Setting up Jenkins in AWS

7 minute read

This is a bit of a follow-up post related to my earlier one about setting up AWS and Jekyll. In this instalment, I set up a Jenkins server to automate building and deploying my Jekyll blog.

Overview

AWS provides some great documentation on how to set up a Jenkins build server (click ‘Get Started with the Project Guide’). However, the document is a little bit out of date as it was published in October 2016 and it’s also missing some of the Jenkins niceties that can be installed later.

I’d recommend reading the document anyway, as it provides a lot of useful background information and more detail on the steps that I’m taking below.

Steps

Creating the EC2 instance

If you haven’t already done so, create an EC2 instance for Jenkins to live on.

  1. Log in and go to the EC2 console home. Be sure to pick an appropriate hosting region from the menu in the top right — a zone closer to you geographically will give you much better response times.
  2. Click the blue ‘Launch Instance’ button. The view will change to show you the various different instance types available. I chose Amazon Linux AMI 2018.03.0 (HVM), SSD Volume Type, but the exact version may differ depending on when you follow these steps.
  3. The next step is picking an instance type. This determines the resources available to your instance. To be eligible for the free tier, be sure to pick t2.micro. Click ‘Review and Launch’ to continue.
  4. The summary screen appears next. The defaults that AWS provided are okay for the time being, but you can make them more secure by clicking ‘Edit security groups’.
    1. Change the security group name to ‘jenkins’
    2. Change the description to ‘Security rules for Jenkins’
    3. Add a rule, of type ‘Custom TCP Rule’ on Port Range 8080 from source ‘Anywhere’. This will let us access the Jenkins webserver once we start it running.
    4. We’ll leave the default SSH rule here, but take note that this default configuration is very insecure. Once we’ve finished configuring Jenkins, we can remove it or lock it down by restricting the acceptable source IP addresses.
    5. Click ‘Review and Launch’ again to return to the summary screen.
  5. Click ‘Launch’. One final dialog will appear, asking us to pick a ‘key pair’. Chances are, you don’t have one right now. In the upper box, select ‘Create a new key pair’ and then type in a keypair name below. I went with contoso, but really anything will do.
  6. Click ‘Download Key Pair’ and save it somewhere on your computer. I’d also recommend making a backup copy of this key immediately, somewhere secure. Without this file, you cannot SSH into your instances. This will prevent you from doing pretty much all of the necessary configuration that follows.
  7. Click ‘Launch Instances’ and you’re done!

Installing Jenkins

  1. Connect to your instance using SSH. The notes in the other headings below will help if you’re having issues.
  2. Update the packages on your instance by executing sudo yum update -y
  3. Add the Jenkins repository and key file: 
     sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
 sudo rpm --import https://pkg.jenkins.io/redhat/jenkins.io.key
  4. It’s time! Install Jenkins using sudo yum install jenkins -y.
  5. Before we can start the Jenkins service, we need to update the Java version on our instance. Run these commands: 
     sudo yum install java-1.8.0 -y
 sudo yum remove java-1.7.0-openjdk -y
  6. Start the Jenkins service: sudo service jenkins start.

Configuring Jenkins

  1. You can open the Jenkins interface by connecting to the instance address on port 8080. For example, http://ec2-w-x-y-z.ap-southeast-2.compute.amazonaws.com:8080/. If you’ve just finished installing Jenkins in the section above, it might have you wait for a few moments.
  2. Get the initial admin password by running the following command in your SSH session: 
     sudo cat /var/lib/jenkins/secrets/initialAdminPassword
  3. Copy and paste the password into the Jenkins website, then click ‘Continue’.
  4. If you want to get up and running quickly, click ‘Install suggested plugins’ at this screen. Otherwise, you can select the plugins you’d like manually. Installing the plugins can take a few minutes.
  5. When it’s loaded, it’ll ask you to set up an admin user. Enter the details it requests, then click ‘Save Credentials’.
  6. The next page asks for the Jenkins URL. As we don’t have a domain name set up yet, just use the default and click ‘Save and Finish’.
  7. Click ‘Start using Jenkins’.

At this point, the really critical setup tasks are done. The AWS document linked above has a couple more steps that will let you use EC2 instances as build slaves, but that’s not necessary for us.

Take some time to explore Jenkins and set up some jobs to experiment with the platform. As an example, I have a job that sends me the weather forecast via Slack every morning.

Niceties

The main setup for Jenkins is complete at the end of the last heading. However, I like to do a few other things to make my EC2 instance and Jenkins server a bit more user-friendly.

EC2 instance timezone

I like to keep my instances in a local timezone so I can quickly compare dates. Find the timezone file that’s most appropriate for you from those available in /usr/share/zoneinfo, then run these commands substituting as appropriate:

sudo su
/bin/rm -f /etc/localtime
/bin/ln -s /usr/share/zoneinfo/Australia/Sydney /etc/localtime

You can check the timezone was set correctly by running the date command. You’ll also want to restart your Jenkins service for it to update there as well.

Jenkins UI theme

Personally, I think the default theme is a bit old-school.

  1. Navigate to Manage Jenkins → Manage Plugins → Available tab.
  2. Install the ‘Simple Theme’ plugin.
  3. Navigate to Manage Jenkins → Configure System.
  4. Near the top of the page you’ll see a ‘Theme’ heading. Click ‘Add’ and select ‘CSS URL’. Several different theme variants are provided by the plugin author. I tried out teal by using this URL: 
     https://cdn.rawgit.com/afonsof/jenkins-material-theme/gh-pages/dist/material-teal.css

Additional plugins

I also installed the following plugins for Jenkins:

  • Environment Injector Plugin, so I can add environment variables on a job-by-job basis. I use this to pass different configuration flags to my jobs.
  • Slack Notification, so I can see the pass/fail status of jobs when they finish running at a glance in Slack.
  • So far I’ve been using s3cmd to publish items into Amazon S3 buckets, but the S3 publisher plugin may be more user friendly for you.

Simplify SSH authentication

If you want to simplify the SSH connection process, you can add the EC2 instance address (or domain name, if you’ve set one up) and the path to your SSH key to your local SSH config file. To do this, open the ~/.ssh/config file on your computer in a text editor and add a block similar to the following:

Host ec2-w-x-y-z.ap-southeast-2.compute.amazonaws.com
  HostName ec2-w-x-y-z.ap-southeast-2.compute.amazonaws.com
  User ec2-user
  IdentityFile ~/.ssh/contoso.pem

You May Also Enjoy

AWS and Jekyll

This first post will detail some of the steps I went through to set up a working Jekyll-based blog hosted on Amazon S3. The steps will be messy and some details might not be correct - I apologise in advance for these. I would like to go through my own instructions again from scratch with a clean setup to check...

TLS with S3 static websites

It’s been quite a while since I set up my blog using AWS S3’s static website hosting and while it’s been great so far, there’s one long-overdue feature I’ve been missing: transport encryption. I’m ashamed it’s taken me this long to add it, but it’s now available and you can learn how to set it up yourself!

Slack for push notifications

Following on from my post about Push notifications with Python, I’ve recently been looking at using Slack for more advanced notifications and interactions. This post will go through the process from the start, including setting up a Slack workspace and making a new App integration. If you’ve already done part or all of this stuff, feel free to skip ahead!...

NFC fun with Python

I’ve recently been looking into using an NFC reader/writer pad at work to make configuring some devices we have much quicker and easier, as the standard process for these devices is an Android phone and a lot of manual data entry. Checking the device using a mobile is great, but configuring them this way is not scalable.