Merge "Add CI/CD terraform scripts"

This commit is contained in:
Jenkins 2016-10-18 19:36:54 +00:00 committed by Gerrit Code Review
commit f945a3ecd2
17 changed files with 808 additions and 0 deletions

3
terraform/cicd/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
terraform.tfstate*
openrc
.vagrant/

73
terraform/cicd/README.md Normal file
View File

@ -0,0 +1,73 @@
CI/CD for everyone else
=======================
This Terraform project pretends to provision all the OpenStack resources for a Development Infrastructure required for Applications that uses Continuous Integration and Continuos Delivery software cycle.
# Requirements:
- [Install Terraform] (https://www.terraform.io/intro/getting-started/install.html)
- Customize according to your OpenStack Provider
## General OpenStack settings
Terraform OpenStack provider needs environment variables to be set
before you can run the scripts. In general, you can simply export OS
environment variables like the following:
```
export OS_TENANT_NAME=osic-engineering
export OS_AUTH_URL=https://cloud1.osic.org:5000/v2.0
export OS_DOMAIN_NAME=Default
export OS_REGION_NAME=RegionOne
export OS_PASSWORD=secret
export OS_USERNAME=demo
```
Those values depend on the OpenStack Cloud provider.
## Steps for execution:
```
$ git clone https://github.com/electrocucaracha/terraform-cicd.git
$ cd terraform-cicd
$ terraform apply
...
Apply complete! Resources: 13 added, 0 changed, 0 destroyed.
...
Outputs:
gerrit = http://10.0.0.1
jenkins = http://10.0.0.2
redmine = http://10.0.0.3
```
## Post-configuration
### Redmine Security Realm (authentication):
First you need to get consumer key/secret from Redmine OAuth Provider Plugin.
1. Log into your Redmine account.
2. Access to [YOUR_REDMINE_HOST]/oauth_clients
3. Click the **Register your application** link.
4. The system requests the following information:
* **Name** is required. For example, input Jenkins
* **Main Application URL** is required. For example, input your jenkins url.
* **Callback URL** is required. For example, input [YOUR_JENKINS_HOST]/securityRealm/finishLogin
* **Support URL** is not required.
5. Press **Register**.
The system generates a key and a secret for you.
Toggle the consumer name to see the generated Key and Secret value for your consumer.
Second, you need to configure your Jenkins.
1. Open Jenkins **Configure System** page.
2. Check **Enable security**.
3. Select **Redmine OAuth Plugin** in **Security Realm**.
4. Input your Redmine Url to **Redmine Url**.
5. Input your Consumer Key to **Client ID**.
6. Input your Consumer Secret to **Client Secret**.
7. Click **Save** button.
## Destroy:
terraform destroy

55
terraform/cicd/Vagrantfile vendored Normal file
View File

@ -0,0 +1,55 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
config.vm.box = "sputnik13/trusty64"
config.vm.define :redmine_db do |redmine_db|
redmine_db.vm.hostname = 'redmine-db'
redmine_db.vm.network :private_network, ip: '192.168.50.2'
redmine_db.vm.provider "virtualbox" do |v|
v.customize ["modifyvm", :id, "--memory", 1 * 1024]
end
redmine_db.vm.provision 'shell' do |s|
s.path = 'redmine/postinstall_db.sh'
s.args = ['root_password', 'redmine_password']
end
end
config.vm.define :redmine_web do |redmine_web|
redmine_web.vm.hostname = 'redmine'
redmine_web.vm.network :private_network, ip: '192.168.50.3'
redmine_web.vm.provider "virtualbox" do |v|
v.customize ["modifyvm", :id, "--memory", 2 * 1024]
end
redmine_web.vm.provision 'shell' do |s|
s.path = 'redmine/postinstall_web.sh'
s.args = ['3.3.0', '192.168.50.2', 'redmine_password']
end
end
config.vm.define :gerrit do |gerrit|
gerrit.vm.hostname = "gerrit"
gerrit.vm.network :private_network, ip: '192.168.50.5'
gerrit.vm.provider "virtualbox" do |v|
v.customize ["modifyvm", :id, "--memory", 1 * 1024]
end
gerrit.vm.provision 'shell' do |s|
s.path = 'gerrit/postinstall.sh'
s.args = ['127.0.0.1']
end
end
config.vm.define :jenkins do |jenkins|
jenkins.vm.hostname = "jenkins"
jenkins.vm.network :private_network, ip: '192.168.50.6'
jenkins.vm.provider "virtualbox" do |v|
v.customize ["modifyvm", :id, "--memory", 1 * 1024]
end
jenkins.vm.provision 'shell' do |s|
s.path = 'jenkins/postinstall.sh'
s.args = ['192.168.50.3', '3.3.0', '192.168.50.5']
end
end
end

25
terraform/cicd/gerrit.tf Normal file
View File

@ -0,0 +1,25 @@
resource "openstack_compute_floatingip_v2" "gerrit_floatingip" {
depends_on = ["openstack_networking_router_interface_v2.router_interface"]
pool = "${var.floating_pool}"
}
# Template for gerrit installation
data "template_file" "gerrit_postinstall_script" {
template = "${file("gerrit.tpl")}"
vars {
password = "secure"
}
}
resource "openstack_compute_instance_v2" "gerrit" {
name = "gerrit"
image_name = "${var.image}"
flavor_name = "${var.flavor}"
security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ]
floating_ip = "${openstack_compute_floatingip_v2.gerrit_floatingip.address}"
user_data = "${data.template_file.gerrit_postinstall_script.rendered}"
network {
uuid = "${openstack_networking_network_v2.private_network.id}"
}
}

15
terraform/cicd/gerrit.tpl Normal file
View File

@ -0,0 +1,15 @@
#cloud-config
ssh_pwauth: true
users:
- name: cicd
passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/
lock_passwd: False
sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
shell: /bin/bash
runcmd:
- wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/gerrit/postinstall.sh
- chmod 755 postinstall.sh
- bash postinstall.sh

View File

@ -0,0 +1,93 @@
#!/bin/bash
ROOT_DBPASS=secure
GERRIT_DBPASS=secure
gerrit_version=2.12.4
deployment_folder=/opt/gerrit
# 1. Configure Java for Strong Cryptography
apt-get update -y
apt-get install software-properties-common -y
add-apt-repository ppa:webupd8team/java -y
apt-get update -y
echo debconf shared/accepted-oracle-license-v1-1 select true | debconf-set-selections
echo debconf shared/accepted-oracle-license-v1-1 seen true | debconf-set-selections
apt-get install -y oracle-java8-set-default oracle-java8-unlimited-jce-policy
# 2. Download Gerrit
wget https://www.gerritcodereview.com/download/gerrit-${gerrit_version}.war
# 3. Database Setup
debconf-set-selections <<< "mysql-server mysql-server/root_password password ${ROOT_DBPASS}"
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password ${ROOT_DBPASS}"
apt-get install -y mariadb-server
mysql -uroot -p${ROOT_DBPASS} -e "CREATE DATABASE reviewdb;"
mysql -uroot -p${ROOT_DBPASS} -e "GRANT ALL PRIVILEGES ON reviewdb.* TO 'gerrit'@'localhost' IDENTIFIED BY '${GERRIT_DBPASS}';";
# 4. Initialize the Site
useradd gerrit
echo "gerrit:${GERRIT_DBPASS}"| chpasswd
mkdir -p ${deployment_folder}/etc/
cat <<EOL > ${deployment_folder}/etc/gerrit.config
[gerrit]
basePath = localhost
canonicalWebUrl = http://${HOSTNAME}
[database]
type = mysql
hostname = localhost
database = reviewdb
username = gerrit
password = ${GERRIT_DBPASS}
[index]
type = LUCENE
[auth]
type = DEVELOPMENT_BECOME_ANY_ACCOUNT
[receive]
enableSignedPush = true
[sendemail]
smtpServer = localhost
[container]
user = root
javaHome = /usr/lib/jvm/java-8-oracle/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://*:8080/
[cache]
directory = cache
EOL
apt-get install -y gitweb
java -jar gerrit-${gerrit_version}.war init -d ${deployment_folder} --batch
# The second time downloads bcpkix jar
java -jar gerrit-${gerrit_version}.war init -d ${deployment_folder} --batch
java -jar gerrit-${gerrit_version}.war reindex -d ${deployment_folder}
ln -snf ${deployment_folder}/bin/gerrit.sh /etc/init.d/gerrit
ln -snf /etc/init.d/gerrit /etc/rc3.d/S90gerrit
cat <<EOL > /etc/default/gerritcodereview
GERRIT_SITE=${deployment_folder}
EOL
service gerrit start
a2enmod proxy
a2enmod proxy_http
cat <<EOL > /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ProxyPreserveHost On
<Location />
ProxyPass http://0.0.0.0:8080/
Order allow,deny
Allow from all
</Location>
</VirtualHost>
EOL
service apache2 restart

27
terraform/cicd/jenkins.tf Normal file
View File

@ -0,0 +1,27 @@
resource "openstack_compute_floatingip_v2" "jenkins_floatingip" {
depends_on = ["openstack_networking_router_interface_v2.router_interface"]
pool = "${var.floating_pool}"
}
# Template for jenkins installation
data "template_file" "jenkins_postinstall_script" {
template = "${file("jenkins.tpl")}"
vars {
redmine_ip = "${openstack_compute_floatingip_v2.redmine_floatingip.address}"
redmine_version = "${var.redmine_version}"
gerrit_ip = "${openstack_compute_floatingip_v2.gerrit_floatingip.address}"
}
}
resource "openstack_compute_instance_v2" "jenkins" {
name = "jenkins"
image_name = "${var.image}"
flavor_name = "${var.flavor}"
security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ]
floating_ip = "${openstack_compute_floatingip_v2.jenkins_floatingip.address}"
user_data = "${data.template_file.jenkins_postinstall_script.rendered}"
network {
uuid = "${openstack_networking_network_v2.private_network.id}"
}
}

View File

@ -0,0 +1,15 @@
#cloud-config
ssh_pwauth: true
users:
- name: cicd
passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/
lock_passwd: False
sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
shell: /bin/bash
runcmd:
- wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/jenkins/postinstall.sh
- chmod 755 postinstall.sh
- bash postinstall.sh ${redmine_ip} ${redmine_version} ${gerrit_ip}

View File

@ -0,0 +1,219 @@
#!/bin/bash
version=2.25
filename=jenkins_${version}_all.deb
redmine_ip=$1
redmine_version=$2
gerrit_ip=$3
apt-get update -y
apt-get install -y openjdk-7-jdk daemon nginx
wget -q -O - https://pkg.jenkins.io/debian/jenkins-ci.org.key | apt-key add -
echo deb http://pkg.jenkins.io/debian binary/ > /etc/apt/sources.list.d/jenkins.list
apt-get update -y
wget http://pkg.jenkins.io/debian/binary/$filename
dpkg -i $filename
rm $filename
rm /etc/nginx/sites-available/default
cat <<EOL > /etc/nginx/sites-available/jenkins
upstream app_server {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 80;
listen [::]:80 default ipv6only=on;
server_name ci.yourcompany.com;
location / {
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header Host \$http_host;
proxy_redirect off;
if (!-f \$request_filename) {
proxy_pass http://app_server;
break;
}
}
}
EOL
ln -s /etc/nginx/sites-available/jenkins /etc/nginx/sites-enabled/
service nginx restart
echo $version > /var/lib/jenkins/jenkins.install.InstallUtil.lastExecVersion
sed -i "s|127.0.0.1 localhost|127.0.0.1 localhost $(hostname)|g" /etc/hosts
# Install plugins
wget http://updates.jenkins-ci.org/latest/redmine.hpi -P /var/lib/jenkins/plugins
wget http://updates.jenkins-ci.org/latest/subversion.hpi -P /var/lib/jenkins/plugins
wget http://updates.jenkins-ci.org/latest/mapdb-api.hpi -P /var/lib/jenkins/plugins
wget http://updates.jenkins-ci.org/latest/credentials.hpi -P /var/lib/jenkins/plugins
wget http://updates.jenkins-ci.org/latest/ssh-credentials.hpi -P /var/lib/jenkins/plugins
wget http://updates.jenkins-ci.org/latest/scm-api.hpi -P /var/lib/jenkins/plugins
wget http://updates.jenkins-ci.org/latest/structs.hpi -P /var/lib/jenkins/plugins
wget http://updates.jenkins-ci.org/latest/workflow-step-api.hpi -P /var/lib/jenkins/plugins
wget http://updates.jenkins-ci.org/latest/workflow-scm-step.hpi -P /var/lib/jenkins/plugins
wget http://updates.jenkins-ci.org/latest/gerrit-trigger.hpi -P /var/lib/jenkins/plugins
apt-get install -y git maven
redmine_oauth_folder=/tmp/redmine-oauth-plugin
git clone https://github.com/mallowlabs/redmine-oauth-plugin.git $redmine_oauth_folder
pushd $redmine_oauth_folder
mvn package
export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/
mv target/redmine-oauth.hpi /var/lib/jenkins/plugins/
popd
cd /var/lib/jenkins/
# Configure Redmine
cat <<EOL > hudson.plugins.redmine.RedmineProjectProperty.xml
<?xml version='1.0' encoding='UTF-8'?>
<hudson.plugins.redmine.RedmineProjectProperty_-DescriptorImpl plugin="redmine@0.15">
<redmineWebsites>
<hudson.plugins.redmine.RedmineWebsiteConfig>
<name>redmine</name>
<baseUrl>http://$redmine_ip/</baseUrl>
<versionNumber>$redmine_version</versionNumber>
</hudson.plugins.redmine.RedmineWebsiteConfig>
</redmineWebsites>
</hudson.plugins.redmine.RedmineProjectProperty_-DescriptorImpl>
EOL
cat <<EOL > gerrit-trigger.xml
<?xml version='1.0' encoding='UTF-8'?>
<com.sonyericsson.hudson.plugins.gerrit.trigger.PluginImpl plugin="gerrit-trigger@2.22.0">
<servers class="java.util.concurrent.CopyOnWriteArrayList">
<com.sonyericsson.hudson.plugins.gerrit.trigger.GerritServer>
<name>gerrit</name>
<noConnectionOnStartup>false</noConnectionOnStartup>
<config class="com.sonyericsson.hudson.plugins.gerrit.trigger.config.Config">
<gerritHostName>$gerrit_ip</gerritHostName>
<gerritSshPort>29418</gerritSshPort>
<gerritProxy></gerritProxy>
<gerritUserName>jenkins</gerritUserName>
<gerritEMail></gerritEMail>
<gerritAuthKeyFile>/var/lib/jenkins/.ssh/id_rsa</gerritAuthKeyFile>
<gerritAuthKeyFilePassword>f+BwOT8JcD9bpti9rVi5OQ==</gerritAuthKeyFilePassword>
<useRestApi>false</useRestApi>
<restCodeReview>false</restCodeReview>
<restVerified>false</restVerified>
<gerritVerifiedCmdBuildSuccessful>gerrit review &lt;CHANGE&gt;,&lt;PATCHSET&gt; --message &apos;Build Successful &lt;BUILDS_STATS&gt;&apos; --verified &lt;VERIFIED&gt; --code-review &lt;CODE_REVIEW&gt;</gerritVerifiedCmdBuildSuccessful>
<gerritVerifiedCmdBuildUnstable>gerrit review &lt;CHANGE&gt;,&lt;PATCHSET&gt; --message &apos;Build Unstable &lt;BUILDS_STATS&gt;&apos; --verified &lt;VERIFIED&gt; --code-review &lt;CODE_REVIEW&gt;</gerritVerifiedCmdBuildUnstable>
<gerritVerifiedCmdBuildFailed>gerrit review &lt;CHANGE&gt;,&lt;PATCHSET&gt; --message &apos;Build Failed &lt;BUILDS_STATS&gt;&apos; --verified &lt;VERIFIED&gt; --code-review &lt;CODE_REVIEW&gt;</gerritVerifiedCmdBuildFailed>
<gerritVerifiedCmdBuildStarted>gerrit review &lt;CHANGE&gt;,&lt;PATCHSET&gt; --message &apos;Build Started &lt;BUILDURL&gt; &lt;STARTED_STATS&gt;&apos; --verified &lt;VERIFIED&gt; --code-review &lt;CODE_REVIEW&gt;</gerritVerifiedCmdBuildStarted>
<gerritVerifiedCmdBuildNotBuilt>gerrit review &lt;CHANGE&gt;,&lt;PATCHSET&gt; --message &apos;No Builds Executed &lt;BUILDS_STATS&gt;&apos; --verified &lt;VERIFIED&gt; --code-review &lt;CODE_REVIEW&gt;</gerritVerifiedCmdBuildNotBuilt>
<gerritFrontEndUrl>http://$gerrit_ip/</gerritFrontEndUrl>
<gerritBuildStartedVerifiedValue>0</gerritBuildStartedVerifiedValue>
<gerritBuildSuccessfulVerifiedValue>1</gerritBuildSuccessfulVerifiedValue>
<gerritBuildFailedVerifiedValue>-1</gerritBuildFailedVerifiedValue>
<gerritBuildUnstableVerifiedValue>0</gerritBuildUnstableVerifiedValue>
<gerritBuildNotBuiltVerifiedValue>0</gerritBuildNotBuiltVerifiedValue>
<gerritBuildStartedCodeReviewValue>0</gerritBuildStartedCodeReviewValue>
<gerritBuildSuccessfulCodeReviewValue>0</gerritBuildSuccessfulCodeReviewValue>
<gerritBuildFailedCodeReviewValue>0</gerritBuildFailedCodeReviewValue>
<gerritBuildUnstableCodeReviewValue>-1</gerritBuildUnstableCodeReviewValue>
<gerritBuildNotBuiltCodeReviewValue>0</gerritBuildNotBuiltCodeReviewValue>
<enableManualTrigger>true</enableManualTrigger>
<enablePluginMessages>true</enablePluginMessages>
<buildScheduleDelay>3</buildScheduleDelay>
<dynamicConfigRefreshInterval>30</dynamicConfigRefreshInterval>
<enableProjectAutoCompletion>true</enableProjectAutoCompletion>
<projectListRefreshInterval>3600</projectListRefreshInterval>
<projectListFetchDelay>0</projectListFetchDelay>
<categories class="linked-list">
<com.sonyericsson.hudson.plugins.gerrit.trigger.VerdictCategory>
<verdictValue>Code-Review</verdictValue>
<verdictDescription>Code Review</verdictDescription>
</com.sonyericsson.hudson.plugins.gerrit.trigger.VerdictCategory>
<com.sonyericsson.hudson.plugins.gerrit.trigger.VerdictCategory>
<verdictValue>Verified</verdictValue>
<verdictDescription>Verified</verdictDescription>
</com.sonyericsson.hudson.plugins.gerrit.trigger.VerdictCategory>
</categories>
<replicationConfig>
<enableReplication>false</enableReplication>
<slaves class="linked-list"/>
<enableSlaveSelectionInJobs>false</enableSlaveSelectionInJobs>
</replicationConfig>
<watchdogTimeoutMinutes>0</watchdogTimeoutMinutes>
<watchTimeExceptionData>
<daysOfWeek/>
<timesOfDay class="linked-list"/>
</watchTimeExceptionData>
<notificationLevel>ALL</notificationLevel>
<buildCurrentPatchesOnly>
<enabled>false</enabled>
<abortNewPatchsets>false</abortNewPatchsets>
<abortManualPatchsets>false</abortManualPatchsets>
</buildCurrentPatchesOnly>
</config>
</com.sonyericsson.hudson.plugins.gerrit.trigger.GerritServer>
</servers>
<pluginConfig>
<numberOfReceivingWorkerThreads>3</numberOfReceivingWorkerThreads>
<numberOfSendingWorkerThreads>1</numberOfSendingWorkerThreads>
<replicationCacheExpirationInMinutes>360</replicationCacheExpirationInMinutes>
</pluginConfig>
</com.sonyericsson.hudson.plugins.gerrit.trigger.PluginImpl>
EOL
cat <<EOL > config.xml
<?xml version='1.0' encoding='UTF-8'?>
<hudson>
<disabledAdministrativeMonitors/>
<version>1.0</version>
<numExecutors>2</numExecutors>
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.AuthorizationStrategy\$Unsecured"/>
<securityRealm class="org.jenkinsci.plugins.RedmineSecurityRealm">
<redmineUrl>http://${redmine_ip}</redmineUrl>
<clientID></clientID>
<clientSecret></clientSecret>
</securityRealm>
<disableRememberMe>false</disableRememberMe>
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy\$DefaultProjectNamingStrategy"/>
<workspaceDir>\${ITEM_ROOTDIR}/workspace</workspaceDir>
<buildsDir>\${ITEM_ROOTDIR}/builds</buildsDir>
<markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
<jdks/>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds/>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<views>
<hudson.model.AllView>
<owner class="hudson" reference="../../.."/>
<name>All</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
<primaryView>All</primaryView>
<slaveAgentPort>0</slaveAgentPort>
<label></label>
<nodeProperties/>
<globalNodeProperties/>
</hudson>
EOL
cat <<EOL > jenkins.security.QueueItemAuthenticatorConfiguration.xml
<?xml version='1.0' encoding='UTF-8'?>
<jenkins.security.QueueItemAuthenticatorConfiguration>
<authenticators/>
</jenkins.security.QueueItemAuthenticatorConfiguration>
EOL
chown jenkins:jenkins -R /var/lib/jenkins/
service jenkins restart
echo false > secrets/slave-to-master-security-kill-switch
service jenkins restart
su jenkins -c "ssh-keygen -b 2048 -t rsa -f /var/lib/jenkins/.ssh/id_rsa -q -N \"\""

11
terraform/cicd/main.tf Normal file
View File

@ -0,0 +1,11 @@
output "gerrit" {
value = "http://${openstack_compute_floatingip_v2.gerrit_floatingip.address}"
}
output "jenkins" {
value = "http://${openstack_compute_floatingip_v2.jenkins_floatingip.address}"
}
output "redmine" {
value = "http://${openstack_compute_floatingip_v2.redmine_floatingip.address}"
}

46
terraform/cicd/network.tf Normal file
View File

@ -0,0 +1,46 @@
resource "openstack_networking_network_v2" "private_network" {
name = "cicd-private"
admin_state_up = "true"
}
resource "openstack_networking_subnet_v2" "private_subnet01" {
name = "cicd-subnet"
network_id = "${openstack_networking_network_v2.private_network.id}"
cidr = "192.168.50.0/24"
ip_version = 4
enable_dhcp = "true"
dns_nameservers = ["8.8.8.8"]
}
resource "openstack_compute_secgroup_v2" "secgroup" {
name = "cicd-secgroup"
description = "Security group for accessing to CI/CD environment"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
rule {
from_port = 80
to_port = 80
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
}
resource "openstack_networking_router_v2" "router" {
name = "cicd-router"
admin_state_up = "true"
external_gateway = "${var.external_gateway}"
}
resource "openstack_networking_router_interface_v2" "router_interface" {
router_id = "${openstack_networking_router_v2.router.id}"
subnet_id = "${openstack_networking_subnet_v2.private_subnet01.id}"
}
resource "openstack_compute_floatingip_v2" "floatingip" {
depends_on = ["openstack_networking_router_interface_v2.router_interface"]
pool = "${var.floating_pool}"
}

47
terraform/cicd/redmine.tf Normal file
View File

@ -0,0 +1,47 @@
resource "openstack_compute_floatingip_v2" "redmine_floatingip" {
depends_on = ["openstack_networking_router_interface_v2.router_interface"]
pool = "${var.floating_pool}"
}
# Template for redmine webserver installation
data "template_file" "redmine_web_postinstall_script" {
template = "${file("redmine_web.tpl")}"
vars {
version = "${var.redmine_version}"
redmine_db_ip = "${openstack_compute_instance_v2.redmine_db.network.0.fixed_ip_v4}"
redmine_db_password = "${var.redmine_db_password}"
}
}
resource "openstack_compute_instance_v2" "redmine" {
depends_on = ["openstack_compute_instance_v2.redmine_db"]
name = "redmine"
image_name = "${var.image}"
flavor_name = "${var.flavor}"
security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ]
floating_ip = "${openstack_compute_floatingip_v2.redmine_floatingip.address}"
user_data = "${data.template_file.redmine_web_postinstall_script.rendered}"
network {
uuid = "${openstack_networking_network_v2.private_network.id}"
}
}
# Template for redmine database installation
data "template_file" "redmine_db_postinstall_script" {
template = "${file("redmine_db.tpl")}"
vars {
root_db_password = "${var.root_db_password}"
redmine_db_password = "${var.redmine_db_password}"
}
}
resource "openstack_compute_instance_v2" "redmine_db" {
name = "redmine-db"
image_name = "${var.image}"
flavor_name = "${var.flavor}"
user_data = "${data.template_file.redmine_db_postinstall_script.rendered}"
network {
uuid = "${openstack_networking_network_v2.private_network.id}"
}
}

View File

@ -0,0 +1,21 @@
#!/bin/bash
ROOT_DBPASS=$1
REDMINE_DBPASS=$2
# 0. Install dependencies
apt-get update -y
apt-get upgrade -y
# 2. Create an empty database and accompanying user
debconf-set-selections <<< "mysql-server mysql-server/root_password password ${ROOT_DBPASS}"
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password ${ROOT_DBPASS}"
apt-get install -y mariadb-server
mysql -uroot -p${ROOT_DBPASS} -e "CREATE DATABASE redmine CHARACTER SET utf8;"
mysql -uroot -p${ROOT_DBPASS} -e "GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'%' IDENTIFIED BY '${REDMINE_DBPASS}';";
sed -i "s|127.0.0.1|0.0.0.0|g" /etc/mysql/my.cnf
service mysql restart
sleep 5
echo -e "${ROOT_DBPASS}\nn\nY\nY\nY\n" | mysql_secure_installation

View File

@ -0,0 +1,100 @@
#!/bin/bash
version=$1
redmine_db_ip=$2
REDMINE_DBPASS=$3
export REDMINE_LANG=en
output_folder=/opt/redmine
redmine_folder=$output_folder/redmine-$version
bootstrap_plugin_version=0.2.4
jenkins_plugin_version=1.0.1
oauth_provider=0.0.5
# 0. Install dependencies
apt-get update -y
apt-get upgrade -y
apt-get install -y rubygems-integration ruby-dev libmysqlclient-dev build-essential libcurl4-openssl-dev
# 1. Redmine application
mkdir $output_folder
wget -O /tmp/redmine.tar.gz http://www.redmine.org/releases/redmine-$version.tar.gz
tar xzf /tmp/redmine.tar.gz -C $output_folder
cd $redmine_folder
# 3. Database connection configuration
cat <<EOL > config/database.yml
production:
adapter: mysql2
database: redmine
host: ${redmine_db_ip}
username: redmine
password: "${REDMINE_DBPASS}"
encoding: utf8
EOL
# 4. Dependencies installation
gem install bundler
bundle install --without development test rmagick
# 5. Session store secret generation
bundle exec rake generate_secret_token
# 6. Database schema objects creation
RAILS_ENV=production bundle exec rake db:migrate
# 7. Database default data set
RAILS_ENV=production bundle exec rake redmine:load_default_data
# 8. File system permissions
mkdir -p tmp tmp/pdf public/plugin_assets
useradd redmine
chown -R redmine:redmine files log tmp public/plugin_assets
chmod -R 755 files log tmp public/plugin_assets
# 9. Install Passenger packages
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
apt-get install -y apt-transport-https ca-certificates
echo 'deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main' > /etc/apt/sources.list.d/passenger.list
apt-get update
apt-get install -y nginx-extras passenger
sed -i "s|# include /etc/nginx/passenger.conf;|include /etc/nginx/passenger.conf;|g" /etc/nginx/nginx.conf
# 10. Configure Nginx
cat <<EOL > /etc/nginx/sites-available/redmine
server {
listen 80;
server_name www.redmine.me;
root $redmine_folder/public;
passenger_enabled on;
client_max_body_size 10m; # Max attachemnt size
}
EOL
ln -s /etc/nginx/sites-available/redmine /etc/nginx/sites-enabled/redmine
rm /etc/nginx/sites-enabled/default
# Configure jenkins plugin and their dependencies
apt-get install -y git
cd ${redmine_folder}/plugins
git clone https://github.com/jbox-web/redmine_bootstrap_kit.git
pushd redmine_bootstrap_kit/
git checkout tags/${bootstrap_plugin_version}
popd
git clone https://github.com/jbox-web/redmine_jenkins.git
pushd redmine_jenkins/
git checkout tags/${jenkins_plugin_version}
popd
git clone https://github.com/suer/redmine_oauth_provider.git
pushd redmine_oauth_provider
git checkout tags/${oauth_provider}
popd
bundle install --without development test
bundle exec rake redmine:plugins:migrate RAILS_ENV=production
chown -R redmine:redmine ${redmine_folder}
service nginx restart

View File

@ -0,0 +1,15 @@
#cloud-config
ssh_pwauth: true
users:
- name: cicd
passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/
lock_passwd: False
sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
shell: /bin/bash
runcmd:
- wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/redmine/postinstall_db.sh
- chmod 755 postinstall_db.sh
- bash postinstall_db.sh ${root_db_password} ${redmine_db_password}

View File

@ -0,0 +1,15 @@
#cloud-config
ssh_pwauth: true
users:
- name: cicd
passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/
lock_passwd: False
sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
shell: /bin/bash
runcmd:
- wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/redmine/postinstall_web.sh
- chmod 755 postinstall_web.sh
- bash postinstall_web.sh ${version} ${redmine_db_ip} ${redmine_db_password}

View File

@ -0,0 +1,28 @@
variable "image" {
default = "ubuntu-14.04-cloud"
}
variable "flavor" {
default = "m2.large"
}
variable "external_gateway" {
default = "7004a83a-13d3-4dcd-8cf5-52af1ace4cae"
}
variable "floating_pool" {
default = "GATEWAY_NET"
}
# Redmine Configuration values
variable "redmine_version" {
default = "3.3.0"
}
variable "root_db_password"{
default = "secure"
}
variable "redmine_db_password"{
default = "secure"
}