RedHatTraining/rht-labs-docs.git

donal

2018-04-24 a7a123a02f01328a3ca6a3163487256067490e12

commit \| author \| age
74d1f1	1	# The Manual Menace
9eed0b	2	> In this lab learners will use Ansible to drive automated provisioning of Projects in Openshift, Git, Jenkins and Nexus.
0f4d08	3
9eed0b	4	![automation-xkcd](https://imgs.xkcd.com/comics/automation.png)
D	5
	6	## Exercise Intro
	7	In this exercise we will use automation tooling to create Project namespaces for our `CI/CD` tooling along with the `dev` and `test` namespaces for our deployments to live. We do this to manually using the OpenShift CLI; but as we go from cluster to cluster or project to project Dev and Ops teams often find themselves having to redo these tasks again and again. Configuring our cluster using code; we can easily store this in Git and repeat the process again and again. By minimising the time taken to do these repetitive tasks we can accelerate our ability to deliver value to our customers; working on the hard problems they face.
	8
	9	This exercise uses Ansible to drive the creation of the cluster content. In particular; we'll use a play book called the `OpenShift Applier`. Once the project namespace have been created; we will add some tools to support CI/CD such as Jenkins, Git and Nexus. These tools will be needed by later lessons to automate the build and deploy of our apps. Again; we will use OpenShift Templates and drive their creation in the cluster using Ansible. To prove things are working, finally we'll delete all our content and re-apply the inventory to re-create our clusters content.
74d1f1	10
78b569	11	#### Why is config-as-code important?
D	12	* Assurance - Prevents unwanted config changes from people making arbitrary changes to environments. No more Snowflake servers!
	13	* Traceability - Commiting config as code means a user has approved and changes can be tracked.
	14	* Phoenix Server - Burn it all to the ground and bring it back; exactly the way it was!
	15
74d1f1	16	_____
0f4d08	17
D	18	## Learning Outcomes
	19	As a learner you will be able to
74d1f1	20
D	21	1. Run the OpenShift Applier to automate creating cluster content
	22	1. Create and admin project namespaces in OpenShift
	23	1. Deploy commonly used applications to support the development process
0f4d08	24
D	25	## Tools and Frameworks
	26
74d1f1	27	* [GitLab](https://about.gitlab.com/) - Community driven Git server now with integrated DevOps Toolchain.
D	28	* [Nexus](https://www.sonatype.com/nexus-repository-sonatype) - Repository manager for storing lots of application types. Can also host `npm` and `Docker` registries.
	29	* [Jenkins](https://jenkins.io/) - OpenSource Build automation server. Highly customisable with plugins.
	30	* [Ansible](https://www.ansible.com/) - IT Automation tool used to provision and manage state of cloud and physical infrastructure.
b4d469	31	* [OpenShift Applier](https://github.com/redhat-cop/openshift-applier) - used to apply OpenShift objects to an OpenShift Cluster.
A	32
	33
0f4d08	34
74d1f1	35	## Big Picture
D	36	This exercise begins with an empty Cluster
	37	> TODO - add big picture here...
	38
	39	_____
0f4d08	40
D	41	## 10,000 Ft View
74d1f1	42	> This lab is aimed at the creation of the tooling that will be used to support the rest of the Exercises. The highlevel goal is to create a collection of project namespaces and populate them with Git, Jenkins & Nexus.
D	43
	44	If you're feeling confident and don't want to follow the step-by-step guide these highlevel instructions should provide a challenge for you:
	45
4bf3e6	46	2. Clone the repo `https://github.com/rht-labs/enablement-ci-cd` which contains the scaffold of the project.
92099a	47
74d1f1	48	2. Create `<your-name>-ci-cd`, `<your-name>-dev` and `<your-name>-test` project namespaces using the inventory and run them with the OpenShift Applier to populate the cluster
92099a	49
D	50	2. Use the templates provided to create build and deployment configs in `<your-name>-ci-cd` for. Templates are on a branch called `exercise1/git-nexus` && `exercise1/jenkins`:
74d1f1	51	* Nexus
D	52	* GitLab
92099a	53	* Jenkins (using an s2i to pre-configure jenkins)
D	54
74d1f1	55	2. Commit your `enablement-ci-cd` repository to the GitLab Instance you've created
92099a	56
D	57	2. Burn it all down and re-apply your inventory proving config-as-code works.
0f4d08	58
D	59	## Step by Step Instructions
bd7806	60	> This is a structured guide with references to exact filenames and explanations.
0f4d08	61
bd7806	62	### Part 1 - Create OpenShift Projects
d28811	63	> _Using the OpenShift Applier, we will add new project namespaces to the cluster which will be used throughout the exercise._
D	64
2a3d5b	65	3. Clone the scaffold project to your local machine and pull all remote branches for use in later labs. Open the repo in your favourite editor.
bd7806	66	```bash
2a3d5b	67	$ git clone https://github.com/rht-labs/enablement-ci-cd && cd enablement-ci-cd
RH	68	```
	69	Followed by;
	70	```
	71	$ for branch in `git branch -a \| grep remotes \| grep -v HEAD \| grep -v master`; do
	72	git branch --track ${branch#remotes/origin/} $branch
	73	done
0f4d08	74	```
D	75
bd7806	76	3. The project is laid out as follows
D	77	```
	78	.
	79	├── README.md
fd78e6	80	├── apply.yml
bd7806	81	├── docker
fd78e6	82	│ └── jenkins-slave-npm
bd7806	83	├── inventory
fd78e6	84	│ ├── host_vars
D	85	│ │ ├── ci-cd-tooling.yml
	86	│ │ └── projects-and-policies.yml
	87	│ └── hosts
bd7806	88	├── jenkins-s2i
D	89	├── params
fd78e6	90	│ └── project-requests-ci-cd
bd7806	91	├── requirements.yml
D	92	└── templates
fd78e6	93	└── project-requests.yml
bd7806	94	```
D	95	* `docker` folder contains our jenkins-slave images that will be used by the builds.
	96	* `jenkins-s2i` contains the configuration and plugins we want to bring jenkins to life with
	97	* `params` houses the variables we will load the templates with
	98	* `templates` is a collection of OpenShift templates
fd78e6	99	* `inventory/host_vars/*.yml` is the collection of objects we want to insert into the cluster.
bd7806	100	* `requirements.yml` is a manifest which contains the ansible modules needed to run the playbook
fd78e6	101	* `apply.yml` is a playbook that sets up some variables and runs the OpenShift Applier role.
bd7806	102
fd78e6	103	3. Open the `apply.yml` file in the root of the project. Update the namespace variables by replacing the `<YOUR_NAME>` with your name or initials. For example; my name is Dónal so I've created:
D	104	```yaml
f49b0d	105	hosts: "{{ target }}"
fd78e6	106	vars:
D	107	ci_cd_namespace: donal-ci-cd
	108	dev_namespace: donal-dev
	109	test_namespace: donal-test
f49b0d	110	tasks:
fd78e6	111	```
f49b0d	112	<p class="tip">
D	113	NOTE - yaml is indentation sensitive so keep things lined up properly!
	114	</p>
fd78e6	115
D	116	3. Open the `inventory/host_vars/projects-and-policies.yml` file; you should see some variables setup already to create the `<YOUR_NAME>-ci-cd` namespace. This object is passed to the OpenShift Applier to call the `templates/project-requests.yml` template with the `params/project-requests-ci-cd` parameters. We will add some additional content here but first let's explore the parameters and the template
	117
	118	3. Open the `params/project-requests-ci-cd` and replace the `<YOUR_NAME>` with your name to create the correstponding projects in the cluster.
1c9328	119	![new-item](../images/exercise1/ci-cd-project-namespace.png)
bd7806	120
fd78e6	121	3. Let's add two more param files to pass to our template to be able to create a `dev` and `test` project.
D	122	* Create another two params files `params/project-requests-dev` & `params/project-requests-test`.
	123	* Add to `params/project-requests-dev` the following; substituting `<YOUR_NAME>` accordingly
	124	```
	125	NAMESPACE=<YOUR_NAME>-dev
	126	NAMESPACE_DISPLAY_NAME=<YOUR-NAME> Dev
	127	```
	128	* Add to `params/project-requests-test` the following; substituting `<YOUR_NAME>` accordingly
	129	```
	130	NAMESPACE=<YOUR_NAME>-test
	131	NAMESPACE_DISPLAY_NAME=<YOUR-NAME> Test
	132	```
bd7806	133
fd78e6	134	3. In the `inventory/host_vars/projects-and-policies.yml` file; add the new objects for the projects you want to create (dev & test) by adding another object to the content array for each. You can copy and paste them from the `ci-cd` example and update them accordingly. If you do this; remember to change the params file! e.g.
bd7806	135	```yaml
fd78e6	136	- name: "{{ dev_namespace }}"
D	137	template: "{{ playbook_dir }}/templates/project-requests.yml"
1c9328	138	template_action: create
fd78e6	139	params: "{{ playbook_dir }}/params/project-requests-dev"
1c9328	140	tags:
D	141	- projects
fd78e6	142	- name: "{{ test_namespace }}"
D	143	template: "{{ playbook_dir }}/templates/project-requests.yml"
1c9328	144	template_action: create
fd78e6	145	params: "{{ playbook_dir }}/params/project-requests-test"
1c9328	146	tags:
D	147	- projects
bd7806	148	```
1c9328	149	![project-request-yaml](../images/exercise1/project-request-yml.png)
bd7806	150
D	151	3. With the configuration in place; install the OpenShift Applier dependency
	152	```bash
	153	$ ansible-galaxy install -r requirements.yml --roles-path=roles
	154	```
	155
11198f	156	3. Apply the inventory by logging into OpenShift and running the following:
bd7806	157	```bash
D	158	$ oc login -p <password> -u <user> <cluster_url>
fd78e6	159	$ ansible-playbook apply.yml -i inventory/ -e target=bootstrap
D	160	```
	161	where the `-e target=bootstrap` is passing an additional variable specifying that we run the `bootstrap` inventory
bd7806	162
11198f	163	3. Once successful you should see an output similar to this: ![playbook-success](../images/exercise1/play-book-success.png)
bd7806	164
f49b0d	165	3. You can check to see the projects have been created successfully by running
D	166	```bash
	167	$ oc projects
	168	```
	169	![project-success](../images/exercise1/project-success.png)
	170
bd7806	171	### Part 2 - Nexus and GitLab
da55a5	172	> _Now that we have our Projects setup; we can start to populate them with Apps to be used in our dev lifecycle_
bd7806	173
fdaee0	174	#### Part 2a - Nexus
92099a	175	4. In the `enablement-ci-cd` repo, checkout the templates for Nexus by running
da55a5	176	```bash
92099a	177	$ git checkout exercise1/git-nexus templates/nexus.yml
D	178	```
11198f	179	The template contains all the things needed to setup a persistent nexus server, exposing a service and route while also creating the persistent volume needed. Have a read through the template; at the bottom you'll see a collection of parameters we will pass to the template.
92099a	180
D	181	4. Add some parameters for running the template by creating a new file in the `params` directory.
	182	```bash
	183	$ touch params/nexus
da55a5	184	```
D	185
92099a	186	4. The essential params to inclue in this file are: `params` directory.
D	187	```bash
	188	VOLUME_CAPACITY=5Gi
	189	MEMORY_LIMIT=2Gi
	190	```
	191
4c20f0	192	4. Create a new object in the inventory variables `inventory/host_vars/ci-cd-tooling.yml` called `ci-cd-tooling` and populate it's `content` is as follows
fd78e6	193
92099a	194	```yaml
fd78e6	195	---
D	196	ansible_connection: local
	197	openshift_cluster_content:
	198	- object: ci-cd-tooling
	199	content:
4c20f0	200	- name: "nexus"
D	201	namespace: "{{ ci_cd_namespace }}"
	202	template: "{{ playbook_dir }}/templates/nexus.yml"
	203	params: "{{ playbook_dir }}/params/nexus"
	204	tags:
	205	- nexus
92099a	206	```
1c9328	207	![ci-cd-deployments-yml](../images/exercise1/ci-cd-deployments-yml.png)
92099a	208
b92135	209	4. Run the OpenShift applier, specifying the tag `nexus` to speed up it's execution (`-e target=tools` is to run the other inventory).
92099a	210	```bash
b92135	211	$ ansible-playbook apply.yml -e target=tools \
92099a	212	-i inventory/ \
1c9328	213	-e "filter_tags=nexus"
92099a	214	```
D	215
3acbf0	216	4. Once successful; login to the cluster through the browser (using cluster URL) and navigate to the `<YOUR_NAME>-ci-cd`. You should see Nexus up and running. You can login with default credentials (admin / admin123) ![nexus-up-and-running](../images/exercise1/nexus-up-and-running.png)
92099a	217
fdaee0	218	#### Part 2b - GitLab
D	219	<p class="tip">
	220	NOTE - This section may already have been completed for you, please check with your tutor. If this is the case, skip to section 6 to add your code to GitLab.
	221	</p>
	222
11198f	223	4. Now let's do the same thing for GitLab to get it up and running. Checkout the template and params provided by running
92099a	224	```bash
de26e3	225	$ git checkout exercise1/git-nexus templates/gitlab.yml params/gitlab
92099a	226	```
D	227	Explore the template; it contains the PVC, buildConfig and services. The DeploymentConfig is made up of these apps
	228	- Redis (3.2.3)
	229	- PostgreSQL (9.4)
	230	- GitLab CE (v10.2.3)
	231
3acbf0	232	4. Open the `params/gitlab` file and complete the following params
RH	233	<p class="tip">
	234	Note - The values here for the LDAP and BIND credentials will be provided by your tutor.
	235	</p>
92099a	236	```
D	237	LDAP_BIND_DN=uid=<BIND_USER>,ou=People,dc=<YOUR_DOMAIN>,dc=com
	238	LDAP_USER_FILTER=(memberof=CN=YourGroup,OU=Users,DC=<YOUR_DOMAIN>,DC=com)
	239	LDAP_PASSWORD=<BIND_USER_PASSWORD>
	240	LDAP_HOST=<LDAP_HOST>
	241	LDAP_BASE=ou=People,dc=<YOUR_DOMAIN>,dc=com
	242	LDAP_LABEL="<LDAP_DESCRIPTION>"
	243	GITLAB_ROOT_PASSWORD=<GITLAB_ROOT_USER_PASSWORD>
	244	GITLAB_DATA_VOL_SIZE=2Gi
	245	POSTGRESQL_VOL_SIZE=1Gi
	246	APPLICATION_HOSTNAME=<GITLAB_URL>
4feb7f	247	NAMESPACE=<YOUR_NAME>-ci-cd
92099a	248	```
D	249	where the following need to be replaced by actual values:
	250	* `<BIND_USER>` is the user used to query the LDAP
	251	* `<BIND_USER_PASSWORD>` is the password used when querying the LDAP
	252	* `<YOUR_DOMAIN>` is the domain the LDAP is hosted on
	253	* `<LDAP_HOST>` is fqdn of the LDAP server
	254	* `<LDAP_DESCRIPTION>` is the description to be used on the sign-in header for GitLab eg "Name LDAP Login"
	255	* `<GITLAB_ROOT_USER_PASSWORD>` is the root user for GOD access on the GitLab instance eg password123
	256	* `<GITLAB_URL>` is the endpoint for gitlab. It will take the form `gitlab-<YOUR_NAME>-ci-cd.apps.<ENV_ID>.<YOUR_DOMAIN>.com`
	257
fd78e6	258	4. Create another object in the inventory `inventory/host_vars/ci-cd-tooling.yml` file to run the build & deploy of this template. Add the following and update the `namespace:` accordingly
92099a	259	```yaml
1c9328	260	- name: "gitlab"
fd78e6	261	namespace: "{{ ci_cd_namespace }}"
D	262	template: "{{ playbook_dir }}/templates/gitlab.yml"
	263	params: "{{ playbook_dir }}/params/gitlab"
1c9328	264	tags:
D	265	- gitlab
92099a	266	```
D	267
	268	4. Run the OpenShift applier, specifying the tag `gitlab` to speed up it's execution.
	269	```bash
b92135	270	$ ansible-playbook apply.yml -e target=tools \
92099a	271	-i inventory/ \
1c9328	272	-e "filter_tags=gitlab"
92099a	273	```
D	274
1c9328	275	4. Once successful; login to the cluster and navigate to the `<YOUR_NAME>-ci-cd`. You should see GitLab up and running. ![gitlab-up-and-running](../images/exercise1/gitlab-up-and-running.png)
4feb7f	276
4c20f0	277	4. Navigate to gitlab (if you have just skipped straight to this step; ask your tutor for the URL). You can login using your cluster credentials using the LDAP tab
1c9328	278	![gitlab-ui](../images/exercise1/gitlab-ui.png)
4feb7f	279
4c20f0	280	4. Once logged in create a new project called `enablement-ci-cd` and mark it as internal. Once created; copy out the `git url` for use on the next step.
1c9328	281	![gitlab-new-project](../images/exercise1/gitlab-new-project.png)
D	282	<p class="tip">
d28811	283	Note - we would not normally make the project under your name but create an group and add the project there on residency but for simplicity of the exercise we'll do that here
1c9328	284	</p>
D	285
	286	4. Commit your local project to this new origin by first removing the existing origin (github) where the the project was cloned from. Remember to substitute `<YOUR_NEW_GIT_PROJECT>` accordingly
	287	```bash
5cf97a	288	$ git remote set-url origin <YOUR_NEW_GIT_PROJECT>
1c9328	289	$ git add .
D	290	$ git commit -m "Adding git and nexus config"
	291	$ git push -u origin --all
	292	```
5cf97a	293	Note - When making changes to enablement-ci-cd you should frequently commit the changes to git.
bd7806	294
D	295	### Part 3 - Jenkins & s2i
d28811	296	> _Create a build and deployment config for Jenkins. Add new configuration and plugins to the OCP Stock Jenkins using s2i_
bd7806	297
1c9328	298	5. Add the Jenkins Build & Deployment configs to the `enablement-ci-cd` repo by merging the contents `exercise1/jenkins` in
D	299	```bash
	300	$ git checkout exercise1/jenkins templates/jenkins.yml
	301	```
	302	The Jenkins template is essentially the standard persistent jenkins one with OpenShift.
	303
a7a123	304	5. As before; create a new set of params by creating a `params/jenkins` file and adding some overrides to the template and updating the `<YOUR_NAME>` value accordingly.
D	305	```
1c9328	306	MEMORY_LIMIT=8Gi
1adb94	307	VOLUME_CAPACITY=10Gi
1c9328	308	JVM_ARCH=x86_64
D	309	NAMESPACE=<YOUR_NAME>-ci-cd
	310	JENKINS_OPTS=--sessionTimeout=720
	311	```
fd78e6	312
a7a123	313	5. Add a `jenkins` variable to the ansible inventory underneath the nexus (and git if you have it) in `inventory/host_vars/ci-cd-tooling.yml`.
1c9328	314	```yaml
D	315	- name: "jenkins"
fd78e6	316	namespace: "{{ ci_cd_namespace }}"
D	317	template: "{{ playbook_dir }}/templates/jenkins.yml"
	318	params: "{{ playbook_dir }}/params/jenkins"
1c9328	319	tags:
D	320	- jenkins
	321	```
11198f	322	This configuration, if applied now, will create the deployment configuration needed for Jenkins but the `${NAMESPACE}:${JENKINS_IMAGE_STREAM_TAG}` in the template won't exist yet.
1c9328	323
D	324	5. To create this image we will take the supported OpenShift Jenkins Image and bake into it some extra configuration using an [s2i](https://github.com/openshift/source-to-image) builder image. More information on Jenkins s2i is found on the [openshift/jenkins](https://github.com/openshift/jenkins#installing-using-s2i-build) github page. To create an s2i configuration for jenkins, check out the pre-canned configuration source in the `enablement-ci-cd` repo
	325	```bash
	326	$ git checkout exercise1/jenkins-s2i jenkins-s2i
	327	```
a7a123	328	The structure of the jenkins s2i config is
1c9328	329	```
D	330	jenkins-s2i
	331	├── README.md
	332	├── configuration
	333	│ ├── build-failure-analyzer.xml
	334	│ ├── init.groovy
	335	│ ├── jenkins.plugins.slack.SlackNotifier.xml
a7a123	336	│ ├── scriptApproval.xml
1c9328	337	│ └── jobs
D	338	│ └── seed-multibranch-job
	339	│ └── config.xml
	340	└── plugins.txt
	341	```
	342	* `plugins.txt` is a list of `pluginId:version` for Jenkins to pre-install when starting
	343	* `./configuration` contains content that is placed in `${JENKINS_HOME}`. A `config.xml` could be placed in here to control the bulk of Jenkins configuration.
	344	* `./configuration/jobs/*` contains job names and xml config that jenkins loads when starting. The seed job in there we will return to in later lessons.
d28811	345	* `build-failure-analyzer.xml` is config for the plugin to read the logs and look for key items based on a Regex. More on this in later lessons.
1c9328	346	* `init.groovy` contains a collection of settings jenkins configures itself with when launching
D	347
a7a123	348	5. Let's add a plugin for Jenkins to be started with, [green-balls](https://plugins.jenkins.io/greenballs). This simply changes the default `SUCCESS` status of Jenkins from Blue to Green. Append the `jenkins-s2i/plugins.txt` file with
1c9328	349	```txt
D	350	greenballs:1.15
	351	```
	352	![green-balls.png](../images/exercise1/green-balls.png)
	353	Why does Jenkins have Blue Balls? More can be found [on reddit](https://www.reddit.com/r/programming/comments/4lu6q8/why_does_jenkins_have_blue_balls/) or the [jenkins blog](https://jenkins.io/blog/2012/03/13/why-does-jenkins-have-blue-balls/)
	354
5cf97a	355	5. Before building and deploying the Jenkins s2i; add git credentials to it. These will be used by Jenkins to access the Git Repositories where our apps will be stored. We want Jenkins to be able to push tags to it so write access is required. There are a few ways we can do this; either adding them to the `template/jenkins.yml` as environment Variables and then including them in the `params/jenkins` file. We could also create a token in GitLab and use it as the source secret in the jenkins template.
RH	356	But for simplicity just replace the `<USERNAME>` && `<PASSWORD>` in the `jenkins-s2i/configuration/init.groovy` with your ldap credentials as seen below. This init file gets run when Jenkins launches and will setup the credentials for use in our Jobs in the next exercises
1c9328	357	```groovy
D	358	gitUsername = System.getenv("GIT_USERNAME") ?: "<USERNAME>"
	359	gitPassword = System.getenv("GIT_PASSWORD") ?: "<PASSWORD>"
	360	```
a7a123	361	<p class="tip">
D	362	Note in a residency we would not use your GitCredentials for pushing and pulling from Git, A service user would be created for this.
	363	</p>
1c9328	364
a7a123	365	5. Checkout the parms and the templates for the `jenkins-s2i`
D	366	```bash
	367	$ git checkout exercise1/jenkins-s2i params/jenkins-s2i templates/jenkins-s2i.yml
	368	```
	369
	370	5. Open `params/jenkins-s2i` and add the following content; replacing variables as appropriate.
1c9328	371	```
D	372	SOURCE_REPOSITORY_URL=<YOUR_ENABLEMENT_REPO>
	373	NAME=jenkins
	374	SOURCE_REPOSITORY_CONTEXT_DIR=jenkins-s2i
	375	IMAGE_STREAM_NAMESPACE=<YOUR_NAME>-ci-cd
5cf97a	376	SOURCE_REPOSITORY_USERNAME=<BASE64_YOUR_LDAP_USERNAME>
RH	377	SOURCE_REPOSITORY_PASSWORD=<BASE64_YOUR_LDAP_PASSWORD>
1c9328	378	```
D	379	where
d28811	380	* `<YOUR_ENABLEMENT_REPO>` is the full path clone path of the repo where this project is stored (including the https && .git)
D	381	* `<YOUR_NAME>` is the prefix for your `-ci-cd` project.
	382	* Explore some of the other parameters in `templates/jenkins-s2i.yml`
5cf97a	383	* `<BASE64_YOUR_LDAP_USERNAME>` is the base64encoded username builder pod will use to login and clone the repo with
RH	384	* `<BASE64_YOUR_LDAP_PASSWORD>` is the base64encoded password the builder pod will use to authenticate and clone the repo using
11198f	385	You can use `echo -n '<YOUR_LDAP_PASSWORD>' \| openssl base64` to encode your username and password accordingly. For example 'password' base64 encoded will look like `cGFzc3dvcmQ=`.
a7a123	386	![base64-pass](../images/exercise1/base64-pass.png)
d28811	387	<p class="tip">
D	388	Note in a residency we would not use your GitCredentials for pushing and pulling from Git, A service user would be created for this.
	389	</p>
1c9328	390
fd78e6	391	5. Create a new object `ci-cd-builds` in the ansible `inventory/host_vars/ci-cd-tooling.yml` to drive the s2i build configuration.
1c9328	392	```yaml
D	393	- object: ci-cd-builds
	394	content:
	395	- name: "jenkins-s2i"
fd78e6	396	namespace: "{{ ci_cd_namespace }}"
D	397	template: "{{ playbook_dir }}/templates/jenkins-s2i.yml"
	398	params: "{{ playbook_dir }}/params/jenkins-s2i"
1c9328	399	tags:
D	400	- jenkins
	401	```
	402
	403	5. Commit your code to your GitLab instance
	404	```bash
d28811	405	$ git add .
1c9328	406	$ git commit -m "Adding Jenkins and Jenkins s2i"
D	407	$ git push
	408	```
	409
	410	5. When your code is commited; run the OpenShift Applier to add the config to the cluster
	411	```bash
b92135	412	$ ansible-playbook apply.yml -e target=tools \
1c9328	413	-i inventory/ \
D	414	-e "filter_tags=jenkins"
	415	```
	416
d28811	417	5. This will trigger a build of the s2i and when it's complete it will add an imagestream of `<YOUR_NAME>-ci-cd/jenkins:latest` to the project. The Deployment config should kick in and deploy the image once it arrives. You can follow the build of the s2i by going to the OpenShift console's project
D	418	![jenkins-s2i-log](../images/exercise1/jenkins-s2i-log.png)
bd7806	419
d28811	420	5. When the Jenkins deployment has completed; login (using your openshift credentials) and accept the role permissions. You should now see a fairly empty Jenkins with just the seed job
92099a	421
d28811	422	### Part 4 - Jenkins Hello World
D	423	> _To test things are working end-to-end; create a hello world job that doesn't do much but proves we can pull code from git and that our balls are green._
	424
	425	6. Log in to Jenkins and hit `New Item` ![new-item](../images/exercise1/new-item.png).
	426
176e08	427	6. Create a freestyle job called `hello-world` ![jenkins-new-hello-world](../images/exercise1/jenkins-new-hello-world.png).
d28811	428
11198f	429	6. On the Source Code Management tab; add your `enablement-ci-cd` git repo and hit the dropdown to add your credentials we baked into the s2i on previous steps ![jenkins-scm-git](../images/exercise1/jenkins-scm-git.png)
d28811	430
D	431	6. On the build tab add an Execute Shell step and fill it with `echo "Hello World"` ![jenkins-hello-world](../images/exercise1/jenkins-hello-world.png).
	432
	433	6. Run the build and we should see if pass succesfully and with Green Balls! ![jenkins-green-balls](../images/exercise1/jenkins-green-balls.png)
	434
	435	### Part 5 - Live, Die, Repeat
9eed0b	436	> _In this section you will proove the infra as code is working by deleting your Cluster Content and recreating it all_
d28811	437
D	438	7. Commit your code to the new repo in GitLab
9eed0b	439	```bash
D	440	$ git add .
	441	$ git commit -m "ADD - all ci/cd contents"
	442	$ git push
	443	```
d28811	444
D	445	7. Burn your OCP content to the ground
9eed0b	446	```bash
D	447	$ oc delete project <YOUR_NAME>-ci-cd
	448	$ oc delete project <YOUR_NAME>-dev
	449	$ oc delete project <YOUR_NAME>-test
	450	```
d28811	451
9eed0b	452	7. Re-apply the inventory to re-create it all!
D	453	```bash
	454	$ oc login -p <password> -u <user> <cluster_url>
	455	$ ansible-playbook apply.yml -i inventory/ -e target=bootstrap
	456	$ ansible-playbook apply.yml -i inventory/ -e target=tools
	457	```
0f4d08	458
74d1f1	459	_____
D	460
0f4d08	461	## Extension Tasks
d28811	462	> _Ideas for go-getters. Advanced topic for doers to get on with if they finish early. These will usually not have a solution and are provided for additional scope._
0f4d08	463
92099a	464	- Add more secure access for Nexus (ie not admin / admin123) using the automation to drive secret creation
1c9328	465	- Add a SonarQube persistent deployment to the `ci-cd-deployments` section.
D	466	- Add `jenkins.plugins.slack.SlackNotifier.xml` to `jenkins-s2i/configuration` to include URL of Slack for team build notifications and rebuild Jenkins S2I
0f4d08	467
74d1f1	468	_____
D	469
0f4d08	470	## Additional Reading
9eed0b	471	> List of links or other reading that might be of use / reference for the exercise
4f0295	472
RH	473	## Slide links
	474
	475	- [Intro](https://docs.google.com/presentation/d/1LsfAkH8GfIhulEoy_yd-usWBfDHnZEyQdNvYeTmAg4A/)
	476	- [Wrap-up](https://docs.google.com/presentation/d/1cfyJ6SHddZNbM61oz67r870rLYVKY335zGclXN2uLMY/)
3207b9	477	- [All Material](https://drive.google.com/drive/folders/13Bt4BXf9P2OB8VI4YQNcNONF1786dqOx)