Skip to content

Instantly share code, notes, and snippets.

@uaarkoti

uaarkoti/ssl-jenkins-setup.md

Last active August 27, 2015 22:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save uaarkoti/b64797f3e936b972370b to your computer and use it in GitHub Desktop.
Save uaarkoti/b64797f3e936b972370b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ssl-jenkins-setup.md

Instructions for setting up End-to-End SSL for managing CloudBees Jenkins Platform

We will be using Vagrant for creating different components

  • HAProxy - Load Balancer
  • CJOC - CloudBees Jenkins Operations Center
  • CJE - CloudBees Jenkins Enterprise
  • Shared Slave - Shared Slave to be used for job execution by CJE

Deployment Architecture

                               +-----+
                               | CJE |
                               +--^--+
                                  |   
                  +-------+       |   
   +----------+   |       +-------+   
+->| HA Proxy +---> CJOC  |           
   +----------+   |       +-------+   
                  +---+---+       |   
                      |           |   
           +--------+ |        +--v--+
           | Shared | |        | CJE |
           | Slaves <-+        +-----+
           +--------+

SSL Traffic

                         /cje-a                +-----+
          +------------------------------------> CJE |
          |                SSL                 +--^--+
          |                                       |   
          |                 +--------+            |   
     +-----+----+    /oc    |        +------------+   
+--->| HA Proxy +---------->|  CJOC  |    SSL         
SSL  +-----+----+    SSL    |        +------------+   
          |                 +--------+            |   
          |                                       |   
          |              /cje-b                +--v--+
          +----------------------------------->| CJE |
                           SSL                 +-----+

Setup Directory structure

cd /tmp
mkdir ssl
cd ssl
mkdir haproxy cjoc cje shared-slave

We will be using Vagrant extensively for setting up individual components described above

Setup HAProxy

cd haproxy

# If trusty64 is not already in your cache, download it
vagant box add ubuntu/trusty64
vagrant init trusty64

A Vagrantfile should be generated Edit the file and make changes to create a private network with an IP we can use to connect to

# Enable private network with an ip 192.168.30.10
sed -i.bak 's/  # config.vm.network "private/  config.vm.network "private/' Vagrantfile
sed -i.bak 's/33.10/30.10/' Vagrantfile

Lets fireup the VM and ssh into it and install HAProxy binaries. Instructions on installing HAProxy 1.5 can be found at http://haproxy.debian.net

vagrant up
vagrant ssh

sudo apt-get -y update

echo deb http://archive.ubuntu.com/ubuntu trusty-backports main universe | \
      sudo tee /etc/apt/sources.list.d/backports.list
sudo apt-get -y update
sudo apt-get -y install haproxy -t trusty-backports

haproxy -v

The above command haproxy -v should produce the following output

vagrant@vagrant-ubuntu-trusty-64:~$ haproxy -v
HA-Proxy version 1.5.4 2014/09/02
Copyright 2000-2014 Willy Tarreau <w@1wt.eu>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment