Add CI/CD terraform scripts
Change-Id: I791c9c50c70fcf41077c0c5125bce2b534be51c7
This commit is contained in:
parent
cd39e063d8
commit
1d4aa339a9
|
@ -0,0 +1,3 @@
|
||||||
|
terraform.tfstate*
|
||||||
|
openrc
|
||||||
|
.vagrant/
|
|
@ -0,0 +1,73 @@
|
||||||
|
CI/CD for everyone else
|
||||||
|
=======================
|
||||||
|
|
||||||
|
This Terraform project pretends to provision all the OpenStack resources for a Development Infrastructure required for Applications that uses Continuous Integration and Continuos Delivery software cycle.
|
||||||
|
|
||||||
|
# Requirements:
|
||||||
|
|
||||||
|
- [Install Terraform] (https://www.terraform.io/intro/getting-started/install.html)
|
||||||
|
- Customize according to your OpenStack Provider
|
||||||
|
|
||||||
|
## General OpenStack settings
|
||||||
|
|
||||||
|
Terraform OpenStack provider needs environment variables to be set
|
||||||
|
before you can run the scripts. In general, you can simply export OS
|
||||||
|
environment variables like the following:
|
||||||
|
|
||||||
|
```
|
||||||
|
export OS_TENANT_NAME=osic-engineering
|
||||||
|
export OS_AUTH_URL=https://cloud1.osic.org:5000/v2.0
|
||||||
|
export OS_DOMAIN_NAME=Default
|
||||||
|
export OS_REGION_NAME=RegionOne
|
||||||
|
export OS_PASSWORD=secret
|
||||||
|
export OS_USERNAME=demo
|
||||||
|
```
|
||||||
|
Those values depend on the OpenStack Cloud provider.
|
||||||
|
|
||||||
|
## Steps for execution:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ git clone https://github.com/electrocucaracha/terraform-cicd.git
|
||||||
|
$ cd terraform-cicd
|
||||||
|
$ terraform apply
|
||||||
|
...
|
||||||
|
Apply complete! Resources: 13 added, 0 changed, 0 destroyed.
|
||||||
|
...
|
||||||
|
Outputs:
|
||||||
|
|
||||||
|
gerrit = http://10.0.0.1
|
||||||
|
jenkins = http://10.0.0.2
|
||||||
|
redmine = http://10.0.0.3
|
||||||
|
```
|
||||||
|
|
||||||
|
## Post-configuration
|
||||||
|
|
||||||
|
### Redmine Security Realm (authentication):
|
||||||
|
|
||||||
|
First you need to get consumer key/secret from Redmine OAuth Provider Plugin.
|
||||||
|
|
||||||
|
1. Log into your Redmine account.
|
||||||
|
2. Access to [YOUR_REDMINE_HOST]/oauth_clients
|
||||||
|
3. Click the **Register your application** link.
|
||||||
|
4. The system requests the following information:
|
||||||
|
* **Name** is required. For example, input Jenkins
|
||||||
|
* **Main Application URL** is required. For example, input your jenkins url.
|
||||||
|
* **Callback URL** is required. For example, input [YOUR_JENKINS_HOST]/securityRealm/finishLogin
|
||||||
|
* **Support URL** is not required.
|
||||||
|
5. Press **Register**.
|
||||||
|
The system generates a key and a secret for you.
|
||||||
|
Toggle the consumer name to see the generated Key and Secret value for your consumer.
|
||||||
|
|
||||||
|
Second, you need to configure your Jenkins.
|
||||||
|
|
||||||
|
1. Open Jenkins **Configure System** page.
|
||||||
|
2. Check **Enable security**.
|
||||||
|
3. Select **Redmine OAuth Plugin** in **Security Realm**.
|
||||||
|
4. Input your Redmine Url to **Redmine Url**.
|
||||||
|
5. Input your Consumer Key to **Client ID**.
|
||||||
|
6. Input your Consumer Secret to **Client Secret**.
|
||||||
|
7. Click **Save** button.
|
||||||
|
|
||||||
|
## Destroy:
|
||||||
|
|
||||||
|
terraform destroy
|
|
@ -0,0 +1,55 @@
|
||||||
|
# -*- mode: ruby -*-
|
||||||
|
# vi: set ft=ruby :
|
||||||
|
|
||||||
|
# All Vagrant configuration is done below. The "2" in Vagrant.configure
|
||||||
|
# configures the configuration version (we support older styles for
|
||||||
|
# backwards compatibility). Please don't change it unless you know what
|
||||||
|
# you're doing.
|
||||||
|
Vagrant.configure("2") do |config|
|
||||||
|
config.vm.box = "sputnik13/trusty64"
|
||||||
|
|
||||||
|
config.vm.define :redmine_db do |redmine_db|
|
||||||
|
redmine_db.vm.hostname = 'redmine-db'
|
||||||
|
redmine_db.vm.network :private_network, ip: '192.168.50.2'
|
||||||
|
redmine_db.vm.provider "virtualbox" do |v|
|
||||||
|
v.customize ["modifyvm", :id, "--memory", 1 * 1024]
|
||||||
|
end
|
||||||
|
redmine_db.vm.provision 'shell' do |s|
|
||||||
|
s.path = 'redmine/postinstall_db.sh'
|
||||||
|
s.args = ['root_password', 'redmine_password']
|
||||||
|
end
|
||||||
|
end
|
||||||
|
config.vm.define :redmine_web do |redmine_web|
|
||||||
|
redmine_web.vm.hostname = 'redmine'
|
||||||
|
redmine_web.vm.network :private_network, ip: '192.168.50.3'
|
||||||
|
redmine_web.vm.provider "virtualbox" do |v|
|
||||||
|
v.customize ["modifyvm", :id, "--memory", 2 * 1024]
|
||||||
|
end
|
||||||
|
redmine_web.vm.provision 'shell' do |s|
|
||||||
|
s.path = 'redmine/postinstall_web.sh'
|
||||||
|
s.args = ['3.3.0', '192.168.50.2', 'redmine_password']
|
||||||
|
end
|
||||||
|
end
|
||||||
|
config.vm.define :gerrit do |gerrit|
|
||||||
|
gerrit.vm.hostname = "gerrit"
|
||||||
|
gerrit.vm.network :private_network, ip: '192.168.50.5'
|
||||||
|
gerrit.vm.provider "virtualbox" do |v|
|
||||||
|
v.customize ["modifyvm", :id, "--memory", 1 * 1024]
|
||||||
|
end
|
||||||
|
gerrit.vm.provision 'shell' do |s|
|
||||||
|
s.path = 'gerrit/postinstall.sh'
|
||||||
|
s.args = ['127.0.0.1']
|
||||||
|
end
|
||||||
|
end
|
||||||
|
config.vm.define :jenkins do |jenkins|
|
||||||
|
jenkins.vm.hostname = "jenkins"
|
||||||
|
jenkins.vm.network :private_network, ip: '192.168.50.6'
|
||||||
|
jenkins.vm.provider "virtualbox" do |v|
|
||||||
|
v.customize ["modifyvm", :id, "--memory", 1 * 1024]
|
||||||
|
end
|
||||||
|
jenkins.vm.provision 'shell' do |s|
|
||||||
|
s.path = 'jenkins/postinstall.sh'
|
||||||
|
s.args = ['192.168.50.3', '3.3.0', '192.168.50.5']
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,25 @@
|
||||||
|
resource "openstack_compute_floatingip_v2" "gerrit_floatingip" {
|
||||||
|
depends_on = ["openstack_networking_router_interface_v2.router_interface"]
|
||||||
|
pool = "${var.floating_pool}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Template for gerrit installation
|
||||||
|
data "template_file" "gerrit_postinstall_script" {
|
||||||
|
template = "${file("gerrit.tpl")}"
|
||||||
|
vars {
|
||||||
|
password = "secure"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_compute_instance_v2" "gerrit" {
|
||||||
|
name = "gerrit"
|
||||||
|
image_name = "${var.image}"
|
||||||
|
flavor_name = "${var.flavor}"
|
||||||
|
security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ]
|
||||||
|
floating_ip = "${openstack_compute_floatingip_v2.gerrit_floatingip.address}"
|
||||||
|
user_data = "${data.template_file.gerrit_postinstall_script.rendered}"
|
||||||
|
|
||||||
|
network {
|
||||||
|
uuid = "${openstack_networking_network_v2.private_network.id}"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,15 @@
|
||||||
|
#cloud-config
|
||||||
|
|
||||||
|
ssh_pwauth: true
|
||||||
|
|
||||||
|
users:
|
||||||
|
- name: cicd
|
||||||
|
passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/
|
||||||
|
lock_passwd: False
|
||||||
|
sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
|
||||||
|
shell: /bin/bash
|
||||||
|
|
||||||
|
runcmd:
|
||||||
|
- wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/gerrit/postinstall.sh
|
||||||
|
- chmod 755 postinstall.sh
|
||||||
|
- bash postinstall.sh
|
|
@ -0,0 +1,93 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
ROOT_DBPASS=secure
|
||||||
|
GERRIT_DBPASS=secure
|
||||||
|
gerrit_version=2.12.4
|
||||||
|
deployment_folder=/opt/gerrit
|
||||||
|
|
||||||
|
# 1. Configure Java for Strong Cryptography
|
||||||
|
apt-get update -y
|
||||||
|
apt-get install software-properties-common -y
|
||||||
|
add-apt-repository ppa:webupd8team/java -y
|
||||||
|
apt-get update -y
|
||||||
|
|
||||||
|
echo debconf shared/accepted-oracle-license-v1-1 select true | debconf-set-selections
|
||||||
|
echo debconf shared/accepted-oracle-license-v1-1 seen true | debconf-set-selections
|
||||||
|
|
||||||
|
apt-get install -y oracle-java8-set-default oracle-java8-unlimited-jce-policy
|
||||||
|
|
||||||
|
# 2. Download Gerrit
|
||||||
|
wget https://www.gerritcodereview.com/download/gerrit-${gerrit_version}.war
|
||||||
|
|
||||||
|
# 3. Database Setup
|
||||||
|
debconf-set-selections <<< "mysql-server mysql-server/root_password password ${ROOT_DBPASS}"
|
||||||
|
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password ${ROOT_DBPASS}"
|
||||||
|
apt-get install -y mariadb-server
|
||||||
|
|
||||||
|
mysql -uroot -p${ROOT_DBPASS} -e "CREATE DATABASE reviewdb;"
|
||||||
|
mysql -uroot -p${ROOT_DBPASS} -e "GRANT ALL PRIVILEGES ON reviewdb.* TO 'gerrit'@'localhost' IDENTIFIED BY '${GERRIT_DBPASS}';";
|
||||||
|
|
||||||
|
# 4. Initialize the Site
|
||||||
|
useradd gerrit
|
||||||
|
echo "gerrit:${GERRIT_DBPASS}"| chpasswd
|
||||||
|
mkdir -p ${deployment_folder}/etc/
|
||||||
|
cat <<EOL > ${deployment_folder}/etc/gerrit.config
|
||||||
|
[gerrit]
|
||||||
|
basePath = localhost
|
||||||
|
canonicalWebUrl = http://${HOSTNAME}
|
||||||
|
[database]
|
||||||
|
type = mysql
|
||||||
|
hostname = localhost
|
||||||
|
database = reviewdb
|
||||||
|
username = gerrit
|
||||||
|
password = ${GERRIT_DBPASS}
|
||||||
|
[index]
|
||||||
|
type = LUCENE
|
||||||
|
[auth]
|
||||||
|
type = DEVELOPMENT_BECOME_ANY_ACCOUNT
|
||||||
|
[receive]
|
||||||
|
enableSignedPush = true
|
||||||
|
[sendemail]
|
||||||
|
smtpServer = localhost
|
||||||
|
[container]
|
||||||
|
user = root
|
||||||
|
javaHome = /usr/lib/jvm/java-8-oracle/jre
|
||||||
|
[sshd]
|
||||||
|
listenAddress = *:29418
|
||||||
|
[httpd]
|
||||||
|
listenUrl = proxy-http://*:8080/
|
||||||
|
[cache]
|
||||||
|
directory = cache
|
||||||
|
EOL
|
||||||
|
|
||||||
|
apt-get install -y gitweb
|
||||||
|
|
||||||
|
java -jar gerrit-${gerrit_version}.war init -d ${deployment_folder} --batch
|
||||||
|
# The second time downloads bcpkix jar
|
||||||
|
java -jar gerrit-${gerrit_version}.war init -d ${deployment_folder} --batch
|
||||||
|
java -jar gerrit-${gerrit_version}.war reindex -d ${deployment_folder}
|
||||||
|
|
||||||
|
ln -snf ${deployment_folder}/bin/gerrit.sh /etc/init.d/gerrit
|
||||||
|
ln -snf /etc/init.d/gerrit /etc/rc3.d/S90gerrit
|
||||||
|
|
||||||
|
cat <<EOL > /etc/default/gerritcodereview
|
||||||
|
GERRIT_SITE=${deployment_folder}
|
||||||
|
EOL
|
||||||
|
|
||||||
|
service gerrit start
|
||||||
|
|
||||||
|
a2enmod proxy
|
||||||
|
a2enmod proxy_http
|
||||||
|
|
||||||
|
cat <<EOL > /etc/apache2/sites-available/000-default.conf
|
||||||
|
<VirtualHost *:80>
|
||||||
|
ProxyPreserveHost On
|
||||||
|
|
||||||
|
<Location />
|
||||||
|
ProxyPass http://0.0.0.0:8080/
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
</Location>
|
||||||
|
</VirtualHost>
|
||||||
|
EOL
|
||||||
|
service apache2 restart
|
|
@ -0,0 +1,27 @@
|
||||||
|
resource "openstack_compute_floatingip_v2" "jenkins_floatingip" {
|
||||||
|
depends_on = ["openstack_networking_router_interface_v2.router_interface"]
|
||||||
|
pool = "${var.floating_pool}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Template for jenkins installation
|
||||||
|
data "template_file" "jenkins_postinstall_script" {
|
||||||
|
template = "${file("jenkins.tpl")}"
|
||||||
|
vars {
|
||||||
|
redmine_ip = "${openstack_compute_floatingip_v2.redmine_floatingip.address}"
|
||||||
|
redmine_version = "${var.redmine_version}"
|
||||||
|
gerrit_ip = "${openstack_compute_floatingip_v2.gerrit_floatingip.address}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_compute_instance_v2" "jenkins" {
|
||||||
|
name = "jenkins"
|
||||||
|
image_name = "${var.image}"
|
||||||
|
flavor_name = "${var.flavor}"
|
||||||
|
security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ]
|
||||||
|
floating_ip = "${openstack_compute_floatingip_v2.jenkins_floatingip.address}"
|
||||||
|
user_data = "${data.template_file.jenkins_postinstall_script.rendered}"
|
||||||
|
|
||||||
|
network {
|
||||||
|
uuid = "${openstack_networking_network_v2.private_network.id}"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,15 @@
|
||||||
|
#cloud-config
|
||||||
|
|
||||||
|
ssh_pwauth: true
|
||||||
|
|
||||||
|
users:
|
||||||
|
- name: cicd
|
||||||
|
passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/
|
||||||
|
lock_passwd: False
|
||||||
|
sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
|
||||||
|
shell: /bin/bash
|
||||||
|
|
||||||
|
runcmd:
|
||||||
|
- wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/jenkins/postinstall.sh
|
||||||
|
- chmod 755 postinstall.sh
|
||||||
|
- bash postinstall.sh ${redmine_ip} ${redmine_version} ${gerrit_ip}
|
|
@ -0,0 +1,219 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
version=2.25
|
||||||
|
filename=jenkins_${version}_all.deb
|
||||||
|
|
||||||
|
redmine_ip=$1
|
||||||
|
redmine_version=$2
|
||||||
|
gerrit_ip=$3
|
||||||
|
|
||||||
|
apt-get update -y
|
||||||
|
apt-get install -y openjdk-7-jdk daemon nginx
|
||||||
|
wget -q -O - https://pkg.jenkins.io/debian/jenkins-ci.org.key | apt-key add -
|
||||||
|
echo deb http://pkg.jenkins.io/debian binary/ > /etc/apt/sources.list.d/jenkins.list
|
||||||
|
apt-get update -y
|
||||||
|
wget http://pkg.jenkins.io/debian/binary/$filename
|
||||||
|
dpkg -i $filename
|
||||||
|
rm $filename
|
||||||
|
|
||||||
|
rm /etc/nginx/sites-available/default
|
||||||
|
cat <<EOL > /etc/nginx/sites-available/jenkins
|
||||||
|
upstream app_server {
|
||||||
|
server 127.0.0.1:8080 fail_timeout=0;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80 default ipv6only=on;
|
||||||
|
server_name ci.yourcompany.com;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host \$http_host;
|
||||||
|
proxy_redirect off;
|
||||||
|
|
||||||
|
if (!-f \$request_filename) {
|
||||||
|
proxy_pass http://app_server;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOL
|
||||||
|
|
||||||
|
ln -s /etc/nginx/sites-available/jenkins /etc/nginx/sites-enabled/
|
||||||
|
service nginx restart
|
||||||
|
|
||||||
|
echo $version > /var/lib/jenkins/jenkins.install.InstallUtil.lastExecVersion
|
||||||
|
sed -i "s|127.0.0.1 localhost|127.0.0.1 localhost $(hostname)|g" /etc/hosts
|
||||||
|
|
||||||
|
# Install plugins
|
||||||
|
|
||||||
|
wget http://updates.jenkins-ci.org/latest/redmine.hpi -P /var/lib/jenkins/plugins
|
||||||
|
wget http://updates.jenkins-ci.org/latest/subversion.hpi -P /var/lib/jenkins/plugins
|
||||||
|
wget http://updates.jenkins-ci.org/latest/mapdb-api.hpi -P /var/lib/jenkins/plugins
|
||||||
|
wget http://updates.jenkins-ci.org/latest/credentials.hpi -P /var/lib/jenkins/plugins
|
||||||
|
wget http://updates.jenkins-ci.org/latest/ssh-credentials.hpi -P /var/lib/jenkins/plugins
|
||||||
|
wget http://updates.jenkins-ci.org/latest/scm-api.hpi -P /var/lib/jenkins/plugins
|
||||||
|
wget http://updates.jenkins-ci.org/latest/structs.hpi -P /var/lib/jenkins/plugins
|
||||||
|
wget http://updates.jenkins-ci.org/latest/workflow-step-api.hpi -P /var/lib/jenkins/plugins
|
||||||
|
wget http://updates.jenkins-ci.org/latest/workflow-scm-step.hpi -P /var/lib/jenkins/plugins
|
||||||
|
|
||||||
|
wget http://updates.jenkins-ci.org/latest/gerrit-trigger.hpi -P /var/lib/jenkins/plugins
|
||||||
|
|
||||||
|
apt-get install -y git maven
|
||||||
|
redmine_oauth_folder=/tmp/redmine-oauth-plugin
|
||||||
|
git clone https://github.com/mallowlabs/redmine-oauth-plugin.git $redmine_oauth_folder
|
||||||
|
pushd $redmine_oauth_folder
|
||||||
|
mvn package
|
||||||
|
export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/
|
||||||
|
mv target/redmine-oauth.hpi /var/lib/jenkins/plugins/
|
||||||
|
popd
|
||||||
|
|
||||||
|
|
||||||
|
cd /var/lib/jenkins/
|
||||||
|
# Configure Redmine
|
||||||
|
cat <<EOL > hudson.plugins.redmine.RedmineProjectProperty.xml
|
||||||
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
|
<hudson.plugins.redmine.RedmineProjectProperty_-DescriptorImpl plugin="redmine@0.15">
|
||||||
|
<redmineWebsites>
|
||||||
|
<hudson.plugins.redmine.RedmineWebsiteConfig>
|
||||||
|
<name>redmine</name>
|
||||||
|
<baseUrl>http://$redmine_ip/</baseUrl>
|
||||||
|
<versionNumber>$redmine_version</versionNumber>
|
||||||
|
</hudson.plugins.redmine.RedmineWebsiteConfig>
|
||||||
|
</redmineWebsites>
|
||||||
|
</hudson.plugins.redmine.RedmineProjectProperty_-DescriptorImpl>
|
||||||
|
EOL
|
||||||
|
|
||||||
|
cat <<EOL > gerrit-trigger.xml
|
||||||
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
|
<com.sonyericsson.hudson.plugins.gerrit.trigger.PluginImpl plugin="gerrit-trigger@2.22.0">
|
||||||
|
<servers class="java.util.concurrent.CopyOnWriteArrayList">
|
||||||
|
<com.sonyericsson.hudson.plugins.gerrit.trigger.GerritServer>
|
||||||
|
<name>gerrit</name>
|
||||||
|
<noConnectionOnStartup>false</noConnectionOnStartup>
|
||||||
|
<config class="com.sonyericsson.hudson.plugins.gerrit.trigger.config.Config">
|
||||||
|
<gerritHostName>$gerrit_ip</gerritHostName>
|
||||||
|
<gerritSshPort>29418</gerritSshPort>
|
||||||
|
<gerritProxy></gerritProxy>
|
||||||
|
<gerritUserName>jenkins</gerritUserName>
|
||||||
|
<gerritEMail></gerritEMail>
|
||||||
|
<gerritAuthKeyFile>/var/lib/jenkins/.ssh/id_rsa</gerritAuthKeyFile>
|
||||||
|
<gerritAuthKeyFilePassword>f+BwOT8JcD9bpti9rVi5OQ==</gerritAuthKeyFilePassword>
|
||||||
|
<useRestApi>false</useRestApi>
|
||||||
|
<restCodeReview>false</restCodeReview>
|
||||||
|
<restVerified>false</restVerified>
|
||||||
|
<gerritVerifiedCmdBuildSuccessful>gerrit review <CHANGE>,<PATCHSET> --message 'Build Successful <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW></gerritVerifiedCmdBuildSuccessful>
|
||||||
|
<gerritVerifiedCmdBuildUnstable>gerrit review <CHANGE>,<PATCHSET> --message 'Build Unstable <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW></gerritVerifiedCmdBuildUnstable>
|
||||||
|
<gerritVerifiedCmdBuildFailed>gerrit review <CHANGE>,<PATCHSET> --message 'Build Failed <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW></gerritVerifiedCmdBuildFailed>
|
||||||
|
<gerritVerifiedCmdBuildStarted>gerrit review <CHANGE>,<PATCHSET> --message 'Build Started <BUILDURL> <STARTED_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW></gerritVerifiedCmdBuildStarted>
|
||||||
|
<gerritVerifiedCmdBuildNotBuilt>gerrit review <CHANGE>,<PATCHSET> --message 'No Builds Executed <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW></gerritVerifiedCmdBuildNotBuilt>
|
||||||
|
<gerritFrontEndUrl>http://$gerrit_ip/</gerritFrontEndUrl>
|
||||||
|
<gerritBuildStartedVerifiedValue>0</gerritBuildStartedVerifiedValue>
|
||||||
|
<gerritBuildSuccessfulVerifiedValue>1</gerritBuildSuccessfulVerifiedValue>
|
||||||
|
<gerritBuildFailedVerifiedValue>-1</gerritBuildFailedVerifiedValue>
|
||||||
|
<gerritBuildUnstableVerifiedValue>0</gerritBuildUnstableVerifiedValue>
|
||||||
|
<gerritBuildNotBuiltVerifiedValue>0</gerritBuildNotBuiltVerifiedValue>
|
||||||
|
<gerritBuildStartedCodeReviewValue>0</gerritBuildStartedCodeReviewValue>
|
||||||
|
<gerritBuildSuccessfulCodeReviewValue>0</gerritBuildSuccessfulCodeReviewValue>
|
||||||
|
<gerritBuildFailedCodeReviewValue>0</gerritBuildFailedCodeReviewValue>
|
||||||
|
<gerritBuildUnstableCodeReviewValue>-1</gerritBuildUnstableCodeReviewValue>
|
||||||
|
<gerritBuildNotBuiltCodeReviewValue>0</gerritBuildNotBuiltCodeReviewValue>
|
||||||
|
<enableManualTrigger>true</enableManualTrigger>
|
||||||
|
<enablePluginMessages>true</enablePluginMessages>
|
||||||
|
<buildScheduleDelay>3</buildScheduleDelay>
|
||||||
|
<dynamicConfigRefreshInterval>30</dynamicConfigRefreshInterval>
|
||||||
|
<enableProjectAutoCompletion>true</enableProjectAutoCompletion>
|
||||||
|
<projectListRefreshInterval>3600</projectListRefreshInterval>
|
||||||
|
<projectListFetchDelay>0</projectListFetchDelay>
|
||||||
|
<categories class="linked-list">
|
||||||
|
<com.sonyericsson.hudson.plugins.gerrit.trigger.VerdictCategory>
|
||||||
|
<verdictValue>Code-Review</verdictValue>
|
||||||
|
<verdictDescription>Code Review</verdictDescription>
|
||||||
|
</com.sonyericsson.hudson.plugins.gerrit.trigger.VerdictCategory>
|
||||||
|
<com.sonyericsson.hudson.plugins.gerrit.trigger.VerdictCategory>
|
||||||
|
<verdictValue>Verified</verdictValue>
|
||||||
|
<verdictDescription>Verified</verdictDescription>
|
||||||
|
</com.sonyericsson.hudson.plugins.gerrit.trigger.VerdictCategory>
|
||||||
|
</categories>
|
||||||
|
<replicationConfig>
|
||||||
|
<enableReplication>false</enableReplication>
|
||||||
|
<slaves class="linked-list"/>
|
||||||
|
<enableSlaveSelectionInJobs>false</enableSlaveSelectionInJobs>
|
||||||
|
</replicationConfig>
|
||||||
|
<watchdogTimeoutMinutes>0</watchdogTimeoutMinutes>
|
||||||
|
<watchTimeExceptionData>
|
||||||
|
<daysOfWeek/>
|
||||||
|
<timesOfDay class="linked-list"/>
|
||||||
|
</watchTimeExceptionData>
|
||||||
|
<notificationLevel>ALL</notificationLevel>
|
||||||
|
<buildCurrentPatchesOnly>
|
||||||
|
<enabled>false</enabled>
|
||||||
|
<abortNewPatchsets>false</abortNewPatchsets>
|
||||||
|
<abortManualPatchsets>false</abortManualPatchsets>
|
||||||
|
</buildCurrentPatchesOnly>
|
||||||
|
</config>
|
||||||
|
</com.sonyericsson.hudson.plugins.gerrit.trigger.GerritServer>
|
||||||
|
</servers>
|
||||||
|
<pluginConfig>
|
||||||
|
<numberOfReceivingWorkerThreads>3</numberOfReceivingWorkerThreads>
|
||||||
|
<numberOfSendingWorkerThreads>1</numberOfSendingWorkerThreads>
|
||||||
|
<replicationCacheExpirationInMinutes>360</replicationCacheExpirationInMinutes>
|
||||||
|
</pluginConfig>
|
||||||
|
</com.sonyericsson.hudson.plugins.gerrit.trigger.PluginImpl>
|
||||||
|
EOL
|
||||||
|
|
||||||
|
cat <<EOL > config.xml
|
||||||
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
|
<hudson>
|
||||||
|
<disabledAdministrativeMonitors/>
|
||||||
|
<version>1.0</version>
|
||||||
|
<numExecutors>2</numExecutors>
|
||||||
|
<mode>NORMAL</mode>
|
||||||
|
<useSecurity>true</useSecurity>
|
||||||
|
<authorizationStrategy class="hudson.security.AuthorizationStrategy\$Unsecured"/>
|
||||||
|
<securityRealm class="org.jenkinsci.plugins.RedmineSecurityRealm">
|
||||||
|
<redmineUrl>http://${redmine_ip}</redmineUrl>
|
||||||
|
<clientID></clientID>
|
||||||
|
<clientSecret></clientSecret>
|
||||||
|
</securityRealm>
|
||||||
|
<disableRememberMe>false</disableRememberMe>
|
||||||
|
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy\$DefaultProjectNamingStrategy"/>
|
||||||
|
<workspaceDir>\${ITEM_ROOTDIR}/workspace</workspaceDir>
|
||||||
|
<buildsDir>\${ITEM_ROOTDIR}/builds</buildsDir>
|
||||||
|
<markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
|
||||||
|
<jdks/>
|
||||||
|
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
|
||||||
|
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
|
||||||
|
<clouds/>
|
||||||
|
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
|
||||||
|
<views>
|
||||||
|
<hudson.model.AllView>
|
||||||
|
<owner class="hudson" reference="../../.."/>
|
||||||
|
<name>All</name>
|
||||||
|
<filterExecutors>false</filterExecutors>
|
||||||
|
<filterQueue>false</filterQueue>
|
||||||
|
<properties class="hudson.model.View$PropertyList"/>
|
||||||
|
</hudson.model.AllView>
|
||||||
|
</views>
|
||||||
|
<primaryView>All</primaryView>
|
||||||
|
<slaveAgentPort>0</slaveAgentPort>
|
||||||
|
<label></label>
|
||||||
|
<nodeProperties/>
|
||||||
|
<globalNodeProperties/>
|
||||||
|
</hudson>
|
||||||
|
EOL
|
||||||
|
|
||||||
|
cat <<EOL > jenkins.security.QueueItemAuthenticatorConfiguration.xml
|
||||||
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
|
<jenkins.security.QueueItemAuthenticatorConfiguration>
|
||||||
|
<authenticators/>
|
||||||
|
</jenkins.security.QueueItemAuthenticatorConfiguration>
|
||||||
|
EOL
|
||||||
|
|
||||||
|
chown jenkins:jenkins -R /var/lib/jenkins/
|
||||||
|
service jenkins restart
|
||||||
|
echo false > secrets/slave-to-master-security-kill-switch
|
||||||
|
service jenkins restart
|
||||||
|
|
||||||
|
su jenkins -c "ssh-keygen -b 2048 -t rsa -f /var/lib/jenkins/.ssh/id_rsa -q -N \"\""
|
|
@ -0,0 +1,11 @@
|
||||||
|
output "gerrit" {
|
||||||
|
value = "http://${openstack_compute_floatingip_v2.gerrit_floatingip.address}"
|
||||||
|
}
|
||||||
|
|
||||||
|
output "jenkins" {
|
||||||
|
value = "http://${openstack_compute_floatingip_v2.jenkins_floatingip.address}"
|
||||||
|
}
|
||||||
|
|
||||||
|
output "redmine" {
|
||||||
|
value = "http://${openstack_compute_floatingip_v2.redmine_floatingip.address}"
|
||||||
|
}
|
|
@ -0,0 +1,46 @@
|
||||||
|
resource "openstack_networking_network_v2" "private_network" {
|
||||||
|
name = "cicd-private"
|
||||||
|
admin_state_up = "true"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_networking_subnet_v2" "private_subnet01" {
|
||||||
|
name = "cicd-subnet"
|
||||||
|
network_id = "${openstack_networking_network_v2.private_network.id}"
|
||||||
|
cidr = "192.168.50.0/24"
|
||||||
|
ip_version = 4
|
||||||
|
enable_dhcp = "true"
|
||||||
|
dns_nameservers = ["8.8.8.8"]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_compute_secgroup_v2" "secgroup" {
|
||||||
|
name = "cicd-secgroup"
|
||||||
|
description = "Security group for accessing to CI/CD environment"
|
||||||
|
rule {
|
||||||
|
from_port = 22
|
||||||
|
to_port = 22
|
||||||
|
ip_protocol = "tcp"
|
||||||
|
cidr = "0.0.0.0/0"
|
||||||
|
}
|
||||||
|
rule {
|
||||||
|
from_port = 80
|
||||||
|
to_port = 80
|
||||||
|
ip_protocol = "tcp"
|
||||||
|
cidr = "0.0.0.0/0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_networking_router_v2" "router" {
|
||||||
|
name = "cicd-router"
|
||||||
|
admin_state_up = "true"
|
||||||
|
external_gateway = "${var.external_gateway}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_networking_router_interface_v2" "router_interface" {
|
||||||
|
router_id = "${openstack_networking_router_v2.router.id}"
|
||||||
|
subnet_id = "${openstack_networking_subnet_v2.private_subnet01.id}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_compute_floatingip_v2" "floatingip" {
|
||||||
|
depends_on = ["openstack_networking_router_interface_v2.router_interface"]
|
||||||
|
pool = "${var.floating_pool}"
|
||||||
|
}
|
|
@ -0,0 +1,47 @@
|
||||||
|
resource "openstack_compute_floatingip_v2" "redmine_floatingip" {
|
||||||
|
depends_on = ["openstack_networking_router_interface_v2.router_interface"]
|
||||||
|
pool = "${var.floating_pool}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Template for redmine webserver installation
|
||||||
|
data "template_file" "redmine_web_postinstall_script" {
|
||||||
|
template = "${file("redmine_web.tpl")}"
|
||||||
|
vars {
|
||||||
|
version = "${var.redmine_version}"
|
||||||
|
redmine_db_ip = "${openstack_compute_instance_v2.redmine_db.network.0.fixed_ip_v4}"
|
||||||
|
redmine_db_password = "${var.redmine_db_password}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_compute_instance_v2" "redmine" {
|
||||||
|
depends_on = ["openstack_compute_instance_v2.redmine_db"]
|
||||||
|
name = "redmine"
|
||||||
|
image_name = "${var.image}"
|
||||||
|
flavor_name = "${var.flavor}"
|
||||||
|
security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ]
|
||||||
|
floating_ip = "${openstack_compute_floatingip_v2.redmine_floatingip.address}"
|
||||||
|
user_data = "${data.template_file.redmine_web_postinstall_script.rendered}"
|
||||||
|
network {
|
||||||
|
uuid = "${openstack_networking_network_v2.private_network.id}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Template for redmine database installation
|
||||||
|
data "template_file" "redmine_db_postinstall_script" {
|
||||||
|
template = "${file("redmine_db.tpl")}"
|
||||||
|
vars {
|
||||||
|
root_db_password = "${var.root_db_password}"
|
||||||
|
redmine_db_password = "${var.redmine_db_password}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "openstack_compute_instance_v2" "redmine_db" {
|
||||||
|
name = "redmine-db"
|
||||||
|
image_name = "${var.image}"
|
||||||
|
flavor_name = "${var.flavor}"
|
||||||
|
user_data = "${data.template_file.redmine_db_postinstall_script.rendered}"
|
||||||
|
|
||||||
|
network {
|
||||||
|
uuid = "${openstack_networking_network_v2.private_network.id}"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,21 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
ROOT_DBPASS=$1
|
||||||
|
REDMINE_DBPASS=$2
|
||||||
|
|
||||||
|
# 0. Install dependencies
|
||||||
|
apt-get update -y
|
||||||
|
apt-get upgrade -y
|
||||||
|
|
||||||
|
# 2. Create an empty database and accompanying user
|
||||||
|
debconf-set-selections <<< "mysql-server mysql-server/root_password password ${ROOT_DBPASS}"
|
||||||
|
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password ${ROOT_DBPASS}"
|
||||||
|
apt-get install -y mariadb-server
|
||||||
|
|
||||||
|
mysql -uroot -p${ROOT_DBPASS} -e "CREATE DATABASE redmine CHARACTER SET utf8;"
|
||||||
|
mysql -uroot -p${ROOT_DBPASS} -e "GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'%' IDENTIFIED BY '${REDMINE_DBPASS}';";
|
||||||
|
|
||||||
|
sed -i "s|127.0.0.1|0.0.0.0|g" /etc/mysql/my.cnf
|
||||||
|
service mysql restart
|
||||||
|
sleep 5
|
||||||
|
echo -e "${ROOT_DBPASS}\nn\nY\nY\nY\n" | mysql_secure_installation
|
|
@ -0,0 +1,100 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
version=$1
|
||||||
|
redmine_db_ip=$2
|
||||||
|
REDMINE_DBPASS=$3
|
||||||
|
|
||||||
|
export REDMINE_LANG=en
|
||||||
|
output_folder=/opt/redmine
|
||||||
|
redmine_folder=$output_folder/redmine-$version
|
||||||
|
bootstrap_plugin_version=0.2.4
|
||||||
|
jenkins_plugin_version=1.0.1
|
||||||
|
oauth_provider=0.0.5
|
||||||
|
|
||||||
|
# 0. Install dependencies
|
||||||
|
apt-get update -y
|
||||||
|
apt-get upgrade -y
|
||||||
|
apt-get install -y rubygems-integration ruby-dev libmysqlclient-dev build-essential libcurl4-openssl-dev
|
||||||
|
|
||||||
|
# 1. Redmine application
|
||||||
|
mkdir $output_folder
|
||||||
|
wget -O /tmp/redmine.tar.gz http://www.redmine.org/releases/redmine-$version.tar.gz
|
||||||
|
tar xzf /tmp/redmine.tar.gz -C $output_folder
|
||||||
|
cd $redmine_folder
|
||||||
|
|
||||||
|
# 3. Database connection configuration
|
||||||
|
cat <<EOL > config/database.yml
|
||||||
|
production:
|
||||||
|
adapter: mysql2
|
||||||
|
database: redmine
|
||||||
|
host: ${redmine_db_ip}
|
||||||
|
username: redmine
|
||||||
|
password: "${REDMINE_DBPASS}"
|
||||||
|
encoding: utf8
|
||||||
|
EOL
|
||||||
|
|
||||||
|
# 4. Dependencies installation
|
||||||
|
gem install bundler
|
||||||
|
bundle install --without development test rmagick
|
||||||
|
|
||||||
|
# 5. Session store secret generation
|
||||||
|
bundle exec rake generate_secret_token
|
||||||
|
|
||||||
|
# 6. Database schema objects creation
|
||||||
|
RAILS_ENV=production bundle exec rake db:migrate
|
||||||
|
|
||||||
|
# 7. Database default data set
|
||||||
|
RAILS_ENV=production bundle exec rake redmine:load_default_data
|
||||||
|
|
||||||
|
# 8. File system permissions
|
||||||
|
mkdir -p tmp tmp/pdf public/plugin_assets
|
||||||
|
useradd redmine
|
||||||
|
chown -R redmine:redmine files log tmp public/plugin_assets
|
||||||
|
chmod -R 755 files log tmp public/plugin_assets
|
||||||
|
|
||||||
|
# 9. Install Passenger packages
|
||||||
|
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
|
||||||
|
apt-get install -y apt-transport-https ca-certificates
|
||||||
|
echo 'deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main' > /etc/apt/sources.list.d/passenger.list
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y nginx-extras passenger
|
||||||
|
sed -i "s|# include /etc/nginx/passenger.conf;|include /etc/nginx/passenger.conf;|g" /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
# 10. Configure Nginx
|
||||||
|
cat <<EOL > /etc/nginx/sites-available/redmine
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name www.redmine.me;
|
||||||
|
root $redmine_folder/public;
|
||||||
|
passenger_enabled on;
|
||||||
|
client_max_body_size 10m; # Max attachemnt size
|
||||||
|
}
|
||||||
|
EOL
|
||||||
|
ln -s /etc/nginx/sites-available/redmine /etc/nginx/sites-enabled/redmine
|
||||||
|
rm /etc/nginx/sites-enabled/default
|
||||||
|
|
||||||
|
# Configure jenkins plugin and their dependencies
|
||||||
|
apt-get install -y git
|
||||||
|
|
||||||
|
cd ${redmine_folder}/plugins
|
||||||
|
git clone https://github.com/jbox-web/redmine_bootstrap_kit.git
|
||||||
|
pushd redmine_bootstrap_kit/
|
||||||
|
git checkout tags/${bootstrap_plugin_version}
|
||||||
|
popd
|
||||||
|
|
||||||
|
git clone https://github.com/jbox-web/redmine_jenkins.git
|
||||||
|
pushd redmine_jenkins/
|
||||||
|
git checkout tags/${jenkins_plugin_version}
|
||||||
|
popd
|
||||||
|
|
||||||
|
git clone https://github.com/suer/redmine_oauth_provider.git
|
||||||
|
pushd redmine_oauth_provider
|
||||||
|
git checkout tags/${oauth_provider}
|
||||||
|
popd
|
||||||
|
|
||||||
|
bundle install --without development test
|
||||||
|
bundle exec rake redmine:plugins:migrate RAILS_ENV=production
|
||||||
|
|
||||||
|
chown -R redmine:redmine ${redmine_folder}
|
||||||
|
|
||||||
|
service nginx restart
|
|
@ -0,0 +1,15 @@
|
||||||
|
#cloud-config
|
||||||
|
|
||||||
|
ssh_pwauth: true
|
||||||
|
|
||||||
|
users:
|
||||||
|
- name: cicd
|
||||||
|
passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/
|
||||||
|
lock_passwd: False
|
||||||
|
sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
|
||||||
|
shell: /bin/bash
|
||||||
|
|
||||||
|
runcmd:
|
||||||
|
- wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/redmine/postinstall_db.sh
|
||||||
|
- chmod 755 postinstall_db.sh
|
||||||
|
- bash postinstall_db.sh ${root_db_password} ${redmine_db_password}
|
|
@ -0,0 +1,15 @@
|
||||||
|
#cloud-config
|
||||||
|
|
||||||
|
ssh_pwauth: true
|
||||||
|
|
||||||
|
users:
|
||||||
|
- name: cicd
|
||||||
|
passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/
|
||||||
|
lock_passwd: False
|
||||||
|
sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"]
|
||||||
|
shell: /bin/bash
|
||||||
|
|
||||||
|
runcmd:
|
||||||
|
- wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/redmine/postinstall_web.sh
|
||||||
|
- chmod 755 postinstall_web.sh
|
||||||
|
- bash postinstall_web.sh ${version} ${redmine_db_ip} ${redmine_db_password}
|
|
@ -0,0 +1,28 @@
|
||||||
|
variable "image" {
|
||||||
|
default = "ubuntu-14.04-cloud"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "flavor" {
|
||||||
|
default = "m2.large"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "external_gateway" {
|
||||||
|
default = "7004a83a-13d3-4dcd-8cf5-52af1ace4cae"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "floating_pool" {
|
||||||
|
default = "GATEWAY_NET"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Redmine Configuration values
|
||||||
|
variable "redmine_version" {
|
||||||
|
default = "3.3.0"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "root_db_password"{
|
||||||
|
default = "secure"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "redmine_db_password"{
|
||||||
|
default = "secure"
|
||||||
|
}
|
Loading…
Reference in New Issue