You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+93-56Lines changed: 93 additions & 56 deletions
Original file line number
Diff line number
Diff line change
@@ -105,31 +105,33 @@ aws iam create-instance-profile --instance-profile-name JenkinsMaster
105
105
aws iam create-instance-profile --instance-profile-name JenkinsWorkerPublish
106
106
aws iam create-instance-profile --instance-profile-name JenkinsWorker
107
107
108
-
aws iam create-role --role-name jenkins-master --assume-role-policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/ec2-role-trust-policy.json
109
-
aws iam create-role --role-name jenkins-worker --assume-role-policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/ec2-role-trust-policy.json
110
-
aws iam create-role --role-name jenkins-worker-publish --assume-role-policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/ec2-role-trust-policy.json
108
+
aws iam create-role --role-name jenkins-master --assume-role-policy-document file://$PWD/chef/ec2-role-trust-policy.json
109
+
aws iam create-role --role-name jenkins-worker --assume-role-policy-document file://$PWD/chef/ec2-role-trust-policy.json
110
+
aws iam create-role --role-name jenkins-worker-publish --assume-role-policy-document file://$PWD/chef/ec2-role-trust-policy.json
111
111
112
112
aws iam add-role-to-instance-profile --instance-profile-name JenkinsMaster --role-name jenkins-master
113
113
aws iam add-role-to-instance-profile --instance-profile-name JenkinsWorker --role-name jenkins-worker
114
114
aws iam add-role-to-instance-profile --instance-profile-name JenkinsWorkerPublish --role-name jenkins-worker-publish
115
115
```
116
116
117
117
### Attach policies to roles:
118
+
NOTE: if you get syntax errors, check the policy doc URL
118
119
119
120
```
120
-
aws iam put-role-policy --role-name jenkins-master --policy-name jenkins-ec2-start-stop --policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/jenkins-ec2-start-stop.json
121
-
aws iam put-role-policy --role-name jenkins-master --policy-name jenkins-dynamodb --policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/dynamodb.json
122
-
123
-
// TODO: once https://github.com/sbt/sbt-s3/issues/14 is fixed, remove s3credentials from nodes and use IAM profile instead
124
-
aws iam put-role-policy --role-name jenkins-worker-publish --policy-name jenkins-s3-upload --policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/jenkins-s3-upload.json
125
-
126
-
aws iam put-role-policy --role-name jenkins-worker --policy-name jenkins-ebs-create-vol --policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/ebs-create-vol.json
121
+
aws iam put-role-policy --role-name jenkins-master --policy-name jenkins-ec2-start-stop --policy-document file://$PWD/chef/jenkins-ec2-start-stop.json
122
+
aws iam put-role-policy --role-name jenkins-master --policy-name jenkins-dynamodb --policy-document file://$PWD/chef/dynamodb.json
123
+
aws iam put-role-policy --role-name jenkins-master --policy-name jenkins-ebs-create-vol --policy-document file://$PWD/chef/ebs-create-vol.json
124
+
```
127
125
128
-
aws iam put-role-policy --role-name jenkins-worker-publish --policy-name jenkins-ebs-create-vol --policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/ebs-create-vol.json
126
+
```
127
+
aws iam put-role-policy --role-name jenkins-worker --policy-name jenkins-ebs-create-vol --policy-document file://$PWD/chef/ebs-create-vol.json
129
128
```
130
129
131
-
NOTE: if you get syntax errors, check the policy doc URL
132
-
pass JenkinsWorker as the iam profile to knife bootstrap
130
+
TODO: once https://github.com/sbt/sbt-s3/issues/14 is fixed, remove s3credentials from nodes (use IAM profile below instead)
131
+
```
132
+
aws iam put-role-policy --role-name jenkins-worker-publish --policy-name jenkins-s3-upload --policy-document file://$PWD/chef/jenkins-s3-upload.json
133
+
aws iam put-role-policy --role-name jenkins-worker-publish --policy-name jenkins-ebs-create-vol --policy-document file://$PWD/chef/ebs-create-vol.json
134
+
```
133
135
134
136
135
137
## Create an Elastic IP for each node
@@ -157,35 +159,70 @@ If your username on chef.io does not match the local username on your machine, y
157
159
export CHEF_USER="[username]"
158
160
```
159
161
160
-
You can then generate and download your private key on https://www.chef.io/account/password. Put it to `.chef/config/$CHEF_USER.pem`, then you can use knife without further config. See `.chef/knife.rb` for key locations.
162
+
You can then generate and download your private key on https://www.chef.io/account/password. Put it to `$PWD/.chef/config/$CHEF_USER.pem`, then you can use knife without further config. See `$PWD/.chef/knife.rb` for key locations.
161
163
162
164
Test if knife works correctly by running `knife cookbook list`.
163
165
164
-
Obtain the organization validation key from Adriaan and put it to `.chef/config/$CHEF_ORG-validator.pem`. (Q: When is this key used exactly? https://docs.chef.io/chef_private_keys.html says it's when a new node runs `chef-client` for the first time.)
166
+
Obtain the organization validation key from Adriaan and put it to `$PWD/.chef/config/$CHEF_ORG-validator.pem`. (Q: When is this key used exactly? https://docs.chef.io/chef_private_keys.html says it's when a new node runs `chef-client` for the first time.)
167
+
168
+
## Clone scala-jenkins-infra cookbook and its dependencies
165
169
166
-
## Get cookbooks
170
+
I think you can safely ignore `ERROR: IOError: Cannot open or read **/metadata.rb!` in the below
167
171
168
172
```
169
-
git init .chef/cookbooks
170
-
cd .chef/cookbooks
173
+
cd ~/git/cookbooks
174
+
git init .
171
175
g commit --allow-empty -m"Initial"
172
-
```
173
-
174
-
- knife cookbook site install wix 1.0.2 # newer versions don't work for me; also installs windows
echo NOTE: Make sure to first remove the ips in $behemothIp from your ~/.ssh/known_hosts. Also remove the corresponding worker from the chef server (can be only one with the same name).
@@ -404,7 +441,7 @@ do knife ec2 server create -N jenkins-worker-behemoth-$behemoth \
0 commit comments