├── Jenkinsfile
├── README.md
├── build.sh
└── security-group.tf


/Jenkinsfile:
--------------------------------------------------------------------------------
 1 | pipeline {   
 2 |   agent {
 3 |     node {
 4 |       label 'master'
 5 |     }  
 6 |   }
 7 |   stages {
 8 |     stage('checkout') {
 9 |       steps {
10 |         checkout scm
11 |         sh 'docker pull hashicorp/terraform:light'
12 |       }
13 |     }
14 |     stage('init') {
15 |       steps {
16 |         sh 'docker run -w /app -v /root/.aws:/root/.aws -v `pwd`:/app hashicorp/terraform:light init'
17 |       }
18 |     }
19 |     stage('plan') {
20 |       steps {
21 |         sh 'docker run -w /app -v /root/.aws:/root/.aws -v `pwd`:/app hashicorp/terraform:light plan'
22 |       }
23 |     }
24 |     stage('approval') {
25 |       options {
26 |         timeout(time: 1, unit: 'HOURS') 
27 |       }
28 |       steps {
29 |         input 'approve the plan to proceed and apply'
30 |       }
31 |     }
32 |     stage('apply') {
33 |       steps {
34 |         sh 'docker run -w /app -v /root/.aws:/root/.aws -v `pwd`:/app hashicorp/terraform:light apply -auto-approve'
35 |         cleanWs()
36 |       }
37 |     }
38 |   }
39 | }
40 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## Create a Jenkins Pipeline to Deploy a terraform Stack ##
 2 | 
 3 | ### Setup ###
 4 | 
 5 | This is a lab to demonstrate using a Jenkinfile pipeline which will use docker and terraform to create resources in AWS
 6 | 
 7 | The ```build.sh``` file can be used to install Jenkins running on Centos7.
 8 | 
 9 | Docker is installed as the Jenkinsfile pipeline will run terraform in a Docker container
10 | 
11 | The Jenkins URL is http://127.0.0.1:8080
12 | 
13 | To get the Jenkins initial admin password, run this command:
14 | 
15 | ```cat /var/lib/jenkins/secrets/initialAdminPassword```
16 | 
17 | After initializing Jenkins; install the recommended plugs and (optionally) the Blue Ocean plugin https://plugins.jenkins.io/blueocean
18 | 
19 | ### Docker ###
20 | 
21 | IAM user AWS credentials should be saved on the host instance at `/root/.aws/` - these are mapped to and used by the Docker container when running the pipeline. Ensure the permissons for the IAM user are sufficient to complete all tasks/create all resources required by the pipeline
22 | 
23 | More information is available here: https://hub.docker.com/r/hashicorp/terraform
24 | 
25 | ### Pipeline ###
26 | 
27 | Create a pipeline job, then within the **Pipeline** configuration set the definition to `Pipeline script from SCM`. Add your repository URL, the `Script Path` will automatically be set to Jenkinsfile.
28 | 
29 | In this example, the Jenkinsfile pipeline will create a security group in the default VPC in eu-west-2
30 | 


--------------------------------------------------------------------------------
/build.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | yum -y update
 3 | 
 4 | # install docker
 5 | yum -y install yum-utils device-mapper-persistent-data lvm2 epel-release
 6 | yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
 7 | yum -y install docker-ce
 8 | systemctl start docker
 9 | systemctl enable docker
10 | 
11 | # install git
12 | yum -y install git
13 | 
14 | # install jenkins
15 | yum -y install java-1.8.0-openjdk.x86_64 wget
16 | cp /etc/profile /etc/profile_backup
17 | echo 'export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk' | sudo tee -a /etc/profile
18 | echo 'export JRE_HOME=/usr/lib/jvm/jre' | sudo tee -a /etc/profilesource /etc/profile
19 | wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat/jenkins.repo
20 | rpm --import https://pkg.jenkins.io/redhat/jenkins.io.key
21 | yum -y install jenkins
22 | systemctl start jenkins.service
23 | systemctl enable jenkins.service
24 | usermod -a -G docker jenkins
25 | systemctl start firewalld
26 | systemctl enable firewalld
27 | firewall-cmd --zone=public --permanent --add-port=8080/tcp
28 | firewall-cmd --reload
29 | 
30 | # install aws cli
31 | yum -y install python-pip
32 | pip install --upgrade pip
33 | pip install awscli --upgrade --user
34 | echo "PATH=~/.local/bin:$PATH" >> ~/.bash_profile
35 | 
36 | # reboot
37 | systemctl reboot


--------------------------------------------------------------------------------
/security-group.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |   region = "eu-west-2"
3 | }
4 | 
5 | resource "aws_security_group" "jenkins-pipeline" {
6 |   name        = "jenkins-pipeline"
7 |   description = "built-by-jenkins-pipeline"
8 | }
9 | 


--------------------------------------------------------------------------------