ci: Use lockable resource to enforce serial runs
It is important that only one configuration management job run at a time. Currently, this is enforced by having only one agent with the *ansible* label, and that agent has only one executor. This is not an ideal solution, because it requires maintaining a separate machine for this purpose. The *Lockable Resources Plugin* provides an alternate solution to this problem. Using this plugin, jobs can acquire an exclusive lock on a "resource" that prevents other jobs that require the same resource from running. Any job that starts while the lock is held will wait until it is released before executing. This will enforce the same serial execution policy, but does not require a separate, dedicated machine. Jobs will be able to run on any executor with the appropriate label. Using this option, it is now possible to run configuration management jobs on the normal agents, defining the execution environment in a Docker image, so the *cm0.pyrocufflink.blue* agent can be decommissioned.jenkins-master
parent
f368938550
commit
b7381b3fb1
|
|
@ -0,0 +1,15 @@
|
|||
FROM fedora:29
|
||||
|
||||
RUN useradd -l -u 3000018 jenkins
|
||||
|
||||
RUN dnf install -y \
|
||||
ansible \
|
||||
krb5-workstation \
|
||||
openssh-clients \
|
||||
python3-dns \
|
||||
python3-netaddr \
|
||||
--
|
||||
|
||||
COPY default-realm.krb5.conf /etc/krb5.conf.d/default-realm.conf
|
||||
|
||||
ENV LANG=en_US.UTF-8
|
||||
|
|
@ -2,13 +2,27 @@
|
|||
|
||||
pipeline {
|
||||
agent {
|
||||
label 'ansible'
|
||||
dockerfile {
|
||||
dir 'ci'
|
||||
args '''\
|
||||
-v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
||||
'''
|
||||
}
|
||||
}
|
||||
|
||||
options {
|
||||
lock 'cfgpol'
|
||||
timeout(time: 1, unit: 'HOURS')
|
||||
}
|
||||
|
||||
triggers {
|
||||
cron 'H H * * *'
|
||||
}
|
||||
|
||||
environment {
|
||||
KRB5CCNAME = "${WORKSPACE}/.krb5cc"
|
||||
}
|
||||
|
||||
stages {
|
||||
stage('kinit') {
|
||||
steps {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
[libdefaults]
|
||||
default_realm = PYROCUFFLINK.BLUE
|
||||
|
|
@ -2,13 +2,27 @@
|
|||
|
||||
pipeline {
|
||||
agent {
|
||||
label 'ansible'
|
||||
dockerfile {
|
||||
dir 'ci'
|
||||
args '''\
|
||||
-v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
||||
'''
|
||||
}
|
||||
}
|
||||
|
||||
options {
|
||||
lock 'cfgpol'
|
||||
timeout(time: 1, unit: 'HOURS')
|
||||
}
|
||||
|
||||
triggers {
|
||||
cron 'H H * * *'
|
||||
}
|
||||
|
||||
environment {
|
||||
KRB5CCNAME = "${WORKSPACE}/.krb5cc"
|
||||
}
|
||||
|
||||
stages {
|
||||
stage('kinit') {
|
||||
steps {
|
||||
|
|
|
|||
|
|
@ -2,7 +2,17 @@
|
|||
|
||||
pipeline {
|
||||
agent {
|
||||
label 'ansible'
|
||||
dockerfile {
|
||||
dir 'ci'
|
||||
args '''\
|
||||
-v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
||||
'''
|
||||
}
|
||||
}
|
||||
|
||||
options {
|
||||
lock 'cfgpol'
|
||||
timeout(time: 1, unit: 'HOURS')
|
||||
}
|
||||
|
||||
triggers {
|
||||
|
|
|
|||
|
|
@ -2,13 +2,27 @@
|
|||
|
||||
pipeline {
|
||||
agent {
|
||||
label 'ansible'
|
||||
dockerfile {
|
||||
dir 'ci'
|
||||
args '''\
|
||||
-v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
||||
'''
|
||||
}
|
||||
}
|
||||
|
||||
options {
|
||||
lock 'cfgpol'
|
||||
timeout(time: 1, unit: 'HOURS')
|
||||
}
|
||||
|
||||
triggers {
|
||||
cron 'H H * * *'
|
||||
}
|
||||
|
||||
environment {
|
||||
KRB5CCNAME = "${WORKSPACE}/.krb5cc"
|
||||
}
|
||||
|
||||
stages {
|
||||
stage('kinit') {
|
||||
steps {
|
||||
|
|
|
|||
|
|
@ -2,13 +2,27 @@
|
|||
|
||||
pipeline {
|
||||
agent {
|
||||
label 'ansible'
|
||||
dockerfile {
|
||||
dir 'ci'
|
||||
args '''\
|
||||
-v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
||||
'''
|
||||
}
|
||||
}
|
||||
|
||||
options {
|
||||
lock 'cfgpol'
|
||||
timeout(time: 1, unit: 'HOURS')
|
||||
}
|
||||
|
||||
triggers {
|
||||
cron 'H H * * *'
|
||||
}
|
||||
|
||||
environment {
|
||||
KRB5CCNAME = "${WORKSPACE}/.krb5cc"
|
||||
}
|
||||
|
||||
stages {
|
||||
stage('kinit') {
|
||||
steps {
|
||||
|
|
|
|||
|
|
@ -2,13 +2,27 @@
|
|||
|
||||
pipeline {
|
||||
agent {
|
||||
label 'ansible'
|
||||
dockerfile {
|
||||
dir 'ci'
|
||||
args '''\
|
||||
-v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
||||
'''
|
||||
}
|
||||
}
|
||||
|
||||
options {
|
||||
lock 'cfgpol'
|
||||
timeout(time: 1, unit: 'HOURS')
|
||||
}
|
||||
|
||||
triggers {
|
||||
cron 'H H * * *'
|
||||
}
|
||||
|
||||
environment {
|
||||
KRB5CCNAME = "${WORKSPACE}/.krb5cc"
|
||||
}
|
||||
|
||||
stages {
|
||||
stage('kinit') {
|
||||
steps {
|
||||
|
|
|
|||
|
|
@ -2,13 +2,27 @@
|
|||
|
||||
pipeline {
|
||||
agent {
|
||||
label 'ansible'
|
||||
dockerfile {
|
||||
dir 'ci'
|
||||
args '''\
|
||||
-v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
||||
'''
|
||||
}
|
||||
}
|
||||
|
||||
options {
|
||||
lock 'cfgpol'
|
||||
timeout(time: 1, unit: 'HOURS')
|
||||
}
|
||||
|
||||
triggers {
|
||||
cron 'H H * * *'
|
||||
}
|
||||
|
||||
environment {
|
||||
KRB5CCNAME = "${WORKSPACE}/.krb5cc"
|
||||
}
|
||||
|
||||
stages {
|
||||
stage('kinit') {
|
||||
steps {
|
||||
|
|
|
|||
|
|
@ -2,13 +2,27 @@
|
|||
|
||||
pipeline {
|
||||
agent {
|
||||
label 'ansible'
|
||||
dockerfile {
|
||||
dir 'ci'
|
||||
args '''\
|
||||
-v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
|
||||
'''
|
||||
}
|
||||
}
|
||||
|
||||
options {
|
||||
lock 'cfgpol'
|
||||
timeout(time: 1, unit: 'HOURS')
|
||||
}
|
||||
|
||||
triggers {
|
||||
cron 'H H * * *'
|
||||
}
|
||||
|
||||
environment {
|
||||
KRB5CCNAME = "${WORKSPACE}/.krb5cc"
|
||||
}
|
||||
|
||||
stages {
|
||||
stage('kinit') {
|
||||
steps {
|
||||
|
|
|
|||
Loading…
Reference in New Issue