Merge pull request #1 from jenkins-infra/terraform-003
Merge support for provisioning Azure resources via Terraform
This commit is contained in:
R. Tyler Croy
GitHub
commit
29eb911716
|
|
@ -3,3 +3,5 @@
|
|||
*.tfstate.backup
|
||||
*.html
|
||||
.ruby-*
|
||||
*.sw*
|
||||
.*.json
|
||||
|
|
|
|||
|
|
@ -0,0 +1,97 @@
|
|||
= Azure tooling setup
|
||||
|
||||
This document is meant to outline how you can set up your local environment for
|
||||
hacking on the Azure tooling for the Jenkins project infrastructure.
|
||||
|
||||
|
||||
All examples below for setting up Azure resources are done with the
|
||||
link:https://github.com/azure/azure-cli[azure-cli].
|
||||
|
||||
|
||||
== Setting up Terraform
|
||||
|
||||
link:http://terraform.io[Terraform]
|
||||
can be used via the
|
||||
link:https://www.terraform.io/docs/providers/azurerm/index.html[AzureRM provider]
|
||||
which comes built in with recent versions of Terraform.
|
||||
|
||||
In order to authenticate against Azure, you must create some Azure Active
|
||||
Directory and other related authentication and authorization objects.
|
||||
|
||||
|
||||
*Generate an authentication token*
|
||||
|
||||
[source]
|
||||
----
|
||||
openssl rand -base64 24
|
||||
----
|
||||
|
||||
This will be needed later, so don't lose it!
|
||||
|
||||
|
||||
*Creating an OAuth Application*
|
||||
|
||||
[source]
|
||||
----
|
||||
az ad app create --display-name jenkins-terraform \
|
||||
--homepage http://example.com/jenkins-terraform \
|
||||
--identifier-uris http://example.com/jenkins-terraform \
|
||||
--password $GENERATED_TOKEN
|
||||
----
|
||||
|
||||
|
||||
We can then retrieve the Application's ID via:
|
||||
|
||||
[source]
|
||||
----
|
||||
az ad app list -o tsv --query "[?displayName=='jenkins-terraform'].appId"`
|
||||
----
|
||||
|
||||
|
||||
Since permissions cannot be directly granted to an application, we must create a
|
||||
Service Principle associated with the application and grant permissions to that.
|
||||
|
||||
*Creating a Service Principle*
|
||||
|
||||
[source]
|
||||
----
|
||||
az ad sp create --id $(az ad app list -o tsv --query "[?displayName=='jenkins-terraform'].appId"`)
|
||||
----
|
||||
|
||||
|
||||
Once a Service Principle exists, we can grant the permissions on it:
|
||||
|
||||
|
||||
[source]
|
||||
----
|
||||
az role assignment create --assignee http://example.com/jenkins-terraform \
|
||||
--role Owner \
|
||||
--scope /subscriptions/be53081d-a3a2-499c-b355-8f5c3d4126e5
|
||||
----
|
||||
|
||||
|
||||
|
||||
=== Creating the variables file
|
||||
|
||||
|
||||
Create `.azure-terraform.json` in the root directory of this repository
|
||||
containing:
|
||||
|
||||
[source, json]
|
||||
----
|
||||
{
|
||||
"prefix" : "yourusername",
|
||||
"subscription_id" : "",
|
||||
"client_id" : "",
|
||||
"client_secret" : "",
|
||||
"tenant_id" : ""
|
||||
}
|
||||
----
|
||||
|
||||
Where (assuming your subscription is named "Pay-As-You-Go"):
|
||||
|
||||
* `prefix` is your username, or some unique token to avoid namespace collisions in Azure
|
||||
* `subscription_id` is the output of: `az account list -o tsv --query "[?name=='Pay-As-You-Go'].id"`
|
||||
* `client_id` is the output of: `az ad app list -o tsv --query "[?displayName=='jenkins-terraform'].appId"`
|
||||
* `client_secret` is the `$GENERATED_TOKEN` you created with `openssl` previously
|
||||
* `tenant_id` is the output of: `az account list -o tsv --query "[?name=='Pay-As-You-Go'].tenantId"`
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
|
||||
|
||||
terraform:
|
||||
$(MAKE) -C plans
|
||||
|
||||
deploy: terraform
|
||||
$(MAKE) -C plans apply
|
||||
|
||||
.PHONY: terraform deploy
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
|
||||
VARFILE=../.azure-terraform.json
|
||||
TERRAFORM=terraform
|
||||
|
||||
|
||||
plan: validate
|
||||
$(TERRAFORM) plan --var-file=$(VARFILE) .
|
||||
|
||||
validate:
|
||||
$(TERRAFORM) validate *.tf
|
||||
|
||||
apply: validate
|
||||
$(TERRAFORM) apply --var-file=$(VARFILE) .
|
||||
|
||||
|
||||
.PHONY: validate plan apply
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
# Configure the terraform provider for the infrastructure
|
||||
|
||||
provider "azurerm" {
|
||||
subscription_id = "${var.subscription_id}"
|
||||
client_id = "${var.client_id}"
|
||||
client_secret = "${var.client_secret}"
|
||||
tenant_id = "${var.tenant_id}"
|
||||
}
|
||||
|
|
@ -0,0 +1,197 @@
|
|||
#
|
||||
# This terraform plan defines the resources necessary to host the Jenkins
|
||||
# project's core releases via Azure Blob Storage
|
||||
#
|
||||
# These resources were originally created manually via the Azure Portal, but
|
||||
# this plan represents the enforcement of those resources.
|
||||
|
||||
resource "azurerm_resource_group" "releases" {
|
||||
name = "${var.prefix}jenkinsinfra-releases"
|
||||
location = "East US 2"
|
||||
}
|
||||
|
||||
resource "azurerm_storage_account" "releases" {
|
||||
name = "${var.prefix}jenkinsreleases"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
location = "East US 2"
|
||||
account_type = "Standard_GRS"
|
||||
}
|
||||
|
||||
|
||||
##
|
||||
## Defining containers for the various types of Jenkisn releases. This could
|
||||
## probably be "looped" in some form or fashion using Terraform, but there are few
|
||||
## enough resources which need to be defined that it would be more difficult to
|
||||
## maintain and read if it were made more complex than the copy-pasta below.
|
||||
##
|
||||
|
||||
# Containers for the .war file releases:
|
||||
########################################
|
||||
resource "azurerm_storage_container" "war" {
|
||||
name = "war"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "war-stable" {
|
||||
name = "war-stable"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "war-stable-rc" {
|
||||
name = "war-stable-rc"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "war-rc" {
|
||||
name = "war-rc"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
########################################
|
||||
|
||||
# Containers for Red Hat rpm releases:
|
||||
######################################
|
||||
resource "azurerm_storage_container" "redhat" {
|
||||
name = "redhat"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "redhat-stable" {
|
||||
name = "redhat-stable"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "redhat-stable-rc" {
|
||||
name = "redhat-stable-rc"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "redhat-rc" {
|
||||
name = "redhat-rc"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
######################################
|
||||
|
||||
# Containers for openSUSE rpm releases:
|
||||
#######################################
|
||||
resource "azurerm_storage_container" "opensuse" {
|
||||
name = "opensuse"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "opensuse-stable" {
|
||||
name = "opensuse-stable"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "opensuse-stable-rc" {
|
||||
name = "opensuse-stable-rc"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "opensuse-rc" {
|
||||
name = "opensuse-rc"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
#######################################
|
||||
|
||||
|
||||
# Container for Debian (.dpkg) releases:
|
||||
########################################
|
||||
resource "azurerm_storage_container" "debian" {
|
||||
name = "debian"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "debian-stable" {
|
||||
name = "debian-stable"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "debian-stable-rc" {
|
||||
name = "debian-stable-rc"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "debian-rc" {
|
||||
name = "debian-rc"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
########################################
|
||||
|
||||
|
||||
# Container for Windows (.zip) releases:
|
||||
########################################
|
||||
resource "azurerm_storage_container" "windows" {
|
||||
name = "windows"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "windows-stable" {
|
||||
name = "windows-stable"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "windows-stable-rc" {
|
||||
name = "windows-stable-rc"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "windows-rc" {
|
||||
name = "windows-rc"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
########################################
|
||||
|
||||
|
||||
# Container for Mac OS X (.pkg) releases:
|
||||
#########################################
|
||||
resource "azurerm_storage_container" "osx" {
|
||||
name = "osx"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "osx-stable" {
|
||||
name = "osx-stable"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "osx-stable-rc" {
|
||||
name = "osx-stable-rc"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
resource "azurerm_storage_container" "osx-rc" {
|
||||
name = "osx-rc"
|
||||
resource_group_name = "${azurerm_resource_group.releases.name}"
|
||||
storage_account_name = "${azurerm_storage_account.releases.name}"
|
||||
container_access_type = "container"
|
||||
}
|
||||
#########################################
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
variable "subscription_id" {}
|
||||
variable "client_id" {}
|
||||
variable "client_secret" {}
|
||||
variable "tenant_id" {}
|
||||
variable "prefix" {}
|
||||
Loading…
Reference in New Issue