Automated Build Server Configuration

[bryantrobbins]

Acceptance criteria:

• Single command creates all AWS resources
• r10k runs to retrieve required puppet modules
• Local puppet apply runs to configure Jenkins server
• Single t2.nano server with Jenkins instlaled
• Jenkins security enabled, with "admin" and "bryan" accounts created
• Docker and Packer installed, to support image builds
• Jenkins plugins installed to support Git checkout
• Jenkins seed job configured to checkout from specified github repo and runs file with given name

[bryantrobbins]

Status as of 2/12: AWS cloudformation stack created. cloud-init step not fully working yet. Jenkins server created, with admin account and security enabled.

Up next is to get cloud-init working before moving on.

[bryantrobbins]

cloud-init is working.

[bryantrobbins]

Working on enabling Jenkins security. Currently having a timing issue between jenkins install and execution of configuration script.

[bryantrobbins]

Security is now enabled during initial Puppet run (fixed wait condition in Jenkins bootstrap script).

Moving on to use of hieradata to support providing user account details.

[bryantrobbins]

How to enable hieradata: https://docs.puppetlabs.com/hiera/3.0/configuring.html#changing-the-config-file-location

Also exploring use of KMS for encryption/decryption: http://www.rubydoc.info/gems/hiera-eyaml-kms/0.1

The idea would be that the private key is owned by the 'baseball' project (or whatever project is using the standard-aws setup) and any hieradata is encrypted with this key and staged prior to calling standard-aws create.sh. The standard-aws template takes the KMS key as an argument.

CloudFormation already supports the creation of keys. A CF Stack in the baseball project can create the key and pass it along

This would be awesome...

[bryantrobbins]

Update as of 2/26/2016: Jenkins is getting installed, but Jenkins plugin installs are hanging. Need to move installation of all plugins to Jenkins bootstrap script which is being run by common Puppet module. Also need to be able to pass Jenkins seed project details via hieradata.

[bryantrobbins]

Update as of 2/28/2016: A clean install of Jenkins and plugins generally works. I did see one odd hangup due to "yum is in use by another process". Am guessing that Puppet and something with cloud-init may have been conflicting here, so I will look into it.

Another issue is that Jenkins is not being added to the Docker group. This manual command does the trick (requires restart of Jenkins after being executed):

sudo gpasswd -a jenkins docker

[bryantrobbins]

The jenkins group membership is resolved. There is a "manage_user" flag on the jenkins puppet module, which allows me to manage my own user and its groups.

I have seen several clean installs of Jenkins work like a charm. Calling this DONE.