If you read my previous post: Keep your AWS IaC inline with CloudFormation initial prep for Terraform, Jenkins, and Packer, you were probably expecting a Jenkins build…but I’ve saved it for this post.
But before we get started with the Jenkins build, here’s a quick question to address.
Why are we using Cloudformation and not Packer or Terraform?
Because I want to keep as much Terraform/Packer code off my machine as possible. Imagine that our environment is centered around the publishing/central IT cross-account AWS setup, and any new changes should be pushed through Infrastructure as Code (IaC) stacks and not by admins assuming roles and deploying stuff from their machines.
CFT Instance Resource for Jenkins
Cool! With that being the scenario, let’s include our Jenkins instance AND Security Group resources in the CloudFormation template for IaC prep!
EC2InstanceJenkins: Type: AWS::EC2::Instance Properties: IamInstanceProfile: !Ref "IAMInstanceProfileJenkins" ImageId: "ami-062f7200baf2fa504" KeyName: !Ref "KeyPair" InstanceType: "t2.micro" SecurityGroupIds: - !Fn::GetAtt "SecurityGroupID" SubnetId: !Ref "SubnetID"
A couple things to note here:
- I used a direct reference to the AMI ID, but you can always follow AWS suggestions of always having the latest AMI using SSM Parameters.
- I used parameter references for values. This will change for your acct. Please be sure you include those parameters in the cloudformation.
Now for the fun part (userdata script):
1) Basic Tools and Dependencies
UserData: Fn::Base64: !Sub | #!/bin/bash -xe sudo yum update -y sudo amazon-linux-extras install corretto8 sudo yum install jq unzip git -y
Firstly, we want to be sure all is up to date and that we enable corretto8. Also, we have some of the basic tools (e.g.: unzip, jq, git). Note: currently, v8 of corretto is the only one that works for Jenkins.
2) Jenkins Installation
sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo sudo rpm --import https://pkg.jenkins.io/redhat/jenkins.io.key sudo yum install jenkins -y sudo service jenkins start
3) Install Packer and Terraform
NOTE: Some may prefer to install the plugins through the Jenkins console. This is an excellent solution, but for the purposes of this blog we will stick to the command line.
sudo wget https://releases.hashicorp.com/terraform/0.12.24/terraform_0.12.24_linux_amd64.zip -O terraform.zip sudo unzip terraform.zip && rm terraform.zip -f && sudo mv terraform /bin/terraform sudo wget https://releases.hashicorp.com/packer/1.5.5/packer_1.5.5_linux_amd64.zip -O packer.zip sudo unzip packer.zip && rm packer.zip -f && sudo mv packer /bin/packer.io
Please note we renamed the packer binary to “packer.io”. If not renamed, conflicts with the preexisting packer command will occur.
4) Generate SSH Key and SSM Parameters
sudo ssh-keygen -t rsa -f /home/ec2-user/.ssh/id_rsa -q -P "" sudo chmod 775 /home/ec2-user/.ssh/id_rsa && sudo chmod 775 /home/ec2-user/.ssh/id_rsa JenkinsPWD="/var/lib/jenkins/secrets/initialAdminPassword" PrvKey="/home/ec2-user/.ssh/id_rsa" PubKey="/home/ec2-user/.ssh/id_rsa.pub" aws ssm put-parameter --region us-east-1 --name /jenkins/initialAdminPassword --value file://$JenkinsPWD --type String –overwrite aws ssm put-parameter --region us-east-1 --name /jenkins/SSH-Git-PrivateKey --value file://$PrvKey --type String –overwrite aws ssm put-parameter --region us-east-1 --name /jenkins/SSH-Git-PublicKey --value file://$PubKey --type String –overwrite
NOTE: Remember to encrypt the parameter—or, better yet, use Secrets Manager!
Awesome! Your Jenkins server is now ready for you to setup using the parameters we just generated. No need to SSH and cat the values when you can access the console and view the parameters. Additionally, you can now add the SSH credentials to both Jenkins and Github and start building pipelines with Github as SCM! If your organization has any additional questions or concerns about AWS and any related technologies, please don’t hesitate to reach out to us. We’d love to help you out.