To deploy the CogNet common infrastructure, you should firstly deploy the Jenkins node and then the Jenkins jobs lead to the deployment of CogNet VMs and their associated software. This guideline describes how to install and configure the Jenkins VM.
- Environment prerequisites
- Jenkins installation guideline
- License
To deploy the Agnostic CI, a few important prerequisites should be taken into account before proceeding to the deployment step:
Ubuntu 14.04 for the policy component and Ubuntu 16.04 for the rest of Agnostic CI components (Kafka, Docker, OpenDaylight, Spark, Monasca, DevStack). To install Jenkins, we recommend using Ubuntu 16.04 since this manual was successfully tested on it. It is also recommended to install each component of CogNet Infrastructure on a VM having:
- 2 CPUs,
- 4Go of RAM,
- 40Go of storage.
A set of rules should be specified (to enable/open tcp ports) in the security group to allow access to Jenkins service and to enable the internal communication between CogNet components:
| Port / Protocol | Component |
|---|---|
| 22/TCP | SSH port (to install and configure Jenkins remotely) |
| 80/TCP | HTTP port (to access the horizon of the Devstack) |
| 443/TCP | HTTPS port |
| 2181/TCP | Zookeeper |
| 8080/TCP | Jenkins GUI |
| 8086/TCP | Influxdb |
| 8181/TCP | OpenDaylight GUI |
| 35357/TCP | Keystone-admin running on the Devstack node |
| 3000/TCP | Grafana running on the Monasca node |
| 5000/TCP | Keystone running on the Devstack node |
| 8070/TCP | Monasca API |
| 4243/TCP | Docker |
| 9092-9099/TCP | Kafka broker |
It is neccessary to generate a RSA key in order to automatically deploy content into common infrastructure from Git repositories.
This section will explain how to do it and add the corresponding rsa
There is an option in github to setup a RSA key that let clients pull and push data from github without human interaction.
This work only needs to be done once for each repository.
First step will be the generation of a RSA key, to do this we will run the following command:
$ ssh-keygen -t rsa -b 4096 -C "[email protected]"
You will be prompted for several data:
Enter file in which to save the key (/home/username/.ssh/id_rsa): /tmp/rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /tmp/rsa.
Your public key has been saved in /tmp/rsa.pub.
The key fingerprint is:
SHA256:hp+tG6zvZyni/CYoabY3kaSfaXt685hAEvF4wup4jn8 [email protected]
The key's randomart image is:
+---[RSA 4096]----+
|. |
|.+ |
|+.o |
|.+ . |
|o. . S . |
|= . =... o |
|+.+... +*. o |
|.BB+E.. ++o |
|o=*X++ oB=. |
+----[SHA256]-----+
- File to store the key
- Passphrase MUST BE EMPTY to let the system connect without human interaction
Once you have generated your RSA key you will have two files
-rw------- 1 user group 3.2K Jan 31 10:22 rsa
-rw-r--r-- 1 user group 740 Jan 31 10:22 rsa.pub
- rsa will hold private key
- rsa.pub will hold public key that should be copied to Github
Those keys must be deployed into scripts/setup/ansible/files/ folder.
The public key is the one that we need to "upload" to our Github repository in order to let the system to be connected automatically.
To do this we need to be administrator of our repository. We go to our repository settings:
Then, we go to Deploy keys section:
And finally we have to click on the Add deploy key
We will copy the content of the rsa.pub public key file into the dialog and click the Add key button.
This way we will have an accepted key to pull and push content from/to Github without any need of human interaction.
The entry point of the Agnostic Common Infrastructure (ACI) deployment is the Jenkins tool. This later ensures the execution of jobs and tasks in an agile manner. This guideline describes the step by step installation and configuration of the Jenkins. It is recommended to install the Jenkins in a VM having:
- Ubuntu 16.04 as operating system,
- 2 CPUs,
- 4Go of RAM,
- 40Go of storage.
The Agnostic-CI can be deployed on a Cloud that is behind or not a proxy system. If you are using a Cloud behind a proxy, you should configure the Jenkins VM with the proxy parameter otherwise go to next sub-section Installation of Ansible
To configure the Jenkins VM with the proxy parameters you should know:
- username: the username of your proxy [optional]
- password: the password of your proxy [optional]
- proxy_host: the proxy address
- proxy_port: the proxy port
The url of your proxy should look like this:
http://username:password@proxy_host:proxy_port
Note: In case the proxy does not have username and password, the url of your proxy should look like this:
http://proxy_host:proxy_port
Configuration of APT proxy:
sudo vi /etc/apt/apt.conf.d/proxy
Acquire::http::Proxy "http://username:password@proxy_host:proxy_port";
Acquire::https::Proxy "http://username:password@proxy_host:proxy_port";
Configuration of the bashrc file with the proxy parameter:
vi ~/.bashrc
export http_proxy=http://username:password@proxy_host:proxy_port
export https_proxy=http://username:password@proxy_host:proxy_port
export no_proxy=Jenkin_local_IP_address
Reload the environment variables:
. ~/.bashrc
Configuration of git with the proxy parameter:
git config --global http.proxy http://username:password@proxy_host:proxy_port
Install ansible (version >= v2.1) since the default version (v1.9) available in the Ubuntu 16.04 does not support docker_container module:
sudo -E apt-add-repository ppa:ansible/ansible
## Press ENTER to accept the PPA addition.
sudo apt-get update
sudo apt-get install ansible=2.1.1.0-1~ubuntu16.04.1
Install novaclient for OpenStack:
sudo apt-get install python-setuptools
sudo -E easy_install pip
sudo apt-get -y install python-dev gcc
sudo -E pip install python-novaclient==3.3.0
sudo -E pip install rackspace-novaclient
Note: For Rackspace environment you should install a specific novaclient:
sudo apt-get install python-setuptools sudo -E easy_install pip sudo apt-get install python-dev gcc sudo -E pip install rackspace-novaclient
If your OpenStack uses HTTPS for its APIs, you need to load before API certificates:
- Copy the certificate(s) in the .crt format to /usr/local/share/ca-certificates/
Note: We assume that the file name of the certificate is: root-ca.crt
- Make sure it has the permissions set to 644.
sudo chmod 644 root-ca.crt
- Run the following command:
sudo update-ca-certificates
wget -q -O - https://pkg.jenkins.io/debian/jenkins-ci.org.key | sudo apt-key add -
sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'
sudo apt-get update
sudo apt-get -y install jenkins
You should generate a RSA key in the Jenkins VM in order to allow Jenkins to automatically access and deploy software into the CogNet component. The public RSA key pair should then be added in the OpenStack from the horizon throw “access & security” menu.
Connect to Jenkins account via the root account and generate the RSA key:
sudo su
su - jenkins
# generate key
ssh-keygen -t rsa
# Add the public key “.ssh/id_rsa.pub” to the OpenStack from the horizon throw “access & security” menu. See figure below.
cat ~/.ssh/id_rsa.pub
sudo cat /var/lib/jenkins/secrets/initialAdminPassword
Then connect to the Jenkins web interface to perform the configurations: http://Jenkins_IP_address:8080
Paste the initial admin password in the administrator password field to unlock the Jenkins. See figure below.
The rest of the steps will be done via the web interface (more friendly than the black terminal :) )
In this case, you should configure the HTTP proxy with these parameters:
- Server: the address of the proxy host
- Port: the proxy port
- User name: the username of your proxy [optional]
- Password: the password of your proxy [optional]
After that, you need to create a user admin for Jenkins and to install suggested plugins as depicted in figures below.
Figure below shows that the Jenkins is ready.
Figures below show how to add Ansible plugin in Jenkins via Manage Plugins.
After installing and configuring jenkins, you need to customize the agnistic-CI code to your cloud environment. The first step consists on creating a new branch of the agnostic-CI from the github interface. Figure below show how to create a new branch (new branch named cognet-openwatt).
The second step of the procedure is to update 3 files which are:
- the cloud credential file
Upload your cloud credential file in this directory:
Agnostic_Cloud_CI/scripts/deploy/cred/
For the openstack, you can download the credential file from the openstack dashboard (see figure below)
Do not forgot to update the credential file with the OS_CACERT and OS_PASSWORD variables:
- agnosticCI.conf file
Agnostic_Cloud_CI/scripts/deploy/agnosticCI.conf
For the parameter indicating the cloud credential "cloud_credential_file", set the value to the path of the credential file uploaded in the previous step
- all.yml file
This file contains the proxy parameters:
* http_proxy: http://HOST:PORT/
* https_proxy: http://HOST:PORT/
* proxy_host: HOST
* proxy_port: PORT
* proxy_protocol: http
In case your cloud is not behind a proxy, keep these parameters empty.
The third step of the procedure is to create the Jenkins jobs and before that you need to provide your github credential to the Jenkins. Figure below show how to do it:
Now go back to the homepage of the Jenkins and create your first job.
To manage the agnostic-CI, we identified 4 mains jobs that ensure the VMs deployment and configuration:
This job ensures the deployment of 9 VMs in the Cloud infrastructure.
Specify the job name and type. In this case the name is Agnostic_Cloud_CI-VMs-Deployment and the type Freestyle project.
Then indicate the repository URL https://github.com/CogNet-5GPPP/Agnostic_Cloud_CI, select the github credential and specify the Branch cognet-openwatt:
In the Build menu add a build step Execute shell and specify the VM deployment script:
scripts/deploy/deployVMs.sh
-
Job name: Agnostic_Cloud_CI-VMs-Deployment
-
git: https://github.com/CogNet-5GPPP/Agnostic_Cloud_CI
-
Branches to build: */cognet-openwatt
-
Commande:
scripts/deploy/deployVMs.sh
Figure below shows you how to launch the deployment job
This job manages the VMs inventory and their bootstrapping phase. For the inventory step, we specify the associated script in the Build task as shown in Figures below. Note that we have two types of inventory scripts. The first one ensures the inventory of VMs having private IP addresses and the second one for VMs having public IP addresses. For the bootstrapping phase, an ansible playbook is specified in the build task. This job use the same git repository URL https://github.com/CogNet-5GPPP/Agnostic_Cloud_CI as the previous job.
-
Job name: Agnostic_Cloud_CI-VMs-Inventory-Bootstrap
-
git: https://github.com/CogNet-5GPPP/Agnostic_Cloud_CI
-
Branches to build: */cognet-openwatt
-
Commande:
#scripts/setup/ansible/files/cloud_inventory.sh
scripts/setup/ansible/files/cloud_inventory_with_privIP.sh
-
Playbook path : scripts/setup/ansible/playbook-VMs-bootstrap.yml
-
Inventory --> File or host list : scripts/setup/ansible/files/hostsBootStrap
This job ensures the installation and configuration of the software components of CogNet in the VMs deployed by the previous jobs.
-
Job name: Agnostic_Cloud_CI-Installation-configuration
-
git: https://github.com/CogNet-5GPPP/Agnostic_Cloud_CI
-
Branches to build: */cognet-openwatt
-
Commande:
cp /var/lib/jenkins/workspace/Agnostic_Cloud_CI-VMs-Inventory-Bootstrap/scripts/setup/ansible/inventory /var/lib/jenkins/workspace/Agnostic_Cloud_CI-Installation-configuration/scripts/setup/ansible/inventory
ln -sf ~/workspace/Agnostic_Cloud_CI-Installation-configuration/boron.gz ~/workspace/Agnostic_Cloud_CI-Installation-configuration/scripts/setup/ansible/
ln -sf ~/workspace/Agnostic_Cloud_CI-Installation-configuration/hadoop.tar.gz ~/workspace/Agnostic_Cloud_CI-Installation-configuration/scripts/setup/ansible/
ln -sf ~/workspace/Agnostic_Cloud_CI-Installation-configuration/kafka.tgz ~/workspace/Agnostic_Cloud_CI-Installation-configuration/scripts/setup/ansible/
ln -sf ~/workspace/Agnostic_Cloud_CI-Installation-configuration/scripts ~/workspace/Agnostic_Cloud_CI-Installation-configuration/scripts/setup/ansible/
ln -sf ~/workspace/Agnostic_Cloud_CI-Installation-configuration/derby.tar.gz ~/workspace/Agnostic_Cloud_CI-Installation-configuration/scripts/setup/ansible/
ln -sf ~/workspace/Agnostic_Cloud_CI-Installation-configuration/hive.tar.gz ~/workspace/Agnostic_Cloud_CI-Installation-configuration/scripts/setup/ansible/
ln -sf ~/workspace/Agnostic_Cloud_CI-Installation-configuration/README.md ~/workspace/Agnostic_Cloud_CI-Installation-configuration/scripts/setup/ansible/
ln -sf ~/workspace/Agnostic_Cloud_CI-Installation-configuration/spark.tgz ~/workspace/Agnostic_Cloud_CI-Installation-configuration/scripts/setup/ansible/
#ln -sf ~/workspace/Agnostic_Cloud_CI-Installation-configuration/* ~/workspace/Agnostic_Cloud_CI-Installation-configuration/scripts/setup/ansible
-
Playbook path : scripts/setup/ansible/cognetComInf.yml
-
Inventory --> File or host list : scripts/setup/ansible/inventory
This job ensure the cleaning and the removal of all the CogNet VMs from the cloud infrastructure. The script ensuring this job should be specified in the Build task, as shown in Figures below.
-
Job name: Agnostic_Cloud_CI-Retire
-
git: https://github.com/CogNet-5GPPP/Agnostic_Cloud_CI
-
Branches to build: */cognet-openwatt
-
Commande:
scripts/deploy/removeVMs.sh
- Marouane Mechteri ([email protected])
Copyright : Copyright 2017 Orange ©
License : Apache 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.