Continuous Delivery in Enterprise Environments Using Docker, Ansible and Jenkins

Continuous Delivery in Enterprise Environments using Docker, Ansible and Jenkins_

Dennis Schulte, Marcel Birkner codecentric AG 2 Our Project Experience

3 Our experiences using Docker_

Build/Test/Deployment Getting Started with Docker Infrastructure

Standardization, Conformity, Compliance JBoss / Java EE (Security)

Microservices, Lightweight, Technology Dashboard Flexibility

Greenﬁeld Enterprise Speed, Flexibility, Duplicated Environments

20 % Learning / using new technologies

4 Our experiences using Docker_

Build/Test/Deployment Getting Started with Docker Infrastructure

Standardization, Conformity, Compliance JBoss / Java EE (Security)

Microservices, Lightweight, Technology Dashboard Flexibility

Greenﬁeld Enterprise Speed, Flexibility, Duplicated Environments

20 % Learning / using new technologies

5 JBoss / Java EE_

CI/CD Pipeline

Jenkins GitLab SonarQube Nexus SeleniumHub

Applications Backend

JBoss EE JBoss EE JBoss EE JBoss EE JBoss EE DB2

JBoss EE JBoss EE JBoss EE JBoss EE JBoss EE ERP

JBoss EE JBoss EE JBoss EE JBoss EE JBoss EE LDAP

JBoss EE JBoss EE JBoss EE JBoss EE JBoss EE IMS

Platform Vagrant VMWare Our experiences using Docker_

Build/Test/Deployment Getting Started with Docker Infrastructure

Standardization, Conformity, Compliance JBoss / Java EE (Security)

Microservices, Lightweight, Technology Dashboard Flexibility

Greenﬁeld Enterprise Speed, Flexibility, Duplicated Environments

20 % Learning / using new technologies

7 Dashboard_

CI/CD Pipeline

Jenkins SonarQube Nexus SeleniumHub GitHub EE

Application Backend

ReactJS Spring Boot Cassandra Spring Boot JIRA

AngularJS Scala Postgres Spring Boot WordPress

Static HTML NodeJS SpringBatch Keycloak Xing

ReactJS Neo4J JBoss EE Nginx IMS

Platform OpenStack Our experiences using Docker_

Build/Test/Deployment Getting Started with Docker Infrastructure

Standardization, Conformity, Compliance JBoss / Java EE (Security)

Microservices, Lightweight, Technology Dashboard Flexibility

Greenﬁeld Enterprise Speed, Flexibility, Duplicated Environments

20 % Learning / using new technologies

9 Greenﬁeld Enterprise_

CI/CD Pipeline

Jenkins SonarQube Nexus SeleniumHub GitHub EE

Application Backend

WebServices Spring Boot ReactJS Spring Boot DB2 Admin

Oracle Nginx Postgres SpringBatch SpringBatch SpringBatch SpringBatch SpringBatch SAP SpringBatch Spring Boot SpringBatch HSQL SpringBatch

LDAP

Platform Vagrant OpenStack VMWare INFRASTRUCTURE AS CODE

11 WRITE, PLAN, AND CREATE INFRASTRUCTURE AS CODE

12 Infrastructure Automation_

Platform Compute JBoss EE Instances

OpenStack Compute Spring Boot AWS Instances

VMWare Compute Instances ReactJS

Compute Neo4j Instances

13 Terraform :: Deﬁne Region & SSH Key Pair_

14 Terraform :: Deﬁne Security Group_

15 Terraform :: Deﬁne Resource_

16 Terraform :: Roll out_

• terraform plan • terraform apply

17 APP DEPLOYMENT, CONFIGURATION MANAGEMENT AND ORCHESTRATION

18 Infrastructure Automation_

Platform Compute JBoss EE Instances

OpenStack Compute Spring Boot AWS Instances

VMWare Compute Instances ReactJS

Compute Neo4j Instances

19 Ansible :: CD Infrastructure Provisioning_

CI/CD Pipeline

Jenkins GitLab SonarQube Nexus SeleniumHub

• ansible-playbook site.yml

20 Ansible :: Jenkins Role (directory listing)_

21 Ansible :: Jenkins Role (Ansible Task Excerpt)_

22 Ansible :: Application Provisioning_

Application

ReactJS Spring Boot Postgres

• ansible-playbook site.yml

23 Ansible :: Spring Boot Role (excerpt)_

24 Ansible :: Application Deployment_

ReactJS Spring Boot Postgres

• ansible-playbook deploy-example-application.yml --extra-vars "version=1.0.0"

• ansible-playbook undeploy-example-application.yml

25 Ansible :: Infrastructure Repository :: Inventory & Playbooks_

Environment speciﬁc settings { Ansible Playbooks & Settings {

26 Continuous Delivery using Docker

27 Software Development Process_

Prod Developer Build and Release Deployment Spring Boot

Nexus

Staging

GitLab Jenkins Docker Registry Jenkins Spring Boot

SonarQube Test GitLab Spring Boot

SeleniumHub

Dev

Spring Boot

28 Live Demo

29 Demo :: Links_

Tool URL Credentials

Jenkins http://jenkins.example.local OpenLDAP

Nexus http://nexus.example.local OpenLDAP

SonarQube http://sonarqube.example.local OpenLDAP

Gitlab http://git.example.local OpenLDAP

Docker Registry http://docker.example.local:5000/v2/_catalog no login required

Testserver http://testserver.example.local:8080 no login required

30 Jenkins :: Docker Images Build Jobs_

31 Jenkins :: Example App Build & Deploy Jobs_

32 Jenkins :: Application Deployment Job_

33 Jenkins :: Example Spring Boot Application_

34 Demo End

35 Docker :: Image Hierarchy_

centos:7

jdk:8 jre:8

example-application: jenkins-master:LTS nexus:LTS sonarqube:LTS example-application: example-application:1.0.0 example-application:1.0.0 example-application:1.0.0 1.0.0 36 1.0.0 Docker :: JRE & Example Application Dockerﬁle_

jre:8

example-application: 1.0.0

37 Docker :: Image Hierarchy :: JBoss Migration_

rhel:7.2

jdk:8 jre:8

jenkins-master:LTS nexus:LTS sonarqube:LTS eap:6.4

jboss-application: jboss-application: jboss-application: 1.0.0 1.1.0 1.2.0 Docker :: EAP Dockerﬁle_

eap:6.4

39 Docker :: JBoss Dockerﬁle_

jboss-application:1.0.0

40 Best Practices

41 Best practices_

Automate Everything •Everything is in version control •Use Ansible inventory for environment speciﬁc information •Use Ansible Vault for secure storage for passwords •Generate Jenkins Jobs automatically via Job DSL • GitLab REST API •One Click Release & Deployments

42 Docker_

Stable Docker Setup •All application run in Docker container •Environment independent Docker images •Use latest OS version (recent Kernel) •Use ﬁxed Docker / Ansible versions •Have a clone of every system for testing new versions • incl. CI/CD Pipeline •Create User / Group (uid/gid) per Application Type • required for volume mount permissions •Do not run Docker Container under root!

43 44 Enterprise Environments_

Typical problems •Company Proxies • HTTPs / Man-in-the-Middle •Self-signed Certiﬁcates (HTTPs) •Freedom to spin up servers using Terraform •Automate network conﬁguration •Docker Registry: "No space left on device" •Keynote • Jean-Jacques van Oosten: "Do not compromise!"

45 46 “Thanks for your attention.”

Dennis Schulte, Senior IT-Consultant codecentric AG Hochstraße 11 42697 Solingen, Deutschland [email protected] www.codecentric.de blog.codecentric.de denschu Marcel Birkner, Software-Consultant codecentric AG Hochstraße 11 42697 Solingen, Deutschland [email protected]