Setting up Jenkins in AWS
This is a bit of a follow-up post related to my earlier one about setting up AWS and Jekyll. In this instalment, I set up a Jenkins server to automate building and deploying my Jekyll blog.
AWS provides some great documentation on how to set up a Jenkins build server (click ‘Get Started with the Project Guide’). However, the document is a little bit out of date as it was published in October 2016 and it’s also missing some of the Jenkins niceties that can be installed later.
I’d recommend reading the document anyway, as it provides a lot of useful background information and more detail on the steps that I’m taking below.
Creating the EC2 instance
If you haven’t already done so, create an EC2 instance for Jenkins to live on.
- Log in and go to the EC2 console home. Be sure to pick an appropriate hosting region from the menu in the top right — a zone closer to you geographically will give you much better response times.
- Click the blue ‘Launch Instance’ button. The view will change to show you the various different instance types available. I chose
Amazon Linux AMI 2018.03.0 (HVM), SSD Volume Type, but the exact version may differ depending on when you follow these steps.
- The next step is picking an instance type. This determines the resources available to your instance. To be eligible for the free tier, be sure to pick
t2.micro. Click ‘Review and Launch’ to continue.
- The summary screen appears next. The defaults that AWS provided are okay for the time being, but you can make them more secure by clicking ‘Edit security groups’.
- Change the security group name to ‘jenkins’
- Change the description to ‘Security rules for Jenkins’
- Add a rule, of type ‘Custom TCP Rule’ on Port Range
8080from source ‘Anywhere’. This will let us access the Jenkins webserver once we start it running.
- We’ll leave the default SSH rule here, but take note that this default configuration is very insecure. Once we’ve finished configuring Jenkins, we can remove it or lock it down by restricting the acceptable source IP addresses.
- Click ‘Review and Launch’ again to return to the summary screen.
- Click ‘Launch’. One final dialog will appear, asking us to pick a ‘key pair’. Chances are, you don’t have one right now. In the upper box, select ‘Create a new key pair’ and then type in a keypair name below. I went with
contoso, but really anything will do.
- Click ‘Download Key Pair’ and save it somewhere on your computer. I’d also recommend making a backup copy of this key immediately, somewhere secure. Without this file, you cannot SSH into your instances. This will prevent you from doing pretty much all of the necessary configuration that follows.
- Click ‘Launch Instances’ and you’re done!
- Connect to your instance using SSH. The notes in the other headings below will help if you’re having issues.
- Update the packages on your instance by executing
sudo yum update -y
- Add the Jenkins repository and key file:
sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo sudo rpm --import https://pkg.jenkins.io/redhat/jenkins.io.key
- It’s time! Install Jenkins using
sudo yum install jenkins -y.
- Before we can start the Jenkins service, we need to update the Java version on our instance. Run these commands:
sudo yum install java-1.8.0 -y sudo yum remove java-1.7.0-openjdk -y
- Start the Jenkins service:
sudo service jenkins start.
- You can open the Jenkins interface by connecting to the instance address on port 8080. For example,
http://ec2-w-x-y-z.ap-southeast-2.compute.amazonaws.com:8080/. If you’ve just finished installing Jenkins in the section above, it might have you wait for a few moments.
- Get the initial admin password by running the following command in your SSH session:
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
- Copy and paste the password into the Jenkins website, then click ‘Continue’.
- If you want to get up and running quickly, click ‘Install suggested plugins’ at this screen. Otherwise, you can select the plugins you’d like manually. Installing the plugins can take a few minutes.
- When it’s loaded, it’ll ask you to set up an admin user. Enter the details it requests, then click ‘Save Credentials’.
- The next page asks for the Jenkins URL. As we don’t have a domain name set up yet, just use the default and click ‘Save and Finish’.
- Click ‘Start using Jenkins’.
At this point, the really critical setup tasks are done. The AWS document linked above has a couple more steps that will let you use EC2 instances as build slaves, but that’s not necessary for us.
Take some time to explore Jenkins and set up some jobs to experiment with the platform. As an example, I have a job that sends me the weather forecast via Slack every morning.
The main setup for Jenkins is complete at the end of the last heading. However, I like to do a few other things to make my EC2 instance and Jenkins server a bit more user-friendly.
EC2 instance timezone
I like to keep my instances in a local timezone so I can quickly compare dates. Find the timezone file that’s most appropriate for you from those available in
/usr/share/zoneinfo, then run these commands substituting as appropriate:
sudo su /bin/rm -f /etc/localtime /bin/ln -s /usr/share/zoneinfo/Australia/Sydney /etc/localtime
You can check the timezone was set correctly by running the
date command. You’ll also want to restart your Jenkins service for it to update there as well.
Jenkins UI theme
Personally, I think the default theme is a bit old-school.
- Navigate to Manage Jenkins → Manage Plugins → Available tab.
- Install the ‘Simple Theme’ plugin.
- Navigate to Manage Jenkins → Configure System.
- Near the top of the page you’ll see a ‘Theme’ heading. Click ‘Add’ and select ‘CSS URL’. Several different theme variants are provided by the plugin author. I tried out
tealby using this URL:
I also installed the following plugins for Jenkins:
- Environment Injector Plugin, so I can add environment variables on a job-by-job basis. I use this to pass different configuration flags to my jobs.
- Slack Notification, so I can see the pass/fail status of jobs when they finish running at a glance in Slack.
- So far I’ve been using
s3cmdto publish items into Amazon S3 buckets, but the S3 publisher plugin may be more user friendly for you.
Simplify SSH authentication
If you want to simplify the SSH connection process, you can add the EC2 instance address (or domain name, if you’ve set one up) and the path to your SSH key to your local SSH config file. To do this, open the
~/.ssh/config file on your computer in a text editor and add a block similar to the following:
Host ec2-w-x-y-z.ap-southeast-2.compute.amazonaws.com HostName ec2-w-x-y-z.ap-southeast-2.compute.amazonaws.com User ec2-user IdentityFile ~/.ssh/contoso.pem