Automating image builds using Jenkins and Packer
This scenario describes how to set up automated VM image builds using Jenkins and Packer.
Jenkins lets you to set up the continuous delivery of image configuration changes to Packer to build VM image used in Yandex.Cloud.
The images built can be used to create a cloud infrastructure. In this scenario, Terraform is used to deploy virtual machines from the created images.
To install and configure Jenkins, Packer, GitHub, and Terraform to interact with one another:
- Create a service account
- Create a VM with Jenkins
- Install Packer
- Configure Jenkins
- Set up a Jenkins job
- Configure a GitHub repository
- Create an image using Jenkins
- Deploy the images using Terraform
If you no longer need the created VM and images, delete them.
Before you start
Before deploying your applications, sign up for Yandex.Cloud and create a billing account:
- Go to the management console. Then log in to Yandex.Cloud or sign up if don't already have an account.
- On the billing page, make sure you linked a billing account, and it has the
ACTIVE
orTRIAL_ACTIVE
status. If you don't have a billing account, create one.
If you have an active billing account, you can create or select a folder to run your VM in from the Yandex.Cloud page.
Learn more about clouds and folders.
- Install the Yandex.Cloud command line interface.
- Install Terraform and configure it to work with Yandex.Cloud.
- Configure the Git client. If you are running Windows, use Git Bash.
- Create a repository branch with examples in your GitHub account.
- Prepare an SSH key to access the virtual machines.
- Create a cloud network and subnet in the selected availability zone.
Required paid resources
The cost of this infrastructure includes:
- A fee for continuously running VMs (see pricingYandex Compute Cloud).
- A fee for storing created images (see Yandex Compute Cloud pricing).
- A fee for using dynamic public IP addresses (see Yandex Virtual Private Cloud pricing).
Create a service account
Jenkins uses service accounts to perform actions in your cloud and folder. To create a service account:
-
Get the IDs of the folder and cloud by running
yc config list
. -
Create a service account and pass its ID to the environment variable using the following commands:
$ yc iam service-account create --name <username> $ yc iam key create --service-account-name <username> -o <username.json> $ SERVICE_ACCOUNT_ID=$(yc iam service-account get --name <username> --format json | jq -r .id)
-
Assign the service account the
admin
role for the folder where operations will be performed:$ yc resource-manager folder add-access-binding <folder_name> --role admin --subject serviceAccount:$SERVICE_ACCOUNT_ID
Create a VM with Jenkins
Jenkins will get VM image configuration changes from GitHub and then use Packer to create images in the cloud.
To create a virtual machine with Jenkins:
-
On the folder page in the management console, click Create resource and select Virtual machine.
-
In the Name field, enter a name for the VM:
jenkins-tutorial
. -
Select the availability zone to host the VM in.
-
Under Images from Cloud Marketplace, click Select. In the window that opens, select the Jenkins image.
-
Under Disks, enter 15 GB for the size of the boot disk:
-
Under Computing resources:
- Choose a platform: Intel Cascade Lake.
- Specify the number of vCPUs and amount of RAM:
- vCPU: 2.
- Guaranteed vCPU share: 5%.
- RAM: 2 GB.
-
Under Network settings, click Add network and choose the subnet to connect the virtual machine to. Under Public IP, assign a public address to the VM automatically or select a reserved address.
-
Under Access, specify the data required to access the VM:
- Enter the username in the Login field.
- In the SSH key field, paste the contents of the public key file.
You need to create a key pair for SSH connections on your own.
-
Click Create VM.
Install Packer
Packer lets you create virtual machine images with parameters specified in the configuration file.
Note
Yandex.Cloud requires Packer 1.4.1 and higher.
-
Download the Packer distribution for Linux.
-
Upload Packer to the VM you created:
$ scp packer_<Packer version>_linux_amd64.zip <Login>@<Public IP address of your VM>:~/
-
Connect to the VM over SSH. You can use the
ssh
utility in Linux or macOS, orPuTTY
in Windows. -
Create a new folder, move the Packer executables there, and unpack the archive:
$ sudo mkdir /opt/yandex-packer/ $ sudo mv packer_<Packer version>_linux_amd64.zip /opt/yandex-packer/ $ unzip packer_<Packer version>_linux_amd64.zip
-
All Jenkins system activity is performed on behalf of the
jenkins
user. Grant this user rights to launch Packer:$ sudo chmod u+x /opt/yandex-packer/packer* $ sudo chown jenkins:jenkins /opt/yandex-packer/packer*
Configure Jenkins
To build images based on configurations from GitHub, configure Jenkins:
-
Connect to the VM over SSH. You can use the
ssh
utility in Linux or macOS, orPuTTY
in Windows. -
Open the password file needed to launch the configuration and copy the password:
$ sudo cat /var/lib/jenkins/secrets/initialAdminPassword
-
Open
http://<public IP address of VM with Jenkins>
in the browser. Open the Jenkins management console. -
Enter the copied password in the Administrator password field and click Continue.
-
Choose Select plugins to install.
-
You will need the following plugins to run this scenario:
Pipeline
— The plugin for getting the source code from the VCS and assembling, testing, and deploying it.Git
— The plugin for working with git repositories.Credentials Binding
— The plugin for creating environment variables with authentication data.
-
Click Install. The selected components start to install.
-
When the installation is complete, you are prompted to create an administrator account. Fill in the form fields and click Save and Continue.
-
You are prompted to create a URL for Jenkins. Leave the URL as
http://<VM public IP address>/
. Click Save and finish. -
Click Start using Jenkins to complete the installation and go to the Jenkins administration panel.
Set up a Jenkins task
Enter your Yandex.Cloud authorization data and create a task to download changes from the github repository so that Jenkins can build images. The authorization data is used in the variables stored in the Packer configuration files.
- Open the Jenkins administration panel.
- Select Credentials.
- Under Stores scoped to Jenkins, click the
Global
link. - Get the ID of the subnet where images will be built by running the
yc vpc subnet list
command. - Click Add credentials. Specify the following parameters:
- In the Kind list, click
Secret text
. - In the Scope list, leave
Global
. - In the Secret field, enter the ID of your folder.
- In the Id field, enter
YC_FOLDER_ID
. Click OK.
- In the Kind list, click
- Create another secret with the following parameters:
- Kind:
Secret text
. - Scope:
Global
. - Secret: ID of the subnet where the Jenkins VM is hosted.
- ID:
YC_SUBNET_ID
.
- Kind:
- Create another secret with the following parameters:
- Kind:
Secret file
. - Scope:
Global
. - File: The
<username>.json
file from step 1. - ID:
YC_ACCOUNT_KEY_FILE
.
- Kind:
- Go back to the main page of the administration panel and select New item.
- Enter a name for the task, like
jenkins-tutorial
, and select Pipeline as the task type. Click OK. - In the window that opens, select the GitHub hook trigger for GITScm polling checkbox. This option lets you run the build every time you
push
to themaster
branch of your git repository. - Under Pipeline, select
Pipeline script from SCM
from the Definition list. - In the SCM list, select
Git
. - In the Report URL field, enter the URL of your GitHub fork.
- In the Script path field, enter
jenkins-packer/Jenkinsfile
. - Leave the other fields unchanged and click Save.
Configure the GitHub repository
In the GitHub repository settings, set up a webhook to run builds in Jenkins and add the public SSH key for authorization.
Set up a webhook
- Open the fork of your GitHub repository in the browser.
- Click the Settings tab.
- Select Webhooks and click Add webhook.
- In the Payload URL field, enter
http://<VM public IP address>/github-webhook/
. - Click Add webhook.
Add an SSH key to GitHub
- Click your GitHub avatar. In the menu that opens, select Settings.
- Click SSH and GPG keys.
- Click New SSH key.
- In the Title field, enter a name for your key.
- Paste your SSH key into the Key box.
- Click Add SSH key.
Create an image using Jenkins
The image is built in Jenkins automatically after you push
to the master
branch of your GitHub repository.
-
Clone the examples repository fork you created while getting started to your computer:
$ git clone git@github.com:<GitHub login>/examples.git
-
Make changes to the Packer templates hosted in the
jenkins-packer/packer/
folder. You can find the Packer template documentation on the developer's website. In theimage_family
andsource_image_family
parameters, specify the families of images to be built by Jenkins. For more information about families, see Image families. -
Make changes to the
Jenkinsfile
Pipeline description file for Jenkins located in the root of the repository. For the Pipeline documentation, see the developer's website. -
Upload the changes to Github:
$ git add -A $ git commit -m "Build update" $ git push
-
Open the Jenkins administration panel and check the task status.
-
If all the settings are correct, the image assembly is launched. You can see the result in the build logs.
Then there are three new images in Compute Cloud under Images:
Debian
: The basic image with the latest updates.nginx
: An image with the nginx web server, based on theDebian
image.Django
: An image with the Django framework, based on theDebian
image.
Deploy the images
Once the images are created, you can use them to create your virtual machines. Create a test infrastructure using Terraform:
-
In the folder with the fork, go to the directory with the Terraform files:
$ cd examples/jenkins-packer/terraform
-
Rename the
terraform.tfvars_example
file:mv terraform.tfvars_example terraform.tfvars
-
Fill in the file fields with the applicable values. Read the Terraform documentation on the developer's website.
-
Initialize the Terraform provider by running
terraform init
. -
Execute
terraform plan -var-file="terraform.tfvars"
. Check the configuration created. -
Execute
terraform apply
and confirm that you want to create the infrastructure by enteringyes
in the terminal.
This will create:
- A cloud network.
- Subnets in all availability zones.
- Virtual machines from images created by Packer. Virtual machines with nginx get public IP addresses. All virtual machines are connected to subnets.
Delete the created resources
If you no longer need the VMs and images:
To delete the resources created with Terraform, run terraform destroy
.