This repository is no longer being maintained and no enhancements nor security patches will be made. The repository is part of the GDS Reliability Engineering Build System which has been deprecated.
This repository provides examples for provisioning a Jenkins build system. The build is a containerised Jenkins (version 2) platform on Amazon Web Services (AWS), consisting of a master node and an agent node. Once provisioned, users log into the Jenkins build using their GitHub account.
Read the architectural documentation for more information about the build system infrastructure.
This Jenkins (version 2) build system has been created by publishing 2 Terraform modules, which means you can pick and choose how you use it.
For ease, you can use either of these two examples (one for users within the Government Digital Service (GDS) and one for those outside of GDS) to provision a Jenkins build system.
Follow this example if you are from GDS, or this one otherwise.
To SSH into the master instance run:
ssh -i [path-to-the-private-ssh-key-you-generated] ubuntu@[my-env.my-team.build.gds-reliability.engineering]
To SSH into the agents instance you need to use the master node as a proxy, like so:
ssh -i [path-to-the-private-ssh-key-you-generated] -o ProxyCommand='ssh -W %h:%p ubuntu@[my-env.my-team.build.gds-reliability.engineering]' ubuntu@worker
Once logged in with the ubuntu
user, you can switch to the root user by running sudo su -
.
Once you have SSHed into the master server, run this command:
docker exec -it myjenkins /bin/bash
This gives you root access within the Docker container.
Next, you may want to:
-
enable AWS CloudTrail
The benefit of this is that it adds auditing capabilities for changes to the AWS infrastructure. This adds a level of security, as changes to the infrastructure are captured in logs.
-
remove the generic SSH key used during provisioning and use personal keys
-
remove the default
ubuntu
account from the AWS instance(s)
Refer to our Contributing guide.