Setting up a Jenkins build server on EC2

In my last post about setting up Jenkins I looked at how to do a basic Jenkins setup on an Ubuntu machine. In my case I set it up on an old machine which is fine when I’m working at home but if I make changes when I’m not at home or when my build machine isn’t running the changes are not built and tested. If you hadn’t worked it out, in a proper continuous integration environment you should be running your builds continuously. So this morning I set out to get an EC2 instance running Jenkins.

The other reason I wanted to have the build server running continually is that I need to start scheduling some jobs for Knowsis to do the NLP part of our process., which I could do with Cron, but buildservers liike Jenkins and Teamcity offer really flexible scheduling and a nice interface for feedback so I don’t need to worry about building one myself, for now.

Setting up an EC2 instance

The first step in the process is to set up your EC2 instance. Amazon kindly provide a free tier so you can get a free micro instance for a year. This should work for you initially if your builds aren’t overly complex.

I won’t run through exactly how to get your instance running as you can find plenty of guides online, if you are completely new to EC2 I would recommend this guide provided by Amazon.

One thing to note is that you should make sure you set up the security group for your image to allow all traffic on port 80 so you can actually see Jenkins.

Installing nginx

In my previous post I mentioned setting up nginx to route requests to Jenkins  but didn’t cover it. So we’ll go though it here as we need a webserver running to host the requests coming through.

We’ll need to use YUM here as apt-get and aptitude aren’t installed. Thankfully the Amazon package index includes a version of nginx.

yum install nginx

Once installed we should start the nginx server to make sure that we can see our new EC2 instance before proceeding.

sudo /etc/rc.d/init.d/nginx start

You should be be able to hit your instance in a web browser. You can get the public hostname of your instance from the AWS management console, but it should look something like this:

http://ec2-XX-XX-XX-XXX.compute-1.amazonaws.com/

Installing Jenkins

In my previous post we used aptitude to install Jenkins but the Amazon Linux AMI doesn’t have the aptitude package manager, s owe have to use YUM instead.

First we need to add the repository to the list of YUM repos:

sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo

and then get the GPG key:

sudo rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key

then we can install Jenkins:

yum install jenkins

The installer will install the server as well as create jenkins user under which the service will run. You can now start the jenkins service:

sudo /etc/init.d/jenkins start

As Jenkins runs on port 8080 by default, the next step is to get nginx to proxy all requests on port 80 to port 8080. You could probably just change Jenkins to run on port 80 by default if you wanted. Anyway, just change your nginx config (/etc/nginx/nginx.conf) so that the server section reads as follows:

server {
listen 80 default;
server_name _;
location /{
proxy_pass http://127.0.0.1:8080;
}
}

I won’t go into the details of nginx setup, but this is the minimum required to get you to a point of having Jenkins working.

Make sure you restart nginx to take account of the config changes,

sudo /etc/rc.d/init.d/nginx restart

You should be be able to view the jenkins homepage in a web browser using the same url as before:

http://ec2-XX-XX-XX-XXX.compute-1.amazonaws.com/

Security

One of the topics mentioned but not covered previously was security. As your build server is now visible publicly, you will want to set up some sort of security to prevent people from doing bad things.  The simplest way is to use Jenkins own user database, but there are other options to use an LDAP server or the underlying OS users. A few points to make sure that the server is secure:

  •  Disable the option to allow new users to sign up (unless you actually want people to be able to signup)
  • Change the authorisation section to either allow logged in users to do anything or use matrix based security and make sure anonymous users have no permissions

Setting up builds

You should refer back to my previous post on how to get your builds set up.7

Let me know how you get on

Advertisements

9 Comments on “Setting up a Jenkins build server on EC2”

  1. soyoung says:

    Hey, so this happened…

    $ sudo /etc/rc.d/init.d/nginx restart
    [emerg]: invalid number of arguments in “location” directive in /etc/nginx/nginx.conf:99

    I changed

    location{

    to

    location / {

    as it matched what the rest of the conf looked like, but still no success. Jenkins is available locally on my ec2 instance, but hitting the ec2 public url isn’t working. suggestions?

  2. jayunit100 says:

    Is nginx really required?

    • munsworth says:

      A proxy is not required it was just my personal preference to set it up this way so I can run other services on the same instance on port 80. There are also alternatives to nginx Apache with mod_proxy seems to be a popular alternative

  3. texuf says:

    this line is wrong:
    sudo /etc/rc.d/init.d.nginx restart
    should be
    sudo /etc/rc.d/init.d/nginx restart

    Otherwise, great tutorial, thanks you really helped me out.

  4. Vishal says:

    What about storing the build artifact files and build history? Would it be ideal to store on EC2 instance- which is ephemeral. Is there a way to store those artifacts some place like S3?

    • munsworth says:

      I would suggest attaching an EBS volume to your instance and pointing the Jenkins data directory at it.

      I’ve been meaning to do a follow up post as we’ve moved on quite a bit from this initial setup. I’ll try and get it done soon…..


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s