-
-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ci.jenkins.io] Move ephemeral VM agents to AWS #4316
Comments
Take a look at these similar issues to see if there isn't already a response to your problem: |
to prepare this, we (jay and I) need to create a specific user for packer-images, as for azure https://github.com/jenkins-infra/azure/blob/main/packer-resources.tf I started creating it in the aws-sponsored repository. we did improve the policies for the role infra-developer to be able to create the new user directly on the terraform-states repo. With numerous try and fail we manage to have the correct set of rights (private link: https://github.com/jenkins-infra/terraform-states/blob/2ba74f30dd02a497062ecd8d1e5b52a7554e66b2/aws-sponsored/role-infra-developers.tf#L193-L210) but when replaying on the infra.ci we still got this error
while the deploy is working locally with the infra-developer role (terraform-developer)
when checking on the UI we can see that |
the packer user creation was moved to terraform-states hence no more problem of IAM rights |
Update: The aws credentials used by user 'packer' to access packer-images is now available in sops. The PR below adds the credentials in infra-ci to build packer image templates. jenkins-infra/kubernetes-management#5780 On testing the pipeline used to create packer-images templates, @smerle33 and I encountered an error with the GC (garbage collector) scripts:- https://infra.ci.jenkins.io/job/infra-tools/job/packer-images/job/PR-1430/11/pipeline-console/?selected-node=25 To overcome this we granted executable permissions to the cleanup scripts – jenkins-infra/packer-images#1430 On further testing of the packer-images ec2 instances, GC script Next steps will involve fixing the GC scripts and having atleast one docker.ubuntu_22.04 amazon-ebs template created by packer user. |
We try to setup our environement to use this new packer user for our run of packer locally. |
Update: We created a user terraform-packer-user and exported the credentials to infra.ci. With this we were able to provide the necessary user policies required to create packer-images EC2 Ubuntu-22.04 arm64 and amd64 VM agents. Next steps involve
|
Update: GC script now works for our pipeline, added the functionality that allows the AMI list to accept an empty array incase no AMI ids are found. The dry-run worked as expected.
On further testing of our EC2 VMs, we discovered an issue that was preventing packer-images build. The apt used by agent VMs were incompatible with the outdated Packer-images now uses |
nothing about that file in history, but we found the remove PR that helped us: jenkins-infra/packer-images#734 |
Due to the complexity of this PR – jenkins-infra/packer-images#1430
|
Update: setting up the initial EC2 cloud with Puppet -> JCasC in jenkins-infra/jenkins-infra#3737
|
|
First try at spinning up an ephemeral agent (with private IP in the private subnet):
=> need to update and check the Network ACLs as the inbound SSH and outbound JNLP are missing on the VM subnet |
Update:
|
Update: wip on the init script/cloud init. Main issue is that our private subnet setup forbids internet access. Gotta check if it's Network ACL forbidding access to the NAT gateway , or a missing routing table? |
Update:
Next steps:
|
The text was updated successfully, but these errors were encountered: