update doc and pipeline

7 years ago · 6f35d67e6c
6 changed files with 277 additions and 98 deletions
--- a/doc/JENKINS.md
+++ b/doc/JENKINS.md
@ -1,96 +0,0 @@
 # Using this Ansible role from Jenkins
 To use this role from Jenkins, you will need to:
 - Create a custom Jenkins Slave image
 - Register this image in the Jenkins configuration
 - Install the Ansible Jenkins plugin
 - Commit your inventory and playbooks in a GIT repository
 - Create an Ansible Vault to store your 3scale Access Token and OIDC issuer endpoint
 - Create a Jenkins pipeline
 ## Create a custom Jenkins Slave image
 First, create a Dockerfile containing:
 ```dockerfile
 FROM openshift3/jenkins-slave-base-rhel7:v3.11
 MAINTAINER Nicolas Masse <nmasse@redhat.com>
 # Labels consumed by Red Hat build service
 LABEL name="openshift3/jenkins-agent-ansible-26-rhel7" \
      version="3.11" \
      architecture="x86_64" \
      io.k8s.display-name="Jenkins Agent Ansible" \
      io.k8s.description="The jenkins agent ansible image has the Ansible engine on top of the jenkins slave base image." \
      io.openshift.tags="openshift,jenkins,agent,ansible"
 USER root
 RUN yum install -y --enablerepo=rhel-7-server-ansible-2.6-rpms ansible && \
    yum install -y --enablerepo=rhel-server-rhscl-7-rpms python27-python-pip && \
    scl enable python27 "pip install --install-option='--install-purelib=/usr/lib/python2.7/site-packages/' jinja2" && \
    yum clean all && \
    rm -rf /var/cache/yum && \
    chown -R 1001:0 $HOME && \
    chmod -R g+rw $HOME
 USER 1001
 ```
 Create an OpenShift project to hold the image and BuildConfig we will create:
 ```sh
 oc new-project jenkins-ansible
 ```
 Then, import the Jenkins base image in the current project:
 ```sh
 oc import-image jenkins-slave-base-rhel7:v3.11 --from=registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7:v3.11 --scheduled --confirm
 ```
 Replace the `v3.11` tag with the OpenShift version you are currently running.
 Create a BuildConfig based on this ImageStream and the Dockerfile created before.
 ```sh
 oc new-build -D - --name=jenkins-agent-ansible-26-rhel7 --image-stream=jenkins-slave-base-rhel7:v3.11 --to=jenkins-agent-ansible-26-rhel7:latest < Dockerfile
 ```
 Wait for the BuildConfig to complete and tag the new image in the `openshift` namespace:
 ```sh
 oc tag jenkins-agent-ansible-26-rhel7:latest openshift/jenkins-agent-ansible-26-rhel7:latest
 ```
 ## Register the image in the Jenkins configuration
 - Connect to your Jenkins instance
 - Click **Manage Jenkins** > **Configure System**
 - Scroll down to the **Cloud** section
 - Scroll down and click **Add Pod Template** and select **Kubernetes Pod Template**
 - Fill in the Kubernetes Pod Template with the following information:
  - **Name**: `ansible`
  - **Labels**: `ansible`
  - **Timeout in seconds for Jenkins connection**: `100`
 - Click **Add Container** and select **Container Template**
 - Fill in the Container Template with the following information:
  - **Name**: `jnlp`
  - **Docker image**: `docker-registry.default.svc:5000/openshift/jenkins-agent-ansible-26-rhel7:latest`
  - **Always pull image**: *checked*
  - **Working directory**: `/tmp`
  - **Command to run**: *empty*
  - **Arguments to pass to the command**: `${computer.jnlpmac} ${computer.name}`
  - **Allocate pseudo-TTY**: *unchecked*
 - Scroll down and click **Save**
 ## Install the Ansible Jenkins plugin
 - Connect to your Jenkins instance
 - Click **Manage Jenkins** > **Manage Plugins**
 - Go to the **Available** tab
 - In the **Filter** text field, type `Ansible`
 - In the list, find the **Ansible plugin** and check its box in the **Enabled** column
 - Click **Install without restart**
--- a/support/jenkins/Jenkinsfile
+++ b/support/jenkins/Jenkinsfile
@ -7,7 +7,7 @@
 */
 pipeline {
-    agent { label 'ansible' }
+    agent { label 'jenkins-ansible-slave.latest' }
    parameters {
        credentials(name: 'THREESCALE_CICD_ACCESS_TOKEN', description: 'The 3scale Access Token', credentialType: "Secret text", required: true)
@ -16,7 +16,7 @@ pipeline {
        string(name: 'GIT_REPOSITORY', description: 'The GIT repository to checkout, containing the OpenAPI Specifications')
        string(name: 'GIT_BRANCH', description: 'The GIT branch or tag to checkout, containing the OpenAPI Specifications', defaultValue: 'master')
        string(name: 'OPENAPI_FILE', description: 'The path to the OpenAPI Specification within the GIT Repository')
-        string(name: 'THREESCALE_CICD_PRIVATE_BASE_URL', description: 'The 3scale private base URL')
+        string(name: 'THREESCALE_CICD_PRIVATE_BASE_URL', description: 'The 3scale private base URL', defaultValue: 'https://echo-api.3scale.net')
    }
    stages {
--- a/support/jenkins/README.md
+++ b/support/jenkins/README.md
@ -0,0 +1,47 @@
 # Using this Ansible role from Jenkins
 To use this role from Jenkins, you will need to:
 - Create the Jenkins Slave image for Ansible
 - Install the Ansible Jenkins plugin
 - Create the pipeline that calls Ansible
 ## Create the Jenkins Slave image for Ansible
 You can create the Jenkins Slave image for Ansible by executing the following command **in the same project as your Jenkins master**:
 ```sh
 oc create -f https://raw.githubusercontent.com/nmasse-itix/threescale-cicd/master/support/jenkins/jenkins-slave-template-centos.yaml
 oc new-app --template=jenkins-slave-template
 ```
 Alternatively, if you are a Red Hat customer, you can build your images based on RHEL with the following commands:
 ```sh
 oc create -f https://raw.githubusercontent.com/nmasse-itix/threescale-cicd/master/support/jenkins/jenkins-slave-template-rhel.yaml
 oc new-app --template=jenkins-slave-template
 ```
 Wait for the build to finish:
 ```sh
 oc logs -f bc/jenkins-ansible-slave
 ```
 ## Install the Ansible Jenkins plugin
 - Connect to your Jenkins instance
 - Click **Manage Jenkins** > **Manage Plugins**
 - Go to the **Available** tab
 - In the **Filter** text field, type `Ansible`
 - In the list, find the **Ansible plugin** and check its box in the **Enabled** column
 - Click **Install without restart**
 ## Create the pipeline that calls Ansible
 You can create the Jenkins pipeline that calls Ansible with the following command:
 ```sh
 oc create -f https://raw.githubusercontent.com/nmasse-itix/threescale-cicd/master/support/jenkins/deploy-3scale-api-pipeline.yaml
 oc new-app --template=deploy-3scale-api
 ```
--- a/support/jenkins/deploy-3scale-api-pipeline.yaml
+++ b/support/jenkins/deploy-3scale-api-pipeline.yaml
@ -0,0 +1,44 @@
 apiVersion: v1
 kind: Template
 labels:
  template: deploy-3scale-api
 metadata:
  annotations:
    description: |-
      Deploy an API to 3scale
    openshift.io/display-name: Jenkins Pipeline to deploy an API to 3scale
    tags: jenkins
    template.openshift.io/documentation-url: https://github.com/nmasse-itix/threescale-cicd
    template.openshift.io/long-description: Jenkins Pipeline to deploy an API to 3scale
    template.openshift.io/provider-display-name: Nicolas Massé
    template.openshift.io/support-url: https://github.com/nmasse-itix/threescale-cicd/issues
  name: deploy-3scale-api
 parameters:
 objects:
 - kind: "BuildConfig"
  apiVersion: "v1"
  metadata:
    name: "deploy-3scale-api"
  spec:
    source:
      git:
        uri: https://github.com/nmasse-itix/threescale-cicd.git
    strategy:
      type: "JenkinsPipeline"
      jenkinsPipelineStrategy:
        jenkinsfilePath: support/jenkins/Jenkinsfile
        env:
          - name: THREESCALE_CICD_ACCESS_TOKEN
            value: 
          - name: THREESCALE_CICD_SSO_ISSUER_ENDPOINT
            value: 
          - name: THREESCALE_PORTAL_HOSTNAME
            value: 
          - name: GIT_REPOSITORY
            value: 
          - name: GIT_BRANCH
            value: 
          - name: OPENAPI_FILE
            value: 
          - name: THREESCALE_CICD_PRIVATE_BASE_URL
            value: 
--- a/support/jenkins/jenkins-slave-template-centos.yaml
+++ b/support/jenkins/jenkins-slave-template-centos.yaml
@ -0,0 +1,92 @@
 apiVersion: v1
 kind: Template
 labels:
  template: jenkins-ansible-slave
 metadata:
  annotations:
    description: |-
      A Jenkins slave that embeds Ansible 2.6 on CentOS
    openshift.io/display-name: Jenkins Slave for Ansible
    tags: jenkins
    template.openshift.io/documentation-url: https://github.com/nmasse-itix/threescale-cicd
    template.openshift.io/long-description: 
    template.openshift.io/provider-display-name: Nicolas Massé
    template.openshift.io/support-url: https://github.com/nmasse-itix/threescale-cicd/issues
  name: jenkins-ansible-slave
 parameters:
 - name: OPENSHIFT_VERSION
  value: v3.11
  required: true
 objects:
 - apiVersion: v1
  kind: ImageStream
  metadata:
    annotations:
      openshift.io/display-name: Jenkins Slave for Ansible
    name: jenkins-ansible-slave
  spec:
    tags:
    - name: latest
      annotations:
        role: jenkins-slave
 - apiVersion: v1
  kind: ImageStream
  metadata:
    name: jenkins-slave-base
  spec:
    tags:
    - name: ${OPENSHIFT_VERSION}
      referencePolicy:
        type: Local
      from:
        kind: DockerImage
        name: docker.io/openshift/jenkins-slave-base-centos7:${OPENSHIFT_VERSION}
      importPolicy:
        scheduled: true
 - apiVersion: v1
  kind: BuildConfig
  metadata:
    name: jenkins-ansible-slave
  spec:
    output:
      to:
        kind: ImageStreamTag
        name: jenkins-ansible-slave:latest
    runPolicy: Serial
    source:
      dockerfile: |-
        FROM openshift/jenkins-slave-base-centos7:${OPENSHIFT_VERSION}
        MAINTAINER Nicolas Masse <nmasse@redhat.com>
        # Labels consumed by Red Hat build service
        LABEL name="openshift3/jenkins-agent-ansible-26-centos7" \
              version="${OPENSHIFT_VERSION}" \
              architecture="x86_64" \
              io.k8s.display-name="Jenkins Agent Ansible" \
              io.k8s.description="The jenkins agent ansible image has the Ansible engine on top of the jenkins slave base image." \
              io.openshift.tags="openshift,jenkins,agent,ansible"
        USER root
        RUN yum install -y ansible && \
            yum install -y python27-python-pip && \
            scl enable python27 "pip install --install-option='--install-purelib=/usr/lib/python2.7/site-packages/' jinja2" && \
            yum clean all && \
            rm -rf /var/cache/yum && \
            chown -R 1001:0 $HOME && \
            chmod -R g+rw $HOME
        USER 1001
      type: Dockerfile
    strategy:
      dockerStrategy:
        from:
          kind: ImageStreamTag
          name: jenkins-slave-base:${OPENSHIFT_VERSION}
      type: Docker
    triggers:
    - type: ConfigChange
    - type: ImageChange
--- a/support/jenkins/jenkins-slave-template-rhel.yaml
+++ b/support/jenkins/jenkins-slave-template-rhel.yaml
@ -0,0 +1,92 @@
 apiVersion: v1
 kind: Template
 labels:
  template: jenkins-ansible-slave
 metadata:
  annotations:
    description: |-
      A Jenkins slave that embeds Ansible 2.6 on RHEL
    openshift.io/display-name: Jenkins Slave for Ansible
    tags: jenkins
    template.openshift.io/documentation-url: https://github.com/nmasse-itix/threescale-cicd
    template.openshift.io/long-description: 
    template.openshift.io/provider-display-name: Nicolas Massé
    template.openshift.io/support-url: https://github.com/nmasse-itix/threescale-cicd/issues
  name: jenkins-ansible-slave
 parameters:
 - name: OPENSHIFT_VERSION
  value: v3.11
  required: true
 objects:
 - apiVersion: v1
  kind: ImageStream
  metadata:
    annotations:
      openshift.io/display-name: Jenkins Slave for Ansible
    name: jenkins-ansible-slave
  spec:
    tags:
    - name: latest
      annotations:
        role: jenkins-slave
 - apiVersion: v1
  kind: ImageStream
  metadata:
    name: jenkins-slave-base
  spec:
    tags:
    - name: ${OPENSHIFT_VERSION}
      referencePolicy:
        type: Local
      from:
        kind: DockerImage
        name: registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7:${OPENSHIFT_VERSION}
      importPolicy:
        scheduled: true
 - apiVersion: v1
  kind: BuildConfig
  metadata:
    name: jenkins-ansible-slave
  spec:
    output:
      to:
        kind: ImageStreamTag
        name: jenkins-ansible-slave:latest
    runPolicy: Serial
    source:
      dockerfile: |-
        FROM openshift3/jenkins-slave-base-rhel7:${OPENSHIFT_VERSION}
        MAINTAINER Nicolas Masse <nmasse@redhat.com>
        # Labels consumed by Red Hat build service
        LABEL name="openshift3/jenkins-agent-ansible-26-rhel7" \
              version="${OPENSHIFT_VERSION}" \
              architecture="x86_64" \
              io.k8s.display-name="Jenkins Agent Ansible" \
              io.k8s.description="The jenkins agent ansible image has the Ansible engine on top of the jenkins slave base image." \
              io.openshift.tags="openshift,jenkins,agent,ansible"
        USER root
        RUN yum install -y --enablerepo=rhel-7-server-ansible-2.6-rpms ansible && \
            yum install -y --enablerepo=rhel-server-rhscl-7-rpms python27-python-pip && \
            scl enable python27 "pip install --install-option='--install-purelib=/usr/lib/python2.7/site-packages/' jinja2" && \
            yum clean all && \
            rm -rf /var/cache/yum && \
            chown -R 1001:0 $HOME && \
            chmod -R g+rw $HOME
        USER 1001
      type: Dockerfile
    strategy:
      dockerStrategy:
        from:
          kind: ImageStreamTag
          name: jenkins-slave-base:${OPENSHIFT_VERSION}
      type: Docker
    triggers:
    - type: ConfigChange
    - type: ImageChange