Sunday, September 8, 2019

Jenkins Configure build-server environment on AWS AMI

In this post, I would like to share my experiment with AWS instances using IAM role for authenticating from the remote machine that is Jenkins Master instance. make sure that Jenkins Master should not have any executors on the master so that no job run on the master server, that will be making the Jenkins run in a distributed environment. Jenkins Master-Slave implementation within the AWS instances, and to do this. We need to follow a flow.

Jenkins Master -> key pair -> Build server ->IAM->ec2 or EBS or S3 instance

Create IAM role for the build server

Login to your AWS console, search for IAM on the AWS console

In the left pane select 'Roles' menu item. In the right side, click on the "Create role " blue button.
select the type of trusted entity as "AWS service" that is default one.

Now choose the service that will use this role: click on "EC2" Link.
Click on the 'Permissions' bottom right side button, proceed further to attach the policy.

AWS Create Role - Attach permission policies


Under Create Role you could see the button Create a policy
Filter policies with elasticbeanstalk
Let us search result select the 'AWSElasticBeanstalkFullAccess', click that to get the details of that policy which is already defined. this will have 18 services shown in the summary.
Ignore tag page, Click on review button at the bottom.

Review page enter the following values
Role name: build-server-role
Des: Elastic beanstalk full access

In the bottom click on create

AWS Instance Create Role - Review page

Create a key-pair for a build-server

In the AWS Dashboard -> Under Network and security -> Keypair
Choose the button Create key pair for build-server with the name as: build-server-keys.pem
It will automatically download the key-pair that you have created. Let's open the 'build-server-keys.pem' file in notepad++

Create AWS Linux 2 instance

AWS services search for EC2 dashboard, click on the button 'Launch Instance', which opens the 7 steps wizard. Choose the Amazon Linux 2, free-tier (t2-micro) configure the instance.

AWS instance type selection

Create a Security Group  

Enter the following values for the Security group that will be having only SSH that allows us to connect from the Jenkins Master.

Name: build-server-sg
Des: SSH only for Jenkins
same desc in the inbound rule
no need to changes for an outbound rule

Click on create button

Selecting the security group for build-server

All set to review and launch the instance. Click on the 'Launch' button.

Select an existing key pair for Instance which was already created.
Select an existing key pair

Configuration of Jenkins Credential

Now the Jenkins Credential configuration, go to the Jenkins admin console

Click on the Credentials
-> System
Global Credentials
Jenkins Credentials configuration
Left pane click on the 'Add Credentials' that will open a form fill with the following values:

Kind: SSH Username with the private key
Scope: Global (Jenkins Nodes, items and all child items etc)
Enter the values for Username: ec2-user
Password -> private key
Enter it from the build-sever-keys.pem file content which was already opened in the Notepad++.

ignore password, ID, Des optional.

Jenkins Credentials RSA key authentication
click on 'OK' button.

Remember that the Private DNS name/private IP for the build-server required, it will save the cost for internal network access.




Now select the "Manage nodes" link
Node creation on Jenkins master

Slave server configuration on Jenkins master

You may be interested to view our other knowledgable technical blog articles:







Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Categories

Kubernetes (24) Docker (20) git (13) Jenkins (12) AWS (7) Jenkins CI (5) Vagrant (5) K8s (4) VirtualBox (4) CentOS7 (3) docker registry (3) docker-ee (3) ucp (3) Jenkins Automation (2) Jenkins Master Slave (2) Jenkins Project (2) containers (2) docker EE (2) docker private registry (2) dockers (2) dtr (2) kubeadm (2) kubectl (2) kubelet (2) openssl (2) Alert Manager CLI (1) AlertManager (1) Apache Maven (1) Best DevOps interview questions (1) CentOS (1) Container as a Service (1) DevOps Interview Questions (1) Docker 19 CE on Ubuntu 19.04 (1) Docker Tutorial (1) Docker UCP (1) Docker installation on Ubunutu (1) Docker interview questions (1) Docker on PowerShell (1) Docker on Windows (1) Docker version (1) Docker-ee installation on CentOS (1) DockerHub (1) Features of DTR (1) Fedora (1) Freestyle Project (1) Git Install on CentOS (1) Git Install on Oracle Linux (1) Git Install on RHEL (1) Git Source based installation (1) Git line ending setup (1) Git migration (1) Grafana on Windows (1) Install DTR (1) Install Docker on Windows Server (1) Install Maven on CentOS (1) Issues (1) Jenkins CI server on AWS instance (1) Jenkins First Job (1) Jenkins Installation on CentOS7 (1) Jenkins Master (1) Jenkins automatic build (1) Jenkins installation on Ubuntu 18.04 (1) Jenkins integration with GitHub server (1) Jenkins on AWS Ubuntu (1) Kubernetes Cluster provisioning (1) Kubernetes interview questions (1) Kuberntes Installation (1) Maven (1) Maven installation on Unix (1) Operations interview Questions (1) Oracle Linux (1) Personal access tokens on GitHub (1) Problem in Docker (1) Prometheus (1) Prometheus CLI (1) RHEL (1) SCM (1) SCM Poll (1) SRE interview questions (1) Troubleshooting (1) Uninstall Git (1) Uninstall Git on CentOS7 (1) Universal Control Plane (1) Vagrantfile (1) amtool (1) aws IAM Role (1) aws policy (1) caas (1) chef installation (1) create deployment (1) create organization on UCP (1) create team on UCP (1) docker CE (1) docker UCP console (1) docker command line (1) docker commands (1) docker community edition (1) docker container (1) docker editions (1) docker enterprise edition (1) docker enterprise edition deep dive (1) docker for windows (1) docker hub (1) docker installation (1) docker node (1) docker releases (1) docker secure registry (1) docker service (1) docker swarm init (1) docker swarm join (1) docker trusted registry (1) elasticBeanStalk (1) global configurations (1) helm installation issue (1) mvn (1) namespaces (1) promtool (1) service creation (1) slack (1)