Closed rvagg closed 6 years ago
host_vars setup for non-infra non-jenkins-admins people—you need Jenkins secrets in host_vars in order to fully run the scripts across hosts, build/test people should probably have an easier way to get these & set it up (I think?)
Having a web frontend like Ansible Tower which auto-manages the secrets for you would be amazing. I'd like to click a button to run a script on a host.
good news to report, in #964 I have them running repeatedly on Ubuntu, Debian8 and Fedora: ansible-playbook playbooks/jenkins/worker/create.yml --limit test-*ubuntu*-x*,test-*fedora*,test-*debian8-x*
. I can run that multiple times without serious problems. Failures are due to some old Fedora machines not being able to fetch updates cause they are EOL.
Also, maybe as a hint. I set up some of my missing host_vars files by doing the following type of thing:
upstart
parallel-ssh -H test-digitalocean-fedora22-x64-1 -H test-digitalocean-fedora23-x64-1 -H test-digitalocean-fedora24-x64-1 -H test-digitalocean-fedora25-x64-1 -H test-digitalocean-fedora25-x64-2 -H test-rackspace-fedora22-x64-1 -H test-rackspace-fedora23-x64-1 -H test-rackspace-fedora24-x64-1 -i 'cat /etc/init/jenkins.conf | grep secret'
parallel-ssh -H test-digitalocean-ubuntu1404-x64-1 -H test-digitalocean-ubuntu1404-x86-1 -H test-softlayer-ubuntu1404-x64-1 -H test-softlayer-ubuntu1404-x86-1 -i 'cat /etc/init/jenkins.conf | grep secret'
systemd
parallel-ssh -H test-digitalocean-ubuntu1604-x86-1 -H test-digitalocean-ubuntu1610-x64-1 -H test-digitalocean-ubuntu1610-x64-2 -H test-nearform_intel-ubuntu1604-x64-1 -H test-nearform_intel-ubuntu1604-x64-2 -H test-rackspace-ubuntu1604-x64-1 -H test-rackspace-ubuntu1604-x64-2 -i 'cat /lib/systemd/system/jenkins.service | grep secret'
then manually doing this type of thing with the results:
echo 'secret: abcxyz1234567890....' > host_vars/test-rackspace-fedora24-x64-1
This could be automated a bit more and we could even make a set of ansible scripts to do this. It'd be easier to let all of build/test get these secrets off existing hosts than trying to get them access via jenkins.
Below is where we are (or at least what I have been able to do myself) with the different Ansible scripts -- we are slowly migrating away from setup
and to ansible
, with the main stragglers being Raspberry Pi machines and Windows machines, but we are getting there. I want to try and write some more docs at some point about getting from no setup to running ansible-playbook
.
would love to contribute on this. @gibfahn @maclover7 @rvagg can someone mentor me on this
Moving this to #1277
Outstanding item from #873 seems to be related to our Ansible scripts, particularly: