Skip to content

Commit f0607e1

Browse files
committed
Sanitize paths in README
1 parent 6c53abc commit f0607e1

File tree

1 file changed

+40
-38
lines changed

1 file changed

+40
-38
lines changed

README.md

Lines changed: 40 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -105,31 +105,33 @@ aws iam create-instance-profile --instance-profile-name JenkinsMaster
105105
aws iam create-instance-profile --instance-profile-name JenkinsWorkerPublish
106106
aws iam create-instance-profile --instance-profile-name JenkinsWorker
107107
108-
aws iam create-role --role-name jenkins-master --assume-role-policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/ec2-role-trust-policy.json
109-
aws iam create-role --role-name jenkins-worker --assume-role-policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/ec2-role-trust-policy.json
110-
aws iam create-role --role-name jenkins-worker-publish --assume-role-policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/ec2-role-trust-policy.json
108+
aws iam create-role --role-name jenkins-master --assume-role-policy-document file://$PWD/chef/ec2-role-trust-policy.json
109+
aws iam create-role --role-name jenkins-worker --assume-role-policy-document file://$PWD/chef/ec2-role-trust-policy.json
110+
aws iam create-role --role-name jenkins-worker-publish --assume-role-policy-document file://$PWD/chef/ec2-role-trust-policy.json
111111
112112
aws iam add-role-to-instance-profile --instance-profile-name JenkinsMaster --role-name jenkins-master
113113
aws iam add-role-to-instance-profile --instance-profile-name JenkinsWorker --role-name jenkins-worker
114114
aws iam add-role-to-instance-profile --instance-profile-name JenkinsWorkerPublish --role-name jenkins-worker-publish
115115
```
116116

117117
### Attach policies to roles:
118+
NOTE: if you get syntax errors, check the policy doc URL
118119

119120
```
120-
aws iam put-role-policy --role-name jenkins-master --policy-name jenkins-ec2-start-stop --policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/jenkins-ec2-start-stop.json
121-
aws iam put-role-policy --role-name jenkins-master --policy-name jenkins-dynamodb --policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/dynamodb.json
122-
123-
// TODO: once https://github.com/sbt/sbt-s3/issues/14 is fixed, remove s3credentials from nodes and use IAM profile instead
124-
aws iam put-role-policy --role-name jenkins-worker-publish --policy-name jenkins-s3-upload --policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/jenkins-s3-upload.json
125-
126-
aws iam put-role-policy --role-name jenkins-worker --policy-name jenkins-ebs-create-vol --policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/ebs-create-vol.json
121+
aws iam put-role-policy --role-name jenkins-master --policy-name jenkins-ec2-start-stop --policy-document file://$PWD/chef/jenkins-ec2-start-stop.json
122+
aws iam put-role-policy --role-name jenkins-master --policy-name jenkins-dynamodb --policy-document file://$PWD/chef/dynamodb.json
123+
aws iam put-role-policy --role-name jenkins-master --policy-name jenkins-ebs-create-vol --policy-document file://$PWD/chef/ebs-create-vol.json
124+
```
127125

128-
aws iam put-role-policy --role-name jenkins-worker-publish --policy-name jenkins-ebs-create-vol --policy-document file:///Users/adriaan/git/scala-jenkins-infra/chef/ebs-create-vol.json
126+
```
127+
aws iam put-role-policy --role-name jenkins-worker --policy-name jenkins-ebs-create-vol --policy-document file://$PWD/chef/ebs-create-vol.json
129128
```
130129

131-
NOTE: if you get syntax errors, check the policy doc URL
132-
pass JenkinsWorker as the iam profile to knife bootstrap
130+
TODO: once https://github.com/sbt/sbt-s3/issues/14 is fixed, remove s3credentials from nodes (use IAM profile below instead)
131+
```
132+
aws iam put-role-policy --role-name jenkins-worker-publish --policy-name jenkins-s3-upload --policy-document file://$PWD/chef/jenkins-s3-upload.json
133+
aws iam put-role-policy --role-name jenkins-worker-publish --policy-name jenkins-ebs-create-vol --policy-document file://$PWD/chef/ebs-create-vol.json
134+
```
133135

134136

135137
## Create an Elastic IP for each node
@@ -157,11 +159,11 @@ If your username on chef.io does not match the local username on your machine, y
157159
export CHEF_USER="[username]"
158160
```
159161

160-
You can then generate and download your private key on https://www.chef.io/account/password. Put it to `.chef/config/$CHEF_USER.pem`, then you can use knife without further config. See `.chef/knife.rb` for key locations.
162+
You can then generate and download your private key on https://www.chef.io/account/password. Put it to `$PWD/.chef/config/$CHEF_USER.pem`, then you can use knife without further config. See `$PWD/.chef/knife.rb` for key locations.
161163

162164
Test if knife works correctly by running `knife cookbook list`.
163165

164-
Obtain the organization validation key from Adriaan and put it to `.chef/config/$CHEF_ORG-validator.pem`. (Q: When is this key used exactly? https://docs.chef.io/chef_private_keys.html says it's when a new node runs `chef-client` for the first time.)
166+
Obtain the organization validation key from Adriaan and put it to `$PWD/.chef/config/$CHEF_ORG-validator.pem`. (Q: When is this key used exactly? https://docs.chef.io/chef_private_keys.html says it's when a new node runs `chef-client` for the first time.)
165167

166168
## Clone scala-jenkins-infra cookbook and its dependencies
167169

@@ -174,7 +176,7 @@ g commit --allow-empty -m"Initial"
174176
175177
hub clone scala/scala-jenkins-infra
176178
cd scala-jenkins-infra
177-
ln -sh ~/git/cookbooks .chef/
179+
ln -sh ~/git/cookbooks $PWD/.chef/
178180
179181
knife site install cron
180182
knife site install logrotate
@@ -240,23 +242,23 @@ NOTE: the JSON must not have a field "id"!!!
240242
### Chef user with keypair for jenkins cli access
241243
```
242244
eval "$(chef shell-init zsh)" # use chef's ruby, which has the net/ssh gem
243-
ruby chef/keypair.rb > ~/Desktop/chef-secrets/config/keypair.json
244-
ruby chef/keypair.rb > ~/Desktop/chef-secrets/config/scabot-keypair.json
245+
ruby chef/keypair.rb > $PWD/.chef/keypair.json
246+
ruby chef/keypair.rb > $PWD/.chef/scabot-keypair.json
245247
246-
# extract private key to ~/Desktop/chef-secrets/config/scabot.pem
248+
# extract private key to $PWD/.chef/scabot.pem
247249
248250
knife vault create master scala-jenkins-keypair \
249-
--json ~/Desktop/chef-secrets/config/keypair.json \
251+
--json $PWD/.chef/keypair.json \
250252
--search 'name:jenkins*' \
251253
--admins adriaan
252254
253255
knife vault create master scabot-keypair \
254-
--json ~/Desktop/chef-secrets/config/scabot-keypair.json \
256+
--json $PWD/.chef/scabot-keypair.json \
255257
--search 'name:jenkins-master' \
256258
--admins adriaan
257259
258260
knife vault create master scabot \
259-
--json ~/Desktop/chef-secrets/config/scabot.json \
261+
--json $PWD/.chef/scabot.json \
260262
--search 'name:jenkins-master' \
261263
--admins adriaan
262264
@@ -302,12 +304,12 @@ knife vault create worker-publish s3-downloads \
302304
--admins adriaan
303305
304306
knife vault create worker-publish chara-keypair \
305-
--json chara-keypair.json \
307+
--json $PWD/.chef/config/chara-keypair.json \
306308
--search 'name:jenkins-worker-ubuntu-publish' \
307309
--admins adriaan
308310
309311
knife vault create worker-publish gnupg \
310-
--json /Users/adriaan/Desktop/chef-secrets/gnupg.json \
312+
--json $PWD/.chef/config/gnupg.json \
311313
--search 'name:jenkins-worker-ubuntu-publish' \
312314
--admins adriaan
313315
@@ -336,28 +338,28 @@ Note that the IPs are stable by allocating elastic IPs and associating them to n
336338
## ~/.ssh/config
337339
```
338340
Host jenkins-worker-ubuntu-publish
339-
IdentityFile ~/Desktop/chef-secrets/config/chef.pem
341+
IdentityFile $PWD/.chef/config/chef.pem
340342
User ubuntu
341343
342344
Host jenkins-worker-behemoth-1
343-
IdentityFile ~/Desktop/chef-secrets/config/chef.pem
345+
IdentityFile $PWD/.chef/config/chef.pem
344346
User ec2-user
345347
346348
Host jenkins-worker-behemoth-2
347-
IdentityFile ~/Desktop/chef-secrets/config/chef.pem
349+
IdentityFile $PWD/.chef/config/chef.pem
348350
User ec2-user
349351
350352
Host jenkins-master
351-
IdentityFile ~/Desktop/chef-secrets/config/chef.pem
353+
IdentityFile $PWD/.chef/config/chef.pem
352354
User ec2-user
353355
354356
Host scabot
355357
HostName jenkins-master
356-
IdentityFile ~/Desktop/chef-secrets/config/scabot.pem
358+
IdentityFile $PWD/.chef/scabot.pem
357359
User scabot
358360
359361
Host jenkins-worker-windows-publish
360-
IdentityFile ~/Desktop/chef-secrets/jenkins-chef
362+
IdentityFile $PWD/.chef/config/chef.pem
361363
User jenkins
362364
```
363365

@@ -398,7 +400,7 @@ knife ec2 server create -N jenkins-master \
398400
--region us-west-1 --flavor t2.small -I ami-4b6f650e \
399401
-G Master --ssh-user ec2-user \
400402
--iam-profile JenkinsMaster \
401-
--identity-file .chef/config/chef.pem \
403+
--identity-file $PWD/.chef/config/chef.pem \
402404
--run-list "scala-jenkins-infra::master-init"
403405
404406
knife ec2 server create -N jenkins-worker-windows-publish \
@@ -410,7 +412,7 @@ knife ec2 server create -N jenkins-worker-windows-publish \
410412
--security-group-ids sg-1dec3d78 \
411413
--subnet subnet-4bb3b80d --associate-eip 54.183.156.89 \
412414
--server-connect-attribute public_ip_address \
413-
--identity-file .chef/config/chef.pem \
415+
--identity-file $PWD/.chef/config/chef.pem \
414416
--run-list "scala-jenkins-infra::worker-init"
415417
416418
@@ -424,7 +426,7 @@ knife ec2 server create -N jenkins-worker-ubuntu-publish \
424426
--security-group-ids sg-ecb06389 \
425427
--subnet subnet-4bb3b80d --associate-eip 54.67.33.167 \
426428
--server-connect-attribute public_ip_address \
427-
--identity-file .chef/config/chef.pem \
429+
--identity-file $PWD/.chef/config/chef.pem \
428430
--run-list "scala-jenkins-infra::worker-init"
429431
430432
echo NOTE: Make sure to first remove the ips in $behemothIp from your ~/.ssh/known_hosts. Also remove the corresponding worker from the chef server (can be only one with the same name).
@@ -439,7 +441,7 @@ do knife ec2 server create -N jenkins-worker-behemoth-$behemoth \
439441
--security-group-ids sg-ecb06389 \
440442
--subnet subnet-4bb3b80d --associate-eip ${behemothIp[$behemoth]} \
441443
--server-connect-attribute public_ip_address \
442-
--identity-file .chef/config/chef.pem \
444+
--identity-file $PWD/.chef/config/chef.pem \
443445
--run-list "scala-jenkins-infra::worker-init"
444446
done
445447
@@ -481,7 +483,7 @@ done
481483

482484
- windows:
483485
```
484-
PASS=$(aws ec2 get-password-data --instance-id i-f67c0a35 --priv-launch-key ~/Desktop/chef-secrets/config/chef.pem | jq .PasswordData | xargs echo)
486+
PASS=$(aws ec2 get-password-data --instance-id i-f67c0a35 --priv-launch-key $PWD/.chef/config/chef.pem | jq .PasswordData | xargs echo)
485487
knife winrm jenkins-worker-windows-publish chef-client -m -P $PASS
486488
```
487489

@@ -505,7 +507,7 @@ Workaround: make sure EC2 instance names are unique.
505507

506508
http://blog.gravitystorm.co.uk/2013/09/13/using-vagrant-to-test-chef-cookbooks/:
507509

508-
See `.chef/Vagrantfile` -- make sure you first populated `.chef/cookbooks/` using knife,
510+
See `$PWD/.chef/Vagrantfile` -- make sure you first populated `$PWD/.chef/cookbooks/` using knife,
509511
as [documented above](#get-cookbooks)
510512

511513
## If connections hang
@@ -541,15 +543,15 @@ $ openssl req -text -noout -in scala-ci.csr
541543

542544
## Retry bootstrap
543545
```
544-
knife bootstrap -c .chef/knife.rb jenkins-worker-ubuntu-publish --ssh-user ubuntu --sudo -c .chef/knife.rb -N jenkins-worker-ubuntu-publish -r "scala-jenkins-infra::worker-init"
546+
knife bootstrap -c $PWD/.chef/knife.rb jenkins-worker-ubuntu-publish --ssh-user ubuntu --sudo -c $PWD/.chef/knife.rb -N jenkins-worker-ubuntu-publish -r "scala-jenkins-infra::worker-init"
545547
```
546548

547549
## WinRM troubles?
548550
If it appears stuck at "Waiting for remote response before bootstrap.", the userdata didn't make it across
549551
(check C:\Program Files\Amazon\Ec2ConfigService\Logs) we need to enable unencrypted authentication:
550552

551553
```
552-
aws ec2 get-password-data --instance-id $INST --priv-launch-key ~/git/scala-jenkins-infra/.chef/config/chef.pem
554+
aws ec2 get-password-data --instance-id $INST --priv-launch-key $PWD/.chef/config/chef.pem
553555
554556
cord $IP, log in using password above and open a command line:
555557

0 commit comments

Comments
 (0)