117 lines
3.9 KiB
YAML
117 lines
3.9 KiB
YAML
---
|
|
- name: Configure NPM firewall for Jenkins SSH proxy
|
|
hosts: npm
|
|
become: true
|
|
gather_facts: true
|
|
|
|
vars:
|
|
jenkins_ssh_proxy_port: 2222
|
|
|
|
tasks:
|
|
- name: Display current NPM firewall status
|
|
ansible.builtin.shell: ufw status numbered
|
|
register: ufw_before
|
|
changed_when: false
|
|
|
|
- name: Show current firewall rules
|
|
ansible.builtin.debug:
|
|
msg: "{{ ufw_before.stdout_lines }}"
|
|
|
|
- name: Allow Jenkins SSH proxy port
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "{{ jenkins_ssh_proxy_port }}"
|
|
proto: tcp
|
|
comment: "Jenkins SSH proxy"
|
|
|
|
- name: Display updated firewall status
|
|
ansible.builtin.shell: ufw status numbered
|
|
register: ufw_after
|
|
changed_when: false
|
|
|
|
- name: Show updated firewall rules
|
|
ansible.builtin.debug:
|
|
msg: "{{ ufw_after.stdout_lines }}"
|
|
|
|
- name: Update NPM host_vars file
|
|
ansible.builtin.blockinfile:
|
|
path: "{{ playbook_dir }}/../host_vars/npm.yml"
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK - Jenkins SSH Proxy"
|
|
block: |
|
|
# Jenkins SSH proxy port (TCP stream forwarding)
|
|
# Stream configuration must be created in NPM UI:
|
|
# Incoming Port: {{ jenkins_ssh_proxy_port }}
|
|
# Forwarding Host: 192.168.200.91
|
|
# Forwarding Port: 22
|
|
create: false
|
|
delegate_to: localhost
|
|
become: false
|
|
|
|
- name: Check if NPM container is running
|
|
ansible.builtin.shell: docker ps --filter "name=nginx" --format "{{ '{{.Names}}' }}"
|
|
register: npm_containers
|
|
changed_when: false
|
|
|
|
- name: Display NPM containers
|
|
ansible.builtin.debug:
|
|
msg: "{{ npm_containers.stdout_lines }}"
|
|
|
|
- name: Instructions for NPM UI configuration
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "===== NPM Configuration Required ====="
|
|
- ""
|
|
- "Firewall configured successfully! Port {{ jenkins_ssh_proxy_port }} is now open."
|
|
- ""
|
|
- "Next steps - Configure NPM Stream:"
|
|
- ""
|
|
- "1. Login to NPM Web UI:"
|
|
- " URL: http://192.168.200.71:81"
|
|
- " Default: admin@example.com / changeme"
|
|
- ""
|
|
- "2. Create TCP Stream:"
|
|
- " - Click 'Streams' in sidebar"
|
|
- " - Click 'Add Stream'"
|
|
- " - Incoming Port: {{ jenkins_ssh_proxy_port }}"
|
|
- " - Forwarding Host: 192.168.200.91"
|
|
- " - Forwarding Port: 22"
|
|
- " - TCP Forwarding: Enabled"
|
|
- " - UDP Forwarding: Disabled"
|
|
- " - Click 'Save'"
|
|
- ""
|
|
- "3. Test the proxy:"
|
|
- " ssh -p {{ jenkins_ssh_proxy_port }} dlxadmin@192.168.200.71"
|
|
- " (Should connect to jenkins server)"
|
|
- ""
|
|
- "4. Update Jenkins agent configuration:"
|
|
- " - Go to: http://192.168.200.91:8080/computer/"
|
|
- " - Click on the agent"
|
|
- " - Click 'Configure'"
|
|
- " - Change Host: 192.168.200.71"
|
|
- " - Change Port: {{ jenkins_ssh_proxy_port }}"
|
|
- " - Save and launch agent"
|
|
- ""
|
|
- "Documentation: docs/NPM-SSH-PROXY-FOR-JENKINS.md"
|
|
|
|
- name: Test Jenkins SSH connectivity through NPM (manual verification)
|
|
hosts: localhost
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Test instructions
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- ""
|
|
- "===== Testing Checklist ====="
|
|
- ""
|
|
- "After configuring NPM stream, run these tests:"
|
|
- ""
|
|
- "Test 1 - SSH through NPM:"
|
|
- " ssh -p 2222 dlxadmin@192.168.200.71"
|
|
- ""
|
|
- "Test 2 - Jenkins user SSH:"
|
|
- " ansible jenkins -m shell -a 'sudo -u jenkins ssh -p 2222 -o StrictHostKeyChecking=no -i /var/lib/jenkins/.ssh/id_rsa dlxadmin@192.168.200.71 hostname' -b"
|
|
- ""
|
|
- "Test 3 - Launch agent in Jenkins UI:"
|
|
- " http://192.168.200.91:8080/computer/"
|