Name: jenkins-deploy
Owner: U.S. General Services Administration
Description: deploy Jenkins to AWS with Terraform and Ansible
Created: 2017-04-27 08:29:19.0
Updated: 2018-03-29 19:42:46.0
Pushed: 2017-11-22 16:12:54.0
Size: 220
Language: HCL
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
This repository is reusable deployment code/configuration of Jenkins, which gets you up and running with a production-grade Jenkins quickly.
See the documentation.
See the documentation.
None.
For any variables marked sensitive
, you are strongly encouraged to store the values in an Ansible Vault.
jenkins_admin_password
- store in a Vault
jenkins_external_hostname
SSH key - information about how to generate in Usage section below.
jenkins_ssh_key_passphrase
(sensitive)jenkins_ssh_private_key_data
(sensitive)jenkins_ssh_public_key_data
SSL configuration (sensitive)
See defaults/main.yml
.
Generate an SSH key.
keygen -t rsa -b 4096 -f temp.key -C "group-email+jenkins@some.gov"
ter a passphrase - store in Vault as vault_jenkins_ssh_key_passphrase
temp.key
ore in Vault as vault_jenkins_ssh_private_key_data
temp.key.pub
ore as jenkins_ssh_public_key_data
emp.key*
Include the role and required variables. Example:
quirements.yml
c: https://github.com/GSA/jenkins-deploy
me: gsa.jenkins
oup_vars/all/vars.yml
ins_ssh_user: jenkins
ins_ssh_public_key_data: |
h-rsa ... group-email+jenkins@some.gov
oup_vars/jenkins/vars.yml
ins_external_hostname: ...
ins_ssh_key_passphrase: "{{ vault_jenkins_ssh_key_passphrase }}"
ins_ssh_private_key_data: "{{ vault_jenkins_ssh_private_key_data }}"
certs_local_cert_data: "{{ vault_ssl_certs_local_cert_data }}"
certs_local_privkey_data: "{{ vault_ssl_certs_local_privkey_data }}"
oup_vars/jenkins/vault.yml (encrypted)
t_jenkins_ssh_key_passphrase: ...
t_jenkins_ssh_private_key_data: |
---BEGIN RSA PRIVATE KEY-----
.
---END RSA PRIVATE KEY-----
t_ssl_certs_local_cert_data: |
---BEGIN CERTIFICATE-----
.
---END CERTIFICATE-----
t_ssl_certs_local_privkey_data: |
---BEGIN RSA PRIVATE KEY-----
.
---END RSA PRIVATE KEY-----
aybooks/jenkins.yml
sts: jenkins
come: true
les:
- gsa.jenkins
aybooks/other.yml
sts that Jenkins is going to run playbooks against
sts: other
come: true
sks:
- name: Create Jenkins user
user:
name: "{{ jenkins_ssh_user }}"
group: wheel
- name: Set up SSH key for Jenkins
authorized_key:
user: "{{ jenkins_ssh_user }}"
key: "{{ jenkins_ssh_public_key_data }}"
# ...other host setup tasks...
Run the Terraform (if applicable) and the playbook.
Ensure you can log into Jenkins (at jenkins_external_hostname
).
Follow the manual configuration steps
CC0