| commit | author | age | ||
| 5d0992 | 1 | # The Manual Menace |
| b5d705 | 2 | > In this exercise learners will use Ansible to drive automated provisioning of Projects in Openshift, Git, Jenkins and Nexus. |
| c951f7 | 3 | |
| 7c832b | 4 |  |
| D | 5 | |
| 6 | ## Exercise Intro | |
| 7 | In this exercise we will use automation tooling to create Project namespaces for our `CI/CD` tooling along with the `dev` and `test` namespaces for our deployments to live. We do this to manually using the OpenShift CLI; but as we go from cluster to cluster or project to project Dev and Ops teams often find themselves having to redo these tasks again and again. Configuring our cluster using code; we can easily store this in Git and repeat the process again and again. By minimising the time taken to do these repetitive tasks we can accelerate our ability to deliver value to our customers; working on the hard problems they face. | |
| 8 | ||
| 9 | This exercise uses Ansible to drive the creation of the cluster content. In particular; we'll use a play book called the `OpenShift Applier`. Once the project namespace have been created; we will add some tools to support CI/CD such as Jenkins, Git and Nexus. These tools will be needed by later lessons to automate the build and deploy of our apps. Again; we will use OpenShift Templates and drive their creation in the cluster using Ansible. To prove things are working, finally we'll delete all our content and re-apply the inventory to re-create our clusters content. | |
| 5d0992 | 10 | |
| 14cd2d | 11 | #### Why is config-as-code important? |
| D | 12 | * Assurance - Prevents unwanted config changes from people making arbitrary changes to environments. No more Snowflake servers! |
| 13 | * Traceability - Commiting config as code means a user has approved and changes can be tracked. | |
| 14 | * Phoenix Server - Burn it all to the ground and bring it back; exactly the way it was! | |
| 15 | ||
| 5d0992 | 16 | _____ |
| c951f7 | 17 | |
| D | 18 | ## Learning Outcomes |
| 19 | As a learner you will be able to | |
| 5d0992 | 20 | |
| D | 21 | 1. Run the OpenShift Applier to automate creating cluster content |
| 22 | 1. Create and admin project namespaces in OpenShift | |
| 23 | 1. Deploy commonly used applications to support the development process | |
| c951f7 | 24 | |
| D | 25 | ## Tools and Frameworks |
| 26 | ||
| 5d0992 | 27 | * [GitLab](https://about.gitlab.com/) - Community driven Git server now with integrated DevOps Toolchain. |
| D | 28 | * [Nexus](https://www.sonatype.com/nexus-repository-sonatype) - Repository manager for storing lots of application types. Can also host `npm` and `Docker` registries. |
| 29 | * [Jenkins](https://jenkins.io/) - OpenSource Build automation server. Highly customisable with plugins. | |
| 30 | * [Ansible](https://www.ansible.com/) - IT Automation tool used to provision and manage state of cloud and physical infrastructure. | |
| dba30b | 31 | * [OpenShift Applier](https://github.com/redhat-cop/openshift-applier) - used to apply OpenShift objects to an OpenShift Cluster. |
| A | 32 | |
| 33 | ||
| 5d0992 | 34 | ## Big Picture |
| 33c738 | 35 | > The Big Picture is our emerging architecture; starting with an empty cluser we populate it with projects and some ci/cd tooling. |
| 5d0992 | 36 | |
| f52b28 | 37 |  |
| D | 38 | |
| 5d0992 | 39 | _____ |
| c951f7 | 40 | |
| D | 41 | ## 10,000 Ft View |
| b5d705 | 42 | > This exercise is aimed at the creation of the tooling that will be used to support the rest of the Exercises. The highlevel goal is to create a collection of project namespaces and populate them with Git, Jenkins & Nexus. |
| 5d0992 | 43 | |
| D | 44 | If you're feeling confident and don't want to follow the step-by-step guide these highlevel instructions should provide a challenge for you: |
| 45 | ||
| da614f | 46 | 2. Clone the repo `https://github.com/rht-labs/enablement-ci-cd` which contains the scaffold of the project. Ensure you get all remote branches. |
| 3558ae | 47 | |
| 5d0992 | 48 | 2. Create `<your-name>-ci-cd`, `<your-name>-dev` and `<your-name>-test` project namespaces using the inventory and run them with the OpenShift Applier to populate the cluster |
| da614f | 49 | |
| D | 50 | 2. Use the templates provided to create build of the jenkins-s2i. The templates are in `exercise1/jenkins-s2i` |
| 3558ae | 51 | |
| D | 52 | 2. Use the templates provided to create build and deployment configs in `<your-name>-ci-cd` for. Templates are on a branch called `exercise1/git-nexus` && `exercise1/jenkins`: |
| 5d0992 | 53 | * Nexus |
| D | 54 | * GitLab |
| 3558ae | 55 | * Jenkins (using an s2i to pre-configure jenkins) |
| D | 56 | |
| 5d0992 | 57 | 2. Commit your `enablement-ci-cd` repository to the GitLab Instance you've created |
| 3558ae | 58 | |
| D | 59 | 2. Burn it all down and re-apply your inventory proving config-as-code works. |
| c951f7 | 60 | |
| D | 61 | ## Step by Step Instructions |
| bc2e43 | 62 | > This is a structured guide with references to exact filenames and explanations. |
| c951f7 | 63 | |
| bc2e43 | 64 | ### Part 1 - Create OpenShift Projects |
| de8ebb | 65 | > _Using the OpenShift Applier, we will add new project namespaces to the cluster which will be used throughout the exercise._ |
| D | 66 | |
| 33c738 | 67 | 3. In this course three different git projects will be created. To setup your local machine for each of these, create a new folder on the terminal in the root of your HOME directory for convenience. To do this, open a new Terminal session and create the new folder using the following command (new terminal sessions will start in your HOME dir). |
| bc2e43 | 68 | ```bash |
| 33c738 | 69 | mkdir -p ~/innovation-labs && cd ~/innovation-labs |
| e7c877 | 70 | ``` |
| f5f1ff | 71 | <p class="tip"> |
| D | 72 | NOTE - If you do not want to have this folder at the root of your home dir that's fine, just ensure any parent directories of this `innovation-labs` folder do NOT have any spaces in them as it breaks Ansible in later labs... |
| 73 | </p> | |
| 74 | ||
| 75 | 3. Clone the scaffold project to your local machine's `innovation-labs` folder and pull all remote branches for use in later exercises. Note - this may error saying `fatal: A branch named 'develop' already exists.` but it can be ignored | |
| 76 | ```bash | |
| 77 | git clone https://github.com/rht-labs/enablement-ci-cd && cd enablement-ci-cd | |
| e7c877 | 78 | ``` |
| f5f1ff | 79 | ```bash |
| D | 80 | ./git-pull-all.sh |
| c951f7 | 81 | ``` |
| D | 82 | |
| f5f1ff | 83 | 3. Open the `innovation-labs` folder in VSCode (or your favourite editor). The project is laid out as follows |
| bc2e43 | 84 | ``` |
| D | 85 | . |
| 86 | ├── README.md | |
| 62db52 | 87 | ├── apply.yml |
| bc2e43 | 88 | ├── docker |
| 62db52 | 89 | │ └── jenkins-slave-npm |
| bc2e43 | 90 | ├── inventory |
| 62db52 | 91 | │ ├── host_vars |
| D | 92 | │ │ ├── ci-cd-tooling.yml |
| 93 | │ │ └── projects-and-policies.yml | |
| 94 | │ └── hosts | |
| bc2e43 | 95 | ├── jenkins-s2i |
| D | 96 | ├── params |
| 62db52 | 97 | │ └── project-requests-ci-cd |
| bc2e43 | 98 | ├── requirements.yml |
| D | 99 | └── templates |
| 62db52 | 100 | └── project-requests.yml |
| bc2e43 | 101 | ``` |
| D | 102 | * `docker` folder contains our jenkins-slave images that will be used by the builds. |
| 103 | * `jenkins-s2i` contains the configuration and plugins we want to bring jenkins to life with | |
| 104 | * `params` houses the variables we will load the templates with | |
| 105 | * `templates` is a collection of OpenShift templates | |
| 62db52 | 106 | * `inventory/host_vars/*.yml` is the collection of objects we want to insert into the cluster. |
| bc2e43 | 107 | * `requirements.yml` is a manifest which contains the ansible modules needed to run the playbook |
| 62db52 | 108 | * `apply.yml` is a playbook that sets up some variables and runs the OpenShift Applier role. |
| bc2e43 | 109 | |
| da614f | 110 | 3. Open the `apply.yml` file in the root of the project. Update the namespace variables by replacing the `<YOUR_NAME>` with your name or initials. Don't use uppercase or special characters. For example; my name is Dónal so I've created: |
| 62db52 | 111 | ```yaml |
| e6805f | 112 | hosts: "{{ target }}" |
| 62db52 | 113 | vars: |
| D | 114 | ci_cd_namespace: donal-ci-cd |
| 115 | dev_namespace: donal-dev | |
| 116 | test_namespace: donal-test | |
| e6805f | 117 | tasks: |
| 62db52 | 118 | ``` |
| e6805f | 119 | <p class="tip"> |
| D | 120 | NOTE - yaml is indentation sensitive so keep things lined up properly! |
| 121 | </p> | |
| 62db52 | 122 | |
| D | 123 | 3. Open the `inventory/host_vars/projects-and-policies.yml` file; you should see some variables setup already to create the `<YOUR_NAME>-ci-cd` namespace. This object is passed to the OpenShift Applier to call the `templates/project-requests.yml` template with the `params/project-requests-ci-cd` parameters. We will add some additional content here but first let's explore the parameters and the template |
| 124 | ||
| 125 | 3. Open the `params/project-requests-ci-cd` and replace the `<YOUR_NAME>` with your name to create the correstponding projects in the cluster. | |
| ff1bd7 | 126 |  |
| bc2e43 | 127 | |
| 62db52 | 128 | 3. Let's add two more param files to pass to our template to be able to create a `dev` and `test` project. |
| f5f1ff | 129 | * Create another two params files `params/project-requests-dev` & `params/project-requests-test`. On the terminal run |
| da614f | 130 | ```bash |
| f5f1ff | 131 | touch params/project-requests-dev params/project-requests-test |
| da614f | 132 | ``` |
| f5f1ff | 133 | * In your editor; Open `params/project-requests-dev` and add the following by substituting `<YOUR_NAME>` accordingly |
| 62db52 | 134 | ``` |
| D | 135 | NAMESPACE=<YOUR_NAME>-dev |
| 136 | NAMESPACE_DISPLAY_NAME=<YOUR-NAME> Dev | |
| 137 | ``` | |
| f5f1ff | 138 | * In your editor; Open `params/project-requests-test` and add the following by substituting `<YOUR_NAME>` accordingly |
| 62db52 | 139 | ``` |
| D | 140 | NAMESPACE=<YOUR_NAME>-test |
| 141 | NAMESPACE_DISPLAY_NAME=<YOUR-NAME> Test | |
| 142 | ``` | |
| bc2e43 | 143 | |
| 62db52 | 144 | 3. In the `inventory/host_vars/projects-and-policies.yml` file; add the new objects for the projects you want to create (dev & test) by adding another object to the content array for each. You can copy and paste them from the `ci-cd` example and update them accordingly. If you do this; remember to change the params file! e.g. |
| bc2e43 | 145 | ```yaml |
| 62db52 | 146 | - name: "{{ dev_namespace }}" |
| D | 147 | template: "{{ playbook_dir }}/templates/project-requests.yml" |
| ff1bd7 | 148 | template_action: create |
| 62db52 | 149 | params: "{{ playbook_dir }}/params/project-requests-dev" |
| ff1bd7 | 150 | tags: |
| D | 151 | - projects |
| 62db52 | 152 | - name: "{{ test_namespace }}" |
| D | 153 | template: "{{ playbook_dir }}/templates/project-requests.yml" |
| ff1bd7 | 154 | template_action: create |
| 62db52 | 155 | params: "{{ playbook_dir }}/params/project-requests-test" |
| ff1bd7 | 156 | tags: |
| D | 157 | - projects |
| bc2e43 | 158 | ``` |
| ff1bd7 | 159 |  |
| bc2e43 | 160 | |
| D | 161 | 3. With the configuration in place; install the OpenShift Applier dependency |
| 162 | ```bash | |
| f5f1ff | 163 | ansible-galaxy install -r requirements.yml --roles-path=roles |
| bc2e43 | 164 | ``` |
| D | 165 | |
| f5f1ff | 166 | 3. Apply the inventory by logging into OpenShift on the terminal and running the playbook as follows (<CLUSTER_URL> should be replaced with the one you've been sent): |
| bc2e43 | 167 | ```bash |
| f5f1ff | 168 | oc login <CLUSTER_URL> |
| D | 169 | ``` |
| 170 | ```bash | |
| 171 | ansible-playbook apply.yml -i inventory/ -e target=bootstrap | |
| 62db52 | 172 | ``` |
| D | 173 | where the `-e target=bootstrap` is passing an additional variable specifying that we run the `bootstrap` inventory |
| bc2e43 | 174 | |
| f79b6f | 175 | 3. Once successful you should see an output similar to this:  |
| bc2e43 | 176 | |
| e6805f | 177 | 3. You can check to see the projects have been created successfully by running |
| D | 178 | ```bash |
| f5f1ff | 179 | oc projects |
| e6805f | 180 | ``` |
| D | 181 |  |
| 182 | ||
| f5f1ff | 183 | ### Part 2 - Nexus |
| 3f16e0 | 184 | > _Now that we have our Projects setup; we can start to populate them with Apps to be used in our dev lifecycle_ |
| bc2e43 | 185 | |
| 3558ae | 186 | 4. In the `enablement-ci-cd` repo, checkout the templates for Nexus by running |
| 3f16e0 | 187 | ```bash |
| f5f1ff | 188 | git checkout exercise1/git-nexus templates/nexus.yml |
| 3558ae | 189 | ``` |
| f79b6f | 190 | The template contains all the things needed to setup a persistent nexus server, exposing a service and route while also creating the persistent volume needed. Have a read through the template; at the bottom you'll see a collection of parameters we will pass to the template. |
| 3558ae | 191 | |
| D | 192 | 4. Add some parameters for running the template by creating a new file in the `params` directory. |
| 193 | ```bash | |
| f5f1ff | 194 | touch params/nexus |
| 3f16e0 | 195 | ``` |
| D | 196 | |
| 90412a | 197 | 4. The essential params to include in this file are: |
| 3558ae | 198 | ```bash |
| D | 199 | VOLUME_CAPACITY=5Gi |
| 200 | MEMORY_LIMIT=2Gi | |
| 201 | ``` | |
| 202 | ||
| f9e1bc | 203 | 4. Create a new object in the inventory variables `inventory/host_vars/ci-cd-tooling.yml` called `ci-cd-tooling` and populate it's `content` is as follows |
| 62db52 | 204 | |
| 3558ae | 205 | ```yaml |
| 62db52 | 206 | --- |
| D | 207 | ansible_connection: local |
| 208 | openshift_cluster_content: | |
| 209 | - object: ci-cd-tooling | |
| 210 | content: | |
| f9e1bc | 211 | - name: "nexus" |
| D | 212 | namespace: "{{ ci_cd_namespace }}" |
| 213 | template: "{{ playbook_dir }}/templates/nexus.yml" | |
| 214 | params: "{{ playbook_dir }}/params/nexus" | |
| 215 | tags: | |
| 216 | - nexus | |
| 3558ae | 217 | ``` |
| ff1bd7 | 218 |  |
| 3558ae | 219 | |
| 06fc7b | 220 | 4. Run the OpenShift applier, specifying the tag `nexus` to speed up it's execution (`-e target=tools` is to run the other inventory). |
| 3558ae | 221 | ```bash |
| f5f1ff | 222 | ansible-playbook apply.yml -e target=tools \ |
| 3558ae | 223 | -i inventory/ \ |
| ff1bd7 | 224 | -e "filter_tags=nexus" |
| 3558ae | 225 | ``` |
| D | 226 | |
| b47510 | 227 | 4. Once successful; login to the cluster through the browser (using cluster URL) and navigate to the `<YOUR_NAME>-ci-cd`. You should see Nexus up and running. You can login with default credentials (admin / admin123)  |
| 3558ae | 228 | |
| f5f1ff | 229 | ### Part 3 - GitLab |
| D | 230 | |
| 231 | #### 3a - GitLab install | |
| b43054 | 232 | <p class="tip"> |
| f5f1ff | 233 | NOTE - This section may already have been completed for you, please check with your tutor. If this is the case, skip to section 3b "Commit CI/CD" below to add your code to GitLab. |
| b43054 | 234 | </p> |
| D | 235 | |
| f79b6f | 236 | 4. Now let's do the same thing for GitLab to get it up and running. Checkout the template and params provided by running |
| 3558ae | 237 | ```bash |
| f5f1ff | 238 | git checkout exercise1/git-nexus templates/gitlab.yml params/gitlab |
| 3558ae | 239 | ``` |
| D | 240 | Explore the template; it contains the PVC, buildConfig and services. The DeploymentConfig is made up of these apps |
| 241 | - Redis (3.2.3) | |
| 242 | - PostgreSQL (9.4) | |
| 243 | - GitLab CE (v10.2.3) | |
| 244 | ||
| b47510 | 245 | 4. Open the `params/gitlab` file and complete the following params |
| RH | 246 | <p class="tip"> |
| 247 | Note - The values here for the LDAP and BIND credentials will be provided by your tutor. | |
| 248 | </p> | |
| 3558ae | 249 | ``` |
| D | 250 | LDAP_BIND_DN=uid=<BIND_USER>,ou=People,dc=<YOUR_DOMAIN>,dc=com |
| 251 | LDAP_USER_FILTER=(memberof=CN=YourGroup,OU=Users,DC=<YOUR_DOMAIN>,DC=com) | |
| 252 | LDAP_PASSWORD=<BIND_USER_PASSWORD> | |
| 253 | LDAP_HOST=<LDAP_HOST> | |
| 254 | LDAP_BASE=ou=People,dc=<YOUR_DOMAIN>,dc=com | |
| 255 | LDAP_LABEL="<LDAP_DESCRIPTION>" | |
| 256 | GITLAB_ROOT_PASSWORD=<GITLAB_ROOT_USER_PASSWORD> | |
| 257 | GITLAB_DATA_VOL_SIZE=2Gi | |
| 258 | POSTGRESQL_VOL_SIZE=1Gi | |
| 259 | APPLICATION_HOSTNAME=<GITLAB_URL> | |
| c41b51 | 260 | NAMESPACE=<YOUR_NAME>-ci-cd |
| 3558ae | 261 | ``` |
| D | 262 | where the following need to be replaced by actual values: |
| 263 | * `<BIND_USER>` is the user used to query the LDAP | |
| 264 | * `<BIND_USER_PASSWORD>` is the password used when querying the LDAP | |
| 265 | * `<YOUR_DOMAIN>` is the domain the LDAP is hosted on | |
| 266 | * `<LDAP_HOST>` is fqdn of the LDAP server | |
| 267 | * `<LDAP_DESCRIPTION>` is the description to be used on the sign-in header for GitLab eg "Name LDAP Login" | |
| 268 | * `<GITLAB_ROOT_USER_PASSWORD>` is the root user for GOD access on the GitLab instance eg password123 | |
| 269 | * `<GITLAB_URL>` is the endpoint for gitlab. It will take the form `gitlab-<YOUR_NAME>-ci-cd.apps.<ENV_ID>.<YOUR_DOMAIN>.com` | |
| 270 | ||
| 62db52 | 271 | 4. Create another object in the inventory `inventory/host_vars/ci-cd-tooling.yml` file to run the build & deploy of this template. Add the following and update the `namespace:` accordingly |
| 3558ae | 272 | ```yaml |
| ff1bd7 | 273 | - name: "gitlab" |
| 62db52 | 274 | namespace: "{{ ci_cd_namespace }}" |
| D | 275 | template: "{{ playbook_dir }}/templates/gitlab.yml" |
| 276 | params: "{{ playbook_dir }}/params/gitlab" | |
| ff1bd7 | 277 | tags: |
| D | 278 | - gitlab |
| 3558ae | 279 | ``` |
| D | 280 | |
| 281 | 4. Run the OpenShift applier, specifying the tag `gitlab` to speed up it's execution. | |
| 282 | ```bash | |
| f5f1ff | 283 | ansible-playbook apply.yml -e target=tools \ |
| 3558ae | 284 | -i inventory/ \ |
| ff1bd7 | 285 | -e "filter_tags=gitlab" |
| 3558ae | 286 | ``` |
| D | 287 | |
| ff1bd7 | 288 | 4. Once successful; login to the cluster and navigate to the `<YOUR_NAME>-ci-cd`. You should see GitLab up and running.  |
| f5f1ff | 289 | |
| D | 290 | #### 3b - Commit CI/CD |
| c41b51 | 291 | |
| f9e1bc | 292 | 4. Navigate to gitlab (if you have just skipped straight to this step; ask your tutor for the URL). You can login using your cluster credentials using the LDAP tab |
| ff1bd7 | 293 |  |
| c41b51 | 294 | |
| f9e1bc | 295 | 4. Once logged in create a new project called `enablement-ci-cd` and mark it as internal. Once created; copy out the `git url` for use on the next step. |
| ff1bd7 | 296 |  |
| D | 297 | <p class="tip"> |
| de8ebb | 298 | Note - we would not normally make the project under your name but create an group and add the project there on residency but for simplicity of the exercise we'll do that here |
| ff1bd7 | 299 | </p> |
| D | 300 | |
| f5f1ff | 301 | 4. If you have not used Git before; you may need to tell Git who you are and what your email is before we commit. Run the following commands, substitution your email and "Your Name". If you've done this before move on to the next step. |
| ff1bd7 | 302 | ```bash |
| f5f1ff | 303 | git config --global user.email "yourname@mail.com" |
| ff1bd7 | 304 | ``` |
| f5f1ff | 305 | ```bash |
| D | 306 | git config --global user.name "Your Name" |
| 307 | ``` | |
| 308 | ||
| 3272d6 | 309 | 4. Commit your local project to this new remote by first removing the existing origin (github) where the ansible project was cloned from in the first steps. Remember to substitute `<GIT_URL>` accordingly with the one created for your `enablement-ci-cd` repository a moment ago. |
| f5f1ff | 310 | ```bash |
| D | 311 | git remote set-url origin <GIT_URL> |
| 312 | ``` | |
| 313 | ```bash | |
| 314 | git add . | |
| 315 | ``` | |
| 316 | ```bash | |
| 317 | git commit -m "Adding git and nexus config" | |
| 318 | ``` | |
| 319 | ```bash | |
| 320 | git push -u origin --all | |
| 321 | ``` | |
| 322 | ||
| 06e3b4 | 323 | **Note - When making changes to enablement-ci-cd you should frequently commit the changes to git.** |
| bc2e43 | 324 | |
| f5f1ff | 325 | ### Part 4 - Jenkins & s2i |
| de8ebb | 326 | > _Create a build and deployment config for Jenkins. Add new configuration and plugins to the OCP Stock Jenkins using s2i_ |
| bc2e43 | 327 | |
| ff1bd7 | 328 | 5. Add the Jenkins Build & Deployment configs to the `enablement-ci-cd` repo by merging the contents `exercise1/jenkins` in |
| D | 329 | ```bash |
| f5f1ff | 330 | git checkout exercise1/jenkins templates/jenkins.yml |
| ff1bd7 | 331 | ``` |
| D | 332 | The Jenkins template is essentially the standard persistent jenkins one with OpenShift. |
| 333 | ||
| 2e44a7 | 334 | 5. As before; create a new set of params by creating a `params/jenkins` file and adding some overrides to the template and updating the `<YOUR_NAME>` value accordingly. |
| D | 335 | ``` |
| ff1bd7 | 336 | MEMORY_LIMIT=8Gi |
| f54f70 | 337 | VOLUME_CAPACITY=10Gi |
| ff1bd7 | 338 | JVM_ARCH=x86_64 |
| D | 339 | NAMESPACE=<YOUR_NAME>-ci-cd |
| 340 | JENKINS_OPTS=--sessionTimeout=720 | |
| 341 | ``` | |
| 62db52 | 342 | |
| 2e44a7 | 343 | 5. Add a `jenkins` variable to the ansible inventory underneath the nexus (and git if you have it) in `inventory/host_vars/ci-cd-tooling.yml`. |
| ff1bd7 | 344 | ```yaml |
| D | 345 | - name: "jenkins" |
| 62db52 | 346 | namespace: "{{ ci_cd_namespace }}" |
| D | 347 | template: "{{ playbook_dir }}/templates/jenkins.yml" |
| 348 | params: "{{ playbook_dir }}/params/jenkins" | |
| ff1bd7 | 349 | tags: |
| D | 350 | - jenkins |
| 351 | ``` | |
| f79b6f | 352 | This configuration, if applied now, will create the deployment configuration needed for Jenkins but the `${NAMESPACE}:${JENKINS_IMAGE_STREAM_TAG}` in the template won't exist yet. |
| ff1bd7 | 353 | |
| D | 354 | 5. To create this image we will take the supported OpenShift Jenkins Image and bake into it some extra configuration using an [s2i](https://github.com/openshift/source-to-image) builder image. More information on Jenkins s2i is found on the [openshift/jenkins](https://github.com/openshift/jenkins#installing-using-s2i-build) github page. To create an s2i configuration for jenkins, check out the pre-canned configuration source in the `enablement-ci-cd` repo |
| 355 | ```bash | |
| f5f1ff | 356 | git checkout exercise1/jenkins-s2i jenkins-s2i |
| ff1bd7 | 357 | ``` |
| 2e44a7 | 358 | The structure of the jenkins s2i config is |
| ff1bd7 | 359 | ``` |
| D | 360 | jenkins-s2i |
| 361 | ├── README.md | |
| 362 | ├── configuration | |
| 363 | │ ├── build-failure-analyzer.xml | |
| 364 | │ ├── init.groovy | |
| 365 | │ ├── jenkins.plugins.slack.SlackNotifier.xml | |
| 2e44a7 | 366 | │ ├── scriptApproval.xml |
| ff1bd7 | 367 | │ └── jobs |
| D | 368 | │ └── seed-multibranch-job |
| 369 | │ └── config.xml | |
| 370 | └── plugins.txt | |
| 371 | ``` | |
| 372 | * `plugins.txt` is a list of `pluginId:version` for Jenkins to pre-install when starting | |
| 373 | * `./configuration` contains content that is placed in `${JENKINS_HOME}`. A `config.xml` could be placed in here to control the bulk of Jenkins configuration. | |
| 374 | * `./configuration/jobs/*` contains job names and xml config that jenkins loads when starting. The seed job in there we will return to in later lessons. | |
| de8ebb | 375 | * `build-failure-analyzer.xml` is config for the plugin to read the logs and look for key items based on a Regex. More on this in later lessons. |
| ff1bd7 | 376 | * `init.groovy` contains a collection of settings jenkins configures itself with when launching |
| D | 377 | |
| 2e44a7 | 378 | 5. Let's add a plugin for Jenkins to be started with, [green-balls](https://plugins.jenkins.io/greenballs). This simply changes the default `SUCCESS` status of Jenkins from Blue to Green. Append the `jenkins-s2i/plugins.txt` file with |
| ff1bd7 | 379 | ```txt |
| D | 380 | greenballs:1.15 |
| 381 | ``` | |
| 382 |  | |
| 383 | Why does Jenkins have Blue Balls? More can be found [on reddit](https://www.reddit.com/r/programming/comments/4lu6q8/why_does_jenkins_have_blue_balls/) or the [jenkins blog](https://jenkins.io/blog/2012/03/13/why-does-jenkins-have-blue-balls/) | |
| 384 | ||
| 06e3b4 | 385 | 5. Before building and deploying the Jenkins s2i; add git credentials to it. These will be used by Jenkins to access the Git Repositories where our apps will be stored. We want Jenkins to be able to push tags to it so write access is required. There are a few ways we can do this; either adding them to the `template/jenkins.yml` as environment Variables and then including them in the `params/jenkins` file. We could also create a token in GitLab and use it as the source secret in the jenkins template. |
| RH | 386 | But for simplicity just replace the `<USERNAME>` && `<PASSWORD>` in the `jenkins-s2i/configuration/init.groovy` with your ldap credentials as seen below. This init file gets run when Jenkins launches and will setup the credentials for use in our Jobs in the next exercises |
| ff1bd7 | 387 | ```groovy |
| D | 388 | gitUsername = System.getenv("GIT_USERNAME") ?: "<USERNAME>" |
| 389 | gitPassword = System.getenv("GIT_PASSWORD") ?: "<PASSWORD>" | |
| 390 | ``` | |
| 2e44a7 | 391 | <p class="tip"> |
| D | 392 | Note in a residency we would not use your GitCredentials for pushing and pulling from Git, A service user would be created for this. |
| 393 | </p> | |
| ff1bd7 | 394 | |
| 832672 | 395 | 5. Checkout the params and the templates for the `jenkins-s2i` |
| 2e44a7 | 396 | ```bash |
| f5f1ff | 397 | git checkout exercise1/jenkins-s2i params/jenkins-s2i templates/jenkins-s2i.yml |
| 2e44a7 | 398 | ``` |
| D | 399 | |
| 400 | 5. Open `params/jenkins-s2i` and add the following content; replacing variables as appropriate. | |
| ff1bd7 | 401 | ``` |
| da614f | 402 | SOURCE_REPOSITORY_URL=<GIT_URL> |
| ff1bd7 | 403 | NAME=jenkins |
| D | 404 | SOURCE_REPOSITORY_CONTEXT_DIR=jenkins-s2i |
| 405 | IMAGE_STREAM_NAMESPACE=<YOUR_NAME>-ci-cd | |
| da614f | 406 | SOURCE_REPOSITORY_USERNAME=<YOUR_LDAP_USERNAME> |
| D | 407 | SOURCE_REPOSITORY_PASSWORD=<YOUR_LDAP_PASSWORD> |
| ff1bd7 | 408 | ``` |
| D | 409 | where |
| da614f | 410 | * `<GIT_URL>` is the full path clone path of the repo where this project is stored (including the https && .git) |
| de8ebb | 411 | * `<YOUR_NAME>` is the prefix for your `-ci-cd` project. |
| D | 412 | * Explore some of the other parameters in `templates/jenkins-s2i.yml` |
| da614f | 413 | * `<YOUR_LDAP_USERNAME>` is the username builder pod will use to login and clone the repo with |
| D | 414 | * `<YOUR_LDAP_PASSWORD>` is the password the builder pod will use to authenticate and clone the repo using |
| de8ebb | 415 | <p class="tip"> |
| da614f | 416 | Note in a residency we would not use your GitCredentials for pushing and pulling from Git, A service user would be created or a token generated. |
| de8ebb | 417 | </p> |
| ff1bd7 | 418 | |
| 62db52 | 419 | 5. Create a new object `ci-cd-builds` in the ansible `inventory/host_vars/ci-cd-tooling.yml` to drive the s2i build configuration. |
| ff1bd7 | 420 | ```yaml |
| D | 421 | - object: ci-cd-builds |
| 422 | content: | |
| 423 | - name: "jenkins-s2i" | |
| 62db52 | 424 | namespace: "{{ ci_cd_namespace }}" |
| D | 425 | template: "{{ playbook_dir }}/templates/jenkins-s2i.yml" |
| 426 | params: "{{ playbook_dir }}/params/jenkins-s2i" | |
| ff1bd7 | 427 | tags: |
| D | 428 | - jenkins |
| 429 | ``` | |
| 430 | ||
| 431 | 5. Commit your code to your GitLab instance | |
| 432 | ```bash | |
| f5f1ff | 433 | git add . |
| D | 434 | ``` |
| 435 | ```bash | |
| 436 | git commit -m "Adding Jenkins and Jenkins s2i" | |
| 437 | ``` | |
| 438 | ```bash | |
| 439 | git push | |
| ff1bd7 | 440 | ``` |
| D | 441 | |
| 442 | 5. When your code is commited; run the OpenShift Applier to add the config to the cluster | |
| 443 | ```bash | |
| f5f1ff | 444 | ansible-playbook apply.yml -e target=tools \ |
| ff1bd7 | 445 | -i inventory/ \ |
| D | 446 | -e "filter_tags=jenkins" |
| 447 | ``` | |
| 448 | ||
| de8ebb | 449 | 5. This will trigger a build of the s2i and when it's complete it will add an imagestream of `<YOUR_NAME>-ci-cd/jenkins:latest` to the project. The Deployment config should kick in and deploy the image once it arrives. You can follow the build of the s2i by going to the OpenShift console's project |
| D | 450 |  |
| bc2e43 | 451 | |
| de8ebb | 452 | 5. When the Jenkins deployment has completed; login (using your openshift credentials) and accept the role permissions. You should now see a fairly empty Jenkins with just the seed job |
| 3558ae | 453 | |
| f5f1ff | 454 | ### Part 5 - Jenkins Hello World |
| de8ebb | 455 | > _To test things are working end-to-end; create a hello world job that doesn't do much but proves we can pull code from git and that our balls are green._ |
| D | 456 | |
| 457 | 6. Log in to Jenkins and hit `New Item` . | |
| 458 | ||
| e90e9c | 459 | 6. Create a freestyle job called `hello-world` . |
| de8ebb | 460 | |
| f79b6f | 461 | 6. On the Source Code Management tab; add your `enablement-ci-cd` git repo and hit the dropdown to add your credentials we baked into the s2i on previous steps  |
| de8ebb | 462 | |
| D | 463 | 6. On the build tab add an Execute Shell step and fill it with `echo "Hello World"` . |
| 464 | ||
| 465 | 6. Run the build and we should see if pass succesfully and with Green Balls!  | |
| 466 | ||
| f5f1ff | 467 | ### Part 6 - Live, Die, Repeat |
| 7c832b | 468 | > _In this section you will proove the infra as code is working by deleting your Cluster Content and recreating it all_ |
| de8ebb | 469 | |
| D | 470 | 7. Commit your code to the new repo in GitLab |
| 7c832b | 471 | ```bash |
| f5f1ff | 472 | git add . |
| D | 473 | ``` |
| 474 | ```bash | |
| 475 | git commit -m "ADD - all ci/cd contents" | |
| 476 | ``` | |
| 477 | ```bash | |
| 478 | git push | |
| 7c832b | 479 | ``` |
| de8ebb | 480 | |
| D | 481 | 7. Burn your OCP content to the ground |
| 7c832b | 482 | ```bash |
| f5f1ff | 483 | oc delete project <YOUR_NAME>-ci-cd |
| D | 484 | ``` |
| 485 | ```bash | |
| 486 | oc delete project <YOUR_NAME>-dev | |
| 487 | ``` | |
| 488 | ```bash | |
| 489 | oc delete project <YOUR_NAME>-test | |
| 7c832b | 490 | ``` |
| de8ebb | 491 | |
| da614f | 492 | 7. Check to see the projects that were marked for deletion are removed. |
| D | 493 | ```bash |
| f5f1ff | 494 | oc get projects | egrep '<YOUR_NAME>-ci-cd|<YOUR_NAME>-dev|<YOUR_NAME>-test' |
| da614f | 495 | ``` |
| D | 496 | |
| 7c832b | 497 | 7. Re-apply the inventory to re-create it all! |
| D | 498 | ```bash |
| f5f1ff | 499 | oc login -p <password> -u <user> <cluster_url> |
| D | 500 | ``` |
| 501 | ```bash | |
| 502 | ansible-playbook apply.yml -i inventory/ -e target=bootstrap | |
| 503 | ``` | |
| 504 | ```bash | |
| 505 | ansible-playbook apply.yml -i inventory/ -e target=tools | |
| 7c832b | 506 | ``` |
| c951f7 | 507 | |
| 5d0992 | 508 | _____ |
| D | 509 | |
| c951f7 | 510 | ## Extension Tasks |
| de8ebb | 511 | > _Ideas for go-getters. Advanced topic for doers to get on with if they finish early. These will usually not have a solution and are provided for additional scope._ |
| c951f7 | 512 | |
| 3558ae | 513 | - Add more secure access for Nexus (ie not admin / admin123) using the automation to drive secret creation |
| ff1bd7 | 514 | - Add a SonarQube persistent deployment to the `ci-cd-deployments` section. |
| D | 515 | - Add `jenkins.plugins.slack.SlackNotifier.xml` to `jenkins-s2i/configuration` to include URL of Slack for team build notifications and rebuild Jenkins S2I |
| c951f7 | 516 | |
| 5d0992 | 517 | _____ |
| D | 518 | |
| c951f7 | 519 | ## Additional Reading |
| 7c832b | 520 | > List of links or other reading that might be of use / reference for the exercise |
| 01c4da | 521 | |
| RH | 522 | ## Slide links |
| 523 | ||
| 524 | - [Intro](https://docs.google.com/presentation/d/1LsfAkH8GfIhulEoy_yd-usWBfDHnZEyQdNvYeTmAg4A/) | |
| 525 | - [Wrap-up](https://docs.google.com/presentation/d/1cfyJ6SHddZNbM61oz67r870rLYVKY335zGclXN2uLMY/) | |
| 5d4563 | 526 | - [All Material](https://drive.google.com/drive/folders/13Bt4BXf9P2OB8VI4YQNcNONF1786dqOx) |
