nwl-ci/playbooks/getting_started/setup-nwl-jenkins.yaml

- name: Setup Jenkins Instance
  hosts: linux
  gather_facts: false
  vars:
    root_path: "~/nwl-ci"
    git_ssh_keyname: "testvm_ed25519"
    git_ssh_pw: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          61323235356163363166663139613464303262333231656236313335313133373330316431333139
          3135643639363966653938663666653831393132633765340a306665393864343466376637386661
          39353535616366393631333161613065356666626266396138633866346462316365663339613263
          6564643935326565630a386266376230613230336564363066373730363239303763663666363462
          35353634626464656436633165316336323839616463333064633363306337353534
    nexus_pw: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          31383362376639616336323766366261303531366434343435626333306337393237396339656133
          6432323230653332653939633964636537353434643931650a313335313962313264643239613466
          37393737316636646237653333316231373430366134623237323634366164363234626464613831
          3438616463633162630a343631363762616531396535333465363539353831646234623464666265
          6136
    jk_admin_pw: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          34353166656466343735353337303439353964393932376166636564396132653763663030666563
          6634316263636461396435313232313063393132626462350a333231383662633639376462353032
          64356565626261653430306564373533663463386531636337343666373634313139393339336563
          3337353435643261380a313533663332646634653363343233663564666235626137346563353433
          33313763353739616531303764393135363733633637653935366661623230643238
    jk_dev_pw: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          62613264353836383332333761333962343737336162653730353463363535303566323063313437
          3131343036383763353639336532383232626364333366330a646563363466393031613839656565
          36323934633132353464613862326634313266663366346634323837396163666234346431393065
          6166363132333835310a613838326263363762616231656532633530393565396137356435343761
          6262
  tasks:
    - name: Setup the Base Directories for the Jenkins docker environment
      ansible.builtin.shell: |
        mkdir -p jenkins_home
        mkdir -p secrets/pw
        mkdir -p secrets/.cacerts
        mkdir -p secrets/.ssh
        mkdir -p yocto-downloads        
      args:
        chdir: "{{root_path}}"
        executable: /bin/bash
    - name: Prepare the Jenkins docker environment content
      ansible.builtin.shell: |
        echo -n "{{git_ssh_pw}}" > ./pw/gitSsh
        echo -n "{{nexus_pw}}" > ./pw/nexusUser
        echo -n "{{jk_admin_pw}}" > ./pw/jenkinsUserAdmin
        echo -n "{{jk_dev_pw}}" > ./pw/jenkinsUserDeveloper
        cat ~/.ssh/{{git_ssh_keyname}} > ./.ssh/{{git_ssh_keyname}}
        cat ~/.ssh/{{git_ssh_keyname}}.pub > ./.ssh/{{git_ssh_keyname}}.pub
        cat .ssh/testvm_ed25519.pub > ./.ssh/authorized_keys
        ssh-keyscan -p 7999 -t rsa bitbucket.gad.local > ./.ssh/known_hosts 2>/dev/null        
    - name: Get a java truststore
      ansible.builtin.shell: |
        containerId=$(docker create jenkins:nwl-0.0.3)
        docker cp "$containerId":/opt/java/openjdk/lib/security/cacerts ../secrets/.cacerts/
        docker rm "$containerId"        
      args:
        chdir: "{{root_path}}/docker"
        executable: /bin/bash
    - name: Setup trust store containing Belden root CA in Jenkins
      ansible.builtin.shell: |
        curl -sSL https://platform-nas.gad.local/K-Stufen/cert/Belden-Global-Root-CA.crt -o secrets/.cacerts/rootCA_Belden.crt
        docker-compose up --build -d
        sleep 30s
        docker-compose logs | grep "Jenkins is fully up and running"
        if [[ $? != 0 ]]; then
          echo "FAILED to bring Jenkins up --> check docker-compose logs"
        else
          docker exec -it $(docker ps | grep jenkins:nwl | cut -d' ' -f1) /bin/bash
          keytool -keystore /var/jenkins_home/.cacerts/cacerts -import -alias "Belden Root CA" -file /var/jenkins_home/.cacerts/rootCA_Belden.crt -noprompt -storepass changeit
          exit
        fi
        docker-compose down        
      args:
        chdir: "{{root_path}}"
        executable: /bin/bash