Implement fully automated Jenkins HW8 setup with Ansible, JCasC and JJB

compose/.env.example

@@ -0,0 +1,5 @@
+JENKINS_ADMIN_ID=admin
+JENKINS_ADMIN_PASSWORD=admin
+JENKINS_URL_PUBLIC=http://localhost:8088/
+NGINX_PORT=8088
+MOBILE_DB_PASSWORD=student

compose/docker-compose.yml

@@ -0,0 +1,122 @@
+services:
+  registry:
+    image: registry:2.8.3
+    restart: unless-stopped
+    environment:
+      REGISTRY_HTTP_ADDR: 0.0.0.0:5000
+    ports:
+      - "5005:5000"
+    volumes:
+      - registry_data:/var/lib/registry
+    networks:
+      - jenkins_net
+
+  jenkins:
+    build:
+      context: ./jenkins
+    image: local-jenkins:latest
+    restart: unless-stopped
+    user: root
+    environment:
+      CASC_JENKINS_CONFIG: /var/jenkins_home/casc_configs/jenkins.yaml
+      JAVA_OPTS: >-
+        -Djenkins.install.runSetupWizard=false
+        -Dhudson.model.DownloadService.noSignatureCheck=true
+      JENKINS_ADMIN_ID: ${JENKINS_ADMIN_ID}
+      JENKINS_ADMIN_PASSWORD: ${JENKINS_ADMIN_PASSWORD}
+      JENKINS_URL_PUBLIC: ${JENKINS_URL_PUBLIC}
+      MOBILE_DB_PASSWORD: ${MOBILE_DB_PASSWORD:-}
+    ports:
+      - "8081:8080"
+      - "50000:50000"
+    volumes:
+      - jenkins_home:/var/jenkins_home
+      - ./jenkins/casc:/var/jenkins_home/casc_configs:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ../..:/workspace/otus-autotests:ro
+    healthcheck:
+      test: ["CMD-SHELL", "curl -fsS http://127.0.0.1:8080/login >/dev/null"]
+      interval: 10s
+      timeout: 5s
+      retries: 30
+    networks:
+      - jenkins_net
+
+  nginx:
+    image: nginx:1.28.0
+    restart: unless-stopped
+    depends_on:
+      jenkins:
+        condition: service_healthy
+    ports:
+      - "${NGINX_PORT:-8088}:80"
+    volumes:
+      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
+    networks:
+      - jenkins_net
+
+  jobs_uploader:
+    build:
+      context: ./jobs_uploader
+    image: local-jobs-uploader:latest
+    restart: "no"
+    depends_on:
+      jenkins:
+        condition: service_healthy
+    environment:
+      JENKINS_HOSTNAME: http://jenkins:8080
+      JENKINS_USERNAME: ${JENKINS_ADMIN_ID}
+      JENKINS_PASSWORD: ${JENKINS_ADMIN_PASSWORD}
+      JJB_PATH: /workspace/otus-autotests/hw8/config/jobs
+    volumes:
+      - ../..:/workspace/otus-autotests:ro
+    networks:
+      - jenkins_net
+
+  agent-maven:
+    image: localhost:5005/otus/slave-maven:1.0.0
+    restart: unless-stopped
+    depends_on:
+      jenkins:
+        condition: service_healthy
+    environment:
+      JENKINS_URL: http://jenkins:8080
+      JENKINS_USER: ${JENKINS_ADMIN_ID}
+      JENKINS_PASSWORD: ${JENKINS_ADMIN_PASSWORD}
+      JENKINS_AGENT_NAME: maven-agent
+      JENKINS_AGENT_WORKDIR: /home/jenkins/agent
+      JENKINS_WEB_SOCKET: "true"
+      JENKINS_LABELS: maven docker
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ../..:/workspace/otus-autotests:ro
+    networks:
+      - jenkins_net
+
+  agent-jjb:
+    image: localhost:5005/otus/slave-jjb:1.0.0
+    restart: unless-stopped
+    depends_on:
+      jenkins:
+        condition: service_healthy
+    environment:
+      JENKINS_URL: http://jenkins:8080
+      JENKINS_USER: ${JENKINS_ADMIN_ID}
+      JENKINS_PASSWORD: ${JENKINS_ADMIN_PASSWORD}
+      JENKINS_AGENT_NAME: jjb-agent
+      JENKINS_AGENT_WORKDIR: /home/jenkins/agent
+      JENKINS_WEB_SOCKET: "true"
+      JENKINS_LABELS: jjb docker
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ../..:/workspace/otus-autotests:ro
+    networks:
+      - jenkins_net
+
+networks:
+  jenkins_net:
+    driver: bridge
+
+volumes:
+  jenkins_home:
+  registry_data:

compose/images/slave-jjb/Dockerfile

@@ -0,0 +1,19 @@
+FROM eclipse-temurin:21-jre
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        ca-certificates \
+        curl \
+        docker.io \
+        python3 \
+        python3-pip \
+    && pip3 install --break-system-packages --no-cache-dir "setuptools<81" "jenkins-job-builder>=6.4.3" \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN curl -fsSL -o /usr/local/bin/swarm-client.jar \
+    https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/swarm-client/3.51/swarm-client-3.51.jar
+
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

compose/images/slave-jjb/entrypoint.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+: "${JENKINS_URL:?JENKINS_URL is required}"
+: "${JENKINS_USER:?JENKINS_USER is required}"
+: "${JENKINS_PASSWORD:?JENKINS_PASSWORD is required}"
+: "${JENKINS_AGENT_NAME:?JENKINS_AGENT_NAME is required}"
+
+exec java -jar /usr/local/bin/swarm-client.jar \
+  -master "${JENKINS_URL}" \
+  -username "${JENKINS_USER}" \
+  -password "${JENKINS_PASSWORD}" \
+  -name "${JENKINS_AGENT_NAME}" \
+  -labels "${JENKINS_LABELS:-jjb docker}" \
+  -executors 1 \
+  -mode exclusive \
+  -disableSslVerification

compose/images/slave-maven/Dockerfile

@@ -0,0 +1,32 @@
+FROM eclipse-temurin:21-jre
+
+ARG DOCKER_COMPOSE_VERSION=2.36.2
+ARG ALLURE_VERSION=2.29.0
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        ca-certificates \
+        curl \
+        docker.io \
+        unzip \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN curl -fsSL -o /usr/local/bin/swarm-client.jar \
+    https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/swarm-client/3.51/swarm-client-3.51.jar
+
+RUN mkdir -p /usr/local/lib/docker/cli-plugins \
+    && curl -fsSL -o /usr/local/lib/docker/cli-plugins/docker-compose \
+      "https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64" \
+    && chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
+
+RUN curl -fsSL -o /tmp/allure.zip \
+      "https://github.com/allure-framework/allure2/releases/download/${ALLURE_VERSION}/allure-${ALLURE_VERSION}.zip" \
+    && unzip -q /tmp/allure.zip -d /opt \
+    && ln -s "/opt/allure-${ALLURE_VERSION}" /opt/allure \
+    && ln -s /opt/allure/bin/allure /usr/local/bin/allure \
+    && rm -f /tmp/allure.zip
+
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

compose/images/slave-maven/entrypoint.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+: "${JENKINS_URL:?JENKINS_URL is required}"
+: "${JENKINS_USER:?JENKINS_USER is required}"
+: "${JENKINS_PASSWORD:?JENKINS_PASSWORD is required}"
+: "${JENKINS_AGENT_NAME:?JENKINS_AGENT_NAME is required}"
+
+exec java -jar /usr/local/bin/swarm-client.jar \
+  -master "${JENKINS_URL}" \
+  -username "${JENKINS_USER}" \
+  -password "${JENKINS_PASSWORD}" \
+  -name "${JENKINS_AGENT_NAME}" \
+  -labels "${JENKINS_LABELS:-maven docker}" \
+  -executors 1 \
+  -mode exclusive \
+  -disableSslVerification

compose/images/test-api/Dockerfile

@@ -0,0 +1,3 @@
+FROM maven:3.9.11-eclipse-temurin-21
+
+WORKDIR /workspace

compose/images/test-mobile/Dockerfile

@@ -0,0 +1,3 @@
+FROM maven:3.9.11-eclipse-temurin-21
+
+WORKDIR /workspace

compose/images/test-selenium/Dockerfile

@@ -0,0 +1,9 @@
+FROM maven:3.9.11-eclipse-temurin-21
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        chromium \
+        chromium-driver \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /workspace

compose/jenkins/Dockerfile

@@ -0,0 +1,26 @@
+FROM jenkins/jenkins:2.541.3-lts-jdk21
+
+USER root
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        ca-certificates \
+        curl \
+        git \
+        docker.io \
+        python3 \
+        python3-pip \
+        unzip \
+    && rm -rf /var/lib/apt/lists/*
+
+ARG ALLURE_VERSION=2.29.0
+RUN curl -fsSL -o /tmp/allure.zip \
+      "https://github.com/allure-framework/allure2/releases/download/${ALLURE_VERSION}/allure-${ALLURE_VERSION}.zip" \
+    && unzip -q /tmp/allure.zip -d /opt \
+    && ln -s "/opt/allure-${ALLURE_VERSION}" /opt/allure \
+    && ln -s /opt/allure/bin/allure /usr/local/bin/allure \
+    && rm -f /tmp/allure.zip
+
+COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
+RUN jenkins-plugin-cli --plugin-file /usr/share/jenkins/ref/plugins.txt
+
+USER jenkins

compose/jenkins/casc/jenkins.yaml

@@ -0,0 +1,45 @@
+credentials:
+  system:
+    domainCredentials:
+      - credentials:
+          - usernamePassword:
+              id: "jenkins-admin-userpass"
+              scope: GLOBAL
+              username: "${JENKINS_ADMIN_ID}"
+              password: "${JENKINS_ADMIN_PASSWORD}"
+
+jenkins:
+  systemMessage: "Jenkins is configured by code (Docker + JCasC + JJB + Ansible)."
+  numExecutors: 0
+  mode: EXCLUSIVE
+  securityRealm:
+    local:
+      allowsSignup: false
+      users:
+        - id: "${JENKINS_ADMIN_ID}"
+          password: "${JENKINS_ADMIN_PASSWORD}"
+  authorizationStrategy:
+    loggedInUsersCanDoAnything:
+      allowAnonymousRead: false
+  crumbIssuer:
+    standard:
+      excludeClientIPFromCrumb: false
+  globalNodeProperties:
+    - envVars:
+        env:
+          - key: JENKINS_URL_INTERNAL
+            value: "http://jenkins:8080"
+          - key: OTUS_WORKSPACE_ROOT
+            value: "/workspace/otus-autotests"
+          - key: MOBILE_DB_PASSWORD
+            value: "${MOBILE_DB_PASSWORD}"
+
+unclassified:
+  location:
+    url: "${JENKINS_URL_PUBLIC}"
+
+tool:
+  allure:
+    installations:
+      - name: "allure"
+        home: "/opt/allure"

compose/jenkins/plugins.txt

@@ -0,0 +1,13 @@
+workflow-aggregator
+git
+credentials
+credentials-binding
+matrix-project
+docker-workflow
+allure-jenkins-plugin
+configuration-as-code
+swarm
+ansicolor
+timestamper
+build-user-vars-plugin
+pipeline-utility-steps

compose/jobs_uploader/Dockerfile

@@ -0,0 +1,14 @@
+FROM python:3.12-slim
+
+WORKDIR /opt/jobs_uploader
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends curl \
+    && rm -rf /var/lib/apt/lists/* \
+    && pip install --no-cache-dir jinja2 "setuptools<81" "jenkins-job-builder>=6.4.3"
+
+COPY entrypoint.sh /opt/jobs_uploader/entrypoint.sh
+
+RUN chmod +x /opt/jobs_uploader/entrypoint.sh
+
+ENTRYPOINT ["/opt/jobs_uploader/entrypoint.sh"]

compose/jobs_uploader/entrypoint.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+set -eu
+
+export JENKINS_HOSTNAME="${JENKINS_HOSTNAME:?JENKINS_HOSTNAME is required}"
+export JENKINS_USERNAME="${JENKINS_USERNAME:?JENKINS_USERNAME is required}"
+export JENKINS_PASSWORD="${JENKINS_PASSWORD:?JENKINS_PASSWORD is required}"
+export JJB_PATH="${JJB_PATH:?JJB_PATH is required}"
+
+cat > /tmp/jenkins-job-builder.ini <<EOF
+[job_builder]
+ignore_cache=True
+keep_descriptions=True
+recursive=True
+
+[jenkins]
+url=${JENKINS_HOSTNAME}
+user=${JENKINS_USERNAME}
+password=${JENKINS_PASSWORD}
+EOF
+
+echo "Waiting for Jenkins at ${JENKINS_HOSTNAME}..."
+until curl -fsS "${JENKINS_HOSTNAME}/login" >/dev/null; do
+  sleep 5
+done
+
+echo "Uploading jobs from ${JJB_PATH}..."
+jenkins-jobs --conf /tmp/jenkins-job-builder.ini --flush-cache update "${JJB_PATH}"
+
+echo "Jobs upload completed."

compose/nginx/default.conf

@@ -0,0 +1,16 @@
+server {
+    listen 80 default_server;
+    server_name _;
+
+    location / {
+        proxy_pass http://jenkins:8080;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_request_buffering off;
+    }
+}

compose/scripts/build_and_push_images.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+REGISTRY="${1:-localhost:5005}"
+TAG="${2:-1.0.0}"
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+RETRIES="${RETRIES:-6}"
+RETRY_DELAY_SEC="${RETRY_DELAY_SEC:-15}"
+
+retry_cmd() {
+  local attempt=1
+  local max_attempts="$1"
+  shift
+
+  until "$@"; do
+    if [ "${attempt}" -ge "${max_attempts}" ]; then
+      echo "Command failed after ${attempt} attempts: $*"
+      return 1
+    fi
+    echo "Attempt ${attempt}/${max_attempts} failed: $*"
+    attempt=$((attempt + 1))
+    sleep "${RETRY_DELAY_SEC}"
+  done
+}
+
+prepull_base_images() {
+  local images=(
+    "eclipse-temurin:21-jre"
+    "maven:3.9.11-eclipse-temurin-21"
+    "python:3.12-slim"
+  )
+  for image in "${images[@]}"; do
+    echo "Pulling base image ${image}"
+    retry_cmd "${RETRIES}" docker pull "${image}"
+  done
+}
+
+build_and_push() {
+  local image_name="$1"
+  local context_dir="$2"
+  local full_image="${REGISTRY}/${image_name}:${TAG}"
+  echo "Building ${full_image}"
+  retry_cmd "${RETRIES}" docker build -t "${full_image}" "${context_dir}"
+  echo "Pushing ${full_image}"
+  retry_cmd "${RETRIES}" docker push "${full_image}"
+}
+
+prepull_base_images
+build_and_push "otus/slave-maven" "${ROOT_DIR}/images/slave-maven"
+build_and_push "otus/slave-jjb" "${ROOT_DIR}/images/slave-jjb"
+build_and_push "otus/test-selenium" "${ROOT_DIR}/images/test-selenium"
+build_and_push "otus/test-api" "${ROOT_DIR}/images/test-api"
+build_and_push "otus/test-mobile" "${ROOT_DIR}/images/test-mobile"