Jenkins Bootstrap
This repository is reusable deployment code/configuration of Jenkins, which gets you up and running with a production-grade Jenkins quickly.
Integration
See the documentation.
Reusable pieces
Terraform modules
See the documentation.
Ansible role
Requirements
None.
Role variables
For any variables marked sensitive
, you are strongly encouraged to store the values in an Ansible Vault.
Required
-
jenkins_admin_password
- store in a Vault -
jenkins_external_hostname
-
SSH key - information about how to generate in Usage section below.
jenkins_ssh_key_passphrase
(sensitive)jenkins_ssh_private_key_data
(sensitive)jenkins_ssh_public_key_data
-
SSL configuration (sensitive)
- The key data approach is recommended.
Optional
See defaults/main.yml
.
Dependencies
Usage
-
Generate an SSH key.
ssh-keygen -t rsa -b 4096 -f temp.key -C "[email protected]" # enter a passphrase - store in Vault as vault_jenkins_ssh_key_passphrase cat temp.key # store in Vault as vault_jenkins_ssh_private_key_data cat temp.key.pub # store as jenkins_ssh_public_key_data rm temp.key*
-
Include the role and required variables. Example:
# requirements.yml - src: https://github.com/GSA/jenkins-deploy name: gsa.jenkins # group_vars/all/vars.yml jenkins_ssh_user: jenkins jenkins_ssh_public_key_data: | ssh-rsa ... [email protected] # group_vars/jenkins/vars.yml jenkins_external_hostname: ... jenkins_ssh_key_passphrase: "{{ vault_jenkins_ssh_key_passphrase }}" jenkins_ssh_private_key_data: "{{ vault_jenkins_ssh_private_key_data }}" ssl_certs_local_cert_data: "{{ vault_ssl_certs_local_cert_data }}" ssl_certs_local_privkey_data: "{{ vault_ssl_certs_local_privkey_data }}" # group_vars/jenkins/vault.yml (encrypted) vault_jenkins_ssh_key_passphrase: ... vault_jenkins_ssh_private_key_data: | -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- vault_ssl_certs_local_cert_data: | -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- vault_ssl_certs_local_privkey_data: | -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- # playbooks/jenkins.yml - hosts: jenkins become: true roles: - gsa.jenkins # playbooks/other.yml # hosts that Jenkins is going to run playbooks against - hosts: other become: true tasks: - name: Create Jenkins user user: name: "{{ jenkins_ssh_user }}" group: wheel - name: Set up SSH key for Jenkins authorized_key: user: "{{ jenkins_ssh_user }}" key: "{{ jenkins_ssh_public_key_data }}" # ...other host setup tasks...
-
Run the Terraform (if applicable) and the playbook.
-
Ensure you can log into Jenkins (at
jenkins_external_hostname
). -
Follow the manual configuration steps
License
CC0