diff --git a/doc/JENKINS.md b/doc/JENKINS.md deleted file mode 100644 index 6c6af23..0000000 --- a/doc/JENKINS.md +++ /dev/null @@ -1,96 +0,0 @@ -# Using this Ansible role from Jenkins - -To use this role from Jenkins, you will need to: - -- Create a custom Jenkins Slave image -- Register this image in the Jenkins configuration -- Install the Ansible Jenkins plugin -- Commit your inventory and playbooks in a GIT repository -- Create an Ansible Vault to store your 3scale Access Token and OIDC issuer endpoint -- Create a Jenkins pipeline - -## Create a custom Jenkins Slave image - -First, create a Dockerfile containing: - -```dockerfile -FROM openshift3/jenkins-slave-base-rhel7:v3.11 - -MAINTAINER Nicolas Masse - -# Labels consumed by Red Hat build service -LABEL name="openshift3/jenkins-agent-ansible-26-rhel7" \ - version="3.11" \ - architecture="x86_64" \ - io.k8s.display-name="Jenkins Agent Ansible" \ - io.k8s.description="The jenkins agent ansible image has the Ansible engine on top of the jenkins slave base image." \ - io.openshift.tags="openshift,jenkins,agent,ansible" - -USER root -RUN yum install -y --enablerepo=rhel-7-server-ansible-2.6-rpms ansible && \ - yum install -y --enablerepo=rhel-server-rhscl-7-rpms python27-python-pip && \ - scl enable python27 "pip install --install-option='--install-purelib=/usr/lib/python2.7/site-packages/' jinja2" && \ - yum clean all && \ - rm -rf /var/cache/yum && \ - chown -R 1001:0 $HOME && \ - chmod -R g+rw $HOME - -USER 1001 -``` - -Create an OpenShift project to hold the image and BuildConfig we will create: - -```sh -oc new-project jenkins-ansible -``` - -Then, import the Jenkins base image in the current project: - -```sh -oc import-image jenkins-slave-base-rhel7:v3.11 --from=registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7:v3.11 --scheduled --confirm -``` - -Replace the `v3.11` tag with the OpenShift version you are currently running. - -Create a BuildConfig based on this ImageStream and the Dockerfile created before. - -```sh -oc new-build -D - --name=jenkins-agent-ansible-26-rhel7 --image-stream=jenkins-slave-base-rhel7:v3.11 --to=jenkins-agent-ansible-26-rhel7:latest < Dockerfile -``` - -Wait for the BuildConfig to complete and tag the new image in the `openshift` namespace: - -```sh -oc tag jenkins-agent-ansible-26-rhel7:latest openshift/jenkins-agent-ansible-26-rhel7:latest -``` - -## Register the image in the Jenkins configuration - -- Connect to your Jenkins instance -- Click **Manage Jenkins** > **Configure System** -- Scroll down to the **Cloud** section -- Scroll down and click **Add Pod Template** and select **Kubernetes Pod Template** -- Fill in the Kubernetes Pod Template with the following information: - - **Name**: `ansible` - - **Labels**: `ansible` - - **Timeout in seconds for Jenkins connection**: `100` -- Click **Add Container** and select **Container Template** -- Fill in the Container Template with the following information: - - **Name**: `jnlp` - - **Docker image**: `docker-registry.default.svc:5000/openshift/jenkins-agent-ansible-26-rhel7:latest` - - **Always pull image**: *checked* - - **Working directory**: `/tmp` - - **Command to run**: *empty* - - **Arguments to pass to the command**: `${computer.jnlpmac} ${computer.name}` - - **Allocate pseudo-TTY**: *unchecked* -- Scroll down and click **Save** - -## Install the Ansible Jenkins plugin - -- Connect to your Jenkins instance -- Click **Manage Jenkins** > **Manage Plugins** -- Go to the **Available** tab -- In the **Filter** text field, type `Ansible` -- In the list, find the **Ansible plugin** and check its box in the **Enabled** column -- Click **Install without restart** - diff --git a/support/jenkins/Jenkinsfile b/support/jenkins/Jenkinsfile index d150689..7cbd231 100644 --- a/support/jenkins/Jenkinsfile +++ b/support/jenkins/Jenkinsfile @@ -7,7 +7,7 @@ */ pipeline { - agent { label 'ansible' } + agent { label 'jenkins-ansible-slave.latest' } parameters { credentials(name: 'THREESCALE_CICD_ACCESS_TOKEN', description: 'The 3scale Access Token', credentialType: "Secret text", required: true) @@ -16,7 +16,7 @@ pipeline { string(name: 'GIT_REPOSITORY', description: 'The GIT repository to checkout, containing the OpenAPI Specifications') string(name: 'GIT_BRANCH', description: 'The GIT branch or tag to checkout, containing the OpenAPI Specifications', defaultValue: 'master') string(name: 'OPENAPI_FILE', description: 'The path to the OpenAPI Specification within the GIT Repository') - string(name: 'THREESCALE_CICD_PRIVATE_BASE_URL', description: 'The 3scale private base URL') + string(name: 'THREESCALE_CICD_PRIVATE_BASE_URL', description: 'The 3scale private base URL', defaultValue: 'https://echo-api.3scale.net') } stages { diff --git a/support/jenkins/README.md b/support/jenkins/README.md new file mode 100644 index 0000000..ed8bc94 --- /dev/null +++ b/support/jenkins/README.md @@ -0,0 +1,47 @@ +# Using this Ansible role from Jenkins + +To use this role from Jenkins, you will need to: + +- Create the Jenkins Slave image for Ansible +- Install the Ansible Jenkins plugin +- Create the pipeline that calls Ansible + +## Create the Jenkins Slave image for Ansible + +You can create the Jenkins Slave image for Ansible by executing the following command **in the same project as your Jenkins master**: + +```sh +oc create -f https://raw.githubusercontent.com/nmasse-itix/threescale-cicd/master/support/jenkins/jenkins-slave-template-centos.yaml +oc new-app --template=jenkins-slave-template +``` + +Alternatively, if you are a Red Hat customer, you can build your images based on RHEL with the following commands: + +```sh +oc create -f https://raw.githubusercontent.com/nmasse-itix/threescale-cicd/master/support/jenkins/jenkins-slave-template-rhel.yaml +oc new-app --template=jenkins-slave-template +``` + +Wait for the build to finish: + +```sh +oc logs -f bc/jenkins-ansible-slave +``` + +## Install the Ansible Jenkins plugin + +- Connect to your Jenkins instance +- Click **Manage Jenkins** > **Manage Plugins** +- Go to the **Available** tab +- In the **Filter** text field, type `Ansible` +- In the list, find the **Ansible plugin** and check its box in the **Enabled** column +- Click **Install without restart** + +## Create the pipeline that calls Ansible + +You can create the Jenkins pipeline that calls Ansible with the following command: + +```sh +oc create -f https://raw.githubusercontent.com/nmasse-itix/threescale-cicd/master/support/jenkins/deploy-3scale-api-pipeline.yaml +oc new-app --template=deploy-3scale-api +``` diff --git a/support/jenkins/deploy-3scale-api-pipeline.yaml b/support/jenkins/deploy-3scale-api-pipeline.yaml new file mode 100644 index 0000000..a72fd3e --- /dev/null +++ b/support/jenkins/deploy-3scale-api-pipeline.yaml @@ -0,0 +1,44 @@ +apiVersion: v1 +kind: Template +labels: + template: deploy-3scale-api +metadata: + annotations: + description: |- + Deploy an API to 3scale + openshift.io/display-name: Jenkins Pipeline to deploy an API to 3scale + tags: jenkins + template.openshift.io/documentation-url: https://github.com/nmasse-itix/threescale-cicd + template.openshift.io/long-description: Jenkins Pipeline to deploy an API to 3scale + template.openshift.io/provider-display-name: Nicolas Massé + template.openshift.io/support-url: https://github.com/nmasse-itix/threescale-cicd/issues + name: deploy-3scale-api +parameters: +objects: +- kind: "BuildConfig" + apiVersion: "v1" + metadata: + name: "deploy-3scale-api" + spec: + source: + git: + uri: https://github.com/nmasse-itix/threescale-cicd.git + strategy: + type: "JenkinsPipeline" + jenkinsPipelineStrategy: + jenkinsfilePath: support/jenkins/Jenkinsfile + env: + - name: THREESCALE_CICD_ACCESS_TOKEN + value: + - name: THREESCALE_CICD_SSO_ISSUER_ENDPOINT + value: + - name: THREESCALE_PORTAL_HOSTNAME + value: + - name: GIT_REPOSITORY + value: + - name: GIT_BRANCH + value: + - name: OPENAPI_FILE + value: + - name: THREESCALE_CICD_PRIVATE_BASE_URL + value: \ No newline at end of file diff --git a/support/jenkins/jenkins-slave-template-centos.yaml b/support/jenkins/jenkins-slave-template-centos.yaml new file mode 100644 index 0000000..a9f279b --- /dev/null +++ b/support/jenkins/jenkins-slave-template-centos.yaml @@ -0,0 +1,92 @@ +apiVersion: v1 +kind: Template +labels: + template: jenkins-ansible-slave +metadata: + annotations: + description: |- + A Jenkins slave that embeds Ansible 2.6 on CentOS + openshift.io/display-name: Jenkins Slave for Ansible + tags: jenkins + template.openshift.io/documentation-url: https://github.com/nmasse-itix/threescale-cicd + template.openshift.io/long-description: + template.openshift.io/provider-display-name: Nicolas Massé + template.openshift.io/support-url: https://github.com/nmasse-itix/threescale-cicd/issues + name: jenkins-ansible-slave +parameters: +- name: OPENSHIFT_VERSION + value: v3.11 + required: true +objects: +- apiVersion: v1 + kind: ImageStream + metadata: + annotations: + openshift.io/display-name: Jenkins Slave for Ansible + name: jenkins-ansible-slave + spec: + tags: + - name: latest + annotations: + role: jenkins-slave + +- apiVersion: v1 + kind: ImageStream + metadata: + name: jenkins-slave-base + spec: + tags: + - name: ${OPENSHIFT_VERSION} + referencePolicy: + type: Local + from: + kind: DockerImage + name: docker.io/openshift/jenkins-slave-base-centos7:${OPENSHIFT_VERSION} + importPolicy: + scheduled: true + +- apiVersion: v1 + kind: BuildConfig + metadata: + name: jenkins-ansible-slave + spec: + output: + to: + kind: ImageStreamTag + name: jenkins-ansible-slave:latest + runPolicy: Serial + source: + dockerfile: |- + FROM openshift/jenkins-slave-base-centos7:${OPENSHIFT_VERSION} + + MAINTAINER Nicolas Masse + + # Labels consumed by Red Hat build service + LABEL name="openshift3/jenkins-agent-ansible-26-centos7" \ + version="${OPENSHIFT_VERSION}" \ + architecture="x86_64" \ + io.k8s.display-name="Jenkins Agent Ansible" \ + io.k8s.description="The jenkins agent ansible image has the Ansible engine on top of the jenkins slave base image." \ + io.openshift.tags="openshift,jenkins,agent,ansible" + + USER root + RUN yum install -y ansible && \ + yum install -y python27-python-pip && \ + scl enable python27 "pip install --install-option='--install-purelib=/usr/lib/python2.7/site-packages/' jinja2" && \ + yum clean all && \ + rm -rf /var/cache/yum && \ + chown -R 1001:0 $HOME && \ + chmod -R g+rw $HOME + + USER 1001 + type: Dockerfile + strategy: + dockerStrategy: + from: + kind: ImageStreamTag + name: jenkins-slave-base:${OPENSHIFT_VERSION} + type: Docker + triggers: + - type: ConfigChange + - type: ImageChange + diff --git a/support/jenkins/jenkins-slave-template-rhel.yaml b/support/jenkins/jenkins-slave-template-rhel.yaml new file mode 100644 index 0000000..cc41dab --- /dev/null +++ b/support/jenkins/jenkins-slave-template-rhel.yaml @@ -0,0 +1,92 @@ +apiVersion: v1 +kind: Template +labels: + template: jenkins-ansible-slave +metadata: + annotations: + description: |- + A Jenkins slave that embeds Ansible 2.6 on RHEL + openshift.io/display-name: Jenkins Slave for Ansible + tags: jenkins + template.openshift.io/documentation-url: https://github.com/nmasse-itix/threescale-cicd + template.openshift.io/long-description: + template.openshift.io/provider-display-name: Nicolas Massé + template.openshift.io/support-url: https://github.com/nmasse-itix/threescale-cicd/issues + name: jenkins-ansible-slave +parameters: +- name: OPENSHIFT_VERSION + value: v3.11 + required: true +objects: +- apiVersion: v1 + kind: ImageStream + metadata: + annotations: + openshift.io/display-name: Jenkins Slave for Ansible + name: jenkins-ansible-slave + spec: + tags: + - name: latest + annotations: + role: jenkins-slave + +- apiVersion: v1 + kind: ImageStream + metadata: + name: jenkins-slave-base + spec: + tags: + - name: ${OPENSHIFT_VERSION} + referencePolicy: + type: Local + from: + kind: DockerImage + name: registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7:${OPENSHIFT_VERSION} + importPolicy: + scheduled: true + +- apiVersion: v1 + kind: BuildConfig + metadata: + name: jenkins-ansible-slave + spec: + output: + to: + kind: ImageStreamTag + name: jenkins-ansible-slave:latest + runPolicy: Serial + source: + dockerfile: |- + FROM openshift3/jenkins-slave-base-rhel7:${OPENSHIFT_VERSION} + + MAINTAINER Nicolas Masse + + # Labels consumed by Red Hat build service + LABEL name="openshift3/jenkins-agent-ansible-26-rhel7" \ + version="${OPENSHIFT_VERSION}" \ + architecture="x86_64" \ + io.k8s.display-name="Jenkins Agent Ansible" \ + io.k8s.description="The jenkins agent ansible image has the Ansible engine on top of the jenkins slave base image." \ + io.openshift.tags="openshift,jenkins,agent,ansible" + + USER root + RUN yum install -y --enablerepo=rhel-7-server-ansible-2.6-rpms ansible && \ + yum install -y --enablerepo=rhel-server-rhscl-7-rpms python27-python-pip && \ + scl enable python27 "pip install --install-option='--install-purelib=/usr/lib/python2.7/site-packages/' jinja2" && \ + yum clean all && \ + rm -rf /var/cache/yum && \ + chown -R 1001:0 $HOME && \ + chmod -R g+rw $HOME + + USER 1001 + type: Dockerfile + strategy: + dockerStrategy: + from: + kind: ImageStreamTag + name: jenkins-slave-base:${OPENSHIFT_VERSION} + type: Docker + triggers: + - type: ConfigChange + - type: ImageChange +