Instructions for setting up End-to-End SSL for managing CloudBees Jenkins Platform
We will be using Vagrant for creating different components
- HAProxy - Load Balancer
- CJOC - CloudBees Jenkins Operations Center
- CJE - CloudBees Jenkins Enterprise
- Shared Slave - Shared Slave to be used for job execution by CJE
Deployment Architecture
+-----+
| CJE |
+--^--+
|
+-------+ |
+----------+ | +-------+
+->| HA Proxy +---> CJOC |
+----------+ | +-------+
+---+---+ |
| |
+--------+ | +--v--+
| Shared | | | CJE |
| Slaves <-+ +-----+
+--------+
SSL Traffic
/cje-a +-----+
+------------------------------------> CJE |
| SSL +--^--+
| |
| +--------+ |
+-----+----+ /oc | +------------+
+--->| HA Proxy +---------->| CJOC | SSL
SSL +-----+----+ SSL | +------------+
| +--------+ |
| |
| /cje-b +--v--+
+----------------------------------->| CJE |
SSL +-----+
Setup Directory structure
cd /tmp
mkdir ssl
cd ssl
mkdir haproxy cjoc cje shared-slave
We will be using Vagrant extensively for setting up individual components described above
Setup HAProxy
cd haproxy
# If trusty64 is not already in your cache, download it
vagant box add ubuntu/trusty64
vagrant init trusty64
A Vagrantfile
should be generated
Edit the file and make changes to create a private network with an IP we can use to connect to
# Enable private network with an ip 192.168.30.10
sed -i.bak 's/ # config.vm.network "private/ config.vm.network "private/' Vagrantfile
sed -i.bak 's/33.10/30.10/' Vagrantfile
Lets fireup the VM and ssh into it and install HAProxy binaries. Instructions on installing HAProxy 1.5 can be found at http://haproxy.debian.net
vagrant up
vagrant ssh
sudo apt-get -y update
echo deb http://archive.ubuntu.com/ubuntu trusty-backports main universe | \
sudo tee /etc/apt/sources.list.d/backports.list
sudo apt-get -y update
sudo apt-get -y install haproxy -t trusty-backports
haproxy -v
The above command haproxy -v
should produce the following output
vagrant@vagrant-ubuntu-trusty-64:~$ haproxy -v
HA-Proxy version 1.5.4 2014/09/02
Copyright 2000-2014 Willy Tarreau <w@1wt.eu>