Aims to remove any cyclical or external dependencies from low-level platform/infra deployments. Since these are the lowest unit in a platform orchestration tree. It's imperative that it has no cyclical, external or network dependencies.
Manages Jenkins completely from code, and allows it to be maintained, upgraded & recovered from the command-line, using no external system dependencies other than EC2.
In an outage, security compromise or other such SNAFU - critical platforms need to be independent of any other platform/system which may be unavailable.
In other words - your lowest level bootstrapper cannot rely on anything other than itself. It needs to be completely self-contained.
If you think that sort of thing never happens...
It sure does. And when it does it has the potential to take down a business or at least cost $$$ in downtime & reputation.
jenkins-from-scratch delivers a Jenkins server managed purely from the CLI with ALL configuration stored in the codebase. It doesn't rely on backups or any higher-level platform/service.
You can use this Jenkins to spawn more for niche services, or bootstrap a datacenter, or Terraform a cloud account, and you can be sure that it can always work as long as you have a copy of the codebase.
Additionally - Jenkins (in my experience) is a great tool but usually poorly implemented. It's old-school Java, but that doesn't mean managing it has to be a pain. This project handles backups, recovery, rollbacks, rebuilds, plugin versioning, state management issues and all the other headaches that drive many away from using Jenkins. If you need a robust, tried-true, self-hosted, highly flexible & capable job runner, then it's hard to look past Jenkins IMHO.
Install Poetry and resolve project dependencies
brew install poetry
poetry installThis is uploaded to EC2
poetry run task create-ssh-keyAnsible will display the initial admin password. This only required the first time the datastore is built.
Deploys all resources and connects to the instance using the Ansible dymanic inventory plugin
poetry run task deploypoetry run task lint
poetry run task testDefine plugins in the plugins.txt file using the <plugin_name>:<plugin_version> format.
To always pull the latest version of a plugin, ommit <plugin_version>
These are baked into the jenkins image build with each deployment.
Uses the CASC plugin to maintain system config as YAML in the codebase
TODO: XML based job configs are managed in the codebase.
TODO: Add ALB to front Jenkins UI
TODO: Add as many agents as you like, or build on the main node
TODO: External volume attachment
TODO: This is available to back-up the entire directory
Uses the jenkins/jenkins:lts-jdk17 public image from https://hub.docker.com/r/jenkins jenkins as a base image
Builds and deploys happen on the same host.
TODO: Using the secrets manager plug-in, automatically presents remote secrets as credentials