Your resource for web content, online publishing
and the distribution of digital products.
Home
Newswire > Credential-Free CI/CD? See How Jenkins, Vault, and Ansible Pull It Off
Credential-Free CI/CD? See How Jenkins, Vault, and Ansible Pull It Off
«  

August

  »
S M T W T F S
 
 
 
 
 
1
 
2
 
3
 
4
 
5
 
6
 
7
 
8
 
9
 
10
 
11
 
12
 
13
 
14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 
29
 
30
 
31
 
 
 
 
 
 
 

Credential-Free CI/CD? See How Jenkins, Vault, and Ansible Pull It Off

Tags: content management
DATE POSTED:June 12, 2025
Hacker Noon - Medium
Original article

Hello Team,

I’ve developed a Jenkins pipeline that integrates with HashiCorp Vault to securely retrieve passwords and deploy packages to a host using Ansible. This approach eliminates the need for a Jenkins node agent, streamlining the deployment process while maintaining security.

Password Storage in HashiCorp Vault

In HashiCorp Vault, passwords are stored in a structured format that Jenkins can query dynamically.

Pipeline Workflow

When provided with specific input parameters, Jenkins will:

  1. Jenkins will download the required repository.
  2. Parse a deploy.json file to extract deployment details. Here’s an example of the deploy.json file structure:
{ "ipaddress": "193.16.16.9", "username": "bitra", "hostname": "centos8", "deploymentPath": "/home/bitra/apps/batch-jobs", "backupPath": "/home/bitra/backup/batch-jobs" }

Using this JSON data, Jenkins generates a HashiCorp Vault object ID in the format: -- For the above example, the object ID would be: 193.16.16.9-bitra-centos8

Jenkins then connects to HashiCorp Vault, retrieves the associated password using this object ID, and uses Ansible to perform the deployment.

Pipeline Execution

Below is a sample output of the pipeline execution, illustrating how Jenkins interacts with HashiCorp Vault and executes the deployment:

Started by user admin [Pipeline] Start of Pipeline [Pipeline] node Running on Jenkins in /var/lib/jenkins/workspace/Bitroid [Pipeline] { [Pipeline] withEnv [Pipeline] { [Pipeline] stage [Pipeline] { (Initialization of Jenkins) [Pipeline] sh + echo 'Initial step' Initial step + ls + ls /var/lib/jenkins/workspace/Bitroid/ [Pipeline] echo https://github.com/hemanth22/batch-jobs.git [Pipeline] echo releasev1 [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Checkout SCM) [Pipeline] script [Pipeline] { [Pipeline] echo Checking out the source code [Pipeline] checkout The recommended git tool is: NONE using credential 0411e51e-acca-411d-bdb4-f2d55b2549a1 Cloning the remote Git repository Cloning repository https://github.com/hemanth22/batch-jobs.git > git init /var/lib/jenkins/workspace/Bitroid # timeout=10 Fetching upstream changes from https://github.com/hemanth22/batch-jobs.git > git --version # timeout=10 > git --version # 'git version 2.43.5' using GIT_ASKPASS to set credentials > git fetch --tags --force --progress -- https://github.com/hemanth22/batch-jobs.git +refs/heads/*:refs/remotes/origin/* # timeout=10 > git config remote.origin.url https://github.com/hemanth22/batch-jobs.git # timeout=10 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10 Avoid second fetch > git rev-parse origin/releasev1^{commit} # timeout=10 Checking out Revision 0a6a3b6908190dc25c326364f960372d1e7c9167 (origin/releasev1) > git config core.sparsecheckout # timeout=10 > git checkout -f 0a6a3b6908190dc25c326364f960372d1e7c9167 # timeout=10 Commit message: "feat: change user" > git rev-list --no-walk 0a6a3b6908190dc25c326364f960372d1e7c9167 # timeout=10 [Pipeline] sh + git log -1 --format=%cd --date=iso [Pipeline] echo scmData.GIT_BRANCH=origin/releasev1 [Pipeline] echo scmData.GIT_COMMIT=0a6a3b6908190dc25c326364f960372d1e7c9167 [Pipeline] echo scmData.GIT_URL=https://github.com/hemanth22/batch-jobs.git [Pipeline] sh + git rev-parse --short HEAD [Pipeline] echo Build Version: 6_0a6a3b6 [Pipeline] checkout The recommended git tool is: NONE using credential 0411e51e-acca-411d-bdb4-f2d55b2549a1 Cloning the remote Git repository Cloning repository https://github.com/hemanth22/pipeline-studio.git > git init /var/lib/jenkins/workspace/Bitroid/pipeline # timeout=10 Fetching upstream changes from https://github.com/hemanth22/pipeline-studio.git > git --version # timeout=10 > git --version # 'git version 2.43.5' using GIT_ASKPASS to set credentials > git fetch --tags --force --progress -- https://github.com/hemanth22/pipeline-studio.git +refs/heads/*:refs/remotes/origin/* # timeout=10 > git config remote.origin.url https://github.com/hemanth22/pipeline-studio.git # timeout=10 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10 Avoid second fetch > git rev-parse origin/main^{commit} # timeout=10 Checking out Revision b83d505b09d779238b90ff841aa3c952148782e5 (origin/main) > git config core.sparsecheckout # timeout=10 > git checkout -f b83d505b09d779238b90ff841aa3c952148782e5 # timeout=10 Commit message: "Update deploy.playbook" > git rev-list --no-walk b83d505b09d779238b90ff841aa3c952148782e5 # timeout=10 [Pipeline] } [Pipeline] // script [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Parse Deploy JSON and Set Env Vars) [Pipeline] script [Pipeline] { [Pipeline] echo Set environment variable: 193_16_16_9-bitra-centos8=193.16.16.9-bitra-centos8 [Pipeline] } [Pipeline] // script [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Retrive secrets from vault) [Pipeline] script [Pipeline] { [Pipeline] sh + vault login -method=userpass username=hemanth password=bitra Success! You are now authenticated. The token information displayed below is already stored in the token helper. You do NOT need to run "vault login" again. Future Vault requests will automatically use this token. Key Value --- ----- token hvs.CAESILsgc5b2BAEz9PXicYSBb2o7ZVg-cEpRXAQzNoRx3MWqGh4KHGh2cy53MEp0SVc2VVB5Q29kQUhVZjlXamVCNlo token_accessor QLXV3OdG9INVRzsNWSGBNMZV token_duration 768h token_renewable true token_policies ["default" "hemanth-read-only"] identity_policies [] policies ["default" "hemanth-read-only"] token_meta_username hemanth [Pipeline] sh + vault kv get -field=password secret/PRD_VM_LINUX_APP/193.16.16.9-bitra-centos8 [Pipeline] echo Retrieved secret: hemanth [Pipeline] echo Retrieved secret and set as GLOBAL_SECRET: hemanth [Pipeline] } [Pipeline] // script [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Archive) [Pipeline] sh + cd /var/lib/jenkins/workspace/Bitroid/ + zip -v -9 archive.zip healthcheck.sh checkspace.sh adding: healthcheck.sh (in=828) (out=346) (deflated 58%) adding: checkspace.sh (in=281) (out=90) (deflated 68%) total bytes=1109, compressed=436 -> 61% savings [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Deploy) [Pipeline] echo Object ID: 193.16.16.9-bitra-centos8 [Pipeline] echo Deploying project. Last commit date: 2025-01-22 14:26:13 +0530 [Pipeline] sh + ls /var/lib/jenkins/workspace/Bitroid/ archive.zip checkspace.sh deploy.json healthcheck.sh pipeline pipeline@tmp README.md secret_filename.json + echo ================================================= ================================================= + ls /var/lib/jenkins/workspace/Bitroid/pipeline/BIT deploy.playbook set_env_vars.py + echo ================================================= ================================================= + cp -v /var/lib/jenkins/workspace/Bitroid/pipeline/BIT/deploy.playbook /var/lib/jenkins/workspace/Bitroid '/var/lib/jenkins/workspace/Bitroid/pipeline/BIT/deploy.playbook' -> '/var/lib/jenkins/workspace/Bitroid/deploy.playbook' + echo ================================================= ================================================= + ls /var/lib/jenkins/workspace/Bitroid/ archive.zip checkspace.sh deploy.json deploy.playbook healthcheck.sh pipeline pipeline@tmp README.md secret_filename.json + echo ================================================= ================================================= [Pipeline] sh + ansible-playbook -vvvvv deploy.playbook -e ansible_become_pass=hemanth [WARNING]: No inventory was parsed, only implicit localhost is available [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' ansible-playbook [core 2.18.1] config file = None configured module search path = ['/var/lib/jenkins/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.12/site-packages/ansible ansible collection location = /var/lib/jenkins/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.12.5 (main, Dec 3 2024, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-2)] (/usr/bin/python3.12) jinja version = 3.1.4 libyaml = True No config file found; using defaults setting up inventory plugins Loading collection ansible.builtin from host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method Skipping due to inventory source not existing or not being readable by the current user script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method Skipping due to inventory source not existing or not being readable by the current user yaml declined parsing /etc/ansible/hosts as it did not pass its verify_file() method Skipping due to inventory source not existing or not being readable by the current user ini declined parsing /etc/ansible/hosts as it did not pass its verify_file() method Skipping due to inventory source not existing or not being readable by the current user toml declined parsing /etc/ansible/hosts as it did not pass its verify_file() method Loading callback plugin default of type stdout, v2.0 from /usr/local/lib/python3.12/site-packages/ansible/plugins/callback/default.py Attempting to use 'default' callback. Skipping callback 'default', as we already have a stdout callback. Attempting to use 'junit' callback. Attempting to use 'minimal' callback. Skipping callback 'minimal', as we already have a stdout callback. Attempting to use 'oneline' callback. Skipping callback 'oneline', as we already have a stdout callback. Attempting to use 'tree' callback. PLAYBOOK: deploy.playbook ****************************************************** Positional arguments: deploy.playbook verbosity: 5 connection: ssh become_method: sudo tags: ('all',) inventory: ('/etc/ansible/hosts',) extra_vars: ('ansible_become_pass=hemanth',) forks: 5 2 plays in deploy.playbook PLAY [Read username from deploy.json and use it for all tasks] ***************** TASK [Read the deploy.json file] *********************************************** task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:6 looking for "deploy.json" at "/var/lib/jenkins/workspace/Bitroid/files/deploy.json" looking for "deploy.json" at "/var/lib/jenkins/workspace/Bitroid/deploy.json" File lookup using /var/lib/jenkins/workspace/Bitroid/deploy.json as file ok: [localhost] => { "ansible_facts": { "deploy_data": { "backupPath": "/home/bitra/backup/batch-jobs", "deploymentPath": "/home/bitra/apps/batch-jobs", "hostname": "centos8", "ipaddress": "193.16.16.9", "username": "bitra" } }, "changed": false } TASK [Extract username] ******************************************************** task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:11 ok: [localhost] => { "ansible_facts": { "deploy_username": "bitra" }, "changed": false } TASK [Extract deploymentPath and backupPath] *********************************** task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:15 ok: [localhost] => { "ansible_facts": { "backup_path": "/home/bitra/backup/batch-jobs", "deployment_path": "/home/bitra/apps/batch-jobs" }, "changed": false } PLAY [Execute tasks as the extracted user] ************************************* TASK [Display the username] **************************************************** task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:26 ok: [localhost] => { "msg": "Running tasks as user: bitra" } TASK [Display backupPath] ****************************************************** task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:30 ok: [localhost] => { "msg": "Backup Path: /home/bitra/backup/batch-jobs" } TASK [Display deploymentPath] ************************************************** task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:34 ok: [localhost] => { "msg": "Deployment Path: /home/bitra/apps/batch-jobs" } TASK [Ensure deployment directory exists] ************************************** task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:38 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: jenkins <127.0.0.1> EXEC /bin/sh -c 'echo ~jenkins && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1737791468.711033-8335-94198148038812 `" && echo ansible-tmp-1737791468.711033-8335-94198148038812="` echo /var/tmp/ansible-tmp-1737791468.711033-8335-94198148038812 `" ) && sleep 0' Including module_utils file ansible/__init__.py Including module_utils file ansible/module_utils/__init__.py Including module_utils file ansible/module_utils/basic.py Including module_utils file ansible/module_utils/_text.py Including module_utils file ansible/module_utils/common/_utils.py Including module_utils file ansible/module_utils/common/__init__.py Including module_utils file ansible/module_utils/common/arg_spec.py Including module_utils file ansible/module_utils/common/file.py Including module_utils file ansible/module_utils/common/locale.py Including module_utils file ansible/module_utils/common/parameters.py Including module_utils file ansible/module_utils/common/collections.py Including module_utils file ansible/module_utils/common/process.py Including module_utils file ansible/module_utils/common/sys_info.py Including module_utils file ansible/module_utils/common/text/converters.py Including module_utils file ansible/module_utils/common/text/__init__.py Including module_utils file ansible/module_utils/common/text/formatters.py Including module_utils file ansible/module_utils/common/validation.py Including module_utils file ansible/module_utils/common/warnings.py Including module_utils file ansible/module_utils/compat/selinux.py Including module_utils file ansible/module_utils/compat/__init__.py Including module_utils file ansible/module_utils/distro/__init__.py Including module_utils file ansible/module_utils/distro/_distro.py Including module_utils file ansible/module_utils/errors.py Including module_utils file ansible/module_utils/parsing/convert_bool.py Including module_utils file ansible/module_utils/parsing/__init__.py Including module_utils file ansible/module_utils/pycompat24.py Including module_utils file ansible/module_utils/six/__init__.py Using module file /usr/local/lib/python3.12/site-packages/ansible/modules/file.py <127.0.0.1> PUT /var/lib/jenkins/.ansible/tmp/ansible-local-8322c8bps25m/tmp7k1pdsef TO /var/tmp/ansible-tmp-1737791468.711033-8335-94198148038812/AnsiballZ_file.py <127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:bitra:r-x /var/tmp/ansible-tmp-1737791468.711033-8335-94198148038812/ /var/tmp/ansible-tmp-1737791468.711033-8335-94198148038812/AnsiballZ_file.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=duzhrazqjvsednihbkcxkcfevsttcomt] password:" -u bitra /bin/sh -c '"'"'echo BECOME-SUCCESS-duzhrazqjvsednihbkcxkcfevsttcomt ; /usr/bin/python3.12 /var/tmp/ansible-tmp-1737791468.711033-8335-94198148038812/AnsiballZ_file.py'"'"' && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1737791468.711033-8335-94198148038812/ > /dev/null 2>&1 && sleep 0' changed: [localhost] => { "changed": true, "diff": { "after": { "path": "/home/bitra/apps/batch-jobs", "state": "directory" }, "before": { "path": "/home/bitra/apps/batch-jobs", "state": "absent" } }, "gid": 1001, "group": "bitra", "invocation": { "module_args": { "_diff_peek": null, "_original_basename": null, "access_time": null, "access_time_format": "%Y%m%d%H%M.%S", "attributes": null, "follow": true, "force": false, "group": null, "mode": null, "modification_time": null, "modification_time_format": "%Y%m%d%H%M.%S", "owner": null, "path": "/home/bitra/apps/batch-jobs", "recurse": true, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "state": "directory", "unsafe_writes": false } }, "mode": "0755", "owner": "bitra", "path": "/home/bitra/apps/batch-jobs", "secontext": "system_u:object_r:user_home_t:s0", "size": 6, "state": "directory", "uid": 1001 } TASK [Ensure backup directory exists] ****************************************** task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:44 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: jenkins <127.0.0.1> EXEC /bin/sh -c 'echo ~jenkins && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1737791469.8975558-8375-28902586999237 `" && echo ansible-tmp-1737791469.8975558-8375-28902586999237="` echo /var/tmp/ansible-tmp-1737791469.8975558-8375-28902586999237 `" ) && sleep 0' Using module file /usr/local/lib/python3.12/site-packages/ansible/modules/file.py <127.0.0.1> PUT /var/lib/jenkins/.ansible/tmp/ansible-local-8322c8bps25m/tmpce4_50t8 TO /var/tmp/ansible-tmp-1737791469.8975558-8375-28902586999237/AnsiballZ_file.py <127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:bitra:r-x /var/tmp/ansible-tmp-1737791469.8975558-8375-28902586999237/ /var/tmp/ansible-tmp-1737791469.8975558-8375-28902586999237/AnsiballZ_file.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=rjxafcsntawsucjldrodjcmatocpzgbs] password:" -u bitra /bin/sh -c '"'"'echo BECOME-SUCCESS-rjxafcsntawsucjldrodjcmatocpzgbs ; /usr/bin/python3.12 /var/tmp/ansible-tmp-1737791469.8975558-8375-28902586999237/AnsiballZ_file.py'"'"' && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1737791469.8975558-8375-28902586999237/ > /dev/null 2>&1 && sleep 0' changed: [localhost] => { "changed": true, "diff": { "after": { "path": "/home/bitra/backup/batch-jobs", "state": "directory" }, "before": { "path": "/home/bitra/backup/batch-jobs", "state": "absent" } }, "gid": 1001, "group": "bitra", "invocation": { "module_args": { "_diff_peek": null, "_original_basename": null, "access_time": null, "access_time_format": "%Y%m%d%H%M.%S", "attributes": null, "follow": true, "force": false, "group": null, "mode": null, "modification_time": null, "modification_time_format": "%Y%m%d%H%M.%S", "owner": null, "path": "/home/bitra/backup/batch-jobs", "recurse": true, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "state": "directory", "unsafe_writes": false } }, "mode": "0755", "owner": "bitra", "path": "/home/bitra/backup/batch-jobs", "secontext": "system_u:object_r:user_home_t:s0", "size": 6, "state": "directory", "uid": 1001 } TASK [Create backup folder in backupPath] ************************************** task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:50 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: jenkins <127.0.0.1> EXEC /bin/sh -c 'echo ~jenkins && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1737791470.7729065-8396-148604401664756 `" && echo ansible-tmp-1737791470.7729065-8396-148604401664756="` echo /var/tmp/ansible-tmp-1737791470.7729065-8396-148604401664756 `" ) && sleep 0' Using module file /usr/local/lib/python3.12/site-packages/ansible/modules/file.py <127.0.0.1> PUT /var/lib/jenkins/.ansible/tmp/ansible-local-8322c8bps25m/tmp3a8_4d7a TO /var/tmp/ansible-tmp-1737791470.7729065-8396-148604401664756/AnsiballZ_file.py <127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:bitra:r-x /var/tmp/ansible-tmp-1737791470.7729065-8396-148604401664756/ /var/tmp/ansible-tmp-1737791470.7729065-8396-148604401664756/AnsiballZ_file.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=baaslqvhdgdbmnsmahzpotmxeulgdoru] password:" -u bitra /bin/sh -c '"'"'echo BECOME-SUCCESS-baaslqvhdgdbmnsmahzpotmxeulgdoru ; /usr/bin/python3.12 /var/tmp/ansible-tmp-1737791470.7729065-8396-148604401664756/AnsiballZ_file.py'"'"' && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1737791470.7729065-8396-148604401664756/ > /dev/null 2>&1 && sleep 0' changed: [localhost] => { "changed": true, "diff": { "after": { "path": "/home/bitra/backup/batch-jobs/6_0a6a3b6", "state": "directory" }, "before": { "path": "/home/bitra/backup/batch-jobs/6_0a6a3b6", "state": "absent" } }, "gid": 1001, "group": "bitra", "invocation": { "module_args": { "_diff_peek": null, "_original_basename": null, "access_time": null, "access_time_format": "%Y%m%d%H%M.%S", "attributes": null, "follow": true, "force": false, "group": null, "mode": null, "modification_time": null, "modification_time_format": "%Y%m%d%H%M.%S", "owner": null, "path": "/home/bitra/backup/batch-jobs/6_0a6a3b6", "recurse": false, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "state": "directory", "unsafe_writes": false } }, "mode": "0755", "owner": "bitra", "path": "/home/bitra/backup/batch-jobs/6_0a6a3b6", "secontext": "system_u:object_r:user_home_t:s0", "size": 6, "state": "directory", "uid": 1001 } TASK [Taking backup before deployment] ***************************************** task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:55 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: jenkins <127.0.0.1> EXEC /bin/sh -c 'echo ~jenkins && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1737791471.420877-8416-139413731791690 `" && echo ansible-tmp-1737791471.420877-8416-139413731791690="` echo /var/tmp/ansible-tmp-1737791471.420877-8416-139413731791690 `" ) && sleep 0' Including module_utils file ansible/__init__.py Including module_utils file ansible/module_utils/__init__.py Including module_utils file ansible/module_utils/basic.py Including module_utils file ansible/module_utils/_text.py Including module_utils file ansible/module_utils/common/_utils.py Including module_utils file ansible/module_utils/common/__init__.py Including module_utils file ansible/module_utils/common/arg_spec.py Including module_utils file ansible/module_utils/common/file.py Including module_utils file ansible/module_utils/common/locale.py Including module_utils file ansible/module_utils/common/parameters.py Including module_utils file ansible/module_utils/common/collections.py Including module_utils file ansible/module_utils/common/process.py Including module_utils file ansible/module_utils/common/sys_info.py Including module_utils file ansible/module_utils/common/text/converters.py Including module_utils file ansible/module_utils/common/text/__init__.py Including module_utils file ansible/module_utils/common/text/formatters.py Including module_utils file ansible/module_utils/common/validation.py Including module_utils file ansible/module_utils/common/warnings.py Including module_utils file ansible/module_utils/compat/selinux.py Including module_utils file ansible/module_utils/compat/__init__.py Including module_utils file ansible/module_utils/distro/__init__.py Including module_utils file ansible/module_utils/distro/_distro.py Including module_utils file ansible/module_utils/errors.py Including module_utils file ansible/module_utils/parsing/convert_bool.py Including module_utils file ansible/module_utils/parsing/__init__.py Including module_utils file ansible/module_utils/pycompat24.py Including module_utils file ansible/module_utils/six/__init__.py Using module file /usr/local/lib/python3.12/site-packages/ansible/modules/copy.py <127.0.0.1> PUT /var/lib/jenkins/.ansible/tmp/ansible-local-8322c8bps25m/tmpv3_qet4l TO /var/tmp/ansible-tmp-1737791471.420877-8416-139413731791690/AnsiballZ_copy.py <127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:bitra:r-x /var/tmp/ansible-tmp-1737791471.420877-8416-139413731791690/ /var/tmp/ansible-tmp-1737791471.420877-8416-139413731791690/AnsiballZ_copy.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=awpsixjfxcduyzlnyyossqkfzpgacgjf] password:" -u bitra /bin/sh -c '"'"'echo BECOME-SUCCESS-awpsixjfxcduyzlnyyossqkfzpgacgjf ; /usr/bin/python3.12 /var/tmp/ansible-tmp-1737791471.420877-8416-139413731791690/AnsiballZ_copy.py'"'"' && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1737791471.420877-8416-139413731791690/ > /dev/null 2>&1 && sleep 0' changed: [localhost] => { "changed": true, "checksum": null, "dest": "/home/bitra/backup/batch-jobs/6_0a6a3b6/batch-jobs", "gid": 1001, "group": "bitra", "invocation": { "module_args": { "_original_basename": null, "attributes": null, "backup": false, "checksum": null, "content": null, "dest": "/home/bitra/backup/batch-jobs/6_0a6a3b6", "directory_mode": null, "follow": false, "force": true, "group": null, "local_follow": null, "mode": null, "owner": null, "remote_src": true, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": "/home/bitra/apps/batch-jobs", "unsafe_writes": false, "validate": null } }, "md5sum": null, "mode": "0755", "owner": "bitra", "secontext": "system_u:object_r:user_home_t:s0", "size": 6, "src": "/home/bitra/apps/batch-jobs", "state": "directory", "uid": 1001 } TASK [Copy archive.zip to the deployment path] ********************************* task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:61 ESTABLISH LOCAL CONNECTION FOR USER: jenkins EXEC /bin/sh -c 'echo ~jenkins && sleep 0' EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536 `" && echo ansible-tmp-1737791472.580123-8436-162623729629536="` echo /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536 `" ) && sleep 0' Including module_utils file ansible/__init__.py Including module_utils file ansible/module_utils/__init__.py Including module_utils file ansible/module_utils/basic.py Including module_utils file ansible/module_utils/_text.py Including module_utils file ansible/module_utils/common/_utils.py Including module_utils file ansible/module_utils/common/__init__.py Including module_utils file ansible/module_utils/common/arg_spec.py Including module_utils file ansible/module_utils/common/file.py Including module_utils file ansible/module_utils/common/locale.py Including module_utils file ansible/module_utils/common/parameters.py Including module_utils file ansible/module_utils/common/collections.py Including module_utils file ansible/module_utils/common/process.py Including module_utils file ansible/module_utils/common/sys_info.py Including module_utils file ansible/module_utils/common/text/converters.py Including module_utils file ansible/module_utils/common/text/__init__.py Including module_utils file ansible/module_utils/common/text/formatters.py Including module_utils file ansible/module_utils/common/validation.py Including module_utils file ansible/module_utils/common/warnings.py Including module_utils file ansible/module_utils/compat/selinux.py Including module_utils file ansible/module_utils/compat/__init__.py Including module_utils file ansible/module_utils/distro/__init__.py Including module_utils file ansible/module_utils/distro/_distro.py Including module_utils file ansible/module_utils/errors.py Including module_utils file ansible/module_utils/parsing/convert_bool.py Including module_utils file ansible/module_utils/parsing/__init__.py Including module_utils file ansible/module_utils/pycompat24.py Including module_utils file ansible/module_utils/six/__init__.py Using module file /usr/local/lib/python3.12/site-packages/ansible/modules/stat.py PUT /var/lib/jenkins/.ansible/tmp/ansible-local-8322c8bps25m/tmpl8efrz28 TO /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/AnsiballZ_stat.py EXEC /bin/sh -c 'setfacl -m u:bitra:r-x /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/ /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/AnsiballZ_stat.py && sleep 0' EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=omvlahtjkltvhrhoywxkajqdcwgkgyfs] password:" -u bitra /bin/sh -c '"'"'echo BECOME-SUCCESS-omvlahtjkltvhrhoywxkajqdcwgkgyfs ; /usr/bin/python3.12 /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/AnsiballZ_stat.py'"'"' && sleep 0' PUT /var/lib/jenkins/workspace/Bitroid/archive.zip TO /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/.source.zip EXEC /bin/sh -c 'setfacl -m u:bitra:r-x /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/ /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/.source.zip && sleep 0' Using module file /usr/local/lib/python3.12/site-packages/ansible/modules/copy.py PUT /var/lib/jenkins/.ansible/tmp/ansible-local-8322c8bps25m/tmp7ulbmu3s TO /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/AnsiballZ_copy.py EXEC /bin/sh -c 'setfacl -m u:bitra:r-x /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/ /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/AnsiballZ_copy.py && sleep 0' EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=lipwnrxztrlbzcliaurgnzwqngnfqeck] password:" -u bitra /bin/sh -c '"'"'echo BECOME-SUCCESS-lipwnrxztrlbzcliaurgnzwqngnfqeck ; /usr/bin/python3.12 /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/AnsiballZ_copy.py'"'"' && sleep 0' EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/ > /dev/null 2>&1 && sleep 0' changed: [localhost] => { "changed": true, "checksum": "8e4dcb0b9e8ef8a5098a2e17864d4f047227f144", "dest": "/home/bitra/apps/batch-jobs/archive.zip", "diff": [], "gid": 1001, "group": "bitra", "invocation": { "module_args": { "_original_basename": "archive.zip", "attributes": null, "backup": false, "checksum": "8e4dcb0b9e8ef8a5098a2e17864d4f047227f144", "content": null, "dest": "/home/bitra/apps/batch-jobs/archive.zip", "directory_mode": null, "follow": false, "force": true, "group": null, "local_follow": null, "mode": null, "owner": null, "remote_src": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": "/var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/.source.zip", "unsafe_writes": false, "validate": null } }, "md5sum": "dfc3a497e216f92713b75000a0b7cf99", "mode": "0644", "owner": "bitra", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 768, "src": "/var/tmp/ansible-tmp-1737791472.580123-8436-162623729629536/.source.zip", "state": "file", "uid": 1001 } TASK [Unzip archive.zip in the deployment path] ******************************** task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:67 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: jenkins <127.0.0.1> EXEC /bin/sh -c 'echo ~jenkins && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1737791473.9230413-8463-224736034219024 `" && echo ansible-tmp-1737791473.9230413-8463-224736034219024="` echo /var/tmp/ansible-tmp-1737791473.9230413-8463-224736034219024 `" ) && sleep 0' Using module file /usr/local/lib/python3.12/site-packages/ansible/modules/stat.py <127.0.0.1> PUT /var/lib/jenkins/.ansible/tmp/ansible-local-8322c8bps25m/tmpfdrwi4ny TO /var/tmp/ansible-tmp-1737791473.9230413-8463-224736034219024/AnsiballZ_stat.py <127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:bitra:r-x /var/tmp/ansible-tmp-1737791473.9230413-8463-224736034219024/ /var/tmp/ansible-tmp-1737791473.9230413-8463-224736034219024/AnsiballZ_stat.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=gtbypymgvzryymyyclttaitfiopztqnf] password:" -u bitra /bin/sh -c '"'"'echo BECOME-SUCCESS-gtbypymgvzryymyyclttaitfiopztqnf ; /usr/bin/python3.12 /var/tmp/ansible-tmp-1737791473.9230413-8463-224736034219024/AnsiballZ_stat.py'"'"' && sleep 0' Including module_utils file ansible/__init__.py Including module_utils file ansible/module_utils/__init__.py Including module_utils file ansible/module_utils/basic.py Including module_utils file ansible/module_utils/_text.py Including module_utils file ansible/module_utils/common/_utils.py Including module_utils file ansible/module_utils/common/__init__.py Including module_utils file ansible/module_utils/common/arg_spec.py Including module_utils file ansible/module_utils/common/file.py Including module_utils file ansible/module_utils/common/locale.py Including module_utils file ansible/module_utils/common/parameters.py Including module_utils file ansible/module_utils/common/collections.py Including module_utils file ansible/module_utils/common/process.py Including module_utils file ansible/module_utils/common/sys_info.py Including module_utils file ansible/module_utils/common/text/converters.py Including module_utils file ansible/module_utils/common/text/__init__.py Including module_utils file ansible/module_utils/common/text/formatters.py Including module_utils file ansible/module_utils/common/validation.py Including module_utils file ansible/module_utils/common/warnings.py Including module_utils file ansible/module_utils/compat/selinux.py Including module_utils file ansible/module_utils/compat/__init__.py Including module_utils file ansible/module_utils/distro/__init__.py Including module_utils file ansible/module_utils/distro/_distro.py Including module_utils file ansible/module_utils/errors.py Including module_utils file ansible/module_utils/parsing/convert_bool.py Including module_utils file ansible/module_utils/parsing/__init__.py Including module_utils file ansible/module_utils/pycompat24.py Including module_utils file ansible/module_utils/six/__init__.py Including module_utils file ansible/module_utils/urls.py Using module file /usr/local/lib/python3.12/site-packages/ansible/modules/unarchive.py <127.0.0.1> PUT /var/lib/jenkins/.ansible/tmp/ansible-local-8322c8bps25m/tmpcn47g6ck TO /var/tmp/ansible-tmp-1737791473.9230413-8463-224736034219024/AnsiballZ_unarchive.py <127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:bitra:r-x /var/tmp/ansible-tmp-1737791473.9230413-8463-224736034219024/ /var/tmp/ansible-tmp-1737791473.9230413-8463-224736034219024/AnsiballZ_unarchive.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=mlgvxhvyozjbqcxjepfpdhmknjkwelln] password:" -u bitra /bin/sh -c '"'"'echo BECOME-SUCCESS-mlgvxhvyozjbqcxjepfpdhmknjkwelln ; /usr/bin/python3.12 /var/tmp/ansible-tmp-1737791473.9230413-8463-224736034219024/AnsiballZ_unarchive.py'"'"' && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1737791473.9230413-8463-224736034219024/ > /dev/null 2>&1 && sleep 0' changed: [localhost] => { "changed": true, "dest": "/home/bitra/apps/batch-jobs", "diff": { "prepared": ">f++++++.?? healthcheck.sh\n>f++++++.?? checkspace.sh\n" }, "extract_results": { "cmd": [ "/bin/unzip", "-o", "/home/bitra/apps/batch-jobs/archive.zip", "-d", "/home/bitra/apps/batch-jobs" ], "err": "", "out": "Archive: /home/bitra/apps/batch-jobs/archive.zip\n inflating: /home/bitra/apps/batch-jobs/healthcheck.sh \n inflating: /home/bitra/apps/batch-jobs/checkspace.sh \n", "rc": 0 }, "gid": 1001, "group": "bitra", "handler": "ZipArchive", "invocation": { "module_args": { "attributes": null, "copy": true, "creates": null, "decrypt": true, "dest": "/home/bitra/apps/batch-jobs", "exclude": [], "extra_opts": [], "group": null, "include": [], "io_buffer_size": 65536, "keep_newer": false, "list_files": false, "mode": null, "owner": null, "remote_src": true, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": "/home/bitra/apps/batch-jobs/archive.zip", "unsafe_writes": false, "validate_certs": true } }, "mode": "0755", "owner": "bitra", "secontext": "system_u:object_r:user_home_t:s0", "size": 68, "src": "/home/bitra/apps/batch-jobs/archive.zip", "state": "directory", "uid": 1001 } TASK [Remove archive.zip after extraction] ************************************* task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:73 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: jenkins <127.0.0.1> EXEC /bin/sh -c 'echo ~jenkins && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1737791475.6690176-8491-203868210961988 `" && echo ansible-tmp-1737791475.6690176-8491-203868210961988="` echo /var/tmp/ansible-tmp-1737791475.6690176-8491-203868210961988 `" ) && sleep 0' Using module file /usr/local/lib/python3.12/site-packages/ansible/modules/file.py <127.0.0.1> PUT /var/lib/jenkins/.ansible/tmp/ansible-local-8322c8bps25m/tmpfzfio98l TO /var/tmp/ansible-tmp-1737791475.6690176-8491-203868210961988/AnsiballZ_file.py <127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:bitra:r-x /var/tmp/ansible-tmp-1737791475.6690176-8491-203868210961988/ /var/tmp/ansible-tmp-1737791475.6690176-8491-203868210961988/AnsiballZ_file.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=pkkrvjehqcijdaafqflyhwctjxauagpx] password:" -u bitra /bin/sh -c '"'"'echo BECOME-SUCCESS-pkkrvjehqcijdaafqflyhwctjxauagpx ; /usr/bin/python3.12 /var/tmp/ansible-tmp-1737791475.6690176-8491-203868210961988/AnsiballZ_file.py'"'"' && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1737791475.6690176-8491-203868210961988/ > /dev/null 2>&1 && sleep 0' changed: [localhost] => { "changed": true, "diff": { "after": { "path": "/home/bitra/apps/batch-jobs/archive.zip", "state": "absent" }, "before": { "path": "/home/bitra/apps/batch-jobs/archive.zip", "state": "file" } }, "invocation": { "module_args": { "_diff_peek": null, "_original_basename": null, "access_time": null, "access_time_format": "%Y%m%d%H%M.%S", "attributes": null, "follow": true, "force": false, "group": null, "mode": null, "modification_time": null, "modification_time_format": "%Y%m%d%H%M.%S", "owner": null, "path": "/home/bitra/apps/batch-jobs/archive.zip", "recurse": false, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "state": "absent", "unsafe_writes": false } }, "path": "/home/bitra/apps/batch-jobs/archive.zip", "state": "absent" } TASK [Set execute permissions on checkspace.sh and healthcheck.sh] ************* task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:78 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: jenkins <127.0.0.1> EXEC /bin/sh -c 'echo ~jenkins && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1737791476.282747-8508-202932323902923 `" && echo ansible-tmp-1737791476.282747-8508-202932323902923="` echo /var/tmp/ansible-tmp-1737791476.282747-8508-202932323902923 `" ) && sleep 0' Including module_utils file ansible/__init__.py Including module_utils file ansible/module_utils/__init__.py Including module_utils file ansible/module_utils/basic.py Including module_utils file ansible/module_utils/_text.py Including module_utils file ansible/module_utils/common/_utils.py Including module_utils file ansible/module_utils/common/__init__.py Including module_utils file ansible/module_utils/common/arg_spec.py Including module_utils file ansible/module_utils/common/collections.py Including module_utils file ansible/module_utils/common/file.py Including module_utils file ansible/module_utils/common/locale.py Including module_utils file ansible/module_utils/common/parameters.py Including module_utils file ansible/module_utils/common/process.py Including module_utils file ansible/module_utils/common/sys_info.py Including module_utils file ansible/module_utils/common/text/converters.py Including module_utils file ansible/module_utils/common/text/__init__.py Including module_utils file ansible/module_utils/common/text/formatters.py Including module_utils file ansible/module_utils/common/validation.py Including module_utils file ansible/module_utils/common/warnings.py Including module_utils file ansible/module_utils/compat/selinux.py Including module_utils file ansible/module_utils/compat/__init__.py Including module_utils file ansible/module_utils/distro/__init__.py Including module_utils file ansible/module_utils/distro/_distro.py Including module_utils file ansible/module_utils/errors.py Including module_utils file ansible/module_utils/parsing/convert_bool.py Including module_utils file ansible/module_utils/parsing/__init__.py Including module_utils file ansible/module_utils/pycompat24.py Including module_utils file ansible/module_utils/six/__init__.py Using module file /usr/local/lib/python3.12/site-packages/ansible/modules/command.py <127.0.0.1> PUT /var/lib/jenkins/.ansible/tmp/ansible-local-8322c8bps25m/tmpmh4t5qxx TO /var/tmp/ansible-tmp-1737791476.282747-8508-202932323902923/AnsiballZ_command.py <127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:bitra:r-x /var/tmp/ansible-tmp-1737791476.282747-8508-202932323902923/ /var/tmp/ansible-tmp-1737791476.282747-8508-202932323902923/AnsiballZ_command.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=qjtyozfcxibbtdemehgoabfumvpkxyas] password:" -u bitra /bin/sh -c '"'"'echo BECOME-SUCCESS-qjtyozfcxibbtdemehgoabfumvpkxyas ; /usr/bin/python3.12 /var/tmp/ansible-tmp-1737791476.282747-8508-202932323902923/AnsiballZ_command.py'"'"' && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1737791476.282747-8508-202932323902923/ > /dev/null 2>&1 && sleep 0' changed: [localhost] => { "changed": true, "cmd": "chmod 755 checkspace.sh healthcheck.sh\n", "delta": "0:00:00.027129", "end": "2025-01-25 07:51:17.011779", "invocation": { "module_args": { "_raw_params": "chmod 755 checkspace.sh healthcheck.sh\n", "_uses_shell": true, "argv": null, "chdir": "/home/bitra/apps/batch-jobs", "creates": null, "executable": "/bin/bash", "expand_argument_vars": true, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true } }, "msg": "", "rc": 0, "start": "2025-01-25 07:51:16.984650", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": [] } TASK [Execute healthcheck.sh script] ******************************************* task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:85 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: jenkins <127.0.0.1> EXEC /bin/sh -c 'echo ~jenkins && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1737791477.1430771-8528-262889491615249 `" && echo ansible-tmp-1737791477.1430771-8528-262889491615249="` echo /var/tmp/ansible-tmp-1737791477.1430771-8528-262889491615249 `" ) && sleep 0' Using module file /usr/local/lib/python3.12/site-packages/ansible/modules/command.py <127.0.0.1> PUT /var/lib/jenkins/.ansible/tmp/ansible-local-8322c8bps25m/tmpqj2bvtew TO /var/tmp/ansible-tmp-1737791477.1430771-8528-262889491615249/AnsiballZ_command.py <127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:bitra:r-x /var/tmp/ansible-tmp-1737791477.1430771-8528-262889491615249/ /var/tmp/ansible-tmp-1737791477.1430771-8528-262889491615249/AnsiballZ_command.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=sinemorgugkdyuicsrkuacdmabtgyjax] password:" -u bitra /bin/sh -c '"'"'echo BECOME-SUCCESS-sinemorgugkdyuicsrkuacdmabtgyjax ; /usr/bin/python3.12 /var/tmp/ansible-tmp-1737791477.1430771-8528-262889491615249/AnsiballZ_command.py'"'"' && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1737791477.1430771-8528-262889491615249/ > /dev/null 2>&1 && sleep 0' changed: [localhost] => { "changed": true, "cmd": [ "sh", "healthcheck.sh" ], "delta": "0:00:00.098729", "end": "2025-01-25 07:51:17.634513", "invocation": { "module_args": { "_raw_params": "sh healthcheck.sh", "_uses_shell": false, "argv": null, "chdir": "/home/bitra/apps/batch-jobs", "creates": null, "executable": null, "expand_argument_vars": true, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true } }, "msg": "", "rc": 0, "start": "2025-01-25 07:51:17.535784", "stderr": "", "stderr_lines": [], "stdout": "\n\n\u001b[1;34m*******************\u001b[0m\n\u001b[1;34m*\u001b[0m App Healthcheck \u001b[1;34m*\u001b[0m\n\u001b[1;34m*******************\u001b[0m\n\n[Services]\n\u001b[0;31m[Container]\t\t podman Not OK\u001b[0m\n\u001b[0;31m[Container]\t\t vscode Not OK\u001b[0m\n\u001b[0;32m[Container]\t\t vault OK\u001b[0m", "stdout_lines": [ "", "", "\u001b[1;34m*******************\u001b[0m", "\u001b[1;34m*\u001b[0m App Healthcheck \u001b[1;34m*\u001b[0m", "\u001b[1;34m*******************\u001b[0m", "", "[Services]", "\u001b[0;31m[Container]\t\t podman Not OK\u001b[0m", "\u001b[0;31m[Container]\t\t vscode Not OK\u001b[0m", "\u001b[0;32m[Container]\t\t vault OK\u001b[0m" ] } TASK [Execute checkspace.sh script] ******************************************** task path: /var/lib/jenkins/workspace/Bitroid/deploy.playbook:90 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: jenkins <127.0.0.1> EXEC /bin/sh -c 'echo ~jenkins && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /var/tmp `"&& mkdir "` echo /var/tmp/ansible-tmp-1737791477.7906954-8564-162420420268825 `" && echo ansible-tmp-1737791477.7906954-8564-162420420268825="` echo /var/tmp/ansible-tmp-1737791477.7906954-8564-162420420268825 `" ) && sleep 0' Using module file /usr/local/lib/python3.12/site-packages/ansible/modules/command.py <127.0.0.1> PUT /var/lib/jenkins/.ansible/tmp/ansible-local-8322c8bps25m/tmp8j3jwjre TO /var/tmp/ansible-tmp-1737791477.7906954-8564-162420420268825/AnsiballZ_command.py <127.0.0.1> EXEC /bin/sh -c 'setfacl -m u:bitra:r-x /var/tmp/ansible-tmp-1737791477.7906954-8564-162420420268825/ /var/tmp/ansible-tmp-1737791477.7906954-8564-162420420268825/AnsiballZ_command.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'sudo -H -S -p "[sudo via ansible, key=bmrjxwskahxzmdntdwyehqbmvzmxspdt] password:" -u bitra /bin/sh -c '"'"'echo BECOME-SUCCESS-bmrjxwskahxzmdntdwyehqbmvzmxspdt ; /usr/bin/python3.12 /var/tmp/ansible-tmp-1737791477.7906954-8564-162420420268825/AnsiballZ_command.py'"'"' && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /var/tmp/ansible-tmp-1737791477.7906954-8564-162420420268825/ > /dev/null 2>&1 && sleep 0' changed: [localhost] => { "changed": true, "cmd": [ "sh", "checkspace.sh" ], "delta": "0:00:00.135824", "end": "2025-01-25 07:51:18.464837", "failed_when_result": false, "invocation": { "module_args": { "_raw_params": "sh checkspace.sh", "_uses_shell": false, "argv": null, "chdir": "/home/bitra/apps/batch-jobs", "creates": null, "executable": null, "expand_argument_vars": true, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true } }, "msg": "non-zero return code", "rc": 1, "start": "2025-01-25 07:51:18.329013", "stderr": "", "stderr_lines": [], "stdout": "Used\tAvail\tUsed\tFilesystem\n/dev/sda5 xfs 29G 9.8G 20G 34% /\n/dev/sda2 xfs 936M 187M 750M 20% /boot", "stdout_lines": [ "Used\tAvail\tUsed\tFilesystem", "/dev/sda5 xfs 29G 9.8G 20G 34% /", "/dev/sda2 xfs 936M 187M 750M 20% /boot" ] } PLAY RECAP ********************************************************************* localhost : ok=16 changed=10 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Declarative: Post Actions) [Pipeline] echo Pipeline completed. Last commit date was: 2025-01-22 14:26:13 +0530 [Pipeline] deleteDir [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline Finished: SUCCESS

This process ensures that sensitive credentials are never hardcoded or exposed in the pipeline, leveraging HashiCorp Vault for secure and dynamic password management.

By integrating Jenkins with HashiCorp Vault and Ansible, we’ve achieved a more efficient and secure deployment workflow.

Hacker Noon - Medium
Original article
Tags: content management
Newswire > Credential-Free CI/CD? See How Jenkins, Vault, and Ansible Pull It Off

All Rights Reserved. Copyright , Central Coast Communications, Inc.