Jenkins Migration to AWS Part-1

Jenkins Migration to AWS Part-1

Following below are the steps needed to transfer Jenkins from one machine to another machine.

Objectives:

  • Transfer all existing projects/pipelines
  • Transfer all existing plugins
  • Transfer all configuration settings: System Global Tool, Security, Nodes, Credentials

Jenkins Installation on AWS Machine:

Step 1 — Prerequisites (Install Java 8)

To install this version, first update the package index:

sudo apt update

Next, check if Java is already installed:

java -version

If Java is not currently installed, you’ll see the following output:

Output  
Command 'java' not found, but can be installed with:
apt install default-jre  
apt install openjdk-11-jre-headless  
apt install openjdk-8-jre-headless  
apt install openjdk-9-jre-headless

Execute the following command to install OpenJDK:

#for java 8  
sudo apt install openjdk-8-jre  
#for latest  
sudo apt install default-jre

This command will install the Java Runtime Environment (JRE). This will allow you to run almost all Java software. Verify the installation with:

java -version

You may need the Java Development Kit (JDK) in addition to the JRE in order to compile and run some specific Java-based software. To install the JDK, execute the following command, which will also install the JRE:

#for java 8  
sudo apt install openjdk-8-jdk  
#for latest  
sudo apt install default-jdk

Verify that the JDK is installed by checking the version of javac, the Java compiler:

javac -version

To set this environment variable, first determine where Java is installed. Use the update-alternatives command:

sudo update-alternatives --config java

Step 2 — Installing Jenkins

The version of Jenkins included with the default Ubuntu packages is often behind the latest available version from the project itself. To take advantage of the latest fixes and features, you can use the project-maintained packages to install Jenkins.

First, add the repository key to the system:

wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add -

When the key is added, the system will return OK. Next, append the Debian package repository address to the server’s sources.list:

sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'

When both of these are in place, run the update so that apt will use the new repository:

sudo apt update

Finally, install Jenkins and its dependencies:

sudo apt install jenkins

Now that Jenkins and its dependencies are in place, we’ll start the Jenkins server.

Step 3 — Starting Jenkins

Let’s start Jenkins using systemctl:

sudo systemctl start jenkins

Since systemctl doesn’t display output, you can use its status command to verify that Jenkins started successfully:

sudo systemctl status jenkins

Step 4 — Opening the Firewall

By default, Jenkins runs on port 8080, so let’s open that port using ufw:

sudo ufw allow 8080

Check ufw’s status to confirm the new rules:

sudo ufw status

You will see that traffic is allowed to port 8080 from anywhere:

Output  
Status: active
To                         Action      From  
--                         ------      ----  
OpenSSH                    ALLOW       Anywhere  
8080                       ALLOW       Anywhere  
OpenSSH (v6)               ALLOW       Anywhere (v6)  
8080 (v6)                  ALLOW       Anywhere (v6)

Step 5 — Configuring Jenkins for HTTPS

Step 5.1 — Configuring Nginx

First of all, setup nginx with SSL configuration settings.

upstream jenkins{  
    server 127.0.0.1:8080;  
}
server{  
    listen      80;  
    server_name ci.example.com;
 access_log  /var/log/nginx/jenkins.access.log;  
    error_log   /var/log/nginx/jenkins.error.log;
 proxy_buffers 16 64k;  
    proxy_buffer_size 128k;
 location / {  
        proxy_pass  http://127.0.0.1:8080;  
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;  
        proxy_redirect off;
 proxy_set_header    Host            $host;  
        proxy_set_header    X-Real-IP       $remote_addr;  
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;  
        proxy_set_header    X-Forwarded-Proto http;  
    }
}

Once you’ve setup test nginx configuration:

sudo nginx -t

If all is well, the command will return:

Output  
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok  
nginx: configuration file /etc/nginx/nginx.conf test is successful

If not, fix any reported errors until the test passes.

Step 5.2 — Configuring Jenkins

For Jenkins to work with Nginx, you will need to update the Jenkins configuration so that the Jenkins server listens only on the localhost interface rather than on all interfaces (0.0.0.0). If Jenkins listens on all interfaces, it’s potentially accessible on its original, unencrypted port (8080).

Let’s modify the /etc/default/jenkins configuration file to make these adjustments:

sudo nano /etc/default/jenkins

Locate the JENKINS_ARGS line and add --httpListenAddress=127.0.0.1 to the existing :

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --httpListenAddress=127.0.0.1"

Save and exit the file.

To use the new configuration settings, restart Jenkins:

sudo systemctl restart jenkins

Since systemctl doesn’t display output, check the status:

sudo systemctl status jenkins

Restart Nginx:

sudo systemctl restart nginx

Check the status:

sudo systemctl status nginx

Step 6 — Setting Up Jenkins

To set up your installation, visit http://ci.example.com

You should see the Unlock Jenkins screen, which displays the location of the initial password. In the terminal window, use the cat command to display the password:

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Copy the 32-character alphanumeric password from the terminal and paste it into the Administrator password field, then click Continue.

The next screen presents the option of installing suggested plugins or selecting specific plugins. We’ll click the skip suggested plugins options, you will be prompted to set up the first administrative user. It’s possible to skip this step and continue as admin using the initial password we used above, but we’ll take a moment to create the user.

All done.