Add CI/CD terraform scripts
Change-Id: I791c9c50c70fcf41077c0c5125bce2b534be51c7
This commit is contained in:
parent
cd39e063d8
commit
1d4aa339a9
|
@ -0,0 +1,3 @@
|
|||
terraform.tfstate*
|
||||
openrc
|
||||
.vagrant/
|
|
@ -0,0 +1,73 @@
|
|||
CI/CD for everyone else
|
||||
=======================
|
||||
|
||||
This Terraform project pretends to provision all the OpenStack resources for a Development Infrastructure required for Applications that uses Continuous Integration and Continuos Delivery software cycle.
|
||||
|
||||
# Requirements:
|
||||
|
||||
- [Install Terraform] (https://www.terraform.io/intro/getting-started/install.html)
|
||||
- Customize according to your OpenStack Provider
|
||||
|
||||
## General OpenStack settings
|
||||
|
||||
Terraform OpenStack provider needs environment variables to be set
|
||||
before you can run the scripts. In general, you can simply export OS
|
||||
environment variables like the following:
|
||||
|
||||
```
|
||||
export OS_TENANT_NAME=osic-engineering
|
||||
export OS_AUTH_URL=https://cloud1.osic.org:5000/v2.0
|
||||
export OS_DOMAIN_NAME=Default
|
||||
export OS_REGION_NAME=RegionOne
|
||||
export OS_PASSWORD=secret
|
||||
export OS_USERNAME=demo
|
||||
```
|
||||
Those values depend on the OpenStack Cloud provider.
|
||||
|
||||
## Steps for execution:
|
||||
|
||||
```
|
||||
$ git clone https://github.com/electrocucaracha/terraform-cicd.git
|
||||
$ cd terraform-cicd
|
||||
$ terraform apply
|
||||
...
|
||||
Apply complete! Resources: 13 added, 0 changed, 0 destroyed.
|
||||
...
|
||||
Outputs:
|
||||
|
||||
gerrit = http://10.0.0.1
|
||||
jenkins = http://10.0.0.2
|
||||
redmine = http://10.0.0.3
|
||||
```
|
||||
|
||||
## Post-configuration
|
||||
|
||||
### Redmine Security Realm (authentication):
|
||||
|
||||
First you need to get consumer key/secret from Redmine OAuth Provider Plugin.
|
||||
|
||||
1. Log into your Redmine account.
|
||||
2. Access to [YOUR_REDMINE_HOST]/oauth_clients
|
||||
3. Click the **Register your application** link.
|
||||
4. The system requests the following information:
|
||||
* **Name** is required. For example, input Jenkins
|
||||
* **Main Application URL** is required. For example, input your jenkins url.
|
||||
* **Callback URL** is required. For example, input [YOUR_JENKINS_HOST]/securityRealm/finishLogin
|
||||
* **Support URL** is not required.
|
||||
5. Press **Register**.
|
||||
The system generates a key and a secret for you.
|
||||
Toggle the consumer name to see the generated Key and Secret value for your consumer.
|
||||
|
||||
Second, you need to configure your Jenkins.
|
||||
|
||||
1. Open Jenkins **Configure System** page.
|
||||
2. Check **Enable security**.
|
||||
3. Select **Redmine OAuth Plugin** in **Security Realm**.
|
||||
4. Input your Redmine Url to **Redmine Url**.
|
||||
5. Input your Consumer Key to **Client ID**.
|
||||
6. Input your Consumer Secret to **Client Secret**.
|
||||
7. Click **Save** button.
|
||||
|
||||
## Destroy:
|
||||
|
||||
terraform destroy
|
|
@ -0,0 +1,55 @@
|
|||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
# All Vagrant configuration is done below. The "2" in Vagrant.configure
|
||||
# configures the configuration version (we support older styles for
|
||||
# backwards compatibility). Please don't change it unless you know what
|
||||
# you're doing.
|
||||
Vagrant.configure("2") do |config|
|
||||
config.vm.box = "sputnik13/trusty64"
|
||||
|
||||
config.vm.define :redmine_db do |redmine_db|
|
||||
redmine_db.vm.hostname = 'redmine-db'
|
||||
redmine_db.vm.network :private_network, ip: '192.168.50.2'
|
||||
redmine_db.vm.provider "virtualbox" do |v|
|
||||
v.customize ["modifyvm", :id, "--memory", 1 * 1024]
|
||||
end
|
||||
redmine_db.vm.provision 'shell' do |s|
|
||||
s.path = 'redmine/postinstall_db.sh'
|
||||
s.args = ['root_password', 'redmine_password']
|
||||
end
|
||||
end
|
||||
config.vm.define :redmine_web do |redmine_web|
|
||||
redmine_web.vm.hostname = 'redmine'
|
||||
redmine_web.vm.network :private_network, ip: '192.168.50.3'
|
||||
redmine_web.vm.provider "virtualbox" do |v|
|
||||
v.customize ["modifyvm", :id, "--memory", 2 * 1024]
|
||||
end
|
||||
redmine_web.vm.provision 'shell' do |s|
|
||||
s.path = 'redmine/postinstall_web.sh'
|
||||
s.args = ['3.3.0', '192.168.50.2', 'redmine_password']
|
||||
end
|
||||
end
|
||||
config.vm.define :gerrit do |gerrit|
|
||||
gerrit.vm.hostname = "gerrit"
|
||||
gerrit.vm.network :private_network, ip: '192.168.50.5'
|
||||
gerrit.vm.provider "virtualbox" do |v|
|
||||
v.customize ["modifyvm", :id, "--memory", 1 * 1024]
|
||||
end
|
||||
gerrit.vm.provision 'shell' do |s|
|
||||
s.path = 'gerrit/postinstall.sh'
|
||||
s.args = ['127.0.0.1']
|
||||
end
|
||||
end
|
||||
config.vm.define :jenkins do |jenkins|
|
||||
jenkins.vm.hostname = "jenkins"
|
||||
jenkins.vm.network :private_network, ip: '192.168.50.6'
|
||||
jenkins.vm.provider "virtualbox" do |v|
|
||||
v.customize ["modifyvm", :id, "--memory", 1 * 1024]
|
||||
end
|
||||
jenkins.vm.provision 'shell' do |s|
|
||||
s.path = 'jenkins/postinstall.sh'
|
||||
s.args = ['192.168.50.3', '3.3.0', '192.168.50.5']
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,25 @@
|
|||
resource "openstack_compute_floatingip_v2" "gerrit_floatingip" {
|
||||
depends_on = ["openstack_networking_router_interface_v2.router_interface"]
|
||||
pool = "${var.floating_pool}"
|
||||
}
|
||||
|
||||
# Template for gerrit installation
|
||||
data "template_file" "gerrit_postinstall_script" {
|
||||
template = "${file("gerrit.tpl")}"
|
||||
vars {
|
||||
password = "secure"
|
||||
}
|
||||
}
|
||||
|
||||
resource "openstack_compute_instance_v2" "gerrit" {
|
||||
name = "gerrit"
|
||||
image_name = "${var.image}"
|
||||
flavor_name = "${var.flavor}"
|
||||
security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ]
|
||||
floating_ip = "${openstack_compute_floatingip_v2.gerrit_floatingip.address}"
|
||||
user_data = "${data.template_file.gerrit_postinstall_script.rendered}"
|
||||
|
||||
network {
|
||||
uuid = "${openstack_networking_network_v2.private_network.id}"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
#cloud-config
|
||||
|
||||
ssh_pwauth: true
|
||||
|
||||
users:
|
||||
- name: cicd
|
||||
passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/
|
||||
lock_passwd: False
|
||||
sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
|
||||
shell: /bin/bash
|
||||
|
||||
runcmd:
|
||||
- wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/gerrit/postinstall.sh
|
||||
- chmod 755 postinstall.sh
|
||||
- bash postinstall.sh
|
|
@ -0,0 +1,93 @@
|
|||
#!/bin/bash
|
||||
|
||||
ROOT_DBPASS=secure
|
||||
GERRIT_DBPASS=secure
|
||||
gerrit_version=2.12.4
|
||||
deployment_folder=/opt/gerrit
|
||||
|
||||
# 1. Configure Java for Strong Cryptography
|
||||
apt-get update -y
|
||||
apt-get install software-properties-common -y
|
||||
add-apt-repository ppa:webupd8team/java -y
|
||||
apt-get update -y
|
||||
|
||||
echo debconf shared/accepted-oracle-license-v1-1 select true | debconf-set-selections
|
||||
echo debconf shared/accepted-oracle-license-v1-1 seen true | debconf-set-selections
|
||||
|
||||
apt-get install -y oracle-java8-set-default oracle-java8-unlimited-jce-policy
|
||||
|
||||
# 2. Download Gerrit
|
||||
wget https://www.gerritcodereview.com/download/gerrit-${gerrit_version}.war
|
||||
|
||||
# 3. Database Setup
|
||||
debconf-set-selections <<< "mysql-server mysql-server/root_password password ${ROOT_DBPASS}"
|
||||
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password ${ROOT_DBPASS}"
|
||||
apt-get install -y mariadb-server
|
||||
|
||||
mysql -uroot -p${ROOT_DBPASS} -e "CREATE DATABASE reviewdb;"
|
||||
mysql -uroot -p${ROOT_DBPASS} -e "GRANT ALL PRIVILEGES ON reviewdb.* TO 'gerrit'@'localhost' IDENTIFIED BY '${GERRIT_DBPASS}';";
|
||||
|
||||
# 4. Initialize the Site
|
||||
useradd gerrit
|
||||
echo "gerrit:${GERRIT_DBPASS}"| chpasswd
|
||||
mkdir -p ${deployment_folder}/etc/
|
||||
cat <<EOL > ${deployment_folder}/etc/gerrit.config
|
||||
[gerrit]
|
||||
basePath = localhost
|
||||
canonicalWebUrl = http://${HOSTNAME}
|
||||
[database]
|
||||
type = mysql
|
||||
hostname = localhost
|
||||
database = reviewdb
|
||||
username = gerrit
|
||||
password = ${GERRIT_DBPASS}
|
||||
[index]
|
||||
type = LUCENE
|
||||
[auth]
|
||||
type = DEVELOPMENT_BECOME_ANY_ACCOUNT
|
||||
[receive]
|
||||
enableSignedPush = true
|
||||
[sendemail]
|
||||
smtpServer = localhost
|
||||
[container]
|
||||
user = root
|
||||
javaHome = /usr/lib/jvm/java-8-oracle/jre
|
||||
[sshd]
|
||||
listenAddress = *:29418
|
||||
[httpd]
|
||||
listenUrl = proxy-http://*:8080/
|
||||
[cache]
|
||||
directory = cache
|
||||
EOL
|
||||
|
||||
apt-get install -y gitweb
|
||||
|
||||
java -jar gerrit-${gerrit_version}.war init -d ${deployment_folder} --batch
|
||||
# The second time downloads bcpkix jar
|
||||
java -jar gerrit-${gerrit_version}.war init -d ${deployment_folder} --batch
|
||||
java -jar gerrit-${gerrit_version}.war reindex -d ${deployment_folder}
|
||||
|
||||
ln -snf ${deployment_folder}/bin/gerrit.sh /etc/init.d/gerrit
|
||||
ln -snf /etc/init.d/gerrit /etc/rc3.d/S90gerrit
|
||||
|
||||
cat <<EOL > /etc/default/gerritcodereview
|
||||
GERRIT_SITE=${deployment_folder}
|
||||
EOL
|
||||
|
||||
service gerrit start
|
||||
|
||||
a2enmod proxy
|
||||
a2enmod proxy_http
|
||||
|
||||
cat <<EOL > /etc/apache2/sites-available/000-default.conf
|
||||
<VirtualHost *:80>
|
||||
ProxyPreserveHost On
|
||||
|
||||
<Location />
|
||||
ProxyPass http://0.0.0.0:8080/
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Location>
|
||||
</VirtualHost>
|
||||
EOL
|
||||
service apache2 restart
|
|
@ -0,0 +1,27 @@
|
|||
resource "openstack_compute_floatingip_v2" "jenkins_floatingip" {
|
||||
depends_on = ["openstack_networking_router_interface_v2.router_interface"]
|
||||
pool = "${var.floating_pool}"
|
||||
}
|
||||
|
||||
# Template for jenkins installation
|
||||
data "template_file" "jenkins_postinstall_script" {
|
||||
template = "${file("jenkins.tpl")}"
|
||||
vars {
|
||||
redmine_ip = "${openstack_compute_floatingip_v2.redmine_floatingip.address}"
|
||||
redmine_version = "${var.redmine_version}"
|
||||
gerrit_ip = "${openstack_compute_floatingip_v2.gerrit_floatingip.address}"
|
||||
}
|
||||
}
|
||||
|
||||
resource "openstack_compute_instance_v2" "jenkins" {
|
||||
name = "jenkins"
|
||||
image_name = "${var.image}"
|
||||
flavor_name = "${var.flavor}"
|
||||
security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ]
|
||||
floating_ip = "${openstack_compute_floatingip_v2.jenkins_floatingip.address}"
|
||||
user_data = "${data.template_file.jenkins_postinstall_script.rendered}"
|
||||
|
||||
network {
|
||||
uuid = "${openstack_networking_network_v2.private_network.id}"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
#cloud-config
|
||||
|
||||
ssh_pwauth: true
|
||||
|
||||
users:
|
||||
- name: cicd
|
||||
passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/
|
||||
lock_passwd: False
|
||||
sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
|
||||
shell: /bin/bash
|
||||
|
||||
runcmd:
|
||||
- wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/jenkins/postinstall.sh
|
||||
- chmod 755 postinstall.sh
|
||||
- bash postinstall.sh ${redmine_ip} ${redmine_version} ${gerrit_ip}
|
|
@ -0,0 +1,219 @@
|
|||
#!/bin/bash
|
||||
|
||||
version=2.25
|
||||
filename=jenkins_${version}_all.deb
|
||||
|
||||
redmine_ip=$1
|
||||
redmine_version=$2
|
||||
gerrit_ip=$3
|
||||
|
||||
apt-get update -y
|
||||
apt-get install -y openjdk-7-jdk daemon nginx
|
||||
wget -q -O - https://pkg.jenkins.io/debian/jenkins-ci.org.key | apt-key add -
|
||||
echo deb http://pkg.jenkins.io/debian binary/ > /etc/apt/sources.list.d/jenkins.list
|
||||
apt-get update -y
|
||||
wget http://pkg.jenkins.io/debian/binary/$filename
|
||||
dpkg -i $filename
|
||||
rm $filename
|
||||
|
||||
rm /etc/nginx/sites-available/default
|
||||
cat <<EOL > /etc/nginx/sites-available/jenkins
|
||||
upstream app_server {
|
||||
server 127.0.0.1:8080 fail_timeout=0;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80 default ipv6only=on;
|
||||
server_name ci.yourcompany.com;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host \$http_host;
|
||||
proxy_redirect off;
|
||||
|
||||
if (!-f \$request_filename) {
|
||||
proxy_pass http://app_server;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
EOL
|
||||
|
||||
ln -s /etc/nginx/sites-available/jenkins /etc/nginx/sites-enabled/
|
||||
service nginx restart
|
||||
|
||||
echo $version > /var/lib/jenkins/jenkins.install.InstallUtil.lastExecVersion
|
||||
sed -i "s|127.0.0.1 localhost|127.0.0.1 localhost $(hostname)|g" /etc/hosts
|
||||
|
||||
# Install plugins
|
||||
|
||||
wget http://updates.jenkins-ci.org/latest/redmine.hpi -P /var/lib/jenkins/plugins
|
||||
wget http://updates.jenkins-ci.org/latest/subversion.hpi -P /var/lib/jenkins/plugins
|
||||
wget http://updates.jenkins-ci.org/latest/mapdb-api.hpi -P /var/lib/jenkins/plugins
|
||||
wget http://updates.jenkins-ci.org/latest/credentials.hpi -P /var/lib/jenkins/plugins
|
||||
wget http://updates.jenkins-ci.org/latest/ssh-credentials.hpi -P /var/lib/jenkins/plugins
|
||||
wget http://updates.jenkins-ci.org/latest/scm-api.hpi -P /var/lib/jenkins/plugins
|
||||
wget http://updates.jenkins-ci.org/latest/structs.hpi -P /var/lib/jenkins/plugins
|
||||
wget http://updates.jenkins-ci.org/latest/workflow-step-api.hpi -P /var/lib/jenkins/plugins
|
||||
wget http://updates.jenkins-ci.org/latest/workflow-scm-step.hpi -P /var/lib/jenkins/plugins
|
||||
|
||||
wget http://updates.jenkins-ci.org/latest/gerrit-trigger.hpi -P /var/lib/jenkins/plugins
|
||||
|
||||
apt-get install -y git maven
|
||||
redmine_oauth_folder=/tmp/redmine-oauth-plugin
|
||||
git clone https://github.com/mallowlabs/redmine-oauth-plugin.git $redmine_oauth_folder
|
||||
pushd $redmine_oauth_folder
|
||||
mvn package
|
||||
export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/
|
||||
mv target/redmine-oauth.hpi /var/lib/jenkins/plugins/
|
||||
popd
|
||||
|
||||
|
||||
cd /var/lib/jenkins/
|
||||
# Configure Redmine
|
||||
cat <<EOL > hudson.plugins.redmine.RedmineProjectProperty.xml
|
||||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<hudson.plugins.redmine.RedmineProjectProperty_-DescriptorImpl plugin="redmine@0.15">
|
||||
<redmineWebsites>
|
||||
<hudson.plugins.redmine.RedmineWebsiteConfig>
|
||||
<name>redmine</name>
|
||||
<baseUrl>http://$redmine_ip/</baseUrl>
|
||||
<versionNumber>$redmine_version</versionNumber>
|
||||
</hudson.plugins.redmine.RedmineWebsiteConfig>
|
||||
</redmineWebsites>
|
||||
</hudson.plugins.redmine.RedmineProjectProperty_-DescriptorImpl>
|
||||
EOL
|
||||
|
||||
cat <<EOL > gerrit-trigger.xml
|
||||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<com.sonyericsson.hudson.plugins.gerrit.trigger.PluginImpl plugin="gerrit-trigger@2.22.0">
|
||||
<servers class="java.util.concurrent.CopyOnWriteArrayList">
|
||||
<com.sonyericsson.hudson.plugins.gerrit.trigger.GerritServer>
|
||||
<name>gerrit</name>
|
||||
<noConnectionOnStartup>false</noConnectionOnStartup>
|
||||
<config class="com.sonyericsson.hudson.plugins.gerrit.trigger.config.Config">
|
||||
<gerritHostName>$gerrit_ip</gerritHostName>
|
||||
<gerritSshPort>29418</gerritSshPort>
|
||||
<gerritProxy></gerritProxy>
|
||||
<gerritUserName>jenkins</gerritUserName>
|
||||
<gerritEMail></gerritEMail>
|
||||
<gerritAuthKeyFile>/var/lib/jenkins/.ssh/id_rsa</gerritAuthKeyFile>
|
||||
<gerritAuthKeyFilePassword>f+BwOT8JcD9bpti9rVi5OQ==</gerritAuthKeyFilePassword>
|
||||
<useRestApi>false</useRestApi>
|
||||
<restCodeReview>false</restCodeReview>
|
||||
<restVerified>false</restVerified>
|
||||
<gerritVerifiedCmdBuildSuccessful>gerrit review <CHANGE>,<PATCHSET> --message 'Build Successful <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW></gerritVerifiedCmdBuildSuccessful>
|
||||
<gerritVerifiedCmdBuildUnstable>gerrit review <CHANGE>,<PATCHSET> --message 'Build Unstable <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW></gerritVerifiedCmdBuildUnstable>
|
||||
<gerritVerifiedCmdBuildFailed>gerrit review <CHANGE>,<PATCHSET> --message 'Build Failed <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW></gerritVerifiedCmdBuildFailed>
|
||||
<gerritVerifiedCmdBuildStarted>gerrit review <CHANGE>,<PATCHSET> --message 'Build Started <BUILDURL> <STARTED_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW></gerritVerifiedCmdBuildStarted>
|
||||
<gerritVerifiedCmdBuildNotBuilt>gerrit review <CHANGE>,<PATCHSET> --message 'No Builds Executed <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW></gerritVerifiedCmdBuildNotBuilt>
|
||||
<gerritFrontEndUrl>http://$gerrit_ip/</gerritFrontEndUrl>
|
||||
<gerritBuildStartedVerifiedValue>0</gerritBuildStartedVerifiedValue>
|
||||
<gerritBuildSuccessfulVerifiedValue>1</gerritBuildSuccessfulVerifiedValue>
|
||||
<gerritBuildFailedVerifiedValue>-1</gerritBuildFailedVerifiedValue>
|
||||
<gerritBuildUnstableVerifiedValue>0</gerritBuildUnstableVerifiedValue>
|
||||
<gerritBuildNotBuiltVerifiedValue>0</gerritBuildNotBuiltVerifiedValue>
|
||||
<gerritBuildStartedCodeReviewValue>0</gerritBuildStartedCodeReviewValue>
|
||||
<gerritBuildSuccessfulCodeReviewValue>0</gerritBuildSuccessfulCodeReviewValue>
|
||||
<gerritBuildFailedCodeReviewValue>0</gerritBuildFailedCodeReviewValue>
|
||||
<gerritBuildUnstableCodeReviewValue>-1</gerritBuildUnstableCodeReviewValue>
|
||||
<gerritBuildNotBuiltCodeReviewValue>0</gerritBuildNotBuiltCodeReviewValue>
|
||||
<enableManualTrigger>true</enableManualTrigger>
|
||||
<enablePluginMessages>true</enablePluginMessages>
|
||||
<buildScheduleDelay>3</buildScheduleDelay>
|
||||
<dynamicConfigRefreshInterval>30</dynamicConfigRefreshInterval>
|
||||
<enableProjectAutoCompletion>true</enableProjectAutoCompletion>
|
||||
<projectListRefreshInterval>3600</projectListRefreshInterval>
|
||||
<projectListFetchDelay>0</projectListFetchDelay>
|
||||
<categories class="linked-list">
|
||||
<com.sonyericsson.hudson.plugins.gerrit.trigger.VerdictCategory>
|
||||
<verdictValue>Code-Review</verdictValue>
|
||||
<verdictDescription>Code Review</verdictDescription>
|
||||
</com.sonyericsson.hudson.plugins.gerrit.trigger.VerdictCategory>
|
||||
<com.sonyericsson.hudson.plugins.gerrit.trigger.VerdictCategory>
|
||||
<verdictValue>Verified</verdictValue>
|
||||
<verdictDescription>Verified</verdictDescription>
|
||||
</com.sonyericsson.hudson.plugins.gerrit.trigger.VerdictCategory>
|
||||
</categories>
|
||||
<replicationConfig>
|
||||
<enableReplication>false</enableReplication>
|
||||
<slaves class="linked-list"/>
|
||||
<enableSlaveSelectionInJobs>false</enableSlaveSelectionInJobs>
|
||||
</replicationConfig>
|
||||
<watchdogTimeoutMinutes>0</watchdogTimeoutMinutes>
|
||||
<watchTimeExceptionData>
|
||||
<daysOfWeek/>
|
||||
<timesOfDay class="linked-list"/>
|
||||
</watchTimeExceptionData>
|
||||
<notificationLevel>ALL</notificationLevel>
|
||||
<buildCurrentPatchesOnly>
|
||||
<enabled>false</enabled>
|
||||
<abortNewPatchsets>false</abortNewPatchsets>
|
||||
<abortManualPatchsets>false</abortManualPatchsets>
|
||||
</buildCurrentPatchesOnly>
|
||||
</config>
|
||||
</com.sonyericsson.hudson.plugins.gerrit.trigger.GerritServer>
|
||||
</servers>
|
||||
<pluginConfig>
|
||||
<numberOfReceivingWorkerThreads>3</numberOfReceivingWorkerThreads>
|
||||
<numberOfSendingWorkerThreads>1</numberOfSendingWorkerThreads>
|
||||
<replicationCacheExpirationInMinutes>360</replicationCacheExpirationInMinutes>
|
||||
</pluginConfig>
|
||||
</com.sonyericsson.hudson.plugins.gerrit.trigger.PluginImpl>
|
||||
EOL
|
||||
|
||||
cat <<EOL > config.xml
|
||||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<hudson>
|
||||
<disabledAdministrativeMonitors/>
|
||||
<version>1.0</version>
|
||||
<numExecutors>2</numExecutors>
|
||||
<mode>NORMAL</mode>
|
||||
<useSecurity>true</useSecurity>
|
||||
<authorizationStrategy class="hudson.security.AuthorizationStrategy\$Unsecured"/>
|
||||
<securityRealm class="org.jenkinsci.plugins.RedmineSecurityRealm">
|
||||
<redmineUrl>http://${redmine_ip}</redmineUrl>
|
||||
<clientID></clientID>
|
||||
<clientSecret></clientSecret>
|
||||
</securityRealm>
|
||||
<disableRememberMe>false</disableRememberMe>
|
||||
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy\$DefaultProjectNamingStrategy"/>
|
||||
<workspaceDir>\${ITEM_ROOTDIR}/workspace</workspaceDir>
|
||||
<buildsDir>\${ITEM_ROOTDIR}/builds</buildsDir>
|
||||
<markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
|
||||
<jdks/>
|
||||
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
|
||||
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
|
||||
<clouds/>
|
||||
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
|
||||
<views>
|
||||
<hudson.model.AllView>
|
||||
<owner class="hudson" reference="../../.."/>
|
||||
<name>All</name>
|
||||
<filterExecutors>false</filterExecutors>
|
||||
<filterQueue>false</filterQueue>
|
||||
<properties class="hudson.model.View$PropertyList"/>
|
||||
</hudson.model.AllView>
|
||||
</views>
|
||||
<primaryView>All</primaryView>
|
||||
<slaveAgentPort>0</slaveAgentPort>
|
||||
<label></label>
|
||||
<nodeProperties/>
|
||||
<globalNodeProperties/>
|
||||
</hudson>
|
||||
EOL
|
||||
|
||||
cat <<EOL > jenkins.security.QueueItemAuthenticatorConfiguration.xml
|
||||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<jenkins.security.QueueItemAuthenticatorConfiguration>
|
||||
<authenticators/>
|
||||
</jenkins.security.QueueItemAuthenticatorConfiguration>
|
||||
EOL
|
||||
|
||||
chown jenkins:jenkins -R /var/lib/jenkins/
|
||||
service jenkins restart
|
||||
echo false > secrets/slave-to-master-security-kill-switch
|
||||
service jenkins restart
|
||||
|
||||
su jenkins -c "ssh-keygen -b 2048 -t rsa -f /var/lib/jenkins/.ssh/id_rsa -q -N \"\""
|
|
@ -0,0 +1,11 @@
|
|||
output "gerrit" {
|
||||
value = "http://${openstack_compute_floatingip_v2.gerrit_floatingip.address}"
|
||||
}
|
||||
|
||||
output "jenkins" {
|
||||
value = "http://${openstack_compute_floatingip_v2.jenkins_floatingip.address}"
|
||||
}
|
||||
|
||||
output "redmine" {
|
||||
value = "http://${openstack_compute_floatingip_v2.redmine_floatingip.address}"
|
||||
}
|
|
@ -0,0 +1,46 @@
|
|||
resource "openstack_networking_network_v2" "private_network" {
|
||||
name = "cicd-private"
|
||||
admin_state_up = "true"
|
||||
}
|
||||
|
||||
resource "openstack_networking_subnet_v2" "private_subnet01" {
|
||||
name = "cicd-subnet"
|
||||
network_id = "${openstack_networking_network_v2.private_network.id}"
|
||||
cidr = "192.168.50.0/24"
|
||||
ip_version = 4
|
||||
enable_dhcp = "true"
|
||||
dns_nameservers = ["8.8.8.8"]
|
||||
}
|
||||
|
||||
resource "openstack_compute_secgroup_v2" "secgroup" {
|
||||
name = "cicd-secgroup"
|
||||
description = "Security group for accessing to CI/CD environment"
|
||||
rule {
|
||||
from_port = 22
|
||||
to_port = 22
|
||||
ip_protocol = "tcp"
|
||||
cidr = "0.0.0.0/0"
|
||||
}
|
||||
rule {
|
||||
from_port = 80
|
||||
to_port = 80
|
||||
ip_protocol = "tcp"
|
||||
cidr = "0.0.0.0/0"
|
||||
}
|
||||
}
|
||||
|
||||
resource "openstack_networking_router_v2" "router" {
|
||||
name = "cicd-router"
|
||||
admin_state_up = "true"
|
||||
external_gateway = "${var.external_gateway}"
|
||||
}
|
||||
|
||||
resource "openstack_networking_router_interface_v2" "router_interface" {
|
||||
router_id = "${openstack_networking_router_v2.router.id}"
|
||||
subnet_id = "${openstack_networking_subnet_v2.private_subnet01.id}"
|
||||
}
|
||||
|
||||
resource "openstack_compute_floatingip_v2" "floatingip" {
|
||||
depends_on = ["openstack_networking_router_interface_v2.router_interface"]
|
||||
pool = "${var.floating_pool}"
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
resource "openstack_compute_floatingip_v2" "redmine_floatingip" {
|
||||
depends_on = ["openstack_networking_router_interface_v2.router_interface"]
|
||||
pool = "${var.floating_pool}"
|
||||
}
|
||||
|
||||
# Template for redmine webserver installation
|
||||
data "template_file" "redmine_web_postinstall_script" {
|
||||
template = "${file("redmine_web.tpl")}"
|
||||
vars {
|
||||
version = "${var.redmine_version}"
|
||||
redmine_db_ip = "${openstack_compute_instance_v2.redmine_db.network.0.fixed_ip_v4}"
|
||||
redmine_db_password = "${var.redmine_db_password}"
|
||||
}
|
||||
}
|
||||
|
||||
resource "openstack_compute_instance_v2" "redmine" {
|
||||
depends_on = ["openstack_compute_instance_v2.redmine_db"]
|
||||
name = "redmine"
|
||||
image_name = "${var.image}"
|
||||
flavor_name = "${var.flavor}"
|
||||
security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ]
|
||||
floating_ip = "${openstack_compute_floatingip_v2.redmine_floatingip.address}"
|
||||
user_data = "${data.template_file.redmine_web_postinstall_script.rendered}"
|
||||
network {
|
||||
uuid = "${openstack_networking_network_v2.private_network.id}"
|
||||
}
|
||||
}
|
||||
|
||||
# Template for redmine database installation
|
||||
data "template_file" "redmine_db_postinstall_script" {
|
||||
template = "${file("redmine_db.tpl")}"
|
||||
vars {
|
||||
root_db_password = "${var.root_db_password}"
|
||||
redmine_db_password = "${var.redmine_db_password}"
|
||||
}
|
||||
}
|
||||
|
||||
resource "openstack_compute_instance_v2" "redmine_db" {
|
||||
name = "redmine-db"
|
||||
image_name = "${var.image}"
|
||||
flavor_name = "${var.flavor}"
|
||||
user_data = "${data.template_file.redmine_db_postinstall_script.rendered}"
|
||||
|
||||
network {
|
||||
uuid = "${openstack_networking_network_v2.private_network.id}"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/bash
|
||||
|
||||
ROOT_DBPASS=$1
|
||||
REDMINE_DBPASS=$2
|
||||
|
||||
# 0. Install dependencies
|
||||
apt-get update -y
|
||||
apt-get upgrade -y
|
||||
|
||||
# 2. Create an empty database and accompanying user
|
||||
debconf-set-selections <<< "mysql-server mysql-server/root_password password ${ROOT_DBPASS}"
|
||||
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password ${ROOT_DBPASS}"
|
||||
apt-get install -y mariadb-server
|
||||
|
||||
mysql -uroot -p${ROOT_DBPASS} -e "CREATE DATABASE redmine CHARACTER SET utf8;"
|
||||
mysql -uroot -p${ROOT_DBPASS} -e "GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'%' IDENTIFIED BY '${REDMINE_DBPASS}';";
|
||||
|
||||
sed -i "s|127.0.0.1|0.0.0.0|g" /etc/mysql/my.cnf
|
||||
service mysql restart
|
||||
sleep 5
|
||||
echo -e "${ROOT_DBPASS}\nn\nY\nY\nY\n" | mysql_secure_installation
|
|
@ -0,0 +1,100 @@
|
|||
#!/bin/bash
|
||||
|
||||
version=$1
|
||||
redmine_db_ip=$2
|
||||
REDMINE_DBPASS=$3
|
||||
|
||||
export REDMINE_LANG=en
|
||||
output_folder=/opt/redmine
|
||||
redmine_folder=$output_folder/redmine-$version
|
||||
bootstrap_plugin_version=0.2.4
|
||||
jenkins_plugin_version=1.0.1
|
||||
oauth_provider=0.0.5
|
||||
|
||||
# 0. Install dependencies
|
||||
apt-get update -y
|
||||
apt-get upgrade -y
|
||||
apt-get install -y rubygems-integration ruby-dev libmysqlclient-dev build-essential libcurl4-openssl-dev
|
||||
|
||||
# 1. Redmine application
|
||||
mkdir $output_folder
|
||||
wget -O /tmp/redmine.tar.gz http://www.redmine.org/releases/redmine-$version.tar.gz
|
||||
tar xzf /tmp/redmine.tar.gz -C $output_folder
|
||||
cd $redmine_folder
|
||||
|
||||
# 3. Database connection configuration
|
||||
cat <<EOL > config/database.yml
|
||||
production:
|
||||
adapter: mysql2
|
||||
database: redmine
|
||||
host: ${redmine_db_ip}
|
||||
username: redmine
|
||||
password: "${REDMINE_DBPASS}"
|
||||
encoding: utf8
|
||||
EOL
|
||||
|
||||
# 4. Dependencies installation
|
||||
gem install bundler
|
||||
bundle install --without development test rmagick
|
||||
|
||||
# 5. Session store secret generation
|
||||
bundle exec rake generate_secret_token
|
||||
|
||||
# 6. Database schema objects creation
|
||||
RAILS_ENV=production bundle exec rake db:migrate
|
||||
|
||||
# 7. Database default data set
|
||||
RAILS_ENV=production bundle exec rake redmine:load_default_data
|
||||
|
||||
# 8. File system permissions
|
||||
mkdir -p tmp tmp/pdf public/plugin_assets
|
||||
useradd redmine
|
||||
chown -R redmine:redmine files log tmp public/plugin_assets
|
||||
chmod -R 755 files log tmp public/plugin_assets
|
||||
|
||||
# 9. Install Passenger packages
|
||||
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
|
||||
apt-get install -y apt-transport-https ca-certificates
|
||||
echo 'deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main' > /etc/apt/sources.list.d/passenger.list
|
||||
apt-get update
|
||||
apt-get install -y nginx-extras passenger
|
||||
sed -i "s|# include /etc/nginx/passenger.conf;|include /etc/nginx/passenger.conf;|g" /etc/nginx/nginx.conf
|
||||
|
||||
# 10. Configure Nginx
|
||||
cat <<EOL > /etc/nginx/sites-available/redmine
|
||||
server {
|
||||
listen 80;
|
||||
server_name www.redmine.me;
|
||||
root $redmine_folder/public;
|
||||
passenger_enabled on;
|
||||
client_max_body_size 10m; # Max attachemnt size
|
||||
}
|
||||
EOL
|
||||
ln -s /etc/nginx/sites-available/redmine /etc/nginx/sites-enabled/redmine
|
||||
rm /etc/nginx/sites-enabled/default
|
||||
|
||||
# Configure jenkins plugin and their dependencies
|
||||
apt-get install -y git
|
||||
|
||||
cd ${redmine_folder}/plugins
|
||||
git clone https://github.com/jbox-web/redmine_bootstrap_kit.git
|
||||
pushd redmine_bootstrap_kit/
|
||||
git checkout tags/${bootstrap_plugin_version}
|
||||
popd
|
||||
|
||||
git clone https://github.com/jbox-web/redmine_jenkins.git
|
||||
pushd redmine_jenkins/
|
||||
git checkout tags/${jenkins_plugin_version}
|
||||
popd
|
||||
|
||||
git clone https://github.com/suer/redmine_oauth_provider.git
|
||||
pushd redmine_oauth_provider
|
||||
git checkout tags/${oauth_provider}
|
||||
popd
|
||||
|
||||
bundle install --without development test
|
||||
bundle exec rake redmine:plugins:migrate RAILS_ENV=production
|
||||
|
||||
chown -R redmine:redmine ${redmine_folder}
|
||||
|
||||
service nginx restart
|
|
@ -0,0 +1,15 @@
|
|||
#cloud-config
|
||||
|
||||
ssh_pwauth: true
|
||||
|
||||
users:
|
||||
- name: cicd
|
||||
passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/
|
||||
lock_passwd: False
|
||||
sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
|
||||
shell: /bin/bash
|
||||
|
||||
runcmd:
|
||||
- wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/redmine/postinstall_db.sh
|
||||
- chmod 755 postinstall_db.sh
|
||||
- bash postinstall_db.sh ${root_db_password} ${redmine_db_password}
|
|
@ -0,0 +1,15 @@
|
|||
#cloud-config
|
||||
|
||||
ssh_pwauth: true
|
||||
|
||||
users:
|
||||
- name: cicd
|
||||
passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/
|
||||
lock_passwd: False
|
||||
sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
|
||||
shell: /bin/bash
|
||||
|
||||
runcmd:
|
||||
- wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/redmine/postinstall_web.sh
|
||||
- chmod 755 postinstall_web.sh
|
||||
- bash postinstall_web.sh ${version} ${redmine_db_ip} ${redmine_db_password}
|
|
@ -0,0 +1,28 @@
|
|||
variable "image" {
|
||||
default = "ubuntu-14.04-cloud"
|
||||
}
|
||||
|
||||
variable "flavor" {
|
||||
default = "m2.large"
|
||||
}
|
||||
|
||||
variable "external_gateway" {
|
||||
default = "7004a83a-13d3-4dcd-8cf5-52af1ace4cae"
|
||||
}
|
||||
|
||||
variable "floating_pool" {
|
||||
default = "GATEWAY_NET"
|
||||
}
|
||||
|
||||
# Redmine Configuration values
|
||||
variable "redmine_version" {
|
||||
default = "3.3.0"
|
||||
}
|
||||
|
||||
variable "root_db_password"{
|
||||
default = "secure"
|
||||
}
|
||||
|
||||
variable "redmine_db_password"{
|
||||
default = "secure"
|
||||
}
|
Loading…
Reference in New Issue