If you read my previous post: Keep your AWS IaC inline with CloudFormation initial prep for Terraform, Jenkins, and Packer, you were probably expecting a Jenkins build…but I’ve saved it for this post.
But before we get started with the Jenkins build, here’s a quick question to address.
Why are we using Cloudformation and not Packer or Terraform?
Because I want to keep as much Terraform/Packer code off my machine as possible. Imagine that our environment is centered around the publishing/central IT cross-account AWS setup, and any new changes should be pushed through Infrastructure as Code (IaC) stacks and not by admins assuming roles and deploying stuff from their machines.
CFT Instance Resource for Jenkins
Cool! With that being the scenario, let’s include our Jenkins instance AND Security Group resources in the CloudFormation template for IaC prep!
EC2InstanceJenkins: Type: AWS::EC2::Instance Properties: IamInstanceProfile: !Ref "IAMInstanceProfileJenkins" ImageId: "ami-062f7200baf2fa504" KeyName: !Ref "KeyPair" InstanceType: "t2.micro" SecurityGroupIds: - !Fn::GetAtt "SecurityGroupID" SubnetId: !Ref "SubnetID"
A couple things to note here:
- I used a direct reference to the AMI ID, but you can always follow AWS suggestions of always having the latest AMI using SSM Parameters.
- I used parameter references for values. This will change for your acct. Please be sure you include those parameters in the cloudformation.
Now for the fun part (userdata script):
1) Basic Tools and Dependencies
UserData: Fn::Base64: !Sub | #!/bin/bash -xe sudo yum update -y sudo amazon-linux-extras install corretto8 sudo yum install jq unzip git -y
Firstly, we want to be sure all is up to date and that we enable corretto8. Also, we have some of the basic tools (e.g.: unzip, jq, git). Note: currently, v8 of corretto is the only one that works for Jenkins.
2) Jenkins Installation
sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo sudo rpm --import https://pkg.jenkins.io/redhat/jenkins.io.key sudo yum install jenkins -y sudo service jenkins start
3) Install Packer and Terraform
NOTE: Some may prefer to install the plugins through the Jenkins console. This is an excellent solution, but for the purposes of this blog we will stick to the command line.
sudo wget https://releases.hashicorp.com/terraform/0.12.24/terraform_0.12.24_linux_amd64.zip -O terraform.zip sudo unzip terraform.zip && rm terraform.zip -f && sudo mv terraform /bin/terraform sudo wget https://releases.hashicorp.com/packer/1.5.5/packer_1.5.5_linux_amd64.zip -O packer.zip sudo unzip packer.zip && rm packer.zip -f && sudo mv packer /bin/packer.io
Please note we renamed the packer binary to “packer.io”. If not renamed, conflicts with the preexisting packer command will occur.
4) Generate SSH Key and SSM Parameters
sudo ssh-keygen -t rsa -f /home/ec2-user/.ssh/id_rsa -q -P "" sudo chmod 775 /home/ec2-user/.ssh/id_rsa && sudo chmod 775 /home/ec2-user/.ssh/id_rsa JenkinsPWD="/var/lib/jenkins/secrets/initialAdminPassword" PrvKey="/home/ec2-user/.ssh/id_rsa" PubKey="/home/ec2-user/.ssh/id_rsa.pub" aws ssm put-parameter --region us-east-1 --name /jenkins/initialAdminPassword --value file://$JenkinsPWD --type String –overwrite aws ssm put-parameter --region us-east-1 --name /jenkins/SSH-Git-PrivateKey --value file://$PrvKey --type String –overwrite aws ssm put-parameter --region us-east-1 --name /jenkins/SSH-Git-PublicKey --value file://$PubKey --type String –overwrite
NOTE: Remember to encrypt the parameter—or, better yet, use Secrets Manager!
Awesome! Your Jenkins server is now ready for you to setup using the parameters we just generated. No need to SSH and cat the values when you can access the console and view the parameters. Additionally, you can now add the SSH credentials to both Jenkins and Github and start building pipelines with Github as SCM! If your organization has any additional questions or concerns about AWS and any related technologies, please don’t hesitate to reach out to us. We’d love to help you out.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
|cookielawinfo-checbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.