Add Mac agent support (#158)

* parent 83a6200 author pgodithi <[email protected]> 1651769732 -0400 committer pgodithi <[email protected]> 1658274990 -0400 gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEuaPMeSek3p9IWNzDMSDf0RO9/aIFAmLXRK4ACgkQMSDf0RO9 /aKKpQ/9FQ92spUtBEdt2lf4Kz6c2x7+eunr5kzzxZPB8fj28AFWBtGP/NA6a/WK BjRgtxZ4060PCDUtbcnfFy8mg8PdQa03FpofQKr6exSfDTI+TNISJAkcI2HIWzqx ehiFRDGWG577fgrnk67xxd6LxD8sO8EHWBJzZWKrYA3z7f0Q05n1q2osm/jhDYgK cEDQBHZJVi4htO2sBGJO3caqCbqt0EphxYy+uua5On4a2ZgWlBUxjqoaZ6X/LrnR 6IoN8PYVUtyrkbWkkXB+0T4PPDYP8DwnCrCsDQxQyYQ7tBqnR3hQ6nfga2d4Dry5 Dz9oqPoWZjDJNBAf+B6NAmwmyIZHn2lnVL/b8GvwGjSOixyUqaptRKVrg/PwIT+I i2CeMuGIxIG8pycC+wruSNoNqV26Vm7rFSOC4VSvOXneQUStMrAEM+LjcCDtG8bF 0837RaB4Vj37QfkXJyQl2JLTvw6TUKbZuCXqSTLF6oy4nfKN1wBPhfmgjRt146o3 VKt9iZ/q5kOEAPhEHJkHWoC/C+jaMRkVk0ZV5CoujQcIPZX2HfA88RogNZe0Ommy ayc+gLw8oBiRBeKkWuQLrLtrBYCLKrIK5qjEEj9MqLxbLSlDRXJjvZvPSUGqS2wg a8KKD0i9faPpRIuViJRqHztQBXVsv0UsYFMeeid00lJm2F4dmBk= =c8LN -----END PGP SIGNATURE----- fixed IAM roles and code cleanup Signed-off-by: pgodithi <[email protected]> Fix tests Signed-off-by: pgodithi <[email protected]> Added assume role feature Signed-off-by: pgodithi <[email protected]> Added assume role feature Signed-off-by: pgodithi <[email protected]> Added assume role feature Signed-off-by: pgodithi <[email protected]> Added assume role feature Signed-off-by: pgodithi <[email protected]> Added assume role feature Signed-off-by: pgodithi <[email protected]> Added 2 new plugins Signed-off-by: pgodithi <[email protected]> Add readme doc Signed-off-by: pgodithi <[email protected]> Added docker resources Signed-off-by: pgodithi <[email protected]> Added docker resources Signed-off-by: pgodithi <[email protected]> Bump minor version Signed-off-by: pgodithi <[email protected]> change docker tag to 2.332.3-lts Signed-off-by: pgodithi <[email protected]> added jenkinsOpts Signed-off-by: pgodithi <[email protected]> added jenkinsOpts Signed-off-by: pgodithi <[email protected]> added jenkinsOpts Signed-off-by: pgodithi <[email protected]> Added IAM required imports Signed-off-by: pgodithi <[email protected]> Added agent node unit tests Signed-off-by: pgodithi <[email protected]> Added agent node unit tests Signed-off-by: pgodithi <[email protected]> Added Managed SSM Policy to Agent instance role (#117) Signed-off-by: Rishabh Singh <[email protected]> fix agentAssumeRole Signed-off-by: pgodithi <[email protected]> Ecr public Signed-off-by: pgodithi <[email protected]> Added AmazonSSMManagedInstanceCore Signed-off-by: pgodithi <[email protected]> Added AmazonSSMManagedInstanceCore policy to agents. (#124) * fixed IAM roles and code cleanup Signed-off-by: pgodithi <[email protected]> * Fix tests Signed-off-by: pgodithi <[email protected]> * Added assume role feature Signed-off-by: pgodithi <[email protected]> * Added assume role feature Signed-off-by: pgodithi <[email protected]> * Added assume role feature Signed-off-by: pgodithi <[email protected]> * Added assume role feature Signed-off-by: pgodithi <[email protected]> * Added assume role feature Signed-off-by: pgodithi <[email protected]> * Added 2 new plugins Signed-off-by: pgodithi <[email protected]> * Add readme doc Signed-off-by: pgodithi <[email protected]> * Added docker resources Signed-off-by: pgodithi <[email protected]> * Added docker resources Signed-off-by: pgodithi <[email protected]> * Bump minor version Signed-off-by: pgodithi <[email protected]> * change docker tag to 2.332.3-lts Signed-off-by: pgodithi <[email protected]> * added jenkinsOpts Signed-off-by: pgodithi <[email protected]> * added jenkinsOpts Signed-off-by: pgodithi <[email protected]> * added jenkinsOpts Signed-off-by: pgodithi <[email protected]> * Added IAM required imports Signed-off-by: pgodithi <[email protected]> * Added agent node unit tests Signed-off-by: pgodithi <[email protected]> * Added agent node unit tests Signed-off-by: pgodithi <[email protected]> * fix agentAssumeRole Signed-off-by: pgodithi <[email protected]> * Ecr public Signed-off-by: pgodithi <[email protected]> * Added AmazonSSMManagedInstanceCore Signed-off-by: pgodithi <[email protected]> Added new jenkins agents and logging bug-fix (#126) Signed-off-by: Rishabh Singh <[email protected]> Added new output parameters and updated jenkins image tag (#128) Signed-off-by: Rishabh Singh <[email protected]> use jenkins-2.332.3 jdk8 base image (#129) Signed-off-by: Rishabh Singh <[email protected]> added support for QEMU emulators (#131) Signed-off-by: Rishabh Singh <[email protected]> Add Docker restart policy (#137) * fixed IAM roles and code cleanup Signed-off-by: pgodithi <[email protected]> * Fix tests Signed-off-by: pgodithi <[email protected]> * Added assume role feature Signed-off-by: pgodithi <[email protected]> * Added assume role feature Signed-off-by: pgodithi <[email protected]> * Added assume role feature Signed-off-by: pgodithi <[email protected]> * Added assume role feature Signed-off-by: pgodithi <[email protected]> * Added assume role feature Signed-off-by: pgodithi <[email protected]> * Added 2 new plugins Signed-off-by: pgodithi <[email protected]> * Add readme doc Signed-off-by: pgodithi <[email protected]> * Added docker resources Signed-off-by: pgodithi <[email protected]> * Added docker resources Signed-off-by: pgodithi <[email protected]> * Bump minor version Signed-off-by: pgodithi <[email protected]> * change docker tag to 2.332.3-lts Signed-off-by: pgodithi <[email protected]> * added jenkinsOpts Signed-off-by: pgodithi <[email protected]> * added jenkinsOpts Signed-off-by: pgodithi <[email protected]> * added jenkinsOpts Signed-off-by: pgodithi <[email protected]> * Added IAM required imports Signed-off-by: pgodithi <[email protected]> * Added agent node unit tests Signed-off-by: pgodithi <[email protected]> * Added agent node unit tests Signed-off-by: pgodithi <[email protected]> * fix agentAssumeRole Signed-off-by: pgodithi <[email protected]> * Ecr public Signed-off-by: pgodithi <[email protected]> * Added AmazonSSMManagedInstanceCore Signed-off-by: pgodithi <[email protected]> * added docker-compose restart policy Signed-off-by: pgodithi <[email protected]> Add markup formatter as safe/html disable syntax highlighting to allow html (#138) Signed-off-by: Peter Zhu <[email protected]> Set cache to false for aws secret manager plugin (#140) Signed-off-by: Peter Zhu <[email protected]> Add environment variables using configuration as code (#136) * Add environment variables using configuration as code Signed-off-by: Sayali Gaikawad <[email protected]> Install workflow-api plugin to get latest version and remove lockable permissions (#141) * Install workflow-api plugin to get latest version Signed-off-by: Sayali Gaikawad <[email protected]> * Remove lockable permissions Signed-off-by: Sayali Gaikawad <[email protected]> [Bug-fix]: Handle multiple colons and space (#142) * Handle multiple colons and space Signed-off-by: Sayali Gaikawad <[email protected]> * Handle multiple space Signed-off-by: Sayali Gaikawad <[email protected]> Move env variabled to yaml (#143) * Move to yaml Signed-off-by: Sayali Gaikawad <[email protected]> add ubuntu agent and cdn with lambda@edge resource for public access (#134) Signed-off-by: Rishabh Singh <[email protected]> Reload configuration as code via curl instead of cli (#145) * Reload configuration as code via curl instead of cli Signed-off-by: Sayali Gaikawad <[email protected]> Main/Agent Node new setups on tag and executors (#147) * Main/Agent Node new setups on tag and executors Signed-off-by: Peter Zhu <[email protected]> * Remove DCO check as it is replaced by dco app Signed-off-by: Peter Zhu <[email protected]> * Remove stack in node ts as it is not used anymore Signed-off-by: Peter Zhu <[email protected]> Fix Ubuntu agent init script bug (#148) Signed-off-by: Peter Zhu <[email protected]> Add Ubuntu Single Host for Gradle Check (#149) * Add Ubuntu Single Host for Gradle Check Signed-off-by: Peter Zhu <[email protected]> * Change default idle time to 60min Signed-off-by: Peter Zhu <[email protected]> Raise the gradle check runner to have c518xlarge as in Fork Jenkins (#150) Signed-off-by: Peter Zhu <[email protected]> New cmds reduce AL2 failure and increase gradle check to c524xlarge runner (#151) Signed-off-by: Peter Zhu <[email protected]> Add jdk14 as it is required by OS 1.x gradle check (#152) Signed-off-by: Peter Zhu <[email protected]> Migrate perf test agent setups to public jenkins (#153) Signed-off-by: Peter Zhu <[email protected]> Add Mac agent support Signed-off-by: pgodithi <[email protected]> Add Mac agent support: Added README Signed-off-by: pgodithi <[email protected]> Add Mac agent support: Added README Signed-off-by: pgodithi <[email protected]> Add Mac agent support: Added README Signed-off-by: pgodithi <[email protected]> Add Mac agent support: Added README Signed-off-by: pgodithi <[email protected]> Add Mac agent support: Added README Signed-off-by: pgodithi <[email protected]> Add Mac agent support: Added max-len, eqeqeq Signed-off-by: pgodithi <[email protected]> Add Mac agent support: Added tests Signed-off-by: pgodithi <[email protected]> Add Mac agent support: Added tests Signed-off-by: pgodithi <[email protected]> Add Mac agent support: Added tests Signed-off-by: pgodithi <[email protected]> * Add Mac agent support: fix conflicts Signed-off-by: pgodithi <[email protected]> * Add Mac agent support: fix conflicts Signed-off-by: pgodithi <[email protected]>
opensearch-project · Jul 20, 2022 · eeaf866 · eeaf866
1 parent 25e235e
commit eeaf866
Show file tree

Hide file tree

Showing 9 changed files with 181 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -11,6 +11,7 @@
     - [Data Retention](#data-retention)
     - [Add environment variable](#add-environment-variables)
     - [Assume role](#cross-account-assume-role)
+    - [Mac agents](#mac-agents)
   - [Troubleshooting](#troubleshooting)
     - [Main Node](#main-node)
   - [Useful commands](#useful-commands)
@@ -141,6 +142,17 @@ npm run cdk deploy OpenSearch-CI-Dev -- -c useSsl=false -c runWithOidc=false -c
 ```
 NOTE: The assume role has to be pre-created for the agents to assume. Once CDK stack is deployed with `-c agentAssumeRole` flag, make sure this flag is passed for next CDK operations to make sure this created policy that assumes cross-account role is not removed.
 
+#### Mac agents
+##### Prerequisite
+To deploy mac agents, as a prerequisites make sure the backend AWS account has dedicated hosts setup done with instance family as `mac1` and instance type as `mac1.metal`. For More details check the [getting-started](https://aws.amazon.com/getting-started/hands-on/launch-connect-to-amazon-ec2-mac-instance/) guide.
+
+##### Configuration
+To configure ec2 Mac agent setup run the stack with `-c macAgent=true`.
+Example: 
+```
+npm run cdk deploy OpenSearch-CI-Dev -- -c useSsl=false -c runWithOidc=false -c macAgent=true
+```
+
 #### Runnning additional commands
 In cases where you need to run additional logic/commands, such as adding a cron to emit ssl cert expiry metric, you can pass the commands as a script using `additionalCommands` context parameter.
 Below sample will write the python script to $HOME/hello-world path on jenkins master node and then execute it once the jenkins master node has been brought up. 

diff --git a/lib/ci-stack.ts b/lib/ci-stack.ts
@@ -42,6 +42,8 @@ export interface CIStackProps extends StackProps {
   readonly agentAssumeRole?: string;
   /** File path containing global environment variables to be added to jenkins enviornment */
   readonly envVarsFilePath?: string;
+  /** Add Mac agent to jenkins */
+  readonly macAgent?: boolean;
 }
 
 export class CIStack extends Stack {
@@ -61,6 +63,7 @@ export class CIStack extends Stack {
     });
 
     const agentAssumeRoleContext = `${props?.agentAssumeRole ?? this.node.tryGetContext('agentAssumeRole')}`;
+    const macAgentParameter = `${props?.macAgent ?? this.node.tryGetContext('macAgent')}`;
 
     const useSslParameter = `${props?.useSsl ?? this.node.tryGetContext('useSsl')}`;
     if (useSslParameter !== 'true' && useSslParameter !== 'false') {
@@ -122,7 +125,7 @@ export class CIStack extends Stack {
       adminUsers: props?.adminUsers,
       agentNodeSecurityGroup: securityGroups.agentNodeSG.securityGroupId,
       subnetId: vpc.publicSubnets[0].subnetId,
-    }, agentNodes, agentAssumeRoleContext.toString());
+    }, agentNodes, agentAssumeRoleContext.toString(), macAgentParameter.toString());
 
     const externalLoadBalancer = new JenkinsExternalLoadBalancer(this, {
       vpc,

diff --git a/lib/compute/agent-node-config.ts b/lib/compute/agent-node-config.ts
@@ -25,7 +25,6 @@ export interface AgentNodeProps {
    numExecutors: number;
    initScript: string
  }
-
 export interface AgentNodeNetworkProps {
    readonly agentNodeSecurityGroup: string;
    readonly subnetId: string;
@@ -104,6 +103,7 @@ export class AgentNodeConfig {
        }),
      );
 
+     /* eslint-disable eqeqeq */
      if (assumeRole.toString() !== 'undefined') {
        // policy to allow assume role AssumeRole
        AgentNodeRole.addToPolicy(
@@ -124,13 +124,16 @@ export class AgentNodeConfig {
      });
    }
 
-   public addAgentConfigToJenkinsYaml(stack: Stack, templates: AgentNodeProps[], props: AgentNodeNetworkProps): any {
+   public addAgentConfigToJenkinsYaml(stack: Stack, templates: AgentNodeProps[], props: AgentNodeNetworkProps, macAgent: string): any {
      const jenkinsYaml: any = load(readFileSync(JenkinsMainNode.BASE_JENKINS_YAML_PATH, 'utf-8'));
      const configTemplates: any = [];
 
      templates.forEach((element) => {
        configTemplates.push(this.getTemplate(stack, element, props));
      });
+     if (macAgent == 'true') {
+       configTemplates.push(this.getMacTemplate(stack, props));
+     }
 
      const agentNodeYamlConfig = [{
        amazonEC2: {
@@ -190,4 +193,61 @@ export class AgentNodeConfig {
        useEphemeralDevices: false,
      };
    }
+
+   private getMacTemplate(stack: Stack, props: AgentNodeNetworkProps): { [x: string]: any; } {
+     return {
+       ami: 'ami-0379811a08268a97e',
+       amiType:
+        { macData: { sshPort: '22' } },
+       associatePublicIp: false,
+       connectBySSHProcess: false,
+       connectionStrategy: 'PRIVATE_IP',
+       customDeviceMapping: '/dev/sda1=:300:true:gp3::encrypted',
+       deleteRootOnTermination: true,
+       description: 'jenkinsAgentNode-Jenkins-Agent-MacOS-x64-Mac1Metal-Multi-Host',
+       ebsEncryptRootVolume: 'ENCRYPTED',
+       ebsOptimized: true,
+       hostKeyVerificationStrategy: 'OFF',
+       iamInstanceProfile: this.AgentNodeInstanceProfileArn,
+       labelString: 'Jenkins-Agent-MacOS-x64-Mac1Metal-Multi-Host',
+       maxTotalUses: -1,
+       minimumNumberOfInstances: 1,
+       minimumNumberOfSpareInstances: 0,
+       mode: 'EXCLUSIVE',
+       monitoring: true,
+       numExecutors: '6',
+       remoteAdmin: 'ec2-user',
+       remoteFS: '/var/jenkins',
+       securityGroups: props.agentNodeSecurityGroup,
+       stopOnTerminate: false,
+       subnetId: props.subnetId,
+       t2Unlimited: false,
+       tags: [
+         {
+           name: 'Name',
+           value: `${stack.stackName}/AgentNode/Jenkins-Agent-MacOS-x64-Mac1Metal-Multi-Host`,
+         },
+         {
+           name: 'type',
+           value: 'jenkinsAgentNode-Jenkins-Agent-MacOS-x64-Mac1Metal-Multi-Host',
+         },
+       ],
+       tenancy: 'Host',
+       type: 'Mac1Metal',
+       nodeProperties: [
+         {
+           envVars: {
+             env: [
+               {
+                 key: 'Path',
+                 /* eslint-disable max-len */
+                 value: '/usr/local/opt/[email protected]/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/Cellar/[email protected]/3.7.13_1/Frameworks/Python.framework/Versions/3.7/bin',
+               },
+             ],
+           },
+         },
+       ],
+       useEphemeralDevices: false,
+     };
+   }
 }
diff --git a/lib/compute/agent-nodes.ts b/lib/compute/agent-nodes.ts
@@ -6,9 +6,6 @@
  * compatible open source license.
  */
 
-import {
-  AmazonLinuxCpuType, AmazonLinuxGeneration, MachineImage,
-} from '@aws-cdk/aws-ec2';
 import { AgentNodeProps } from './agent-node-config';
 
 export class AgentNodes {

diff --git a/lib/compute/jenkins-main-node.ts b/lib/compute/jenkins-main-node.ts
@@ -91,7 +91,7 @@ export class JenkinsMainNode {
     foundJenkinsProcessCount: Metric
   }
 
-  constructor(stack: Stack, props: JenkinsMainNodeProps, agentNode: AgentNodeProps[], assumeRole: string) {
+  constructor(stack: Stack, props: JenkinsMainNodeProps, agentNode: AgentNodeProps[], assumeRole: string, macAgent: string) {
     this.ec2InstanceMetrics = {
       cpuTime: new Metric({
         metricName: 'procstat_cpu_usage',
@@ -108,7 +108,7 @@ export class JenkinsMainNode {
     };
 
     const agentNodeConfig = new AgentNodeConfig(stack, assumeRole);
-    const jenkinsyaml = JenkinsMainNode.addConfigtoJenkinsYaml(stack, props, props, agentNodeConfig, props, agentNode);
+    const jenkinsyaml = JenkinsMainNode.addConfigtoJenkinsYaml(stack, props, props, agentNodeConfig, props, agentNode, macAgent);
     if (props.dataRetention) {
       const efs = new FileSystem(stack, 'EFSfilesystem', {
         vpc: props.vpc,
@@ -399,8 +399,8 @@ export class JenkinsMainNode {
   }
 
   public static addConfigtoJenkinsYaml(stack: Stack, jenkinsMainNodeProps:JenkinsMainNodeProps, oidcProps: OidcFederateProps, agentNodeObject: AgentNodeConfig,
-    props: AgentNodeNetworkProps, agentNode: AgentNodeProps[]): string {
-    let updatedConfig = agentNodeObject.addAgentConfigToJenkinsYaml(stack, agentNode, props);
+    props: AgentNodeNetworkProps, agentNode: AgentNodeProps[], macAgent: string): string {
+    let updatedConfig = agentNodeObject.addAgentConfigToJenkinsYaml(stack, agentNode, props, macAgent);
     if (oidcProps.runWithOidc) {
       updatedConfig = OidcConfig.addOidcConfigToJenkinsYaml(updatedConfig, oidcProps.adminUsers);
     }

diff --git a/lib/network/ci-external-load-balancer.ts b/lib/network/ci-external-load-balancer.ts
@@ -42,7 +42,7 @@ export class JenkinsExternalLoadBalancer {
     const accessPort = props.useSsl ? 443 : 80;
 
     this.listener = this.loadBalancer.addListener('JenkinsListener', {
-      sslPolicy: props.useSsl ? SslPolicy.TLS12 : undefined,
+      sslPolicy: props.useSsl ? SslPolicy.RECOMMENDED : undefined,
       port: accessPort,
       open: true,
       certificates: props.useSsl ? [props.listenerCertificate] : undefined,

diff --git a/test/ci-cdn-stack.test.ts b/test/ci-cdn-stack.test.ts
@@ -32,3 +32,28 @@ test('CDN Stack Resources', () => {
   }));
   expect(cdnStack).to(countResources('AWS::Lambda::Function', 1));
 });
+
+test('CDN Stack Resources With mac agent', () => {
+  const cdnApp = new App({
+    context: {
+      useSsl: 'true', runWithOidc: 'true', additionalCommands: './test/data/hello-world.py', macAgent: true,
+    },
+  });
+
+  // WHEN
+  const cdnStack = new CiCdnStack(cdnApp, 'cdnTestStack', {});
+
+  // THEN
+  expect(cdnStack).to(countResources('AWS::IAM::Role', 2));
+  expect(cdnStack).to(countResources('AWS::IAM::Policy', 2));
+  expect(cdnStack).to(countResources('AWS::CloudFront::CloudFrontOriginAccessIdentity', 1));
+  expect(cdnStack).to(countResources('AWS::CloudFront::Distribution', 1));
+  expect(cdnStack).to(haveResourceLike('AWS::CloudFront::Distribution', {
+    DistributionConfig: {
+      DefaultCacheBehavior: {
+        DefaultTTL: 300,
+      },
+    },
+  }));
+  expect(cdnStack).to(countResources('AWS::Lambda::Function', 1));
+});
diff --git a/test/compute/agent-node-config.test.ts b/test/compute/agent-node-config.test.ts
@@ -6,11 +6,14 @@
  * compatible open source license.
  */
 
+import { Stack, App } from '@aws-cdk/core';
 import {
   expect as expectCDK, haveResource, haveResourceLike, countResources,
 } from '@aws-cdk/assert';
-import { Stack, App } from '@aws-cdk/core';
+import { readFileSync } from 'fs';
+import { load } from 'js-yaml';
 import { CIStack } from '../../lib/ci-stack';
+import { JenkinsMainNode } from '../../lib/compute/jenkins-main-node';
 
 test('Agents Resource is present', () => {
   const app = new App({
@@ -120,3 +123,26 @@ test('Agents Resource is present', () => {
     },
   }));
 });
+
+describe('JenkinsMainNode Config with macAgent template', () => {
+  // WHEN
+  const testYaml = 'test/data/jenkins.yaml';
+  const yml: any = load(readFileSync(testYaml, 'utf-8'));
+  // THEN
+  test('Verify Mac template tenancy ', async () => {
+    const macConfig = yml.jenkins.clouds[0].amazonEC2.templates[0].tenancy;
+    expect(macConfig).toEqual('Host');
+  });
+  test('Verify Mac template type', async () => {
+    const macConfig = yml.jenkins.clouds[0].amazonEC2.templates[0].type;
+    expect(macConfig).toEqual('Mac1Metal');
+  });
+  test('Verify Mac template amiType.macData.sshPort', async () => {
+    const macConfig = yml.jenkins.clouds[0].amazonEC2.templates[0].amiType.macData.sshPort;
+    expect(macConfig).toEqual('22');
+  });
+  test('Verify Mac template customDeviceMapping', async () => {
+    const macConfig = yml.jenkins.clouds[0].amazonEC2.templates[0].customDeviceMapping;
+    expect(macConfig).toEqual('/dev/sda1=:300:true:gp3::encrypted');
+  });
+});
diff --git a/test/data/jenkins.yaml b/test/data/jenkins.yaml
@@ -1,4 +1,50 @@
 jenkins:
+  clouds:
+  - amazonEC2:
+      cloudName: "Amazon_ec2_cloud"
+      region: "us-east-1"
+      sshKeysCredentialsId: "jenkins-staging-agent-node-ssh-key"
+      templates:
+      - ami: "ami-0379811a08268a97e"
+        amiType:
+          macData:
+            sshPort: "22"
+        associatePublicIp: false
+        connectBySSHProcess: false
+        connectionStrategy: PRIVATE_IP
+        customDeviceMapping: "/dev/sda1=:300:true:gp3::encrypted"
+        deleteRootOnTermination: true
+        description: "Jenkins-Agent-Mac-M1-Single-Host"
+        ebsEncryptRootVolume: DEFAULT
+        ebsOptimized: true
+        hostKeyVerificationStrategy: 'OFF'
+        iamInstanceProfile: "arn:aws:iam::1234567890:instance-profile/JenkinsStack-AgentNodeInstanceRole"
+        labelString: 'Jenkins-Agent-MacOS-x64-Mac1Metal-Multi-Host'
+        maxTotalUses: -1
+        minimumNumberOfInstances: 1
+        minimumNumberOfSpareInstances: 0
+        mode: EXCLUSIVE
+        monitoring: false
+        nodeProperties:
+        - envVars:
+            env:
+            - key: "Path"
+              value: "/usr/local/opt/[email protected]/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/Cellar/[email protected]/3.7.13_1/Frameworks/Python.framework/Versions/3.7/bin"
+        numExecutors: 5
+        remoteAdmin: "ec2-user"
+        remoteFS: "/var/jenkins"
+        securityGroups: "jenkins-agent-node"
+        stopOnTerminate: false
+        subnetId: "subnet-1234567890"
+        t2Unlimited: false
+        tags:
+        - name: "Name"
+          value: "Jenkins-Agent-Mac-M1-Single-Host"
+        tenancy: Host
+        type: Mac1Metal
+        useEphemeralDevices: false
+        zone: "us-east-1a"
+      useInstanceProfileForCredentials: true
   authorizationStrategy:
     roleBased:
       roles: