Bamboo helps you build a continuous integration and continuous delivery pipeline.
- Continuous Integration enables constant merging and testing of code, which leads to finding defects early and saves time on fixing merge issues. Development teams also receive rapid feedback on their work.
- Continuous Delivery enables you to deliver software solutions to production and testing environments to help organizations quickly fix bugs and respond to ever-changing business requirements. Bamboo provides following features:
- Automated building and testing of software
- Reporting tools for statistical analysis
- Visibility info, and control over release artifacts and environments
For more information on Bamboo, refer to https://www.atlassian.com/software/bamboo.
Topics
- Roles and Permissions
- Access Bamboo
- Install Remote Agent
- Register Remote Agent
- Upgrade Remote Agent
- Create Elastic Agent
- Register Elastic Agent
- Base Elastic Agent AMI
- Fair Usage Guidelines for Elastic Agents
- Bamboo Clean up and Best Practices
- FAQs
A SHIP-HATS Project Admin (PA) can add Atlassian Bamboo to a SHIP-HATS project. After you add Bamboo as your project tool, a Bamboo project is created. For more information on possible permissions for users added to the project, refer to Bamboo project permissions.
Topics
- SHIP-HATS - Bamboo Role Mapping
- Bamboo Users
- View Project Permissions
- Bamboo User Access
- Bamboo Group Access
| SHIP-HATS User | Bamboo User |
|---|---|
| Project Admin (PA) | Administrator for the project. This role is assigned by default when Bamboo is added to the SHIP-HATS project. Administrator can assign project roles to other users and there can be more than one Administrator. |
| Users | SHIP-HATS users can be assigned as an administrator or added as a user to the project. |
You can add and manage users as individual users and group. Administrator can view Project permissions assigned for users and groups.
-
In SHIP Bamboo, go to Projects and choose your project.
-
Click
Project settings. If you do not have Admin permissions, you will not be able to view this option.
-
From the sidebar, select Project permissions. You will be able to view the Project permissions.
Administrator can add users individually and manage their permissions.
Groups are an easier and efficient way to manage user access for multiple users. Users can raise a service request with the required group name, project name and user details such as name and email address. Crowd administrator in the SHIP-HATS team evaluates the request and approves it accordingly.
If approved, the group is created with the agency name prefixed to it. For example, govtech-codex-documentation. If a group was already created for managing users in any one of the Atlassian products added to your project on SHIP-HATS, you would be able to see that in all the integrated Atlassian products. Bamboo project administrators can manage user groups for this project.
- Make sure that you are a Subscription Admin (SA), a Project Admin (PA), or a Developer.
- Make sure that you provision for Bamboo Remote Agent. Bamboo Remote Agent is an add-on tool, which is not part of the standard subscription. Ensure that you have a sufficient quota of bamboo agents subscribed. If there are none subscribed/insufficient quota, SA will need to subscribe/increase the quota by raising a service request ticket.
- Install the Remote Agent
- Set up VPC Endpoint Connections. This is required if you are setting up an agent in AWS, you can leverage VPC endpoints to connect to VPC endpoint services provided by SHIP. You must create VPC endpoints for SHIP's endpoint services in the same VPC as the DevOps zone.
Note the following requirements: - Set up Machine VPN. This step is required if you are setting up an agent outside AWS (e.g. Azure) or if you cannot leverage VPC endpoints to connect to VPC endpoint services provided by SHIP.
Complete the following steps:- Submit a service request to SHIP for OpenVPN Client config file for the Bamboo agent. This config file should not require password authentication.
- Install OpenVPN client.
Note: Based on the prerequisites mentioned above, raise a service request ticket as needed.
- Make sure that you have Java Runtime Environment 8.0 installed on the agent machine.
- Download the remote agent JAR file to a directory on the agent machine.
-
Install Java Runtime Environment 8.0 on the agent machine.
-
Download the remote agent JAR file to a directory on the agent machine.
-
Run the remote agent by running the following command line from the directory containing the remote agent jar file:
java -jar atlassian-bamboo-agent-installer-8.2.1.jar https://bamboo.ship.gov.sg/agentServer/ -
Click atlassian-bamboo-agent-installer-8.2.1.jar to download the jar file.
This will start a service wrapper for your agent, which will automatically restart in case of failure. You may also add extra system properties like
-Dbamboo.home=...to customize the home location of the agent.
For more information, refer to the Atlassian documentation.
-
Create a SHIP Service Ticket for Agent Approvals with UUID information.
If you already ran with 6.10.4 JAR file, you can skip these steps as 6.10.4 JAR is compatible with 8.2.1.
-
Stop the original agent.
-
Backup the
BAMBOO_AGENT_HOME/conf/wrapper.conffile. -
Remove the
BAMBOO_AGENT_HOME/confdirectory. -
Download a new Remote Agent JAR from your Bamboo Server:
atlassian-bamboo-agent-installer-8.2.1.jar(Via SHIP VPN), and then rename it asatlassian-bamboo-agent-installer-8.2.1.jar -
Launch the remote agent:
java -jar atlassian-bamboo-agent-installer-8.2.1.jarhttps://bamboo.ship.gov.sg/agentServer/Click atlassian-bamboo-agent-installer-8.2.1.jar to download the jar file.
This will create a new
wrapper.conffile. If you want to re-enact your custom configuration in that file, you can do it now.
- Provide the following information:
- Remote Agent IP Address Range
- Remote agent connectivity method (VPN, endpoints etc)
- Declare controls applied on the following:
- Bamboo user privileges has been properly assessed to not have more privilege than it requires
- Remote agent is not able to reach where its not meant to
- SSH / IAM credentials required — is this a good security practice? the downside is that credentials need to be exposed in bamboo / code.
- Clean your workspace after every deployment
- Create a SR for approving the Remote agent with the UUID
- After the agent is approved, Agency needs to provide the agent name so that SHIP-HATS team can rename the agent with the correct billing account and dedicate it to the Agency's project.
-
Go to Agent > Elastic Agent : Manage elastic image configurations.
-
Go to the bottom of the page and enter the required values.
-
Select the Use Virtual Private Cloud check box, and then select the following Subnets.
Notes:
- For the latest AMI IDs, refer to the Base Elastic Agent AMI section.
- Use the default instance type as T3 Burstable Performance Large (Unless the tenants having).
- Make sure to select the correct subnets.
-
The SHIP Bamboo golden image is configured to have the required capabilities (as shown below). We highly recommend using SHIP Bamboo Base Image as it will reduce the effort to test and build your own image and this image is constantly enhanced and scanned to ensure no security vulnerabilities.
-
Agencies having specific requirements could reach out to SHIP team to request for software that is not available in the base AMI.
-
For those with exception and need to configure the elastic agent by themselves, after consulting SHIP team, following AMI could be used by launching the instance and configuring required softwares.
-
Once the softwares are installed, create the image and share the image to SHIP GCC account (726262972162). Make sure that the root volume is having the setting "Delete on termination" when you are creating the AMI.
-
If you already have a snapshot pre-prepared, then simply share the image to us.
-
Please make sure that the "Add 'create volume' permission to the following associated snapshots when creating permissions" is selected when you share the AMI with SHIP
-
Raise a Service Desk ticket for adding this image to your agent. We will then scan the image and if there is no vulnerabilities we will update the AMI to your agent. If there is vulnerability issue, we will let you know and you have to fix it and share it back to us..
-
We will keep updating our base image whenever we upgrade our bamboo server or if we get notified for any security vulnerability issues.
For information on available Base Elastic Agent AMI, refer to the Base Elastic Agent AMI section in the SHIP Bamboo Elastic Agent for SHIP Users confluence.
This section documents the guidelines for all SHIP-HATS tenants to note when using bamboo elastic agents provided. Always refer to this page on latest updates.
Behaviour when a build job is triggered:
- The build task will not start until an available elastic bamboo agent picks up the job.
- The build task will be processed on a first-come first-served basis.
As the bamboo elastic agents is a shared pool of resources and it is based on first-come first-served basis. In the event that the build/deployment is scheduled during peak period, it will be queued until the resource/agent is available to service the build jobs in the queue.
While we strive to ensure consistent availability to all users, we would like to seek your co-operation to adhere to following guidelines.
This will allow all tenants to have equal usage on the shared pool of bamboo elastic agents.
(Dedicated bamboo agents are not in this scope)
- Elastic bamboo agent jobs running more than 500 minutes continuously will be terminated to avoid impacting availability of the shared resources.
- Agencies with specific requirements can write to the SHIP team (at [email protected]) for evaluation. Requests will be reviewed based on actual use-case.
- Elastic bamboo agents should not be used to perform load testing. For agency that needs to conduct performance or load testing, please run the load test using own remote agent.
- Run jobs in your CI pipeline. Schedule jobs only when necessary, and during low peak hours. You could reach out to SHIP team to find out the recommended timing.
Bamboo is a great CI/CD tool. It offers a powerful tool for automating software development, however, knowledge of some of the tips and tricks helps our shared Bamboo system to be used effectively. Maintenance and cleanup is a shared responsibility (SHIP & Tenants) to keep the growing environment clean. It also helps all of us to ease the migration tasks. Due to our growing volume and size, we have to keep upgrading our EBS size that causes frequent maintenance and downtimes. Therefore, follow these steps to keep the environment available.
-
Check all the disabled plans in your bamboo project and delete those which are not necessary because these disabled plans use space in the bamboo with the build artefacts, logs, etc.
-
When creating a source code checkout task, always make sure to start a clean build. Make sure that the Force Clean Build check box is selected as shown below.
-
Do not change the default expiry for the builds. Currently our bamboo build store last 10 artefacts for the plan. If you change this settings to ensure that bamboo build does not store unnecessary artefacts, build results, and logs in the system.
If you have enabled this by mistake please clear the check box in the Plan configuration > Other settings.
-
You can also enable Plan-branches expiry to delete branches from Bamboo after they are removed from your repository. This will reduce the number of branches and make Bamboo cleaner. To activate this option for a plan, complete the following step for each plan, and choose the required criteria: Plan Configuration > Branches > Delete plan branch
-
Configure a Plan branch cleanup. For more information, refer to the Using plan branches - Bamboo Server - Atlassian documentation.
-
Download the plan artefacts of the disabled plans and delete the plans which are not in use any more. If you want to download the artefacts:
-
Go to the plan build logs.
-
Select the last successful build icon which takes you to the build log.
-
Go to the Artifacts tab, and then click the artifact to download it.
-
If you would like to download the logs, go to the Logs tab, and then download the logs.
-
-
If you want to copy the existing plan:
- Click Create > Clone plan, and then select the plan which you want to clone and give the new plan name for it.
- After the new plan is created, delete the old plan.
Following section provides few additional best practices in administrating the CI/CD tool:
- Restrict the number of admin to the project to a less number (< 3) and keep checking the permissions in your project and plans.
- Use the service account id and password in your bamboo plan variables
- Store the release artefact in nexus repository or push it to in your own S3 bucket for safer side.