins agent
   lineinfile:
@@ -24,6 +28,7 @@
     line: "nohup {{ su }} - jenkins -c '{{ java }} -jar /home/jenkins/slave.jar -jnlpUrl \"{{ jenkins_url }}\" -secret \"{{ jenkins_secret }}\"' >/var/log/jenkins.log 2>&1 &"
     insertbefore: '^exit .*$'
   when:
+    - jenkins_secret is defined
     - ansible_service_mgr != 'systemd'
 
 - name: Configure Jenkins agent
@@ -31,6 +36,7 @@
     src: templates/jenkins.service.j2
     dest: /etc/systemd/system/jenkins.service
   when:
+    - jenkins_secret is defined
     - ansible_service_mgr == 'systemd'
 
 - name: Enable Jenkins agent
@@ -39,4 +45,5 @@
     enabled: yes
     daemon_reload: yes
   when:
+    - jenkins_secret is defined
     - ansible_service_mgr == 'systemd'
-- 
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [jenkins-ci PATCH 1/3] guests: Configure Jenkins agent based on secret availability
Posted by Pavel Hrdina 7 years, 10 months ago 
On Tue, Mar 20, 2018 at 05:23:58PM +0100, Andrea Bolognani wrote:
> We're going to remove the 'jenkins' pseudo-project from the list
> of per-guest projects soon, so we need another way of deciding
> whether to install and configure the Jenkins agent.
> 
> The availability of the Jenkins secret in the vault is a perfect
> candidate, and using it improves things in general because we can
> now store the information about which guests are part of the
> Jenkins setup in a single place instead of duplicating it.
> 
> Signed-off-by: Andrea Bolognani <abologna@redhat.com>
> ---
>  guests/site.yml          | 3 ---
>  guests/tasks/jenkins.yml | 7 +++++++
>  2 files changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/guests/site.yml b/guests/site.yml
> index 5f69cfd..8d32561 100644
> --- a/guests/site.yml
> +++ b/guests/site.yml
> @@ -32,6 +32,3 @@
>      - include: tasks/jenkins.yml
>        when:
>          - flavor == 'jenkins'
> -        - projects is defined
> -        # jenkins is a pseudo-project
> -        - ( 'jenkins' in projects )
> diff --git a/guests/tasks/jenkins.yml b/guests/tasks/jenkins.yml
> index 94c2404..10aeec7 100644
> --- a/guests/tasks/jenkins.yml
> +++ b/guests/tasks/jenkins.yml
> @@ -6,6 +6,8 @@
>  - name: Look up Jenkins secret
>    set_fact:
>      jenkins_secret: '{{ vault.jenkins_secrets[inventory_hostname] }}'
> +  when:
> +    - vault.jenkins_secrets[inventory_hostname] is defined
>  
>  - name: Download Jenkins agent
>    get_url:
> @@ -14,6 +16,8 @@
>      owner: jenkins
>      group: jenkins
>      force: yes
> +  when:
> +    - jenkins_secret is defined
>  
>  - name: Configure and enable Jenkins agent
>    lineinfile:
> @@ -24,6 +28,7 @@
>      line: "nohup {{ su }} - jenkins -c '{{ java }} -jar /home/jenkins/slave.jar -jnlpUrl \"{{ jenkins_url }}\" -secret \"{{ jenkins_secret }}\"' >/var/log/jenkins.log 2>&1 &"
>      insertbefore: '^exit .*$'
>    when:
> +    - jenkins_secret is defined
>      - ansible_service_mgr != 'systemd'
>  
>  - name: Configure Jenkins agent
> @@ -31,6 +36,7 @@
>      src: templates/jenkins.service.j2
>      dest: /etc/systemd/system/jenkins.service
>    when:
> +    - jenkins_secret is defined
>      - ansible_service_mgr == 'systemd'
>  
>  - name: Enable Jenkins agent
> @@ -39,4 +45,5 @@
>      enabled: yes
>      daemon_reload: yes
>    when:
> +    - jenkins_secret is defined
>      - ansible_service_mgr == 'systemd'

Would it be possible to create a group of tasks that should be run
only if "jenkins_secret is defined" and guard the whole group with
that check?

Pavel
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [jenkins-ci PATCH 1/3] guests: Configure Jenkins agent based on secret availability
Posted by Andrea Bolognani 7 years, 10 months ago 
On Wed, 2018-03-21 at 15:52 +0100, Pavel Hrdina wrote:
> >  - name: Enable Jenkins agent
> > @@ -39,4 +45,5 @@
> >      enabled: yes
> >      daemon_reload: yes
> >    when:
> > +    - jenkins_secret is defined
> >      - ansible_service_mgr == 'systemd'
> 
> Would it be possible to create a group of tasks that should be run
> only if "jenkins_secret is defined" and guard the whole group with
> that check?

We could use blocks:

  http://docs.ansible.com/ansible/latest/playbooks_blocks.html

However, we're not using that feature anywhere and we might want
to use the 'name' keyword introduced in 2.3 along with it, so I
would skip this change for now and apply it more widely as part
of the port to Ansible 2.4.

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [jenkins-ci PATCH 1/3] guests: Configure Jenkins agent based on secret availability
Posted by Pavel Hrdina 7 years, 10 months ago 
On Wed, Mar 21, 2018 at 04:08:26PM +0100, Andrea Bolognani wrote:
> On Wed, 2018-03-21 at 15:52 +0100, Pavel Hrdina wrote:
> > >  - name: Enable Jenkins agent
> > > @@ -39,4 +45,5 @@
> > >      enabled: yes
> > >      daemon_reload: yes
> > >    when:
> > > +    - jenkins_secret is defined
> > >      - ansible_service_mgr == 'systemd'
> > 
> > Would it be possible to create a group of tasks that should be run
> > only if "jenkins_secret is defined" and guard the whole group with
> > that check?
> 
> We could use blocks:
> 
>   http://docs.ansible.com/ansible/latest/playbooks_blocks.html
> 
> However, we're not using that feature anywhere and we might want
> to use the 'name' keyword introduced in 2.3 along with it, so I
> would skip this change for now and apply it more widely as part
> of the port to Ansible 2.4.

Works for me.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-8c64711

© 2016 - 2026 Red Hat, Inc.