jenkinsbox.yml

---
# This playbook should be executed using 
# ansible-playbook jenkinsbox.yml
# command
# Developed for ansible version >= 1.7
- hosts: CHANGE_ME
  gather_facts: no
  remote_user: root

  vars:
    project_name: CHANGE_ME

    pear_channels:
      - pear.drush.org
    pear_packages:
      - drush/drush
    cibox_apt_packages: []
    apache2_modules:
      - rewrite

    jenkins_configs:
      - jenkins.model.JenkinsLocationConfiguration.xml
      - org.jenkinsci.plugins.ghprb.GhprbTrigger.xml
      - jobs/{{ project_name }}_PR_BUILDER/config.xml
      - jobs/DEMO/config.xml
    
    protected_folders:
      - /var/www/backup
      - /var/www/cache
    protected_folders_user: propeople
    protected_folders_pass: givemebackup
    cibox_ssl_enable_host: true
    php_apc_enabled_in_ini: true

  roles:
    - { role: cibox-swap, tags: ["cibox-swap"], when: ansible_virtualization_type != "openvz" }
    - { role: cibox-misc, tags: ["misc"] }
    - { role: ansible-role-php, tags: ["php-stack"] }
    - { role: ansible-php-pear, tags: ["ansible-php-pear", "php-stack"] }
    - { role: ansible-role-php-xhprof, tags: ["ansible-php-xhprof", "php-stack"] }
    - { role: ansible-composer, tags: ["ansible-composer", "php-stack"] }
    - { role: ansible-role-mysql, tags: ["mysql", "php-stack", "ansible-role-mysql"] }
    - { role: cibox-jenkins, tags: ["cibox-jenkins"] }
    - { role: cibox-jetty-solr, tags: ["cibox-jetty-solr"] }
    - { role: cibox-sniffers, tags: ["cibox-sniffers", "php-stack"] }
    - { role: cibox-mysql-config, tags: ["mysql", "php-stack", "cibox-mysql-config"] }
    - { role: cibox-ssl-config, tags: ["apache", "php-stack", "ssl", "cibox-ssl-config"] }
    - { role: cibox-behat-selenium2, tags: ["cibox-behat-selenium", "behat-selenium"] }

  pre_tasks:
  - name: Update apt cache
    sudo: yes
    apt: update_cache=yes
    ignore_errors: yes
    tags:
      - php-stack
      - mysql
      - apache

  - name: Setup initial packages onto clean system for ansible
    sudo: yes
    # Installing sudo on small ubuntu install.
    raw: "apt-get -y install python-simplejson sudo curl"

  - name: Fixing logger not found
    sudo: yes
    shell: "apt-get --reinstall install -y bsdutils"

  - name: Setup - get environment data for later usage
    setup:
    register: allmy
    tags:
      - cibox-jenkins

  - name: Adding jenkins user to group shadow
    user: name=jenkins groups=shadow append=yes
    tags:
      - cibox-jenkins

  - name: Adding jenkins user to group adm
    user: name=jenkins groups=adm append=yes
    tags:
      - cibox-jenkins

  - name: Adding jenkins user to nopasswd sudoers
    lineinfile: dest=/etc/sudoers line="jenkins ALL=(ALL) NOPASSWD:ALL"
    tags:
      - cibox-jenkins

  - name: Install apt packages
    apt: name={{ item }} state=present
    with_items: cibox_apt_packages
    tags:
      - php-stack
      - mysql
      - apache

    # We have to disable mail sending from CI box.
    # Does not create a link if sendmail is installed.
  - name: Check for sendmail.
    file: path=/usr/sbin/sendmail src=/bin/true state=link force=no
    tags:
      - php-stack
      - mysql
      - apache

  - name: Create ansible config directory
    sudo: yes
    file: path=/etc/ansible state=directory mode=775
    tags:
      - php-stack
      - mysql
      - apache

  tasks:
    # @todo More smart way to upload jobs. Move job names to options.
  - name: Check if job already renamed.
    stat: path=/var/lib/jenkins/jobs/{{ project_name }}_PR_BUILDER
    register: prbuilder_stat
    tags:
      - cibox-jenkins

  - name: Copy local files for enabling jenkins permissions
    sudo: yes
    synchronize: src=files/jenkins/ dest=/var/lib/jenkins recursive=yes archive=no
    when: prbuilder_stat.stat.exists == false
    tags:
      - cibox-jenkins

  - name: Change owner for jenkins files.
    file: path=/var/lib/jenkins owner=jenkins group=jenkins force=yes recurse=yes state=directory
    tags:
      - cibox-jenkins

  - name: Rename jenkins jobs to meet project name.
    sudo: yes
    shell: "mv /var/lib/jenkins/jobs/PR_BUILDER /var/lib/jenkins/jobs/{{ project_name }}_PR_BUILDER"
    when: prbuilder_stat.stat.exists == false
    tags:
      - cibox-jenkins

  - name: Remove PR_BUILDER from remote.
    sudo: yes
    file: path=/var/lib/jenkins/jobs/PR_BUILDER state=absent
    when: prbuilder_stat.stat.exists == true
    tags:
      - cibox-jenkins
    # end of @todo More smart way to upload jobs. Move job names to options.

  - name: Change host IP address in jenkins configs
    replace: dest=/var/lib/jenkins/{{ item }} regexp='ci_server_ip_address' replace={{ allmy.ansible_facts.ansible_default_ipv4.address }}
    with_items: jenkins_configs
    tags:
      - cibox-jenkins

  - name: apt-get update
    apt: update_cache=yes
    ignore_errors: yes
    tags:
      - php-stack
      - mysql
      - apache

  - name: Apache2 modules
    apache2_module: state=present name={{ item }}
    with_items: apache2_modules
    tags:
      - apache
      - php-stack
    notify: Restart apache

  - name: Copy apache vhost file
    synchronize: src=files/sites-enabled/000-default.conf dest=/etc/apache2/sites-enabled/000-default.conf
    sudo: yes
    tags:
      - apache
      - php-stack
    notify: Restart apache

  - name: Starting random rnd-tools service
    sudo: yes
    shell: rngd -r /dev/urandom
    when: ansible_virtualization_type != "openvz"

  - name: Create protected folders
    file: path={{ item }} owner=www-data group=jenkins state=directory
    with_items: protected_folders

  - name: Copy .htaccess to the protected folders
    synchronize: src=files/backup-folder/.htaccess dest={{ item }}/.htaccess
    with_items: protected_folders

  - name: Generate .htpasswd in protected folders
    htpasswd: path={{ item }}/.htpasswd name={{ protected_folders_user }} password={{ protected_folders_pass }}
    with_items: protected_folders

  handlers:
  - name: Restart apache
    service: name=apache2 state=restarted
    tags:
      - mysql
      - apache
      - php-stack