2a60f427a1285682292bee0fea86e2144cb11b03
configuration/hudson_instance_setup/setup-hudson-server.sh
| ... | ... | @@ -22,10 +22,14 @@ else |
| 22 | 22 | echo "Running on an AWS EC2 instance as user ${USER} / $(whoami), starting setup..." |
| 23 | 23 | # Install secrets |
| 24 | 24 | scp root@sapsailing.com:dev-secrets /tmp |
| 25 | + scp root@sapsailing.com:hudson-aws-credentials /tmp |
|
| 25 | 26 | sudo mv /tmp/dev-secrets /root/secrets |
| 26 | - sudo chown root /root/secrets |
|
| 27 | - sudo chgrp root /root/secrets |
|
| 28 | - sudo chmod 600 /root/secrets |
|
| 27 | + mkdir /root/.aws |
|
| 28 | + sudo mv /tmp/hudson-aws-credentials /root/.aws/credentials |
|
| 29 | + sudo chown root:root /root/secrets /root/.aws/credentials |
|
| 30 | + sudo chmod 600 /root/secrets /root/.aws/credentials |
|
| 31 | + # Make eu-west-1 the default region for any aws CLI interaction: |
|
| 32 | + sudo su - -c "aws configure set default.region eu-west-1" |
|
| 29 | 33 | # Create "hudson" user and clear its directory again which is to become a mount point |
| 30 | 34 | sudo adduser hudson |
| 31 | 35 | sudo su - hudson -c "rm -rf /home/hudson/* /home/hudson/.* 2>/dev/null" |
| ... | ... | @@ -41,6 +45,10 @@ else |
| 41 | 45 | sudo ln -s /home/sailing/code/configuration/hudson_instance_setup/hudson.service /etc/systemd/system |
| 42 | 46 | # Link Hudson system-wide config file: |
| 43 | 47 | sudo ln -s /home/sailing/code/configuration/hudson_instance_setup/sysconfig-hudson /etc/sysconfig/hudson |
| 48 | + # Link additional script files needed for Hudson build server control: |
|
| 49 | + sudo ln -s /home/sailing/code/configuration/launchhudsonslave /usr/local/bin |
|
| 50 | + sudo ln -s /home/sailing/code/configuration/launchhudsonslave-java11 /usr/local/bin |
|
| 51 | + sudo ln -s /home/sailing/code/configuration/aws-automation/getLatestImageOfType.sh /usr/local/bin |
|
| 44 | 52 | # Enable the service: |
| 45 | 53 | sudo systemctl daemon-reload |
| 46 | 54 | sudo systemctl enable hudson.service |
| ... | ... | @@ -49,6 +57,13 @@ else |
| 49 | 57 | /home/hudson/android-sdk-linux 172.31.0.0/16(rw,nohide,no_root_squash) |
| 50 | 58 | EOF |
| 51 | 59 | " |
| 60 | + # Allow "hudson" user to launch EC2 instances: |
|
| 61 | + sudo su - -c "cat <<EOF >>/etc/sudoers.d/hudsoncanlaunchec2instances |
|
| 62 | +hudson ALL = (root) NOPASSWD: /usr/local/bin/launchhudsonslave |
|
| 63 | +hudson ALL = (root) NOPASSWD: /usr/local/bin/launchhudsonslave-java11 |
|
| 64 | +hudson ALL = (root) NOPASSWD: /usr/local/bin/getLatestImageOfType.sh |
|
| 65 | +EOF |
|
| 66 | +" |
|
| 52 | 67 | # Install DEV server |
| 53 | 68 | sudo su - sailing -c "mkdir /home/sailing/servers/DEV |
| 54 | 69 | cd /home/sailing/servers/DEV |
configuration/launchhudsonslave
| ... | ... | @@ -3,7 +3,7 @@ |
| 3 | 3 | # hudson ALL = (root) NOPASSWD: /usr/local/bin/launchhudsonslave |
| 4 | 4 | # hudson ALL = (root) NOPASSWD: /usr/local/bin/launchhudsonslave-java11 |
| 5 | 5 | # hudson ALL = (root) NOPASSWD: /usr/local/bin/getLatestImageOfType.sh |
| 6 | -AWS=/usr/bin/aws |
|
| 6 | +AWS=/bin/aws |
|
| 7 | 7 | REGION=eu-west-1 |
| 8 | 8 | HUDSON_SLAVE_AMI_ID=$( /usr/local/bin/getLatestImageOfType.sh hudson-slave ) |
| 9 | 9 | echo Launching instance from AMI ${HUDSON_SLAVE_AMI_ID} ... |
wiki/info/landscape/creating-ec2-image-for-hudson-from-scratch.md
| ... | ... | @@ -6,7 +6,7 @@ Like when setting up a regular sailing application server instance, start with a |
| 6 | 6 | ``` |
| 7 | 7 | This will first run the regular sailing server set-up which allows the instance to run the ``dev.sapsailing.com`` Sailing Analytics instance later. Then, the script will continue to obtain the Hudson WAR file from ``https://static.sapsailing.com/hudson.war.patched-with-mail-1.6.2`` and deploy it to ``/usr/lib/hudson``, obtain and install the default system-wide Hudson configuration, get adjusted dev server secrets from ``ssh://root@sapsailing.com/root/dev-secrets`` as well as ``mail.properties``, and install a ``hudson.service`` unit under ``/etc/systemd/system``. A ``hudson`` user is created, and its ``/home/hudson`` home directory is emptied so it can act as a mount point. A latest version of the SAP Sailing Analytics is installed to ``/home/sailing/servers/DEV``. |
| 8 | 8 | |
| 9 | -The ``/home/hudson/android-sdk-linux`` folder that is later expected to be mounted into the ``/home/hudson`` mount point is exported through NFS by appending a corresponding entry to ``/etc/exports``. |
|
| 9 | +The ``/home/hudson/android-sdk-linux`` folder that is later expected to be mounted into the ``/home/hudson`` mount point is exported through NFS by appending a corresponding entry to ``/etc/exports``. The script will also allow the ``hudson`` user to run the ``/usr/local/bin/launchhudsonslave`` script with ``sudo``. In order to elastically scale our build / CI infrastructure, we use AWS to provide Hudson build slaves on demand. The Hudson Master (https://hudson.sapsailing.com) has a script obtained from our git at ``./configuration/launchhudsonslave`` which takes an Amazon Machine Image (AMI), launches it in our default region (eu-west-1) and connects to it. The AWS credentials are stored in the ``root`` account on ``hudson.sapsailing.com``, and the ``hudson`` user is granted access to the script by means of an ``/etc/sudoers.d`` entry. |
|
| 10 | 10 | |
| 11 | 11 | When the script has finished, proceed as follows: |
| 12 | 12 |