Various cleanups and improvements (#52)

* Cleanup: wrap lines to 80 characters

* Bump Python package versions

* Make jenkins_plugins var default to empty list

I'm not sure where these 8 plugins came from, but I don't think it
makes sense to decide this for our users.

* Only install python-software-properties on Xenial

* Add a special molecule user

We shouldn't add a Jenkins user, since that is done by this role
anyways. Not adding a user will test that the role creates one
successfully.

* Test that the Jenkins user/group was created

* Test that the Jenkins dir/config.xml were created

* Test that job dirs/config.xml files were created

* Test that custom files are deployed

* Test that secrets are deployed

* Test the Jenkins Java process runs as intended

Author: nre-ableton

README.md

@@ -3,16 +3,15 @@ Ansible Role for Jenkins
 
 Installs and completely configures Jenkins using Ansible.
 
-This role is used when you want all your Jenkins configuration
-in version control so you can deploy Jenkins repeatably
-and reliably and you can treat your Jenkins as a [Cow instead
-of a Pet](https://blog.engineyard.com/2014/pets-vs-cattle).
-
-If you are looking for a role to install Jenkins and you
-want to configure everything through the web interface and you
-don't care about being able to repeatably deploy this
-same fully-configured Jenkins then you don't need
-this role, have a look at the
+This role is used when you want all your Jenkins configuration in version
+control so you can deploy Jenkins repeatably and reliably and you can treat your
+Jenkins as a [Cow instead of a
+Pet](https://blog.engineyard.com/2014/pets-vs-cattle).
+
+If you are looking for a role to install Jenkins and you want to configure
+everything through the web interface and you don't care about being able to
+repeatably deploy this same fully-configured Jenkins then you don't need this
+role, have a look at the
 [geerlingguy/ansible-role-jenkins](https://github.com/geerlingguy/ansible-role-jenkins)
 role instead.
 
@@ -21,11 +20,10 @@ Requirements
 
 Requires curl to be installed on the server.
 
-If deploying using Docker then you need Docker
-installed on the server.
+If deploying using Docker then you need Docker installed on the server.
 
-(Docker, apt-get and yum are the only supported ways at the moment
-although more ways can easily be added, PRs welcome).
+(Docker, apt-get and yum are the only supported ways at the moment although more
+ways can easily be added, PRs welcome).
 
 Installation
 ------------
@@ -199,21 +197,27 @@ The example above will look for the job configs in
 `{{ playbook_dir }}/jenkins-configs/jobs/my-first-job/config.xml` and
 `{{ playbook_dir }}/jenkins-configs/jobs/another-awesome-job/config.xml`.
 
-***NOTE***: These directories are customizable, see the `jenkins_source_dir_configs` and `jenkins_source_dir_jobs` role variables.
+***NOTE***: These directories are customizable, see the
+`jenkins_source_dir_configs` and `jenkins_source_dir_jobs` role variables.
 
 The role will also look for `{{ playbook_dir }}/jenkins-configs/config.xml`
-These config.xml will be templated over to the server to be used as the job configuration.
-It will upload the whole secrets directory under `{{ playbook_dir }}/jenkins-configs/secrets` and configure custom files provided under `{{ jenkins_custom_files }}` variable. Note that `{{ jenkins_include_secrets }}` and `{{ jenkins_include_custom_files }}` variables should be set to true for these to work.
-Additionally the role can install custom plugins by providing the .jpi or .hpi files as a list under `{{ jenkins_custom_plugins }}` variable.
-
-config.xml and custom files are templated so you can put variables in them,
-for example it would be a good idea to encrypt sensitive variables
-in ansible vault.
+These config.xml will be templated over to the server to be used as the job
+configuration.  It will upload the whole secrets directory under
+`{{ playbook_dir }}/jenkins-configs/secrets` and configure custom files provided
+under `{{ jenkins_custom_files }}` variable. Note that
+`{{ jenkins_include_secrets }}` and `{{ jenkins_include_custom_files }}`
+variables should be set to true for these to work. Additionally the role can
+install custom plugins by providing the .jpi or .hpi files as a list under
+`{{ jenkins_custom_plugins }}` variable.
+
+config.xml and custom files are templated so you can put variables in them, for
+example it would be a good idea to encrypt sensitive variables in ansible vault.
 
 Example Job Configs
 -------------------
 
-Here's an example of what you could put in `{{ playbook_dir }}/jenkins-configs/jobs/my-first-job/config.xml`:
+Here's an example of what you could put in
+`{{ playbook_dir }}/jenkins-configs/jobs/my-first-job/config.xml`:
 
 ```xml
 <?xml version='1.0' encoding='UTF-8'?>
@@ -242,8 +246,9 @@ Here's an example of what you could put in `{{ playbook_dir }}/jenkins-configs/j
 Example Jenkins Configs
 -----------------------
 
-In `{{ jenkins_source_dir_configs }}/config.xml` you put your global
-Jenkins configuration, for example:
+In `{{ jenkins_source_dir_configs }}/config.xml` you put your global Jenkins
+configuration, for example:
+
 ```xml
 <?xml version='1.0' encoding='UTF-8'?>
 <hudson>
@@ -333,10 +338,9 @@ Jenkins configuration, for example:
 Making Changes
 --------------
 
-When you want to make a big change in a configuration file
-or you want to add a new job the normal workflow is to make
-the change in the Jenkins UI
-first, then copy the resulting XML back into your VCS.
+When you want to make a big change in a configuration file or you want to add a
+new job the normal workflow is to make the change in the Jenkins UI first, then
+copy the resulting XML back into your VCS.
 
 License
 -------
@@ -348,8 +352,8 @@ Author Information
 
 Made with love by Emmet O'Grady.
 
-I am the founder of [NimbleCI](https://nimbleci.com) which
-builds Docker containers for feature branch workflow projects in Github.
+I am the founder of [NimbleCI](https://nimbleci.com) which builds Docker
+containers for feature branch workflow projects in Github.
 
-I blog on my [personal blog](http://blog.emmetogrady.com) and
-about Docker related things on the [NimbleCI blog](https://blog.nimbleci.com).
+I blog on my [personal blog](http://blog.emmetogrady.com) and about Docker
+related things on the [NimbleCI blog](https://blog.nimbleci.com).

defaults/main.yml

@@ -40,16 +40,8 @@ jenkins_source_secrets: "{{ jenkins_source_dir_configs }}/secrets/"
 # The names of the jobs (config.xml must exist under jenkins_source_dir_jobs/job_name/)
 jenkins_jobs: []
 
-# These plugins will be installed in the jenkins instance
-jenkins_plugins:
-  - git
-  - log-parser
-  - copyartifact
-  - workflow-aggregator
-  - workflow-multibranch
-  - docker-workflow
-  - template-project
-  - ec2
+# List of plugins to install in the Jenkins instance
+jenkins_plugins: []
 
 # How long to wait for installing plugins, in seconds. If you are seeing failures in the
 # "Wait for plugins to finish installing" task with an error message like "Timeout when

molecule/default/Dockerfile.j2

@@ -21,4 +21,4 @@ RUN \
         yum clean all; \
     fi
 
-RUN useradd -d /jenkins -m -U jenkins
+RUN useradd -G sudo molecule

molecule/default/jenkins-configs/secrets/com.example.secret.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<test-secret/>

molecule/default/jenkins-configs/userContent/index.html

@@ -0,0 +1 @@
+Hello, world!

molecule/default/playbook.yml

@@ -4,7 +4,12 @@
   vars:
     jenkins_config_owner: "jenkins"
     jenkins_config_group: "jenkins"
+    jenkins_custom_files:
+      - src: "userContent/index.html"
+        dest: "userContent/index.html"
     jenkins_home: "/jenkins"
+    jenkins_include_custom_files: true
+    jenkins_include_secrets: true
     jenkins_install_via: "apt"
     jenkins_jobs:
       - test_job

molecule/default/tests/test_default.py

@@ -15,6 +15,60 @@ def test_jenkins_installed(host):
     assert package.is_installed
 
 
+def test_jenkins_user(host):
+    assert host.user('jenkins').group == 'jenkins'
+    assert host.user('jenkins').home == '/jenkins'
+
+
+def test_jenkins_dir(host):
+    assert host.file('/jenkins').is_directory
+    assert host.file('/jenkins').mode == 0o0755
+    assert host.file('/jenkins').user == 'jenkins'
+    assert host.file('/jenkins').group == 'jenkins'
+    assert host.file('/jenkins/config.xml').is_file
+    assert host.file('/jenkins/config.xml').user == 'jenkins'
+    assert host.file('/jenkins/config.xml').group == 'jenkins'
+
+
+def test_jenkins_secrets_files(host):
+    assert host.file('/jenkins/secrets').is_directory
+    assert host.file('/jenkins/secrets').mode == 0o0700
+    assert host.file('/jenkins/secrets').user == 'jenkins'
+    assert host.file('/jenkins/secrets').group == 'jenkins'
+    test_secret_file = host.file('/jenkins/secrets/com.example.secret.xml')
+    assert test_secret_file.is_file
+    assert test_secret_file.user == 'jenkins'
+    assert test_secret_file.group == 'jenkins'
+
+
+def test_jenkins_job_files(host):
+    assert host.file('/jenkins/jobs').is_directory
+    assert host.file('/jenkins/jobs').user == 'jenkins'
+    assert host.file('/jenkins/jobs').group == 'jenkins'
+    assert host.file('/jenkins/jobs/test_job').is_directory
+    assert host.file('/jenkins/jobs/test_job').user == 'jenkins'
+    assert host.file('/jenkins/jobs/test_job').group == 'jenkins'
+    test_job_config_file = host.file('/jenkins/jobs/test_job/config.xml')
+    assert test_job_config_file.is_file
+    assert test_job_config_file.user == 'jenkins'
+    assert test_job_config_file.group == 'jenkins'
+
+
+def test_jenkins_custom_files(host):
+    assert host.file('/jenkins/userContent').is_directory
+    assert host.file('/jenkins/userContent').user == 'jenkins'
+    assert host.file('/jenkins/userContent').group == 'jenkins'
+    assert host.file('/jenkins/userContent/index.html').is_file
+    assert host.file('/jenkins/userContent/index.html').user == 'jenkins'
+    assert host.file('/jenkins/userContent/index.html').group == 'jenkins'
+
+
+def test_jenkins_java_process(host):
+    process = host.process.get(command='/usr/bin/java')
+
+    assert '-Djenkins.install.runSetupWizard=false' in process.args
+
+
 def test_jenkins_version():
     master = Jenkins('http://127.0.0.1:8080')
     version = master.get_version()

requirements.txt

@@ -1,5 +1,5 @@
-ansible==2.7.11
+ansible==2.8.6
 docker-py==1.10.6
-molecule==2.20.1
-python-jenkins==1.4.0
-testinfra==1.19.0
+molecule==2.22
+python-jenkins==1.5.0
+testinfra==3.2.0

tasks/apt/install.yml

@@ -12,9 +12,12 @@
     shell: "/bin/false"
     state: present
 
+# This package is only available for Xenial (16.04), see:
+# https://packages.ubuntu.com/search?keywords=python-software-properties
 - name: Install apt PPA dependencies
   apt:
     name: python-software-properties
+  when: ansible_distribution_release == "xenial"
 
 - name: Install the Debian keyring
   apt:

tasks/configure-jobs.yml

@@ -8,11 +8,15 @@
     path: "{{ jenkins_home }}/jobs/{{ item }}"
     state: directory
     mode: 0777
+    owner: "{{ jenkins_config_owner }}"
+    group: "{{ jenkins_config_group }}"
   with_items: "{{ jenkins_jobs }}"
 
 - name: Jobs are present
   copy:
     src: "{{ jenkins_source_dir_jobs }}/{{ item }}/config.xml"
     dest: "{{ jenkins_home }}/jobs/{{ item }}/config.xml"
     mode: 0777
+    owner: "{{ jenkins_config_owner }}"
+    group: "{{ jenkins_config_group }}"
   with_items: "{{ jenkins_jobs }}"