setup,ansible,win: refactor Windows and move to ansible

This removes all Windows machines from both `ansible/` and `setup/` inventories. The new scripts added here should only be used to create new machines for now, the inventory will be reviewed later. The `windows-servers.md` files in secrets have the current updated list of Windows machines. PR-URL: #1383 Reviewed-By: Jon Moss <me@jonathanmoss.me>
nodejs · Jun 29, 2018 · 054bb4e · 054bb4e
1 parent 55714b8
commit 054bb4e
Show file tree

Hide file tree

Showing 32 changed files with 356 additions and 352 deletions.
diff --git a/ansible/README.md b/ansible/README.md
@@ -5,8 +5,9 @@
 
 ## Getting started
 
-1. Install Ansible 2.2.0 or newer: `pip install ansible`. If you use brew, then
-   `brew install python2 ansible`, and then run
+1. Follow the [instructions to install the latest version of Ansible][ansible-install].
+   * In most cases, using pip: `pip install ansible`.
+   * If you use brew, then `brew install python2 ansible`, and then run
    `export PYTHONPATH=$(pip2 show pyyaml | grep Location | awk '{print $2}') `
    before you use `ansible-playbook`.
 2. Read this document.
@@ -16,16 +17,31 @@
 ## Getting things done
 
 Most of your work will probably include editing `inventory.yml`, followed by
-running one (or multiple) of below playbooks. If you're adding a new host,
-limiting ansible to just running on that host is probably quicker:
+running one (or multiple) of below playbooks.
+
+See the [manual setup instructions](../doc/non-ansible-configuration-notes.md)
+for how to prepare both the control and target machines to run the commands
+below. To ensure that the secrets are in place and test the connection to a
+host use:
+
+```console
+$ ansible test-digitalocean-debian8-x64-1 -m ping -vvvv
+## Or, for Windows hosts:
+$ ansible test-rackspace-win2008r2-x64-1 -m win_ping -vvvv
+```
+
+If you're adding a new host, limiting Ansible to just running on that host is
+probably quicker. In fact, you most likely want to use `--limit` for everything
+when you just need to edit a few set of hosts:
 
 ```console
 $ ansible-playbook playbooks/jenkins/worker/create.yml \
-    --limit "test-digitalocean-debian8-x64-1"
+    --limit "test-digitalocean-debian8-x64-1" -vv
 ```
 
-..in fact, you most likely want to use `--limit` for everything when you just
-need to edit a few set of hosts.
+If you only want to run a specific set of steps, you can use `--step`. This is
+useful when developing playbooks and when you want to be sure that only a few
+steps are executed, to avoid disrupting the machines.
 
 These playbooks are available to you:
 
@@ -194,5 +210,6 @@ Unsorted stuff of things we need to do/think about
 - [ ] github-bot: automate list of whitelisted Jenkins worker IPs with
       python
 
+[ansible-install]: https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
 [callback]: plugins/inventory/nodejs_yaml.py
 [github-bot]: https://github.com/nodejs/github-bot
diff --git a/ansible/inventory.yml b/ansible/inventory.yml
@@ -70,17 +70,6 @@ hosts:
 
     - azure:
         msft-ubuntu1404-x64-1: {ip: node-msft-cross-compiler-1.cloudapp.net}
-        win10-x64-1: {ip: 40.114.4.213, port: 55646}
-        win10-x64-2: {ip: 40.76.31.157, port: 61279}
-        win10-x64-3: {ip: 40.76.25.231, port: 60033}
-        win10-x64-4: {ip: 40.76.23.22, port: 58919}
-        win10-x64-5: {ip: 40.76.19.120, port: 60486}
-        win2008r2-x64-1: {ip: 104.209.213.11, port: 55511}
-        win2008r2-x64-2: {ip: 104.209.209.74, port: 55516}
-        win2008r2-x64-3: {ip: 104.209.215.1, port: 54886}
-        win2012r2-x64-1: {ip: 104.209.213.170, port: 54633}
-        win2012r2-x64-2: {ip: 104.209.212.27, port: 61718}
-        win2012r2-x64-3: {ip: 104.209.210.218, port: 52109}
 
     - digitalocean:
         centos5-x86-1: {ip: 192.241.250.186}
@@ -166,24 +155,6 @@ hosts:
         ubuntu1204-x64-1: {ip: 119.9.51.210}
         ubuntu1604-x64-1: {ip: 119.9.51.176}
         ubuntu1604-x64-2: {ip: 104.130.124.194}
-        win2008r2-x64-1: {ip: 104.130.225.148}
-        win2008r2-x64-2: {ip: 23.253.254.31}
-        win2008r2-x64-3: {ip: 104.130.8.178}
-        win2008r2-x64-4: {ip: 104.239.156.73}
-        win2008r2-x64-5: {ip: 104.239.231.190}
-        win2008r2-x64-6: {ip: 23.253.107.98}
-        win2012r2-x64-1: {ip: 104.130.175.153}
-        win2012r2-x64-2: {ip: 23.253.249.139}
-        win2012r2-x64-3: {ip: 162.242.241.50}
-        win2012r2-x64-4: {ip: 67.192.246.240}
-        win2012r2-x64-5: {ip: 104.239.174.16}
-        win2012r2-x64-6: {ip: 23.253.234.112}
-        win2012r2-x64-7: {ip: 162.242.247.5}
-        win2012r2-x64-8: {ip: 104.239.151.28}
-        win2012r2-x64-9: {ip: 104.239.231.87}
-        win2012r2-x64-10: {ip: 162.242.156.145}
-        win2012r2-x64-11: {ip: 162.242.235.179}
-        win2012r2-x64-12: {ip: 104.239.150.105}
 
     - requireio:
         andineck-debian9-armv6l_pi1p-1:         {ip: 192.168.2.42, user: pi}

diff --git a/ansible/playbooks/jenkins/worker/create-windows.yml b/ansible/playbooks/jenkins/worker/create-windows.yml
@@ -0,0 +1,31 @@
+---
+
+#
+# set up a jenkins worker -- muy bueno!
+#
+
+- hosts:
+  - "*-win*"
+
+  roles:
+    - bootstrap
+    - package-upgrade
+    - visual-studio
+    - baselayout-windows
+    - jenkins-worker-windows
+
+  pre_tasks:
+    - name: check if secret is properly set
+      fail:
+      failed_when: not secret
+    - name: check if the Visual Studio version to install is properly set
+      when: os|startswith("win")
+      fail:
+      failed_when: not vs
+
+  post_tasks:
+    - name: reboot Windows machines
+      when: os|startswith("win")
+      win_reboot:
+
+  environment: '{{remote_env}}'
diff --git a/ansible/playbooks/jenkins/worker/create.yml b/ansible/playbooks/jenkins/worker/create.yml
@@ -11,6 +11,7 @@
   - infra-softlayer-ubuntu1404-x64-2
   - "!test-joyent-freebsd10-x64-2"
   - "!test-rackspace-freebsd10-x64-1"
+  - "!*-win*"
 
   roles:
     - bootstrap

diff --git a/ansible/plugins/inventory/nodejs_yaml.py b/ansible/plugins/inventory/nodejs_yaml.py
@@ -105,11 +105,7 @@ def main():
                         hostname = '{}-{}{}{}'.format(host_type, provider_name,
                                                       delimiter, host)
 
-                        # no point in adding windows servers for now
-                        if 'win' in hostname:
-                            continue
-                        else:
-                            export[host_type]['hosts'].append(hostname)
+                        export[host_type]['hosts'].append(hostname)
 
                         c = {}
 
@@ -135,8 +131,8 @@ def main():
                         if 'alias' in metadata:
                             c.update({'alias': metadata['alias']})
 
-                        if 'win' in hostname:
-                            c.update({'is_win': True})
+                        if 'vs' in metadata:
+                            c.update({'vs': metadata['vs']})
 
                         # add specific options from config
                         for option in ifilter(lambda s: s.startswith('hosts:'),

diff --git a/ansible/roles/baselayout-windows/tasks/main.yml b/ansible/roles/baselayout-windows/tasks/main.yml
@@ -0,0 +1,69 @@
+---
+
+#
+# Install Node build dependencies and other required software
+#
+
+- name: install NetWide Assembler
+  win_chocolatey: name=nasm
+
+- name: install Python 2
+  win_chocolatey: name=python2
+
+- block:
+  - name: install Git
+    win_chocolatey:
+      name: git
+      params: '/GitAndUnixToolsOnPath'
+  - name: enable long paths in Git
+    win_command: 'git config --global core.longpaths true'
+
+# Necessary for junit output in Jenkins jobs
+- name: install tap2junit
+  win_command: 'pip2 install tap2junit'
+
+# Necessary for the libuv test job
+- block:
+  - name: check if GYP is already cloned
+    win_stat: path='C:\gyp'
+    register: gyp_stat
+  - name: clone GYP repository
+    win_command: 'git clone https://chromium.googlesource.com/external/gyp C:\gyp'
+    when: not gyp_stat.stat.exists
+  - name: update GYP repository
+    win_command: 'git pull'
+    args: { chdir: 'C:\gyp' }
+    when: gyp_stat.stat.exists
+
+# Necessary for releases of older versions of Node
+- block:
+  - name: create node-icu directory
+    win_file: path='C:\\node-icu' state=directory
+  - name: download ICU2C 54 zip
+    win_get_url:
+      url: 'http://download.icu-project.org/files/icu4c/54.1/icu4c-54_1-src.zip'
+      dest: 'C:\node-icu\icu4c-54_1-src.zip'
+      force: no
+  - name: download ICU2C 55 zip
+    win_get_url:
+      url: 'http://download.icu-project.org/files/icu4c/55.1/icu4c-55_1-src.zip'
+      dest: 'C:\node-icu\icu4c-55_1-src.zip'
+      force: no
+  - name: download ICU2C 56 zip
+    win_get_url:
+      url: 'http://download.icu-project.org/files/icu4c/56.1/icu4c-56_1-src.zip'
+      dest: 'C:\node-icu\icu4c-56_1-src.zip'
+      force: no
+
+# Necessary for compressing the Node package
+- name: install 7Zip
+  win_chocolatey: name=7zip
+
+# Utilities
+- block:
+  - name: install Sysinternals Suite
+    win_chocolatey: name=sysinternals
+  - name: install Google Chrome
+    win_chocolatey: name=googlechrome
+  - name: install Notepad++
+    win_chocolatey: name=notepadplusplus
diff --git a/ansible/roles/baselayout/tasks/main.yml b/ansible/roles/baselayout/tasks/main.yml
@@ -30,7 +30,6 @@
   shell: coreadm -i /home/iojs/cores/core.%f.%p -e process -d global
 
 - name: disable sftp
-  when: not os|startswith("win")
   notify: restart sshd
   lineinfile: state=absent dest="{{ ssh_config }}" regexp=^Subsystem(\s+)sftp
 

diff --git a/ansible/roles/bootstrap/tasks/partials/win.yml b/ansible/roles/bootstrap/tasks/partials/win.yml
@@ -0,0 +1,28 @@
+---
+
+#
+# Windows bootstrap
+#
+
+- name: create TEMP directory
+  win_file: path='C:\TEMP' state=directory
+
+- block:
+  - name: set automatic logon user name
+    win_regedit:
+      path: "{{ autologon_regpath }}"
+      name: DefaultUsername
+      data: "{{ ansible_ssh_user }}"
+      type: string
+  - name: set automatic logon password
+    win_regedit:
+      path: "{{ autologon_regpath }}"
+      name: DefaultPassword
+      data: "{{ ansible_ssh_pass }}"
+      type: string
+  - name: enable automatic logon
+    win_regedit:
+      path: "{{ autologon_regpath }}"
+      name: AutoAdminLogon
+      data: 1
+      type: string
diff --git a/ansible/roles/bootstrap/vars/main.yml b/ansible/roles/bootstrap/vars/main.yml
@@ -1,3 +1,5 @@
 raspberry_pi: {
   apt_proxy: 'http://192.168.2.100:3142',
 }
+
+autologon_regpath: 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml
@@ -12,7 +12,6 @@
     name: "{{ inventory_hostname|replace('_', '-') }}"
 
 - name: disable sftp
-  when: not os|startswith("win")
   notify: restart sshd
   lineinfile:
     state: absent

diff --git a/...p/windows/resources/Jenkins-Shortcuts.ps1 → ...orker-windows/files/Jenkins-Shortcuts.ps1 b/...p/windows/resources/Jenkins-Shortcuts.ps1 → ...orker-windows/files/Jenkins-Shortcuts.ps1
diff --git a/ansible/roles/jenkins-worker-windows/tasks/main.yml b/ansible/roles/jenkins-worker-windows/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+
+#
+# Install the Jenkins worker
+#
+
+- name: install Java 8
+  win_chocolatey: name=jdk8
+
+- name: download Jenkins icon
+  win_get_url:
+    url: 'http://mirrors.jenkins-ci.org/art/jenkins-logo/favicon.ico'
+    dest: 'C:\jenkins.ico'
+    force: no
+
+- name: create jenkins.bat
+  win_template:
+    src: '../templates/jenkins.bat'
+    dest: 'C:\jenkins.bat'
+
+- name: create Jenkins shortcuts
+  script: '../files/Jenkins-Shortcuts.ps1'
diff --git a/ansible/roles/jenkins-worker-windows/templates/jenkins.bat b/ansible/roles/jenkins-worker-windows/templates/jenkins.bat
@@ -0,0 +1,7 @@
+C:
+cd \
+:start
+curl -L {{ jenkins_worker_jar }} -o {{ agent_path }}
+java -Dhudson.remoting.Launcher.pingIntervalSec=10 -jar {{ agent_path }} -jnlpUrl {{ jenkins_url }}/computer/{{ inventory_hostname }}/slave-agent.jnlp -secret {{ secret }}
+echo Restarting Jenkins...
+goto start
diff --git a/ansible/roles/jenkins-worker-windows/vars/main.yml b/ansible/roles/jenkins-worker-windows/vars/main.yml
@@ -0,0 +1,2 @@
+---
+agent_path: 'C:\jenkins_agent.jar'
diff --git a/ansible/roles/package-upgrade/tasks/partials/chocolatey.yml b/ansible/roles/package-upgrade/tasks/partials/chocolatey.yml
@@ -0,0 +1,32 @@
+---
+
+#
+# Updates Windows
+#
+
+- block:
+  - name: reboot machine to ensure no updates are pending
+    win_reboot:
+  - name: wait for Jenkins to start if already installed
+    win_shell: 'Start-Sleep -Seconds 10'
+  - name: stop Jenkins after reboot
+    win_shell: 'Get-WmiObject Win32_Process -Filter "(Name = ''cmd.exe'') AND (CommandLine LIKE ''%jenkins.bat%'')" | % {$_.Terminate()}'
+
+- name: download and install Windows updates
+  win_updates:
+  register: update_result
+
+- when: update_result.reboot_required
+  block:
+  - name: reboot machine if necessary
+    win_reboot:
+      reboot_timeout: 3600
+  - name: wait for Jenkins to start if already installed
+    win_shell: 'Start-Sleep -Seconds 10'
+  - name: stop Jenkins after reboot
+    win_shell: 'Get-WmiObject Win32_Process -Filter "(Name = ''cmd.exe'') AND (CommandLine LIKE ''%jenkins.bat%'')" | % {$_.Terminate()}'
+
+- name: upgrade installed packages
+  win_chocolatey:
+    name: all
+    state: latest
diff --git a/ansible/roles/package-upgrade/vars/main.yml b/ansible/roles/package-upgrade/vars/main.yml
@@ -10,6 +10,7 @@
     'dnf': 'fedora',
     'pkg': 'freebsd',
     'pkgin': 'smartos',
+    'chocolatey': 'win',
     'brew': 'macos'
     }
 

diff --git a/ansible/roles/visual-studio/tasks/main.yml b/ansible/roles/visual-studio/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+
+#
+# Install Visual Studio
+#
+
+- when: vs == 2013
+  block:
+  # TODO: Ensure no other versions are installed
+  - name: install Visual Studio 2013
+    include_tasks: "partials/vs2013.yml"
+
+- when: vs == 2015
+  block:
+  # TODO: Ensure no other versions are installed
+  - name: install Visual Studio 2015
+    include_tasks: "partials/vs2015.yml"
+
+- when: vs == 'vcbt2015'
+  block:
+  # TODO: Ensure no other versions are installed
+  - name: install Visual C++ Build Tools 2015
+    include_tasks: "partials/vcbt2015.yml"
+
+- when: vs == 2017
+  block:
+  # TODO: Ensure no other versions are installed
+  - name: install Visual Studio 2017
+    include_tasks: "partials/vs2017.yml"