Continuous Delivery in Enterprise Environments using Docker, Ansible and Jenkins_ Dennis Schulte, Marcel Birkner codecentric AG 2 Our Project Experience 3 Our experiences using Docker_ Build/Test/Deployment Getting Started with Docker Infrastructure Standardization, Conformity, Compliance JBoss / Java EE (Security) Microservices, Lightweight, Technology Dashboard Flexibility Greenfield Enterprise Speed, Flexibility, Duplicated Environments 20 % Learning / using new technologies 4 Our experiences using Docker_ Build/Test/Deployment Getting Started with Docker Infrastructure Standardization, Conformity, Compliance JBoss / Java EE (Security) Microservices, Lightweight, Technology Dashboard Flexibility Greenfield Enterprise Speed, Flexibility, Duplicated Environments 20 % Learning / using new technologies 5 JBoss / Java EE_ CI/CD Pipeline Jenkins GitLab SonarQube Nexus SeleniumHub Applications Backend JBoss EE JBoss EE JBoss EE JBoss EE JBoss EE DB2 JBoss EE JBoss EE JBoss EE JBoss EE JBoss EE ERP JBoss EE JBoss EE JBoss EE JBoss EE JBoss EE LDAP JBoss EE JBoss EE JBoss EE JBoss EE JBoss EE IMS Platform Vagrant VMWare Our experiences using Docker_ Build/Test/Deployment Getting Started with Docker Infrastructure Standardization, Conformity, Compliance JBoss / Java EE (Security) Microservices, Lightweight, Technology Dashboard Flexibility Greenfield Enterprise Speed, Flexibility, Duplicated Environments 20 % Learning / using new technologies 7 Dashboard_ CI/CD Pipeline Jenkins SonarQube Nexus SeleniumHub GitHub EE Application Backend ReactJS Spring Boot Cassandra Spring Boot JIRA AngularJS Scala Postgres Spring Boot WordPress Static HTML NodeJS SpringBatch Keycloak Xing ReactJS Neo4J JBoss EE Nginx IMS Platform OpenStack Our experiences using Docker_ Build/Test/Deployment Getting Started with Docker Infrastructure Standardization, Conformity, Compliance JBoss / Java EE (Security) Microservices, Lightweight, Technology Dashboard Flexibility Greenfield Enterprise Speed, Flexibility, Duplicated Environments 20 % Learning / using new technologies 9 Greenfield Enterprise_ CI/CD Pipeline Jenkins SonarQube Nexus SeleniumHub GitHub EE Application Backend WebServices Spring Boot ReactJS Spring Boot DB2 Admin Oracle Nginx Postgres SpringBatch SpringBatch SpringBatch SpringBatch SpringBatch SAP SpringBatch Spring Boot SpringBatch HSQL SpringBatch LDAP Platform Vagrant OpenStack VMWare INFRASTRUCTURE AS CODE 11 WRITE, PLAN, AND CREATE INFRASTRUCTURE AS CODE 12 Infrastructure Automation_ Platform Compute JBoss EE Instances OpenStack Compute Spring Boot AWS Instances VMWare Compute Instances ReactJS Compute Neo4j Instances 13 Terraform :: Define Region & SSH Key Pair_ 14 Terraform :: Define Security Group_ 15 Terraform :: Define Resource_ 16 Terraform :: Roll out_ • terraform plan • terraform apply 17 APP DEPLOYMENT, CONFIGURATION MANAGEMENT AND ORCHESTRATION 18 Infrastructure Automation_ Platform Compute JBoss EE Instances OpenStack Compute Spring Boot AWS Instances VMWare Compute Instances ReactJS Compute Neo4j Instances 19 Ansible :: CD Infrastructure Provisioning_ CI/CD Pipeline Jenkins GitLab SonarQube Nexus SeleniumHub • ansible-playbook site.yml 20 Ansible :: Jenkins Role (directory listing)_ 21 Ansible :: Jenkins Role (Ansible Task Excerpt)_ 22 Ansible :: Application Provisioning_ Application ReactJS Spring Boot Postgres • ansible-playbook site.yml 23 Ansible :: Spring Boot Role (excerpt)_ 24 Ansible :: Application Deployment_ ReactJS Spring Boot Postgres • ansible-playbook deploy-example-application.yml --extra-vars "version=1.0.0" • ansible-playbook undeploy-example-application.yml 25 Ansible :: Infrastructure Repository :: Inventory & Playbooks_ Environment specific settings { Ansible Playbooks & Settings { 26 Continuous Delivery using Docker 27 Software Development Process_ Prod Developer Build and Release Deployment Spring Boot Nexus Staging GitLab Jenkins Docker Registry Jenkins Spring Boot SonarQube Test GitLab Spring Boot SeleniumHub Dev Spring Boot 28 Live Demo 29 Demo :: Links_ Tool URL Credentials Jenkins http://jenkins.example.local OpenLDAP Nexus http://nexus.example.local OpenLDAP SonarQube http://sonarqube.example.local OpenLDAP Gitlab http://git.example.local OpenLDAP Docker Registry http://docker.example.local:5000/v2/_catalog no login required Testserver http://testserver.example.local:8080 no login required 30 Jenkins :: Docker Images Build Jobs_ 31 Jenkins :: Example App Build & Deploy Jobs_ 32 Jenkins :: Application Deployment Job_ 33 Jenkins :: Example Spring Boot Application_ 34 Demo End 35 Docker :: Image Hierarchy_ centos:7 jdk:8 jre:8 example-application: jenkins-master:LTS nexus:LTS sonarqube:LTS example-application: example-application:1.0.0 example-application:1.0.0 example-application:1.0.0 1.0.0 36 1.0.0 Docker :: JRE & Example Application Dockerfile_ jre:8 example-application: 1.0.0 37 Docker :: Image Hierarchy :: JBoss Migration_ rhel:7.2 jdk:8 jre:8 jenkins-master:LTS nexus:LTS sonarqube:LTS eap:6.4 jboss-application: jboss-application: jboss-application: 1.0.0 1.1.0 1.2.0 Docker :: EAP Dockerfile_ eap:6.4 39 Docker :: JBoss Dockerfile_ jboss-application:1.0.0 40 Best Practices 41 Best practices_ Automate Everything •Everything is in version control •Use Ansible inventory for environment specific information •Use Ansible Vault for secure storage for passwords •Generate Jenkins Jobs automatically via Job DSL • GitLab REST API •One Click Release & Deployments 42 Docker_ Stable Docker Setup •All application run in Docker container •Environment independent Docker images •Use latest OS version (recent Kernel) •Use fixed Docker / Ansible versions •Have a clone of every system for testing new versions • incl. CI/CD Pipeline •Create User / Group (uid/gid) per Application Type • required for volume mount permissions •Do not run Docker Container under root! 43 44 Enterprise Environments_ Typical problems •Company Proxies • HTTPs / Man-in-the-Middle •Self-signed Certificates (HTTPs) •Freedom to spin up servers using Terraform •Automate network configuration •Docker Registry: "No space left on device" •Keynote • Jean-Jacques van Oosten: "Do not compromise!" 45 46 “Thanks for your attention.” Dennis Schulte, Senior IT-Consultant codecentric AG Hochstraße 11 42697 Solingen, Deutschland [email protected] www.codecentric.de blog.codecentric.de denschu Marcel Birkner, Software-Consultant codecentric AG Hochstraße 11 42697 Solingen, Deutschland [email protected] www.codecentric.de blog.codecentric.de marcelbirkner 47.