This repository provisions and configures a secure Jenkins server on Ubuntu in AWS. It is fronted by NGINX and has public facing DNS so you are able to configure webhooks to trigger pipelines from github (for e.g.). It is basically a coded version of the set of prerequisite instructions found in the Digital Ocean tutorial how-to-set-up-continuous-integration-pipelines-in-jenkins-on-ubuntu-16-04 up to and including the section "Add the Jenkins User to the Docker Group". The intention is to quickly provision the Jenkins server so that you can focus on integrating Jenkins with github and defining the CI/CD process with the example Node.js application.
If you are familiar with AWS, already have an account with Access Keys and SSH key pairs then you should be good to go. If not, you may need to refer to some of the following. We are also using dynamic inventory so again please read and follow the links if unfamiliar. Knowledge in Ansible and Terraform is a bonus but not essential as the step by step guide will guide you through so long as you have them installed locally.
If you don't have one click here
Follow the installation guide if you do not have it installed.
Follow the installation guide if you do not have it installed.
You'll need a domain name. Get a free one here if you do not have one.
To read up on Ansible configuration go here
To read up on Dynamic Inventory go here but to summarise: Download ec2.py and ec2.ini and place them in
<user_home_directory>/ansible/
then configure
<user_home_directory>/.ansible.cfg
to include the following:
[defaults]
inventory = <user_home_directory>/ansible/ec2.py
host_key_checking = False
Add your AWS Access key and token here: <user_home_directory>/.aws/credentials Further reading here
If you don't already have one, generate a key pair as described here
If you are unfamiliar load your private key to your ssh-agent as described here
As per the prerequisites you should now have an AWS account with a key pair with the private key loaded into your ssh-agent daemon and access set up to your AWS subscription either by environment variables or the credentials file.
- Fork this repository by clicking on the Fork button.
- Clone the forked repository from your git account.
- Edit the following variables in terraform/terraform.tfvars region - The region you want to deploy to. key_name - The key name within AWS you want to ssh with ssh_ingress_cidr_blocks - A list of cidr blocks you want to ssh from (you may use one range, use whatsmyip if necessary).
- Edit the following variables in ansible/group_vars/all.yaml domain - Replace with your domain name. email - Replace with your email (This will be used to register with letsencrypt Certificate Authority)
- cd terraform
- terraform init
- terraform plan
- terraform apply
- copy the ip address output, log into your domain provider (e.g. freenom) and create an A record for 'blank' and 'www' for that ip address.
- cd ../ansible
- ansible-playbook main.yaml
You should now be able to type in your domain name into any browser from any location and be redirected to a secure Jenkins instance. You will need to copy the 'one-time' unlock key from the output of the ansible playbook into the initial prompt when you first log into Jenkins. Carry on with the tutorial at Digital Ocean how-to-set-up-continuous-integration-pipelines-in-jenkins-on-ubuntu-16-04