Development Tools

Jenkins User Guide

| Product: Jenkins

Overview

This guide covers the deployment and configuration of Jenkins Server on Linux using cloudimg AMIs from the AWS Marketplace. Jenkins is a leading open source automation server used for building, deploying, and automating software projects through continuous integration and continuous delivery (CI/CD) pipelines.

What's included in this AMI:

  • Jenkins 2.361.1 with web based management console on port 8080
  • Java 11.0.15 (OpenJDK)
  • Preconfigured systemd service for automatic startup on boot
  • OS package update script for keeping the system current
  • AWS CLI v2 for AWS service integration
  • Systems Manager Agent (SSM) for remote management
  • CloudWatch Agent for monitoring
  • Latest security patches applied at build time
  • 24/7 cloudimg support with guaranteed 24 hour response SLA

Prerequisites

Before launching this AMI, ensure you have:

  1. An active AWS account
  2. An active subscription to the Jenkins listing on AWS Marketplace
  3. An EC2 key pair for SSH access
  4. Familiarity with EC2 instance management and SSH

Recommended Instance Type: t3.medium (2 vCPU, 4 GB RAM) or larger for production workloads. The minimum requirements are 1 vCPU, 1 GB RAM, and 20 GB disk space, but Jenkins with plugins and build jobs benefits from additional memory.

Step 1: Launch the AMI

  1. Navigate to the AWS Marketplace and search for "Jenkins cloudimg"
  2. Click Continue to Subscribe, accept the terms, then Continue to Configuration
  3. Select your preferred Region and Software Version
  4. Click Continue to Launch
  5. Choose Launch through EC2 for full control over instance configuration
  6. Select your instance type (t3.medium recommended)
  7. Configure storage: 20 GB gp3 minimum, 50 GB recommended for active build environments
  8. Configure your Security Group with the following inbound rules:
Port Protocol Source Purpose
22 TCP Your IP SSH access
8080 TCP Your IP Jenkins web interface

Important: Restrict port 8080 to trusted IP addresses only. Do not open the Jenkins web interface to 0.0.0.0/0 unless you have configured authentication and are using HTTPS.

  1. Select your EC2 key pair and launch the instance

Step 2: Connect via SSH

Once your instance is running and has passed both status checks (2/2), connect using SSH:

ssh -i your-key.pem ec2-user@<public-ip-address>

Replace your-key.pem with the path to your EC2 key pair and <public-ip-address> with your instance's public IP.

Important: Wait for the EC2 instance to reach 2/2 successful status checks before attempting to connect. If you connect too early, you may see errors such as:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

This is expected during the initial boot process. Wait for both status checks to pass and try again.

To switch to the root user:

sudo su -

Step 3: Unlock Jenkins

The Jenkins service starts automatically on boot. Access the Jenkins web interface by opening your browser and navigating to:

http://<public-ip-address>:8080

You will see the Unlock Jenkins screen. Retrieve the initial administrator password from the instance:

cat /var/lib/jenkins/secrets/initialAdminPassword

Sample expected output:

7d3a6676bf72419bb4d00f6143a456a7

Copy this password and paste it into the Administrator password field in your browser, then click Continue.

Step 4: Install Plugins

After unlocking Jenkins, you will be presented with the Customize Jenkins screen with two options:

  • Install suggested plugins — Recommended for most use cases. Installs commonly used plugins including Git, Pipeline, and other essentials.
  • Select plugins to install — Choose this if you want to customize your plugin selection.

Click your preferred option. The installation may take 30 to 60 seconds depending on your instance type and network speed. The screen may appear blank briefly during installation; this is normal.

Step 5: Create Admin User

After plugin installation completes, the Create First Admin User screen appears:

  1. Enter a Username for your admin account
  2. Set a strong Password and confirm it
  3. Enter your Full name and Email address
  4. Click Save and Continue

Step 6: Configure Instance URL

The Instance Configuration screen will display the Jenkins URL. This should be set to the URL where your users will access Jenkins. The default is the current IP and port.

For production use, consider setting this to your DNS hostname (for example, http://jenkins.yourdomain.com:8080).

Click Save and Finish, then click Start using Jenkins.

Jenkins is now available and ready to use.

Server Components

Component Version Install Path
Jenkins 2.361.1 /etc/sysconfig/jenkins
Java (OpenJDK) 11.0.15 /bin/java

Note: Component versions may be updated on first boot by the automatic OS package update script.

Filesystem Layout

Mount Point Description
/ Root filesystem (38 GB)
/boot Operating system kernel files (2 GB)

Key Jenkins directories:

Directory Purpose
/var/lib/jenkins Jenkins home directory (jobs, configs, plugins)
/var/lib/jenkins/workspace Build workspace for jobs
/var/lib/jenkins/plugins Installed plugins
/var/log/jenkins Jenkins application logs
/etc/sysconfig/jenkins Jenkins service configuration

Managing the Jenkins Service

Jenkins is managed via systemd and starts automatically on boot.

Check service status:

systemctl status jenkins

Stop Jenkins:

systemctl stop jenkins

Start Jenkins:

systemctl start jenkins

Restart Jenkins:

systemctl restart jenkins

View Jenkins logs:

journalctl -u jenkins -f

Scripts and Log Files

Script/Log Path Description
initial_boot_update.sh /stage/scripts Updates the OS with the latest packages on first boot
initial_boot_update.log /stage/scripts Output log for the boot update script

On Startup

An OS package update script runs on first boot to ensure the image is fully up to date. You can disable this by removing the script and its crontab entry:

rm -f /stage/scripts/initial_boot_update.sh

crontab -e
# Delete the following line, save and exit:
@reboot /stage/scripts/initial_boot_update.sh

Troubleshooting

Cannot access Jenkins web interface on port 8080

  1. Verify the Jenkins service is running: systemctl status jenkins
  2. Check that your security group allows inbound traffic on port 8080 from your IP
  3. Ensure the instance has passed 2/2 status checks
  4. Check Jenkins logs for errors: journalctl -u jenkins --no-pager -n 50

Jenkins is slow or unresponsive

  1. Check available memory: free -m. Jenkins requires at minimum 1 GB RAM but benefits from 4 GB or more.
  2. Consider upgrading to a larger instance type if you are running multiple concurrent builds
  3. Review the number of executors in Manage Jenkins > System Configuration

Lost the initial admin password

If you have already completed the initial setup, the initialAdminPassword file is deleted. To reset access:

sudo su -
systemctl stop jenkins
# Edit /var/lib/jenkins/config.xml and set <useSecurity>false</useSecurity>
systemctl start jenkins
# Access Jenkins without auth, then re-enable security from Manage Jenkins

Plugin installation fails

  1. Verify the instance has outbound internet access (check your security group and route table)
  2. Check proxy settings if running behind a corporate firewall
  3. Try installing plugins manually from Manage Jenkins > Manage Plugins > Available

Security Recommendations

  • Restrict access: Only allow port 8080 from trusted IP addresses in your security group
  • Enable HTTPS: Configure Jenkins behind a reverse proxy (such as NGINX) with an SSL certificate
  • Configure authentication: Use Jenkins' built in user database or integrate with LDAP/Active Directory
  • Keep plugins updated: Regularly update Jenkins and its plugins from Manage Jenkins > Manage Plugins
  • Use role based access: Install the Role Based Authorization Strategy plugin for granular permissions
  • Secure the Jenkins home directory: Ensure /var/lib/jenkins is only accessible by the jenkins user
  • Enable CSRF protection: This is enabled by default in modern Jenkins versions; do not disable it

Support

If you encounter any issues with this product, contact cloudimg support:

  • Email: support@cloudimg.co.uk
  • Website: www.cloudimg.co.uk
  • Support hours: 24/7 with guaranteed 24 hour response SLA