dsf mirabaud cicd environment setup
Initial requirements:
-
OS: RHEL 6.5
Remote setup in CI machine (located in the Netherlands)
- Jenkins
- Nexus
- GitLab
- Mattermost
- Atlassian Crucible
- SonarQubeDue to that OS version, the only way to have Docker running in the CI machine is by installing it from the EPEL repository (Extra Packages for Enterprise Linux).
-
Add EPEL
# rpm -iUvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm-
Install
docker.iofrom that repository
# yum -y install docker-io-
Start Docker daemon
# service docker start-
Check the installation
# docker -v
Docker version 1.7.1, build 786b29d/1.7.1Download and install it via curl. It will use this site.
# curl -L https://github.com/docker/compose/releases/download/1.5.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
# chmod +x /usr/local/bin/docker-composeAdd it to your sudo path:
-
Find out where it is:
# echo $PATH
-
Copy the
docker-composefile from/usr/local/bin/to yoursudoPATH.
# docker-compose -v
docker-compose version 1.5.2, build 7240ff3Several directories had been added to organize some files related to docker (like docker-compose.yml) and docker volumes for each service. Here’s how it looks:
/home
/[username]
/jenkins
/volumes
/jenkins_home
/sonarqube
/volumes
/conf
/data
/extensions
/lib
/bundled-plugins
/nexus
/volumes
/nexus-data
/crucible
/volumes
/
/gitlab
docker-compose.yml
/volumes
/etc
/gitlab
/var
/log
/opt
/mattermost
docker-compose.yml
/volumes
/db
/var
/lib
/postgresql
/data
/app
/mattermost
/config
/data
/logs
/web
/certSome naming conventions had been followed as naming containers as mirabaud_[service].
Several folders have been created to store each service’s volumes, docker-compose.yml(s), extra configuration settings and so on:
# docker run -d -p 8080:8080 -p 50000:50000 --name=mirabaud_jenkins \
-v /home/[username]/jenkins/volumes/jenkins_home:/var/jenkins_home \
jenkinskeytool -importkeystore -srckeystore server.p12 -srcstoretype pkcs12 -srcalias 1 -destkeystore newserver.jks -deststoretype jks -destalias serversudo docker run -d --name mirabaud_jenkins -v /jenkins:/var/jenkins_home -p 8080:8443 jenkins --httpPort=-1 --httpsPort=8443 --httpsKeyStore=/var/jenkins_home/certs/keystore.jks --httpsKeyStorePassword=Mirabaud2017# docker run -d -p 9000:9000 -p 9092:9092 --name=mirabaud_sonarqube \
-v /home/[username]/sonarqube/volumes/conf:/opt/sonarqube/conf \
-v /home/[username]/sonarqube/volumes/data:/opt/sonarqube/data \
-v /home/[username]/sonarqube/volumes/extensions:/opt/sonarqube/extensions \
-v /home/[username]/sonarqube/volumes/lib/bundled-plugins:/opt/sonarqube//lib/bundled-plugins \
sonarqube# docker run -d -p 8081:8081 --name=mirabaud_nexus\
-v /home/[username]/nexus/nexus-data:/sonatype-work
sonatype/nexusBoth Services had been deploying by using the # docker-compose up -d command from their root directories (/gitlab and /mattermost). The syntax of the two docker-compose.yml files is the one corresponding with the 1st version (due to the docker-compose v1.5).
mirabaud:
image: 'gitlab/gitlab-ce:latest'
restart: always
ports:
- '8888:80'
volumes:
- '/home/[username]/gitlab/volumes/etc/gilab:/etc/gitlab'
- '/home/[username]/gitlab/volumes/var/log:/var/log/gitlab'
- '/home/[username]/gitlab/volumes/var/opt:/var/opt/gitlab'docker run -d -p 8888:80 --name=mirabaud_gitlab \
-v /home/[username]/gitlab/volumes/etc/gitlab/:/etc/gitlab \
-v /home/[username]/gitlab/volumes/var/log:/var/log/gitlab \
-v /home/[username]/gitlab/volumes/var/opt:/var/opt/gitlab \
gitlab/gitlab-cedb:
image: mattermost/mattermost-prod-db
restart: unless-stopped
volumes:
- ./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro
environment:
- POSTGRES_USER=mmuser
- POSTGRES_PASSWORD=mmuser_password
- POSTGRES_DB=mattermost
app:
image: mattermost/mattermost-prod-app
links:
- db:db
restart: unless-stopped
volumes:
- ./volumes/app/mattermost/config:/mattermost/config:rw
- ./volumes/app/mattermost/data:/mattermost/data:rw
- ./volumes/app/mattermost/logs:/mattermost/logs:rw
- /etc/localtime:/etc/localtime:ro
environment:
- MM_USERNAME=mmuser
- MM_PASSWORD=mmuser_password
- MM_DBNAME=mattermost
web:
image: mattermost/mattermost-prod-web
ports:
- "8088:80"
- "8089:443"
links:
- app:app
restart: unless-stopped
volumes:
- ./volumes/web/cert:/cert:ro
- /etc/localtime:/etc/localtime:roHow to generate the certificates:
Get the crt and key from CA or generate a new one self-signed. Then:
// 1. create the p12 keystore
# openssl pkcs12 -export -in cert.crt -inkey mycert.key -out certkeystore.p12
// 2. export the pem certificate with password
# openssl pkcs12 -in certkeystore.p12 -out cert.pem
// 3. export the pem certificate without password
# openssl rsa -in cert.pem -out key-no-password.pemSSL:
Copy the cert and the key without password at:
./volumes/web/cert/cert.pem
and
./volumes/web/cert/key-no-password.pem
Restart the server and the SSL should be enabled at port 8089 using HTTPS.
-- db --
volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data
/etc/localtime:/etc/localtime:ro # absolute path
-- app --
volumes/app/mattermost/config:/mattermost/config:rw
volumes/app/mattermost/data:/mattermost/data:rw
volumes/app/mattermost/logs:/mattermost/logs:rw
/etc/localtime:/etc/localtime:ro # absolute path
-- web --
volumes/web/cert:/cert:ro
/etc/localtime:/etc/localtime:ro # absolute pathAll integrations had been done following CICD Services Integration guides:
|
Note
|
These guides may be obsolete. You can find here the official configuration guides, |
This documentation is licensed under the Creative Commons License (Attribution-NoDerivatives 4.0 International).
