y0zg/jenkins-terraform-bootstrap

Goal: To bootstrap a light-weight Jenkins instance with auto-scaling replicas using Terraform and EC2 Spot Instances

jenkins-terraform-bootstrap

Bootstrap a Jenkins server using Packer, Terraform, Docker, and AWS with minimal manual setup.

Requirements

• AWS free-tier account
• Packer
• Terraform

Setup

Follow these steps to create your Jenkins server from scratch.

Replace custom variables for your AWS account

Update the following values in terraform/remote_state/backend.auto.tfvars:

• bucket - Where your Terraform state will be stored. Must be globally unique! Example: "terraform-state-my-project"

Update the following values in terraform/network.auto.tfvars:

• vpc_id - VPC that Jenkins will run in. Example: "vpc-123abcd"
• subnet_id - ID of a public subnet in your VPC. Example: "subnet-abcd123"
• ingress_cidr - CIDR address for inbound traffic to your Jenkins instance. Example: "192.168.0.0/24"

Create an ec2 key pair for ssh access

Follow these instructions to create an EC2 Key Pair to be able to access your EC2 instance with ssh. We will use this key pair later to retrieve the Jenkins admin password.

Setup Terraform s3 backend

cd terraform/remote_state
terraform init
terraform apply

Create image with Packer

This AMI will include the Dockerfile and plugins.txt needed to run the Jenkins docker image.

Before running this, ensure you have set the following env variables:

export AWS_ACCESS_KEY_ID=YOUR_AWS_ACCESS_KEY
export AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_KEY

cd terraform/jenkins
packer validate jenkins_image.json
packer build \
    -var "aws_access_key=${AWS_ACCESS_KEY_ID}" \
    -var "aws_secret_key=${AWS_SECRET_ACCESS_KEY}" \
    jenkins_image.json

Create EC2 instance from Packer image and start Jenkins

cd terraform
terraform init
terraform apply

In the output, you should see the public ip address and public dns name for your instance. Your instance will take a few minutes to be up and running.

Retrieve Jenkins admin password

Once the EC2 instance is running, ssh to the machine to retrieve the jenkins password from the docker container. You will need the following:

• Path of the EC2 key you created earlier
• EC2 instance private_ip from Terraform output

ssh -i <ec2_pem_key_location> ubuntu@<instance_public_ip>

From the EC2 instance:

sudo su - root
CONTAINER_ID=$(docker ps -l -q)
docker exec -it $CONTAINER_ID /bin/bash
cat var/jenkins_home/secrets/initialAdminPassword

Copy this password

Login to Jenkins

Use the public dns name that was provided in the Terraform output to login to the Jenkins instance: http://<instance_public_dns>:8080

You should see the "Unlock Jenkins" screen. Use the admin password to login.

Cleanup

Follow these instructions to destroy your Jenkins server and all dependent infrastructure.

Destroy AWS resources (excluding Terraform state s3 backend)

cd terraform
terraform destroy

Destroy Terraform s3 backend

This will destroy all Terraform state

cd terraform/remote_state
terraform destroy