feat: 젠킨스 관련 리소스 추가

Ansible/cicd.yaml

@@ -0,0 +1,137 @@
+---
+- name: Setup CI/CD Environment
+#  hosts: all
+# all 로 하면 모든 호스트에 저장
+  hosts: jenkins
+  become: yes
+  vars:
+    jenkins_version: "{{ tool_versions.jenkins }}"
+    java_version: "{{ tool_versions.java }}"
+    docker_version: "{{ tool_versions.docker }}"
+    kubectl_version: "{{ tool_versions.kubectl }}"
+    argocd_version: "{{ tool_versions.argocd }}"
+
+  tasks:
+    # 시스템 업데이트 및 기본 도구 설치
+    - name: Update system packages
+      dnf:
+        name: '*'
+        state: latest
+        update_only: yes
+
+    - name: Install basic tools
+      dnf:
+        name:
+          - git
+          - wget
+          - jq
+          - unzip
+        state: present
+
+    # Docker 설치 및 설정
+    - name: Install Docker
+      dnf:
+        name: docker
+        state: present
+
+    - name: Start and enable Docker service
+      systemd:
+        name: docker
+        state: started
+        enabled: yes
+
+    - name: Add ec2-user to docker group
+      user:
+        name: ec2-user
+        groups: docker
+        append: yes
+
+    # Java 설치 (Amazon Corretto)
+    - name: Install Amazon Corretto Java
+      dnf:
+        name: "java-{{ java_version }}-amazon-corretto"
+        state: present
+
+    # Jenkins 설치 및 설정
+    - name: Add Jenkins repository
+      get_url:
+        url: https://pkg.jenkins.io/redhat-stable/jenkins.repo
+        dest: /etc/yum.repos.d/jenkins.repo
+
+    - name: Import Jenkins key
+      rpm_key:
+        key: https://pkg.jenkins.io/redhat-stable/jenkins.io.key
+        state: present
+
+    - name: Install Jenkins
+      dnf:
+        name: jenkins
+        state: present
+
+    - name: Create Jenkins init.groovy.d directory
+      file:
+        path: /var/lib/jenkins/init.groovy.d
+        state: directory
+        owner: jenkins
+        group: jenkins
+
+    # ArgoCD 설치
+    - name: Install kubectl
+      get_url:
+        url: "https://dl.k8s.io/release/v{{ kubectl_version }}/bin/linux/amd64/kubectl"
+        dest: /usr/local/bin/kubectl
+        mode: '0755'
+
+    - name: Install ArgoCD CLI
+      get_url:
+        url: "https://github.com/argoproj/argo-cd/releases/download/{{ argocd_version }}/argocd-linux-amd64"
+        dest: /usr/local/bin/argocd
+        mode: '0755'
+
+    # AWS CLI 설치 (ECR 접근용)
+    - name: Install AWS CLI
+      dnf:
+        name: aws-cli
+        state: present
+
+    # 서비스 시작 및 활성화
+    - name: Start and enable Jenkins
+      systemd:
+        name: jenkins
+        state: started
+        enabled: yes
+
+    # Jenkins 초기 설정을 위한 관리자 비밀번호 저장
+    - name: Get Jenkins initial admin password
+      command: cat /var/lib/jenkins/secrets/initialAdminPassword
+      register: jenkins_password
+      changed_when: false
+
+    - name: Store Jenkins password in SSM Parameter Store
+      aws_ssm_parameter_store:
+        name: /gitfolio/jenkins/admin/password
+        value: "{{ jenkins_password.stdout }}"
+        string_type: SecureString
+        region: ap-northeast-2
+
+    # 보안 설정
+    - name: Configure Jenkins security settings
+      template:
+        src: templates/jenkins/security.groovy.j2
+        dest: /var/lib/jenkins/init.groovy.d/security.groovy
+        owner: jenkins
+        group: jenkins
+        mode: '0644'
+
+    # 방화벽 설정
+    - name: Configure firewall for Jenkins
+      firewalld:
+        port: "{{ jenkins_port }}/tcp"
+        permanent: yes
+        state: enabled
+
+    - name: Configure firewall for ArgoCD
+      firewalld:
+        port: "{{ argocd_port }}/tcp"
+        permanent: yes
+        state: enabled

Ansible/instances.json

@@ -86,5 +86,13 @@
     "Service": "redis",
     "Type": "db",
     "Environment": "shared"
+  },
+  {
+    "Name": "Gitfolio Jenkins",
+    "InstanceId": "i-078d396cb737b751d",
+    "IP": "10.0.107.11",
+    "Service": "jenkins",
+    "Type": "ec2",
+    "Environment": "feature-cicd"
   }
 ]

Terraform/module.tf

@@ -190,4 +190,19 @@ module "gitfolio_ecr" {
   policy_tagStatus   = var.policy_tagStatus
   policy_countType   = var.policy_countType
   policy_countNum    = var.policy_countNum
+}
+
+// cicd shared 에서 상태 참조함
+module "gitfolio_cicd" {
+  source = "./module/node/cicd"
+  count  = terraform.workspace == "feature-cicd" ? 1 : 0
+
+#   vpc_id             = data.terraform_remote_state.shared.outputs.vpc_id
+  security_group_ids = data.terraform_remote_state.shared.outputs.security_group_ids
+  instance_types     = var.instance_types
+  private_subnet_ids = data.terraform_remote_state.shared.outputs.private_subnet_ids
+  instance_indexes   = var.instance_indexes
+  ami_id            = data.terraform_remote_state.shared.outputs.amazon_linux_id  # AMI ID도 shared에서 가져옵니다
+  private_ips       = var.private_ips
+  iam_instance_profile = var.iam_instance_profile
 }

Terraform/module/Route53/resource.tf

@@ -31,6 +31,19 @@ resource "aws_route53_record" "gitfolio_dev" {
   name    = format("dev.%s", substr(var.route53_domain, 2, length(var.route53_domain) - 2))
   type    = "A"
 
+  alias {
+    name                   = substr(var.alb_dns_name, 0, length(var.alb_dns_name))
+    zone_id                = var.alb_zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "jenkins" {
+  count  = terraform.workspace == "feature-cicd" ? 1 : 0
+  zone_id = data.aws_route53_zone.gitfolio.zone_id
+  name    = format("jenkins.%s", substr(var.route53_domain, 2, length(var.route53_domain) - 2))
+  type    = "A"
+
   alias {
     name                   = substr(var.alb_dns_name, 0, length(var.alb_dns_name))
     zone_id                = var.alb_zone_id

Terraform/module/network/resource.tf

@@ -232,6 +232,14 @@ resource "aws_security_group" "discord_bot" {
 resource "aws_security_group" "cicd" {
   name = "cicd_sg"
   vpc_id = aws_vpc.gitfolio.id
+# 젠킨스 사용하려면 8080 열어야함
+  ingress {
+    description = "Kubernetes API"
+    from_port = 8080
+    to_port = 8080
+    protocol = "tcp"
+    cidr_blocks = [var.any_ip]
+  }
 
   tags = {
     Name = "Gitfolio CI/CD security group"

Terraform/module/node/cicd/output.tf

@@ -0,0 +1,4 @@
+output "instance_id" {
+  description = "ID of the instance"
+  value       = aws_instance.jenkins.id
+}

Terraform/module/node/cicd/resource.tf

@@ -4,33 +4,35 @@ resource "aws_instance" "jenkins" {
   subnet_id     = var.private_subnet_ids[var.instance_indexes["jenkins"]]
   vpc_security_group_ids = [var.security_group_ids["base"], var.security_group_ids["cicd"]]
   private_ip = var.private_ips["jenkins"]
-
+  iam_instance_profile   = var.iam_instance_profile
+
   tags = {
     Name        = "Gitfolio Jenkins"
     Environment = terraform.workspace
     Service     = "jenkins"
     Type        = "ec2"
   }
-# 추후 추가 예정
-#   root_block_device {
-#     volume_size = 30  # Jenkins는 빌드 아티팩트를 위한 충분한 공간 필요
-#     volume_type = "gp3"
-#   }
-
-}
-
-resource "aws_instance" "argo" {
-  ami           = var.ami_id
-  instance_type = var.instance_types["medium"]
-  subnet_id     = var.private_subnet_ids[var.instance_indexes["argo"]]
-  vpc_security_group_ids = [var.security_group_ids["cicd"]]
-  private_ip = var.private_ips["argo"]
 
-  tags = {
-    Name        = "Gitfolio ArgoCD"
-    Environment = terraform.workspace
-    Service     = "argocd"
-    Type        = "ec2"
+  root_block_device {
+    volume_size = 30  # Jenkins는 빌드 아티팩트를 위한 충분한 공간 필요
+    volume_type = "gp3"
   }
 
 }
+
+# resource "aws_instance" "argo" {
+#   ami           = var.ami_id
+#   instance_type = var.instance_types["medium"]
+#   subnet_id     = var.private_subnet_ids[var.instance_indexes["argo"]]
+#   vpc_security_group_ids = [var.security_group_ids["cicd"]]
+#   private_ip = var.private_ips["argo"]
+#   iam_instance_profile   = var.iam_instance_profile
+#
+#   tags = {
+#     Name        = "Gitfolio ArgoCD"
+#     Environment = terraform.workspace
+#     Service     = "argocd"
+#     Type        = "ec2"
+#   }
+#
+# }

Terraform/module/node/cicd/variable.tf

@@ -31,4 +31,9 @@ variable "security_group_ids" {
 variable "iam_instance_profile" {
   description = "IAM instance profile"
   type        = string
-}
+}
+
+# variable "vpc_id" {
+#   description = "ID of the VPC"
+#   type        = string
+# }