--- - name: Configure NPM firewall for Jenkins SSH proxy hosts: npm become: true gather_facts: true vars: jenkins_ssh_proxy_port: 2222 tasks: - name: Display current NPM firewall status ansible.builtin.shell: ufw status numbered register: ufw_before changed_when: false - name: Show current firewall rules ansible.builtin.debug: msg: "{{ ufw_before.stdout_lines }}" - name: Allow Jenkins SSH proxy port community.general.ufw: rule: allow port: "{{ jenkins_ssh_proxy_port }}" proto: tcp comment: "Jenkins SSH proxy" - name: Display updated firewall status ansible.builtin.shell: ufw status numbered register: ufw_after changed_when: false - name: Show updated firewall rules ansible.builtin.debug: msg: "{{ ufw_after.stdout_lines }}" - name: Update NPM host_vars file ansible.builtin.blockinfile: path: "{{ playbook_dir }}/../host_vars/npm.yml" marker: "# {mark} ANSIBLE MANAGED BLOCK - Jenkins SSH Proxy" block: | # Jenkins SSH proxy port (TCP stream forwarding) # Stream configuration must be created in NPM UI: # Incoming Port: {{ jenkins_ssh_proxy_port }} # Forwarding Host: 192.168.200.91 # Forwarding Port: 22 create: false delegate_to: localhost become: false - name: Check if NPM container is running ansible.builtin.shell: docker ps --filter "name=nginx" --format "{{ '{{.Names}}' }}" register: npm_containers changed_when: false - name: Display NPM containers ansible.builtin.debug: msg: "{{ npm_containers.stdout_lines }}" - name: Instructions for NPM UI configuration ansible.builtin.debug: msg: - "===== NPM Configuration Required =====" - "" - "Firewall configured successfully! Port {{ jenkins_ssh_proxy_port }} is now open." - "" - "Next steps - Configure NPM Stream:" - "" - "1. Login to NPM Web UI:" - " URL: http://192.168.200.71:81" - " Default: admin@example.com / changeme" - "" - "2. Create TCP Stream:" - " - Click 'Streams' in sidebar" - " - Click 'Add Stream'" - " - Incoming Port: {{ jenkins_ssh_proxy_port }}" - " - Forwarding Host: 192.168.200.91" - " - Forwarding Port: 22" - " - TCP Forwarding: Enabled" - " - UDP Forwarding: Disabled" - " - Click 'Save'" - "" - "3. Test the proxy:" - " ssh -p {{ jenkins_ssh_proxy_port }} dlxadmin@192.168.200.71" - " (Should connect to jenkins server)" - "" - "4. Update Jenkins agent configuration:" - " - Go to: http://192.168.200.91:8080/computer/" - " - Click on the agent" - " - Click 'Configure'" - " - Change Host: 192.168.200.71" - " - Change Port: {{ jenkins_ssh_proxy_port }}" - " - Save and launch agent" - "" - "Documentation: docs/NPM-SSH-PROXY-FOR-JENKINS.md" - name: Test Jenkins SSH connectivity through NPM (manual verification) hosts: localhost gather_facts: false tasks: - name: Test instructions ansible.builtin.debug: msg: - "" - "===== Testing Checklist =====" - "" - "After configuring NPM stream, run these tests:" - "" - "Test 1 - SSH through NPM:" - " ssh -p 2222 dlxadmin@192.168.200.71" - "" - "Test 2 - Jenkins user SSH:" - " ansible jenkins -m shell -a 'sudo -u jenkins ssh -p 2222 -o StrictHostKeyChecking=no -i /var/lib/jenkins/.ssh/id_rsa dlxadmin@192.168.200.71 hostname' -b" - "" - "Test 3 - Launch agent in Jenkins UI:" - " http://192.168.200.91:8080/computer/"