From 1d4aa339a9b65206ab9f1cfe1d090ed9af3ba01f Mon Sep 17 00:00:00 2001 From: Victor Morales Date: Sun, 16 Oct 2016 11:56:25 -0500 Subject: [PATCH] Add CI/CD terraform scripts Change-Id: I791c9c50c70fcf41077c0c5125bce2b534be51c7 --- terraform/cicd/.gitignore | 3 + terraform/cicd/README.md | 73 ++++++++ terraform/cicd/Vagrantfile | 55 ++++++ terraform/cicd/gerrit.tf | 25 +++ terraform/cicd/gerrit.tpl | 15 ++ terraform/cicd/gerrit/postinstall.sh | 93 +++++++++ terraform/cicd/jenkins.tf | 27 +++ terraform/cicd/jenkins.tpl | 15 ++ terraform/cicd/jenkins/postinstall.sh | 219 ++++++++++++++++++++++ terraform/cicd/main.tf | 11 ++ terraform/cicd/network.tf | 46 +++++ terraform/cicd/redmine.tf | 47 +++++ terraform/cicd/redmine/postinstall_db.sh | 21 +++ terraform/cicd/redmine/postinstall_web.sh | 100 ++++++++++ terraform/cicd/redmine_db.tpl | 15 ++ terraform/cicd/redmine_web.tpl | 15 ++ terraform/cicd/variables.tf | 28 +++ 17 files changed, 808 insertions(+) create mode 100644 terraform/cicd/.gitignore create mode 100644 terraform/cicd/README.md create mode 100644 terraform/cicd/Vagrantfile create mode 100644 terraform/cicd/gerrit.tf create mode 100644 terraform/cicd/gerrit.tpl create mode 100644 terraform/cicd/gerrit/postinstall.sh create mode 100644 terraform/cicd/jenkins.tf create mode 100644 terraform/cicd/jenkins.tpl create mode 100644 terraform/cicd/jenkins/postinstall.sh create mode 100644 terraform/cicd/main.tf create mode 100644 terraform/cicd/network.tf create mode 100644 terraform/cicd/redmine.tf create mode 100644 terraform/cicd/redmine/postinstall_db.sh create mode 100644 terraform/cicd/redmine/postinstall_web.sh create mode 100644 terraform/cicd/redmine_db.tpl create mode 100644 terraform/cicd/redmine_web.tpl create mode 100644 terraform/cicd/variables.tf diff --git a/terraform/cicd/.gitignore b/terraform/cicd/.gitignore new file mode 100644 index 0000000..d67bb65 --- /dev/null +++ b/terraform/cicd/.gitignore @@ -0,0 +1,3 @@ +terraform.tfstate* +openrc +.vagrant/ diff --git a/terraform/cicd/README.md b/terraform/cicd/README.md new file mode 100644 index 0000000..890871b --- /dev/null +++ b/terraform/cicd/README.md @@ -0,0 +1,73 @@ +CI/CD for everyone else +======================= + +This Terraform project pretends to provision all the OpenStack resources for a Development Infrastructure required for Applications that uses Continuous Integration and Continuos Delivery software cycle. + +# Requirements: + +- [Install Terraform] (https://www.terraform.io/intro/getting-started/install.html) +- Customize according to your OpenStack Provider + +## General OpenStack settings + +Terraform OpenStack provider needs environment variables to be set +before you can run the scripts. In general, you can simply export OS +environment variables like the following: + +``` +export OS_TENANT_NAME=osic-engineering +export OS_AUTH_URL=https://cloud1.osic.org:5000/v2.0 +export OS_DOMAIN_NAME=Default +export OS_REGION_NAME=RegionOne +export OS_PASSWORD=secret +export OS_USERNAME=demo +``` +Those values depend on the OpenStack Cloud provider. + +## Steps for execution: + +``` +$ git clone https://github.com/electrocucaracha/terraform-cicd.git +$ cd terraform-cicd +$ terraform apply +... +Apply complete! Resources: 13 added, 0 changed, 0 destroyed. +... +Outputs: + +gerrit = http://10.0.0.1 +jenkins = http://10.0.0.2 +redmine = http://10.0.0.3 +``` + +## Post-configuration + +### Redmine Security Realm (authentication): + +First you need to get consumer key/secret from Redmine OAuth Provider Plugin. + +1. Log into your Redmine account. +2. Access to [YOUR_REDMINE_HOST]/oauth_clients +3. Click the **Register your application** link. +4. The system requests the following information: + * **Name** is required. For example, input Jenkins + * **Main Application URL** is required. For example, input your jenkins url. + * **Callback URL** is required. For example, input [YOUR_JENKINS_HOST]/securityRealm/finishLogin + * **Support URL** is not required. +5. Press **Register**. + The system generates a key and a secret for you. + Toggle the consumer name to see the generated Key and Secret value for your consumer. + +Second, you need to configure your Jenkins. + +1. Open Jenkins **Configure System** page. +2. Check **Enable security**. +3. Select **Redmine OAuth Plugin** in **Security Realm**. +4. Input your Redmine Url to **Redmine Url**. +5. Input your Consumer Key to **Client ID**. +6. Input your Consumer Secret to **Client Secret**. +7. Click **Save** button. + +## Destroy: + + terraform destroy diff --git a/terraform/cicd/Vagrantfile b/terraform/cicd/Vagrantfile new file mode 100644 index 0000000..b750f1a --- /dev/null +++ b/terraform/cicd/Vagrantfile @@ -0,0 +1,55 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + config.vm.box = "sputnik13/trusty64" + + config.vm.define :redmine_db do |redmine_db| + redmine_db.vm.hostname = 'redmine-db' + redmine_db.vm.network :private_network, ip: '192.168.50.2' + redmine_db.vm.provider "virtualbox" do |v| + v.customize ["modifyvm", :id, "--memory", 1 * 1024] + end + redmine_db.vm.provision 'shell' do |s| + s.path = 'redmine/postinstall_db.sh' + s.args = ['root_password', 'redmine_password'] + end + end + config.vm.define :redmine_web do |redmine_web| + redmine_web.vm.hostname = 'redmine' + redmine_web.vm.network :private_network, ip: '192.168.50.3' + redmine_web.vm.provider "virtualbox" do |v| + v.customize ["modifyvm", :id, "--memory", 2 * 1024] + end + redmine_web.vm.provision 'shell' do |s| + s.path = 'redmine/postinstall_web.sh' + s.args = ['3.3.0', '192.168.50.2', 'redmine_password'] + end + end + config.vm.define :gerrit do |gerrit| + gerrit.vm.hostname = "gerrit" + gerrit.vm.network :private_network, ip: '192.168.50.5' + gerrit.vm.provider "virtualbox" do |v| + v.customize ["modifyvm", :id, "--memory", 1 * 1024] + end + gerrit.vm.provision 'shell' do |s| + s.path = 'gerrit/postinstall.sh' + s.args = ['127.0.0.1'] + end + end + config.vm.define :jenkins do |jenkins| + jenkins.vm.hostname = "jenkins" + jenkins.vm.network :private_network, ip: '192.168.50.6' + jenkins.vm.provider "virtualbox" do |v| + v.customize ["modifyvm", :id, "--memory", 1 * 1024] + end + jenkins.vm.provision 'shell' do |s| + s.path = 'jenkins/postinstall.sh' + s.args = ['192.168.50.3', '3.3.0', '192.168.50.5'] + end + end +end diff --git a/terraform/cicd/gerrit.tf b/terraform/cicd/gerrit.tf new file mode 100644 index 0000000..11dfbee --- /dev/null +++ b/terraform/cicd/gerrit.tf @@ -0,0 +1,25 @@ +resource "openstack_compute_floatingip_v2" "gerrit_floatingip" { + depends_on = ["openstack_networking_router_interface_v2.router_interface"] + pool = "${var.floating_pool}" +} + +# Template for gerrit installation +data "template_file" "gerrit_postinstall_script" { + template = "${file("gerrit.tpl")}" + vars { + password = "secure" + } +} + +resource "openstack_compute_instance_v2" "gerrit" { + name = "gerrit" + image_name = "${var.image}" + flavor_name = "${var.flavor}" + security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ] + floating_ip = "${openstack_compute_floatingip_v2.gerrit_floatingip.address}" + user_data = "${data.template_file.gerrit_postinstall_script.rendered}" + + network { + uuid = "${openstack_networking_network_v2.private_network.id}" + } +} diff --git a/terraform/cicd/gerrit.tpl b/terraform/cicd/gerrit.tpl new file mode 100644 index 0000000..dd8fc6d --- /dev/null +++ b/terraform/cicd/gerrit.tpl @@ -0,0 +1,15 @@ +#cloud-config + +ssh_pwauth: true + +users: + - name: cicd + passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/ + lock_passwd: False + sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"] + shell: /bin/bash + +runcmd: + - wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/gerrit/postinstall.sh + - chmod 755 postinstall.sh + - bash postinstall.sh diff --git a/terraform/cicd/gerrit/postinstall.sh b/terraform/cicd/gerrit/postinstall.sh new file mode 100644 index 0000000..b79a7fb --- /dev/null +++ b/terraform/cicd/gerrit/postinstall.sh @@ -0,0 +1,93 @@ +#!/bin/bash + +ROOT_DBPASS=secure +GERRIT_DBPASS=secure +gerrit_version=2.12.4 +deployment_folder=/opt/gerrit + +# 1. Configure Java for Strong Cryptography +apt-get update -y +apt-get install software-properties-common -y +add-apt-repository ppa:webupd8team/java -y +apt-get update -y + +echo debconf shared/accepted-oracle-license-v1-1 select true | debconf-set-selections +echo debconf shared/accepted-oracle-license-v1-1 seen true | debconf-set-selections + +apt-get install -y oracle-java8-set-default oracle-java8-unlimited-jce-policy + +# 2. Download Gerrit +wget https://www.gerritcodereview.com/download/gerrit-${gerrit_version}.war + +# 3. Database Setup +debconf-set-selections <<< "mysql-server mysql-server/root_password password ${ROOT_DBPASS}" +debconf-set-selections <<< "mysql-server mysql-server/root_password_again password ${ROOT_DBPASS}" +apt-get install -y mariadb-server + +mysql -uroot -p${ROOT_DBPASS} -e "CREATE DATABASE reviewdb;" +mysql -uroot -p${ROOT_DBPASS} -e "GRANT ALL PRIVILEGES ON reviewdb.* TO 'gerrit'@'localhost' IDENTIFIED BY '${GERRIT_DBPASS}';"; + +# 4. Initialize the Site +useradd gerrit +echo "gerrit:${GERRIT_DBPASS}"| chpasswd +mkdir -p ${deployment_folder}/etc/ +cat < ${deployment_folder}/etc/gerrit.config +[gerrit] + basePath = localhost + canonicalWebUrl = http://${HOSTNAME} +[database] + type = mysql + hostname = localhost + database = reviewdb + username = gerrit + password = ${GERRIT_DBPASS} +[index] + type = LUCENE +[auth] + type = DEVELOPMENT_BECOME_ANY_ACCOUNT +[receive] + enableSignedPush = true +[sendemail] + smtpServer = localhost +[container] + user = root + javaHome = /usr/lib/jvm/java-8-oracle/jre +[sshd] + listenAddress = *:29418 +[httpd] + listenUrl = proxy-http://*:8080/ +[cache] + directory = cache +EOL + +apt-get install -y gitweb + +java -jar gerrit-${gerrit_version}.war init -d ${deployment_folder} --batch +# The second time downloads bcpkix jar +java -jar gerrit-${gerrit_version}.war init -d ${deployment_folder} --batch +java -jar gerrit-${gerrit_version}.war reindex -d ${deployment_folder} + +ln -snf ${deployment_folder}/bin/gerrit.sh /etc/init.d/gerrit +ln -snf /etc/init.d/gerrit /etc/rc3.d/S90gerrit + +cat < /etc/default/gerritcodereview +GERRIT_SITE=${deployment_folder} +EOL + +service gerrit start + +a2enmod proxy +a2enmod proxy_http + +cat < /etc/apache2/sites-available/000-default.conf + + ProxyPreserveHost On + + + ProxyPass http://0.0.0.0:8080/ + Order allow,deny + Allow from all + + +EOL +service apache2 restart diff --git a/terraform/cicd/jenkins.tf b/terraform/cicd/jenkins.tf new file mode 100644 index 0000000..6156c78 --- /dev/null +++ b/terraform/cicd/jenkins.tf @@ -0,0 +1,27 @@ +resource "openstack_compute_floatingip_v2" "jenkins_floatingip" { + depends_on = ["openstack_networking_router_interface_v2.router_interface"] + pool = "${var.floating_pool}" +} + +# Template for jenkins installation +data "template_file" "jenkins_postinstall_script" { + template = "${file("jenkins.tpl")}" + vars { + redmine_ip = "${openstack_compute_floatingip_v2.redmine_floatingip.address}" + redmine_version = "${var.redmine_version}" + gerrit_ip = "${openstack_compute_floatingip_v2.gerrit_floatingip.address}" + } +} + +resource "openstack_compute_instance_v2" "jenkins" { + name = "jenkins" + image_name = "${var.image}" + flavor_name = "${var.flavor}" + security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ] + floating_ip = "${openstack_compute_floatingip_v2.jenkins_floatingip.address}" + user_data = "${data.template_file.jenkins_postinstall_script.rendered}" + + network { + uuid = "${openstack_networking_network_v2.private_network.id}" + } +} diff --git a/terraform/cicd/jenkins.tpl b/terraform/cicd/jenkins.tpl new file mode 100644 index 0000000..bd9ae60 --- /dev/null +++ b/terraform/cicd/jenkins.tpl @@ -0,0 +1,15 @@ +#cloud-config + +ssh_pwauth: true + +users: + - name: cicd + passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/ + lock_passwd: False + sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"] + shell: /bin/bash + +runcmd: + - wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/jenkins/postinstall.sh + - chmod 755 postinstall.sh + - bash postinstall.sh ${redmine_ip} ${redmine_version} ${gerrit_ip} diff --git a/terraform/cicd/jenkins/postinstall.sh b/terraform/cicd/jenkins/postinstall.sh new file mode 100644 index 0000000..183bb4b --- /dev/null +++ b/terraform/cicd/jenkins/postinstall.sh @@ -0,0 +1,219 @@ +#!/bin/bash + +version=2.25 +filename=jenkins_${version}_all.deb + +redmine_ip=$1 +redmine_version=$2 +gerrit_ip=$3 + +apt-get update -y +apt-get install -y openjdk-7-jdk daemon nginx +wget -q -O - https://pkg.jenkins.io/debian/jenkins-ci.org.key | apt-key add - +echo deb http://pkg.jenkins.io/debian binary/ > /etc/apt/sources.list.d/jenkins.list +apt-get update -y +wget http://pkg.jenkins.io/debian/binary/$filename +dpkg -i $filename +rm $filename + +rm /etc/nginx/sites-available/default +cat < /etc/nginx/sites-available/jenkins +upstream app_server { + server 127.0.0.1:8080 fail_timeout=0; +} + +server { + listen 80; + listen [::]:80 default ipv6only=on; + server_name ci.yourcompany.com; + + location / { + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header Host \$http_host; + proxy_redirect off; + + if (!-f \$request_filename) { + proxy_pass http://app_server; + break; + } + } +} +EOL + +ln -s /etc/nginx/sites-available/jenkins /etc/nginx/sites-enabled/ +service nginx restart + +echo $version > /var/lib/jenkins/jenkins.install.InstallUtil.lastExecVersion +sed -i "s|127.0.0.1 localhost|127.0.0.1 localhost $(hostname)|g" /etc/hosts + +# Install plugins + +wget http://updates.jenkins-ci.org/latest/redmine.hpi -P /var/lib/jenkins/plugins +wget http://updates.jenkins-ci.org/latest/subversion.hpi -P /var/lib/jenkins/plugins +wget http://updates.jenkins-ci.org/latest/mapdb-api.hpi -P /var/lib/jenkins/plugins +wget http://updates.jenkins-ci.org/latest/credentials.hpi -P /var/lib/jenkins/plugins +wget http://updates.jenkins-ci.org/latest/ssh-credentials.hpi -P /var/lib/jenkins/plugins +wget http://updates.jenkins-ci.org/latest/scm-api.hpi -P /var/lib/jenkins/plugins +wget http://updates.jenkins-ci.org/latest/structs.hpi -P /var/lib/jenkins/plugins +wget http://updates.jenkins-ci.org/latest/workflow-step-api.hpi -P /var/lib/jenkins/plugins +wget http://updates.jenkins-ci.org/latest/workflow-scm-step.hpi -P /var/lib/jenkins/plugins + +wget http://updates.jenkins-ci.org/latest/gerrit-trigger.hpi -P /var/lib/jenkins/plugins + +apt-get install -y git maven +redmine_oauth_folder=/tmp/redmine-oauth-plugin +git clone https://github.com/mallowlabs/redmine-oauth-plugin.git $redmine_oauth_folder +pushd $redmine_oauth_folder +mvn package +export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/ +mv target/redmine-oauth.hpi /var/lib/jenkins/plugins/ +popd + + +cd /var/lib/jenkins/ +# Configure Redmine +cat < hudson.plugins.redmine.RedmineProjectProperty.xml + + + + + redmine + http://$redmine_ip/ + $redmine_version + + + +EOL + +cat < gerrit-trigger.xml + + + + + gerrit + false + + $gerrit_ip + 29418 + + jenkins + + /var/lib/jenkins/.ssh/id_rsa + f+BwOT8JcD9bpti9rVi5OQ== + false + false + false + gerrit review <CHANGE>,<PATCHSET> --message 'Build Successful <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW> + gerrit review <CHANGE>,<PATCHSET> --message 'Build Unstable <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW> + gerrit review <CHANGE>,<PATCHSET> --message 'Build Failed <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW> + gerrit review <CHANGE>,<PATCHSET> --message 'Build Started <BUILDURL> <STARTED_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW> + gerrit review <CHANGE>,<PATCHSET> --message 'No Builds Executed <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW> + http://$gerrit_ip/ + 0 + 1 + -1 + 0 + 0 + 0 + 0 + 0 + -1 + 0 + true + true + 3 + 30 + true + 3600 + 0 + + + Code-Review + Code Review + + + Verified + Verified + + + + false + + false + + 0 + + + + + ALL + + false + false + false + + + + + + 3 + 1 + 360 + + +EOL + +cat < config.xml + + + + 1.0 + 2 + NORMAL + true + + + http://${redmine_ip} + + + + false + + \${ITEM_ROOTDIR}/workspace + \${ITEM_ROOTDIR}/builds + + + + + + 0 + + + + All + false + false + + + + All + 0 + + + + +EOL + +cat < jenkins.security.QueueItemAuthenticatorConfiguration.xml + + + + +EOL + +chown jenkins:jenkins -R /var/lib/jenkins/ +service jenkins restart +echo false > secrets/slave-to-master-security-kill-switch +service jenkins restart + +su jenkins -c "ssh-keygen -b 2048 -t rsa -f /var/lib/jenkins/.ssh/id_rsa -q -N \"\"" diff --git a/terraform/cicd/main.tf b/terraform/cicd/main.tf new file mode 100644 index 0000000..c34e0d8 --- /dev/null +++ b/terraform/cicd/main.tf @@ -0,0 +1,11 @@ +output "gerrit" { + value = "http://${openstack_compute_floatingip_v2.gerrit_floatingip.address}" +} + +output "jenkins" { + value = "http://${openstack_compute_floatingip_v2.jenkins_floatingip.address}" +} + +output "redmine" { + value = "http://${openstack_compute_floatingip_v2.redmine_floatingip.address}" +} diff --git a/terraform/cicd/network.tf b/terraform/cicd/network.tf new file mode 100644 index 0000000..59731df --- /dev/null +++ b/terraform/cicd/network.tf @@ -0,0 +1,46 @@ +resource "openstack_networking_network_v2" "private_network" { + name = "cicd-private" + admin_state_up = "true" +} + +resource "openstack_networking_subnet_v2" "private_subnet01" { + name = "cicd-subnet" + network_id = "${openstack_networking_network_v2.private_network.id}" + cidr = "192.168.50.0/24" + ip_version = 4 + enable_dhcp = "true" + dns_nameservers = ["8.8.8.8"] +} + +resource "openstack_compute_secgroup_v2" "secgroup" { + name = "cicd-secgroup" + description = "Security group for accessing to CI/CD environment" + rule { + from_port = 22 + to_port = 22 + ip_protocol = "tcp" + cidr = "0.0.0.0/0" + } + rule { + from_port = 80 + to_port = 80 + ip_protocol = "tcp" + cidr = "0.0.0.0/0" + } +} + +resource "openstack_networking_router_v2" "router" { + name = "cicd-router" + admin_state_up = "true" + external_gateway = "${var.external_gateway}" +} + +resource "openstack_networking_router_interface_v2" "router_interface" { + router_id = "${openstack_networking_router_v2.router.id}" + subnet_id = "${openstack_networking_subnet_v2.private_subnet01.id}" +} + +resource "openstack_compute_floatingip_v2" "floatingip" { + depends_on = ["openstack_networking_router_interface_v2.router_interface"] + pool = "${var.floating_pool}" +} diff --git a/terraform/cicd/redmine.tf b/terraform/cicd/redmine.tf new file mode 100644 index 0000000..05e6750 --- /dev/null +++ b/terraform/cicd/redmine.tf @@ -0,0 +1,47 @@ +resource "openstack_compute_floatingip_v2" "redmine_floatingip" { + depends_on = ["openstack_networking_router_interface_v2.router_interface"] + pool = "${var.floating_pool}" +} + +# Template for redmine webserver installation +data "template_file" "redmine_web_postinstall_script" { + template = "${file("redmine_web.tpl")}" + vars { + version = "${var.redmine_version}" + redmine_db_ip = "${openstack_compute_instance_v2.redmine_db.network.0.fixed_ip_v4}" + redmine_db_password = "${var.redmine_db_password}" + } +} + +resource "openstack_compute_instance_v2" "redmine" { + depends_on = ["openstack_compute_instance_v2.redmine_db"] + name = "redmine" + image_name = "${var.image}" + flavor_name = "${var.flavor}" + security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ] + floating_ip = "${openstack_compute_floatingip_v2.redmine_floatingip.address}" + user_data = "${data.template_file.redmine_web_postinstall_script.rendered}" + network { + uuid = "${openstack_networking_network_v2.private_network.id}" + } +} + +# Template for redmine database installation +data "template_file" "redmine_db_postinstall_script" { + template = "${file("redmine_db.tpl")}" + vars { + root_db_password = "${var.root_db_password}" + redmine_db_password = "${var.redmine_db_password}" + } +} + +resource "openstack_compute_instance_v2" "redmine_db" { + name = "redmine-db" + image_name = "${var.image}" + flavor_name = "${var.flavor}" + user_data = "${data.template_file.redmine_db_postinstall_script.rendered}" + + network { + uuid = "${openstack_networking_network_v2.private_network.id}" + } +} diff --git a/terraform/cicd/redmine/postinstall_db.sh b/terraform/cicd/redmine/postinstall_db.sh new file mode 100644 index 0000000..71e866d --- /dev/null +++ b/terraform/cicd/redmine/postinstall_db.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +ROOT_DBPASS=$1 +REDMINE_DBPASS=$2 + +# 0. Install dependencies +apt-get update -y +apt-get upgrade -y + +# 2. Create an empty database and accompanying user +debconf-set-selections <<< "mysql-server mysql-server/root_password password ${ROOT_DBPASS}" +debconf-set-selections <<< "mysql-server mysql-server/root_password_again password ${ROOT_DBPASS}" +apt-get install -y mariadb-server + +mysql -uroot -p${ROOT_DBPASS} -e "CREATE DATABASE redmine CHARACTER SET utf8;" +mysql -uroot -p${ROOT_DBPASS} -e "GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'%' IDENTIFIED BY '${REDMINE_DBPASS}';"; + +sed -i "s|127.0.0.1|0.0.0.0|g" /etc/mysql/my.cnf +service mysql restart +sleep 5 +echo -e "${ROOT_DBPASS}\nn\nY\nY\nY\n" | mysql_secure_installation diff --git a/terraform/cicd/redmine/postinstall_web.sh b/terraform/cicd/redmine/postinstall_web.sh new file mode 100644 index 0000000..fd7ee14 --- /dev/null +++ b/terraform/cicd/redmine/postinstall_web.sh @@ -0,0 +1,100 @@ +#!/bin/bash + +version=$1 +redmine_db_ip=$2 +REDMINE_DBPASS=$3 + +export REDMINE_LANG=en +output_folder=/opt/redmine +redmine_folder=$output_folder/redmine-$version +bootstrap_plugin_version=0.2.4 +jenkins_plugin_version=1.0.1 +oauth_provider=0.0.5 + +# 0. Install dependencies +apt-get update -y +apt-get upgrade -y +apt-get install -y rubygems-integration ruby-dev libmysqlclient-dev build-essential libcurl4-openssl-dev + +# 1. Redmine application +mkdir $output_folder +wget -O /tmp/redmine.tar.gz http://www.redmine.org/releases/redmine-$version.tar.gz +tar xzf /tmp/redmine.tar.gz -C $output_folder +cd $redmine_folder + +# 3. Database connection configuration +cat < config/database.yml +production: + adapter: mysql2 + database: redmine + host: ${redmine_db_ip} + username: redmine + password: "${REDMINE_DBPASS}" + encoding: utf8 +EOL + +# 4. Dependencies installation +gem install bundler +bundle install --without development test rmagick + +# 5. Session store secret generation +bundle exec rake generate_secret_token + +# 6. Database schema objects creation +RAILS_ENV=production bundle exec rake db:migrate + +# 7. Database default data set +RAILS_ENV=production bundle exec rake redmine:load_default_data + +# 8. File system permissions +mkdir -p tmp tmp/pdf public/plugin_assets +useradd redmine +chown -R redmine:redmine files log tmp public/plugin_assets +chmod -R 755 files log tmp public/plugin_assets + +# 9. Install Passenger packages +apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7 +apt-get install -y apt-transport-https ca-certificates +echo 'deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main' > /etc/apt/sources.list.d/passenger.list +apt-get update +apt-get install -y nginx-extras passenger +sed -i "s|# include /etc/nginx/passenger.conf;|include /etc/nginx/passenger.conf;|g" /etc/nginx/nginx.conf + +# 10. Configure Nginx +cat < /etc/nginx/sites-available/redmine +server { + listen 80; + server_name www.redmine.me; + root $redmine_folder/public; + passenger_enabled on; + client_max_body_size 10m; # Max attachemnt size +} +EOL +ln -s /etc/nginx/sites-available/redmine /etc/nginx/sites-enabled/redmine +rm /etc/nginx/sites-enabled/default + +# Configure jenkins plugin and their dependencies +apt-get install -y git + +cd ${redmine_folder}/plugins +git clone https://github.com/jbox-web/redmine_bootstrap_kit.git +pushd redmine_bootstrap_kit/ +git checkout tags/${bootstrap_plugin_version} +popd + +git clone https://github.com/jbox-web/redmine_jenkins.git +pushd redmine_jenkins/ +git checkout tags/${jenkins_plugin_version} +popd + +git clone https://github.com/suer/redmine_oauth_provider.git +pushd redmine_oauth_provider +git checkout tags/${oauth_provider} +popd + +bundle install --without development test +bundle exec rake redmine:plugins:migrate RAILS_ENV=production + +chown -R redmine:redmine ${redmine_folder} + +service nginx restart diff --git a/terraform/cicd/redmine_db.tpl b/terraform/cicd/redmine_db.tpl new file mode 100644 index 0000000..87de496 --- /dev/null +++ b/terraform/cicd/redmine_db.tpl @@ -0,0 +1,15 @@ +#cloud-config + +ssh_pwauth: true + +users: + - name: cicd + passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/ + lock_passwd: False + sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"] + shell: /bin/bash + +runcmd: + - wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/redmine/postinstall_db.sh + - chmod 755 postinstall_db.sh + - bash postinstall_db.sh ${root_db_password} ${redmine_db_password} diff --git a/terraform/cicd/redmine_web.tpl b/terraform/cicd/redmine_web.tpl new file mode 100644 index 0000000..de2f70a --- /dev/null +++ b/terraform/cicd/redmine_web.tpl @@ -0,0 +1,15 @@ +#cloud-config + +ssh_pwauth: true + +users: + - name: cicd + passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/ + lock_passwd: False + sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"] + shell: /bin/bash + +runcmd: + - wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/redmine/postinstall_web.sh + - chmod 755 postinstall_web.sh + - bash postinstall_web.sh ${version} ${redmine_db_ip} ${redmine_db_password} diff --git a/terraform/cicd/variables.tf b/terraform/cicd/variables.tf new file mode 100644 index 0000000..5439021 --- /dev/null +++ b/terraform/cicd/variables.tf @@ -0,0 +1,28 @@ +variable "image" { + default = "ubuntu-14.04-cloud" +} + +variable "flavor" { + default = "m2.large" +} + +variable "external_gateway" { + default = "7004a83a-13d3-4dcd-8cf5-52af1ace4cae" +} + +variable "floating_pool" { + default = "GATEWAY_NET" +} + +# Redmine Configuration values +variable "redmine_version" { + default = "3.3.0" +} + +variable "root_db_password"{ + default = "secure" +} + +variable "redmine_db_password"{ + default = "secure" +}