GSA/jenkins-deploy

Name: jenkins-deploy

Owner: U.S. General Services Administration

Description: deploy Jenkins to AWS with Terraform and Ansible

Created: 2017-04-27 08:29:19.0

Updated: 2018-03-29 19:42:46.0

Pushed: 2017-11-22 16:12:54.0

Homepage:

Size: 220

Language: HCL

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

Jenkins Bootstrap

This repository is reusable deployment code/configuration of Jenkins, which gets you up and running with a production-grade Jenkins quickly.

Integration

See the documentation.

Reusable pieces

Terraform modules

See the documentation.

Ansible role

Requirements

None.

Role variables

For any variables marked sensitive, you are strongly encouraged to store the values in an Ansible Vault.

Required

• jenkins_admin_password - store in a Vault

• jenkins_external_hostname

• SSH key - information about how to generate in Usage section below.

  • jenkins_ssh_key_passphrase (sensitive)
  • jenkins_ssh_private_key_data (sensitive)
  • jenkins_ssh_public_key_data

• SSL configuration (sensitive)

  • The key data approach is recommended.

Optional

See defaults/main.yml.

Dependencies

• geerlingguy.jenkins
• gsa.https-proxy
• srsp.oracle-java

Usage

1. Generate an SSH key.

   keygen -t rsa -b 4096 -f temp.key -C "group-email+jenkins@some.gov"
   ter a passphrase - store in Vault as vault_jenkins_ssh_key_passphrase
   
   temp.key
   ore in Vault as vault_jenkins_ssh_private_key_data
   
   temp.key.pub
   ore as jenkins_ssh_public_key_data
   
   emp.key*
   

2. Include the role and required variables. Example:

   quirements.yml
   c: https://github.com/GSA/jenkins-deploy
   me: gsa.jenkins
   
   oup_vars/all/vars.yml
   ins_ssh_user: jenkins
   ins_ssh_public_key_data: |
   h-rsa ... group-email+jenkins@some.gov
   
   oup_vars/jenkins/vars.yml
   ins_external_hostname: ...
   ins_ssh_key_passphrase: "{{ vault_jenkins_ssh_key_passphrase }}"
   ins_ssh_private_key_data: "{{ vault_jenkins_ssh_private_key_data }}"
   certs_local_cert_data: "{{ vault_ssl_certs_local_cert_data }}"
   certs_local_privkey_data: "{{ vault_ssl_certs_local_privkey_data }}"
   
   oup_vars/jenkins/vault.yml (encrypted)
   t_jenkins_ssh_key_passphrase: ...
   t_jenkins_ssh_private_key_data: |
   ---BEGIN RSA PRIVATE KEY-----
   .
   ---END RSA PRIVATE KEY-----
   t_ssl_certs_local_cert_data: |
   ---BEGIN CERTIFICATE-----
   .
   ---END CERTIFICATE-----
   t_ssl_certs_local_privkey_data: |
   ---BEGIN RSA PRIVATE KEY-----
   .
   ---END RSA PRIVATE KEY-----
   
   aybooks/jenkins.yml
   sts: jenkins
   come: true
   les:
   - gsa.jenkins
   
   aybooks/other.yml
   sts that Jenkins is going to run playbooks against
   sts: other
   come: true
   sks:
   - name: Create Jenkins user
     user:
       name: "{{ jenkins_ssh_user }}"
       group: wheel
   - name: Set up SSH key for Jenkins
     authorized_key:
       user: "{{ jenkins_ssh_user }}"
       key: "{{ jenkins_ssh_public_key_data }}"
   # ...other host setup tasks...
   

3. Run the Terraform (if applicable) and the playbook.

4. Ensure you can log into Jenkins (at jenkins_external_hostname).

5. Follow the manual configuration steps

License

CC0