OpenShift CI/CD Operations - Collocated Persistent Jenkins Set Up: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 46: Line 46:


=Post-Install Adjustments=
=Post-Install Adjustments=
====OpenShift Pipeline====
New Item -> "hello-nodejs-pipeline" -> Pipeline -> OK
Pipeline -> Definition -> Pipeline script:
<syntaxhighlight lang='groovy'>
node {
  stage ("Build") {
    echo '*** Build Starting ***'
    openshiftBuild apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', bldCfg: 'hello-nodejs', buildName: '', checkForTriggeredDeployments: 'false', commitID: '', namespace: '', showBuildLogs: 'false', verbose: 'false', waitTime: ''
    openshiftVerifyBuild apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', bldCfg: 'hello-nodejs', checkForTriggeredDeployments: 'false', namespace: '', verbose: 'false'
    echo '*** Build Complete ***'
  }
  stage ("Deploy") {
    echo '*** Deployment Starting ***'
    openshiftDeploy apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', depCfg: 'hello-nodejs', namespace: '', verbose: 'false', waitTime: ''
    openshiftVerifyDeployment apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', depCfg: 'hello-nodejs', namespace: '', replicaCount: '1', verbose: 'false', verifyReplicaCount: 'false', waitTime: ''
    echo '*** Deployment Complete ***'
  }
  stage ("Verify") {
    echo '*** Service Verification Starting ***'
    openshiftVerifyService apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', namespace: '', svcName: 'hello-nodejs', verbose: 'false'
    echo '*** Service Verification Complete ***'
  }
}
</syntaxhighlight>


==Adjust Readiness Probe Timeout==
==Adjust Readiness Probe Timeout==


  [[Oc_set#probe|oc set probe]] dc jenkins --readiness --initial-delay-seconds=500


----------------
----------------

Revision as of 02:26, 22 November 2017

Internal

Overview

This is the procedure to install a CI/CD pipeline based on Jenkins. The CI/CD pipeline will execute in the project that need CI/CD services: the Jenkins pod will be created in the same project it triggers builds and deployments for.

The pipeline is created based on the OpenShift "jenkins-persistent" template, available in the "openshift" project: 

 oc get templates -n openshift | grep jenkins

NAME                  DESCRIPTION                                    PARAMETERS       OBJECTS
...
jenkins-persistent    Jenkins service, with persistent storage....   8 (all set)      7

No special service account will be created for Jenkins, it will be configured to use the default service account "system:service account:<project-name>:default"

Grant Required Permissions

Jenkins components need to access the OpenShift API, so the service account that will run the Jenkins pod ("system:service account:<project-name>:default") must be given appropriate permissions: 

oc policy add-role-to-user admin system:service account:<project-name>:default

More details about Jenkins security considerations:

Jenkins Security Considerations

Provision a Persistent Volume

"jenkins-persistent" requires a persistent volume, which must be provisioned before the installation.

Persistent Volume Operations

Deploy Jenkins

https://github.com/openshift/origin/blob/master/examples/jenkins/README.md

Jenkins instance won't be integrated into the OAuth infrastructure, so authentication must be done independently (admin/password).

Make sure to specify a volume capacity in sync with the capacity of the persistent volume that was provisioned for Jenkins. 

oc new-app jenkins-persistent -p MEMORY_LIMIT=2Gi -p VOLUME_CAPACITY=2Gi -p ENABLE_OAUTH=false

Successful run output:

Post-Install Adjustments

OpenShift Pipeline

New Item -> "hello-nodejs-pipeline" -> Pipeline -> OK

Pipeline -> Definition -> Pipeline script: 

node {
  stage ("Build") {
    echo '*** Build Starting ***'
    openshiftBuild apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', bldCfg: 'hello-nodejs', buildName: '', checkForTriggeredDeployments: 'false', commitID: '', namespace: '', showBuildLogs: 'false', verbose: 'false', waitTime: ''
    openshiftVerifyBuild apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', bldCfg: 'hello-nodejs', checkForTriggeredDeployments: 'false', namespace: '', verbose: 'false'
    echo '*** Build Complete ***'
  }
  stage ("Deploy") {
    echo '*** Deployment Starting ***'
    openshiftDeploy apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', depCfg: 'hello-nodejs', namespace: '', verbose: 'false', waitTime: ''
    openshiftVerifyDeployment apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', depCfg: 'hello-nodejs', namespace: '', replicaCount: '1', verbose: 'false', verifyReplicaCount: 'false', waitTime: ''
    echo '*** Deployment Complete ***'
  }
  stage ("Verify") {
    echo '*** Service Verification Starting ***'
    openshiftVerifyService apiURL: 'https://openshift.default.svc.cluster.local', authToken: '', namespace: '', svcName: 'hello-nodejs', verbose: 'false'
    echo '*** Service Verification Complete ***'
  }
}


Adjust Readiness Probe Timeout

 oc set probe dc jenkins --readiness --initial-delay-seconds=500
Retrieved from "https://kb.novaordis.com/index.php?title=OpenShift_CI/CD_Operations_-_Collocated_Persistent_Jenkins_Set_Up&oldid=31714"