nicolas
/
rhte-api
mirror of https://github.com/nmasse-itix/rhte-api.git
1
0
Fork 0
Code Issues Releases Wiki Activity
API Lifecycle Demo
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13 Commits
1 Branch
0 Tags
430 KiB
 
 
Tree: ec5c4f2fdc
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ec5c4f2fdc'
${ noResults }
Nicolas Massé ec5c4f2fdc
readme 		7 years ago
api-contracts readme 7 years ago
.gitignore templates + gitignore 7 years ago
3scale-docs.html 3scale dynamic documentation 7 years ago
Jenkinsfile fix missing port 7 years ago
README.md readme 7 years ago
apicast-template.yaml templates + gitignore 7 years ago
openapi-spec.yaml readme 7 years ago
package.json initial release 7 years ago
pipeline-template.yaml fix the pipeline 7 years ago
server.js initial release 7 years ago

README.md

RHTE API Lifecycle Demo

Setup

1/ Create the OpenShift projects

oc new-project rhte-build --display-name="RHTE API (BUILD)"
oc new-project rhte-test --display-name="RHTE API (TEST)"
oc new-project rhte-prod --display-name="RHTE API (PROD)"
oc new-project ansible --display-name="Ansible Tower"

2/ Deploy Jenkins in the BUILD environment

oc project rhte-build
oc new-app jenkins-persistent --name=jenkins -p MEMORY_LIMIT=2Gi
oc env dc/jenkins JENKINS_OPTS=--sessionTimeout=86400

3/ Give Jenkins the right to manage the TEST and PROD environments

oc adm policy add-role-to-user admin system:serviceaccount:rhte-build:jenkins -n rhte-test
oc adm policy add-role-to-user admin system:serviceaccount:rhte-build:jenkins -n rhte-prod

4/ Build the API Backend

oc new-build -n rhte-build nodejs:8~https://github.com/nmasse-itix/rhte-api.git --strategy=source --name=rhte-api
oc start-build -n rhte-build rhte-api

5/ Deploy the API Backend to the TEST and PROD environments

oc tag rhte-build/rhte-api:latest rhte-api:ready-for-test -n rhte-test
oc new-app rhte-api:ready-for-test --name rhte-api -n rhte-test
oc expose svc/rhte-api -n rhte-test
oc tag rhte-build/rhte-api:latest rhte-api:ready-for-prod -n rhte-prod
oc new-app rhte-api:ready-for-prod --name rhte-api -n rhte-prod
oc expose svc/rhte-api -n rhte-prod

6/ Remove the trigger on the TEST and PROD environments

oc set triggers dc/rhte-api --from-image=rhte-api:ready-for-test --manual=true -c rhte-api -n rhte-test
oc set triggers dc/rhte-api --from-image=rhte-api:ready-for-prod --manual=true -c rhte-api -n rhte-prod

7/ Prepare your 3scale SaaS Tenant

Create an Access Token in your 3scale SaaS Tenant that has read-write access to the Account Management API. Please check 3scale documentation on how to get an access token. Write down this value for later use.

You will also need the name of your 3scale tenant.

On your 3scale Admin Portal, go the Developer Portal section and replace your standard Documentation page by the content of 3scale-docs.html.

Do not forget to hit Save and Publish.

8/ Deploy the 3scale APIcast instances in TEST and PROD

oc process -f apicast-template.yaml -p ACCESS_TOKEN=<YOUR_3SCALE_ACCESS_TOKEN> -p TENANT=<YOUR_3SCALE_TENANT> |oc create -f - -n rhte-test
oc process -f apicast-template.yaml -p ACCESS_TOKEN=<YOUR_3SCALE_ACCESS_TOKEN> -p TENANT=<YOUR_3SCALE_TENANT> |oc create -f - -n rhte-prod

9/ Create the OpenShift routes for your APIcast gateways

oc expose svc/apicast-staging --hostname=rhte-api-1-staging.test.app.itix.fr --name rhte-api-1-staging -n rhte-test
oc expose svc/apicast-staging --hostname=rhte-api-2-staging.test.app.itix.fr --name rhte-api-2-staging -n rhte-test
oc expose svc/apicast-production --hostname=rhte-api-1.test.app.itix.fr --name rhte-api-1-production -n rhte-test
oc expose svc/apicast-production --hostname=rhte-api-2.test.app.itix.fr  --name rhte-api-2-production -n rhte-test
oc expose svc/apicast-staging --hostname=rhte-api-1-staging.prod.app.itix.fr --name rhte-api-1-staging -n rhte-prod
oc expose svc/apicast-staging --hostname=rhte-api-2-staging.prod.app.itix.fr --name rhte-api-2-staging -n rhte-prod
oc expose svc/apicast-production --hostname=rhte-api-1.prod.app.itix.fr --name rhte-api-1-production -n rhte-prod
oc expose svc/apicast-production --hostname=rhte-api-2.prod.app.itix.fr  --name rhte-api-2-production -n rhte-prod

TODO: Patch the routes to enable HTTPS

10/ Deploy Ansible Tower

oc project ansible
oc apply -f - <<EOF
apiVersion: "v1"
kind: "PersistentVolumeClaim"
metadata:
  name: "postgresql"
spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "5Gi"
EOF
git clone -b 1.0.6 https://github.com/ansible/awx.git
git clone https://github.com/ansible/awx-logos.git
cd awx/installer/
ansible-playbook -i inventory install.yml -e dockerhub_version=1.0.7 -e openshift_host="$(oc whoami --show-server)" -e openshift_skip_tls_verify=true -e openshift_project="$(oc project -q)" -e openshift_user="$(oc whoami)" -e openshift_token="$(oc whoami -t)" -e default_admin_user=admin -e default_admin_password=redhat123 -e awx_official=true

Because there is a bug in the latest version of the AWX installer, you might have to update the deployment config.

oc patch dc/awx --type=json -p '[ { "op": "copy", "from": "/spec/template/spec/containers/1", "path": "/spec/template/spec/containers/0" } ]'

The default installation of AWX uses a combination of latest tags and an imagePullPolicy set to always, which is a recipe for disaster. Fix all tags to your prefered version and set the imagePullPolicy to IfNotPresent.

oc patch dc/awx --type=json -p '[ { "op": "replace", "path": "/spec/template/spec/containers/0/imagePullPolicy", "value": "IfNotPresent" }, { "op": "replace", "path": "/spec/template/spec/containers/1/imagePullPolicy", "value": "IfNotPresent" }, { "op": "replace", "path": "/spec/template/spec/containers/2/imagePullPolicy", "value": "IfNotPresent" }, { "op": "replace", "path": "/spec/template/spec/containers/3/imagePullPolicy", "value": "IfNotPresent" }, { "op": "replace", "path": "/spec/template/spec/containers/0/image", "value": "ansible/awx_web:1.0.7.2" }, { "op": "replace", "path": "/spec/template/spec/containers/1/image", "value": "ansible/awx_task:1.0.7.2" }, { "op": "replace", "path": "/spec/template/spec/containers/2/image", "value": "ansible/awx_rabbitmq:3.7.4" }, { "op": "replace", "path": "/spec/template/spec/containers/3/image", "value": "memcached:1.5.10" } ]'

11/ Configure project and job in AWX

Login on AWX as admin, go to the Projects section and add a new project with following properties :

  • Name: Deploy API to 3scale
  • Description: Enable continuous deployment of an API to 3scale AMP
  • Organization: default
  • SCM Type: Git
  • SCM URL: https://github.com/nmasse-itix/threescale-cicd-awx
  • SCM Branch/Tag/Commit: master

You can also tick Update Revision on Launch and setup a cache timeout.

Then you have to add a new Job Template with following properties :

  • Name: Deploy an API to 3scale
  • Project: Deploy API to 3scale
  • Playbook: deploy-api.yml
  • Inventory: Prompt on Launch
  • Extra-variables: Prompt on Launch

For both the TEST and PROD environments, you will have to declare an inventory into AWX.

  • Create an inventory named 3scale-test and set the Variables field to:
---
ansible_connection: local
  • Save
  • Move to the Groups section and create a group named threescale
  • Set the Variables field to:
---
threescale_cicd_access_token: <3scale_access_token>
threescale_cicd_api_environment_name: test
threescale_cicd_wildcard_domain: test.app.itix.fr

  • Do not forget to replace the threescale_cicd_access_token, threescale_cicd_api_environment_name and threescale_cicd_wildcard_domain variables with respectively your access token to 3scale API Management backend, the name of environment as well as the wildcard that will be used to serve Gateway through Route.

  • Move to the Hosts section

  • Add a host that matches your 3scale Admin Portal (<TENANT>-admin.3scale.net). For example: nmasse-redhat-admin.3scale.net

  • Duplicate this inventory and change the threescale group variables to:

---
threescale_cicd_access_token: <3scale_access_token>
threescale_cicd_api_environment_name: prod
threescale_cicd_wildcard_domain: prod.app.itix.fr
  • Change the name of the new inventory to 3scale-prod and save

12/ Create the Jenkins Pipeline

oc process -f pipeline-template.yaml |oc create -f - -n rhte-build

13/ Jenkins setup for Ansible Tower

You finally need to configure the connection between Jenkins and AWX/Ansible Tower. To do this, go to Jenkins, click on Manage Jenkins > Manage Plugins and install the Ansible Tower plugin. You do not need to restart Jenkins.

Then click on Credentials > System, click on Global credentials (unrestricted) and select Add Credentials... to add a new user for connection to AWX/Ansible Tower. Fill-in your AWX/Tower Admin login and password, and choose tower-admin for the id field.

Finally, you also have to configure an alias to your AWX Server into Jenkins. This will allow our Jenkins pipelines to access the AWX server easily without knowing the complete server name or address. Click on Configure System in the management section and then go to the Ansible Tower section and add a new Tower Installation. Give it a name (we've simply used tower in our scripts), fill the URL and specify that it should be accessed using the user and credentials we have just created before.

14/ Load the OpenAPI Specifications to Apicurio

Go to studio.apicur.io, login and import the three API contracts in the api-contract folder.