Tag Archives: PaaS

Setup Gitlab for automatic builds

Webhook triggers allow you to trigger a new build by sending a request to the OpenShift API endpoint. This can be done automatically with gitlab after you have pushed code changes.

Step-by-step guide

  1. Each Build Configuration has two Trigger Urls. One for Github and the other for generic git triggers. With gitlab you have to use the generic trigger url.
    You can find the Url in your project -> browse -> builds

    triggerurls

  2. Another way to obtain the trigger url is via the commandline. Just replace test with the name of your build config. 
    user@workstation:~$ oc describe bc test
    ...
    Webhook GitHub: https://master4.tsi-af.de:8443/oapi/v1/namespaces/test/buildconfigs/test/webhooks/3bd0cf0835e4b8ed/github
    Webhook Generic: https://master4.tsi-af.de:8443/oapi/v1/namespaces/test/buildconfigs/test/webhooks/980b8feafc60d8d7/generic
    ...
  3. Now you have to set the webhook in your gitlab repository.
    You can adjust this url in your repostiroy, tab settings -> web hooks.    webhookgitlab
  4. To test your web hook either change your code and push it to the repository or use the test button in the gitlab webintefacewebhookgitlabtest
    If there aren’t any issues you the information “Hook succesfully executed” wil be shown. If you now take a look over to the
    openshift webinterface you can see the build running in a newly created pod.

    testbuild_running

Related links:

https://docs.openshift.com/enterprise/3.0/dev_guide/builds.html#webhook-triggers

 

Setup Eclipse for Openshift

This guide helps to install Eclipse for Windows in order to access Openshift 3 and to develop Applications for the PaaS.

Prerequisites

check network connecti0ns and make sure the configuration of eclipse includes a proxy.

see Window->Preferences->General->Network Connection

image2015-6-22-11-40-17

Step-by-step guide

  1. Download and install Eclipse Mars from https://eclipse.org/downloads/packages/eclipse-ide-java-and-dsl-developers/marsm4
  2. Add the update site
      1. Click from the toolbar ‘Help > Install New Sofware’
      2. Click the ‘Add’ button and a dialog appears
      3. Enter a value for the name
      4. Enter ‘http://download.jboss.org/jbosstools/updates/nightly/mars/‘ for the location. Note: Alternative updates are available from the JBoss Tools Downloads. The various releases and code freeze dates are listed on the JBoss JIRA site
      5. Click ‘OK’ to add the update site
  3. Type ‘OpenShift’ in the text input box to filter the choices
  4. Check ‘JBoss OpenShift v3 Tools’ and click ‘Next’
  5. Click ‘Next’ again, accept the license agreement, and click ‘Finish’

 

Connecting to the Server

Your Eclipse Network settings should be configured as follows to work fine behind the coporate proxy. With this settings it was possible to establish a connection to the openshift master.

image2015-6-23-7-50-44

  1. Click ‘New Connection Wizard’ and a dialog appears (see below)
  2. Select a v3 connection type
  3. Uncheck default server
  4. Enter the URL to the OpenShift server instance (e.g. https://master1.tsi-af.de:8443)
  5. Enter the username and password for the connection (e.g. joe / redhat)

image2015-6-23-7-53-3

 

A successful connection will allow you to expand the OpenShift explorer tree and browse the projects associated with the account and the resources associated with each project.

bildschirmfoto-2015-06-23-um-14-13-26

Right now (OSE 3, Drop 4) it is not possible to create a new Application with this plugin.

bildschirmfoto-2015-06-23-um-14-13-11

 

CI/CD: Jenkins 2 on openshift

Jenkins 2 overview and setup – APPAGILE

We specifically unveil the steps with oc and an example workflow for Jenkins 2.

IMPORTANT: after installing the OpenShift plugin for Jenkins, always check the box enabling the OpenShift builder support (also for the related OpenShift Jenkins builder API) in the build configuration panel of your project.

Setup

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# setup ci jenkins
oc new-project ci
oc new-app library/jenkins:2.0
oc expose svc jenkins
# setup sample for jenkins build
oc new-project demo
oc new-app eap64-basic-s2i \
--param=APPLICATION_NAME=demo-jenkins \
--param=SOURCE_REPOSITORY_URL=<HTTPS>://gitlabappadev.tsi-af.de/julien.siebenthal/demo-jenkins.git \
--param=SOURCE_REPOSITORY_REF=2.7.0.Final \
--param=CONTEXT_DIR=demo
# setup a secret to access correctly the private repos if needed
oc secrets new-basicauth basicsecret --username=<your_username> --password=<your_password>
oc setbuild-secret --sourcebc/demo-jenkinsbasicsecret
# setup policies
oc policy add-role-to-user edit system:serviceaccount:ci:default -n ci
oc policy add-role-to-user edit system:serviceaccount:demo:default -n demo
oc policy add-role-to-user edit system:serviceaccount:ci:default -n demo

On the Jenkins pipeline side here is the Groovy script based on the Ticket-Monster example.

We give the export of the buildconfig that can be used in relation with oc create :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
apiVersion: v1
kind: BuildConfig
metadata:
  annotations:
    openshift.io/generated-by: OpenShiftNewApp
  creationTimestamp: null
  labels:
    app: eap64-basic-s2i
    application: demo-jenkins
    template: eap64-basic-s2i
    xpaas: 1.3.2
  name: demo-jenkins
spec:
  nodeSelector: null
  output:
    to:
      kind: ImageStreamTag
      name: demo-jenkins:latest
  postCommit: {}
  resources: {}
  runPolicy: Serial
  source:
    contextDir: demo
    git:
      ref: 2.7.0.Final
      uri: <HTTPS>://gitlabappadev.tsi-af.de/julien.siebenthal/demo-jenkins.git
    sourceSecret:
      name: basicsecret
    type: Git
  strategy:
    sourceStrategy:
      forcePull: true
      from:
        kind: ImageStreamTag
        name: jboss-eap64-openshift:1.4
        namespace: openshift
    type: Source

Security

To pull/push from/to a private repo, setup with the Credential binding plugin a new domain and credential, see Jenkins access to Gitdev private repo using ssh, to Gitlabappadev using https

  • user/private_key for ssh based pull/push
  • user/password for https based pull/push

use a git https based approach use (gitlabappadev.tsi-af.de, seems git ssh not enabled) :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
node {
  stage 'Checkout'
  git branch: '2.7.0.Final', credentialsId: '3a6a12be-0b9a-45af-9c41-4f21fa1543e3', url: '<HTTPS>://gitlabappadev.tsi-af.de/julien.siebenthal/demo-jenkins.git'
  // ** NOTE: This 'M3' maven tool must be configured in the global configuration.
  defmvnHome = tool 'M3'
  stage 'Build'
  sh "${mvnHome}/bin/mvn -f demo/pom.xml clean install"
  stage 'Deploy'
  defbuilder = newcom.openshift.jenkins.plugins.pipeline.OpenShiftBuilder("""demo-jenkins""demo"null"""""""""true""""""")
  stepbuilder
}

Jenkins web console

From there you can directly interact with the web console of your project.

screen%20shot%202016-11-24%20at%2009_38_12

Jenkins access to Gitdev private repo using ssh, to Gitlabappadev using https:

  1. Access your jenkins pod
    1. access jump server
    2. locate where your Jenkins pod run (which node), then ssh to the corresponding machine
    3. from there in the shell:
      >> docker exec -it <jenkins_pod_ID> /bin/bash
    4. cd in the pod session
    5. you should be in the /var/jenkins_home
    6. create a ssh key in my case:
      >> ssh-keygen -t rsa -C “USERNAME@masterd3.tsi-af.de
    7. it asks for a passphrase, you should put one and record it somewhere safe
    8. a pair is created, by default the id_rsa (private key) and id_rsa.pub (public key)
    9. not finished, once done you must be sure you can access the gitdev (gitlab) server, type :
      >> ssh -T git@gitdev.tsi-af.de
    10. during the authentication process the daemon asks for the passphrase you have introduced earlier if you set one, give it
    11. the ssh daemon will ask you if you want to authenticate to the gitdev server, obviously yes.
  2. In the Jenkins web console
    1. be sure to have the proper module for ssh authentication so to say:
      1. SSH-Agent plugin
      2. SSH plugin (normally it is required by the first one and will be installed automatically)
      3. Credentials binding plugin
    2. restart the Jenkins server once the plugins are downloaded
    3. then you should go into the Credentials option displayed from now on the web console
      1. you should define a domain
        1. set this to the hostname gitdev.tsi-af.de
      2. and from this domain a key based new credential
        1. indicate you want a ssh authentication with private key and indicate the correct location of it (in my case /var/jenkins_home/.ssh/id_rsa) and do not forget to set the passphrase
        2. IMPORTANT: leave the credentialID field empty, once you save, one will be created automatically for you. This ID is tremendously important, it will be added into the Jenkinsfile workflow script
        3. save the credential.screen%20shot%202016-11-18%20at%2012_03_27
    4. go in your workflow build project and adapt the script, mine is:
      1
      2
      3
      4
      5
      6
      7
      8
      9
      10
      11
      12
      13
      14
      node {
        stage 'Checkout'
        git branch: '2.7.0.Final', credentialsId: '9cae6b3a-4437-4a33-b99e-c3174f90670f', url: 'git@gitdev.tsi-af.de:jdesiebe/myticket-monster.git'
        // ** NOTE: This 'M3' maven tool must be configured in the global configuration.
        def mvnHome = tool 'M3'
        stage 'Build'
        sh "${mvnHome}/bin/mvn -f demo/pom.xml clean install"
        stage 'Deploy'
        def builder = new com.openshift.jenkins.plugins.pipeline.OpenShiftBuilder("""ticket-monster""demo"null"""""""""true""""""")
        step builder
      }
    5. As you see in the script, a credentialID field is added and refer to the credential we added just before, also we indicate to Jenkins that we want to use the ssh prototcol to pull the git repo.
  3. Restart your build, it should work (Lächeln).
  4. if you want to get momentarily access to private repos from gitlabappadev.tsi-af.de use https
    1. in that case set a new domain and a credential with username/password setup, no need for a key

Jenkins based documentation on the web related to workflows and security

Creating Docker from public repository

When you use the web-console from OSE/AppAgile, you find only images which are provided by AppAgile locally:

bildschirmfoto-2016-12-09-um-14-27-21

But if you like to test an external image, you cant use the docker-hub URL.

To do so – use the command line interface:

Login to your environment (./oc login xxx-podname-xxx)

Then create a new app from command-line (phpMyAdmin in that example):

MacKeks:ose szosel$ ./oc new-app phpmyadmin/phpmyadmin

--> Found Docker image 41e518d (3 days old) from Docker Hub for "phpmyadmin/phpmyadmin"
 * An image stream will be created as "phpmyadmin:latest" that will track this image
 * This image will be deployed in deployment config "phpmyadmin"
 * [WARNING] Image "phpmyadmin" runs as the 'root' user which may not be permitted by your cluster administrator
 * Port 80/tcp will be load balanced by service "phpmyadmin"
--> Creating resources with label app=phpmyadmin ...
 ImageStream "phpmyadmin" created
 DeploymentConfig "phpmyadmin" created
 Service "phpmyadmin" created
--> Success
 Run 'oc status' to view your app.
MacKeks:ose szosel$

Voila – go back to the web client and check, how that image is being deployed.

Note. you see the name phpmyadmin/phpmyadmin.

On DockerHub the images are sorted in different folders – if you find the right image on DokerHub – just copy that folde/name combination. The oc-command line will search automatically on the public ressources and installs the image.

From oc-help:

MacKeks:ose szosel$ ./oc new-app -h
Create a new application by specifying source code, templates, and/or images

This command will try to build up the components of an application using images, templates,
or code that has a public repository. It will lookup the images on the local Docker installation
(if available), a Docker registry, an integrated image stream, or stored templates.

If you specify a source code URL, it will set up a build that takes your source code and converts
it into an image that can run inside of a pod. Local source must be in a git repository that has a
remote repository that the server can see. The images will be deployed via a deployment
configuration, and a service will be connected to the first public port of the app. You may either specify
components using the various existing flags or let new-app autodetect what kind of components
you have provided.

If you provide source code, a new build will be automatically triggered.
You can use 'oc status' to check the progress.

 

OpenShift Ecosystem: Microsoft Visual Studio , OpenShift and .NET with Click2Cloud

Found a very useful description to use configurte Microsoft Visual Studio with openShift on RedHats openShift BLOG.

I made a copy to make that step-by-step description available.


Red Hat OpenShift 3 provides an API, Web Console and CLI for interfacing with the environment. However, learning these tools and remembering additional commands can become one more hurdle for a developer, which can slow adoption.

Ideally,  a developer can work  from their favorite IDE without having to use a different tool. This is what drove us at Click2Cloud to create the OpenShift 3, Docker Container and Kubernetes based Dev-Ops Extension for Microsoft Visual Studio 2015. This solution from Click2Cloud allows developers to connect to multiple OpenShift environments and deploy applications with ease from an environment they know and love.

How to Install the Click2Cloud Extension and Deploy a .NET Application in 5 Steps

Step 1 – Download and install the extension from the Microsoft Visual Studio Gallery.

image00

Step 2 – Launch the extension and Sign-in to OpenShift 3 environment

image02

Step 3 – Create Project, .NET application from custom templates or open existing project

image01    image04

Step 4 – View Webhook URL for the newly created application or for a running one and trigger a new build by sending a request to OpenShift API endpoint.

image03

image06

Step 5 – View Pod, Build Logs from OpenShift 3 and Start Build

image05

image07

Please Note: Users can use Click2Cloud’s ASP.NET 5.0 Docker builder image to create a .NET based application in OpenShift.

 

In addition to the Visual Studio plugin, we also provide a Docker Explorer plugin that can be used in tandem for a complete view of your development artifacts — see it it action here. We are just scratching the surface of what are providing to enhance the developer experience with OpenShift for Windows users. If you want to learn more, then  check us out at http://click2cloud.net today!

 

Author

This OpenShift Ecosystem post was created by Prashanth Mishra, VP, Business Dev. at Click2Cloud Inc.

Do not hesitate to connect with Prashanth if you want to learn more about Click2Cloud:

Twitter – https://twitter.com/TWIT2PM

Facebook – https://www.facebook.com/writetoprashant

LinkedIn – https://www.linkedin.com/in/mishrap