The goal of this repository is to:
- provide all the tools necessary for a comprehensive CI/CD pipeline, built for and deployed to OpenShift
- serve as a reference implementation of the openshift-applier model for Infrastructure-as-Code (IaC)
A few additional guiding principles:
- This repository is built as a monolith i.e. all the individual components are designed to be deployed together. When adding a new tool, care should be taken to integrate that tool with the other tools.
- To deploy a subset of components, you can:
- Use the tags provided in the inventory to filter certain components. See the docs in openshift-applier
- coming soon - Use the provided tooling to generate a new inventory with a user defined subset of components
- Generally speaking, there should only be one tool per functional use case e.g. Sonatype Nexus is the artifact repository so we will not support JFrog Artifactory
There is ansible inventory which identifies all components to be deployed to an OpenShift cluster. The ansible layer is very thin. It simply provides a way to orchestrate the application of OpenShift templates across one or more OpenShift projects. All configuration for the applications should be defined by an OpenShift template and the corresponding parameters file.
Currently, the following components are included in this inventory:
- Long lived CI/CD, Development and Demo OpenShift projects
- Jenkins, including
- S2I build for Jenkins plugins and configuration
- maven and npm slaves for Jenkins
- Sonatype Nexus
- SonarQube
- Example Java application and pipeline
Currently, the following components have templates but are not yet integrated into the inventory:
- Gitlab
- Gogs
- Ansible
- OpenShift CLI Tools
- Access to the OpenShift cluster
- libselinux-python (only needed on Fedora, RHEL, and CentOS)
- Install by running
yum install libselinux-python.
- Install by running
- Log on to an OpenShift server
oc login -u <user> https://<server>:<port>/- Your user needs permissions to deploy ProjectRequest objects.
- Clone this repository.
- Install the required casl-ansible dependency:
[labs-ci-cd]$ ansible-galaxy install -r requirements.yml --roles-path=roles
- If
labs-ci-cddoesn't yet exist on your OpenShift cluster, run the "cluster seed" playbook:
[labs-ci-cd]$ ansible-playbook roles/casl-ansible/playbooks/openshift-cluster-seed.yml -i inventory/
- If
labs-ci-cdalready exists on your OpenShift cluster and you want to create a new instance oflabs-ci-cdwith its own name, run the "unique projects" playbook:[labs-ci-cd]$ ansible-playbook unique-projects-playbook.yaml -i inventory/ -e "project_name_postfix=<insert unique postfix here>"- This playbook is useful if you're developing labs-ci-cd and want to test your changes. With a unique project name, you can safely try out your changes in a test cluster that others are using.
- Note that only numbers, lowercase letters, and dashes are allowed in project names.
After running the playbook, the pipeline should execute in Jenkins, build the spring boot app, deploy artifacts to nexus, deploy the container to the dev stage and then wait approval to deploy to the demo stage. See Common Issues
- See the docs in casl-ansible
- The only required tag to deploy objects within the inventory is projects, all other tags are optional
- An example that provisions projects, ci, and jenkins objects:
ansible-playbook -i inventory/ roles/casl-ansible/playbooks/openshift-cluster-seed.yml --extra-vars="filter_tags=jenkins,ci,projects"
inventory: a standard ansible inventory.- the
group_varsare written according to the convention defined by the openshift-applier role. - the
hostsfile reflects the fact that the playbook will use the OpenShift CLI on your localhost to interact with the cluster
- the
openshift-templates: a set OpenShift templates to be sourced from the inventory. OpenShift provides a lot of templates out of the box, and the Labs team curates a repository as well. These should be favored before writing custom/new templates to be kept here.params: a set of parameter files to be processed along with their respective OpenShift template. the convention here is to group files by their application.
- S2I Build fails to push image to registry with
error: build error: Failed to push image: unauthorized: authentication required- See this issue
- Fork the repo and open PR's
- Add all new components to the inventory with appropriate namespaces and tags
- Extended the
Jenkinsfilewith steps to verify that your components built/deployed correctly - For now, it is your responsibility to run the CI job. Please contact an admin for the details to set the CI job up.