This repository contains all the stuff needed to provision a Jenkins master, a SonarQube instance and some staging/"prod" environments for a workshop usecase.
All machines are provisioned using Terraform/Ansible and Docker on the DigitalOcean cloud.
Jenkins master is automatically configured with the DigitalOcean Plugin which permits to dynamically provision Jenkins agents on demand.
It’s assume that :
-
you are on a Linux system (only tested on Fedora 25)
-
you have ansible and terraform installed locally (tested with ansible==2.3.0 and terraform==0.7.10)
-
a variable DO_API with DigitalOcean credentials is exported on the current shell
-
a ssh key pair is available on the root of this repository (id_rsa_jam, id_rsa_jam.pub), and must be added to your DigitalOcean settings
Since the SSH key pair is created on your own laptop, you need to adapt provisoning files with your own credentials.
-
Update
ssh_keys
property ofjenkins-masters/jenkins-masters.tf
,environments/environments.tf
andsonarqube/sonarqube.tf
Terraform provisioning files with the fingerprint of the dedicated SSH public key (you can easily get it from DigitalOcean settings)
Inside each directory (jenkins-masters
, sonarqube
, environments
), you can access some kind of provisioning commands.
$> make plan n=X
$> make provision n=X
This action will create (or update) X new machines on DigitalOcean cloud accordingly to the configuration specified into jenkins-masters/jenkins-masters.tf
, environments/environments.tf
or sonarqube/sonarqube.tf
files.
Then, a provisioning with Ansible playbooks (see *.yml
files inside each directory) is triggered on all created/updates machines with a dynamic inventory of Ansible.
Caution
|
this action is strictly idempotent. It means that if you start with "make provision n=5" and then execute "make provision n=4", the fifth machine will be directly deleted by terraform !! To be sure, first run "make plan n = X" and read carefully what are Terraform’s plans before a "make provision" action. |
By default, Jenkins master are provisioned with :
-
login = jenkins-${counter}
-
password = ${digitalocean_droplet_id}
$> make infos
$> make logs jenkins-2
$> make go jenkins-10
Jenkins DigitalOcean Plugin needs to have your "ssh_key_id" number during provisioning (see jenkins-masters/jenkins-provisioning.yml#14). This is a DigitalOcean specific number and it’s completely dependant of your DigitalOcean settings. To retrieve this number, the only way I found is to configure manually the plugin the first time, retrieve the config.xml of Jenkins and get this number from the file.
Caution
|
DigitalOcean sets a limit of number of Droplets. You need to increase both on DigitalOcean side (a dedicated form is available on DigitalOcean website) and on the file jenkins-masters/jenkins-provisioning.yml depending on the number of attendees.
|
Caution
|
Since all Jenkins instances share the same DigitalOcean API key, you are limited by DigitalOcean API Rate Limit. |
Caution
|
the instanceCap property specified inside the Jenkins DigitalOcean plugin configuration is global to all attendees (since it’s the same API key for each attendee).
|
There are some "code duplication" and limitations that could be improved here.
-
We could have a "meta" Makefile on the root and add a kind of
action
targeting a specific directory. For example :make jenkins provision n=2
-
The script
terraform-inventory.py
used to create a dynamic inventory of Ansible and Terraform is currently duplicated on each subdirectory -
The SSH key pair informations specified could be specified more dynamically using Terraform variables.
-
The
digitalocean.tf
file is also duplicated on each subdirectory
Yeah, it’s a little dirty, but those scripts have been evolved/improved in hurry ! And PRs are always welcome :-)