This repository is reusable deployment code/configuration of Jenkins, which gets you up and running with a production-grade Jenkins quickly.
See the documentation.
See the documentation.
None.
For any variables marked sensitive, you are strongly encouraged to store the values in an Ansible Vault.
-
jenkins_admin_password- store in a Vault -
jenkins_external_hostname -
SSH key - information about how to generate in Usage section below.
jenkins_ssh_key_passphrase(sensitive)jenkins_ssh_private_key_data(sensitive)jenkins_ssh_public_key_data
-
SSL configuration (sensitive)
- The key data approach is recommended.
See defaults/main.yml.
-
Generate an SSH key.
ssh-keygen -t rsa -b 4096 -f temp.key -C "group-email+jenkins@some.gov" # enter a passphrase - store in Vault as vault_jenkins_ssh_key_passphrase cat temp.key # store in Vault as vault_jenkins_ssh_private_key_data cat temp.key.pub # store as jenkins_ssh_public_key_data rm temp.key*
-
Include the role and required variables. Example:
# requirements.yml - src: https://github.com/GSA/jenkins-deploy name: gsa.jenkins # group_vars/all/vars.yml jenkins_ssh_user: jenkins jenkins_ssh_public_key_data: | ssh-rsa ... group-email+jenkins@some.gov # group_vars/jenkins/vars.yml jenkins_external_hostname: ... jenkins_ssh_key_passphrase: "{{ vault_jenkins_ssh_key_passphrase }}" jenkins_ssh_private_key_data: "{{ vault_jenkins_ssh_private_key_data }}" ssl_certs_local_cert_data: "{{ vault_ssl_certs_local_cert_data }}" ssl_certs_local_privkey_data: "{{ vault_ssl_certs_local_privkey_data }}" # group_vars/jenkins/vault.yml (encrypted) vault_jenkins_ssh_key_passphrase: ... vault_jenkins_ssh_private_key_data: | -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- vault_ssl_certs_local_cert_data: | -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- vault_ssl_certs_local_privkey_data: | -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- # playbooks/jenkins.yml - hosts: jenkins become: true roles: - gsa.jenkins # playbooks/other.yml # hosts that Jenkins is going to run playbooks against - hosts: other become: true tasks: - name: Create Jenkins user user: name: "{{ jenkins_ssh_user }}" group: wheel - name: Set up SSH key for Jenkins authorized_key: user: "{{ jenkins_ssh_user }}" key: "{{ jenkins_ssh_public_key_data }}" # ...other host setup tasks...
-
Run the Terraform (if applicable) and the playbook.
-
Ensure you can log into Jenkins (at
jenkins_external_hostname). -
Follow the manual configuration steps
CC0