websend/jenkins

By websend

Updated almost 5 years ago

Jenkins

Image

2.6K

DevOps

Prerequisites

Ansible

Ansible is only needed on the control machines. No extra software is needed on the managed nodes.

Server Operations

Development

New Server

Create a new CoreOS host following the VirtualBox instructions.

Run the following commands from the control machine:

ansible-playbook -i ansible/inventory ansible/general/setup.yml -l development
ansible-playbook -i ansible/inventory ansible/general/iptables.yml -l development
ansible-playbook -i ansible/inventory ansible/general/certificates_keys_dev.yml
ansible-playbook -i ansible/inventory ansible/services/setup.yml -l development

Specific services (names are self explanatory):

ansible-playbook -i ansible/inventory ansible/services/redis.yml -l development
ansible-playbook -i ansible/inventory ansible/services/captain_restart_orchestrator.yml -l development
ansible-playbook -i ansible/inventory ansible/services/haproxy.yml -l development
Production

New Server

Create a new CoreOS host with the correct cloud config file from the cloud_config directory. Don't forget to change the values between <> before you apply the file. Add the host to Logentries and add the token to the host_vars.

Run the following commands from the control machine:

ansible-playbook -i ansible/inventory ansible/general/setup.yml -l [server-address] -e @ansible/inventory/group_vars/production_secrets --vault-password-file ./ansible/.vault_pass
ansible-playbook -i ansible/inventory ansible/general/iptables.yml -l production
ansible-playbook -i ansible/inventory ansible/general/restart.yml -l [server-address] (bug, because else MTU is not set)
ansible-playbook -i ansible/inventory ansible/general/certificates_keys_production.yml -l [server-address] --vault-password-file ./ansible/.vault_pass
ansible-playbook -i ansible/inventory ansible/services/custom_routes.yml -l production
ansible-playbook -i ansible/inventory ansible/services/setup.yml -l [server-address] -e @ansible/inventory/group_vars/production_secrets --vault-password-file ./ansible/.vault_pass
Launching services

You launch new services by the following command.

ansible-playbook -i ansible/inventory ansible/services/[service].yml -l production -e @ansible/inventory/group_vars/production_secrets --vault-password-file ./ansible/.vault_pass

.p12 to .pem

Google delivers a .p12 file for Google Cloud communications. For ansible we need to make it a .pem and encrypt it with ansible-vault, upload it and make it a .p12 again. The command to create a .pem from a .p12:

openssl pkcs12 -in google_price_comparator.p12 -out google_price_comparator.pem -nodes

Docker enzo

Start mysql
docker run --name mysql_data -e DATA_DIRECTORY="/home/mysql/data/" -e USER_ID="3306" -e GROUP_ID="3306" -v /home/mysql/data/ thedutchselection/data:latest
docker run -d -p 3309:3306 --name mysql -e DATA_DIRECTORY="/home/mysql/data/" --volumes-from mysql_data websend/mysql:5.6
Start mariadb
docker run --name mariadb_data -e DATA_DIRECTORY="/home/mysql/data/" -e USER_ID="3306" -e GROUP_ID="3306" -v /home/mysql/data/ thedutchselection/data:latest
docker run -d -p 3309:3306 --name mariadb -e DATA_DIRECTORY="/home/mysql/data/" --volumes-from mariadb_data websend/mariadb:10.1
Misc

Vmware fusion port forwarding

Edit [incomingtcp] section in:

/Library/Preferences/VMware Fusion/vmnet8/nat.conf

Check privileges

SELECT host FROM mysql.user WHERE User = 'root';

Docker Pull Command

docker pull websend/jenkins