Merge pull request #1 from kottoson-bah/ecs-jenkins-agent

Ecs jenkins agent
boozallen · Aug 26, 2019 · b172264 · b172264
2 parents fc42316 + 9d61fa8
commit b172264
Show file tree

Hide file tree

Showing 8 changed files with 313 additions and 3 deletions.
diff --git a/jenkins/ecs/Dockerfile b/jenkins/ecs/Dockerfile
@@ -0,0 +1,26 @@
+# Copyright © 2018 Booz Allen Hamilton. All Rights Reserved.
+# This software package is licensed under the Booz Allen Public License. The license can be found in the License file or at http://boozallen.github.io/licenses/bapl
+
+FROM jenkins/jenkins:2.176.2
+
+ENV JAVA_OPTS "-Djenkins.install.runSetupWizard=false"
+
+EXPOSE 8080
+EXPOSE 50000
+
+USER root
+
+RUN apt-get update && apt-get -y install jq
+
+# install plugins
+COPY resources/plugins/plugins.txt /usr/share/jenkins/ref/plugins.txt
+RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
+
+# copy in init file
+COPY resources/scrips/jenkins_preboot.sh /usr/local/bin/jenkins_preboot.sh
+RUN chmod +x /usr/local/bin/jenkins_preboot.sh
+
+COPY resources/scripts/container_entrypoint.sh /usr/local/bin/container_entrypoint.sh
+RUN chmod +x /usr/local/bin/container_entrypoint.sh
+
+ENTRYPOINT /usr/local/bin/container_entrypoint.sh
diff --git a/jenkins/ecs/README.rst b/jenkins/ecs/README.rst
@@ -1,3 +1,3 @@
--------------
-On Kubernetes
--------------
+-------
+On ECS
+-------
diff --git a/jenkins/ecs/resources/jenkins-configuration/init-jenkins.groovy b/jenkins/ecs/resources/jenkins-configuration/init-jenkins.groovy
diff --git a/jenkins/ecs/resources/jenkins-configuration/jenkins-casc-env-vars.txt b/jenkins/ecs/resources/jenkins-configuration/jenkins-casc-env-vars.txt
@@ -0,0 +1,15 @@
+Environment Variables
+=====================
+
+ROLE_ACCESS_KEY: Access key for use by ECS plugin; Needs to be set in Jenkins at startup
+ROLE_SECRET_KEY: Secret key for use by ECS plugin; Needs to be set in Jenkins at startup
+GITHUB_PASSWORD: self explanatory
+GITHUB_USERNAME: ditto
+AGENT_CLUSTER: ARN for the fargate cluster on which Jenkins agents will be deployed
+MASTER_PUBLIC_IP: Public IP for the Jenkins Master
+MASTER_PRIVATE_IP: Private IP for the Jenkins Master
+AGENT_SECURITY_GROUP: Security group to apply to Jenkins agents; format 'sg-#######'
+AGENT_SUBNET: The (private) subnet in which to deploy Jenkins agents; format 'subnet-#######'
+
+
+https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html
diff --git a/jenkins/ecs/resources/jenkins-configuration/jenkins-casc.yml b/jenkins/ecs/resources/jenkins-configuration/jenkins-casc.yml
@@ -0,0 +1,126 @@
+credentials:
+  system:
+    domainCredentials:
+    - credentials:
+      - aws:
+          accessKey: "${ROLE_ACCESS_KEY}"
+          id: "jenkins-aws"
+          scope: GLOBAL
+          secretKey: "${ROLE_SECRET_KEY}"
+      - usernamePassword:
+          description: "github"
+          id: "github"
+          password: "${GITHUB_PASSWORD}"
+          scope: GLOBAL
+          username: "${GITHUB_USERNAME}"
+jenkins:
+  agentProtocols:
+  - "JNLP4-connect"
+  - "Ping"
+  authorizationStrategy:
+    loggedInUsersCanDoAnything:
+      allowAnonymousRead: false
+  clouds:
+  - ecs:
+      cluster: "${AGENT_CLUSTER}"
+      credentialsId: "jenkins-aws"
+      jenkinsUrl: "${MASTER_PRIVATE_IP}"
+      name: "Jenkins"
+      regionName: "us-east-1"
+      templates:
+      - assignPublicIp: false
+        cpu: 512
+        image: "jenkins/jnlp-slave"
+        label: "agent"
+        launchType: "FARGATE"
+        memory: 0
+        memoryReservation: 1024
+        networkMode: "default"
+        privileged: false
+        remoteFSRoot: "/home/jenkins"
+        securityGroups: "${AGENT_SECURITY_GROUP}"
+        sharedMemorySize: 0
+        subnets: "${AGENT_SUBNET}"
+        templateName: "agent"
+  crumbIssuer:
+    standard:
+      excludeClientIPFromCrumb: false
+  disableRememberMe: false
+  markupFormatter: "plainText"
+  mode: NORMAL
+  myViewsTabBar: "standard"
+  numExecutors: 0
+  primaryView:
+    all:
+      name: "all"
+  projectNamingStrategy: "standard"
+  quietPeriod: 5
+  remotingSecurity:
+    enabled: true
+  scmCheckoutRetryCount: 0
+  securityRealm:
+    local:
+      allowsSignup: false
+      enableCaptcha: false
+      users:
+      - id: "admin"
+  slaveAgentPort: 50000
+  updateCenter:
+    sites:
+    - id: "default"
+      url: "https://updates.jenkins.io/update-center.json"
+  views:
+  - all:
+      name: "all"
+  viewsTabBar: "standard"
+security:
+  apiToken:
+    creationOfLegacyTokenEnabled: false
+    tokenGenerationOnCreationEnabled: false
+    usageStatisticsEnabled: true
+  downloadSettings:
+    useBrowser: false
+  sSHD:
+    port: -1
+unclassified:
+  buildStepOperation:
+    enabled: false
+  extendedEmailPublisher:
+    adminRequiredForTemplateTesting: false
+    allowUnregisteredEnabled: false
+    charset: "UTF-8"
+    debugMode: false
+    defaultBody: "$PROJECT_NAME - Build # $BUILD_NUMBER - $BUILD_STATUS:\r\n\r\nCheck\
+      \ console output at $BUILD_URL to view the results."
+    defaultContentType: "text/plain"
+    defaultSubject: "$PROJECT_NAME - Build # $BUILD_NUMBER - $BUILD_STATUS!"
+    maxAttachmentSize: -1
+    maxAttachmentSizeMb: 0
+    precedenceBulk: false
+    useSsl: false
+    watchingEnabled: false
+  gitHubPluginConfig:
+    hookUrl: "http://${MASTER_PUBLIC_IP}:8080/github-webhook/"
+  gitSCM:
+    createAccountBasedOnEmail: false
+  location:
+    adminAddress: "address not configured yet <nobody@nowhere>"
+    url: "http://${MASTER_PUBLIC_IP}:8080/"
+  mailer:
+    adminAddress: "address not configured yet <nobody@nowhere>"
+    charset: "UTF-8"
+    useSsl: false
+  pollSCM:
+    pollingThreadCount: 10
+  templateGlobalConfig:
+    tier:
+      scm: "none"
+  timestamperConfig:
+    allPipelines: false
+    elapsedTimeFormat: "'<b>'HH:mm:ss.S'</b> '"
+    systemTimeFormat: "'<b>'HH:mm:ss'</b> '"
+tool:
+  git:
+    installations:
+    - home: "git"
+      name: "Default"
diff --git a/jenkins/ecs/resources/plugins/plugins.txt b/jenkins/ecs/resources/plugins/plugins.txt
@@ -0,0 +1,133 @@
+ace-editor:1.1
+amazon-ecs:1.22
+analysis-core:1.96
+ant:1.9
+antisamy-markup-formatter:1.5
+apache-httpcomponents-client-4-api:4.5.5-3.0
+artifactory:3.3.2
+authentication-tokens:1.3
+blueocean:1.18.1
+blueocean-autofavorite:1.2.4
+blueocean-bitbucket-pipeline:1.18.1
+blueocean-commons:1.18.1
+blueocean-config:1.18.1
+blueocean-core-js:1.18.1
+blueocean-dashboard:1.18.1
+blueocean-display-url:2.3.0
+blueocean-events:1.18.1
+blueocean-executor-info:1.18.1
+blueocean-git-pipeline:1.18.1
+blueocean-github-pipeline:1.18.1
+blueocean-i18n:1.18.1
+blueocean-jira:1.18.1
+blueocean-jwt:1.18.1
+blueocean-personalization:1.18.1
+blueocean-pipeline-api-impl:1.18.1
+blueocean-pipeline-editor:1.18.1
+blueocean-pipeline-scm-api:1.18.1
+blueocean-rest:1.18.1
+blueocean-rest-impl:1.18.1
+blueocean-web:1.18.1
+bouncycastle-api:2.17
+branch-api:2.5.4
+build-timeout:1.19
+cloudbees-bitbucket-branch-source:2.4.5
+cloudbees-folder:6.9
+command-launcher:1.3
+config-file-provider:3.6.2
+configuration-as-code:1.27
+configuration-as-code-groovy:1.1
+credentials:2.2.1
+credentials-binding:1.20
+dependency-check-jenkins-plugin:5.0.2
+dependency-track:2.1.0
+display-url-api:2.3.2
+docker-commons:1.15
+docker-workflow:1.19
+durable-task:1.30
+email-ext:2.66
+favorite:2.3.2
+filesystem_scm:2.1
+git:3.12.0
+git-client:2.8.0
+git-server:1.8
+github:1.29.4
+github-api:1.95
+github-branch-source:2.5.6
+google-kubernetes-engine:0.6.3
+google-metadata-plugin:0.2
+google-oauth-plugin:0.8
+google-source-plugin:0.3
+gradle:1.33
+handlebars:1.1.1
+handy-uri-templates-2-api:2.1.7-1.0
+htmlpublisher:1.18
+ivy:2.1
+jackson2-api:2.9.9.1
+javadoc:1.5
+jdk-tool:1.3
+jenkins-design-language:1.18.1
+jira:3.0.9
+job-dsl:1.75
+jquery:1.12.4-1
+jquery-detached:1.2.1
+jsch:0.1.55.1
+junit:1.28
+kubernetes-credentials:0.4.1
+ldap:1.20
+lockable-resources:2.5
+mailer:1.24
+mapdb-api:1.0.9.0
+matrix-auth:2.4.2
+matrix-project:1.14
+maven-plugin:3.4
+mercurial:2.8
+momentjs:1.1.1
+oauth-credentials:0.3
+openshift-client:1.0.32
+openshift-login:1.0.19
+pam-auth:1.5.1
+pipeline-build-step:2.9
+pipeline-github-lib:1.0
+pipeline-graph-analysis:1.10
+pipeline-input-step:2.10
+pipeline-milestone-step:1.3.1
+pipeline-model-api:1.3.9
+pipeline-model-declarative-agent:1.1.1
+pipeline-model-definition:1.3.9
+pipeline-model-extensions:1.3.9
+pipeline-rest-api:2.12
+pipeline-stage-step:2.3
+pipeline-stage-tags-metadata:1.3.9
+pipeline-stage-view:2.12
+pipeline-utility-steps:2.3.0
+plain-credentials:1.5
+pubsub-light:1.13
+resource-disposer:0.13
+scm-api:2.6.3
+script-security:1.62
+sonar:2.9
+sse-gateway:1.19
+ssh-credentials:1.17.1
+ssh-slaves:1.30.1
+structs:1.20
+subversion:2.12.2
+swarm:3.17
+templating-engine:1.3
+timestamper:1.10
+token-macro:2.8
+variant:1.3
+windows-slaves:1.4
+workflow-aggregator:2.6
+workflow-api:2.36
+workflow-basic-steps:2.18
+workflow-cps:2.73
+workflow-cps-global-lib:2.15
+workflow-durable-task-step:2.33
+workflow-job:2.33
+workflow-multibranch:2.21
+workflow-remote-loader:1.5
+workflow-scm-step:2.9
+workflow-step-api:2.20
+workflow-support:3.3
+ws-cleanup:0.37
diff --git a/jenkins/ecs/resources/scripts/container_entrypoint.sh b/jenkins/ecs/resources/scripts/container_entrypoint.sh
@@ -0,0 +1,5 @@
+#! /bin/bash -e
+
+/usr/local/bin/jenkins_preboot.sh
+
+/sbin/tini -- /usr/local/bin/jenkins.sh
diff --git a/jenkins/ecs/resources/scripts/jenkins_preboot.sh b/jenkins/ecs/resources/scripts/jenkins_preboot.sh
@@ -0,0 +1,5 @@
+#! /bin/bash -e
+
+if [[ -n $AWS_CONTAINER_CREDENTIALS_RELATIVE_URI ]]; then
+
+done;