Merge pull request #163 from greg-hellings/fix_jenkins_url

Fix jenkins url

Author: greg-hellings

CHANGELOG

@@ -1,3 +1,10 @@
+v 0.8.2 (12 Sep 2017)
+- Added jenkins_cli_shell_user and jenkins_cli_shell_user_home, to allow better
+  configuration of where to configure Jenkins CLI users' SSH keys
+- Improved internal construction of the _jenkins_url variable to avoid possible
+  SSL hostname mismatch errors
+- Removed pre-packaged SSH key. Changed to generating when needed
+
 v 0.8.1 (11 Sep 2017)
 - Removed ansible RPM package from jenkins_master role
 

cinch/roles/jenkins_common/defaults/main.yml

@@ -1,6 +1,3 @@
-# Local path to a private SSH keyfile to upload into the remote system and
-# to set as an authorized keyfile for the Jenkins user
-jenkins_ssh_keyfile: id_rsa
 # The Java version to install. Older versions are deprecated and will not be
 # supported beyond the EOL support for their packages in the distribution of
 # choice

cinch/roles/jenkins_common/files/id_rsa

@@ -40,12 +40,12 @@
     mode: 0700
     state: directory
 
-- name: add private SSH key
-  copy:
-    src: "{{ jenkins_ssh_keyfile }}"
-    dest: "{{ jenkins_user_home }}/.ssh/id_rsa"
-    owner: "{{ jenkins_user }}"
-    mode: 0600
+- name: generate new SSH key
+  command: |-
+    ssh-keygen -b 4096 -t rsa -f {{ jenkins_user_home }}/.ssh/id_rsa
+    -N '' creates={{ jenkins_user_home }}/.ssh/id_rsa
+  become: true
+  become_user: "{{ jenkins_user }}"
   notify: generate public SSH key
 
 - name: add ssh keys to authorized_keys for the jenkins user

cinch/roles/jenkins_common/tasks/main.yml

@@ -85,6 +85,10 @@ jenkins_backup: {}
 #  cleanup_diffs: false
 #  next_build_number: false
 #  move_to_zip: false
+# The shell user on the master system whose SSH key is configured with admin access
+# on the Jenkins CLI. Also, the home directory for that user
+jenkins_cli_shell_user: "{{ jenkins_user }}"
+jenkins_cli_shell_user_home: "{{ jenkins_user_home }}"
 
 
 # ############################################################################

cinch/roles/jenkins_master/defaults/main.yml

@@ -1,20 +1,26 @@
-- name: set listening port
+- name: check for running in a container
   set_fact:
-    _listening_port: "{{ https_enabled | ternary(443, 80) }}"
-  when: ansible_connection != 'docker'
+    _listening_port: "{{ https_enabled | ternary(8443, 8080) }}"
+  when: ansible_connection == 'docker'
   tags:
     - jenkins_check_mode
 
-- name: check for running in a container
+- name: discover valid hostname
   set_fact:
-    _listening_port: "{{ https_enabled | ternary(8443, 8080) }}"
-  when: ansible_connection == 'docker'
+    _jenkins_host: "{{ ansible_host | default(inventory_hostname | default('localhost')) }}"
   tags:
     - jenkins_check_mode
 
 - name: construct Jenkins URL
   set_fact:
-    _jenkins_url: "http{{ https_enabled | ternary('s', '') }}://localhost:{{ _listening_port }}"
+    _jenkins_url: "http{{ https_enabled | ternary('s', '') }}://{{ _jenkins_host }}"
+  tags:
+    - jenkins_check_mode
+
+- name: modify Jenkins URL for non-standard ports
+  set_fact:
+    _jenkins_url: "{{ _jenkins_url }}:{{ _listening_port }}"
+  when: _listening_port is defined
   tags:
     - jenkins_check_mode
 
@@ -46,7 +52,7 @@
     remoting: "{{ jenkins_cli_remoting }}"
   register: jenkins_admin_api_key
   become: true
-  become_user: "{{ jenkins_user }}"
+  become_user: "{{ jenkins_cli_shell_user }}"
 
 - name: save API key
   set_fact:

cinch/roles/jenkins_master/tasks/ensure_up.yml

@@ -47,7 +47,7 @@
   jenkins_cli_user:
     jenkins_home: "{{ jenkins_home }}"
     jenkins_user: "{{ item }}"
-    key_file: "{{ jenkins_user_home }}/.ssh/id_rsa.pub"
+    key_file: "{{ jenkins_cli_shell_user_home }}/.ssh/id_rsa.pub"
     state: present
   become: true
   notify: restart Jenkins

cinch/roles/jenkins_master/tasks/post_configure.yml

@@ -9,7 +9,7 @@
 
 setup(
     name='cinch',
-    version='0.8.1',
+    version='0.8.2',
     description='Cinch continuous integration setup',
     long_description=description,
     url='https://github.com/RedHatQE/cinch',