vim terraform/platform/jenkins/_module/jenkins/efs.tf
# Security Group for EFS## Should allow Jenkins Instance ONLY!!!resource"aws_security_group""efs"{name="${var.service_name}-efs-${var.vpc_name}"description="${var.service_name} efs sg for ${var.vpc_name}"vpc_id=var.target_vpcingress{from_port=2049# for NFSto_port=2049protocol="tcp"security_groups= [# EC2 Instance Security Groupaws_security_group.ec2.id, ] }tags={Name="${var.service_name}-efs-${var.vpc_name}" }}resource"aws_efs_file_system""file_system"{tags={Name="${var.service_name}-efs-${var.vpc_name}" }#You can control this value through variableprovisioned_throughput_in_mibps=var.efs_provisioned_throughput_in_mibps#You can control this mode through variablethroughput_mode=var.efs_throughput_mode}resource"aws_efs_mount_target""mount_target"{# If you do not have NAT gateway or NAT instance in private subnets,# You should deploy jenkins to public subnet!count=length(var.private_subnets)#count = length(var.public_subnets)file_system_id=aws_efs_file_system.file_system.idsubnet_id=element(var.private_subnets,count.index)#subnet_id = element(var.public_subnets, count.index)security_groups= [aws_security_group.efs.id, ]}
User data 정의
Userdata에 efs 도메인 이름을 참조하기 위해서 테라폼의 template_file을 활용합니다.
먼저 userdata.sh.tpl 을 살펴보겠습니다. Userdata에서 배포에 필요한 기본 패키지를 설치하고, 생성된 EFS를 /var/lib/jenkins 에mount합니다.
vim terraform/platform/jenkins/_module/jenkins/scripts/userdata.sh.tpl
#!/bin/bash -exfunctionwaitForJenkins() {echo"Waiting jenkins to launch on 8080..."while!nc-zlocalhost8080; dosleep0.1# wait for 1/10 of the second before check againdoneecho"Jenkins launched"}functionwaitForPasswordFile() {echo"Waiting jenkins to generate password..."while [ !-f /var/lib/jenkins/secrets/initialAdminPassword ]; dosleep2# wait for 1/10 of the second before check againdoneecho"Password created"}amazon-linux-extrasinstallcorretto8yumupdate-yyuminstall-yjqgitawsclinmap-ncatnfs-commonexport JENKINS_HOME=/var/lib/jenkinsmkdir-p $JENKINS_HOMEmount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport ${efs_dns_name}:/ $JENKINS_HOME
wget-O/etc/yum.repos.d/jenkins.repohttp://pkg.jenkins-ci.org/redhat-stable/jenkins.reporpm--importhttps://jenkins-ci.org/redhat/jenkins-ci.org.keyyuminstall-yjenkinssed -i 's/Djava.awt.headless=true/Djava.awt.headless=true -Xmx2G -Xms2G -Dorg.apache.commons.jelly.tags.fmt.timeZone=Asia\/Seoul/g' /etc/sysconfig/jenkins
servicejenkinsstart
위에서 정의한 user_data 파일은 template_file 형태로 참조합니다. 변수로는 EFS dns_name을 넘겨줍니다.
vim terraform/platform/jenkins/_module/jenkins/template.tf
vim terraform/platform/jenkins/dayonep_apnortheast2/services.tf
module"jenkins"{source="../_module/jenkins"service_name="jenkins"service_port=8080healthcheck_port=8080account_id=var.account_id.prodshard_id=data.terraform_remote_state.vpc.outputs.shard_idpublic_subnets=data.terraform_remote_state.vpc.outputs.public_subnetsprivate_subnets=data.terraform_remote_state.vpc.outputs.private_subnetsaws_region=data.terraform_remote_state.vpc.outputs.aws_regiontarget_vpc=data.terraform_remote_state.vpc.outputs.vpc_idvpc_name=data.terraform_remote_state.vpc.outputs.vpc_namevpc_cidr_numeral=data.terraform_remote_state.vpc.outputs.cidr_numeralroute53_internal_domain=data.terraform_remote_state.vpc.outputs.route53_internal_domainroute53_internal_zone_id=data.terraform_remote_state.vpc.outputs.route53_internal_zone_idbilling_tag=data.terraform_remote_state.vpc.outputs.billing_tagnewrelic_monitor="false"ssh_key_name="dayone-prod-master"instance_ami=var.jenkins_master_amitag_first_owner=var.tag_first_ownertag_second_owner=var.tag_second_ownertag_project=var.tag_projectefs_provisioned_throughput_in_mibps=0#KMS Key for deploymentdeployment_common_arn=data.terraform_remote_state.kms.outputs.aws_kms_key_prod_apne2_deployment_common_arn# Instance Count Variablesinstance_count_max=1instance_count_min=1instance_count_desired=1# Route53 variablesacm_external_ssl_certificate_arn=var.r53_variables.prod.star_dayonedevops_com_acm_arn_apnortheast2route53_external_zone_id=var.r53_variables.prod.dayonedevops_com_zone_iddomain_name="jenkins"# Resource LoadBalancer variableslb_variables=var.lb_variables# Security Group variablessg_variables=var.sg_variables# Home Security Group via remote_statehome_sg=data.terraform_remote_state.vpc.outputs.aws_security_group_home_id#github_hook_sg = data.terraform_remote_state.vpc.outputs.aws_security_group_github_hook_idgithub_hook_sg=""# CIDR for external LB# Control allowed IP for external LB ext_lb_ingress_cidrs= ["0.0.0.0/0" ]}
배포 후 세팅
Jenkins를 배포하고 나면 Route53 URL을 통해서 Jenkins에 접속하실 수 있습니다.
홈페이지에 접속하시면 아래와 같이 init password를 입력하라고 나옵니다.
배포된 인스턴스에 접속하셔서 웹페이지에 적힌 path 파일에서 패스워드를 얻으신 후에 붙여넣으시면 됩니다.
Instance 접속은 bastion host -> instance로 하셔도 되고, aws sessions manager를 통해서 접속하실 수도 있습니다.