Jenkins Installation and GitHub OAuth Integration using Ansible

In this tutorial, we’ll use Ansible to automate the installation of Jenkins CI on a fresh Ubuntu 14.04 LTS and integrate it with the GitHub OAuth. Ansible will also assign the matrix based permission on the Jenkins like which github user or group(s) have what rights on the Jenkins. Beside that, it will also install the Apache which serves as frontend for all the Jenkins requests.

In short, in this tutorial we’ll do the following tasks using Ansible:

• Install the JAVA 7
• Install the mentioned version of Jenkins(in this case it will be 1.658)
• Install the desired plugins
• Install the Apache and configure it as frontend for Jenkins
• Install the SSL certificate for Apache Virtual Host that act as frontend for Jenkins
• Integrate the Jenkins with GitHub using OAuth for Authenication
• Configure the matrix based security using the github username or group

Without going into the further details let’s start, first we’ll create the GitHub OAuth credential for integration and for this using the below link(just replace your github Organization name):

https://github.com/organizations/YOUR-ORG-NAME/settings/applications

In my case the organization name is “tendo-org“, so the name will be:

https://github.com/organizations/tendo-org/settings/applications

At the top of the page, under Organization applications, click Register new application.

• Under Application name, type the name that you would like to appear
• Under Homepage URL, type the URL of your Jenkins (either http or https)
• Under Authorization callback URL, type the URL of your Jenkins followed by /securityRealm/finishLogin
• Click Register application

Note the “Client ID” and “Client Secret” values that appear (we will need them later). Save in secure place and never share with anyone.

After creating the “Client ID” and “Client Secret” values, download this Repository from the GitHub:

git clone https://github.com/arbabnazar/ansible-jenkins.git
cd ansible-jenkins

Open jenkins/defaults/main.yml and set the values for these variables:

	GITHUB_ORG: "tendo-org"
	GITHUB_CLINT_ID: "7e449bb096825c6b6c19"
	GITHUB_SECRET_ID: "e1e1d4b217a2d39f5bf4c73bec4c0e5b7fa37f01"
	GITHUB_OAUTH_SCOPES: "read:org,user:email"
	JENKINS_ADMIN_GROUP: "{{ GITHUB_ORG }}*admins"
	JENKINS_DEVELOPER_GROUP: "{{ GITHUB_ORG }}*members"

view raw jenkins-defaults.yml hosted with ❤ by GitHub

 

GITHUB_ORG: Name of your GitHub Organization
GITHUB_CLINT_ID: OAuth Client ID that we have created above
GITHUB_SECRET_ID:  OAuth Secret ID that we have created above
GITHUB_OAUTH_SCOPES: Scope of OAuth application
JENKINS_ADMIN_GROUP: GitHub group that can administrate the Jenkins
JENKINS_DEVELOPER_GROUP: GitHub group that is allowed to use this Jenkins(all job or one based on permission)

Then open apache/defaults/main.yml and set the values of these variables:

	ssl_cert_path: "/etc/ssl/cert.pem"
	ssl_key_path: "/etc/ssl/privkey.pem"
	ssl_chain_path: "/etc/ssl/fullchain.pem"
	redirect_port: 8080
	APACHE_SITES:
	- sitename: "jenkins.rbgeek.com"
	servername: "jenkins.rbgeek.com"
	serveradmin: "admin@rbgeek.com"
	listen: "80"
	rewrite: True
	state: link
	- sitename: "jenkins.rbgeek.com-ssl"
	servername: "jenkins.rbgeek.com"
	serveradmin: "admin@rbgeek.com"
	listen: "443"
	ssl: 'ssl'
	state: link

view raw apache-defaults.yml hosted with ❤ by GitHub

Once you are all set with the variables, then run this command:

ansible-playbook -i "jenkins.rbgeek.com," jenkins.yml -u arbabnazar 

Note: Please don’t forget to change arbabnazar with your username and jenkins.rbgeek.com with your hostname

After successful completion of these tasks:

Open your Jenkins url in browser(in my case it is jenkins.rbgeek.com) and click on Log in, it will redirect you to the GitHub:

Enter your github username and password:

It will ask for Authorization:

Once you done, it will take you back to the Jenkins:

 

Enjoy 

Hope this will help you!

Please Remember me in your prayers!

Name(required)

Email(required)

Website

Comment(required)

Submit

Δ