Added logic to deploy default jenkins agent (#176)

rishabh6788 · web-flow · commit b5657ab67cb6 · 2022-08-01T22:30:26.000+05:30
* Changed cpu and memory metric stat to avg

Signed-off-by: Rishabh Singh &lt;sngri@amazon.com&gt;

* Added logic to default on dummy jenkins agent

Signed-off-by: Rishabh Singh &lt;sngri@amazon.com&gt;
diff --git a/README.md b/README.md
@@ -13,6 +13,7 @@
     - [Add environment variable](#add-environment-variables)
     - [Assume role](#cross-account-assume-role)
     - [Mac agents](#mac-agents)
+    - [Use Production Agents](#use-production-agents)
   - [Troubleshooting](#troubleshooting)
     - [Main Node](#main-node)
   - [Useful commands](#useful-commands)
@@ -76,18 +77,19 @@ $aws secretsmanager put-secret-value \
 
 ### Executing Optional Tasks
 #### Construct Props
-|  Name   | Type           | Description  |
-| ------------- |:-------------| :-----|
-| [useSsl](#ssl-configuration)      | boolean | Should the Jenkins use https |
-| [runWithOidc](#setup-openid-connect-oidc-via-federate)      | boolean      |    Should an OIDC provider be installed on Jenkins |
-| [ignoreResourcesFailures]() | boolean      |    Additional verification during deployment and resource startup |
-| [adminUsers](#setup-openid-connect-oidc-via-federate) | string[]      |   List of users with admin access during initial deployment |
-| [additionalCommands](#runnning-additional-commands) | string      |    Additional logic that needs to be run on Master Node. The value has to be path to a file |
-| [dataRetention](#data-retention) | boolean     |    Do you want to retain jenkins jobs and build history |
-| [agentAssumeRole](#assume-role) | string    |    IAM role ARN to be assumed by jenkins agent nodes |
-| [envVarsFilePath](#add-environment-variables) | string      |    Path to file containing env variables in the form of key value pairs |
-| [macAgent](#mac-agents) | boolean    |    Add mac agents to jenkins |
-| [restrictServerAccessTo](#restricting-server-access) | Ipeer      |    Restrict jenkins server access |
+| Name                                                   | Type     | Description                                                                              |
+|--------------------------------------------------------|:---------|:-----------------------------------------------------------------------------------------|
+| [useSsl](#ssl-configuration)                           | boolean  | Should the Jenkins use https                                                             |
+| [runWithOidc](#setup-openid-connect-oidc-via-federate) | boolean  | Should an OIDC provider be installed on Jenkins                                          |
+| [ignoreResourcesFailures]()                            | boolean  | Additional verification during deployment and resource startup                           |
+| [adminUsers](#setup-openid-connect-oidc-via-federate)  | string[] | List of users with admin access during initial deployment                                |
+| [additionalCommands](#runnning-additional-commands)    | string   | Additional logic that needs to be run on Master Node. The value has to be path to a file |
+| [dataRetention](#data-retention)                       | boolean  | Do you want to retain jenkins jobs and build history                                     |
+| [agentAssumeRole](#assume-role)                        | string   | IAM role ARN to be assumed by jenkins agent nodes                                        |
+| [envVarsFilePath](#add-environment-variables)          | string   | Path to file containing env variables in the form of key value pairs                     |
+| [macAgent](#mac-agents)                                | boolean  | Add mac agents to jenkins                                                                |
+| [restrictServerAccessTo](#restricting-server-access)   | Ipeer    | Restrict jenkins server access                                                           |
+| [useProdAgents](#use-production-agents)                | boolean  | should jenkins server use production agents                                              |
 #### SSL Configuration
 1. Locate the secret manager arns in the ci-config-stack outputs
 1. Update the secret value ([see docs](https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/put-secret-value.html)) for the `certContentsSecret` with the certificate contents
@@ -201,6 +203,17 @@ Usage:
 npm run cdk deploy OpenSearch-CI-Dev -- -c useSsl=false -c runWithOidc=false -c additionalCommands='./example.txt'
 ```
 
+#### Use Production Agents
+Please note that if you have decided to use the provided production jenkins agents then please make sure that you are 
+deploying the stack in US-EAST-1 region as the AMIs used are only publicly available in US-EAST-1 region.
+If you want to deploy the stack in another region then please make sure you copy the public AMIs used
+from us-east-1 region to your region of choice and update the new ami-id in agent-nodes.ts file accordingly.
+
+If you do not copy the AMI in required region and update the code then the desired jenkins agents will not spin up.
+
+If you do not specify this flag or use `false` then jenkins server will spin up two ec2 agents with minimal config, AL2 AMD64 and ARM64,
+they will be using the latest ami available.
+
 ### Troubleshooting
 #### Main Node
 Useful links
@@ -247,4 +260,4 @@ This project is licensed under the [Apache v2.0 License](LICENSE.txt).
 
 ## Copyright
 
-Copyright OpenSearch Contributors. See [NOTICE](NOTICE.txt) for details.
+Copyright OpenSearch Contributors. See [NOTICE](NOTICE.txt) for details.
diff --git a/lib/ci-stack.ts b/lib/ci-stack.ts
@@ -16,6 +16,7 @@ import {
 } from '@aws-cdk/core';
 import { ListenerCertificate } from '@aws-cdk/aws-elasticloadbalancingv2';
 import { Bucket } from '@aws-cdk/aws-s3';
+import { disconnect } from 'cluster';
 import { CIConfigStack } from './ci-config-stack';
 import { JenkinsMainNode } from './compute/jenkins-main-node';
 import { JenkinsMonitoring } from './monitoring/ci-alarms';
@@ -47,11 +48,15 @@ export interface CIStackProps extends StackProps {
   readonly macAgent?: boolean;
   /** Restrict jenkins access to */
   readonly restrictServerAccessTo? : IPeer;
+  /** Use Production Agents */
+  readonly useProdAgents?: boolean;
 }
 
 export class CIStack extends Stack {
   public readonly monitoring: JenkinsMonitoring;
 
+  public readonly agentNodes: AgentNodeProps[];
+
   constructor(scope: Construct, id: string, props: CIStackProps) {
     super(scope, id, props);
 
@@ -80,6 +85,11 @@ export class CIStack extends Stack {
       throw new Error('runWithOidc parameter is required to be set as - true or false');
     }
 
+    let useProdAgents = `${props?.useProdAgents ?? this.node.tryGetContext('useProdAgents')}`;
+    if (useProdAgents.toString() === 'undefined') {
+      useProdAgents = 'false';
+    }
+
     const runWithOidc = runWithOidcParameter === 'true';
 
     const additionalCommandsContext = `${props?.additionalCommands ?? this.node.tryGetContext('additionalCommands')}`;
@@ -106,10 +116,23 @@ export class CIStack extends Stack {
     const certificateArn = Secret.fromSecretCompleteArn(this, 'certificateArn', importedArnSecretBucketValue.toString());
     const importedReloadPasswordSecretsArn = Fn.importValue(`${CIConfigStack.CASC_RELOAD_TOKEN_SECRET_EXPORT_VALUE}`);
     const listenerCertificate = ListenerCertificate.fromArn(certificateArn.secretValue.toString());
-    const agentNode = new AgentNodes();
-    const agentNodes: AgentNodeProps[] = [agentNode.AL2_X64, agentNode.AL2_X64_DOCKER_HOST, agentNode.AL2_X64_DOCKER_HOST_PERF_TEST,
-      agentNode.AL2_ARM64, agentNode.AL2_ARM64_DOCKER_HOST, agentNode.UBUNTU2004_X64, agentNode.UBUNTU2004_X64_DOCKER_BUILDER,
-      agentNode.MACOS12_X64_MULTI_HOST, agentNode.WINDOWS2019_X64];
+    const agentNode = new AgentNodes(this);
+
+    if (useProdAgents.toString() === 'true') {
+      // eslint-disable-next-line no-console
+      console.warn('Please note that if you have decided to use the provided production jenkins agents then '
+          + 'please make sure that you are deploying the stack in US-EAST-1 region as the AMIs used are only publicly '
+          + 'available in US-EAST-1 region. '
+          + 'If you want to deploy the stack in another region then please make sure you copy the public AMIs used '
+          + 'from us-east-1 region to your region of choice and update the ami-id in agent-nodes.ts file accordingly. '
+          + 'If you do not copy the AMI in required region and update the code then the jenkins agents will not spin up.');
+
+      this.agentNodes = [agentNode.AL2_X64, agentNode.AL2_X64_DOCKER_HOST, agentNode.AL2_X64_DOCKER_HOST_PERF_TEST,
+        agentNode.AL2_ARM64, agentNode.AL2_ARM64_DOCKER_HOST, agentNode.UBUNTU2004_X64, agentNode.UBUNTU2004_X64_DOCKER_BUILDER,
+        agentNode.MACOS12_X64_MULTI_HOST, agentNode.WINDOWS2019_X64];
+    } else {
+      this.agentNodes = [agentNode.AL2_X64_DEFAULT_AGENT, agentNode.AL2_ARM64_DEFAULT_AGENT];
+    }
 
     const mainJenkinsNode = new JenkinsMainNode(this, {
       vpc,
@@ -129,7 +152,7 @@ export class CIStack extends Stack {
       adminUsers: props?.adminUsers,
       agentNodeSecurityGroup: securityGroups.agentNodeSG.securityGroupId,
       subnetId: vpc.publicSubnets[0].subnetId,
-    }, agentNodes, agentAssumeRoleContext.toString(), macAgentParameter.toString());
+    }, this.agentNodes, agentAssumeRoleContext.toString(), macAgentParameter.toString());
 
     const externalLoadBalancer = new JenkinsExternalLoadBalancer(this, {
       vpc,
diff --git a/lib/compute/agent-node-config.ts b/lib/compute/agent-node-config.ts
@@ -25,7 +25,8 @@ export interface AgentNodeProps {
    remoteUser: string;
    maxTotalUses: number;
    numExecutors: number;
-   initScript: string
+   initScript: string,
+  remoteFs: string
  }
 export interface AgentNodeNetworkProps {
    readonly agentNodeSecurityGroup: string;
@@ -179,7 +180,7 @@ export class AgentNodeConfig {
        monitoring: true,
        numExecutors: config.numExecutors,
        remoteAdmin: config.remoteUser,
-       remoteFS: '/var/jenkins',
+       remoteFS: config.remoteFs,
        securityGroups: props.agentNodeSecurityGroup,
        stopOnTerminate: false,
        subnetId: props.subnetId,
@@ -225,7 +226,7 @@ export class AgentNodeConfig {
        monitoring: true,
        numExecutors: config.numExecutors,
        remoteAdmin: config.remoteUser,
-       remoteFS: '/var/jenkins',
+       remoteFS: config.remoteFs,
        securityGroups: props.agentNodeSecurityGroup,
        stopOnTerminate: false,
        subnetId: props.subnetId,
@@ -276,7 +277,7 @@ export class AgentNodeConfig {
        monitoring: true,
        numExecutors: config.numExecutors,
        remoteAdmin: config.remoteUser,
-       remoteFS: `C:\\Users\\${config.remoteUser}\\jenkins`,
+       remoteFS: config.remoteFs,
        securityGroups: props.agentNodeSecurityGroup,
        stopOnTerminate: false,
        subnetId: props.subnetId,
diff --git a/lib/compute/agent-nodes.ts b/lib/compute/agent-nodes.ts
@@ -6,6 +6,8 @@
  * compatible open source license.
  */
 
+import { AmazonLinuxCpuType, AmazonLinuxGeneration, MachineImage } from '@aws-cdk/aws-ec2';
+import { Stack } from '@aws-cdk/core';
 import { AgentNodeProps } from './agent-node-config';
 
 export class AgentNodes {
@@ -28,7 +30,11 @@ export class AgentNodes {
 
     readonly WINDOWS2019_X64: AgentNodeProps;
 
-    constructor() {
+    readonly AL2_X64_DEFAULT_AGENT: AgentNodeProps;
+
+    readonly AL2_ARM64_DEFAULT_AGENT: AgentNodeProps;
+
+    constructor(stack: Stack) {
       this.AL2_X64 = {
         agentType: 'unix',
         workerLabelString: 'Jenkins-Agent-AL2-X64-C54xlarge-Single-Host',
@@ -40,6 +46,7 @@ export class AgentNodes {
         initScript: 'sudo yum clean all && sudo rm -rf /var/cache/yum /var/lib/yum/history && sudo yum repolist &&'
         + ' sudo yum update --skip-broken --exclude=openssh* --exclude=docker* -y && sudo yum install -y ntp &&'
         + ' sudo systemctl restart ntpd && sudo systemctl enable ntpd',
+        remoteFs: '/var/jenkins',
       };
       this.AL2_X64_DOCKER_HOST = {
         agentType: 'unix',
@@ -52,6 +59,7 @@ export class AgentNodes {
         initScript: 'sudo yum clean all && sudo rm -rf /var/cache/yum /var/lib/yum/history && sudo yum repolist &&'
         + ' sudo yum update --skip-broken --exclude=openssh* --exclude=docker* -y && sudo yum install -y ntp &&'
         + ' sudo systemctl restart ntpd && sudo systemctl enable ntpd',
+        remoteFs: '/var/jenkins',
       };
       this.AL2_X64_DOCKER_HOST_PERF_TEST = {
         agentType: 'unix',
@@ -64,6 +72,7 @@ export class AgentNodes {
         initScript: 'sudo yum clean all && sudo rm -rf /var/cache/yum /var/lib/yum/history && sudo yum repolist &&'
         + ' sudo yum update --skip-broken --exclude=openssh* --exclude=docker* -y && sudo yum install -y ntp &&'
         + ' sudo systemctl restart ntpd && sudo systemctl enable ntpd',
+        remoteFs: '/var/jenkins',
       };
       this.AL2_ARM64 = {
         agentType: 'unix',
@@ -76,6 +85,7 @@ export class AgentNodes {
         initScript: 'sudo yum clean all && sudo rm -rf /var/cache/yum /var/lib/yum/history && sudo yum repolist &&'
         + ' sudo yum update --skip-broken --exclude=openssh* --exclude=docker* -y && sudo yum install -y ntp &&'
         + ' sudo systemctl restart ntpd && sudo systemctl enable ntpd',
+        remoteFs: '/var/jenkins',
       };
       this.AL2_ARM64_DOCKER_HOST = {
         agentType: 'unix',
@@ -88,6 +98,7 @@ export class AgentNodes {
         initScript: 'sudo yum clean all && sudo rm -rf /var/cache/yum /var/lib/yum/history && sudo yum repolist &&'
         + ' sudo yum update --skip-broken --exclude=openssh* --exclude=docker* -y && sudo yum install -y ntp &&'
         + ' sudo systemctl restart ntpd && sudo systemctl enable ntpd',
+        remoteFs: '/var/jenkins',
       };
       this.UBUNTU2004_X64 = {
         agentType: 'unix',
@@ -101,6 +112,7 @@ export class AgentNodes {
         + ' sudo apt-get update && (sudo killall -9 apt-get apt 2>&1 || echo) &&'
         + ' sudo apt-get upgrade -y && sudo apt-get install -y ntp docker-compose &&'
         + ' sudo systemctl restart ntp && sudo systemctl enable ntp',
+        remoteFs: '/var/jenkins',
       };
       this.UBUNTU2004_X64_DOCKER_BUILDER = {
         agentType: 'unix',
@@ -114,6 +126,7 @@ export class AgentNodes {
         + ' sudo apt-get update && (sudo killall -9 apt-get apt 2>&1 || echo) &&'
         + ' sudo apt-get upgrade -y && sudo apt-get install -y ntp docker-compose &&'
         + ' sudo systemctl restart ntp && sudo systemctl enable ntp',
+        remoteFs: '/var/jenkins',
       };
       this.MACOS12_X64_MULTI_HOST = {
         agentType: 'mac',
@@ -124,6 +137,7 @@ export class AgentNodes {
         numExecutors: 6,
         amiId: 'ami-022cee9eedb91288a',
         initScript: 'echo',
+        remoteFs: '/var/jenkins',
       };
       this.WINDOWS2019_X64 = {
         agentType: 'windows',
@@ -134,6 +148,41 @@ export class AgentNodes {
         numExecutors: 1,
         amiId: 'ami-07591ca4ef792c2d4',
         initScript: 'echo',
+        remoteFs: 'C:\\Users\\Administrator\\jenkins',
+      };
+
+      this.AL2_X64_DEFAULT_AGENT = {
+        agentType: 'unix',
+        workerLabelString: 'Jenkins-Default-Agent-X64-C5xlarge-Single-Host',
+        instanceType: 'C54xlarge',
+        remoteUser: 'ec2-user',
+        maxTotalUses: -1,
+        numExecutors: 1,
+        amiId: MachineImage.latestAmazonLinux({
+          generation: AmazonLinuxGeneration.AMAZON_LINUX_2,
+          cpuType: AmazonLinuxCpuType.X86_64,
+        }).getImage(stack).imageId.toString(),
+        initScript: 'sudo yum install -y java-1.8.0-openjdk cmake python3 python3-pip && '
+            + 'sudo yum groupinstall -y \'Development Tools\' && sudo ln -sfn `which pip3` /usr/bin/pip && '
+            + 'pip3 install pipenv && sudo ln -s ~/.local/bin/pipenv /usr/local/bin',
+        remoteFs: '/home/ec2-user',
+      };
+
+      this.AL2_ARM64_DEFAULT_AGENT = {
+        agentType: 'unix',
+        workerLabelString: 'Jenkins-Default-Agent-ARM64-C5xlarge-Single-Host',
+        instanceType: 'C6g4xlarge',
+        remoteUser: 'ec2-user',
+        maxTotalUses: -1,
+        numExecutors: 1,
+        amiId: MachineImage.latestAmazonLinux({
+          generation: AmazonLinuxGeneration.AMAZON_LINUX_2,
+          cpuType: AmazonLinuxCpuType.ARM_64,
+        }).getImage(stack).imageId.toString(),
+        initScript: 'sudo yum install -y java-1.8.0-openjdk cmake python3 python3-pip && '
+            + 'sudo yum groupinstall -y \'Development Tools\' && sudo ln -sfn `which pip3` /usr/bin/pip && '
+            + 'pip3 install pipenv && sudo ln -s ~/.local/bin/pipenv /usr/local/bin',
+        remoteFs: '/home/ec2-user',
       };
     }
 }
