Jenkins on EC2 : 1. Setting up instance

bogotobogo.com site search:

EC2 Account setup

Select Ubuntu 14.04 Amazon Machine Image (AMI) for our instance:

We can use free ec2 account in US East(N. Virginia):

In Step 5: Tag Instance, we set the value as 'jenkinsOnEC2'

The Step 6: Configure Security Group is essentially for setting up ec2 instance firewall. We need two port be opened: SSH and HTTP:

Now, we want to create a key pair consists of a public key that AWS stores, and a private key file that we store. Together, they allow us to connect to our instance securely. For Linux AMIs, the private key file allows us to securely SSH into our instance.

Click "Download key pair" => "Launch Instance":

Click id to launch instance:

Here is our instance:

SSH to EC2 Account

The *.pem file is in ~/Download directory, and host is ec2-54-165-35-91.compute-1.amazonaws.com:

We need to change the permission:

k@k:~$ chmod 600 ~/Downloads/bogo_jenkins_on_ec2.pem

If we try to do ssh:

k@k:~$ ssh -i ~/Downloads/bogo_jenkins_on_ec2.pem ubuntu@ec2-54-165-35-91.compute-1.amazonaws.com
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-36-generic x86_64)
...

The ssh command is too long, the path to *.pem + username + hostname. Let's try make it short. We want to create a new file ~/.ssh/config:

Host ec2
  Hostname      ec2-54-165-35-91.compute-1.amazonaws.com
  User          ubuntu
  IdentityFile ~/.ssh/bogo_jenkins_on_ec2.pem

We may want to move *.pem to .ssh:

k@k:~$ mv ~/Downloads/bogo_jenkins_on_ec2.pem ~/.ssh/bogo_jenkins_on_ec2.pem

Now we can use simpler version of ssh to login to our EC2 account:

k@k:~$ ssh ec2
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-36-generic x86_64)
...

Adding repository for the Jenkins package

Now, we're going to add repository for the Jenkins package. So, we need to install the public key for the Jenkins repository to tell Ubuntu that this is a trusted repository:

ubuntu@ip-172-31-52-90:~$ wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
OK

Then, we need to tell Ubuntu where the package repository is. We just add the package repository to the list of repositories:

ubuntu@ip-172-31-52-90:~$ echo "deb http://pkg.jenkins-ci.org/debian binary/" | sudo tee -a /etc/apt/sources.list.d/jenkins.list
deb http://pkg.jenkins-ci.org/debian binary/

Update packages:

ubuntu@ip-172-31-52-90:~$ sudo apt-get update

Then, we install Jenkins:

ubuntu@ip-172-31-52-90:~$ sudo apt-get install jenkins

Once Jenkins installed, we want to start Jenkins:

ubuntu@ip-172-31-52-90:~$ sudo service jenkins start
 * Starting Jenkins Continuous Integration Server jenkins   
                                                                         [ OK ] 
ubuntu@ip-172-31-52-90:~$ ps -ef |grep jenkins
ps -ef|grep jenkins
jenkins   5511     1  0 17:51 ?        00:00:00 /usr/bin/daemon --name=jenkins --inherit --env=JENKINS_HOME=/var/lib/jenkins --output=/var/log/jenkins/jenkins.log --pidfile=/var/run/jenkins/jenkins.pid -- /usr/bin/java -Djava.awt.headless=true -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1
jenkins   5512  5511 97 17:51 ?        00:00:06 /usr/bin/java -Djava.awt.headless=true -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1
ubuntu    5536  1790  0 17:52 pts/2    00:00:00 grep --color=auto jenkins

As we can see the Jenkins package create a new user called "jenkins" on the system and that allows Jenkins to be run as an unprivileged user. We don't want to run as root for security reasons. Because an unprivileged user cannot start up a server on a privileged port like HTTP, so it's running on 8080. On the other hand, we don't want to specify port 8080 every time we connect to this Jenkins server from our web browser.

Install Apache server

ubuntu@ip-172-31-52-90:~$ sudo apt-get install apache2
ubuntu@ip-172-31-52-90:~$ sudo a2enmod proxy
ubuntu@ip-172-31-52-90:~$ sudo a2enmod proxy_http

Now we need to configure Apache to actually proxy the request from port 80 to port 8080.

ubuntu@ip-172-31-52-90:~$ vi /etc/apache2/sites-available/jenkins.conf

<VirtualHost *:80>
    ServerName ec2-54-165-35-91.compute-1.amazonaws.com
    ProxyRequests Off
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    ProxyPreserveHost on
    ProxyPass / http://localhost:8080/
</VirtualHost>

Now we need to enable our new site that we've set up in Apache.

ubuntu@ip-172-31-52-90:~$ sudo a2ensite jenkins
Enabling site jenkins.
To activate the new configuration, you need to run:
  service apache2 reload

The a2ensite is a script that enables the specified site (which contains a <VirtualHost> block) within the apache2 configuration. It does this by creating symlinks within /etc/apache2/sites-enabled.

To activte the new configuration:

ubuntu@ip-172-31-52-90:~$ sudo service apache2 reload
 * Reloading web server apache2                                                                                                             *

Let's type our ec2 hostname into a browser: