-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathecr-ec2-jenkins.tf
More file actions
174 lines (158 loc) · 5.73 KB
/
ecr-ec2-jenkins.tf
File metadata and controls
174 lines (158 loc) · 5.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
/*This terraform file creates a Jenkins Server using JDK 11 on EC2 Instance.
Jenkins Server is enabled with Git, Docker and Docker Compose,
AWS CLI Version 2. Jenkins Server will run on Amazon Linux 2 EC2 Instance with
custom security group allowing HTTP(80, 8080) and SSH (22) connections from anywhere.
*/
provider "aws" {
region = "us-east-1"
// access_key = ""
// secret_key = ""
// If you have entered your credentials in AWS CLI before, you do not need to use these arguments.
}
provider "github" {
token = local.github-token
}
data "aws_caller_identity" "current" {}
locals {
github-email = "xxxxxxxxx@gmail.com" # you need to change this line
github-username = "fatihtepe" # you need to change this line
github-token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx" # you need to change this line
key_pair="aws" # you need to change this line
pem_key_address = "~/.ssh/aws.pem" # you need to change this line
}
resource "github_repository" "githubrepo" {
name = "todo-app-node-project"
visibility = "private"
}
resource "aws_iam_role" "roleforjenkins" {
name = "ecr_jenkins_permission"
managed_policy_arns = ["arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess", "arn:aws:iam::aws:policy/AdministratorAccess"]
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
Service = "ec2.amazonaws.com"
}
},
]
})
}
resource "aws_iam_instance_profile" "ec2_profile" {
name = "jenkinsprofile"
role = aws_iam_role.roleforjenkins.name
}
resource "aws_instance" "jenkins-server" {
ami = "ami-087c17d1fe0178315"
instance_type = "t2.small"
key_name = local.key_pair # you need to change this line
root_block_device {
volume_size = 16
}
security_groups = ["jenkins-sec-gr"]
tags = {
Name = "Jenkins-Server"
}
iam_instance_profile = aws_iam_instance_profile.ec2_profile.name
user_data = <<-EOF
#! /bin/bash
# install git
yum install git -y
# update os
yum update -y
# set server hostname as Jenkins-Server
hostnamectl set-hostname "Jenkins-Server"
# install java 11
amazon-linux-extras install java-openjdk11 -y
wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat/jenkins.repo
rpm --import https://pkg.jenkins.io/redhat/jenkins.io.key
amazon-linux-extras install epel
# install jenkins
yum install jenkins -y
systemctl start jenkins
systemctl enable jenkins
# install docker
amazon-linux-extras install docker -y
systemctl start docker
systemctl enable docker
# add ec2-user and jenkins users to docker group
usermod -a -G docker ec2-user
usermod -a -G docker jenkins
# configure docker as cloud agent for jenkins
cp /lib/systemd/system/docker.service /lib/systemd/system/docker.service.bak
sed -i 's/^ExecStart=.*/ExecStart=\/usr\/bin\/dockerd -H tcp:\/\/127.0.0.1:2375 -H unix:\/\/\/var\/run\/docker.sock/g' /lib/systemd/system/docker.service
# systemctl daemon-reload
systemctl restart docker
systemctl restart jenkins
# uninstall aws cli version 1
rm -rf /bin/aws
# install aws cli version 2
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
./aws/install
EOF
provisioner "remote-exec" {
inline = [
"sleep 150",
"wget https://github.com/awsdevopsteam/jenkins-first-project/raw/master/to-do-app-nodejs.tar",
"tar -xvf to-do-app-nodejs.tar",
"rm to-do-app-nodejs.tar",
"git clone https://${local.github-username}:${local.github-token}@github.com/${local.github-username}/${github_repository.githubrepo.name}.git",
"cd todo-app-node-project",
"cp -R /home/ec2-user/to-do-app-nodejs/* /home/ec2-user/todo-app-node-project/",
"git config --global user.email ${local.github-email}",
"git config --global user.name ${local.github-username}",
"git add .",
"git commit -m 'added todo app'",
"git push https://${local.github-username}:${local.github-token}@github.com/${local.github-username}/${github_repository.githubrepo.name}",
]
connection {
type = "ssh"
user = "ec2-user"
private_key = file("${local.pem_key_address}")
host = self.public_ip
}
}
}
variable "sg-ports" {
default = [80, 22, 8080]
}
resource "aws_security_group" "ec2-sec-gr" {
name = "jenkins-sec-gr"
tags = {
Name = "jenkins-sec-gr"
}
dynamic "ingress" {
for_each = var.sg-ports
content {
from_port = ingress.value
to_port = ingress.value
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
egress {
from_port = 0
protocol = "-1"
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
}
output "jenkins-dns-url" {
value = "http://${aws_instance.jenkins-server.public_ip}:8080"
}
output "ssh-connection" {
value = "ssh -i ${local.key_pair}.pem ec2-user@${aws_instance.jenkins-server.public_ip}"
}
output "nodejs-url" {
value = "http://${aws_instance.jenkins-server.public_ip}"
}
output "github-url" {
value = "${github_repository.githubrepo.http_clone_url}"
}
output "aws-account-id" {
value = "${data.aws_caller_identity.current.account_id}"
}