[libvirt] [jenkins-ci PATCH 1/3] guests: Configure Jenkins agent based on secret availability

Wed Mar 21 14:52:22 UTC 2018

On Tue, Mar 20, 2018 at 05:23:58PM +0100, Andrea Bolognani wrote:
> We're going to remove the 'jenkins' pseudo-project from the list
> of per-guest projects soon, so we need another way of deciding
> whether to install and configure the Jenkins agent.
> 
> The availability of the Jenkins secret in the vault is a perfect
> candidate, and using it improves things in general because we can
> now store the information about which guests are part of the
> Jenkins setup in a single place instead of duplicating it.
> 
> Signed-off-by: Andrea Bolognani <abologna at redhat.com>
> ---
>  guests/site.yml          | 3 ---
>  guests/tasks/jenkins.yml | 7 +++++++
>  2 files changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/guests/site.yml b/guests/site.yml
> index 5f69cfd..8d32561 100644
> --- a/guests/site.yml
> +++ b/guests/site.yml
> @@ -32,6 +32,3 @@
>      - include: tasks/jenkins.yml
>        when:
>          - flavor == 'jenkins'
> -        - projects is defined
> -        # jenkins is a pseudo-project
> -        - ( 'jenkins' in projects )
> diff --git a/guests/tasks/jenkins.yml b/guests/tasks/jenkins.yml
> index 94c2404..10aeec7 100644
> --- a/guests/tasks/jenkins.yml
> +++ b/guests/tasks/jenkins.yml
> @@ -6,6 +6,8 @@
>  - name: Look up Jenkins secret
>    set_fact:
>      jenkins_secret: '{{ vault.jenkins_secrets[inventory_hostname] }}'
> +  when:
> +    - vault.jenkins_secrets[inventory_hostname] is defined
>  
>  - name: Download Jenkins agent
>    get_url:
> @@ -14,6 +16,8 @@
>      owner: jenkins
>      group: jenkins
>      force: yes
> +  when:
> +    - jenkins_secret is defined
>  
>  - name: Configure and enable Jenkins agent
>    lineinfile:
> @@ -24,6 +28,7 @@
>      line: "nohup {{ su }} - jenkins -c '{{ java }} -jar /home/jenkins/slave.jar -jnlpUrl \"{{ jenkins_url }}\" -secret \"{{ jenkins_secret }}\"' >/var/log/jenkins.log 2>&1 &"
>      insertbefore: '^exit .*$'
>    when:
> +    - jenkins_secret is defined
>      - ansible_service_mgr != 'systemd'
>  
>  - name: Configure Jenkins agent
> @@ -31,6 +36,7 @@
>      src: templates/jenkins.service.j2
>      dest: /etc/systemd/system/jenkins.service
>    when:
> +    - jenkins_secret is defined
>      - ansible_service_mgr == 'systemd'
>  
>  - name: Enable Jenkins agent
> @@ -39,4 +45,5 @@
>      enabled: yes
>      daemon_reload: yes
>    when:
> +    - jenkins_secret is defined
>      - ansible_service_mgr == 'systemd'

Would it be possible to create a group of tasks that should be run
only if "jenkins_secret is defined" and guard the whole group with
that check?

Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180321/ce6e0052/attachment-0001.sig>