Role jenkins/configure

Base configuration for jenkins.

  • Authentication
  • Authorization
  • Users
  • Admin email and url.
Role jenkins configuration
Become:

No

Defaults:
  • jenkins_default_authentication_strategy – Default authentication strategy (hudson_private)
  • jenkins_default_authorization_strategy – Default authorization strategy (project_matrix)
Parameters:
  • jenkins_home – Jenkins instance home.
  • authentication_strategy – Authentication strategy to configure (default: jenkins_default_authentication_strategy)
  • authorization_strategy – Authorization strategy to configure (default: jenkins_default_authorization_strategy)
  • users – A list of users to create. Read the comments below.
  • admin_email – Admin email address.
  • url – Jenkins url.
  • system_message – System message. (default: “Provisioned with ansible, all changes will be lost”)
  • number_of_executors – Number of executors (default: 2)
  • node_mode – Node usage method. Valid values are “NORMAL” and “EXCLUSIVE” (default: “NORMAL”)
  • node_labels – Node labels as string. (default: “”)

Authentication

Set authentication_strategy to one of the following values.

Jenkins’ own user database
hudson_private
Disable Security
no_authentication
LDAP
not yet implemented
Unix user/group database
not yet implemented

Authorization

Set authorization_strategy to one of the following values.

Anyone can do anything
no_authorization
Logged-in user can do anything
full_control_once_logged_in
Matrix-based security
global_matrix
Project-base Matrix Authorization Strategy
project_matrix

Permissions

Jenkins permissions have string presentation. They consist of <group>.<permission>.

These are the group names for some permissions. The given category is from jenkins Configure Global Sercurity Page. To give a permission just append the permission to the group (eg. hudson.model.Hudson.Administer). In doubt configure the permission manually apply and check the jenkins/config.xml file in JENKINS_HOME

Overall
hudson.model.Hudson
Credentials
com.cloudbees.plugins.credentials.CredentialsProvider
Slave
hudson.model.Computer
Job
hudson.model.Item
Run
hudson.model.Run
View
hudson.model.View
SCM
hudson.scm.SCM

Users

If set users is expected to be a list of hashes to define the users to create.

Only the authentication strategy hudson_private support creating users in jenkins.

Only for authorization strategy project_matrix and global_matrix permissions are configurable. Authentication strategy does not matter for permissions. Unless its no_authentication.

The password will never be changed if the user already exists.

Example configuration:

users: [
  {
  id: 'admin',
  password: 'admin',
  fullname: "Technical Administration Account",
  email: 'admin@example.com',
  permissions: [ "hudson.model.Hudson.Administer" ]
  },
  {
  id: 'mjansen',
  password: 'mjansen',
  email: 'mjansen@example.com',
  fullname: "Michael Jansen",
  permissions: [ "hudson.model.Hudson.Administer" ]
  },
  {
  id: 'test1',
  password: 'mjansen',
  email: 'mjansen@example.com',
  fullname: "Michael Jansen",
  permissions: [
    "hudson.model.Computer.Configure",
    "hudson.model.Item.Discover",
    "hudson.model.View.Delete",
    "hudson.model.Run.Update",
    "com.cloudbees.plugins.credentials.CredentialsProvider.Update" ]
  }
]