I am trying to deploy a Jenkins instance in an AWS ECS using a docker image I pushed to ECR. All the infrastructure required for this deployment was built using Terraform.
So far, I managed to build and run a container based on the following Docker file in my local machine with no issues:
However, when it comes to deploy it to AWS ECS, I see that Jenkins initializes fine, however, when it is about to start, it ends with message: JVM is terminating. Shutting down Jetty
I set the logging level of Jenkins to FINEST to gather all possible causes for this behavior, but I do not see any error. These are the logs happening before Jenkins:
2021-05-20T11:29:33.725-05:00 FINE: adding implicit dependency zulip → sshd because of 1.653
2021-05-20T11:29:33.725-05:00 May 20, 2021 4:29:33 PM jenkins.model.Jenkins setInstallState
2021-05-20T11:29:33.725-05:00 FINE: Install state transitioning from: INITIAL_SECURITY_SETUP to : NEW
2021-05-20T11:29:33.725-05:00 May 20, 2021 4:29:33 PM jenkins.InitReactorRunner$1 onTaskCompleted
2021-05-20T11:29:33.725-05:00 FINE: Completed Finalizing set up
2021-05-20T11:29:33.726-05:00 May 20, 2021 4:29:33 PM jenkins.InitReactorRunner$1 onAttained
2021-05-20T11:29:33.726-05:00 INFO: Completed initialization
2021-05-20T11:29:33.726-05:00 May 20, 2021 4:29:33 PM jenkins.InitReactorRunner$1 onAttained
2021-05-20T11:29:33.726-05:00 FINE: Attained Finalizing set up
2021-05-20T11:29:33.726-05:00 May 20, 2021 4:29:33 PM jenkins.model.Jenkins save
2021-05-20T11:29:33.726-05:00 FINE: setting version 1.0 to 2.293
2021-05-20T11:29:33.732-05:00 May 20, 2021 4:29:33 PM jenkins.util.SystemProperties getString
2021-05-20T11:29:33.732-05:00 CONFIG: Property (default): hudson.TcpSlaveAgentListener.hostName => null
2021-05-20T11:29:33.733-05:00 May 20, 2021 4:29:33 PM jenkins.util.SystemProperties getString
2021-05-20T11:29:33.733-05:00 CONFIG: Property (default): hudson.TcpSlaveAgentListener.port => null
2021-05-20T11:29:33.738-05:00 May 20, 2021 4:29:33 PM jenkins.branch.WorkspaceLocatorImpl load
2021-05-20T11:29:33.738-05:00 FINER: cache miss on /var/jenkins_home/workspace
2021-05-20T11:29:33.750-05:00 May 20, 2021 4:29:33 PM hudson.WebAppMain$3 run
2021-05-20T11:29:33.750-05:00 INFO: Jenkins is fully up and running
2021-05-20T11:29:33.771-05:00 May 20, 2021 4:29:33 PM jenkins.slaves.restarter.JnlpSlaveRestarterInstaller install
2021-05-20T11:29:33.771-05:00 FINE: Effective SlaveRestarter on : null
2021-05-20T11:29:34.030-05:00 May 20, 2021 4:29:34 PM jenkins.util.JSONSignatureValidator verifySignature
2021-05-20T11:29:35.652-05:00 May 20, 2021 4:29:35 PM hudson.model.DownloadService$Downloadable load
2021-05-20T11:29:35.652-05:00 INFO: Obtained the updated data file for hudson.tools.JDKInstaller
2021-05-20T11:29:35.652-05:00 May 20, 2021 4:29:35 PM hudson.util.Retrier start
2021-05-20T11:29:35.652-05:00 INFO: Performed the action check updates server successfully at the attempt #1
2021-05-20T11:29:35.659-05:00 May 20, 2021 4:29:35 PM hudson.model.AsyncPeriodicWork lambda$doRun$0
2021-05-20T11:29:35.659-05:00 INFO: Finished Download metadata. 38,688 ms
2021-05-20T11:29:58.009-05:00 May 20, 2021 4:29:58 PM winstone.Logger logInternal
2021-05-20T11:29:58.009-05:00 INFO: JVM is terminating. Shutting down Jetty
I do not see any warn/error in the previous logs (null stuff appears in my local as well, so I do not think there is an issue there).
This is the TF code I am using:
terraform {
required_version = ">= 0.12"
required_providers {
aws = {
version = "3.15"
source = "hashicorp/aws"
}
}
}
provider "aws" {
region = "us-west-2"
}
resource "aws_cloudwatch_log_group" "jenkinsdev_loggroup" {
name = "jenkinsdev-loggroup"
}
resource "aws_ecr_repository" "jenkinsdev_repo" {
name = "jenkinsdev-repo"
}
resource "aws_ecs_cluster" "jenkinsdev_cluster" {
name = "jenkinsdev-cluster"
}
resource "aws_ecs_task_definition" "jenkinsdev_task" {
family = "jenkinsdev-task"
container_definitions = <<DEFINITION
[
{
"name": "jenkinsdev-task",
"image": "${aws_ecr_repository.jenkinsdev_repo.repository_url}",
"essential": true,
"portMappings": [
{
"containerPort": 8080,
"hostPort": 8080
}
],
"memory": 512,
"cpu": 256,
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "${aws_cloudwatch_log_group.jenkinsdev_loggroup.name}",
"awslogs-region": "us-west-2",
"awslogs-stream-prefix": "jenkinsdev"
}
},
"environment": [
{
"name": "JENKINS_ADMIN_ID",
"value": "user01"
},
{
"name": "JENKINS_ADMIN_PASSWORD",
"value": "password01"
},
{
"name": "JAVA_OPTS",
"value": "-Djava.util.logging.config.file=/var/jenkins_home/log.properties"
}
]
}
]
DEFINITION
requires_compatibilities = ["FARGATE"]
network_mode = "awsvpc"
memory = 2048
cpu = 1024
execution_role_arn = aws_iam_role.ecsTaskExecutionRole.arn
}
resource "aws_iam_role" "ecsTaskExecutionRole" {
name = "ecsTaskExecutionRole"
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
}
data "aws_iam_policy_document" "assume_role_policy" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = [ "ecs-tasks.amazonaws.com" ]
}
}
}
resource "aws_iam_role_policy_attachment" "ecsTaskExecutionRole_policy" {
role = aws_iam_role.ecsTaskExecutionRole.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
}
resource "aws_ecs_service" "jenkinsdev_service" {
name = "jenkinsdev-service"
cluster = aws_ecs_cluster.jenkinsdev_cluster.id
task_definition = aws_ecs_task_definition.jenkinsdev_task.arn
launch_type = "FARGATE"
desired_count = 1
load_balancer {
target_group_arn = aws_lb_target_group.target_group.arn
container_name = aws_ecs_task_definition.jenkinsdev_task.family
container_port = 8080
}
network_configuration {
subnets = ["subnet-111", "subnet-222", "subnet-333"]
assign_public_ip = true
security_groups = [aws_security_group.service_security_group.id]
}
}
resource "aws_security_group" "load_balancer_security_group" {
vpc_id = "vpc-000"
ingress {
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
from_port = 80
to_port = 80
}
egress {
protocol = "-1"
cidr_blocks = [ "0.0.0.0/0" ]
from_port = 0
to_port = 0
}
}
# Adding Security Group for service
resource "aws_security_group" "service_security_group" {
vpc_id = "vpc-000"
ingress {
protocol = "-1"
from_port = 0
to_port = 0
security_groups = [aws_security_group.load_balancer_security_group.id]
}
egress {
protocol = "-1"
cidr_blocks = [ "0.0.0.0/0" ]
from_port = 0
to_port = 0
}
}
resource "aws_alb" "jenkinsdev_load_balancer" {
name = "jenkinsdev-lb-tf"
load_balancer_type = "application"
subnets = ["subnet-111", "subnet-222", "subnet-333"]
security_groups = [aws_security_group.load_balancer_security_group.id]
}
resource "aws_lb_target_group" "target_group" {
name = "target-group"
port = 8080
protocol = "HTTP"
target_type = "ip"
vpc_id = "vpc-000"
health_check {
matcher = "200"
path = "/"
}
depends_on = [
aws_alb.jenkinsdev_load_balancer
]
}
resource "aws_lb_listener" "listener" {
load_balancer_arn = aws_alb.jenkinsdev_load_balancer.arn
port = 80
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.target_group.arn
}
}
I do not think the Docker file would be really useful since it works well on local, but attaching anyway:
FROM jenkins/jenkins:latest
ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false
ENV CASC_JENKINS_CONFIG /var/jenkins_home/casc.yaml
COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
COPY log.properties /var/jenkins_home/log.properties
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
COPY casc.yaml /var/jenkins_home/casc.yaml
I've tried adding more memory in the task definition, however, seems like the issue is not there.
Thanks in advance for any help or clue.
