diff --git a/docker-compose.yaml b/docker-compose.yaml index 507b004..eebf75e 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,6 +1,6 @@ services: jenkins: - image: jenkins:nwl-0.0.2 + image: jenkins:nwl-0.0.3 container_name: jk_server_nwl ports: - 8080:8080 diff --git a/docker/Dockerfile b/docker/Dockerfile index 5b63cd2..921cc43 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM jenkins/jenkins:2.401.1-lts-jdk11 +FROM jenkins/jenkins:2.401.2-lts-jdk11 USER root RUN apt-get -y update && apt-get -y install \ @@ -20,5 +20,8 @@ ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false -Dhudson.slaves.WorkspaceLi ENV CASC_JENKINS_CONFIG /var/jenkins_home/casc.yaml ENV JENKINS_HOME /var/jenkins_home +# get RootCA so that we have it for importing: +RUN curl -sSL https://platform-nas.gad.local/K-Stufen/cert/Belden-Global-Root-CA.crt -o /tmp/rootCA_Belden.crt + COPY plugins.txt /usr/share/jenkins/ref/plugins.txt RUN jenkins-plugin-cli --plugin-file /usr/share/jenkins/ref/plugins.txt diff --git a/playbooks/getting_started/build-jenkins-docker-image.yml b/playbooks/getting_started/build-jenkins-docker-image.yml index 3a22250..221490b 100644 --- a/playbooks/getting_started/build-jenkins-docker-image.yml +++ b/playbooks/getting_started/build-jenkins-docker-image.yml @@ -7,7 +7,7 @@ - name: Build the Jenkins Image register: buildDocker ansible.builtin.shell: | - docker build -t jenkins:nwl-0.0.1 . + docker build -t jenkins:nwl-0.0.3 . args: chdir: "{{root_path}}/docker" executable: /bin/bash diff --git a/playbooks/getting_started/setup-nwl-jenkins.yaml b/playbooks/getting_started/setup-nwl-jenkins.yaml index 7bb03a7..0841a8b 100644 --- a/playbooks/getting_started/setup-nwl-jenkins.yaml +++ b/playbooks/getting_started/setup-nwl-jenkins.yaml @@ -53,6 +53,27 @@ cat ~/.ssh/{{git_ssh_keyname}}.pub > ./.ssh/{{git_ssh_keyname}}.pub cat .ssh/testvm_ed25519.pub > ./.ssh/authorized_keys ssh-keyscan -p 7999 -t rsa bitbucket.gad.local > ./.ssh/known_hosts 2>/dev/null + - name: Get a java truststore + ansible.builtin.shell: | + containerId=$(docker create jenkins:nwl-0.0.3) + docker cp "$containerId":/opt/java/openjdk/lib/security/cacerts ../secrets/.cacerts/ + docker rm "$containerId" args: - chdir: "{{root_path}}/secrets" + chdir: "{{root_path}}/docker" + executable: /bin/bash + - name: Setup trust store containing Belden root CA in Jenkins + ansible.builtin.shell: | + docker-compose up --build -d + sleep 30s + docker-compose logs | grep "Jenkins is fully up and running" + if [[ $? != 0 ]]; then + echo "FAILED to bring Jenkins up --> check docker-compose logs" + else + docker exec -it $(docker ps | grep jenkins:nwl | cut -d' ' -f1) /bin/bash + keytool -keystore /var/jenkins_home/.cacerts/cacerts -import -alias "Belden Root CA" -file /tmp/rootCA_Belden.crt -noprompt -storepass changeit + exit + fi + docker-compose down + args: + chdir: "{{root_path}}" executable: /bin/bash diff --git a/playbooks/getting_started/start-stop-nwl-jenkins.yml b/playbooks/getting_started/start-stop-nwl-jenkins.yml index f79eac5..aad8b0a 100644 --- a/playbooks/getting_started/start-stop-nwl-jenkins.yml +++ b/playbooks/getting_started/start-stop-nwl-jenkins.yml @@ -7,16 +7,7 @@ - name: Start/Stop the NWL Jenkins instance with docker-compose ansible.builtin.shell: | if [[ "{{power_status}}" == "start" ]]; then - if [[ "{{is_initial}}" == "true" ]]; then - docker-compose up --build -d - else - docker-compose up -d - fi - sleep 30s - docker-compose logs | grep "Jenkins is fully up and running" - if [[ $? != 0 ]]; then - echo "FAILED to bring Jenkins up --> check docker-compose logs" - fi + docker-compose up -d else docker-compose down fi