diff --git a/openshift/README.md b/openshift/README.md index 973da651..16b6f441 100644 --- a/openshift/README.md +++ b/openshift/README.md @@ -1,3 +1,33 @@ +# eDivorce Environments + +There are several environments set up for different purposes within OpenShift. They are available at the URLs below. + +|Environment| URL |Justice URL| +|-----------|-----|-----| +|DEV|edivorce-dev.pathfinder.gov.bc.ca|justice.gov.bc.ca/divorce-dev| +|TEST|edivorce-test.pathfinder.gov.bc.ca|justice.gov.bc.ca/divorce-test| +|PROD|edivorce-prod.pathfinder.gov.bc.ca|justice.gov.bc.ca/divorce| + + +# How to access Jenkins for eDivorce + +- Login to https://edivorce-jenkins.pathfinder.gov.bc.ca with the username/password that was provided to you. + +# How to access OpenShift for eDivorce + +## Web UI +- Login to https://console.pathfinder.gov.bc.ca:8443; you'll be prompted for GitHub authorization. You must be part of the BCDevOps Github organization, and you must have access to the eDivorce projects. + +## Command-line (```oc```) tools +- Download OpenShift [command line tools](https://github.com/openshift/origin/releases/download/v1.2.1/openshift-origin-client-tools-v1.2.1-5e723f6-mac.zip), unzip, and add ```oc``` to your PATH. +- Copy command line login string from https://console.pathfinder.gov.bc.ca:8443/console/command-line. It will look like ```oc login https://console.pathfinder.gov.bc.ca:8443 --token=xtyz123xtyz123xtyz123xtyz123``` +- Paste the login string into a terminal session. You are no authenticated against OpenShift and will be able to execute ```oc``` commands. ```oc -h``` provides a summary of available commands. + +# Project contents + +- The "edivorce-tools" project contains the Jenkins instance and the other jsg-csb-edivorce-* projects contain different "environments". The names are self-explanatory. + + # Uploading Templates into OpenShift 1. Clone the project from Github, and then ```cd``` into the openshift/templates directory. @@ -7,6 +37,7 @@ 3. Upload the templates into OpenShift with the following commands (this can also be done via the web interface) ``` +oc create -f ../jenkins/jenkins-pipeline-persistent-template.json -n jag-csb-edivorce-tools oc create -f edivorce-build-template.yaml -n jag-csb-edivorce-tools oc create -f nginx-build-template.yaml -n jag-csb-edivorce-tools oc create -f ../jenkins/pipeline.yaml -n jag-csb-edivorce-tools @@ -22,7 +53,42 @@ oc create -f nginx-environment-template.yaml -n jag-csb-edivorce-prod ``` -# Setting up Dev/Test/Prod Environments +# Setting up the Tools Project + +Install Docker Toolbox on your computer + +Open Docker QuickStart Terminal (need Docker engine started and env variables set) and build the S2I image: + +```docker build -t s2i-nginx git://github.com/BCDevOps/s2i-nginx``` + +Tag and push this image to the OpenShift Docker Registry for your OpenShift Project: + +```docker tag s2i-nginx docker-registry.pathfinder.gov.bc.ca/jag-csb-edivorce-tools/s2i-nginx``` + +```docker login docker-registry.pathfinder.gov.bc.ca -u -p ``` + +```docker push docker-registry.pathfinder.gov.bc.ca/jag-csb-edivorce-tools/s2i-nginx``` + +(your docker token is the same as your OpenShift login token) + + +``` +oc project jag-csb-edivorce-tools + +oc process jenkins-pipeline-persistent | oc create -f - +oc process edivorce-build | oc create -f - +oc process nginx-build | oc create -f - + +``` + +Select "Add to Project" + +On the Browse Catalog tab, type "edivorce-build-pipeline" into the filter field. Select the template. Create. +(For some reason this can't be done from the command line like the other templates) + + + +# Setting up Dev/Test/Prod Projects 1. Give the dev/test/prod projects access to ImageStreams stored in the tools project @@ -70,37 +136,6 @@ oc create -f nginx-environment-template.yaml -n jag-csb-edivorce-prod 7. Weasyprint doesn't deploy itself by default. (outstanding issue). Go to Applications => Deployments => weasyprint and press the 'Deploy' button. - -# eDivorce Environments - -There are several environments set up for different purposes within OpenShift. They are available at the URLs below. - -|Environment| URL |Justice URL| -|-----------|-----|-----| -|DEV|edivorce-dev.pathfinder.gov.bc.ca|justice.gov.bc.ca/divorce-dev| -|TEST|edivorce-test.pathfinder.gov.bc.ca|justice.gov.bc.ca/divorce-test| -|PROD|edivorce-prod.pathfinder.gov.bc.ca|justice.gov.bc.ca/divorce| - - - -# How to access Jenkins for eDivorce - -- Login to https://edivorce-jenkins.pathfinder.gov.bc.ca with the username/password that was provided to you. - -# How to access OpenShift for eDivorce - -## Web UI -- Login to https://console.pathfinder.gov.bc.ca:8443; you'll be prompted for GitHub authorization. You must be part of the BCDevOps Github organization, and you must have access to the eDivorce projects. - -## Command-line (```oc```) tools -- Download OpenShift [command line tools](https://github.com/openshift/origin/releases/download/v1.2.1/openshift-origin-client-tools-v1.2.1-5e723f6-mac.zip), unzip, and add ```oc``` to your PATH. -- Copy command line login string from https://console.pathfinder.gov.bc.ca:8443/console/command-line. It will look like ```oc login https://console.pathfinder.gov.bc.ca:8443 --token=xtyz123xtyz123xtyz123xtyz123``` -- Paste the login string into a terminal session. You are no authenticated against OpenShift and will be able to execute ```oc``` commands. ```oc -h``` provides a summary of available commands. - -# Project contents - -- The "edivorce-tools" project contains the Jenkins instance and the other jsg-csb-edivorce-* projects contain different "environments". The names are self-explanatory. - # Data management operations You can either use the terminal window in the OpenShift console or the ```oc rsh``` command to get to the command line on the postgresql pod. @@ -111,5 +146,7 @@ oc rsh postgresql-2-qp0oh psql -d default \dt + +\q ``` ** the pod identifiers change regularly, you need to find the current one diff --git a/openshift/jenkins/jenkins-persistent-template.json b/openshift/jenkins/jenkins-persistent-template.json deleted file mode 100644 index e69de29b..00000000 diff --git a/openshift/jenkins/jenkins-pipeline-persistent-template.json b/openshift/jenkins/jenkins-pipeline-persistent-template.json new file mode 100644 index 00000000..3661b4bc --- /dev/null +++ b/openshift/jenkins/jenkins-pipeline-persistent-template.json @@ -0,0 +1,295 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "jenkins-pipeline-persistent", + "creationTimestamp": null, + "annotations": { + "description": "Jenkins service, with persistent storage.\nYou must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-jenkins", + "tags": "instant-app,jenkins" + } + }, + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", + "objects": [ + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "host" : "edivorce-jenkins.pathfinder.gov.bc.ca", + "to": { + "kind": "Service", + "name": "${JENKINS_SERVICE_NAME}" + }, + "tls": { + "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect" + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "jenkins" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${JENKINS_IMAGE_STREAM_TAG}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", + "containers": [ + { + "name": "jenkins", + "image": " ", + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 120, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "env": [ + { + "name": "JENKINS_PASSWORD", + "value": "${JENKINS_PASSWORD}" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "mountPath": "/var/lib/jenkins" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${JENKINS_SERVICE_NAME}" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + } + }, + { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JNLP_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "agent", + "protocol": "TCP", + "port": 50000, + "targetPort": 50000, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + }, + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } + } + ], + "parameters": [ + { + "name": "JENKINS_SERVICE_NAME", + "displayName": "Jenkins Service Name", + "description": "The name of the OpenShift Service exposed for the Jenkins container.", + "value": "jenkins" + }, + { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { + "name": "JENKINS_PASSWORD", + "displayName": "Jenkins Password", + "description": "Password for the Jenkins 'admin' user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Jenkins ImageStream Namespace", + "description": "The OpenShift Namespace where the Jenkins ImageStream resides.", + "value": "openshift" + }, + { + "name": "JENKINS_IMAGE_STREAM_TAG", + "displayName": "Jenkins ImageStreamTag", + "description": "Name of the ImageStreamTag to be used for the Jenkins image.", + "value": "jenkins:latest" + } + ], + "labels": { + "template": "jenkins-persistent-template" + } +} \ No newline at end of file diff --git a/openshift/scripts/destroy-env.sh b/openshift/scripts/destroy-env.sh new file mode 100755 index 00000000..009beca2 --- /dev/null +++ b/openshift/scripts/destroy-env.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash + +# this is hard-coded to only destroy the dev environment +# you can chage it to 'test' or 'prod' if you are sure you want to destroy EVERYTHING, include the database +oc project jag-csb-edivorce-test + +# delete all imagestreams +oc delete is --all + +# delete services by name (we don't want to accidentally delete the gluster service!) +oc delete svc weasyprint +oc delete svc postgresql +oc delete svc edivorce-django + +# delete routes +oc delete route --all + +# delete persistent volume claims +oc delete pvc --all + +# delete replication controllers +oc delete rc --all + +# delete deployment configurations +oc delete dc --all + +# delete pods +oc delete po --all + No newline at end of file diff --git a/openshift/templates/nginx-build-template.yaml b/openshift/templates/nginx-build-template.yaml index 3166c837..cbfe0621 100644 --- a/openshift/templates/nginx-build-template.yaml +++ b/openshift/templates/nginx-build-template.yaml @@ -2,7 +2,7 @@ kind: Template apiVersion: v1 metadata: - name: nginx + name: nginx-build creationTimestamp: objects: - kind: ImageStream