commit | author | age
|
5d0992
|
1 |
# The Manual Menace |
c951f7
|
2 |
|
5d0992
|
3 |
> In this lab learners will use Ansible to drive automated provisioning of Projects, Access Control, Git, Jenkins and Nexus |
D |
4 |
|
|
5 |
_____ |
c951f7
|
6 |
|
D |
7 |
## Learning Outcomes |
|
8 |
As a learner you will be able to |
5d0992
|
9 |
|
D |
10 |
1. Run the OpenShift Applier to automate creating cluster content |
|
11 |
1. Create and admin project namespaces in OpenShift |
|
12 |
1. Deploy commonly used applications to support the development process |
c951f7
|
13 |
|
D |
14 |
## Tools and Frameworks |
|
15 |
|
5d0992
|
16 |
* [GitLab](https://about.gitlab.com/) - Community driven Git server now with integrated DevOps Toolchain. |
D |
17 |
* [Nexus](https://www.sonatype.com/nexus-repository-sonatype) - Repository manager for storing lots of application types. Can also host `npm` and `Docker` registries. |
|
18 |
* [Jenkins](https://jenkins.io/) - OpenSource Build automation server. Highly customisable with plugins. |
|
19 |
* [Ansible](https://www.ansible.com/) - IT Automation tool used to provision and manage state of cloud and physical infrastructure. |
|
20 |
* [OpenShift Applier](https://github.com/redhat-cop/openshift-applier) - Community driven Git server |
c951f7
|
21 |
|
5d0992
|
22 |
## Big Picture |
D |
23 |
This exercise begins with an empty Cluster |
|
24 |
> TODO - add big picture here... |
|
25 |
|
|
26 |
_____ |
c951f7
|
27 |
|
D |
28 |
## 10,000 Ft View |
5d0992
|
29 |
> This lab is aimed at the creation of the tooling that will be used to support the rest of the Exercises. The highlevel goal is to create a collection of project namespaces and populate them with Git, Jenkins & Nexus. |
D |
30 |
|
|
31 |
If you're feeling confident and don't want to follow the step-by-step guide these highlevel instructions should provide a challenge for you: |
|
32 |
|
|
33 |
2. Clone the repo `git@github.com:rht-labs/enablement-ci-cd.git` which contains the scaffold of the project. |
3558ae
|
34 |
|
5d0992
|
35 |
2. Create `<your-name>-ci-cd`, `<your-name>-dev` and `<your-name>-test` project namespaces using the inventory and run them with the OpenShift Applier to populate the cluster |
3558ae
|
36 |
|
D |
37 |
2. Use the templates provided to create build and deployment configs in `<your-name>-ci-cd` for. Templates are on a branch called `exercise1/git-nexus` && `exercise1/jenkins`: |
5d0992
|
38 |
* Nexus |
D |
39 |
* GitLab |
3558ae
|
40 |
* Jenkins (using an s2i to pre-configure jenkins) |
D |
41 |
|
5d0992
|
42 |
2. Commit your `enablement-ci-cd` repository to the GitLab Instance you've created |
3558ae
|
43 |
|
D |
44 |
2. Burn it all down and re-apply your inventory proving config-as-code works. |
c951f7
|
45 |
|
D |
46 |
## Step by Step Instructions |
bc2e43
|
47 |
> This is a structured guide with references to exact filenames and explanations. |
c951f7
|
48 |
|
bc2e43
|
49 |
### Part 1 - Create OpenShift Projects |
D |
50 |
3. Clone the scaffold project to your local machine and open it in your favourite editor. |
|
51 |
```bash |
|
52 |
git clone git@github.com:rht-labs/enablement-ci-cd.git |
c951f7
|
53 |
``` |
D |
54 |
|
bc2e43
|
55 |
3. The project is laid out as follows |
D |
56 |
``` |
|
57 |
. |
|
58 |
├── README.md |
|
59 |
├── docker |
|
60 |
│ └── jenkins-slave-node |
|
61 |
├── inventory |
|
62 |
│ ├── group_vars |
|
63 |
│ │ └── all.yml |
|
64 |
│ └── hosts |
|
65 |
├── jenkins-s2i |
|
66 |
│ ├── configuration |
|
67 |
├── params |
|
68 |
│ └── project-requests-ci-cd |
|
69 |
├── requirements.yml |
|
70 |
└── templates |
|
71 |
└── project-requests.yml |
|
72 |
``` |
|
73 |
* `docker` folder contains our jenkins-slave images that will be used by the builds. |
|
74 |
* `jenkins-s2i` contains the configuration and plugins we want to bring jenkins to life with |
|
75 |
* `params` houses the variables we will load the templates with |
|
76 |
* `templates` is a collection of OpenShift templates |
|
77 |
* `inventory/group_vars/all.yml` is the collection of objects we want to insert into the cluster. |
|
78 |
* `requirements.yml` is a manifest which contains the ansible modules needed to run the playbook |
|
79 |
Open the `inventory/group_vars/all.yml` file; you should see a some variables setup to create the `ci-cd` namespace. This calls the `templates/project-requests.yml` template with the `params/project-requests-ci-cd` parameters. We will add some additional content here but first let's explore the parameters and the template |
|
80 |
|
3558ae
|
81 |
3. Open the `params/project-requests-ci-cd` and replace the `<YOUR_NAME or initials>` with your name to create the correstponding projects in the cluster. |
bc2e43
|
82 |
![new-item](../images/ci-cd-project-namespace.png) |
D |
83 |
|
3558ae
|
84 |
3. Create another two params files for `params/project-requests-dev` & `params/project-requests-test` and add the `NAMESPACE=<YOUR_NAME>-dev` && `NAMESPACE=<YOUR_NAME>-test` and update their Display names. |
bc2e43
|
85 |
|
D |
86 |
3. In the `inventory/group_vars/all.yml` file; add the new inventory items for the projects you want to create (dev & test) by adding another object to the content array. You can copy and paste them from the `ci-cd` example and update them accordingly eg |
|
87 |
```yaml |
3558ae
|
88 |
- name: <YOUR_NAME>-dev |
bc2e43
|
89 |
template: "{{ inventory_dir }}/../templates/project-requests.yml" |
D |
90 |
template_action: create |
|
91 |
params: "{{ inventory_dir }}/../params/project-requests-dev" |
|
92 |
tags: |
|
93 |
- projects |
3558ae
|
94 |
- name: <YOUR_NAME>-test |
bc2e43
|
95 |
template: "{{ inventory_dir }}/../templates/project-requests.yml" |
D |
96 |
template_action: create |
|
97 |
params: "{{ inventory_dir }}/../params/project-requests-test" |
|
98 |
tags: |
|
99 |
- projects |
|
100 |
``` |
3f16e0
|
101 |
![project-request-yaml](../images/project-request-yml.png) |
bc2e43
|
102 |
|
D |
103 |
3. With the configuration in place; install the OpenShift Applier dependency |
|
104 |
```bash |
|
105 |
$ ansible-galaxy install -r requirements.yml --roles-path=roles |
|
106 |
``` |
|
107 |
|
|
108 |
3. Apply the inventory by logging into OpenShift and then running |
|
109 |
```bash |
|
110 |
$ oc login -p <password> -u <user> <cluster_url> |
3558ae
|
111 |
$ ansible-playbook roles/openshift-applier/playbooks/openshift-cluster-seed.yml -i inventory/ |
bc2e43
|
112 |
``` |
D |
113 |
|
|
114 |
3. Once successful you should see an output similar to this ![playbook-success](../images/play-book-success.png) |
|
115 |
|
|
116 |
### Part 2 - Nexus and GitLab |
3f16e0
|
117 |
> _Now that we have our Projects setup; we can start to populate them with Apps to be used in our dev lifecycle_ |
bc2e43
|
118 |
|
3558ae
|
119 |
4. In the `enablement-ci-cd` repo, checkout the templates for Nexus by running |
3f16e0
|
120 |
```bash |
3558ae
|
121 |
$ git checkout exercise1/git-nexus templates/nexus.yml |
D |
122 |
``` |
|
123 |
The tempate contains all the things needed to setup a persistent nexus server, exposing a service and route while also creating the persistent volume needed. Have a read through the template; at the bottom you'll see a collection of parameters we will pass to the template. |
|
124 |
|
|
125 |
4. Add some parameters for running the template by creating a new file in the `params` directory. |
|
126 |
```bash |
|
127 |
$ touch params/nexus |
3f16e0
|
128 |
``` |
D |
129 |
|
3558ae
|
130 |
4. The essential params to inclue in this file are: `params` directory. |
D |
131 |
```bash |
|
132 |
VOLUME_CAPACITY=5Gi |
|
133 |
MEMORY_LIMIT=2Gi |
|
134 |
``` |
|
135 |
|
|
136 |
4. Create a new object in the inventory variables called `ci-cd-tools` and populate it's `content` is as follows (swapping `<YOUR_NAME>-ci-cd` for the namespace you created earlier) |
|
137 |
|
|
138 |
```yaml |
|
139 |
- object: ci-cd-tools |
|
140 |
content: |
|
141 |
- name: "nexus" |
|
142 |
namespace: "<YOUR_NAME>-ci-cd" |
|
143 |
template: "{{ inventory_dir }}/../templates/nexus.yml" |
|
144 |
params: "{{ inventory_dir }}/../params/nexus" |
|
145 |
tags: |
|
146 |
- nexus |
|
147 |
``` |
|
148 |
|
|
149 |
4. Run the OpenShift applier, specifying the tag `nexus` to speed up it's execution. |
|
150 |
```bash |
|
151 |
$ ansible-playbook roles/openshift-applier/playbooks/openshift-cluster-seed.yml \ |
|
152 |
-i inventory/ \ |
|
153 |
-e="filter_tags=nexus" |
|
154 |
``` |
|
155 |
|
|
156 |
4. Once successful; login to the cluster and navigate to the `<YOUR_NAME>-ci-cd`. You should see Nexus up and running. You can login with default credentials (admin / admin123) ![nexus-up-and-running](../images/nexus-up-and-running.png) |
|
157 |
|
|
158 |
4. Now lets do the same thing for GitLab to get it up and running. Checkout the template provided by running |
|
159 |
```bash |
|
160 |
$ git checkout exercise1/gitlab-nexus templates/gitlab.yml |
|
161 |
``` |
|
162 |
Explore the template; it contains the PVC, buildConfig and services. The DeploymentConfig is made up of these apps |
|
163 |
- Redis (3.2.3) |
|
164 |
- PostgreSQL (9.4) |
|
165 |
- GitLab CE (v10.2.3) |
|
166 |
|
|
167 |
4. Add a new params file in the `params` folder called `gitlab` |
|
168 |
```bash |
|
169 |
$ touch params/gitlab |
|
170 |
``` |
|
171 |
|
|
172 |
4. Open the `params/gitlab` file and add the following params |
|
173 |
``` |
|
174 |
LDAP_BIND_DN=uid=<BIND_USER>,ou=People,dc=<YOUR_DOMAIN>,dc=com |
|
175 |
LDAP_USER_FILTER=(memberof=CN=YourGroup,OU=Users,DC=<YOUR_DOMAIN>,DC=com) |
|
176 |
LDAP_PASSWORD=<BIND_USER_PASSWORD> |
|
177 |
LDAP_HOST=<LDAP_HOST> |
|
178 |
LDAP_BASE=ou=People,dc=<YOUR_DOMAIN>,dc=com |
|
179 |
LDAP_LABEL="<LDAP_DESCRIPTION>" |
|
180 |
GITLAB_ROOT_PASSWORD=<GITLAB_ROOT_USER_PASSWORD> |
|
181 |
GITLAB_DATA_VOL_SIZE=2Gi |
|
182 |
POSTGRESQL_VOL_SIZE=1Gi |
|
183 |
APPLICATION_HOSTNAME=<GITLAB_URL> |
|
184 |
``` |
|
185 |
where the following need to be replaced by actual values: |
|
186 |
* `<BIND_USER>` is the user used to query the LDAP |
|
187 |
* `<BIND_USER_PASSWORD>` is the password used when querying the LDAP |
|
188 |
* `<YOUR_DOMAIN>` is the domain the LDAP is hosted on |
|
189 |
* `<LDAP_HOST>` is fqdn of the LDAP server |
|
190 |
* `<LDAP_DESCRIPTION>` is the description to be used on the sign-in header for GitLab eg "Name LDAP Login" |
|
191 |
* `<GITLAB_ROOT_USER_PASSWORD>` is the root user for GOD access on the GitLab instance eg password123 |
|
192 |
* `<GITLAB_URL>` is the endpoint for gitlab. It will take the form `gitlab-<YOUR_NAME>-ci-cd.apps.<ENV_ID>.<YOUR_DOMAIN>.com` |
|
193 |
|
|
194 |
4. Create another object in the inventory `all_vars.yml` file to run the build & deploy of this template. Add the following and update the `namespace:` accordingly |
|
195 |
```yaml |
|
196 |
- name: "gitlab" |
|
197 |
namespace: "<YOUR_NAME>-ci-cd" |
|
198 |
template: "{{ inventory_dir }}/../templates/gitlab.yml" |
|
199 |
params: "{{ inventory_dir }}/../params/gitlab" |
|
200 |
tags: |
|
201 |
- gitlab |
|
202 |
``` |
|
203 |
|
|
204 |
4. Run the OpenShift applier, specifying the tag `gitlab` to speed up it's execution. |
|
205 |
```bash |
|
206 |
$ ansible-playbook roles/openshift-applier/playbooks/openshift-cluster-seed.yml \ |
|
207 |
-i inventory/ \ |
|
208 |
-e="filter_tags=gitlab" |
|
209 |
``` |
|
210 |
|
|
211 |
4. Once successful; login to the cluster and navigate to the `<YOUR_NAME>-ci-cd`. You should see GitLab up and running. You can login with using your cluster credentials ![gitlab-up-and-running](../images/gitlab-up-and-running.png) |
bc2e43
|
212 |
|
D |
213 |
### Part 3 - Jenkins & s2i |
|
214 |
5. Add new plugin ... |
|
215 |
|
|
216 |
### Part 4 - live, die repeat |
|
217 |
6. Commit your code to the new repo in GitLab |
|
218 |
|
3558ae
|
219 |
6. Burn your OCP content to the ground |
D |
220 |
|
|
221 |
6. Re-apply the inventory! |
c951f7
|
222 |
|
5d0992
|
223 |
_____ |
D |
224 |
|
c951f7
|
225 |
## Extension Tasks |
D |
226 |
> Ideas for go-getters. Advanced topic for doers to get on with if they finish early. These will usually not have a solution and are provided for additional scope. |
|
227 |
|
3558ae
|
228 |
- Add more secure access for Nexus (ie not admin / admin123) using the automation to drive secret creation |
c951f7
|
229 |
|
5d0992
|
230 |
_____ |
D |
231 |
|
c951f7
|
232 |
## Additional Reading |
D |
233 |
> List of links or other reading that might be of use / reference for the exercise |