From d8f79cc9a560e60265efc997e2a799169993f154 Mon Sep 17 00:00:00 2001 From: Matej Stajduhar Date: Wed, 16 Apr 2025 14:27:24 +0200 Subject: [PATCH 01/13] Fixing-aws_vpc-role-2-PR-devel-2.x --- roles/aws/aws_backup_validation/tasks/main.yml | 2 +- roles/aws/aws_iam_role/tasks/main.yml | 4 ++-- roles/aws/aws_s3_bucket/tasks/main.yml | 2 +- roles/aws/aws_security_groups/tasks/main.yml | 1 - roles/aws/aws_vpc/tasks/main.yml | 8 -------- roles/aws/aws_vpc/tasks/security_group.yml | 6 +++--- 6 files changed, 7 insertions(+), 16 deletions(-) diff --git a/roles/aws/aws_backup_validation/tasks/main.yml b/roles/aws/aws_backup_validation/tasks/main.yml index d8e7b1ef4..703e4ccb5 100644 --- a/roles/aws/aws_backup_validation/tasks/main.yml +++ b/roles/aws/aws_backup_validation/tasks/main.yml @@ -25,7 +25,7 @@ timeout: "{{ aws_backup_validation.timeout }}" role: "{{ aws_iam_role._result['LambdaBackupRestoreRole'] }}" runtime: "{{ aws_backup_validation.runtime }}" - function_file: "{{ lookup('template', item + '_validation.py.j2') }}" + function_file: "{{ lookup('template', item + '_validation.py.j2') }}" s3_bucket: "ce-{{ _aws_profile }}-lambda-functions" tags: Name: "{{ item }}_backup_validation" diff --git a/roles/aws/aws_iam_role/tasks/main.yml b/roles/aws/aws_iam_role/tasks/main.yml index 8f67e33c8..f51b0aecd 100644 --- a/roles/aws/aws_iam_role/tasks/main.yml +++ b/roles/aws/aws_iam_role/tasks/main.yml @@ -1,6 +1,6 @@ - name: Create an IAM Managed Policy if defined. amazon.aws.iam_managed_policy: - policy_name: "inline_{{ aws_iam_role.name }}_policy" + policy_name: "inline_{{ aws_iam_role.inline_policies.name }}_policy" policy: Version: "2012-10-17" Statement: @@ -13,7 +13,7 @@ - name: Join managed and inline policy. ansible.builtin.set_fact: - _combined_policies: "{{ aws_iam_role.managed_policies + [_inline_iam_policy.arn] }}" + _combined_policies: "{{ aws_iam_role.managed_policies + [_inline_iam_policy.policy.arn] }}" when: aws_iam_role.inline_policies.action is defined and aws_iam_role.inline_policies.action | length > 0 - name: Create combined var if inline policy is not defined or empty. diff --git a/roles/aws/aws_s3_bucket/tasks/main.yml b/roles/aws/aws_s3_bucket/tasks/main.yml index 915b9c09e..303c56519 100644 --- a/roles/aws/aws_s3_bucket/tasks/main.yml +++ b/roles/aws/aws_s3_bucket/tasks/main.yml @@ -24,4 +24,4 @@ - name: Register aws_s3_bucket results. ansible.builtin.set_fact: - aws_s3_bucket: "{{ aws_s3_bucket | combine({'_result': {aws_s3_bucket.name | replace('-','_'): {'bucket': _aws_s3_bucket, 'policy': _aws_s3_bucket_policy}}}, recursive=True) }}" + aws_s3_bucket: "{{ aws_s3_bucket | combine({'_result': {aws_s3_bucket.name | replace('-', '_'): {'bucket': _aws_s3_bucket, 'policy': _aws_s3_bucket_policy}}}, recursive=True) }}" diff --git a/roles/aws/aws_security_groups/tasks/main.yml b/roles/aws/aws_security_groups/tasks/main.yml index c356e05a6..75d88fd45 100644 --- a/roles/aws/aws_security_groups/tasks/main.yml +++ b/roles/aws/aws_security_groups/tasks/main.yml @@ -8,7 +8,6 @@ - name: Fetch groups. amazon.aws.ec2_security_group_info: - profile: "{{ aws_security_groups.aws_profile }}" region: "{{ aws_security_groups.region }}" filters: group-name: "{{ _aws_security_group_names }}" diff --git a/roles/aws/aws_vpc/tasks/main.yml b/roles/aws/aws_vpc/tasks/main.yml index 422b391ab..31ec599a9 100644 --- a/roles/aws/aws_vpc/tasks/main.yml +++ b/roles/aws/aws_vpc/tasks/main.yml @@ -14,10 +14,6 @@ vars: aws_vpc: name: "default" - profile: "{{ aws_vpc.aws_profile }}" - region: "{{ aws_vpc.region }}" - tags: "{{ aws_vpc.tags }}" - state: "{{ aws_vpc.state }}" id: "{{ _aws_vpc_vpc.vpc.id }}" description: "default VPC security group" purge_rules: false @@ -27,10 +23,6 @@ vars: aws_vpc: name: "{{ security_group.name }}" - profile: "{{ aws_vpc.aws_profile }}" - region: "{{ aws_vpc.region }}" - tags: "{{ aws_vpc.tags | combine({'Name': security_group.name}) }}" - state: "{{ aws_vpc.state }}" id: "{{ _aws_vpc_vpc.vpc.id }}" description: "default VPC security group" rules: "{{ security_group.rules | default(omit) }}" diff --git a/roles/aws/aws_vpc/tasks/security_group.yml b/roles/aws/aws_vpc/tasks/security_group.yml index 0609e49bc..6c0bfe8b6 100644 --- a/roles/aws/aws_vpc/tasks/security_group.yml +++ b/roles/aws/aws_vpc/tasks/security_group.yml @@ -6,9 +6,9 @@ tags: "{{ aws_vpc.tags | combine({'Name': aws_vpc.name}) }}" state: "{{ aws_vpc.state }}" vpc_id: "{{ aws_vpc.id }}" - description: "{{ aws_vpc.description }}" - rules: "{{ aws_vpc.rules | default(omit) }}" - rules_egress: "{{ aws_vpc.rules_egress | default(omit) }}" + description: "{{ security_group.description }}" + rules: "{{ security_group.rules | default(omit) }}" + rules_egress: "{{ security_group.rules_egress | default(omit) }}" purge_rules: "{{ aws_vpc.purge_rules | default(omit) }}" register: _aws_vpc_result From 9aee4fd0c898046c3b7e864ea811615608bbb1ca Mon Sep 17 00:00:00 2001 From: Matej Stajduhar Date: Wed, 16 Apr 2025 14:30:01 +0200 Subject: [PATCH 02/13] Updating-aws_vpc-task --- roles/aws/aws_vpc/tasks/main.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/roles/aws/aws_vpc/tasks/main.yml b/roles/aws/aws_vpc/tasks/main.yml index 31ec599a9..22ef2638f 100644 --- a/roles/aws/aws_vpc/tasks/main.yml +++ b/roles/aws/aws_vpc/tasks/main.yml @@ -20,13 +20,6 @@ - name: Create VPC Security groups. ansible.builtin.include_tasks: "security_group.yml" - vars: - aws_vpc: - name: "{{ security_group.name }}" - id: "{{ _aws_vpc_vpc.vpc.id }}" - description: "default VPC security group" - rules: "{{ security_group.rules | default(omit) }}" - rules_egress: "{{ security_group.rules_egress | default(omit) }}" with_items: "{{ aws_vpc.security_groups }}" loop_control: loop_var: security_group From 927b1c0bfdb3d10792dbc5853f41030131789853 Mon Sep 17 00:00:00 2001 From: Matej Stajduhar Date: Wed, 16 Apr 2025 14:41:15 +0200 Subject: [PATCH 03/13] Removing-profile-variables --- roles/aws/aws_elasticache/tasks/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/aws/aws_elasticache/tasks/main.yml b/roles/aws/aws_elasticache/tasks/main.yml index 7c75d36eb..12568c83a 100644 --- a/roles/aws/aws_elasticache/tasks/main.yml +++ b/roles/aws/aws_elasticache/tasks/main.yml @@ -4,7 +4,6 @@ name: aws/aws_security_groups vars: aws_security_groups: - profile: "{{ aws_elasticache.aws_profile }}" region: "{{ aws_elasticache.region }}" group_names: "{{ aws_elasticache.elasticache_security_groups }}" return_type: ids @@ -24,7 +23,6 @@ - name: Create ElastiCache cluster. community.aws.elasticache: - profile: "{{ aws_elasticache.aws_profile }}" name: "{{ aws_elasticache.name }}" region: "{{ aws_elasticache.region }}" state: "{{ aws_elasticache.state }}" @@ -38,4 +36,4 @@ security_group_ids: "{{ _aws_security_group_list }}" # variable populated by the aws_security_groups role zone: "{{ aws_elasticache.zone | default(omit) }}" -# @TODO grab the endpoint data for the memcached client role \ No newline at end of file +# @TODO grab the endpoint data for the memcached client role From 9826fc4c75a79e7e445f6546eff68c624e163172 Mon Sep 17 00:00:00 2001 From: Matej Stajduhar Date: Wed, 16 Apr 2025 15:08:20 +0200 Subject: [PATCH 04/13] Removing-profile-variables-2 --- roles/aws/aws_elasticache/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/aws/aws_elasticache/tasks/main.yml b/roles/aws/aws_elasticache/tasks/main.yml index 12568c83a..97bf46ccd 100644 --- a/roles/aws/aws_elasticache/tasks/main.yml +++ b/roles/aws/aws_elasticache/tasks/main.yml @@ -15,7 +15,6 @@ state: "{{ aws_elasticache.state }}" subnets: "{{ aws_elasticache.subnets }}" region: "{{ aws_elasticache.region }}" - profile: "{{ aws_elasticache.aws_profile }}" description: "{{ aws_elasticache.description }}" register: _aws_elasticache_subnet_group From 1344701457d2f0bace747f2ac7e2ed7d826943e8 Mon Sep 17 00:00:00 2001 From: Matej Stajduhar Date: Wed, 16 Apr 2025 15:34:44 +0200 Subject: [PATCH 05/13] Reverting-profile-variables --- roles/aws/aws_elasticache/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/aws/aws_elasticache/tasks/main.yml b/roles/aws/aws_elasticache/tasks/main.yml index 97bf46ccd..a393d6528 100644 --- a/roles/aws/aws_elasticache/tasks/main.yml +++ b/roles/aws/aws_elasticache/tasks/main.yml @@ -4,6 +4,7 @@ name: aws/aws_security_groups vars: aws_security_groups: + profile: "{{ aws_elasticache.aws_profile }}" region: "{{ aws_elasticache.region }}" group_names: "{{ aws_elasticache.elasticache_security_groups }}" return_type: ids @@ -15,6 +16,7 @@ state: "{{ aws_elasticache.state }}" subnets: "{{ aws_elasticache.subnets }}" region: "{{ aws_elasticache.region }}" + profile: "{{ aws_elasticache.aws_profile }}" description: "{{ aws_elasticache.description }}" register: _aws_elasticache_subnet_group @@ -22,6 +24,7 @@ - name: Create ElastiCache cluster. community.aws.elasticache: + profile: "{{ aws_elasticache.aws_profile }}" name: "{{ aws_elasticache.name }}" region: "{{ aws_elasticache.region }}" state: "{{ aws_elasticache.state }}" From 573c1d4fde8489e3916588c4902c6aa67bc84f49 Mon Sep 17 00:00:00 2001 From: Matej Stajduhar Date: Wed, 16 Apr 2025 18:44:58 +0200 Subject: [PATCH 06/13] Updating-jenkins-tasks --- roles/debian/jenkins/tasks/main.yml | 11 +- .../jenkins/templates/jenkins.service.j2 | 151 ++++++++++++++++++ 2 files changed, 161 insertions(+), 1 deletion(-) create mode 100644 roles/debian/jenkins/templates/jenkins.service.j2 diff --git a/roles/debian/jenkins/tasks/main.yml b/roles/debian/jenkins/tasks/main.yml index 3c8413203..78b44f902 100644 --- a/roles/debian/jenkins/tasks/main.yml +++ b/roles/debian/jenkins/tasks/main.yml @@ -100,9 +100,18 @@ group: "{{ jenkins.user }}" mode: 0775 -- name: Restart Jenkins. +- name: Copy jenkins service file with jenkins port number. + ansible.builtin.template: + src: "jenkins.service.j2" + dest: "/usr/lib/systemd/system/jenkins.service" + owner: "root" + group: "root" + mode: 0644 + +- name: Restart Jenkins and reload daemon. ansible.builtin.service: name: jenkins + daemon_reload: true state: restarted when: aptoutput.changed diff --git a/roles/debian/jenkins/templates/jenkins.service.j2 b/roles/debian/jenkins/templates/jenkins.service.j2 new file mode 100644 index 000000000..3c94e482e --- /dev/null +++ b/roles/debian/jenkins/templates/jenkins.service.j2 @@ -0,0 +1,151 @@ + +# This file is managed by systemd(1). Do NOT edit this file manually! +# To override these settings, run: +# +# systemctl edit jenkins +# +# For more information about drop-in files, see: +# +# https://www.freedesktop.org/software/systemd/man/systemd.unit.html +# + +[Unit] +Description=Jenkins Continuous Integration Server +Requires=network.target +After=network.target +StartLimitBurst=5 +StartLimitIntervalSec=5m + +[Service] +Type=notify +NotifyAccess=main +ExecStart=/usr/bin/jenkins +Restart=on-failure +SuccessExitStatus=143 + +# Configures the time to wait for start-up. If Jenkins does not signal start-up +# completion within the configured time, the service will be considered failed +# and will be shut down again. Takes a unit-less value in seconds, or a time span +# value such as "5min 20s". Pass "infinity" to disable the timeout logic. +#TimeoutStartSec=90 + +# Unix account that runs the Jenkins daemon +# Be careful when you change this, as you need to update the permissions of +# $JENKINS_HOME, $JENKINS_LOG, and (if you have already run Jenkins) +# $JENKINS_WEBROOT. +User=jenkins +Group=jenkins + +# Directory where Jenkins stores its configuration and workspaces +Environment="JENKINS_HOME=/var/lib/jenkins" +WorkingDirectory=/var/lib/jenkins + +# Location of the Jenkins WAR +#Environment="JENKINS_WAR=/usr/share/java/jenkins.war" + +# Location of the exploded WAR +Environment="JENKINS_WEBROOT=%C/jenkins/war" + +# Location of the Jenkins log. By default, systemd-journald(8) is used. +#Environment="JENKINS_LOG=%L/jenkins/jenkins.log" + +# The Java home directory. When left empty, JENKINS_JAVA_CMD and PATH are consulted. +#Environment="JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64" + +# The Java executable. When left empty, JAVA_HOME and PATH are consulted. +#Environment="JENKINS_JAVA_CMD=/etc/alternatives/java" + +# Arguments for the Jenkins JVM +Environment="JAVA_OPTS=-Djava.awt.headless=true" + +# Unix Domain Socket to listen on for local HTTP requests. Default is disabled. +#Environment="JENKINS_UNIX_DOMAIN_PATH=/run/jenkins/jenkins.socket" + +# IP address to listen on for HTTP requests. +# The default is to listen on all interfaces (0.0.0.0). +#Environment="JENKINS_LISTEN_ADDRESS=" + +# Port to listen on for HTTP requests. Set to -1 to disable. +# To be able to listen on privileged ports (port numbers less than 1024), +# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities +# directive below. +Environment="JENKINS_PORT={{ jenkins.listen_https_port }}" + +# IP address to listen on for HTTPS requests. Default is disabled. +#Environment="JENKINS_HTTPS_LISTEN_ADDRESS=" + +# Port to listen on for HTTPS requests. Default is disabled. +# To be able to listen on privileged ports (port numbers less than 1024), +# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities +# directive below. +#Environment="JENKINS_HTTPS_PORT=443" + +# Path to the keystore in JKS format (as created by the JDK's keytool). +# Default is disabled. +#Environment="JENKINS_HTTPS_KEYSTORE=/path/to/keystore.jks" + +# Password to access the keystore defined in JENKINS_HTTPS_KEYSTORE. +# Default is disabled. +#Environment="JENKINS_HTTPS_KEYSTORE_PASSWORD=s3cR3tPa55w0rD" + +# IP address to listen on for HTTP2 requests. Default is disabled. +#Environment="JENKINS_HTTP2_LISTEN_ADDRESS=" + +# HTTP2 port to listen on. Default is disabled. +# To be able to listen on privileged ports (port numbers less than 1024), +# add the CAP_NET_BIND_SERVICE capability to the AmbientCapabilities +# directive below. +#Environment="JENKINS_HTTP2_PORT=" + +# Controls which capabilities to include in the ambient capability set for the +# executed process. Takes a whitespace-separated list of capability names, e.g. +# CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_SYS_PTRACE. Ambient capability sets are +# useful if you want to execute a process as a non-privileged user but still +# want to give it some capabilities. For example, add the CAP_NET_BIND_SERVICE +# capability to be able to listen on privileged ports (port numbers less than +# 1024). +#AmbientCapabilities=CAP_NET_BIND_SERVICE + +# Debug level for logs. The higher the value, the more verbose. 5 is INFO. +#Environment="JENKINS_DEBUG_LEVEL=5" + +# Set to true to enable logging to /var/log/jenkins/access_log. +#Environment="JENKINS_ENABLE_ACCESS_LOG=false" + +# Servlet context (important if you want to use reverse proxying) +#Environment="JENKINS_PREFIX=/jenkins" + +# Arbitrary additional arguments to pass to Jenkins. +# Full option list: java -jar jenkins.war --help +#Environment="JENKINS_OPTS=" + +# Maximum core file size. If unset, the value from the OS is inherited. +#LimitCORE=infinity + +# Maximum file size. If unset, the value from the OS is inherited. +#LimitFSIZE=infinity + +# File descriptor limit. If unset, the value from the OS is inherited. +#LimitNOFILE=8192 + +# Maximum number of processes. If unset, the value from the OS is inherited. +#LimitNPROC=32768 + +# Set the umask to control the permission bits of files that Jenkins creates. +# +# 0027 makes files read-only for group and inaccessible for others, which some +# security sensitive users might consider beneficial, especially if Jenkins +# is running on a server that is used for multiple purposes. Beware that 0027 +# permissions would interfere with sudo scripts that run on the controller +# (see JENKINS-25065). +# +# Note also that the particularly sensitive parts of $JENKINS_HOME (such as +# credentials) are always written without 'other' access. So the umask values +# only affect job configuration, build records, etc. +# +# If unset, the value from the OS is inherited, which is normally 0022. +# The default umask comes from pam_umask(8) and /etc/login.defs. +#UMask=0022 + +[Install] +WantedBy=multi-user.target From cbe90538e8357d77c71f929f4789072a739afd1b Mon Sep 17 00:00:00 2001 From: Matej Stajduhar Date: Thu, 17 Apr 2025 11:33:40 +0200 Subject: [PATCH 07/13] Adding-jenkins-key-download --- roles/debian/jenkins/defaults/main.yml | 2 +- roles/debian/jenkins/tasks/main.yml | 14 ++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/roles/debian/jenkins/defaults/main.yml b/roles/debian/jenkins/defaults/main.yml index 39c1a1c64..1ffa2393a 100644 --- a/roles/debian/jenkins/defaults/main.yml +++ b/roles/debian/jenkins/defaults/main.yml @@ -7,7 +7,7 @@ ldap_client: bindpw: "" jenkins: - apt_signed_by: https://pkg.jenkins.io/debian/jenkins.io.key + apt_signed_by: /usr/share/keyrings/jenkins-keyring.asc server_name: "jenkins.{{ _domain_name }}" ssl_handling: "ssl_selfsigned" listen_http_port: -1 diff --git a/roles/debian/jenkins/tasks/main.yml b/roles/debian/jenkins/tasks/main.yml index 78b44f902..1c9cfa627 100644 --- a/roles/debian/jenkins/tasks/main.yml +++ b/roles/debian/jenkins/tasks/main.yml @@ -1,17 +1,23 @@ --- -- name: Add Jenkins repository and key. +- name: Download jenkins key. + ansible.builtin.get_url: + url: https://pkg.jenkins.io/debian/jenkins.io-2023.key + dest: "{{ jenkins.apt_signed_by }}" + mode: '0644' + +- name: Add Jenkins repository. ansible.builtin.include_role: name: debian/apt_repository vars: apt_repository: - legacy_repo: "deb http://pkg.jenkins.io/debian binary/" + legacy_repo: "deb http://pkg.jenkins.io/debian-stable binary/" format: list # Jenkins repo does not support deb822 - list_repo_string: "http://pkg.jenkins.io/debian binary/" # override automated repo string generation + list_repo_string: "http://pkg.jenkins.io/debian-stable binary/" # override automated repo string generation name: jenkins types: - deb uris: - - http://pkg.jenkins.io/debian + - http://pkg.jenkins.io/debian-stable signed_by: "{{ jenkins.apt_signed_by }}" state: present key_refresh_timer_OnCalendar: "Mon *-*-* 00:00:00" From 41da5d42aafeb6576794997bb1945cf5267afd8b Mon Sep 17 00:00:00 2001 From: Matej Stajduhar Date: Thu, 17 Apr 2025 12:05:14 +0200 Subject: [PATCH 08/13] Adding-jenkins-key-download-2 --- roles/debian/jenkins/defaults/main.yml | 2 +- roles/debian/jenkins/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/debian/jenkins/defaults/main.yml b/roles/debian/jenkins/defaults/main.yml index 1ffa2393a..1af47f075 100644 --- a/roles/debian/jenkins/defaults/main.yml +++ b/roles/debian/jenkins/defaults/main.yml @@ -7,7 +7,7 @@ ldap_client: bindpw: "" jenkins: - apt_signed_by: /usr/share/keyrings/jenkins-keyring.asc + apt_signed_by: https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key server_name: "jenkins.{{ _domain_name }}" ssl_handling: "ssl_selfsigned" listen_http_port: -1 diff --git a/roles/debian/jenkins/tasks/main.yml b/roles/debian/jenkins/tasks/main.yml index 1c9cfa627..e222f2b4c 100644 --- a/roles/debian/jenkins/tasks/main.yml +++ b/roles/debian/jenkins/tasks/main.yml @@ -2,7 +2,7 @@ - name: Download jenkins key. ansible.builtin.get_url: url: https://pkg.jenkins.io/debian/jenkins.io-2023.key - dest: "{{ jenkins.apt_signed_by }}" + dest: /usr/share/keyrings/jenkins-keyring.asc mode: '0644' - name: Add Jenkins repository. From 2369f96bb65c691156dd27ad1677db1167f1978a Mon Sep 17 00:00:00 2001 From: Matej Stajduhar Date: Fri, 18 Apr 2025 16:31:59 +0200 Subject: [PATCH 09/13] Adding-jenkins-key-download-3 --- roles/debian/jenkins/tasks/main.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/roles/debian/jenkins/tasks/main.yml b/roles/debian/jenkins/tasks/main.yml index e222f2b4c..f49537aea 100644 --- a/roles/debian/jenkins/tasks/main.yml +++ b/roles/debian/jenkins/tasks/main.yml @@ -1,9 +1,7 @@ --- -- name: Download jenkins key. - ansible.builtin.get_url: - url: https://pkg.jenkins.io/debian/jenkins.io-2023.key - dest: /usr/share/keyrings/jenkins-keyring.asc - mode: '0644' +- name: Print signed by var. + ansible.builtin.debug: + msg: "{{ jenkins.apt_signed_by }}" - name: Add Jenkins repository. ansible.builtin.include_role: From 140c73cee06d70c69440e58835870315b0b00c0a Mon Sep 17 00:00:00 2001 From: Matej Stajduhar Date: Fri, 18 Apr 2025 16:55:11 +0200 Subject: [PATCH 10/13] Adding-jenkins-key-download-4 --- roles/debian/jenkins/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/debian/jenkins/tasks/main.yml b/roles/debian/jenkins/tasks/main.yml index f49537aea..8f3947cb7 100644 --- a/roles/debian/jenkins/tasks/main.yml +++ b/roles/debian/jenkins/tasks/main.yml @@ -117,12 +117,10 @@ name: jenkins daemon_reload: true state: restarted - when: aptoutput.changed - name: Paise for 2 minutes. ansible.builtin.pause: minutes: 2 - when: aptoutput.changed - name: Download Jenkins CLI. ansible.builtin.get_url: From 7fdaadd4834fd79f8a564972e7c185832d2c3b3c Mon Sep 17 00:00:00 2001 From: Matej Stajduhar Date: Fri, 18 Apr 2025 17:08:24 +0200 Subject: [PATCH 11/13] Adding-jenkins-key-download-5 --- roles/debian/jenkins/tasks/main.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/roles/debian/jenkins/tasks/main.yml b/roles/debian/jenkins/tasks/main.yml index 8f3947cb7..a59c4af18 100644 --- a/roles/debian/jenkins/tasks/main.yml +++ b/roles/debian/jenkins/tasks/main.yml @@ -1,8 +1,4 @@ --- -- name: Print signed by var. - ansible.builtin.debug: - msg: "{{ jenkins.apt_signed_by }}" - - name: Add Jenkins repository. ansible.builtin.include_role: name: debian/apt_repository @@ -118,13 +114,9 @@ daemon_reload: true state: restarted -- name: Paise for 2 minutes. - ansible.builtin.pause: - minutes: 2 - - name: Download Jenkins CLI. ansible.builtin.get_url: - url: "https://localhost:{{ jenkins.listen_https_port }}/jnlpJars/jenkins-cli.jar" + url: "http://localhost:{{ jenkins.listen_https_port }}/jnlpJars/jenkins-cli.jar" validate_certs: false dest: /opt/jenkins-cli.jar From b3b77b0cd7b132b21acd86da8737f8db2e048fe7 Mon Sep 17 00:00:00 2001 From: Matej Stajduhar Date: Mon, 28 Apr 2025 14:13:42 +0200 Subject: [PATCH 12/13] Adding-jenkins-key-download-6 --- roles/debian/jenkins/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/debian/jenkins/tasks/main.yml b/roles/debian/jenkins/tasks/main.yml index a59c4af18..b14e236fe 100644 --- a/roles/debian/jenkins/tasks/main.yml +++ b/roles/debian/jenkins/tasks/main.yml @@ -138,13 +138,13 @@ timer_OnCalendar: "{{ jenkins.on_calendar }}" - name: Install Jenkins Plugins. - ansible.builtin.command: "java -jar /opt/jenkins-cli.jar -auth {{ jenkins.adminuser }}:{{ jenkins.adminpass }} -noCertificateCheck -s https://localhost:{{ jenkins.listen_https_port }}/ install-plugin {{ jenkins.plugins | join(' ') }}" + ansible.builtin.command: "java -jar /opt/jenkins-cli.jar -auth {{ jenkins.adminuser }}:{{ jenkins.adminpass }} -noCertificateCheck -s http://localhost:{{ jenkins.listen_https_port }}/ install-plugin {{ jenkins.plugins | join(' ') }}" become: true become_user: "{{ jenkins.user }}" register: pluginoutput - name: Safe restart Jenkins. - ansible.builtin.command: "java -jar /opt/jenkins-cli.jar -auth {{ jenkins.adminuser }}:{{ jenkins.adminpass }} -noCertificateCheck -s https://localhost:{{ jenkins.listen_https_port }}/ safe-restart" + ansible.builtin.command: "java -jar /opt/jenkins-cli.jar -auth {{ jenkins.adminuser }}:{{ jenkins.adminpass }} -noCertificateCheck -s http://localhost:{{ jenkins.listen_https_port }}/ safe-restart" become: true become_user: "{{ jenkins.user }}" when: pluginoutput.changed From 54d9cf2ce377fa42d67a6b11690169184d1e2bb1 Mon Sep 17 00:00:00 2001 From: Matej Stajduhar Date: Mon, 28 Apr 2025 15:29:21 +0200 Subject: [PATCH 13/13] Updating-aws-sg-role --- roles/aws/aws_security_groups/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/aws/aws_security_groups/tasks/main.yml b/roles/aws/aws_security_groups/tasks/main.yml index 75d88fd45..c356e05a6 100644 --- a/roles/aws/aws_security_groups/tasks/main.yml +++ b/roles/aws/aws_security_groups/tasks/main.yml @@ -8,6 +8,7 @@ - name: Fetch groups. amazon.aws.ec2_security_group_info: + profile: "{{ aws_security_groups.aws_profile }}" region: "{{ aws_security_groups.region }}" filters: group-name: "{{ _aws_security_group_names }}"