Jenkins Integration

The Bakery can build a new AMI for you every time your code changes - automatically and in the background.

Here is the flow:

  1. The developer writes code, commits it, and pushes it to a repository
  2. Jenkins is already configured to test the new code and build an artifact
  3. If the tests fail, then the developer is notified, and nothing more happens this round.
  4. If the tests pass, a notification is sent to the Bakery
  5. The Bakery then starts baking a new AMI with the new code


Jenkins can be configured to submit a JSON payload upon build completion using Notification Plugin. We enhanced this plugin so that the payload submitted includes URLs of artifacts created during the build, if they're uploaded to AWS S3.

Every Bakery pipeline has Jenkins Notification URL specified. This URL is used to configure a Jenkins job to submit a notification. Upon receiving a notification with the payload Bakery converts it to YAML and makes available at "/tmp/ci/bakery_payload.yml" to be read as a variable file and used by your Ansible playbook however you see fit. Most probably you'll want to download build artifacts.


Project to build

  1. Make sure your Jenkins instance has Notification Plugin (version 1.7 at least) and S3 Plugin installed

  2. Sign in to the Bakery using GitHub

  3. Go to your Pipelines

  4. Click on the Name of the Pipeline you want to trigger when your Jenkins job is built successfully

  5. Copy the Jenkins Notification URL listed at the bottom Pipeline Notification URL

  6. Configure your Jenkins job to submit a notification to the Bakery URL when job is "finalized" Jenkins job configuration

    The payload sent by Jenkins will look like following (you can configure an additional notification endpoint with for inspection of payloads):

      "name": "asgard",
      "url": "job/asgard/",
      "build": {
        "full_url": "http://<jenkins host>/job/asgard/67/",
        "number": 67,
        "phase": "FINALIZED",
        "status": "SUCCESS",
        "url": "job/asgard/67/",
        "scm": {
          "url": "",
          "branch": "origin/master",
          "commit": "b915aae9bdbc3179c6fd0007c8089ca150ff7bb1"
        "artifacts": {
          "asgard-standalone.jar": {
            "s3": ""
  7. Configure your Jenkins job to upload build's artifact to AWS S3: Jenkins job configuration

Ansible playbook

  1. For your Ansible playbook to use the data sent by Jenkins, you will need to add a new line to your vars_file section. For example:

      - [ /tmp/ci/bakery_payload.yml, vars/defaults.yml ]

    Notice that the "bakery_payload.yml" file is outside your playbooks directory. It is in a "/tmp" directory and therefore will not be part of your final AMI. This YAML file will look like following:

    name: "asgard"
    url: "job/asgard/"
      full_url: "http://<jenkins host>/job/asgard/67/"
      number: 67
      phase: "FINALIZED"
      status: "SUCCESS"
      url: "job/asgard/67/"
        url: ""
        branch: "origin/master"
        commit: "b915aae9bdbc3179c6fd0007c8089ca150ff7bb1"
          s3: ""
  2. In your playbook use the payload data, download build's artifact from S3 and prepare an EC2 instance for baking an AMI of it.

  3. Since you may want to use your Ansible playbook outside of the Bakery, add a "defaults.yml" file and add whatever variables your playbook and roles are using to it. This way your playbook will function properly when "/tmp/ci/bakery_payload.yml" is not available.


A complete example of a project to build and bake is available at "". This is a fork of Netflix Asgard with build script and Ansible playbook added to it.

npm   install
bower install

./grailsw war              asgard.war --non-interactive
./grailsw build-standalone asgard-standalone.jar --non-interactive

Your Jenkins instance needs to have Node.js and Java installed, here's another playbook you may use to set this up.


- name:  Asgard
  hosts: all
  sudo:  yes
    - vars/common.yml
    - vars/{{ ansible_distribution }}.yml
    - [ /tmp/ci/bakery_payload.yml, vars/common.yml ]
    - base
    - java
    - asgard

For Asgard application to function properly you need to provide credentials of an AWS account for it to manage. This can be done by creating an Asgard-specific AWS IAM user. Account credentials are then specified with Ansible extra variables when the Pipeline is defined: Pipeline extra variables

The following 4 variables need to be specified for the playbook to function properly:

  • start_service=false - prevents Asgard service from starting when AMI is baked. But don't worry, it will start automatically when AMI is launched.
  • AWS_ACCOUNT_ID - account ID Asgard will manage
  • AWS_ACCESS_KEY_ID - access key ID of an IAM user, should have admin permissions
  • AWS_SECRET_ACCESS_KEY - access key of an IAM user

Once your Pipeline is configured properly you can set up a Jenkins job to build this project by simply running "" and submit the JSON payload, as described above.

After job has finished uploading build artifact to S3 you'll see the bake process has started.

Pipeline running

After baking process has finished your AMI is ready to be launched. When starting it make sure to keep port 8080 open. Once your EC2 is up and running - browse its IP on port 8080:

Asgard starting

It takes about a minute for Asgard to start responding on this port so give it some time. Once Asgard has started properly you can browse your AWS account:

Asgard running

If AWS credentials provided to the Pipeline are of the same AWS account where the bake process was running - you can observe the AMI baked and running Asgard EC2 instance!

Asgard - AMI

Asgard - EC2

Note that in this example Asgard provides no authentication so we suggest you stop the EC2 instance immediately after you have verified Asgard is running.

What do you think of this page? Tell us about it