Created
October 20, 2015 17:23
-
-
Save joekiller/644b41e5b7ae5f942edf to your computer and use it in GitHub Desktop.
Jenkins EC2 Centos 6 codepipeline and codecommit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion" : "2010-09-09", | |
"Description" : "Jenkins Stack. Using https://aws.amazon.com/marketplace/ordering/ref=dtl_psb_continue?ie=UTF8&productId=74e73035-3435-48d6-88e0-89cc02ad83ee®ion=us-east-1 for CentOS 6", | |
"Parameters" : { | |
"KeyName": { | |
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance", | |
"Type": "AWS::EC2::KeyPair::KeyName", | |
"ConstraintDescription" : "must be the name of an existing EC2 KeyPair." | |
}, | |
"InstanceType" : { | |
"Description" : "WebServer EC2 instance type", | |
"Type" : "String", | |
"Default" : "t2.micro", | |
"AllowedValues" : [ "t1.micro", "t2.micro", "t2.small", "t2.medium", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "g2.2xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "d2.xlarge", "d2.2xlarge", "d2.4xlarge", "d2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"] | |
, | |
"ConstraintDescription" : "must be a valid EC2 instance type." | |
}, | |
"SSHLocation" : { | |
"Description" : "The IP address range that can be used to SSH to the EC2 instances", | |
"Type": "String", | |
"MinLength": "9", | |
"MaxLength": "18", | |
"Default": "0.0.0.0/0", | |
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." | |
} | |
}, | |
"Mappings" : { | |
"AWSInstanceType2Arch" : { | |
"t1.micro" : { "Arch" : "PV64" }, | |
"t2.micro" : { "Arch" : "HVM64" }, | |
"t2.small" : { "Arch" : "HVM64" }, | |
"t2.medium" : { "Arch" : "HVM64" }, | |
"m1.small" : { "Arch" : "PV64" }, | |
"m1.medium" : { "Arch" : "PV64" }, | |
"m1.large" : { "Arch" : "PV64" }, | |
"m1.xlarge" : { "Arch" : "PV64" }, | |
"m2.xlarge" : { "Arch" : "PV64" }, | |
"m2.2xlarge" : { "Arch" : "PV64" }, | |
"m2.4xlarge" : { "Arch" : "PV64" }, | |
"m3.medium" : { "Arch" : "HVM64" }, | |
"m3.large" : { "Arch" : "HVM64" }, | |
"m3.xlarge" : { "Arch" : "HVM64" }, | |
"m3.2xlarge" : { "Arch" : "HVM64" }, | |
"c1.medium" : { "Arch" : "PV64" }, | |
"c1.xlarge" : { "Arch" : "PV64" }, | |
"c3.large" : { "Arch" : "HVM64" }, | |
"c3.xlarge" : { "Arch" : "HVM64" }, | |
"c3.2xlarge" : { "Arch" : "HVM64" }, | |
"c3.4xlarge" : { "Arch" : "HVM64" }, | |
"c3.8xlarge" : { "Arch" : "HVM64" }, | |
"c4.large" : { "Arch" : "HVM64" }, | |
"c4.xlarge" : { "Arch" : "HVM64" }, | |
"c4.2xlarge" : { "Arch" : "HVM64" }, | |
"c4.4xlarge" : { "Arch" : "HVM64" }, | |
"c4.8xlarge" : { "Arch" : "HVM64" }, | |
"g2.2xlarge" : { "Arch" : "HVMG2" }, | |
"r3.large" : { "Arch" : "HVM64" }, | |
"r3.xlarge" : { "Arch" : "HVM64" }, | |
"r3.2xlarge" : { "Arch" : "HVM64" }, | |
"r3.4xlarge" : { "Arch" : "HVM64" }, | |
"r3.8xlarge" : { "Arch" : "HVM64" }, | |
"i2.xlarge" : { "Arch" : "HVM64" }, | |
"i2.2xlarge" : { "Arch" : "HVM64" }, | |
"i2.4xlarge" : { "Arch" : "HVM64" }, | |
"i2.8xlarge" : { "Arch" : "HVM64" }, | |
"d2.xlarge" : { "Arch" : "HVM64" }, | |
"d2.2xlarge" : { "Arch" : "HVM64" }, | |
"d2.4xlarge" : { "Arch" : "HVM64" }, | |
"d2.8xlarge" : { "Arch" : "HVM64" }, | |
"hi1.4xlarge" : { "Arch" : "HVM64" }, | |
"hs1.8xlarge" : { "Arch" : "HVM64" }, | |
"cr1.8xlarge" : { "Arch" : "HVM64" }, | |
"cc2.8xlarge" : { "Arch" : "HVM64" } | |
}, | |
"CentOS6RegionArch2AMI" : { | |
"us-east-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-57cd8732", "HVMG2" : "NOT_SUPPORTED"}, | |
"us-west-2" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"us-west-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"eu-west-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"eu-central-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"ap-northeast-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"ap-southeast-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"ap-southeast-2" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"sa-east-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"cn-north-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"} | |
}, | |
"WindowsRegionArch2AMI" : { | |
"us-east-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-c9cea0ac", "HVMG2" : "NOT_SUPPORTED"}, | |
"us-west-2" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"us-west-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"eu-west-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"eu-central-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"ap-northeast-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"ap-southeast-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"ap-southeast-2" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"sa-east-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"}, | |
"cn-north-1" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "NOT_SUPPORTED", "HVMG2" : "NOT_SUPPORTED"} | |
} | |
}, | |
"Resources" : { | |
"JenkinsRole": { | |
"Type": "AWS::IAM::Role", | |
"Properties": { | |
"AssumeRolePolicyDocument": { | |
"Version" : "2012-10-17", | |
"Statement": [ { | |
"Effect": "Allow", | |
"Principal": { | |
"Service": [ "ec2.amazonaws.com" ] | |
}, | |
"Action": [ "sts:AssumeRole" ] | |
} ] | |
}, | |
"Path": "/", | |
"Policies": [ | |
{ | |
"PolicyName": "jenkins-codepipeline", | |
"PolicyDocument": { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": [ | |
"codepipeline:AcknowledgeJob", | |
"codepipeline:GetJobDetails", | |
"codepipeline:PollForJobs", | |
"codepipeline:PutJobFailureResult", | |
"codepipeline:PutJobSuccessResult" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
] | |
} | |
},{ | |
"PolicyName": "jenkins-s3-artifact", | |
"PolicyDocument": { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*" | |
}, | |
{ | |
"Action": "s3:*", | |
"Effect": "Allow", | |
"Resource": ["arn:aws:s3:::my-artifact-bucket", "arn:aws:s3:::my-artifact-bucket/*"] | |
} | |
] | |
} | |
} | |
] | |
} | |
}, | |
"JenkinsInstanceProfile": { | |
"Type": "AWS::IAM::InstanceProfile", | |
"Properties": { | |
"Path": "/", | |
"Roles": [ { | |
"Ref": "JenkinsRole" | |
} ] | |
} | |
}, | |
"JenkinsServer": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "Primary Zookeeper Security Group", | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "8080", | |
"ToPort": "8080", | |
"CidrIp": { "Ref": "SSHLocation" } | |
},{ | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"CidrIp": { "Ref": "SSHLocation" } | |
} | |
] | |
} | |
}, | |
"JenkinsGitUser" : { | |
"Type" : "AWS::IAM::User", | |
"Properties" : { | |
"Path" : "/", | |
"Policies" : [ { | |
"PolicyName" : "iampermissions", | |
"PolicyDocument" : { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"iam:*LoginProfile", | |
"iam:*AccessKey*", | |
"iam:*SSHPublicKey*" | |
], | |
"Resource": { "Fn::Join" : ["", ["arn:aws:iam::", {"Ref" : "AWS::AccountId"}, ":user/${aws:username}" ] ] } | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"iam:ListAccount*", | |
"iam:GetAccountSummary", | |
"iam:GetAccountPasswordPolicy", | |
"iam:ListUsers" | |
], | |
"Resource": "*" | |
},{ | |
"Effect" : "Allow", | |
"Action" : [ | |
"codecommit:*" | |
], | |
"Resource" : "*" | |
} | |
] | |
} | |
} ] | |
} | |
}, | |
"JenkinsAccessKey" : { | |
"Type" : "AWS::IAM::AccessKey", | |
"Properties" : { | |
"UserName" : { "Ref" : "JenkinsGitUser" } | |
} | |
}, | |
"JenkinsInstance" : { | |
"Type" : "AWS::EC2::Instance", | |
"Properties" : { | |
"InstanceType" : { "Ref" : "InstanceType" }, | |
"IamInstanceProfile" : { "Ref" : "JenkinsInstanceProfile" }, | |
"SecurityGroups" : [ | |
{ "Ref" : "JenkinsServer" } | |
], | |
"KeyName" : { "Ref" : "KeyName" }, | |
"ImageId" : { "Fn::FindInMap" : [ "CentOS6RegionArch2AMI", { "Ref" : "AWS::Region" }, | |
{ "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] }, | |
"Tags" : [ | |
{ "Key" : "Name", "Value" : "jenkins" } | |
], | |
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ | |
"#!/bin/bash -xe\n", | |
"get_jenkins_jar () { EX=; while [ \"${EX}\" != \"0\" ]; do curl -o /tmp/jenkins-cli.jar http://localhost:8080/jnlpJars/jenkins-cli.jar && EX=$? || EX=$?; if [ \"${EX}\" != \"0\" ]; then sleep 5; fi; done; }\n", | |
"install_plugin () { EX=; while [ \"${EX}\" != \"0\" ]; do java -jar jenkins-cli.jar -s http://localhost:8080/ install-plugin \"$1\" && EX=$? || EX=$?; if [ \"${EX}\" != \"0\" ]; then if [ \"${EX}\" == \"1\" ]; then get_jenkins_jar; fi; sleep 5; fi; done; }\n", | |
"yum install -y git java-1.7.0-openjdk-devel\n", | |
"iptables -I INPUT -p tcp -m tcp --dport 8080 -j ACCEPT\n", | |
"service iptables save\n", | |
"curl -o /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo\n", | |
"rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key\n", | |
"yum -y install jenkins\n", | |
"service jenkins start\n", | |
"get_jenkins_jar\n", | |
"cd /tmp\n", | |
"install_plugin codedeploy\n", | |
"install_plugin s3\n", | |
"install_plugin git\n", | |
"install_plugin job-dsl\n", | |
"install_plugin https://github.com/awslabs/aws-codepipeline-plugin-for-jenkins/raw/master/dist/aws-codepipeline-plugin-for-jenkins.hpi\n", | |
"java -jar /tmp/jenkins-cli.jar -s http://localhost:8080/ safe-restart\n", | |
"runuser -l jenkins -s /bin/bash -c '", | |
"mkdir $HOME/.ssh;", | |
"chmod 700 $HOME/.ssh;", | |
"ssh-keygen -b 2048 -t rsa -f $HOME/.ssh/id_rsa -q -N \"\";", | |
"chmod 600 $HOME/.ssh/id_rsa*", | |
"'\n", | |
"rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm\n", | |
"yum install -y python-pip\n", | |
"pip install --upgrade pip\n", | |
"pip install awscli\n", | |
"GIT_USER=$(runuser -l jenkins -s /bin/bash -c '", | |
"AWS_ACCESS_KEY_ID=", { "Ref" : "JenkinsAccessKey" }, | |
" AWS_SECRET_ACCESS_KEY='", { "Fn::GetAtt" : [ "JenkinsAccessKey", "SecretAccessKey" ] }, "'", | |
" AWS_DEFAULT_REGION=", { "Ref" : "AWS::Region" }, | |
" aws iam upload-ssh-public-key --user-name ", { "Ref" : "JenkinsGitUser" }, " --ssh-public-key-body \"$(cat $HOME/.ssh/id_rsa.pub)\" --output text --query \"SSHPublicKey.SSHPublicKeyId\"')\n", | |
"runuser -l jenkins -s /bin/bash -c '", | |
"cat <<EOF > $HOME/.ssh/config\n", | |
"Host git-codecommit.*.amazonaws.com\n", | |
" User '${GIT_USER}'\n", | |
" IdentityFile ~/.ssh/id_rsa\n", | |
" StrictHostKeyChecking no\n", | |
"EOF\n", | |
"chmod 600 $HOME/.ssh/config", | |
"'\n" | |
]]}} | |
} | |
}, | |
"JenkinsEIP" : { | |
"Type" : "AWS::EC2::EIP", | |
"Properties" : { | |
"InstanceId" : { "Ref" : "JenkinsInstance" } | |
} | |
} | |
}, | |
"Outputs" : { | |
"InstanceId" : { | |
"Description" : "InstanceId of the newly created Jenkins instance", | |
"Value" : { "Ref" : "JenkinsInstance" } | |
}, | |
"PublicDNS" : { | |
"Description" : "Public DNSName of the newly created Jenkins instance", | |
"Value" : { "Fn::GetAtt" : [ "JenkinsInstance", "PublicDnsName" ] } | |
}, | |
"PublicIP" : { | |
"Description" : "Public IP address of the newly created Jenkins instance", | |
"Value" : { "Fn::GetAtt" : [ "JenkinsInstance", "PublicIp" ] } | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
te, nem vagy. jeles!