Last active
June 29, 2016 18:59
-
-
Save kerryhatcher/8e99fa7d7467476d188d7c9842f55dcc to your computer and use it in GitHub Desktop.
Install jenkins2 on a RHEL box
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| #curl --silent --location https://gist.githubusercontent.com/kerryhatcher/8e99fa7d7467476d188d7c9842f55dcc/raw/55e3ab823152e75fffd1ef1f5faf3c8e90efe5ca/jenkins2.sh | bash - | |
| mkfs -t ext4 /dev/xvdb | |
| ssh-keygen -t rsa -b 4096 -C "jenkins@jenkins.kerryhatcher.com" -N "" -f ~/.ssh/id_rsa | |
| yum update -y | |
| yum install java vim wget curl git -y | |
| #wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat-stable/jenkins.repo | |
| wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo | |
| rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key | |
| #mkdir /var/lib/jenkins | |
| #chown jenkins:jenkins /var/lib/jenkins | |
| #mount /dev/xvdb /var/lib/jenkins | |
| #echo "/dev/xvdb /var/lib/jenkins ext4 defaults,nofail 0 2" >> /etc/fstab | |
| yum install jenkins -y | |
| sudo cp -R ~/.ssh /var/lib/jenkins/.ssh | |
| chown jenkins:jenkins /var/lib/jenkins/.ssh -R | |
| curl --silent --location https://setup.ius.io/ | bash - | |
| curl --silent --location https://rpm.nodesource.com/setup_4.x | bash - | |
| yum groupinstall 'Development Tools' -y | |
| yum install nodejs nginx git bc -y | |
| git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt | |
| systemctl start jenkins.service | |
| systemctl enable jenkins.service | |
| systemctl status jenkins.service | |
| systemctl start nginx.service | |
| systemctl enable nginx.service | |
| systemctl status nginx.service | |
| openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 | |
| #install letsencrypt and depenenceies | |
| /opt/letsencrypt/letsencrypt-auto | |
| #replace domain with acutal domain. Note AWS DNS name are not allowed. | |
| #this is interactive, need to automate this to accept the TOS and notice email | |
| #/opt/letsencrypt/letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html --domain=jenkins.kerryhatcher.com --email="kwhatcher@gmail.com" --agree-tos | |
| #setup ssl config for nginx here. How do we automate this? | |
| #once ssl config is in place need to forward requests to ssl | |
| #echo 'return 301 https://$host$request_uri;' > /etc/nginx/default.d/ssl-redirect.conf | |
| #setup cron to renew certs: 30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew --post-hook='systemctl reload nginx' >> /var/log/le-renew.log | |
| # enable nginx SElinux policy | |
| # need to make a couple of requests first | |
| cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx | |
| semodule -i mynginx.pp | |
| systemctl reload jenkins.service | |
| systemctl reload nginx.service |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment