Silences or provides a way to silence warnings on a fresh install

README.md

@@ -3,8 +3,8 @@ Ansible playbooks for setting up the CI server
 
 Installs Jenkins on a remote Debian system.
 
-Requires
---------
+Requires on host
+----------------
 
 - ansible (tested 2.4.2.0)
 - ansible-galaxy
@@ -15,15 +15,23 @@ Requires
 $ ansible-galaxy install geerlingguy.jenkins geerlingguy.certbot
 ```
 
-Setup
------
+Consifure
+---------
 
 Create `inventory.yml`. **Don't commit this file**, int contains site-specific config!
 
-Running
--------
+Deploy
+------
 
 ```
 $ ansible-playbook -i ./inventory.txt ./install_jenkins.yml
 ```
 
+### From within Jenkins
+-----------------------
+
+Log in to the new instance and deal with security warnings:
+
+- enable CSRF in config, select issuer, enable proxy compat
+- disable CLI
+- disable deprecated protocols (Java Web Start Agent Protocol/1 and /2) bu unchecking fields in Configure global security, Agents, Agent protocols

install_jenkins.yml

@@ -21,6 +21,11 @@
       certbot_create_standalone_stop_services:
         - nginx
   tasks:
+    - name: Configure Jenkins master-slave security
+      copy:
+        dest: /var/lib/jenkins/secrets/slave-to-master-security-kill-switch
+        content: false
+      notify: Restart jenkins
     - name: Ensure nginx
       apt: name=nginx state=present
       notify: Restart nginx
@@ -53,3 +58,5 @@
       systemd: name=nginx state=restarted
     - name: Reload nginx
       systemd: name=nginx state=reloaded
+    - name: Restart jenkins
+      systemd: name=jenkins state=restarted