From ef34e41349bf155995a1ccdc47f305e1642aaf08 Mon Sep 17 00:00:00 2001
From: Edward Viaene <ward.viaene@gmail.com>
Date: Tue, 17 Mar 2020 21:21:40 +0100
Subject: [PATCH] Feature/packer jenkins (#31)

* packer jenkins update
---
 jenkins-packer-demo/backend.tf                |  7 +++
 jenkins-packer-demo/iam.tf                    | 44 +++++++++++++++++++
 jenkins-packer-demo/instance.tf               | 21 ++++++++-
 jenkins-packer-demo/key.tf                    |  2 +-
 jenkins-packer-demo/output.tf                 |  3 ++
 jenkins-packer-demo/s3.tf                     |  8 +++-
 .../scripts/configure-remote-state.sh         | 14 ------
 jenkins-packer-demo/scripts/jenkins-init.sh   | 10 +----
 .../scripts/jenkins-run-terraform.sh          | 10 +++++
 jenkins-packer-demo/vars.tf                   | 17 +++----
 10 files changed, 99 insertions(+), 37 deletions(-)
 create mode 100644 jenkins-packer-demo/backend.tf
 create mode 100644 jenkins-packer-demo/iam.tf
 delete mode 100755 jenkins-packer-demo/scripts/configure-remote-state.sh
 create mode 100755 jenkins-packer-demo/scripts/jenkins-run-terraform.sh

diff --git a/jenkins-packer-demo/backend.tf b/jenkins-packer-demo/backend.tf
new file mode 100644
index 0000000..253e223
--- /dev/null
+++ b/jenkins-packer-demo/backend.tf
@@ -0,0 +1,7 @@
+terraform {
+  backend "s3" {
+    bucket = "terraform-state-xx70dpnh"
+    key    = "terraform.tfstate"
+    region = "eu-west-1"
+  }
+}
diff --git a/jenkins-packer-demo/iam.tf b/jenkins-packer-demo/iam.tf
new file mode 100644
index 0000000..5314e33
--- /dev/null
+++ b/jenkins-packer-demo/iam.tf
@@ -0,0 +1,44 @@
+resource "aws_iam_role" "jenkins-role" {
+  name               = "jenkins-role"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+
+}
+
+resource "aws_iam_instance_profile" "jenkins-role" {
+  name = "jenkins-role"
+  role = aws_iam_role.jenkins-role.name
+}
+
+resource "aws_iam_role_policy" "admin-policy" {
+  name = "jenkins-admin-role-policy"
+  role = aws_iam_role.jenkins-role.id
+
+  policy = <<-EOF
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Action": [
+          "*"
+        ],
+        "Effect": "Allow",
+        "Resource": "*"
+      }
+    ]
+  }
+  EOF
+}
diff --git a/jenkins-packer-demo/instance.tf b/jenkins-packer-demo/instance.tf
index acba254..e7bbeb2 100644
--- a/jenkins-packer-demo/instance.tf
+++ b/jenkins-packer-demo/instance.tf
@@ -1,5 +1,21 @@
+data "aws_ami" "ubuntu" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  owners = ["099720109477"] # Canonical
+}
+
 resource "aws_instance" "jenkins-instance" {
-  ami           = var.AMIS[var.AWS_REGION]
+  ami           = data.aws_ami.ubuntu.id
   instance_type = "t2.small"
 
   # the VPC subnet
@@ -13,6 +29,9 @@ resource "aws_instance" "jenkins-instance" {
 
   # user data
   user_data = data.template_cloudinit_config.cloudinit-jenkins.rendered
+
+  # iam instance profile
+  iam_instance_profile = aws_iam_instance_profile.jenkins-role.name
 }
 
 resource "aws_ebs_volume" "jenkins-data" {
diff --git a/jenkins-packer-demo/key.tf b/jenkins-packer-demo/key.tf
index b41e059..991a4c0 100644
--- a/jenkins-packer-demo/key.tf
+++ b/jenkins-packer-demo/key.tf
@@ -1,6 +1,6 @@
 resource "aws_key_pair" "mykeypair" {
   key_name   = "mykeypair"
-  public_key = file(var.PATH_TO_PUBLIC_KEY)
+  public_key = fileexists(var.PATH_TO_PUBLIC_KEY) ? file(var.PATH_TO_PUBLIC_KEY) : var.DUMMY_SSH_PUB_KEY
   lifecycle {
     ignore_changes = [public_key]
   }
diff --git a/jenkins-packer-demo/output.tf b/jenkins-packer-demo/output.tf
index d5b4674..44cc9ce 100644
--- a/jenkins-packer-demo/output.tf
+++ b/jenkins-packer-demo/output.tf
@@ -6,3 +6,6 @@ output "app-ip" {
   value = [aws_instance.app-instance.*.public_ip]
 }
 
+output "s3-bucket" {
+  value = aws_s3_bucket.terraform-state.bucket
+}
diff --git a/jenkins-packer-demo/s3.tf b/jenkins-packer-demo/s3.tf
index 1696736..ad57a5c 100644
--- a/jenkins-packer-demo/s3.tf
+++ b/jenkins-packer-demo/s3.tf
@@ -1,5 +1,5 @@
 resource "aws_s3_bucket" "terraform-state" {
-  bucket = "terraform-state-a2b621f"
+  bucket = "terraform-state-${random_string.random.result}"
   acl    = "private"
 
   tags = {
@@ -7,3 +7,9 @@ resource "aws_s3_bucket" "terraform-state" {
   }
 }
 
+resource "random_string" "random" {
+  length  = 8
+  special = false
+  upper   = false
+}
+
diff --git a/jenkins-packer-demo/scripts/configure-remote-state.sh b/jenkins-packer-demo/scripts/configure-remote-state.sh
deleted file mode 100755
index 041f70e..0000000
--- a/jenkins-packer-demo/scripts/configure-remote-state.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-
-echo "Newer terraform versions have a new way of defining a backend. Copy paste the following code in a backend.tf file, modify the region/s3 bucket, and execute 'terraform init' to initialize the backend. You'll be asked to copy the data from the local backend to the s3 backend, which you can answer yes.
-"
-echo 'backend.tf
-==========
-terraform {
-  backend "s3" {
-    bucket = "terraform-state-a3c731f"
-    key    = "terraform.tfstate"
-    region = "eu-west-1"
-  }
-}
-'
diff --git a/jenkins-packer-demo/scripts/jenkins-init.sh b/jenkins-packer-demo/scripts/jenkins-init.sh
index ecec1fe..6f83b86 100644
--- a/jenkins-packer-demo/scripts/jenkins-init.sh
+++ b/jenkins-packer-demo/scripts/jenkins-init.sh
@@ -30,18 +30,10 @@ echo "deb http://pkg.jenkins.io/debian-stable binary/" >> /etc/apt/sources.list
 apt-get update
 
 # install dependencies
-apt-get install -y python3 openjdk-8-jre
-update-java-alternatives --set java-1.8.0-openjdk-amd64
+apt-get install -y python3 openjdk-11-jdk awscli
 # install jenkins
 apt-get install -y jenkins=${JENKINS_VERSION} unzip
 
-# install pip
-wget -q https://bootstrap.pypa.io/get-pip.py
-python3 get-pip.py
-rm -f get-pip.py
-# install awscli
-pip install awscli
-
 # install terraform
 wget -q https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
 && unzip -o terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin \
diff --git a/jenkins-packer-demo/scripts/jenkins-run-terraform.sh b/jenkins-packer-demo/scripts/jenkins-run-terraform.sh
new file mode 100755
index 0000000..24f8e29
--- /dev/null
+++ b/jenkins-packer-demo/scripts/jenkins-run-terraform.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -ex
+AWS_REGION="eu-west-1"
+cd jenkins-packer-demo
+S3_BUCKET=`aws s3 ls --region $AWS_REGION |grep terraform-state |tail -n1 |cut -d ' ' -f3`
+sed -i 's/terraform-state-xx70dpnh/'${S3_BUCKET}'/' backend.tf
+sed -i 's/#//g' backend.tf
+aws s3 cp s3://${S3_BUCKET}/amivar.tf amivar.tf --region $AWS_REGION
+terraform init
+terraform apply -auto-approve -var APP_INSTANCE_COUNT=1 -target aws_instance.app-instance
diff --git a/jenkins-packer-demo/vars.tf b/jenkins-packer-demo/vars.tf
index ee527d4..9fd26c3 100644
--- a/jenkins-packer-demo/vars.tf
+++ b/jenkins-packer-demo/vars.tf
@@ -10,28 +10,23 @@ variable "PATH_TO_PUBLIC_KEY" {
   default = "mykey.pub"
 }
 
-variable "AMIS" {
-  type = map(string)
-  default = {
-    us-east-1 = "ami-13be557e"
-    us-west-2 = "ami-06b94666"
-    eu-west-1 = "ami-0f630a3f40b1eb0b8"
-  }
-}
-
 variable "INSTANCE_DEVICE_NAME" {
   default = "/dev/xvdh"
 }
 
 variable "JENKINS_VERSION" {
-  default = "2.204.1"
+  default = "2.204.5"
 }
 
 variable "TERRAFORM_VERSION" {
-  default = "0.12.18"
+  default = "0.12.23"
 }
 
 variable "APP_INSTANCE_COUNT" {
   default = "0"
 }
 
+variable "DUMMY_SSH_PUB_KEY" {
+  description = "public ssh key to put in place if there's no public key defined - to avoid errors in jenkins if it doesn't have a public key"
+  default     = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCySrVgnlDjgO1O0xNj7KLQ8aFh6y3DMEoqpSgvk8pMaG4hqJmYOGLcYr9SNbRThqnalweFfzDQIbNGK6PQcEWKYfxUwogjsn65OOUHdD91MtqiNg5MW3bFk2wlpXs5T83ASqnafmcSbsU3AWFoTpS+4xFYbRUTQVwos85nkuxpVohIwfkGqyZXyPjVZku1OvXLTxI+AjPqPpFTlzTtGT7swklNTd76QSiQU7o4206/93JZKivedqrZAhgstG5jm8EwDeSbJzkm9W22hKT5Or7viyFasQruqYZ12FlzURVw5IvyqmNxr2ncEgSXFCcIFYOaxuQNbW0SeSg++dn0Cezl root@ubuntu-xenial"
+}