diff --git a/openshift/README.md b/openshift/README.md index 297df0af..973da651 100644 --- a/openshift/README.md +++ b/openshift/README.md @@ -1,53 +1,85 @@ -# How to configure a CI/CD pipeline for eDivorce on OpenShift +# Uploading Templates into OpenShift -- Create a project to house the Jenkins instance that will be responsible for promoting application images (via OpenShift ImageStreamTagS) across environment; the exact project name used was "edivorce". -- Create the BuildConfiguration within this project using the ```oc``` command and "edivorce-build-template.yaml" file in the templates directory: +1. Clone the project from Github, and then ```cd``` into the openshift/templates directory. -``` -oc process -f edivorce-build-template.yaml -v NAME= -v SOURCE_REPOSITORY_URL= -v SOURCE_REPOSITORY_REF= | oc create -f - -``` +2. Log into the OpenShift Console to get your command line token. Then log into OpenShift from the command line. -For example: +3. Upload the templates into OpenShift with the following commands (this can also be done via the web interface) ``` -oc process -f edivorce-build-template.yaml -v NAME=edivorce-django -v SOURCE_REPOSITORY_URL=https://github.com/bcgov/eDivorce.git -v SOURCE_REPOSITORY_REF=master | oc create -f - +oc create -f edivorce-build-template.yaml -n jag-csb-edivorce-tools +oc create -f nginx-build-template.yaml -n jag-csb-edivorce-tools +oc create -f ../jenkins/pipeline.yaml -n jag-csb-edivorce-tools + +oc create -f edivorce-environment-template.yaml -n jag-csb-edivorce-dev +oc create -f edivorce-environment-template.yaml -n jag-csb-edivorce-test +oc create -f edivorce-environment-template.yaml -n jag-csb-edivorce-prod + +oc create -f nginx-environment-template.yaml -n jag-csb-edivorce-dev +oc create -f nginx-environment-template.yaml -n jag-csb-edivorce-test +oc create -f nginx-environment-template.yaml -n jag-csb-edivorce-prod + ``` +# Setting up Dev/Test/Prod Environments -- Deploy a Jenkins instance with persistent storage into the edivorce project using the web gui -- Install the Promoted Builds Jenkins plugin -- Configure a job that has an OpenShift ImageStream Watcher as its SCM source and promotion states for each environment -- In each promotion configuration, tag the target build's image to the appropriate promotion level; this was done using a shell command because the OpenShift plugins do not appear to handle parameter subsitution inside promotions properly. -- Create an OpenShift project for each "environment" (e.g. DEV, TEST, PROD); Exact names used were jag-csb-edivorce-dev, jag-csb-edivorce-test, jag-csb-edivorce-prod -- Configure the access controls to allow the Jenkins instance to tag imagestreams in the environment projects, and to allow the environment projects to pull images from the eDivorce project: +1. Give the dev/test/prod projects access to ImageStreams stored in the tools project -``` -oc policy add-role-to-user system:image-puller system:serviceaccount:jag-csb-edivorce-:default -n jag-csb-edivorce-tools -oc policy add-role-to-user edit system:serviceaccount: jag-csb-edivorce-tools:default -n jag-csb-edivorce- -``` + ``` + oc policy add-role-to-user system:image-puller system:serviceaccount:jag-csb-edivorce-dev:default -n jag-csb-edivorce-tools + oc policy add-role-to-user edit system:serviceaccount: jag-csb-edivorce-tools:default -n jag-csb-edivorce-dev -- Use the YAML files in this directory and `oc` tool to create the necessary resources within each project: + oc policy add-role-to-user system:image-puller system:serviceaccount:jag-csb-edivorce-test:default -n jag-csb-edivorce-tools + oc policy add-role-to-user edit system:serviceaccount: jag-csb-edivorce-tools:default -n jag-csb-edivorce-test -``` -oc process -f edivorce-environment-template.yaml -v ENVIRONMENT_TYPE= | oc create -f - -``` + oc policy add-role-to-user system:image-puller system:serviceaccount:jag-csb-edivorce-prod:default -n jag-csb-edivorce-tools + oc policy add-role-to-user edit system:serviceaccount: jag-csb-edivorce-tools:default -n jag-csb-edivorce-prod + ``` + +2. In the web console, go into the project you want to configure + +3. Select "Add to Project" + +4. On the Browse Catalog tab, type "edivorce" into the filter field. Select the edivorce template. + + You need to enter values for the following fields: + ``` + Type of environnment (dev,test or prod). + - Type the word dev, test, or prod + + Network of upstream proxy + - This is used to ensure that requests come from the Justice Proxy only. It + should be entered in IPV4 CIDR notation e.g. 10.10.15.10/16. (The actual + value you need to enter cannot be stored on Github because this would + violate BC Government Github policies. However the PROXY_NETWORK setting + is currently the same for all 3 environemts [dev/test/prod] ) + ``` + +5. Select "Add to Project" again + +6. On the Browse Catalog tab, type "nginx" into the filter field. Select the nginx template + + You need to enter values for the following fields: + + ``` + Type of environnment (dev,test or prod). + - Type the word dev, test, or prod + ``` + +7. Weasyprint doesn't deploy itself by default. (outstanding issue). Go to Applications => Deployments => weasyprint and press the 'Deploy' button. -For example: -``` -oc process -f edivorce-environment-template.yaml -v ENVIRONMENT_TYPE=dev,VOLUME_CAPACITY=1Gi | oc create -f - -``` # eDivorce Environments There are several environments set up for different purposes within OpenShift. They are available at the URLs below. -|Environment| URL |Notes| +|Environment| URL |Justice URL| |-----------|-----|-----| -|DEV|edivorce-dev.pathfinder.gov.bc.ca| | -|TEST|edivorce-test.pathfinder.gov.bc.ca| | -|PROD|edivorce-prod.pathfinder.gov.bc.ca| | +|DEV|edivorce-dev.pathfinder.gov.bc.ca|justice.gov.bc.ca/divorce-dev| +|TEST|edivorce-test.pathfinder.gov.bc.ca|justice.gov.bc.ca/divorce-test| +|PROD|edivorce-prod.pathfinder.gov.bc.ca|justice.gov.bc.ca/divorce| @@ -58,7 +90,7 @@ There are several environments set up for different purposes within OpenShift. T # How to access OpenShift for eDivorce ## Web UI -- Login to https://console.pathfinder.gov.bc.ca:8443; you'll be prompted for GitHub authorization. +- Login to https://console.pathfinder.gov.bc.ca:8443; you'll be prompted for GitHub authorization. You must be part of the BCDevOps Github organization, and you must have access to the eDivorce projects. ## Command-line (```oc```) tools - Download OpenShift [command line tools](https://github.com/openshift/origin/releases/download/v1.2.1/openshift-origin-client-tools-v1.2.1-5e723f6-mac.zip), unzip, and add ```oc``` to your PATH. @@ -71,19 +103,13 @@ There are several environments set up for different purposes within OpenShift. T # Data management operations -todo: add instructions on how to 'oc rsh' into the django pod to manage the postgresql pod - -# Background reading/Resources - -[Free OpenShift book](https://www.openshift.com/promotions/for-developers.html) from RedHat – good overview - -[Red Hat Container Development Kit](http://developers.redhat.com/products/cdk/overview/) - -OpenShift CI/CD pieline Demos: - -- https://www.youtube.com/watch?v=65BnTLcDAJI -- https://www.youtube.com/watch?v=wSFyg6Etwx8 - +You can either use the terminal window in the OpenShift console or the ```oc rsh``` command to get to the command line on the postgresql pod. +``` +oc rsh postgresql-2-qp0oh +psql -d default +\dt +``` + ** the pod identifiers change regularly, you need to find the current one diff --git a/openshift/templates/edivorce-environment-template.yaml b/openshift/templates/edivorce-environment-template.yaml index a0420bdd..0fa52809 100644 --- a/openshift/templates/edivorce-environment-template.yaml +++ b/openshift/templates/edivorce-environment-template.yaml @@ -337,8 +337,7 @@ parameters: displayName: Type of environnment (dev,test or prod). required: true - name: PROXY_NETWORK - displayName: Network of upstream proxy - value: 0.0.0.0/0 + displayName: Network of upstream proxy (CIDR notation 0.0.0.0/0) required: true - name: BASICAUTH_ENABLED displayName: Enable basic auth (recommended for Dev and Test environments)