docker, playbooks: adaption for integrating root CA

The initial start is now moved to the playbook setting NWL jenkins up. Thus the start/stop playbook does no longer need the initial parameter as variable. With it the NWL jenkins docker image was versionized to 0.0.3 and the jenkins version was updated to the latest version. Signed-off-by: Marc Mattmüller <marc.mattmueller@netmodule.com>
2023-07-11 15:11:49 +02:00 · 2023-07-11 15:11:49 +02:00 · 94aa68c0d6
parent f6c4371aab
commit 94aa68c0d6
5 changed files with 29 additions and 14 deletions
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -1,6 +1,6 @@
 services:
  jenkins:
-    image: jenkins:nwl-0.0.2
+    image: jenkins:nwl-0.0.3
    container_name: jk_server_nwl
    ports:
      - 8080:8080
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -1,4 +1,4 @@
-FROM jenkins/jenkins:2.401.1-lts-jdk11
+FROM jenkins/jenkins:2.401.2-lts-jdk11

 USER root
 RUN apt-get -y update && apt-get -y install \
@ -20,5 +20,8 @@ ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false -Dhudson.slaves.WorkspaceLi
 ENV CASC_JENKINS_CONFIG /var/jenkins_home/casc.yaml
 ENV JENKINS_HOME /var/jenkins_home

+# get RootCA so that we have it for importing:
+RUN curl -sSL https://platform-nas.gad.local/K-Stufen/cert/Belden-Global-Root-CA.crt -o /tmp/rootCA_Belden.crt
+
 COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
 RUN jenkins-plugin-cli --plugin-file /usr/share/jenkins/ref/plugins.txt
--- a/playbooks/getting_started/build-jenkins-docker-image.yml
+++ b/playbooks/getting_started/build-jenkins-docker-image.yml
@ -7,7 +7,7 @@
    - name: Build the Jenkins Image
      register: buildDocker
      ansible.builtin.shell: |
-        docker build -t jenkins:nwl-0.0.1 .
+        docker build -t jenkins:nwl-0.0.3 .
      args:
        chdir: "{{root_path}}/docker"
        executable: /bin/bash
--- a/playbooks/getting_started/setup-nwl-jenkins.yaml
+++ b/playbooks/getting_started/setup-nwl-jenkins.yaml
@ -53,6 +53,27 @@
        cat ~/.ssh/{{git_ssh_keyname}}.pub > ./.ssh/{{git_ssh_keyname}}.pub
        cat .ssh/testvm_ed25519.pub > ./.ssh/authorized_keys
        ssh-keyscan -p 7999 -t rsa bitbucket.gad.local > ./.ssh/known_hosts 2>/dev/null
+    - name: Get a java truststore
+      ansible.builtin.shell: |
+        containerId=$(docker create jenkins:nwl-0.0.3)
+        docker cp "$containerId":/opt/java/openjdk/lib/security/cacerts ../secrets/.cacerts/
+        docker rm "$containerId"
      args:
-        chdir: "{{root_path}}/secrets"
+        chdir: "{{root_path}}/docker"
+        executable: /bin/bash
+    - name: Setup trust store containing Belden root CA in Jenkins
+      ansible.builtin.shell: |
+        docker-compose up --build -d
+        sleep 30s
+        docker-compose logs | grep "Jenkins is fully up and running"
+        if [[ $? != 0 ]]; then
+          echo "FAILED to bring Jenkins up --> check docker-compose logs"
+        else
+          docker exec -it $(docker ps | grep jenkins:nwl | cut -d' ' -f1) /bin/bash
+          keytool -keystore /var/jenkins_home/.cacerts/cacerts -import -alias "Belden Root CA" -file /tmp/rootCA_Belden.crt -noprompt -storepass changeit
+          exit
+        fi
+        docker-compose down
+      args:
+        chdir: "{{root_path}}"
        executable: /bin/bash
--- a/playbooks/getting_started/start-stop-nwl-jenkins.yml
+++ b/playbooks/getting_started/start-stop-nwl-jenkins.yml
@ -7,16 +7,7 @@
    - name: Start/Stop the NWL Jenkins instance with docker-compose
      ansible.builtin.shell: |
        if [[ "{{power_status}}" == "start" ]]; then
-          if  [[ "{{is_initial}}" == "true" ]]; then
-            docker-compose up --build -d
-          else
-            docker-compose up -d
-          fi
-          sleep 30s
-          docker-compose logs | grep "Jenkins is fully up and running"
-          if [[ $? != 0 ]]; then
-            echo "FAILED to bring Jenkins up --> check docker-compose logs"
-          fi
+          docker-compose up -d
        else
          docker-compose down
        fi