From 42a176bd7c5c790c1000f8ce3007696aaad88e1e Mon Sep 17 00:00:00 2001 From: mpavlov Date: Sun, 29 Sep 2024 01:35:45 +0300 Subject: [PATCH 1/4] repo init --- Jenkinsfile | 2 +- roles/rproxy/tasks/main.yml | 6 ++++++ roles/rproxy/templates/docker-compose.yml.j2 | 4 +++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 70c19d7..8fa9942 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -8,7 +8,7 @@ pipeline { base64File(name: "rootca", description: "RootCA (only for 'Install Rproxy')") base64File(name: "rootca_key", description: "RootCA key (only for 'Install Rproxy')") booleanParam(name: "config_add", defaultValue: true, description: "Add config") - string(name: "rproxy_service_name", defaultValue: "", trim: true, description: "Service name (for 'Add config' job only)") + string(name: "rproxy_service_name", defaultValue: "", trim: true, description: "Service name, ex. jenkins (for 'Add config' job only)") string(name: "rproxy_service_port", defaultValue: "", trim: true, description: "Service port (for 'Add config' job only)") string(name: "rproxy_service_address", defaultValue: "", trim: true, description: "Service address (for 'Add config' job only)") diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index 6fc787c..2301409 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -51,6 +51,12 @@ path: "{{ rproxy_dir }}/sites" state: directory + - name: Create repo dir + ansible.builtin.file: + path: "{{ rproxy_dir }}/repo" + state: directory + mode: 0777 + - name: Create certs dir ansible.builtin.file: path: "{{ rproxy_dir }}/certs" diff --git a/roles/rproxy/templates/docker-compose.yml.j2 b/roles/rproxy/templates/docker-compose.yml.j2 index c424260..1bd02d9 100644 --- a/roles/rproxy/templates/docker-compose.yml.j2 +++ b/roles/rproxy/templates/docker-compose.yml.j2 @@ -9,6 +9,8 @@ services: - {{ rproxy_dir }}/nginx.conf:/etc/nginx/nginx.conf - {{ rproxy_dir }}/sites:/etc/nginx/sites - {{ rproxy_dir }}/certs:/etc/nginx/certs + - {{ rproxy_dir }}/certs:/repo ports: - 443:443 - - 80:80 \ No newline at end of file + - 80:80 + - 9000:9000 \ No newline at end of file From e3ca04efd04d9410615ebc290ce6e88f02334b3b Mon Sep 17 00:00:00 2001 From: mpavlov Date: Sun, 29 Sep 2024 01:50:06 +0300 Subject: [PATCH 2/4] fix jenkinsfile --- Jenkinsfile | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 8fa9942..c8d20a6 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,17 +1,22 @@ pipeline { agent any + options { + buildDiscarder logRotator ( + numToKeepStr: '5', + daysToKeepStr: '7', + artifactNumToKeepStr: '10', + artifactDaysToKeepStr: '7' + ) + } parameters { string(name: "target_host", defaultValue: "", trim: true, description: "Target host") - string(name: "username", defaultValue: "", trim: true, description: "Ansible user") - password(name: "password", defaultValue: "", description: "Ansible password") booleanParam(name: "rproxy_install", defaultValue: true, description: "Install Rproxy") base64File(name: "rootca", description: "RootCA (only for 'Install Rproxy')") base64File(name: "rootca_key", description: "RootCA key (only for 'Install Rproxy')") booleanParam(name: "config_add", defaultValue: true, description: "Add config") - string(name: "rproxy_service_name", defaultValue: "", trim: true, description: "Service name, ex. jenkins (for 'Add config' job only)") + string(name: "rproxy_service_name", defaultValue: "", trim: true, description: "Service name (for 'Add config' job only)") string(name: "rproxy_service_port", defaultValue: "", trim: true, description: "Service port (for 'Add config' job only)") string(name: "rproxy_service_address", defaultValue: "", trim: true, description: "Service address (for 'Add config' job only)") - } stages { stage('Save certs') { @@ -37,8 +42,13 @@ pipeline { } steps { script { - wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: params.password]]]) { - sh 'ansible-playbook rproxy.yml -i ${target_host}, -t install -u ${username} -e "ansible_password=${password} rproxy_service_name=${rproxy_service_name} rproxy_service_port=${rproxy_service_port} rproxy_service_address=${rproxy_service_address}"' + withCredentials([ + sshUserPrivateKey(credentialsId: 'JENKINS_DEPLOYER_KEY', keyFileVariable: 'SSH_KEY'), + usernamePassword(credentialsId:'JENKINS_DEPLOYER_PASS', usernameVariable: 'username', passwordVariable: 'password') + ]) { + wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: env.password]]]) { + sh 'ansible-playbook rproxy.yml -i ${target_host}, -t install --private-key ${SSH_KEY} -u ${username} -e "ansible_password=${password} rproxy_service_name=${rproxy_service_name} rproxy_service_port=${rproxy_service_port} rproxy_service_address=${rproxy_service_address}"' + } } } } @@ -51,8 +61,13 @@ pipeline { } steps { script { - wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: params.password]]]) { - sh 'ansible-playbook rproxy.yml -i ${target_host}, -t add_config -u ${username} -e "ansible_password=${password} rproxy_service_name=${rproxy_service_name} rproxy_service_port=${rproxy_service_port} rproxy_service_address=${rproxy_service_address}"' + withCredentials([ + sshUserPrivateKey(credentialsId: 'JENKINS_DEPLOYER_KEY', keyFileVariable: 'SSH_KEY'), + usernamePassword(credentialsId:'JENKINS_DEPLOYER_PASS', usernameVariable: 'username', passwordVariable: 'password') + ]) { + wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: env.password]]]) { + sh 'ansible-playbook rproxy.yml -i ${target_host}, -t add_config --private-key ${SSH_KEY} -u ${username} -e "ansible_password=${password} rproxy_service_name=${rproxy_service_name} rproxy_service_port=${rproxy_service_port} rproxy_service_address=${rproxy_service_address}"' + } } } } From 7b32b19b2af79755c5ccb97c4ea029238a7c861c Mon Sep 17 00:00:00 2001 From: mpavlov Date: Sun, 29 Sep 2024 02:15:56 +0300 Subject: [PATCH 3/4] done basic repo --- roles/rproxy/files/repo.conf | 12 ++++++++++++ roles/rproxy/tasks/main.yml | 5 +++++ roles/rproxy/templates/docker-compose.yml.j2 | 2 +- 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 roles/rproxy/files/repo.conf diff --git a/roles/rproxy/files/repo.conf b/roles/rproxy/files/repo.conf new file mode 100644 index 0000000..d1fd6dc --- /dev/null +++ b/roles/rproxy/files/repo.conf @@ -0,0 +1,12 @@ +server { + listen 9000; + server_name _; + root /repo; + + location / { + charset utf-8; + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + } +} \ No newline at end of file diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index 2301409..8e705dc 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -72,6 +72,11 @@ src: files/nginx.conf dest: "{{ rproxy_dir }}/nginx.conf" + - name: Copy repo.conf + ansible.builtin.copy: + src: files/repo.conf + dest: "{{ rproxy_dir }}/sites/repo.conf" + - name: Copy RootCA certificate ansible.builtin.copy: src: files/RootCA.crt diff --git a/roles/rproxy/templates/docker-compose.yml.j2 b/roles/rproxy/templates/docker-compose.yml.j2 index 1bd02d9..c589e87 100644 --- a/roles/rproxy/templates/docker-compose.yml.j2 +++ b/roles/rproxy/templates/docker-compose.yml.j2 @@ -9,7 +9,7 @@ services: - {{ rproxy_dir }}/nginx.conf:/etc/nginx/nginx.conf - {{ rproxy_dir }}/sites:/etc/nginx/sites - {{ rproxy_dir }}/certs:/etc/nginx/certs - - {{ rproxy_dir }}/certs:/repo + - {{ rproxy_dir }}/repo:/repo ports: - 443:443 - 80:80 From 2579a1c7d85379c816ac9d4cc36808cde3f35d54 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Sun, 29 Sep 2024 02:24:42 +0300 Subject: [PATCH 4/4] auth block added (commented) --- roles/rproxy/files/repo.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/rproxy/files/repo.conf b/roles/rproxy/files/repo.conf index d1fd6dc..9bca367 100644 --- a/roles/rproxy/files/repo.conf +++ b/roles/rproxy/files/repo.conf @@ -8,5 +8,7 @@ server { autoindex on; autoindex_exact_size off; autoindex_localtime on; + # auth_basic "Needs to auth"; + # auth_basic_user_file /etc/nginx/.htpasswd; } -} \ No newline at end of file +}