Challenges Your AWS Cloudformation Skills

1 Challenges Your AWS Cloudformation Skills

---

Deploy Jenkins via AWS Cloudformation. Scenario-by-scenario.

---

• Blog URL: https://www.dennyzhang.com/challenges-cloudformation-jenkins
• Category: AWS

File me Issues or star this repo.

See more challenges from Denny: #denny-challenges

1.1 Scenario-101: Docker Single-Node Jenkins Deployment I

• Objective: Deploy Docker container in AWS
• Requirements:

1. Start an EC2 instance by cloudformation
2. Provision the instance as docker daemon
3. Setup Jenkins container inside the instance

• Main Tech: Cloudformation, Docker

• See more: Scenario-101

1.2 Scenario-102: Docker Single-Node Jenkins Deployment II

• Objective: Customize Jenkins docker deployment in AWS
• Requirements:

1. Finish Scenario-101, create a jenkins user by code.
2. Anonymous user can't open the jenkins. Only login user can.
3. When Jenkins is down, get alerts
4. Make sure Jenkins GUI changes can be seamlessly tracked in git repo.

• Main Tech: Cloudformation, Docker

• See more: Scenario-102

1.3 Scenario-201: VM Single-Node Jenkins Deployment I

• Objective: We need a live Jenkins env in public Cloud. Fast and easy.
• Requirements:

1. Use cloudformation to start an EC2 instance
2. Start Jenkins inside the EC2 instance

• Main Tech: Cloudformation, Chef

• See more: Scenario-201

1.4 Scenario-202: VM Single-Node Jenkins Deployment II

• Objective: Customize Jenkins docker deployment in AWS
• Requirements:

1. Finish Scenario-201, create a jenkins user by code.
2. Create a dedicated VPC for the jenkins. And allow selective source IP to access.
3. Anonymous user can't open the jenkins. Only login user can.
4. Make sure Jenkins GUI changes can be seamlessly tracked in git repo.

• Main Tech: Cloudformation, Chef, VPC, Slack

• See more: Scenario-202

1.5 Scenario-203: VM Single-Node Jenkins Deployment III

• Objective: Customize Jenkins docker deployment in AWS
• Requirements:

1. Finish Scenario-202
2. Use CF to create a dedicated VPC and start an EC2

• Main Tech: Cloudformation, Chef, VPC, CloudWatch, Slack

• See more: Scenario-203

1.6 Scenario-301: VM ASG/ELB Jenkins Deployment I

• Objective: Customize Jenkins docker deployment in AWS
• Requirements:

1. Use CF to create ASG and ELB. And monitor ELB
2. Start Jenkins master by ELB. Configure instance count to 1

• Main Tech: Cloudformation, Chef, VPC, CloudWatch, Slack

• See more: Scenario-301

1.7 Scenario-302: VM ASG/ELB Jenkins Deployment II

• Objective: Customize Jenkins docker deployment in AWS
• Requirements:

1. Finish Scenario-301
2. Get slack notificaiton for autoscaling events.
   Here we assume, one SNS topic has already been created.
   Verify it by terminating existing instance
3. In ELB, enable monitoring
   Verify it by terminating existing instance
4. In Jenkins deployment, create a pipeline

• Main Tech: Cloudformation, Chef, VPC, CloudWatch, Slack

• See more: Scenario-302

1.8 Scenario-303: VM ASG/ELB Jenkins Deployment II

• Objective: Customize Jenkins docker deployment in AWS
• Requirements:

1. Finish Scenario-302
2. ELB export target group
3. Enable logging for ELB
4. When SNSTopicName is empty, avoid adding SNS notification

• Main Tech: Cloudformation, Chef, VPC, CloudWatch, Slack

• See more: Scenario-303

1.9 Scenario-401: VM 2-Nodes Jenkins Deployment I

• Objective: Avoid SPOF by adding 2 Jenkins instance
• Requirements:

1. Start 1 jenkins master and 1 jenkins slave
2. Jenkins master offload request to jenkins slave

• Main Tech: Cloudformation, Chef, VPC, CloudWatch, Jenkins Slack Integration, ALB

• See more: Scenario-401
• TODO: how the 2 Jenkins instance gonna to coordinate with each other?

1.10 Scenario-402: VM 2-Nodes Jenkins Deployment II

• Objective: Jenkins cluster deployment
• Requirements:

1. Start 1 jenkins master and 1 jenkins slave
2. Enable auto-scaling for Jenkins master. With instance count 1
3. Enable auto-scaling for Jenkins slaves. With instance count range from 1 to 3
4. Customized VPC to allow limited network access

• Main Tech: Cloudformation, Chef, VPC, CloudWatch, EBS, Jenkins Slack Integration, ALB

• See more: Scenario-402

1.11 Scenario-501: ECS Jenkins Deployment I

• Objective: Get exposed to docker orchestration service.
• Requirements:

1. Start ECS with 1 node
2. Install a single Jenkins instance

• Main Tech: Cloudformation, ECS, EBS

• See more: Scenario-501

1.12 Scenario-502: ECS Jenkins Deployment II

• Objective: Deploy a 2-nodes Jenkins cluster
• Requirements:

1. Start ECS with 2 node
2. Start Jenkins service with 2 instances in ECS. One for master, one for slave.
3. Enable ALB for Jenkins master

• Main Tech: Cloudformation, ECS, ELB, CloudWatch, ALB

• See more: Scenario-502
• TODO: How to avoid Jenkins SPOF, theoretically speaking?

1.13 Scenario-503: ECS Jenkins Deployment III

• Objective: Deploy Jenkins 1 Master 3 Slaves with 2 nodes in ECS2
• Requirements:

1. Start ECS with 2 node
2. Start Jenkins service within ECS. 1 Master and 3 Slaves
3. Enable ALB for Jenkins master

• Main Tech: Cloudformation, ECS, ELB, CloudWatch, ALB

• See more: Scenario-503
• TODO: How to avoid Jenkins SPOF, theoretically speaking?

1.14 Scenario-601: Large Scale Jenkins Deployment I

• Objective: Suppose you have 1K developers to use your Jenkins. Improve scalability, availability, security, etc.
• Requirements:

1. Scalability: multiple Jenkins master instances
2. Availability: Jenkins slave; Jenkins Master
2. Security: VPC, Jenkins authentication integration

• Main Tech: Cloudformation, ECS, EBS, ALB

• See more: Scenario-601

1.15 Highlights

• **Highlights For This Case Study**

1. OS support: Amazon AMI, Ubuntu and CentOS
2. Use CF to fully automate all deployments
3. Auto-healing: autoscaling group. Improved service availability
4. When issues have happened, we detect it earlier.
5. Pretty secured
6. Quick learner: I have never used CF before.
   This GitHub repo is the deliverable of 1.5 weeks' part time work.

• Discussions & Further Improvements:

TOOD

0. Use docker/ecs/k8s
1. Speed up the whole setup process
2. Reduce the deployment failure rate
3. Improve master HA by using EFS for shared storage of Jenkins HOME
4. Setup 1 master N slaves models
5. Improve error handling. e.g, False positive. when EC2 instance is up, but chef apply hasn't finished
6. Save the cloud bills
7. Use serverless instead of Jenkins hosted solution
8. Use CodeDeploy to replace Chef

• Personal Review:

1. Really like container/ECS deployment over VM deployment.
2. Jenkins community don't have HA solution for Jenkins master yet.
3. Jenkins plugins dependency is really troublesome.

• Critical Info

# Centos Jenkins Conf
/etc/sysconfig/jenkins

# Run chef deployment
chef-solo --config "/home/ec2-user/chef/solo.rb" \
  --log_level auto -L "/home/ec2-user/log/run_chef_solo.log" \
  --force-formatter --no-color \
  --json-attributes "/home/ec2-user/chef/node.json"

2 More Resources

License: Code is licensed under MIT License.

• Useful links

https://github.com/widdix/aws-cf-templates
https://github.com/awslabs/startup-kit-templates
http://templates.cloudonaut.io/en/stable/jenkins/

# Jenkins Security
https://wiki.jenkins.io/display/JENKINS/Standard+Security+Setup
https://d0.awsstatic.com/whitepapers/DevOps/Jenkins_on_AWS.pdf