Deploy a continuous integration reference architecture with Jenkins to test OpenStack with TripleO Quickstart.

There are multiple ways to install CIRA. You deploy locally into a development environment using Vagrant; you can deploy locally into a Docker container or you can deploy to an OpenStack instance. Below you will find the list of requirements for each of the deployment scenarios.

For Ansible, several roles are required, and you can install them as follows:

ansible-galaxy install -r requirements.yml

Deployment to Vagrant should be straight forward. The only real dependency is Vagrant itself, along with whatever provider backend you wish to utilize. Our preferred provider is libvirt (KVM). In order to use Vagrant with the libvirt provider, you'll need to install a new provider plugin.

vagrant plugin install vagrant-libvirt

Additional information about other dependencies required by vagrant-libvirt are available at https://github.com/vagrant-libvirt/vagrant-libvirt

In addition to support OpenStack and Vagrant deployments, ansible-cira also utilize Docker containers. In order to use Docker, you need to install docker-compose.

At present, we tested using docker-compose 1.7.1, build 6c289830.

You'll need to install the shade dependency so that you can interact with OpenStack (assuming you are deploying to an OpenStack cloud).

pip install --user shade

If you're going to install to an OpenStack cloud, you'll need to configure a cloud to connect to. You can do this by creating the ~/.config/openstack/ directory and placing the following contents into the clouds.yml file within that directory (adjust to your own cloud connection):

clouds:
    mycloud:
        auth:
            auth_url: http://theclowd.com:5000/v2.0
            username: cloud_user
            password: cloud_pass
            project_name: "My Cloud Project"

There may be some variables you don't want to expose into a Git repo. You can store those in the ~/.ansible/vars/cira_vars.yml file.

NOTE: You must create a ~/.ansible/vars/cira_vars.yml file, even if it is blank. This file is loaded via var_files directives in Ansible and your deployment will fail if the file doesn't exist.

The following list of options are required when deploying to an OpenStack cloud:

Cloud Configuration

• cloud_name_prefix
• cloud_name
• cloud_region_name
• cloud_availability_zone
• cloud_image
• cloud_flavor
• cloud_key_name

The jenkins_scp_sites variable is required when you need to copy configuration files off the slave to the master. Note that the hostname is relative to the master (in this case, files are copied off the slave into the master node, since that's where the SCP command is run).

SCP Site Configuration

jenkins_scp_sites:
  - hostname: 127.0.0.1
    path: "{{ jenkins_master_results_directory }}"

When adding slaves, you would do so by creating a new file in the hosts/ directory. For example you would create a hosts/slaves file and add your Jenkins slaves via the [jenkins_slave] and [jenkins_slave:vars] headers.

Jenkins Slave Configuration

• slave_name
• slave_description
• slave_remoteFS
• slave_host
• slave_port
• slave_credentialsId
• slave_label

Many of the values can be found in your OpenStack RC file, which can typically be found in the Access & Security section of the Horizon dashboard.

cloud_name_prefix: redhat                  # virtual machine name prefix
cloud_name: mycloud                        # same as specified in clouds.yml
cloud_region_name: mycloud_region          # OS_REGION_NAME
cloud_availability_zone: nova              # availability zone
cloud_image: c0a97bbd-0cdd-4ed1-b6c1-052123456789    # unique image ID
cloud_flavor: m1.medium
cloud_key_name: my_pub_key                 # name of your keypair

jenkins_job_builder_git_jobs_src: gitserver.tld:leifmadsen/nfv-jenkins-jobs.git   # branched from upstream for customization purposes
jenkins_job_config_git_src: gitserver.tld:nfvpe/nfv-job-configs.git
jenkins_job_builder_config_jenkins_user: admin       # default username
jenkins_job_builder_config_jenkins_password: admin   # default password

# Can only specify a single site to SCP files to at the end of the run.
jenkins_scp_sites:
  - hostname: 127.0.0.1
    path: "{{ jenkins_master_results_directory }}"   # defined in vars/main.yml

Deployment can be done via two methods: OpenStack cloud, or Vagrant development environment.

Deploying into a Vagrant development environment should be as simple as running:

vagrant up

This will deploy all the virtual machines and apply the site.yml Ansible configuration to the virtual machines. The deployment uses the built in default networking configuration that Vagrant instantiates. At the end of the run, the web interface addresses for Jenkins and Kibana will be displayed.

Start by creating hosts/containers (or similar) and add your baremetal machine with the following template:

jenkins_master
logstash
elasticsearch
kibana

These names (e.g. jenkins_master, logstash, etc) should match the names as defined in 'docker-compose.yml'.

If you need to add jenkins slaves (baremetal), add slave information in 'hosts/containers' as the following (be sure to add ansible_connection=ssh as well).

[jenkins_slave]
slave01 ansible_connection=ssh ansible_host=10.10.1.1 ansible_user=ansible

[jenkins_slave:vars]
slave_description=CIRA Testing Node
slave_remoteFS=/home/stack
slave_port=22
slave_credentialsId=stack-credential
slave_label=cira

Then, you can run the following commands to setup containers and to setup the CIRA environment.

$ docker-compose up -d
$ ansible-playbook site.yml -vvvv -i hosts/containers \
     -e use_openstack_deploy=false -e deploy_type='docker' -c docker

After you finish, you can stop these containers and restart them.

$ docker-compose stop
(To restart them)
$ docker-compose restart

The following commands delete the containers.

$ docker-compose down

You may need to modify the host_vars/localhost file to adjust the security_group names, as the playbook does not currently create security groups and rules for you. It is assumed you've created the following sets of security groups, and opened the corresponding ports:

• default
  • TCP: 22
• elasticsearch
  • TCP: 9200
• filebeat-input
  • TCP: 5044
• web_ports
  • TCP: 80, 443

NOTE: The security groups are only relevant for OpenStack cloud deployments. There are no firewall rules managed by CIRA within a Vagrant deployment.

The base set of four VMs created for the CI components in OpenStack are listed as follows (as defined in host_vars/localhost):

instance_list:
  - { name: elasticsearch, security_groups: "default,elasticsearch" }
  - { name: logstash, security_groups: "default,filebeat-input" }
  - { name: kibana, security_groups: "default,web_ports" }
  - { name: jenkins_master, security_groups: "default,web_ports" }

After configuration, you can run the following command which will connect to localhost to run the shade applications, authenticate to the OpenStack API you've supplied in clouds.yml and then deploy the stack.

ansible-playbook site.yml

In order to configure scp plugin, you'll need to use the jenkins_scp_sites var. It expects a list of sites where Jenkins will copy the artifacts from the jobs. The hostname / IP address should be relative to the Jenkins master server, as that is where the SCP module will be executed.

Format is the following (see Example Variable Override File for an example):

jenkins_scp_sites:
  - hostname: test_hostname
    user: jenkins1
    password: abc
    path: /test/path
  - hostname: test_hostname
    port: 23
    user: jenkins1
    keyfile: abc
    path: /test/path

If you wish you automate the deployment of your Jenkins baremetal slave machine, you can use Kickstart (or other similar methods). A base minimal installation of a CentOS node, as booted from a cdrom (we're using CentOS as booted from the vFlash partition on a DRAC) can be configured during boot by pressing tab at the "Install CentOS" screen.

Add the following after the word quiet to statically configure a network and boot from the ks.cfg file (as supplied in the samples/ directory). You'll need to host the ks.cfg file from a web server accessible from your Jenkins baremetal slave node.

...quiet inst.ks=http://10.10.0.10/ks.cfg ksdevice=em1 ip=10.10.0.100::10.10.0.1:255.255.255.0:nfv-slave-01:em1:none nameserver=10.10.10.1

• inst.ks: Network path to the Kickstart file
• ksdevice: Device name to apply the network configuration to
• ip: Format is: [my_ip_address]::[gateway]:[netmask]:[hostname]:[device_name]:[boot_options]
• nameserver: IP address of DNS nameserver

After booting, your machine should automatically deploy to a base minimum.

To deploy a Jenkins slave, you need to have a baremetal machine to connect to. You can tell Ansible about this machine by creating a new inventory file in the hosts/ directory. You won't pollute the repository since all inventory files except the hosts/localhost file as ignored.

Start by creating hosts/slaves (or similar) and add your baremetal machine with the following template:

[jenkins_slave]
slave01 ansible_host=10.10.1.1 ansible_user=ansible

[jenkins_slave:vars]
slave_description=CIRA Testing Node
slave_remoteFS=/home/stack
slave_port=22
slave_credentialsId=stack-credential
slave_label=cira

Add additional fields if necessary. It is assumed that the ansible user has been previously created, and that you can login either via SSH keys, or provide the --ask-pass flag to your Ansible run. The ansible user is also assumed to have been setup with passwordless sudo (unless you add --ask-become-pass during your Ansible run).