OpenShift CI/CD Operations - Collocated Persistent Jenkins Set Up: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
 
(24 intermediate revisions by the same user not shown)
Line 1: Line 1:
=External=
* https://github.com/openshift/origin/blob/master/examples/jenkins/README.md
=Internal=
=Internal=


* [[OpenShift_CI/CD_Concepts#Collocated_Jenkins|OpenShift CI/CD Concepts]]
* [[OpenShift_CI/CD_Concepts#Collocated_Jenkins|OpenShift CI/CD Concepts]]
{{Error|TO REMOVE}}


=Overview=
=Overview=


This is the procedure to deploy a persistent Jenkins instance in the same project as the application that intends to use it.
This is the procedure to deploy a persistent Jenkins instance in the same project as the application that intends to use it, and configure it to build and deploy the application.


=Pre-Requisites=
=Pre-Requisites=
Line 21: Line 27:
=Deploy Persistent Jenkins=
=Deploy Persistent Jenkins=


  oc new-app -p VOLUME_CAPACITY=2Gi jenkins-persistent
  oc new-app \
  -p VOLUME_CAPACITY=2Gi \
  -p MEMORY_LIMIT=1Gi \
  -e INSTALL_PLUGINS=analysis-core:1.92,findbugs:4.71,pmd:3.49,checkstyle:3.49,dependency-check-jenkins-plugin:2.1.1,htmlpublisher:1.14,jacoco:2.2.1,analysis-collector:1.52 \
  jenkins-persistent


By default, the template enables OAuth integration.
By default, the template enables OAuth integration.
Line 29: Line 39:
The installation procedure should have created a "system:serviceaccount:os3-jenkins-example:jenkins" service account and given it the "edit" role. Jenkins will authenticate as "system:serviceaccount:os3-jenkins-example:jenkins" to the OpenShift master and will need these permissions to perform its functions. For more security details, see [[OpenShift_CI/CD_Concepts#Security_Considerations|OpenShift CI/CD Security Considerations]].
The installation procedure should have created a "system:serviceaccount:os3-jenkins-example:jenkins" service account and given it the "edit" role. Jenkins will authenticate as "system:serviceaccount:os3-jenkins-example:jenkins" to the OpenShift master and will need these permissions to perform its functions. For more security details, see [[OpenShift_CI/CD_Concepts#Security_Considerations|OpenShift CI/CD Security Considerations]].


Various configuration adjustments can be performed after installation:
====Adjust Readiness Probe Timeout====
  [[Oc_set#probe|oc set probe]] dc jenkins --readiness --initial-delay-seconds=500
The same effect can be achieved with
oc edit dc/jenkins


and changing spec/template/spec/containers/name=jenkins/livenessProbe/initialDelaySeconds


====Adjust Memory====


{{Error|From Here}}
[[Oc_set#resources|oc set resources]] dc/jenkins --limits=memory=3Gi


new-app procedure will create a special service account for Jenkins ("system:service account:<''project-name''>:jenkins") and it will give it the appropriate roles (/edit).
=Deploy a Sample Application=


More details about Jenkins security considerations:
This is a standard node.js HelloWorld OpenShift example: https://raw.githubusercontent.com/openshift/origin/master/examples/jenkins/application-template.json


{{Internal|OpenShift CI/CD Concepts#Security_Considerations|Jenkins Security Considerations}}
If can be downloaded locally, inspected, edited, and then instantiated:


=Create Jenkins Components=
oc new-app -f ./application-template.json


{{External|https://github.com/openshift/origin/blob/master/examples/jenkins/README.md}}
Without additional configuration, the application will create all OpenShift objects required to do a source-to-image build and to deploy and expose the final artifact as https://nodejs-helloworld-sample-os3-jenkins-example.apps.openshift.novaordis.io. However, neither the build nor the deployment start automatically, as the application "expects" its release procedure to be driven by Jenkins.


Jenkins instance won't be integrated into the OAuth infrastructure, so authentication must be done independently (admin/password).
=Configure a Jenkins Project=


Make sure to specify a volume capacity in sync with the capacity of the persistent volume that was provisioned for Jenkins.
New Item -> Freestyle project -> "os3-jenkins-example" -> Save.


oc new-app jenkins-persistent -p MEMORY_LIMIT=2Gi -p VOLUME_CAPACITY=2Gi -p ENABLE_OAUTH=false
Source Code Management: None.


Successful run output:
Build:


<pre>
* Scale OpenShift Deployment:
--> Deploying template "openshift/jenkins-persistent" to project lab7


    Jenkins (Persistent)
Then name of the DeploymentConfig to scale: frontend
    ---------
    Jenkins service, with persistent storage.


    NOTE: You must have persistent volumes available in your cluster to use this template.
The number of replicas to scale the deployment to: 0


    A Jenkins service has been created in your project.  Log into Jenkins with your OpenShift account.  The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.
Verify whether the specified number of replicas are up: No


    * With parameters:
* Trigger OpenShift Build
        * Jenkins Service Name=jenkins
        * Jenkins JNLP Service Name=jenkins-jnlp
        * Enable OAuth in Jenkins=false
        * Jenkins JVM Architecture=i386
        * Memory Limit=1Gi
        * Volume Capacity=2Gi
        * Jenkins ImageStream Namespace=openshift
        * Jenkins ImageStreamTag=jenkins:latest


--> Creating resources ...
The name of the BuildConfig to trigger: frontend
    route "jenkins" created
    persistentvolumeclaim "jenkins" created
    deploymentconfig "jenkins" created
    serviceaccount "jenkins" created
    rolebinding "jenkins_edit" created
    service "jenkins-jnlp" created
    service "jenkins" created
--> Success
    Run 'oc status' to view your app.
</pre>


=Post-Install Adjustments=
* Trigger OpenShift Deployment


==Adjust Readiness Probe Timeout==
The name of the DeploymentConfig to trigger a deployment of: frontend


  [[Oc_set#probe|oc set probe]] dc jenkins --readiness --initial-delay-seconds=500
* Verify OpenShift Service
 
The name of the Service to verify: frontend
 
* Tag OpenShift Image
 
The name of the ImageStream for the current image tag: origin-nodejs-sample
 
The name of the current image tag or actual image ID: latest
 
The name of the ImageStream for the new image tag: origin-nodejs-sample
 
The name of the new image tag: prod


The same effect can be achieved with
* Verify OpenShift Deployment:


oc edit dc/jenkins
The name of the DeploymentConfig to validate: frontend-prod


and changing spec/template/spec/containers/name=jenkins/livenessProbe/initialDelaySeconds
The number of replicas you expect the deployment to scale to: 1


==Adjust Memory==
Save


[[Oc_set#resources|oc set resources]] dc/jenkins --limits=memory=3Gi
=Build=


=Verification=
The build should trigger an OpenShift build of the application, wait for the build to result in a deployment, confirm that the new deployment works, and then tag the image for production.
Tagging the image will trigger the production deployment, which was configured in dc/frontend-prod. In the end, we should get a "frontend" and a "frontend-prod" being deployed and running (for the "prod" pod, the route must be created manually).


Access the UI at https://jenkins-lab7.apps.openshift.novaordis.io and log in with admin/password.
=Use of Kubernetes Plugin=


For causes not yet elucidated yet, the Jenkins pod had to be deleted upon the first deployment - and thus a redeployment be triggered - in order to become accessible.
<font color=red>


=Configure the Jenkins Pipeline=
The Jenkins instance was used so far without a [[OpenShift_CI/CD_Concepts#Kubernetes_Plugin|Kubernetes plugin]]. This means <font color=red>?what?</font>.


{{Internal|OpenShift_CI/CD_Operations#Configure_the_Jenkins_Pipeline|Configure the Jenkins Pipeline}}
</font>

Latest revision as of 18:34, 12 December 2017

External

Internal


TO REMOVE

Overview

This is the procedure to deploy a persistent Jenkins instance in the same project as the application that intends to use it, and configure it to build and deploy the application.

Pre-Requisites

Create the project to host the Jenkins instance and the application instance: 

oc new-project os3-jenkins-example

Provision a 2Gi persistent volume to be used by Jenkins.

Verify that the persistent Jenkins template is available. 

 oc get template/jenkins-persistent -n openshift

Deploy Persistent Jenkins

oc new-app \
  -p VOLUME_CAPACITY=2Gi \
  -p MEMORY_LIMIT=1Gi \
  -e INSTALL_PLUGINS=analysis-core:1.92,findbugs:4.71,pmd:3.49,checkstyle:3.49,dependency-check-jenkins-plugin:2.1.1,htmlpublisher:1.14,jacoco:2.2.1,analysis-collector:1.52 \
 jenkins-persistent

By default, the template enables OAuth integration.

After the deployment completes, you should be left with a Jenkins pod that can be accessed with the public URL https://jenkins-os3-jenkins-example.apps.openshift.novaordis.io, using OpenShift credentials, since OAuth integration is supposed to be active.

The installation procedure should have created a "system:serviceaccount:os3-jenkins-example:jenkins" service account and given it the "edit" role. Jenkins will authenticate as "system:serviceaccount:os3-jenkins-example:jenkins" to the OpenShift master and will need these permissions to perform its functions. For more security details, see OpenShift CI/CD Security Considerations.

Various configuration adjustments can be performed after installation:

Adjust Readiness Probe Timeout

 oc set probe dc jenkins --readiness --initial-delay-seconds=500

The same effect can be achieved with 

oc edit dc/jenkins

and changing spec/template/spec/containers/name=jenkins/livenessProbe/initialDelaySeconds

Adjust Memory

oc set resources dc/jenkins --limits=memory=3Gi

Deploy a Sample Application

This is a standard node.js HelloWorld OpenShift example: https://raw.githubusercontent.com/openshift/origin/master/examples/jenkins/application-template.json

If can be downloaded locally, inspected, edited, and then instantiated: 

oc new-app -f ./application-template.json

Without additional configuration, the application will create all OpenShift objects required to do a source-to-image build and to deploy and expose the final artifact as https://nodejs-helloworld-sample-os3-jenkins-example.apps.openshift.novaordis.io. However, neither the build nor the deployment start automatically, as the application "expects" its release procedure to be driven by Jenkins.

Configure a Jenkins Project

New Item -> Freestyle project -> "os3-jenkins-example" -> Save.

Source Code Management: None.

Build:

  • Scale OpenShift Deployment:

Then name of the DeploymentConfig to scale: frontend

The number of replicas to scale the deployment to: 0

Verify whether the specified number of replicas are up: No

  • Trigger OpenShift Build

The name of the BuildConfig to trigger: frontend

  • Trigger OpenShift Deployment

The name of the DeploymentConfig to trigger a deployment of: frontend

  • Verify OpenShift Service

The name of the Service to verify: frontend

  • Tag OpenShift Image

The name of the ImageStream for the current image tag: origin-nodejs-sample

The name of the current image tag or actual image ID: latest

The name of the ImageStream for the new image tag: origin-nodejs-sample

The name of the new image tag: prod

  • Verify OpenShift Deployment:

The name of the DeploymentConfig to validate: frontend-prod

The number of replicas you expect the deployment to scale to: 1

Save

Build

The build should trigger an OpenShift build of the application, wait for the build to result in a deployment, confirm that the new deployment works, and then tag the image for production. Tagging the image will trigger the production deployment, which was configured in dc/frontend-prod. In the end, we should get a "frontend" and a "frontend-prod" being deployed and running (for the "prod" pod, the route must be created manually).

Use of Kubernetes Plugin

The Jenkins instance was used so far without a Kubernetes plugin. This means ?what?.

Retrieved from "https://kb.novaordis.com/index.php?title=OpenShift_CI/CD_Operations_-_Collocated_Persistent_Jenkins_Set_Up&oldid=34902"