Skip to content

Latest commit

 

History

History
307 lines (267 loc) · 11.9 KB

README.adoc

File metadata and controls

307 lines (267 loc) · 11.9 KB

OpenShift 4.4 Advanced Application Deployment ILT Homework Grading

This repository contains the scripts that students can use to validate that their homework assignment will pass.

The automatic grading process requires a private student repository at https://homework-gitea.apps.shared.na4.openshift.opentlc.com.

Student Repository Structure

See the homework assignment lab on instructions what to implement. Also see the README files in the skeleton repo on how to build and deploy the applications.

Grading process

As part of the grading the student’s scripts are being executed by a pipeline. If the entire pipeline finishes successfully the homework assignment is graded as passed. If the pipeline fails the homework assignmend is graded as failed.

Students can verify that the homework assignment will pass by running the pipeline themselves before submitting the assignment.

How to set up the Homework Jenkins

  1. Make sure you are logged in as a cluster-admin user (e.g. system:admin).

  2. Create a Jenkins Project (e.g. gpte-jenkins) in your cluster.

    oc new-project gpte-jenkins --display-name "GPTE Homework Grading Jenkins"
  3. Deploy a persistent Jenkins (the parameters in JENKINS_OPTS define that Jenkins should start Agent Pods immediately every time a build is started rather than waiting for another build to finish).

    oc new-app jenkins-persistent --param JENKINS_SERVICE_NAME=homework-jenkins --param JNLP_SERVICE_NAME=homework-jenkins-jnlp --param ENABLE_OAUTH=true --param MEMORY_LIMIT=4Gi --param VOLUME_CAPACITY=10Gi --param DISABLE_ADMINISTRATIVE_MONITORS=true --env JENKINS_JAVA_OVERRIDES="-Dhudson.slaves.NodeProvisioner.initialDelay=0 -Dhudson.slaves.NodeProvisioner.MARGIN=50 -Dhudson.slaves.NodeProvisioner.MARGIN0=0.85 -Dorg.jenkinsci.plugins.durabletask.BourneShellScript.HEARTBEAT_CHECK_INTERVAL=300" -n gpte-jenkins
    oc set resources dc/homework-jenkins --limits=memory=4Gi,cpu=4 --requests=memory=2Gi,cpu=2 -n gpte-jenkins
  4. Create a custom Cluster-Role and grant it to the jenkins service account to annotate projects. Also allow the jenkins service account to create projects.

    oc create clusterrole gpte-namespace-patcher --verb=patch --resource=namespaces
    
    oc adm policy add-cluster-role-to-user gpte-namespace-patcher -z homework-jenkins -n gpte-jenkins
    oc adm policy add-cluster-role-to-user self-provisioner -z homework-jenkins -n gpte-jenkins
    
    # Cluster-Reader is necessary for FTL
    oc adm policy add-cluster-role-to-user cluster-reader -z homework-jenkins -n gpte-jenkins
  5. Ensure that a group GPTE-APP-DEPLOY-HOMEWORK exists on the cluster.

    oc adm groups new GPTE-APP-DEPLOY-HOMEWORK
  6. Ensure that the GPTE-APP-DEPLOY-HOMEWORK group has view permission to the gpte-jenkins project. When requesting cluster access to create homework the student’s user will be added to this group.

    oc policy add-role-to-group view GPTE-APP-DEPLOY-HOMEWORK -n gpte-jenkins
  7. Once Jenkins is up and running log into Jenkins.

  8. In Jenkins create a new Item of type Pipeline.

  9. Use the following settings in the Item:

    1. Name: Grade Advanced Application Deployment Homework

    2. Check the checkbox next to "This build is parametrized"

    3. Create seven parameters:

      Parameter Type Description

      GUID

      String

      GUID to prefix all projects. Use the GUID provided to you when you requested your homework environment.

      CREDENTIAL_NAME

      String

      Name of the credential in Jenkins holding the student’s OpenTLC/Gitea User ID and Gitea Password (e.g. wkulhane-redhat.com). The User ID is also used to grant admin access for created projects and set the project requester field.

      REPO

      String

      Name of the private repository (do not include the hostname and user of Gitea)

      CLUSTER

      String

      Grading Cluster base URL. E.g. shared.na.openshift.opentlc.com

      SETUP

      Boolean

      Default: true, If true will create all necessary projects. If false assumes that projects are already there and only pipelines need to be executed.

      DELETE

      Boolean

      Default: true, If true will delete all created projects after a successful run.

      SUBMIT_GRADE

      Boolean

      Default: false, If true will submit the result of the pipeline run to the LMS.

  10. Use https://github.com/redhat-gpte-devopsautomation/ocp4_app_deploy_homework_grading as the Git Repo, */master as the Branch to build and Jenkinsfile as the Jenkinsfile.

  11. Uncheck the checkbox Lightweight Checkout

  12. If this is a shared Jenkins (e.g. on the NA GPTE Cluster) allow students to start builds:

    1. Log into Jenkins

    2. Navigate to Manage JenkinsConfigure Global Security

    3. Leave Matrix based security and check the checkboxes under Job to allow authenticated users to Build and Cancel builds.

    4. Also check the checkboxes under Credentials to allow authenticated users to Create credentials.

    5. Click Save.

  13. Create the custom agent image that will be used to run the pipeline:

    oc new-build https://github.com/redhat-gpte-devopsautomation/ocp4_app_deploy_homework_grading.git --strategy=docker --name=jenkins-agent-homework

Now you are ready to try the pipeline. Run the pipeline and provide the appropriate parameters for your environment.

The pipeline will:

  • Check out your source code repository

  • Call your shell scripts to

    • Create projects

    • Setup Jenkins

    • Setup the Development Project

    • Setup the Production Project

  • Execute the pipeline for your application for the initial (green) deployment.

  • Check that the application returns the correct application name

  • Execute the pipeline again to execute the blue deployment

  • Again check that the application returns the correct application name

  • Delete the projects

If the pipeline completes successfully you have passed the homework assignment.

How to set up the GPTE Operators (Gitea, Sonarqube)

  1. The Nexus Operator should already be running in the opentlc-shared project.

  2. Make sure you are logged in as a cluster-admin user (e.g. system:admin).

  3. Create a GPTE Operators Project in your cluster.

    oc new-project gpte-operators --display-name "GPTE Operators"
  4. Deploy the Gitea Operator

    oc apply -f https://raw.githubusercontent.com/wkulhanek/gitea-operator/v0.17.0/deploy/crds/gpte.opentlc.com_giteas_crd.yaml
    oc apply -f https://raw.githubusercontent.com/wkulhanek/gitea-operator/v0.17.0/deploy/cluster_role.yaml
    oc create sa gitea-operator -n gpte-operators
    oc adm policy add-cluster-role-to-user gitea-operator system:serviceaccount:gpte-operators:gitea-operator
    oc apply -f https://raw.githubusercontent.com/wkulhanek/gitea-operator/v0.17.0/deploy/operator.yaml -n gpte-operators
  5. Deploy the Sonarqube Operator

    oc apply -f https://raw.githubusercontent.com/wkulhanek/sonarqube-operator/v0.17.0/deploy/crds/gpte.opentlc.com_sonarqubes_crd.yaml
    oc apply -f https://raw.githubusercontent.com/wkulhanek/sonarqube-operator/v0.17.0/deploy/cluster_role.yaml
    oc create sa sonarqube-operator -n gpte-operators
    oc adm policy add-cluster-role-to-user sonarqube-operator system:serviceaccount:gpte-operators:sonarqube-operator
    oc apply -f https://raw.githubusercontent.com/wkulhanek/sonarqube-operator/v0.17.0/deploy/operator.yaml -n gpte-operators

How to set up the Homework Gitea, Sonarqube and Nexus

  1. Make sure you are logged in as a cluster-admin user (e.g. system:admin).

  2. Create a Homework CICD Project (e.g. gpte-hw-cicd) in your cluster.

    oc new-project gpte-hw-cicd --display-name "GPTE Homework CI/CD Tools"
  3. Make a directory to keep the Custom Resource Definitions.

    mkdir $HOME/gpte-homework

Set up Gitea

  1. Create the Homework Gitea Custom Resource:

    cat << EOF > $HOME/gpte-homework/homework-gitea.yaml
    apiVersion: gpte.opentlc.com/v1alpha1
    kind: Gitea
    metadata:
      name: homework-gitea
    spec:
      giteaImageTag: 1.11.4
      giteaRoute: homework-gitea.apps.shared-na4.na4.openshift.opentlc.com
      giteaSsl: true
      giteaVolumeSize: 20Gi
      postgresqlVolumeSize: 20Gi
    EOF
  2. Deploy the Homework Gitea:

    oc apply -f $HOME/gpte-homework/homework-gitea.yaml -n gpte-hw-cicd
  3. Log into the Homework Gitea at https://homework-gitea.apps.shared-na4.na4.openshift.opentlc.com

  4. Register an account (this first account will be a site adminstrator)

Setup Sonarqube

  1. Create the Homework Sonarqube Custom Resource:

    cat << EOF > $HOME/gpte-homework/homework-sonarqube.yaml
    apiVersion: gpte.opentlc.com/v1alpha1
    kind: Sonarqube
    metadata:
      name: homework-sonarqube
    spec:
      postgresqlVolumeSize: 10Gi
      sonarqubeVolumeSize: 10Gi
      sonarqubeSsl: True
      sonarqubeRoute: homework-sonarqube.apps.shared-na4.na4.openshift.opentlc.com
    EOF
  2. Deploy the Homework Sonarqube:

    oc apply -f $HOME/gpte-homework/homework-sonarqube.yaml -n gpte-hw-cicd
  3. Log into the Homework Sonarqube at https://homework-sonarqube.apps.shared-na4.na4.openshift.opentlc.com

  4. User id admin with password admin

  5. Change the password (to the usual)

Setup Nexus

  1. Create the Homework Nexus Custom Resource:

    cat << EOF > $HOME/gpte-homework/homework-nexus.yaml
    apiVersion: gpte.opentlc.com/v1alpha1
    kind: Nexus
    metadata:
      name: homework-nexus
    spec:
      nexusNewAdminPassword: redhat
      nexusRoute: homework-nexus.apps.shared-na4.na4.openshift.opentlc.com
      nexusRegistryRoute: homework-nexus-registry.apps.shared-na4.na4.openshift.opentlc.com
      nexusVolumeSize: 60Gi
      nexusSsl: True
      nexusImageTag: latest
      nexusCpuRequest: 4
      nexusCpuLimit: 4
      nexusMemoryRequest: 2Gi
      nexusMemoryLimit: 2Gi
    EOF
  2. Deploy the Homework Nexus:

    oc apply -f $HOME/gpte-homework/homework-nexus.yaml -n gpte-hw-cicd
  3. Log into the Homework Nexus at https://homework-nexus.apps.shared-na4.na4.openshift.opentlc.com

  4. User id admin with password redhat

  5. Enable Anonymous access in the wizard

  6. Validate that the expected repositories are created (docker, jboss, maven-all-public, maven-central, npm, npm-all, redhat-ga and releases)

  7. On the left select Repository → Cleanup Policies

  8. Create a new Cleanup Policy for Container images

    1. Name: CleanContainerImages

    2. Format: 'docker'

    3. Published Before: check the checkbox and enter 1

    4. Click Create Cleanup Policy

  9. Create a new Cleanup Policy for Maven artifacts

    1. Name: CleanMaven

    2. Format: 'maven2'

    3. Published Before: check the checkbox and enter 3

    4. Click Create Cleanup Policy

  10. Apply Cleanup Policy for Containers

    1. Navigate back to Repository → Repositories

    2. Select docker

    3. Add Cleanup Policy CleanContainerImages to the applied cleanup policies

    4. Click Save

  11. Apply Cleanup Policy for Releases

    1. Navigate back to Repository → Repositories

    2. Select releases

    3. Add Cleanup Policy CleanMaven to the applied cleanup policies

    4. Click Save

  12. Apply Cleanup Policy for Maven Central Artifacts

    1. Navigate back to Repository → Repositories

    2. Select maven-central

    3. Add Cleanup Policy CleanMaven to the applied cleanup policies

    4. Click Save

  13. Apply Cleanup Policy for Redhat Maven Artifacts

    1. Navigate back to Repository → Repositories

    2. Select redhat-ga

    3. Add Cleanup Policy CleanMaven to the applied cleanup policies

    4. Click Save

  14. Apply Cleanup Policy for Redhat Jboss Artifacts

    1. Navigate back to Repository → Repositories

    2. Select jboss

    3. Add Cleanup Policy CleanMaven to the applied cleanup policies

    4. Click Save

  15. Update Redeploy Permissions for releases and docker to allow students to publish artifacts and container images multiple times using the same version

    1. Navigate to Repository → Repositories

    2. Select releases

    3. Change Hosted / Deployment Policy to Allow redeploy

    4. Click Save

    5. Navigate to Repository → Repositories

    6. Select docker

    7. Change Hosted / Deployment Policy to Allow redeploy

    8. Click Save