Several cheat-sheets of different topics in .md format. Checkout the Github pages version.
This is just a set of tools and info that I find usefull to gather here for future reference.
sudo sudo amazon-linux-extras install java-openjdk11 -y
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat/jenkins.io.key
sudo yum install jenkins -y
sudo service jenkins start
sudo chkconfig jenkins on
Also, in case you want to test, stop or restart the jenkins service then use:
sudo service jenkins restart
sudo service jenkins stop
sudo service jenkins status
To retrieve the initial admin password necessary in the Jenkins installation, in the case of a unix system:
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
To start using Jenkins, you need to be sure of which port is using the jenkins service:
sudo cat /etc/sysconfig/jenkins | grep JENKINS_PORT
Normally it should be port 8080. If another service is using the same port as Jenkins, we can modify the value of JENKINS_PORT
to a port which is not used.
In case you want to test which ports are opened, and which services are listening to them:
sudo netstat -tulpn | grep LISTEN
IMPORTANT: It is necessary to add a rule to the security group of the EC2 instance hosting Jenkins. The rule should allow custom tcp (TCP personalizada in Spanish) traffic type,
allowing traffic from the IP range needed in your case (origin) through the JENKINS_PORT
value.
Now you should be able to open Jenkins. You need to navigate to http://localhost:JENKINS_PORT in the case that you installed Jenkins on your PC, or to http://public IP:JENKINS_PORT if it is installed in a remote host. As it should be in the case of Jenkins hosted on an EC2 instance. In this case you can retrieve the value of the public IP or public DNS from the console, or using the shell:
PUBLIC_IP=$(curl -s ifconfig.co)
echo $PUBLIC_IP
I found useful to create an alias which prints out Jenkins address, including the following line at the end of /home/ec2-user/.bashrc
:
alias showJenkinsURL='dum=\$(curl -s ifconfig.co);echo http://\${dum}:8080'
so that, a possible output could be:
$ showJenkinsURL
http://102.321.21.3:8080
The motivation of this alias is the following: every time an EC2 instance is stopped, the public IP is lost; when the instance is restarted, the data is still there, you will find the same jobs and pipelines, but a new public IP will be associated. With this command it is easy to retrieve the Jenkins url everytime you ssh access the EC2 instance after it is restarted.
Once you navigate to your Jenkins url, you must introduce the initial admin password retrieved in a former step. Accept the default plugin installation or customize your choice, enter an admin username and password, and after that you are ready to use Jenkins.
Jenkins configures a unix user, called service user, which doesn’t have a shell associated. To login to the jenkins user run:
sudo su -s /bin/bash jenkins
Jenkins creates a folder per job or pipeline in:
/var/lib/jenkins/workspace
you can check the root directory of Jenkins in Control Panel -> Configuration http://publicIP:JENKINS_PORT/configure.
It is possible to add Jenkins environment variables to the existing ones in http://publicIP:JENKINS_PORT/configure. This variables are shared among jobs and can be used by pipeline scripts as normal unix environment variables. Check the Jenkins environment variables in:
As root edit the file /etc/sudoers
appending the line
jenkins ALL=(ALL) NOPASSWD: ALL
You might need Jenkins to connect to remote hosts, e.g., when running Ansible playbooks. In that case, you need to have the necessary ssh key pair.
The keys must be located in /var/lib/jenkins/.ssh
.
Pipelines are a useful tool provided by Jenkins which allows to configure a series of tasks using code. There are two ways to build a pipeline script:
Let us discuss declarative pipelines since they are fairly simple. A declarative pipeline would have the structure
pipeline {
agent any
environment {
TFPROJECTFOLDER = 'terraform-demo'
TFPROJECTREPO = 'https://github.com/.../terraform-demo.git'
}
stages {
stage('Clone templates') {
steps {
sh '''#!/bin/bash
mkdir -p ${TF_WORKSPACE_PATH}
cd ${TF_WORKSPACE_PATH}
exists=$(ls ${TFPROJECTFOLDER} 2>/dev/null)
if [ -z $exists ]
then
git clone ${TFPROJECTREPO}
else
cd ${TF_WORKSPACE_PATH}/${TFPROJECTFOLDER}
git checkout main
git fetch --all
git reset --hard origin/main
fi
'''
}
}
stage('Terraform init') {
steps {
sh '''#!/bin/bash
cd ${TF_WORKSPACE_PATH}/${TFPROJECTFOLDER};
terraform init;
'''
}
}
stage('Terraform apply') {
steps {
sh '''#!/bin/bash
cd ${TF_WORKSPACE_PATH}/${TFPROJECTFOLDER};
terraform apply -auto-approve
'''
}
}
stage('Terraform refresh') {
steps {
sh '''#!/bin/bash
cd ${TF_WORKSPACE_PATH}/${TFPROJECTFOLDER};
terraform refresh
'''
}
}
}
}
As we see, there is a root block called pipeline
, and inside there are two more structures:
steps
with a specific purpose
In my experience automating the implementation of Terraform templates with Jenkins Pipelines, if Jenkins and Terraform are installed in the same host, I found useful giving instructions to the jobs/pipelines for creating a workspace folder to store the .tf
project as follows
/var/lib/jenkins/workspaces/terraform-workspaces
so that jobs/pipelines managing Terraform ressources would clone the repositories containing the templates inside the former folder:
/var/lib/jenkins/workspaces/terraform-workspaces/TF_PIPELINE_REPOSITORY
and refer to it for their tasks. In this way, the .tfstate
file will be the same for all pipelines related to each Terraform repository if well configured.
Note that any environment variable that the jenkins service user needs when running the pipelines must be declared in Jenkins.
Jenkinsfile
’s will be stored in different folders.
If you don’t want Jenkins to build the job after scanning the repository, in Property strategy add the propertyJenkins will start searching the pipeline script on the path given. You can manually trigger the repository scan. Once you “build” the job, Jenkins will clone the Jenkinsfile into the pipeline workspace inside
/var/lib/jenkins/workspaces/**pipelineworkspace**/**repository**
and it will start performing the steps therein.
You can set the jobs to be built on specific times or frequencies. For this, you need to provide the time choices in the CRON syntax. Add the following code to the pipeline:
pipeline {
. . .
triggers {
cron('*/2 * * * *')
}
. . .
stages {
. . .
}
}
where in the example above the pipeline will be triggered every 2 minutes. The CRON syntax is:
Minute Hour DayInMonth Month DayInWeek
So, for example, to trigger the pipeline every saturday and sunday at 19.06 the syntax would be:
triggers {
cron('6 19 * * 6,7')
}
Return to main page