subject:"\[libvirt\] \[libvirt\-jenkins\-ci PATCH v2 16\/16\] ansible\: Install and configure Jenkins agent"

Re: [libvirt] [libvirt-jenkins-ci PATCH v2 16/16] ansible: Install and configure Jenkins agent

2017-10-09 Thread Andrea Bolognani

On Mon, 2017-10-09 at 11:38 +0100, Daniel P. Berrange wrote:
> On Fri, Oct 06, 2017 at 02:48:52PM +0200, Andrea Bolognani wrote:
> > The agent is downloaded and configured to start at boot. The
> > secrets needed to prove the workers' identity to the Jenkins server
> > are stored inside Ansible vaults.
> > 
> > Signed-off-by: Andrea Bolognani 
> 
> > diff --git a/ansible/host_vars/libvirt-centos-6/vault.yml 
> > b/ansible/host_vars/libvirt-centos-6/vault.yml
> > new file mode 100644
> > index 000..2522a28
> > --- /dev/null
> > +++ b/ansible/host_vars/libvirt-centos-6/vault.yml
> > @@ -0,0 +1,10 @@
> > +$ANSIBLE_VAULT;1.1;AES256
> > +33376164643732313335383930346630343432643939303864313631353063636663663634616638
> > +3062306563323630653033656231373634363932336331620a383065336664343663346562353862
> > +64616131656633653338316232303562363632643530313961316130303335626235653430326530
> > +3566363365323830660a363063623035333231396337393537626161363634313637323563643161
> > +36613030333563363630363730656238646138306236643937623266646639616130343734313566
> > +61356165383464323434333836333030336464326436373731313439626161653931626431343665
> > +3030623633313334656430636363366132323132323039356264636465333630653335396662
> > +38356334386337386135343463323233666432326361656438333961303237353562656339623264
> > +3765
> 
> What is this data & how was it generated ? How is it decrypted ? Presumably
> there's some local key we're not publishing ?

It just contains the secret used by the Jenkins agent to authenticate
with the Jenkins server. Each of the files look like

  ---
  vault_jenkins_secret: "IT'S A SECRET TO EVERYBODY"

once decrypted; the main variables file for the host references the
encrypted variable with

  jenkins_secret: '{{ vault_jenkins_secret }}'

so there is a visible trail to the vaulted variable, and only the
jenkins_secret variable is used anywhere else as per best practices.

The file was created and can be edited using ansible-vault; the vault
password is retrieved automatically from the user's home directory
thanks to the line

  vault_password_file = ~/.ansible/libvirt-jenkins-ci.vault-password

being present in the ansible.cfg file. I have already transmitted
the vault password using an encrypted side-channel :)

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [libvirt-jenkins-ci PATCH v2 16/16] ansible: Install and configure Jenkins agent

2017-10-09 Thread Daniel P. Berrange

On Fri, Oct 06, 2017 at 02:48:52PM +0200, Andrea Bolognani wrote:
> The agent is downloaded and configured to start at boot. The
> secrets needed to prove the workers' identity to the Jenkins server
> are stored inside Ansible vaults.
> 
> Signed-off-by: Andrea Bolognani 


> diff --git a/ansible/host_vars/libvirt-centos-6/vault.yml 
> b/ansible/host_vars/libvirt-centos-6/vault.yml
> new file mode 100644
> index 000..2522a28
> --- /dev/null
> +++ b/ansible/host_vars/libvirt-centos-6/vault.yml
> @@ -0,0 +1,10 @@
> +$ANSIBLE_VAULT;1.1;AES256
> +33376164643732313335383930346630343432643939303864313631353063636663663634616638
> +3062306563323630653033656231373634363932336331620a383065336664343663346562353862
> +64616131656633653338316232303562363632643530313961316130303335626235653430326530
> +3566363365323830660a363063623035333231396337393537626161363634313637323563643161
> +36613030333563363630363730656238646138306236643937623266646639616130343734313566
> +61356165383464323434333836333030336464326436373731313439626161653931626431343665
> +3030623633313334656430636363366132323132323039356264636465333630653335396662
> +38356334386337386135343463323233666432326361656438333961303237353562656339623264
> +3765

What is this data & how was it generated ? How is it decrypted ? Presumably
there's some local key we're not publishing ?


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [libvirt-jenkins-ci PATCH v2 16/16] ansible: Install and configure Jenkins agent

2017-10-06 Thread Andrea Bolognani

The agent is downloaded and configured to start at boot. The
secrets needed to prove the workers' identity to the Jenkins server
are stored inside Ansible vaults.

Signed-off-by: Andrea Bolognani 
---
 ansible/ansible.cfg|  1 +
 ansible/group_vars/all/main.yml|  2 +
 ansible/host_vars/libvirt-centos-6/main.yml|  3 ++
 ansible/host_vars/libvirt-centos-6/vault.yml   | 10 
 ansible/host_vars/libvirt-centos-7/main.yml|  3 ++
 ansible/host_vars/libvirt-centos-7/vault.yml   | 10 
 ansible/host_vars/libvirt-debian-8/main.yml|  3 ++
 ansible/host_vars/libvirt-debian-8/vault.yml   | 10 
 ansible/host_vars/libvirt-debian-9/main.yml|  3 ++
 ansible/host_vars/libvirt-debian-9/vault.yml   | 10 
 ansible/host_vars/libvirt-fedora-25/main.yml   |  3 ++
 ansible/host_vars/libvirt-fedora-25/vault.yml  | 10 
 ansible/host_vars/libvirt-fedora-26/main.yml   |  3 ++
 ansible/host_vars/libvirt-fedora-26/vault.yml  | 10 
 ansible/host_vars/libvirt-fedora-rawhide/main.yml  |  3 ++
 ansible/host_vars/libvirt-fedora-rawhide/vault.yml | 10 
 ansible/host_vars/libvirt-freebsd-10/main.yml  |  3 ++
 ansible/host_vars/libvirt-freebsd-10/vault.yml | 10 
 ansible/host_vars/libvirt-freebsd-11/main.yml  |  3 ++
 ansible/host_vars/libvirt-freebsd-11/vault.yml | 10 
 ansible/host_vars/libvirt-ubuntu-12/main.yml   |  3 ++
 ansible/host_vars/libvirt-ubuntu-12/vault.yml  |  8 +++
 ansible/host_vars/libvirt-ubuntu-14/main.yml   |  3 ++
 ansible/host_vars/libvirt-ubuntu-14/vault.yml  |  8 +++
 ansible/host_vars/libvirt-ubuntu-16/main.yml   |  3 ++
 ansible/host_vars/libvirt-ubuntu-16/vault.yml  |  8 +++
 ansible/site.yml   |  7 +++
 ansible/tasks/jenkins.yml  | 59 ++
 ansible/templates/jenkins.service.j2   | 14 +
 ansible/vars/mappings.yml  |  8 +++
 ansible/vars/projects/jenkins.yml  |  3 ++
 31 files changed, 244 insertions(+)
 create mode 100644 ansible/host_vars/libvirt-centos-6/vault.yml
 create mode 100644 ansible/host_vars/libvirt-centos-7/vault.yml
 create mode 100644 ansible/host_vars/libvirt-debian-8/vault.yml
 create mode 100644 ansible/host_vars/libvirt-debian-9/vault.yml
 create mode 100644 ansible/host_vars/libvirt-fedora-25/vault.yml
 create mode 100644 ansible/host_vars/libvirt-fedora-26/vault.yml
 create mode 100644 ansible/host_vars/libvirt-fedora-rawhide/vault.yml
 create mode 100644 ansible/host_vars/libvirt-freebsd-10/vault.yml
 create mode 100644 ansible/host_vars/libvirt-freebsd-11/vault.yml
 create mode 100644 ansible/host_vars/libvirt-ubuntu-12/vault.yml
 create mode 100644 ansible/host_vars/libvirt-ubuntu-14/vault.yml
 create mode 100644 ansible/host_vars/libvirt-ubuntu-16/vault.yml
 create mode 100644 ansible/tasks/jenkins.yml
 create mode 100644 ansible/templates/jenkins.service.j2
 create mode 100644 ansible/vars/projects/jenkins.yml

diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
index ca02677..2055540 100644
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -6,3 +6,4 @@ log_path = ./log
 nocows = 1
 pipelining = True
 squash_actions = package
+vault_password_file = ~/.ansible/libvirt-jenkins-ci.vault-password
diff --git a/ansible/group_vars/all/main.yml b/ansible/group_vars/all/main.yml
index e8d3cb6..81b7d43 100644
--- a/ansible/group_vars/all/main.yml
+++ b/ansible/group_vars/all/main.yml
@@ -1,6 +1,8 @@
 ---
 ansible_user: root
 
+jenkins_url: https://ci.centos.org/computer/{{ inventory_hostname 
}}/slave-agent.jnlp
+
 # Paths to various command. Can be overridden on a per-host basis
 bash: /bin/bash
 java: /usr/bin/java
diff --git a/ansible/host_vars/libvirt-centos-6/main.yml 
b/ansible/host_vars/libvirt-centos-6/main.yml
index e959ecc..f6b64f3 100644
--- a/ansible/host_vars/libvirt-centos-6/main.yml
+++ b/ansible/host_vars/libvirt-centos-6/main.yml
@@ -1,7 +1,10 @@
 ---
 projects:
   - base
+  - jenkins
   - libvirt
   - libvirt-cim
   - libvirt-perl
   - libvirt-python
+
+jenkins_secret: '{{ vault_jenkins_secret }}'
diff --git a/ansible/host_vars/libvirt-centos-6/vault.yml 
b/ansible/host_vars/libvirt-centos-6/vault.yml
new file mode 100644
index 000..2522a28
--- /dev/null
+++ b/ansible/host_vars/libvirt-centos-6/vault.yml
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+33376164643732313335383930346630343432643939303864313631353063636663663634616638
+3062306563323630653033656231373634363932336331620a383065336664343663346562353862
+64616131656633653338316232303562363632643530313961316130303335626235653430326530
+3566363365323830660a363063623035333231396337393537626161363634313637323563643161
+36613030333563363630363730656238646138306236643937623266646639616130343734313566
+61356165383464323434333836333030336464326436373731313439626161653931626431343665

Re: [libvirt] [libvirt-jenkins-ci PATCH v2 16/16] ansible: Install and configure Jenkins agent

Re: [libvirt] [libvirt-jenkins-ci PATCH v2 16/16] ansible: Install and configure Jenkins agent

[libvirt] [libvirt-jenkins-ci PATCH v2 16/16] ansible: Install and configure Jenkins agent

3 matches

Site Navigation

Mail list logo

Footer information