matt/jenkinsfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cosmos kiosk jenkinsfile

Browse Source
This commit is contained in:
Matt
2025-09-28 11:24:53 -07:00
parent ed077e7ba0
commit 7739896611
6 changed files with 315 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
Jenkinsfile.VCR-capture Normal file
View File

@ -0,0 +1,139 @@
pipeline {
agent any
// Define parameters
parameters {
string(name: 'host_ip', description: 'Target System Address')
string(name: 'new_hostname', defaultValue:"MCVCR", description: 'Update Hostname')
booleanParam(name: 'rename_endpoint', defaultValue: true, description: 'Uncheck to skip renaming of endpoint')
booleanParam(name: 'refresh_special', defaultValue: false, description: 'When checked perform a faster run that just updates the capture stack')
booleanParam(name: 'public_deploy', defaultValue: true, description: 'Uncheck this option to deploy private SSH key')
booleanParam(name: 'onboard_pi', defaultValue: false, description: 'Check this option to onboard a new FriendlyElec Device')
booleanParam(name: 'GUI_deploy', defaultValue: false, description: 'Check this option to set up GUI if possible')
booleanParam(name: 'jellyfin_deploy', defaultValue: false, description: 'Check this option to install Jellyfin')
booleanParam(name: 'extra_storage', defaultValue: false, description: 'Check this option to automatically configure the secondary storage. Be careful.')
}
environment {
ANSIBLE_FORCE_COLOR = '1'
PXE_API_KEY = credentials('PXE_API_KEY')
matt_public_key = credentials('matt_public_key')
matt_private_key = credentials('matt_private_key')
cosmos_password = credentials('cosmos_password')
cosmos_root_password = credentials('cosmos_root_password')
jenkins_public_key = credentials('jenkins_public_key')
}
options {
ansiColor('xterm')
}
stages {
stage('Inject Auth Key') {
when {
expression { params.onboard_pi }
}
steps {
script{
// clear ssh keys
echo "Target IP: ${params.host_ip}"
sh """
ssh-keygen -f "/root/.ssh/known_hosts" -R "${params.host_ip}"
"""
}
script{
sh """
echo Copy public key to pi home dir
sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo ${env.jenkins_public_key} > /home/pi/authorized_keys"
"""
}
script{
sh """
echo Make sure /root/.ssh exists
sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S mkdir -p /root/.ssh/"
"""
}
script{
sh """
echo Move public key to root
sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S mv /home/pi/authorized_keys /root/.ssh/authorized_keys"
"""
}
script{
sh """
echo Restrict permissions on file
sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S chmod -R 600 /root/.ssh/"
"""
}
script{
sh """
echo Set owner to root
sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S chown -R root:root /root/.ssh/"
"""
}
}
}
stage('Generate Inventory File') {
steps {
// Generate the dynamic inventory file
sh """
cd /var/jenkins_home/ansible
chmod +x /var/jenkins_home/ansible/inventory/inventory.sh
/var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip}
"""
}
}
stage('Ansible Playbook') {
steps {
//Run the VCR-captute ansible playbook
// /workspace/ansible/playbooks/cosmos-base.yaml
sh """
echo ${params.host_ip}
hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8)
inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml"
cd /var/jenkins_home/ansible
ansible-playbook -i \$inventory_file \
/var/jenkins_home/ansible/playbooks/VCR-capture.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \
--extra-vars "docker_full=false no_vpn=true add_domain=false \
matt_public_key='${env.matt_public_key}' matt_private_key='${env.matt_private_key}' \
cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' \
new_hostname=${params.new_hostname} refresh_special=${params.refresh_special} \
rename_host=${params.rename_endpoint} onboard_pi=${params.onboard_pi} \
public_deploy=${params.public_deploy} jellyfin_deploy=${params.jellyfin_deploy} \
GUI_deploy=${params.GUI_deploy} extra_storage=${params.extra_storage} "
"""
}
}
}
post {
always {
// Remove dynamic Inventory file
sh """
hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8)
inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml"
rm \$inventory_file
"""
}
}
}

2
Jenkinsfile.cosmos-base
View File

@ -61,7 +61,7 @@ pipeline {
--extra-vars "new_hostname=${params.new_hostname}.home.cosmos saturn_behemoth=${env.SATURN_BEHEMOTH} rename_host=${params.rename_host} \
reboot_host=${params.reboot_host} config_matt=${params.config_matt} docker_full=true \
kde_full=true apps_list=${env.APPS_LIST} linux_ldap_pwd=${env.LINUX_LDAP_PWD} \
install_LDAP=${params.install_LDAP} MATT_PASSWORD=${env.MATT_PASSWORD} remove_default_vpn=${params.remove_default_vpn} \
install_LDAP=${params.install_LDAP} MATT_PASSWORD=${env.MATT_PASSWORD} no_vpn=${params.remove_default_vpn} \
matt_public_key='${env.matt_public_key}' matt_private_key='${env.matt_private_key}' \
cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' "

161
Jenkinsfile.cosmos-kiosk Normal file
View File

@ -0,0 +1,161 @@
pipeline {
agent any
// Define parameters
parameters {
string(name: 'host_ip', description: 'Target System Address')
text(name: 'kiosk_variable', defaultValue: '- chrome_website: "http://localhost:8081"\n service_name: user_stream_control\n service_description: "VCR Capture User Stream Control"\n extra_service_configs: ""\n user_data_dir: "/opt/chrome/one"\n extra_chrome_configs: |\n --window-size="470,1080" \\\n --user-data-dir=/opt/chrome/one \\\n- chrome_website: "http://localhost:8888/stream"\n service_name: stream_preview\n service_description: "VCR Capture Preview Stream"\n extra_service_configs: ""\n user_data_dir: "/opt/chrome/two"\n extra_chrome_configs: |\n --window-size="1440,1080" \\\n --user-data-dir=/opt/chrome/two \\\n --window-position="480,0" \\\n', description: 'Kiosk variables to deploy, default example should show everything you might need. It is processed as an ansible variable')
string(name: 'new_hostname', defaultValue: 'MC-Kiosk', description: 'Update Hostname')
booleanParam(name: 'rename_endpoint', defaultValue: true, description: 'Uncheck to skip renaming of endpoint')
booleanParam(name: 'add_domain', defaultValue: true, description: 'When checked hostname will have home.cosmos appended')
booleanParam(name: 'install_docker', defaultValue: true, description: 'When checked docker packages are installed and portainer started on 9100')
booleanParam(name: 'public_deploy', defaultValue: true, description: 'Uncheck this option to deploy private SSH key')
booleanParam(name: 'onboard_pi', defaultValue: false, description: 'Check this option to onboard a new FriendlyElec Device')
booleanParam(name: 'install_python', defaultValue: false, description: 'Check this option to install python packages')
booleanParam(name: 'refresh_special', defaultValue: false, description: 'When checked the autologin account and kiosk are refreshed only')
booleanParam(name: 'force_x11', defaultValue: false, description: 'Check this option to force X11 Display Manager')
}
environment {
ANSIBLE_FORCE_COLOR = '1'
matt_public_key = credentials('matt_public_key')
matt_private_key = credentials('matt_private_key')
cosmos_password = credentials('cosmos_password')
cosmos_root_password = credentials('cosmos_root_password')
jenkins_public_key = credentials('jenkins_public_key')
}
options {
ansiColor('xterm')
}
stages {
stage('Inject Auth Key') {
when {
expression { params.onboard_pi }
}
steps {
script{
// clear ssh keys
echo "Target IP: ${params.host_ip}"
sh """
ssh-keygen -f "/root/.ssh/known_hosts" -R "${params.host_ip}"
"""
}
script{
sh """
echo Copy public key to pi home dir
sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo ${env.jenkins_public_key} > /home/pi/authorized_keys"
"""
}
script{
sh """
echo Make sure /root/.ssh exists
sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S mkdir -p /root/.ssh/"
"""
}
script{
sh """
echo Move public key to root
sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S mv /home/pi/authorized_keys /root/.ssh/authorized_keys"
"""
}
script{
sh """
echo Restrict permissions on file
sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S chmod -R 600 /root/.ssh/"
"""
}
script{
sh """
echo Set owner to root
sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S chown -R root:root /root/.ssh/"
"""
}
}
}
stage('Generate Inventory File') {
steps {
// Generate the dynamic inventory file
// Also overwrite the kiosk variabl yaml
sh """
cd /var/jenkins_home/ansible
chmod +x /var/jenkins_home/ansible/inventory/inventory.sh
/var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip}
hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8)
kiosk_yaml=/var/jenkins_home/ansible/roles/chrome_kiosk/files/kiosk-\$hash.yaml
echo --- > \$kiosk_yaml
echo kiosk_service_templates: >> \$kiosk_yaml
echo '${params.kiosk_variable}' >> \$kiosk_yaml
echo ... >> \$kiosk_yaml
ls -lah /var/jenkins_home/ansible/roles/chrome_kiosk/files/*.yaml
cat \$kiosk_yaml
"""
}
}
stage('Ansible Playbook') {
steps {
//Run the cosmos-base ansible playbook
// /workspace/ansible/playbooks/cosmos-base.yaml
sh """
echo ${params.host_ip}
hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8)
inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml"
kiosk_yaml=/var/jenkins_home/ansible/roles/chrome_kiosk/files/kiosk-\$hash.yaml
cd /var/jenkins_home/ansible
ansible-playbook -i \$inventory_file \
/var/jenkins_home/ansible/playbooks/cosmos-kiosk.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \
--extra-vars "docker_full=false no_vpn=true \
matt_public_key='${env.matt_public_key}' matt_private_key='${env.matt_private_key}' \
cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' \
new_hostname=${params.new_hostname} public_deploy=${params.public_deploy} \
rename_host=${params.rename_endpoint} onboard_pi=${params.onboard_pi} \
add_domain=${params.add_domain} install_docker=${params.install_docker} \
install_python=${params.install_python} refresh_special=${params.refresh_special} \
force_x11=${params.force_x11} kiosk_yaml='\$kiosk_yaml'"
"""
}
}
}
post {
always {
// Remove dynamic Inventory file
// Remove group_vars file
sh """
hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8)
inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml"
kiosk_yaml=/var/jenkins_home/ansible/roles/chrome_kiosk/files/kiosk-\$hash.yaml
rm \$inventory_file
rm \$kiosk_yaml
"""
}
}
}

10
Jenkinsfile.cosmos-server
View File

@ -1,6 +1,5 @@
pipeline {
agent any
// Define parameters
parameters {
string(name: 'host_ip', description: 'Target System Address')
@ -11,16 +10,20 @@ pipeline {
// choice(name: 'DEPLOY_ENV', choices: ['dev', 'staging', 'prod'], description: 'Environment to deploy to')
booleanParam(name: 'install_docker', defaultValue: true, description: 'When checked docker packages are installed and portainer started on 9100')
booleanParam(name: 'install_LDAP', defaultValue: false, description: 'When checked LDAP integration is installed with NSLCD')
choice(name: 'special_server', choices: ['none', 'Octoprint', 'Kodi', 'Timelapse', 'Build ISO', 'Jenkins VPN', 'Net Bridge', 'Carputer', 'VCR Capture'], description: 'Choose special server install if desired')
// this now needs to have the case sensitive name of the role to run
choice(name: 'special_server', choices: ['none', 'octoprint', 'kodi', 'timelapse', 'pxe_server', 'jenkins_vpn', 'net_bridge', 'carputer', 'video_capture'], description: 'Choose special server install if desired')
booleanParam(name: 'refresh_special', defaultValue: false, description: 'When checked only the special server step is run')
booleanParam(name: 'no_vpn', defaultValue: false, description: 'Check this option to remove default cosmos VPN')
booleanParam(name: 'public_deploy', defaultValue: true, description: 'Uncheck this option to deploy private SSH key')
booleanParam(name: 'onboard_pi', defaultValue: false, description: 'Check this option to onboard a new FriendlyElec Device')
booleanParam(name: 'install_python', defaultValue: false, description: 'Check this option to install python packages')
booleanParam(name: 'skip_nvidia', defaultValue: false, description: 'Check this option to skip nvidia driver install')
}
environment {
ANSIBLE_FORCE_COLOR = '1'
SATURN_BEHEMOTH = credentials('SATURN_BEHEMOTH')
@ -133,7 +136,8 @@ pipeline {
PXE_API_KEY=${PXE_API_KEY} no_vpn=${params.no_vpn} add_domain=${params.add_domain} \
matt_public_key='${env.matt_public_key}' matt_private_key='${env.matt_private_key}' \
cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' \
tesla_api_key='${tesla_api_key}' public_deploy=${params.public_deploy}"
tesla_api_key='${tesla_api_key}' public_deploy=${params.public_deploy} \
install_python=${params.install_python} skip_nvidia=${params.skip_nvidia} "
"""
}

2
Jenkinsfile.lldp-scanner
View File

@ -49,7 +49,7 @@ pipeline {
/var/jenkins_home/ansible/playbooks/lldp-scan.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \
--extra-vars "new_hostname=MC-LLDP fixed_size='--window-size=${params.chrome_resolution}' \
run_test=${params.run_test} rename_host=true refresh_only=${params.refresh_only} \
public_deploy=true remove_default_vpn=true matt_public_key='${env.matt_public_key}' \
public_deploy=true no_vpn=true matt_public_key='${env.matt_public_key}' \
cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' "
"""

12
Jenkinsfile.pxe-server
View File

@ -4,17 +4,17 @@ pipeline {
// Define parameters
parameters {
//booleanParam(name: 'deploy_iso', defaultValue: true, description: 'Deploy extra ISO boot options - will increase pipeline runtime.')
string(name: 'host_ip', defaultValue: '172.20.20.40', description: 'PXE Server IP Address')
string(name: 'host_ip', defaultValue: '172.20.20.41', description: 'PXE Server IP Address')
string(name: 'iface', defaultValue: 'eth1', description: 'Listen interface for PXE')
string(name: 'server_ip', defaultValue: '172.29.1.10', description: 'IP address for DHCP server, might not match the target IP such as in the default case where I have two interfaces')
string(name: 'router_ip', defaultValue: '172.29.1.1', description: 'IP Address for router')
string(name: 'router_ip', defaultValue: '172.29.1.10', description: 'IP Address for router')
string(name: 'dhcp_subnet', defaultValue: '172.29.1.0', description: 'Default Subnet for DHCP server')
string(name: 'dhcp_netmask', defaultValue: '255.255.255.0', description: 'Default netmask for DHCP server')
string(name: 'dhcp_start', defaultValue: '172.29.1.100', description: 'DHCP start IP')
string(name: 'dhcp_end', defaultValue: '172.29.1.150', description: 'DHCP end IP')
booleanParam(name: 'configure_routing', defaultValue: false, description: 'Check this option to configure the PXE server to be the gateway for the dhcp network')
string(name: 'dhcp_start', defaultValue: '172.29.1.50', description: 'DHCP start IP')
string(name: 'dhcp_end', defaultValue: '172.29.1.250', description: 'DHCP end IP')
booleanParam(name: 'configure_routing', defaultValue: true, description: 'Check this option to configure the PXE server to be the gateway for the dhcp network')
string(name: 'inet_iface', defaultValue: 'eth0', description: 'Interface for internet if enabling routing')
booleanParam(name: 'refresh_only', defaultValue: false, description: 'Only run the PXE Role to refresh configs')
booleanParam(name: 'refresh_only', defaultValue: true, description: 'Only run the PXE Role to refresh configs')
}
environment {