I have made a foray into Jenkins to deploy VMware Photon within my vSphere environment. This foray has the end goal of using Jenkins, VMware Photon, and Docker to deploy applications within my hybrid cloud. I have an increased need to deploy web properties as well as to automatically apply in-depth testing to those properties. Quite frankly, the amount of time it takes me to do these things by hand is just getting to be too much of a time sink, so now it is time to use modern tools to augment my existing scripts. Here is my journey into the new world.
The steps to achieving this are well laid out by many others, and I leveraged previous work as much as possible. So, here are my steps:
- Install CentOS 7 Minimal Install into a VM, and then add the following RPMs:
- perl
- open-vm-tools
- git
- Install VMware Tools into the CentOS 7 Minimal Install VM.
- Install Photon from ISO (http://bl.ocks.org/jrrickard/114b8c35b1d5306ff3e0). Now, I stopped my duplication of this effort after the first jenkins-slave was installed. All else did not meet my needs.
- Install Fedora EPEL distribution into the Jenkins VM for CentOS 7 (https://fedoraproject.org/wiki/EPEL). This is needed to install Open Source Puppet.
- Install Puppet into the Jenkins VM. While I could have used another server, this simplifies network traffic somewhat (https://docs.puppetlabs.com/guides/install_puppet/install_el.html). Before following any of the steps in the install guide for Puppet, I installed the following RPMs:
- puppet
- puppet-firewalld
- puppet-server
- Add the following plugins to Jenkins:
- Active Directory Plugin
- Docker Plugin
- docker-build-step
- GIT Client Plugin
- GIT Plugin
- git-notes Plugin
- PowerShell Plugin
- Tracking Git Plugin
- vSphere Plugin
These plugins, once configured, allow the secure integration with GIT, vSphere, and Docker.
- Configure Global Security to enable Active Directory. After enabling security within Jenkins, I enabled Active Directory and Project-based Matrix Authorization Strategy. Once you enable this authorization strategy, be sure to add at least one user as the administrator so you can log in and continue to use Jenkins. If you get this wrong, you will need to edit the config.xml file for Jenkins and remove any authentication stanzas, then restart Jenkins.
- Add a Jenkins-specific user to vCenter with a Jenkins Role. Remember, there is a best practice of having one user per service in vCenter, and there is a need for each service user to have the proper roles. The roles are for those who need to clone a VM (http://kb.vmware.com/kb/1027743).
- Configure (Jenkins) System with Add a new cloud. The Add a new cloud button configures the vSphere plugin. You configure the vSphere plugin by pointing it to your vCenter server and giving it a unique name. In my case, I called my vCenter server “Photon,” to remind me I am only using this for Photon VMs.
The first stage of my install is now finished. I should be able to clone a virtual machine using the vSphere plugin within Jenkins. I achieved this by doing the following:
- Use the New Item link to create a new Project inside Jenkins.
- Give that Project a name, such as “Photon-Nginx.”
- Disable any source code management, as we have yet to write any code.
- Disable everything else inside the Project configuration, as we do not want to do anything but a vSphere Build Step.
- Using Add build step, add a vSphere Build Step.
- Select the vCenter server you previously configured.
- Select the Clone VM from VM or Template vSphere Action and fill out all the lines necessary. I furthermore selected Linked Clone. All fields need to be filled out; the VM to clone name should be your Photon instance. You should click on the Check Data button to test your entries. I found it useful to also have the vCenter Web Client running at the same time.
- Save the Project configuration.
- Right-click on the Project name and select Build Now. If everything works as expected—and it did for me—you should now have deployed a link clone of your Photon instance.
However, that is not all I wish to do. Deploying Photon linked clones from within Jenkins is just the first step. I really want to configure a Docker container within the Photon instance and then use Instant Clone to deploy many copies of my chosen application as needed. This requires a bit more work. Specifically, it requires the use of PowerShell, as that is the only way Instant Clone works. It also requires that I know the IP of the virtual machine, which I can get through the vSphere SDK, and also via PowerShell. To do all this, I need a Windows Jenkins slave. The next steps are to deploy this Jenkins slave to the Windows vCenter helper VM that I use for all Windows-related tasks. I could use another node, but this one has everything installed, such as PowerCLI, etc. The steps I took are:
- Define a dumb node within the Jenkins server and follow the instructions within https://wiki.jenkins-ci.org/display/JENKINS/Step+by+step+guide+to+set+up+master+and+slave+machines.
- On the CentOS 7 Jenkins server, run the following commands before step 5 of the previous link:
sudo firewall-cmd --zone=public --add-port=34540/tcp --permanent sudo firewall-cmd --reload
Now, if everything works, you should see a new node within your Jenkins Manage Jenkins -> Manager Node list. I labelled this slave node as vCenter so I can target build steps to just that node.
The next set of build steps are to do the following:
- Determine the public IP of the linked clone just copied.
- Load NGINX as a Docker container within that VM.
- Run the container.
- Ensure I can access this new web server.
- Use Jenkins to run a load test against my newly deployed environment.
My future plans include making containers for an NGINX Load Balancer/Reverse Proxy so I can have multiple web properties using the same ports, and deploying WordPress with NGINX and Facebook’s HipHop VM to improve PHP performance as a container, using a containerized version of MySQL. Eventually, I should have containers for my web-based applications so that I can be Linux-distribution agnostic. All this, while maintaining a level of security, isolation, and separation of my workloads.
