This repository is reusable deployment code/configuration of Jenkins, which gets you up and running with a production-grade Jenkins quickly.
See the documentation.
See the documentation.
None.
For any variables marked sensitive
, you are strongly encouraged to store the values in an Ansible Vault.
jenkins_admin_password
- store in a Vault
jenkins_external_hostname
SSH key - information about how to generate in Usage section below.
jenkins_ssh_key_passphrase
(sensitive)jenkins_ssh_private_key_data
(sensitive)jenkins_ssh_public_key_data
SSL configuration (sensitive)
See defaults/main.yml
.
Generate an SSH key.
ssh-keygen -t rsa -b 4096 -f temp.key -C "group-email+jenkins@some.gov"
# enter a passphrase - store in Vault as vault_jenkins_ssh_key_passphrase
cat temp.key
# store in Vault as vault_jenkins_ssh_private_key_data
cat temp.key.pub
# store as jenkins_ssh_public_key_data
rm temp.key*
Include the role and required variables. Example:
# requirements.yml
- src: https://github.com/GSA/jenkins-deploy
name: gsa.jenkins
# group_vars/all/vars.yml
jenkins_ssh_user: jenkins
jenkins_ssh_public_key_data: |
ssh-rsa ... group-email+jenkins@some.gov
# group_vars/jenkins/vars.yml
jenkins_external_hostname: ...
jenkins_ssh_key_passphrase: "{{ vault_jenkins_ssh_key_passphrase }}"
jenkins_ssh_private_key_data: "{{ vault_jenkins_ssh_private_key_data }}"
ssl_certs_local_cert_data: "{{ vault_ssl_certs_local_cert_data }}"
ssl_certs_local_privkey_data: "{{ vault_ssl_certs_local_privkey_data }}"
# group_vars/jenkins/vault.yml (encrypted)
vault_jenkins_ssh_key_passphrase: ...
vault_jenkins_ssh_private_key_data: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
vault_ssl_certs_local_cert_data: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
vault_ssl_certs_local_privkey_data: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
# playbooks/jenkins.yml
- hosts: jenkins
become: true
roles:
- gsa.jenkins
# playbooks/other.yml
# hosts that Jenkins is going to run playbooks against
- hosts: other
become: true
tasks:
- name: Create Jenkins user
user:
name: "{{ jenkins_ssh_user }}"
group: wheel
- name: Set up SSH key for Jenkins
authorized_key:
user: "{{ jenkins_ssh_user }}"
key: "{{ jenkins_ssh_public_key_data }}"
# ...other host setup tasks...
Run the Terraform (if applicable) and the playbook.
Ensure you can log into Jenkins (at jenkins_external_hostname
).
Follow the manual configuration steps
CC0