Versions Compared

Old Version 27

changes.mady.by.user Former user

Saved on

compared with

New Version 28

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Jenkins

...

Provision

Setup – First Run

1. SSH to the Jenkins server
2. git

...

clone https://github.com/project-sunbird/sunbird-devops.git

...


3. cd sunbird-devops && git checkout tags/release-1.14 -b release-1.14
4. cd deploy/jenkins
5. sudo bash jenkins-server-setup.

...

sh
6. Once the jenkins-server-setup script completes, open jenkins in browser by typing

...

domain-name

...

:8080 / public-ip:8080
7. Enter the initial

...

password. Follow the on screen instructions on details
8. Choose install suggested plugin
9. Create a admin user

...


10. Choose the default jenkins URL. You can either change this to your domain name or public IP. If in doubt, just use whatever is displayed on screen as this can be changed later if required in Jenkins configuration.
11. Switch back to the terminal session on the Jenkins server
12. sudo bash jenkins-

...

plugins-setup

...

.sh
13. Enter the URL as localhost:8080
14. Enter the admin username and password
15. Now go to Manage Jenkins -> Manage Plugins -> Update Center -> Check

...

status of plugin install. If any plugins failed to install, install them manually by visiting the plugins section of Jenkins
16. Now switch back to the terminal session on the Jenkins server
17. cp envOrder.txt.sample envOrder.txt
18. vi envOrder.txt
19. Update the environment list as per your infrastructure in ascending order. For example if you have only dev and production, your envOrder.txt will look like

 dev=0
 production=1

20. sudo bash jenkins-jobs-setup.sh
21. Follow the onscreen instruction of the script. Provide choice as yes for all questions. The options are case sensitive, the script will display the accepted options.
22. Once the script completes copying the job config, go to the browser and restart jenkins using public-ip:8080/restart OR domain-name:8080/restart
23. Go to http://<jenkins_domain>/credentials/store/system/domain/_/newCredentials

...

24. Select Username with Password
25. Enter the username and password of the github account. This github account will require a private repository which will contain the inventory and other secrets. Currently github signup and github private repository is free for all.
26. Create an empty private repository
27. Also keep your dockerhub credentials handy. You will require it in subsequent steps. Currently dockerhub signup is free for all.
28. You can leave the ID blank so that jenkins auto generates it or you can give the ID to some long unique string such as abcde-fghij-klmno
29. You can provide the description as private repo credentails and

...

click OK.
30. If you have left the ID blank, then click on the credential which was just created and then clikc on update. Jenkins will display the auto generated id. Copy this and keep it handy. We will require this in subsequent steps.
31. Goto http://<jenkins_domain>/configure

...

Navigate to Environment Variables section and add the following

...


32. Choose the check box named “Environment variables”
33. Click on Add and enter the following Name, Value pairs

Name

Value

ANSIBLE_FORCE_COLOR

...

true

...

ANSIBLE_HOST_KEY_CHECKING

...

false

...

ANSIBLE_STDOUT_CALLBACK

...

debug

...

hub_org

...

docker

...

hub

...

organization

...

eg:

...

In

...

sunbird/player

...

image,

...

sunbird

...

is

...

the

...

hub_

...

org

private_repo_branch

...

The branch name in the private repository which you would like to use. This branch will have the inventory and secrets

private_repo_credentials

...

The autogenerated ID created by jenkins or unique string which you provided

private_repo_url

...

Go to Pipeline libraries section and add the following

...

The github URL to your private repo. You can visit your private repo and click on clone button, which will display the https URL to your private repository

public_repo_branch

This is the branch or tag from where Jenkinsfile will be picked up. You can set this value as refs/tags/release-1.14 or provide the value of development branch like release-1.15. If you prefer building from tags, set this value for tags


34. Scroll down to “Global Pipeline Libraries” section and click Add. Provide the values as below

NameValue
Namedeploy-conf
Default versionTag name of the jenkins shared library. This should be same version as release. For example, if release is release-1.14, jenkins shared tag will be release-1.14-shared-lib
Retrieval methodModern SCM
Source Code ManagementGit
Project Repositoryhttps://github.com/project-sunbird/sunbird-devops.git

...

Go to Mangaer Jenkins - > global security section and add the following

Code Block
Markup Formatter: Safe HTML

Goto http://<jenkins_domain>/computer and click master → configure → add the following

Code Block
executors: 10
Labels: build-slave

...

  1. http://<jenkins_daomain>/restart

...

titleNotes

Building maven projects may take time as it have to download lots of dependencies.

...


35. Click on Save.
36. Now go to Manage Jenkins -> Configure global security
37. Choose the “Markup Formatter” as “Safe HTML”
38. Go to Manage Jenkins -> Manager Nodes -> Click master -> Click Configure -> Provide labels as “build-slave”
39. Set the number of executors to a number like 15 if your system configuration is 16GB RAM and 4 core CPU. Adjust this number accordingly based on your system configuration
40. Restart jenkins
41. Switch back to the terminal session on Jenkins server
42. sudo su jenkins
43. mkdir -p /var/lib/jenkins/

...

Bootstrap User

  1. Create directory /run/secrets as root using mkdir -p /run/secrets
  2. Copy the master user ssh-key (the one through which you can login to VM or which was generated while creating the VMs;  In our case it was as named as ops user)  to /run/secrets/ops_ssh_key
  3. Keep the private key for deployer user in /run/secrets/deployer_ssh_key and chown jenkins:jenkins /run/secrets/deployer_ssh_key
  4. sudo chown jenkins:jenkins /run/secrets/ops_ssh_key && chmod 400 /run/secrets/*
  5. Optional: Keep ansible vault password in  /run/secrets/vault-pass if the secrets.yml is encrypted and  chown jenkins:jenkins /run/secrets/vault-pass
  6. Run OpsAdministration/<module>/Core/Bootstrap  This will create deployer user(defined in ansible) with ssh_key(public_key defined in common.yml) which will be used for all jenkins jobs.

This page contains

...

secrets && cd /var/lib/jenkins/secrets
44. touch deployer_ssh_key ops_ssh_key vault-pass
45. chmod 400 deployer_ssh_key ops_ssh_key vault-pass
46. The key which you used to login to the Jenkins server will be called as ops_ssh_key from now onwards. Example:


ssh -i somekey.pem ubuntu@jenkins-server-ip
Here somekey.pem is the key you used to login to the Jenkins server which will be called as ops_ssh_key


47. Copy the contents of the key you used to connect to VM into ops_ssh_key file
48. Create a new ssh key on your local machine or any server. We will use this for a user named deployer (or any name you like)
49. ssh-keygen -f deployer_ssh_key (passphrase should be empty)
50. Copy the contents of the deployer_ssh_key into /var/lib/jenkins/secrets/deployer_ssh_key
51. If your github private repo consists of ansible encrypted files, then enter the decryption password in /var/lib/jenkins/secrets/vault-pass. If there are no encrypted files, then enter some random value like 12345 into the vault-pass file. This file cannot be empty.
52. Follow the next set of steps to create inventory, secrets and ansible hosts in the private repo.