CI_CD

==> Jenkins

1. Use a Linux machine (like CentOS, Fedora etc).

2. Install Jenkins by command: yum install jenkins

3. If the above command fails then goto Jenkin's download page in their website an add Jenkin's repo into your machine using commands similar to the following:

   • sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo

   • sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key

4. Start Jenkins by command: sudo service jenkins start

5. Go to URL: http://<host>:8080, and set admin account's password and install the following plugins

   • Publish over SSH, GitHub, Deploy to container, Green Balls.

==> Docker

1. Use a Linux machine (like CentOS, Fedora etc).

2. Install Docker by command: yum install docker

   • For CentOS-7 can refer to this page: https://phoenixnap.com/kb/how-to-install-docker-centos-7

   • In CentOS-7 docker daemon can be started by command: sudo dockerd

   • If nothing works, google !!

3. After installing docker, create an user named "dockeradmin", set a password for it, and add it to the "dockerroot" group by the following by commands:

   • useradd dockeradmin

   • passwd dockeradmin

   • usermod -aG dockerroot dockeradmin

   • Run command "id dockeradmin" , or open the file "/etc/group" to see that "dockeradmin" user is indeed aded to the "dockerroot" group.

   • Open file the "/etc/ssh/sshd_config" and check that the following lines are uncommented (if not, then edit):

     1. 1. PasswordAuthentication yes

        2. Subsystem sftp /usr/libexec/openssh/sftp-server

   • The above lines will ensure that an external machine can connect and send files to this docker-machine via SSH, SFTP and Password-Authentication. If you had to edit the above mentioned file, then you need to run the following command to restart SSH service: service sshd reload

4. Some useful docker commands are below:

• sudo docker images

• sudo docker ps -a

• sudo docker inspect <container_id>

• sudo docker start/stop/kill <container_id>

• sudo docker exec -ti <name> psql -d expo9db -U expo9

5. Command to enter docker bash to run further commands there

• docker exec -it edb_primary bash

• docker exec -ti edb_standby bash psql -d expo9db -U expo9

6. Command to run sql script in docker-hosted edb from remote

• sudo ssh viexpo9-edb-01 docker exec -i edb_primary psql -U expo9 -d expo9db -w -f /mnt/prod/tf/real/runtime/deployscripts/tmp/tmp.sql

==> Docker+Tomcat

1. Use a Linux machine (like CentOS, Fedora etc.).

2. Download standard unix image containing installation of tomcat: docker image pull tomcat:8.0

3. Command to show all active images, should show recently downloaded tomcat image too:

   • docker image ls , or,

   • docker images

4. Command to create a docker container named "ap_tomcat_container" that will wrap the recently downloaded tomcat image and will run on its 8080 port, but that port will be mapped to outside world to 8082:

• docker container create --publish 8082:8080 --name ap_tomcat_container tomcat:8.0

5. Command to show all containers, should show just now created "ap_tomcat_container" as well (-a parameter is to show all, including inactive):

• docker container ls -a

6. Start just now created "ap_tomcat_container"

• docker container start ap_tomcat_container

7. Command to enter the container's bash shell, tomcat installation is in "/usr/local/tomcat"

• docker container exec -it ap_tomcat_container bash

8. Create a file named "Dockerfile" in project's root location, and add the following lines

9. Build the docker image

• docker image build -t webapp_image ./

10. Command to show all active images, should show recently built "webapp_image" image too

• docker image ls

11. Create and run container "webapp_image" and map its port 8080 to 8081 for public (2nd command is for Jenkins):

• docker container run -it --publish 8081:8080 webapp_image

• docker run -d --name webapp_container -p 8081:8080 webapp_image

12. A set commands for Jenkins can be:

• docker image build -t webapp_image ./; docker run -d --name webapp_container -p 8081:8080 webapp_image;

==> Ansible

1. Use a Linux machine (like CentOS, Fedora etc.).

2. Install ansible (for this you will need to install python, and python-pip first). Run the following commands in sequence:

   • yum install python

   • yum install python-pip

   • pip install ansible

   • mkdir /etc/ansible

3. Create user "ansadmin" and add it to "dockerroot" group as follows (before that install docker in this host as well and create "dockeradmin" user and add that to "dockerroot" group like above in Docker section):

   • useradd ansadmin

   • passwd ansadmin

   • usermod -aG dockerroot ansadmin

4. Add the line "ansadmin ALL=(ALL) NOPASSWD: ALL" at the end of the file "/etc/sudoers". You can use "visudo" command for that.

5. Now, let us establish a mechanism to connect docker-machine from ansible-machine via SSH without password. To achieve this we need to create a private/public SSH-key pair in ansible-machine, andd then share the public-key to docker-machine. For these we need to do the following:

   • Switch to "ansadmin" user: su - ansadmin , and run command: ssh-keygen (don't give any passphrase, other login without password will not be possible)

   • It will create SSH keys (private and public both) for "ansadmin" user in location: /home/ansadmin/.ssh/

   • Create a user named "ansadmin" in docker-host and addd it to "dockerroot" group.

   • Copy the public-key to docker-host by command: ssh-copy-id ansadmin@<docker_host_ip>

6. Create a dedicated directory (like "/opt/artifacts/") where war file will be dumped.

7. Now we are going to describe 2 ways to deploy webapp.war into multiple docker machines via ansible.

   • [A] First approach:

     1. Switch to "ansadmin" user: su - ansadmin

     2. Go inside the directory just create (/opt/artifacts) and create a file named devops_playbook.yml and paste the following content:

---

- hosts: all

become: true

tasks:

- name: stop if we have old docker container

command: docker stop webapp_container

ignore_errors: yes

- name: remove stopped docker container

command: docker rm webapp_container

ignore_errors: yes

- name: remove current docker image

command: docker rmi webapp_image

ignore_errors: yes

- name: building docker image

command: docker build -t webapp_image .

args:

chdir: /opt/artifacts

- name: running docker image as container

command: docker run -d --name webapp_container -p 8081:8080 webapp_image

7. • 3. We shall first try to deploy webapp.war in the ansible-box itself, i.e. inn localhost. For this create a file named "hosts" in /opt/artifacts and add just 1 line in it: "localhost". Then run the following command:

        • 1. • ansible-playbook -i /opt/artifacts/hosts /opt/artifacts/devops_project.yml

     4. The above command should fail as "localhost" is not reachable for "ansadmin" user -- hence copy "ansadmin" user's public-key to "localhost" as well by command: ssh-copy-id ansadmin@localhost

     5. After this run the command again and this time it should successfully deploy webapp.war in localhost docker and should be accessible from port 8081:

        • 1. • ansible-playbook -i /opt/artifacts/hosts /opt/artifacts/devops_project.yml

     6. Ideally speaking we don't need to pass a hosts file with "-i" param in command, but we should create a file named "/etc/ansible/hosts" and write all the host information there. Once such a file is written ansible will automatically read it. One can test that by running the following command: ansible all -m ping

     7. We can mention multiple hosts in the hosts file and run the above mentioned ansible-playbook command to deploy webapp.war in all these hosts -- but make sure that each of the hosts has the ansible-machine's public-key copied there.

   • [B] Second approach:

     1. Create image by command: docker image build -t webapp_image ./

     2. Tag image: docker tag webapp_image:latest <docker_login_id>/<docker_repo_name>:webapp_image_for_push

     3. Login to dockerhub account: docker login -u <docker_login_id>

     4. Push the image to dockerhub: docker push <docker_login_id>/<docker_repo_name>:webapp_image_for_push

     5. Goto dockerhub account and verify that an image with tagname "webapp_image_for_push" has appeared. Now even if we delete the webapp_image from local-machine, a copy of the same image will still be there in the dockerhub repo.

     6. You can run the same command again push the image, as long as you are logged in it will not ask for password and will overwrite the image in dockerhub.

8. dsd: ansible-playbook -i /mnt/users/apal/work/docker_builds/hosts /mnt/users/apal/work/docker_builds/devops_project_create_n_push_image.yml --limit localhost

9. sdvs

10. sdds

11. sd