OpenShift 4.4 Advanced Application Deployment ILT Homework Grading

This repository contains the scripts that students can use to validate that their homework assignment will pass.

The automatic grading process requires a private student repository at https://homework-gitea.apps.shared.na4.openshift.opentlc.com.

Student Repository Structure

A skeleton student repository is provided at https://github.com/redhat-gpte-devopsautomation/ocp4_app_deploy_homework_template.

See the homework assignment lab on instructions what to implement. Also see the README files in the skeleton repo on how to build and deploy the applications.

Grading process

As part of the grading the student’s scripts are being executed by a pipeline. If the entire pipeline finishes successfully the homework assignment is graded as passed. If the pipeline fails the homework assignmend is graded as failed.

Students can verify that the homework assignment will pass by running the pipeline themselves before submitting the assignment.

How to set up the Homework Jenkins

1. Make sure you are logged in as a cluster-admin user (e.g. system:admin).

2. Create a Jenkins Project (e.g. gpte-jenkins) in your cluster.

   oc new-project gpte-jenkins --display-name "GPTE Homework Grading Jenkins"

3. Deploy a persistent Jenkins (the parameters in JENKINS_OPTS define that Jenkins should start Agent Pods immediately every time a build is started rather than waiting for another build to finish).

   oc new-app jenkins-persistent --param JENKINS_SERVICE_NAME=homework-jenkins --param JNLP_SERVICE_NAME=homework-jenkins-jnlp --param ENABLE_OAUTH=true --param MEMORY_LIMIT=4Gi --param VOLUME_CAPACITY=10Gi --param DISABLE_ADMINISTRATIVE_MONITORS=true --env JENKINS_JAVA_OVERRIDES="-Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 -Dorg.jenkinsci.plugins.durabletask.BourneShellScript.HEARTBEAT_CHECK_INTERVAL=300" -n gpte-jenkins
   oc set resources dc/homework-jenkins --limits=memory=4Gi,cpu=4 --requests=memory=2Gi,cpu=2 -n gpte-jenkins

4. Create a custom Cluster-Role and grant it to the jenkins service account to annotate projects. Also allow the jenkins service account to create projects.

   oc create clusterrole gpte-namespace-patcher --verb=patch --resource=namespaces
   
   oc adm policy add-cluster-role-to-user gpte-namespace-patcher -z homework-jenkins -n gpte-jenkins
   oc adm policy add-cluster-role-to-user self-provisioner -z homework-jenkins -n gpte-jenkins
   
   # Cluster-Reader is necessary for FTL
   oc adm policy add-cluster-role-to-user cluster-reader -z homework-jenkins -n gpte-jenkins

5. Ensure that a group GPTE-APP-DEPLOY-HOMEWORK exists on the cluster.

   oc adm groups new GPTE-APP-DEPLOY-HOMEWORK

6. Ensure that the GPTE-APP-DEPLOY-HOMEWORK group has view permission to the gpte-jenkins project. When requesting cluster access to create homework the student’s user will be added to this group.

   oc policy add-role-to-group view GPTE-APP-DEPLOY-HOMEWORK -n gpte-jenkins

7. Once Jenkins is up and running log into Jenkins.

8. In Jenkins create a new Item of type Pipeline.

9. Use the following settings in the Item:

   1. Name: Grade Advanced Application Deployment Homework

   2. Check the checkbox next to "This build is parametrized"

   3. Create seven parameters:

      Parameter	Type	Description
      GUID	String	GUID to prefix all projects. Use the GUID provided to you when you requested your homework environment.
      CREDENTIAL_NAME	String	Name of the credential in Jenkins holding the student’s OpenTLC/Gitea User ID and Gitea Password (e.g. wkulhane-redhat.com). The User ID is also used to grant admin access for created projects and set the project requester field.
      REPO	String	Name of the private repository (do not include the hostname and user of Gitea)
      CLUSTER	String	Grading Cluster base URL. E.g. shared.na.openshift.opentlc.com
      SETUP	Boolean	Default: true, If true will create all necessary projects. If false assumes that projects are already there and only pipelines need to be executed.
      DELETE	Boolean	Default: true, If true will delete all created projects after a successful run.
      SUBMIT_GRADE	Boolean	Default: false, If true will submit the result of the pipeline run to the LMS.

10. Use https://github.com/redhat-gpte-devopsautomation/ocp4_app_deploy_homework_grading as the Git Repo, */master as the Branch to build and Jenkinsfile as the Jenkinsfile.

11. Uncheck the checkbox Lightweight Checkout

12. If this is a shared Jenkins (e.g. on the NA GPTE Cluster) allow students to start builds:

    1. Log into Jenkins

    2. Navigate to Manage Jenkins → Configure Global Security

    3. Leave Matrix based security and check the checkboxes under Job to allow authenticated users to Build and Cancel builds.

    4. Also check the checkboxes under Credentials to allow authenticated users to Create credentials.

    5. Click Save.

13. Create the custom agent image that will be used to run the pipeline:

    oc new-build https://github.com/redhat-gpte-devopsautomation/ocp4_app_deploy_homework_grading.git --strategy=docker --name=jenkins-agent-homework

Now you are ready to try the pipeline. Run the pipeline and provide the appropriate parameters for your environment.

The pipeline will:

• Check out your source code repository

• Call your shell scripts to

  • Create projects

  • Setup Jenkins

  • Setup the Development Project

  • Setup the Production Project

• Execute the pipeline for your application for the initial (green) deployment.

• Check that the application returns the correct application name

• Execute the pipeline again to execute the blue deployment

• Again check that the application returns the correct application name

• Delete the projects

If the pipeline completes successfully you have passed the homework assignment.

How to set up the GPTE Operators (Gitea, Sonarqube)

1. The Nexus Operator should already be running in the opentlc-shared project.

2. Make sure you are logged in as a cluster-admin user (e.g. system:admin).

3. Create a GPTE Operators Project in your cluster.

   oc new-project gpte-operators --display-name "GPTE Operators"

4. Deploy the Gitea Operator

   oc apply -f https://raw.githubusercontent.com/wkulhanek/gitea-operator/v0.17.0/deploy/crds/gpte.opentlc.com_giteas_crd.yaml
   oc apply -f https://raw.githubusercontent.com/wkulhanek/gitea-operator/v0.17.0/deploy/cluster_role.yaml
   oc create sa gitea-operator -n gpte-operators
   oc adm policy add-cluster-role-to-user gitea-operator system:serviceaccount:gpte-operators:gitea-operator
   oc apply -f https://raw.githubusercontent.com/wkulhanek/gitea-operator/v0.17.0/deploy/operator.yaml -n gpte-operators

5. Deploy the Sonarqube Operator

   oc apply -f https://raw.githubusercontent.com/wkulhanek/sonarqube-operator/v0.17.0/deploy/crds/gpte.opentlc.com_sonarqubes_crd.yaml
   oc apply -f https://raw.githubusercontent.com/wkulhanek/sonarqube-operator/v0.17.0/deploy/cluster_role.yaml
   oc create sa sonarqube-operator -n gpte-operators
   oc adm policy add-cluster-role-to-user sonarqube-operator system:serviceaccount:gpte-operators:sonarqube-operator
   oc apply -f https://raw.githubusercontent.com/wkulhanek/sonarqube-operator/v0.17.0/deploy/operator.yaml -n gpte-operators

How to set up the Homework Gitea, Sonarqube and Nexus

1. Make sure you are logged in as a cluster-admin user (e.g. system:admin).

2. Create a Homework CICD Project (e.g. gpte-hw-cicd) in your cluster.

   oc new-project gpte-hw-cicd --display-name "GPTE Homework CI/CD Tools"

3. Make a directory to keep the Custom Resource Definitions.

   mkdir $HOME/gpte-homework

Set up Gitea

1. Create the Homework Gitea Custom Resource:

   cat << EOF > $HOME/gpte-homework/homework-gitea.yaml
   apiVersion: gpte.opentlc.com/v1alpha1
   kind: Gitea
   metadata:
     name: homework-gitea
   spec:
     giteaImageTag: 1.11.4
     giteaRoute: homework-gitea.apps.shared-na4.na4.openshift.opentlc.com
     giteaSsl: true
     giteaVolumeSize: 20Gi
     postgresqlVolumeSize: 20Gi
   EOF

2. Deploy the Homework Gitea:

   oc apply -f $HOME/gpte-homework/homework-gitea.yaml -n gpte-hw-cicd

3. Log into the Homework Gitea at https://homework-gitea.apps.shared-na4.na4.openshift.opentlc.com

4. Register an account (this first account will be a site adminstrator)

Setup Sonarqube

1. Create the Homework Sonarqube Custom Resource:

   cat << EOF > $HOME/gpte-homework/homework-sonarqube.yaml
   apiVersion: gpte.opentlc.com/v1alpha1
   kind: Sonarqube
   metadata:
     name: homework-sonarqube
   spec:
     postgresqlVolumeSize: 10Gi
     sonarqubeVolumeSize: 10Gi
     sonarqubeSsl: True
     sonarqubeRoute: homework-sonarqube.apps.shared-na4.na4.openshift.opentlc.com
   EOF

2. Deploy the Homework Sonarqube:

   oc apply -f $HOME/gpte-homework/homework-sonarqube.yaml -n gpte-hw-cicd

3. Log into the Homework Sonarqube at https://homework-sonarqube.apps.shared-na4.na4.openshift.opentlc.com

4. User id admin with password admin

5. Change the password (to the usual)

Setup Nexus

1. Create the Homework Nexus Custom Resource:

   cat << EOF > $HOME/gpte-homework/homework-nexus.yaml
   apiVersion: gpte.opentlc.com/v1alpha1
   kind: Nexus
   metadata:
     name: homework-nexus
   spec:
     nexusNewAdminPassword: redhat
     nexusRoute: homework-nexus.apps.shared-na4.na4.openshift.opentlc.com
     nexusRegistryRoute: homework-nexus-registry.apps.shared-na4.na4.openshift.opentlc.com
     nexusVolumeSize: 60Gi
     nexusSsl: True
     nexusImageTag: latest
     nexusCpuRequest: 4
     nexusCpuLimit: 4
     nexusMemoryRequest: 2Gi
     nexusMemoryLimit: 2Gi
   EOF

2. Deploy the Homework Nexus:

   oc apply -f $HOME/gpte-homework/homework-nexus.yaml -n gpte-hw-cicd

3. Log into the Homework Nexus at https://homework-nexus.apps.shared-na4.na4.openshift.opentlc.com

4. User id admin with password redhat

5. Enable Anonymous access in the wizard

6. Validate that the expected repositories are created (docker, jboss, maven-all-public, maven-central, npm, npm-all, redhat-ga and releases)

7. On the left select Repository → Cleanup Policies

8. Create a new Cleanup Policy for Container images

   1. Name: CleanContainerImages

   2. Format: 'docker'

   3. Published Before: check the checkbox and enter 1

   4. Click Create Cleanup Policy

9. Create a new Cleanup Policy for Maven artifacts

   1. Name: CleanMaven

   2. Format: 'maven2'

   3. Published Before: check the checkbox and enter 3

   4. Click Create Cleanup Policy

10. Apply Cleanup Policy for Containers

    1. Navigate back to Repository → Repositories

    2. Select docker

    3. Add Cleanup Policy CleanContainerImages to the applied cleanup policies

    4. Click Save

11. Apply Cleanup Policy for Releases

    1. Navigate back to Repository → Repositories

    2. Select releases

    3. Add Cleanup Policy CleanMaven to the applied cleanup policies

    4. Click Save

12. Apply Cleanup Policy for Maven Central Artifacts

    1. Navigate back to Repository → Repositories

    2. Select maven-central

    3. Add Cleanup Policy CleanMaven to the applied cleanup policies

    4. Click Save

13. Apply Cleanup Policy for Redhat Maven Artifacts

    1. Navigate back to Repository → Repositories

    2. Select redhat-ga

    3. Add Cleanup Policy CleanMaven to the applied cleanup policies

    4. Click Save

14. Apply Cleanup Policy for Redhat Jboss Artifacts

    1. Navigate back to Repository → Repositories

    2. Select jboss

    3. Add Cleanup Policy CleanMaven to the applied cleanup policies

    4. Click Save

15. Update Redeploy Permissions for releases and docker to allow students to publish artifacts and container images multiple times using the same version

    1. Navigate to Repository → Repositories

    2. Select releases

    3. Change Hosted / Deployment Policy to Allow redeploy

    4. Click Save

    5. Navigate to Repository → Repositories

    6. Select docker

    7. Change Hosted / Deployment Policy to Allow redeploy

    8. Click Save