diff --git a/pipeline/packer/jenkins-worker/Dockerfile b/pipeline/packer/jenkins-worker/Dockerfile index d060a685..469dfdf6 100755 --- a/pipeline/packer/jenkins-worker/Dockerfile +++ b/pipeline/packer/jenkins-worker/Dockerfile @@ -1,4 +1,4 @@ -FROM jenkins/jnlp-slave:latest +FROM jenkins/jnlp-slave:4.13.3-1 # Need to be root to install packages USER root @@ -7,7 +7,8 @@ USER root RUN rm -rf /var/lib/apt/lists/* && apt update # Install Packer -RUN wget -O packer.zip https://releases.hashicorp.com/packer/1.4.2/packer_1.4.2_linux_amd64.zip && \ +RUN apt-get install wget unzip && \ + wget -O packer.zip https://releases.hashicorp.com/packer/1.4.2/packer_1.4.2_linux_amd64.zip && \ unzip packer.zip -d /usr/bin/ && \ rm packer.zip @@ -17,7 +18,7 @@ RUN wget -O terraform.zip https://releases.hashicorp.com/terraform/0.12.31/terra rm terraform.zip # Install Python 3.9 -RUN apt-get update && apt-get install -y build-essential checkinstall libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev libgdbm-dev libc6-dev libbz2-dev uuid-dev zlib1g-dev libffi-dev swig pkg-config && \ +RUN apt-get update && apt-get install -y build-essential libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev libgdbm-dev libc6-dev libbz2-dev uuid-dev zlib1g-dev libffi-dev swig pkg-config && \ wget -O python.tgz https://www.python.org/ftp/python/3.9.19/Python-3.9.19.tgz && \ tar -xf python.tgz && rm python.tgz && \ cd Python-3.9.19 && \ @@ -44,18 +45,17 @@ RUN apt-get update && \ apt-key fingerprint 0EBFCD88 && \ add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" && \ apt-get update && \ - apt-get install -qq -y --no-install-recommends docker-ce=5:19.03.6~3-0~debian-stretch && \ - curl -L https://github.com/docker/compose/releases/download/1.27.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose && \ - chmod +x /usr/local/bin/docker-compose + apt-get install -qq -y --no-install-recommends docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \ + echo 'docker compose --compatibility "$@"' > /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose # Install curl and libSSL, so Tornado can use the CURL HTTP client. RUN apt-get update && apt-get install -y libcurl4-openssl-dev libssl-dev # Install awscli -ENV AWS_CLI_VERSION="1.16.312" -RUN curl https://s3.amazonaws.com/aws-cli/awscli-bundle-${AWS_CLI_VERSION}.zip -o awscli-bundle.zip && \ +ENV AWS_CLI_VERSION="2.17.27" +RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWS_CLI_VERSION}.zip -o awscli-bundle.zip && \ unzip awscli-bundle.zip && \ - ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws && \ + ./aws/install && \ rm -rf aws* # Cleanup diff --git a/pipeline/packer/jenkins-worker/README.md b/pipeline/packer/jenkins-worker/README.md index c3dfd961..e13199dd 100644 --- a/pipeline/packer/jenkins-worker/README.md +++ b/pipeline/packer/jenkins-worker/README.md @@ -1,11 +1,23 @@ # Jenkins worker image -The files in this folder are used to create the image of a Jenkins worker for the Jenkin [amazon-ecs plugin](https://wiki.jenkins.io/display/JENKINS/Amazon+EC2+Container+Service+Plugin). +The files in this folder are used to create the image of a Jenkins worker for the Jenkins [amazon-ecs plugin]. + +[amazon-ecs plugin]: https://wiki.jenkins.io/display/JENKINS/Amazon+EC2+Container+Service+Plugin Usage: 1. Make sure you're logged into AWS with the appropriate credentials on your computer. -2. Run these commands: -```bash -docker build -t temporary/jenkins-worker:latest . -DOCKER_REGISTRY=nameOfDockerRegistry BUILD_TAG=buildTag packer build jenkins-worker.json -``` +2. Find out what the latest version of the jenkins-worker is by searching inside the `jenkins-worker` ECR registry. +3. You can either replace the current build, if your change is low-risk, or create a new version allowing you + the ability to rollback. +4. Run these commands, specifying the version you wish to publish as. + ```shell + VERSION=0.6 + REGISTRY="$(aws sts get-caller-identity --query 'Account' --output text).dkr.ecr.eu-west-2.amazonaws.com" + aws ecr get-login-password --region eu-west-2 | docker login -u AWS --password-stdin $REGISTRY + docker buildx build --platform linux/amd64 --tag $REGISTRY/jenkins-worker:$VERSION --push . + ``` +5. If you have specified a new version, you'll need to generate a new ECS Task Definition revision pointing to + that image label. + You can then specify that revision within Jenkins -> Configure System -> ECS agent template -> Task Definition Override, + All subsequent Jenkins builds will use that new worker image, and if you want to rollback the previous revision + can be placed within the Task Definition Overview box. \ No newline at end of file diff --git a/pipeline/packer/jenkins-worker/jenkins-worker.json b/pipeline/packer/jenkins-worker/jenkins-worker.json deleted file mode 100644 index 763a80ce..00000000 --- a/pipeline/packer/jenkins-worker/jenkins-worker.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "_description": "This template produces a Jenkins worker.", - "variables": { - "registry": "{{env `DOCKER_REGISTRY`}}", - "repository": "/jenkins-worker", - "tag": "{{env `BUILD_TAG`}}" - }, - "builders": [ - { - "type": "docker", - "image": "temporary/jenkins-worker:latest", - "pull": false, - "commit": true, - "changes": [ - "ENTRYPOINT [\"jenkins-slave\"]" - ] - } - ], - "provisioners": [ - ], - "post-processors": [ - [ - { - "type": "docker-tag", - "repository": "{{user `registry`}}{{user `repository`}}", - "tag": "{{user `tag`}}" - }, - { - "type": "docker-push", - "ecr_login": true, - "login_server": "https://{{user `registry`}}{{user `repository`}}" - } - ] - ] -}