Project X: Use terraform to configure your jenkins, sonar and nexus servers
By John Roberton
Create a file install_jenkins.sh
#!/bin/bash sudo apt update -y sudo apt install openjdk-11-jdk -y sudo apt install maven -y curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo tee \ /usr/share/keyrings/jenkins-keyring.asc > /dev/null echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \ https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ /etc/apt/sources.list.d/jenkins.list > /dev/null sudo apt-get update -y sudo apt-get install jenkins -y sudo systemctl enable jenkins sudo systemctl start jenkins sudo systemctl status jenkins sudo cat /var/lib/jenkins/secrets/initialAdminPassword ###Create a file jenkins.tf
# configured aws provider with proper credentials terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 4.36.1" } } } provider "aws" { # Configuration options region = "us-east-1" } # create default vpc if one does not exit resource "aws_default_vpc" "default_vpc" { tags = { Name = "default vpc" } } # use data source to get all avalablility zones in region data "aws_availability_zones" "available_zones" {} # create default subnet if one does not exit resource "aws_default_subnet" "default_az1" { availability_zone = data.aws_availability_zones.available_zones.names[0] tags = { Name = "default subnet" } } # create security group for the ec2 instance resource "aws_security_group" "ec2_security_group" { name = "jenkins-sg" description = "allow access on ports 8080 and 22" vpc_id = aws_default_vpc.default_vpc.id # allow access on port 8080 ingress { description = "http proxy access" from_port = 8080 to_port = 8080 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } # allow access on port 22 ingress { description = "ssh access" from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "jenkins server security group" } } # use data source to get a registered amazon linux 2 ami data "aws_ami" "ubuntu" { most_recent = true filter { name = "name" values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] } filter { name = "virtualization-type" values = ["hvm"] } owners = ["099720109477"] } # launch the ec2 instance and install website resource "aws_instance" "ec2_instance" { ami = data.aws_ami.ubuntu.id instance_type = "t2.medium" subnet_id = aws_default_subnet.default_az1.id vpc_security_group_ids = [aws_security_group.ec2_security_group.id] key_name = "Jenkins-Server" user_data = file("install_jenkins.sh") tags = { Name = "jenkins server" } } # an empty resource block resource "null_resource" "name" { # ssh into the ec2 instance connection { type = "ssh" user = "ec2-user" private_key = file("~/Desktop/new-keypair/Jenkins-Server.pem") host = aws_instance.ec2_instance.public_ip } # wait for ec2 to be created depends_on = [aws_instance.ec2_instance] } # print the url of the jenkins server output "website_url" { value = join ("", ["http://", aws_instance.ec2_instance.public_dns, ":", "8080"]) }Create a file install_nexus.sh
#!/bin/bash yum install java-1.8.0-openjdk.x86_64 wget -y mkdir -p /opt/nexus/ mkdir -p /tmp/nexus/ cd /tmp/nexus/ NEXUSURL="https://download.sonatype.com/nexus/3/latest-unix.tar.gz" wget $NEXUSURL -O nexus.tar.gz EXTOUT=`tar xzvf nexus.tar.gz` NEXUSDIR=`echo $EXTOUT | cut -d '/' -f1` rm -rf /tmp/nexus/nexus.tar.gz rsync -avzh /tmp/nexus/ /opt/nexus/ useradd nexus chown -R nexus.nexus /opt/nexus cat <<EOT>> /etc/systemd/system/nexus.service [Unit] Description=nexus service After=network.target [Service] Type=forking LimitNOFILE=65536 ExecStart=/opt/nexus/$NEXUSDIR/bin/nexus start ExecStop=/opt/nexus/$NEXUSDIR/bin/nexus stop User=nexus Restart=on-abort [Install] WantedBy=multi-user.target EOT echo 'run_as_user="nexus"' > /opt/nexus/$NEXUSDIR/bin/nexus.rc systemctl daemon-reload systemctl start nexus systemctl enable nexusCreate a file nexus.tf
# configured aws provider with proper credentials terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 4.36.1" } } } provider "aws" { # Configuration options region = "us-east-1" } # create default vpc if one does not exit resource "aws_default_vpc" "default_vpc" { tags = { Name = "default vpc" } } # use data source to get all avalablility zones in region data "aws_availability_zones" "available_zones" {} # create default subnet if one does not exit resource "aws_default_subnet" "default_az1" { availability_zone = data.aws_availability_zones.available_zones.names[0] tags = { Name = "default subnet" } } # create security group for the ec2 instance resource "aws_security_group" "ec2_security_group" { name = "nexus-sg" description = "allow access on ports 8081 and 22" vpc_id = aws_default_vpc.default_vpc.id # allow access on port 8080 ingress { description = "http proxy access" from_port = 8081 to_port = 8081 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } # allow access on port 22 ingress { description = "ssh access" from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "nexus server security group" } } # use data source to get a registered amazon linux 2 ami data "aws_ami" "CentOS-7" { most_recent = true filter { name = "name" values = ["CentOS-7-2111-20220825_1.x86_64-d9a3032a-921c-4c6d-b150-bde168105e42"] } filter { name = "virtualization-type" values = ["hvm"] } owners = ["679593333241"] } # launch the ec2 instance and install website resource "aws_instance" "ec2_instance" { ami = data.aws_ami.CentOS-7.id instance_type = "t2.medium" subnet_id = aws_default_subnet.default_az1.id vpc_security_group_ids = [aws_security_group.ec2_security_group.id] key_name = "NexusKey" user_data = file("install_nexus.sh") tags = { Name = "nexus server" } } # an empty resource block resource "null_resource" "name" { # ssh into the ec2 instance connection { type = "ssh" user = "ec2-user" private_key = file("~/Desktop/new-keypair/NexusKey.pem") host = aws_instance.ec2_instance.public_ip } # wait for ec2 to be created depends_on = [aws_instance.ec2_instance] } # print the url of the nexus server output "website_url" { value = join ("", ["http://", aws_instance.ec2_instance.public_dns, ":", "8081"]) }Create a file install_sonar.sh
#!/bin/bash cp /etc/sysctl.conf /root/sysctl.conf_backup cat <<EOT> /etc/sysctl.conf vm.max_map_count=262144 fs.file-max=65536 ulimit -n 65536 ulimit -u 4096 EOT cp /etc/security/limits.conf /root/sec_limit.conf_backup cat <<EOT> /etc/security/limits.conf sonarqube - nofile 65536 sonarqube - nproc 409 EOT sudo apt-get update -y sudo apt-get install openjdk-11-jdk -y sudo update-alternatives --config java java -version sudo apt update wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add - sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" >> /etc/apt/sources.list.d/pgdg.list' sudo apt install postgresql postgresql-contrib -y #sudo -u postgres psql -c "SELECT version();" sudo systemctl enable postgresql.service sudo systemctl start postgresql.service sudo echo "postgres:admin123" | chpasswd runuser -l postgres -c "createuser sonar" sudo -i -u postgres psql -c "ALTER USER sonar WITH ENCRYPTED PASSWORD 'admin123';" sudo -i -u postgres psql -c "CREATE DATABASE sonarqube OWNER sonar;" sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE sonarqube to sonar;" systemctl restart postgresql #systemctl status -l postgresql netstat -tulpena | grep postgres sudo mkdir -p /sonarqube/ cd /sonarqube/ sudo curl -O https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.3.0.34182.zip sudo apt-get install zip -y sudo unzip -o sonarqube-8.3.0.34182.zip -d /opt/ sudo mv /opt/sonarqube-8.3.0.34182/ /opt/sonarqube sudo groupadd sonar sudo useradd -c "SonarQube - User" -d /opt/sonarqube/ -g sonar sonar sudo chown sonar:sonar /opt/sonarqube/ -R cp /opt/sonarqube/conf/sonar.properties /root/sonar.properties_backup cat <<EOT> /opt/sonarqube/conf/sonar.properties sonar.jdbc.username=sonar sonar.jdbc.password=admin123 sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube sonar.web.host=0.0.0.0 sonar.web.port=9000 sonar.web.javaAdditionalOpts=-server sonar.search.javaOpts=-Xmx512m -Xms512m -XX:+HeapDumpOnOutOfMemoryError sonar.log.level=INFO sonar.path.logs=logs EOT cat <<EOT> /etc/systemd/system/sonarqube.service [Unit] Description=SonarQube service After=syslog.target network.target [Service] Type=forking ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop User=sonar Group=sonar Restart=always LimitNOFILE=65536 LimitNPROC=4096 [Install] WantedBy=multi-user.target EOT systemctl daemon-reload systemctl enable sonarqube.service #systemctl start sonarqube.service #systemctl status -l sonarqube.service apt-get install nginx -y rm -rf /etc/nginx/sites-enabled/default rm -rf /etc/nginx/sites-available/default cat <<EOT> /etc/nginx/sites-available/sonarqube server{ listen 80; server_name sonarqube.groophy.in; access_log /var/log/nginx/sonar.access.log; error_log /var/log/nginx/sonar.error.log; proxy_buffers 16 64k; proxy_buffer_size 128k; location / { proxy_pass http://127.0.0.1:9000; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto http; } } EOT ln -s /etc/nginx/sites-available/sonarqube /etc/nginx/sites-enabled/sonarqube systemctl enable nginx.service #systemctl restart nginx.service sudo ufw allow 80,9000,9001/tcp echo "System reboot in 30 sec" sleep 30 rebootCreate a file sonar.tf
# configured aws provider with proper credentials terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 4.36.1" } } } provider "aws" { # Configuration options region = "us-east-1" } # create default vpc if one does not exit resource "aws_default_vpc" "default_vpc" { tags = { Name = "default vpc" } } # use data source to get all avalablility zones in region data "aws_availability_zones" "available_zones" {} # create default subnet if one does not exit resource "aws_default_subnet" "default_az1" { availability_zone = data.aws_availability_zones.available_zones.names[0] tags = { Name = "default subnet" } } # create security group for the ec2 instance resource "aws_security_group" "ec2_security_group" { name = "sonar-sg" description = "allow access on ports 8081 and 22" vpc_id = aws_default_vpc.default_vpc.id # allow access on port 8080 ingress { description = "http proxy access" from_port = 9000 to_port = 9000 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } # allow access on port 8080 ingress { description = "http proxy access" from_port = 9001 to_port = 9001 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } # allow access on port 8080 ingress { description = "http proxy access" from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } # allow access on port 22 ingress { description = "ssh access" from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "sonar server security group" } } # use data source to get a registered ubuntu ami data "aws_ami" "ubuntu" { most_recent = true filter { name = "name" values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20220901"] } filter { name = "virtualization-type" values = ["hvm"] } owners = ["099720109477"] } # launch the ec2 instance and install website resource "aws_instance" "ec2_instance" { ami = data.aws_ami.ubuntu.id instance_type = "t2.medium" subnet_id = aws_default_subnet.default_az1.id vpc_security_group_ids = [aws_security_group.ec2_security_group.id] key_name = "SonarKey" user_data = file("install_sonar.sh") tags = { Name = "sonar server" } } # an empty resource block resource "null_resource" "name" { # ssh into the ec2 instance connection { type = "ssh" user = "ec2-user" private_key = file("~/Desktop/new-keypair/SonarKey.pem") host = aws_instance.ec2_instance.public_ip } # wait for ec2 to be created depends_on = [aws_instance.ec2_instance] } # print the url of the sonar server output "website_url" { value = join ("", ["http://", aws_instance.ec2_instance.public_dns, ":", "9000"]) }