Professional Documents
Culture Documents
Motivation
2
About Me
Researcher / PhD Student
(Software-based Networks)
2011 - 2016
3
PHP-based Content Management System
* because of laziness 6
Demo Time!
13
Survey
Whos Chef cookbooks (Puppet modules/etc) are tested in CI?
14
Jenkins Pipelines
15
Jenkins Pipelines
16
17
18
Introduction to
Jenkins Pipelines
Jenkins Pipeline DSL
Groovy DSL sh "make"
Provides steps, like sh sh "make install"
Defined in the Jenkinsfile
Can use Groovy/Java logic (Chef users like that idea, right?)
20
Jenkins Jobs as Code?
# Job DSL example
Jenkins Job Builder job('my-project-main') {
Python / YAML based scm {
From OpenStack git('https://github.com/...')
}
triggers {
scm('H/15 * * * *')
Job DSL plugin (job-dsl) }
Also Groovy DSL publishers {
Supports many, many plugins downstream('my-project-unit')
}
Creates only single jobs, not pipelines
}
21
Cookbook Pipeline?
sh 'berks install'
sh 'foodcritic'
sh 'kitchen test'
sh 'berks upload'
Picture by BarnImages / pixabay:
22
https://pixabay.com/en/sushi-food-japanese-fish-seafood-789820/
Stages
Allow visual grouping
stage('lint') {
sh 'foodcritic'
sh 'cookstyle'
}
stage('resolve dependencies') {
sh 'berks install'
}
stage('test-kitchen') {
sh 'kitchen test'
}
stage('upload') {
sh 'berks upload'
}
23
Nodes
Allocates a Jenkins executor (master/slave)
node {
stage('lint') { Pipeline
sh '..'
Stage Stage Stage
}
stage('resolve') { Step Step Step
sh '..'
Step Step Step
}
}
25
Multibranch Jobs
Scans repo for branches containing
Jenkinsfile
Automatically creates (deletes) jobs
26
More Steps to Come..
Jenkins Plugins can contribute DSL steps
27
Global Variables
Environment variables: env.BRANCH_NAME
env.BUILD_URL
* well-hidden feature 28
see https://st-g.de/2016/12/parametrized-jenkins-pipelines
Now Copy & Paste?
Inclusion via
@Library annotation in Jenkinsfile
Configuration of enclosing folder
Jenkins global configuration*
31
Pipeline Shared Libraries
(root)
+- src # Groovy source files the magic
| +- org
| +- foo actually code
| +- Bar.groovy # for org.foo.Bar class
|
+- vars
| +- foo.groovy # for global 'foo' variable
feel like
| +- foo.txt # help for 'foo' variable functions
|
+- resources # resource files
| +- org static files
| +- foo
| +- bar.json # static helper data for org.foo.Bar
32
https://jenkins.io/doc/book/pipeline/shared-libraries/
Global Variables
Can store global state (for the current build)
Can behave like steps
Useful to simplify pipeline code
Hide implementation details from users
# vars/deployTo.groovy # Jenkinsfile
def call(def environment) { node {
echo "Starting deployment to ${environment}" sh "make test"
withCredentials(..) { deployTo "production"
sh "rsync avzh . ${environment}.example.com" }
}
}
33
More Magic: Global Library Classes (src/)
Groovy classes implementing arbitrary logic
Make use of pipeline DSL steps
Use other Jenkins functions
Import and use Java libraries
34
Scripted vs. Declarative Pipelines
# Declarative Jenkinsfile
pipeline {
Scripted pipelines agent label:'has-docker', dockerfile: tru
environment {
Just (imperative) Groovy code GIT_COMMITTER_NAME = "jenkins"
The original implementation }
The approach used here stages {
stage("Build") {
steps { sh 'mvn clean install' }
}
Declarative pipelines stage("Archive"){
// ..
Hit the 1.0 release last Friday }
Can be validated prior to execution }
Ease some tasks, i.e., failure handling post {
always {
Visual Pipeline Editor plugin deleteDir()
}
success { 35
mail to:"me@example.com", subject:"SUC
Jenkins Pipeline Summary
Groovy DSL for specifying pipelines as code
36
An Open-Source Chef Cookbook CI/CD Implementation
Using Jenkins Pipelines
jenkins-chefci
Forbidden Commands
$ berks upload
$ knife cookbook upload
$ knife data bag from file
$ knife data bag delete
$ knife environment from file
$ knife environment delete
$ knife role from file
$ knife role delete
$ git pull
$ git commit
$ git push
Allowed Commands
Pictures by PublicDomainPictures & serrano / pixabay: 38
https://pixabay.com/en/costume-demon-devil-board-female-15747/
https://pixabay.com/en/bebe-girl-child-child-portrait-1237704/
Meet the jenkins-chefci cookbook
Sets up a Chef CI/CD infrastructure using Jenkins
Sets up Jenkins master
Installs ChefDK, configures credentials
Configures job that scans a GitHub organization
Configures our shared pipeline library
https://github.com/TYPO3-infrastructure/jenkins-pipeline-global-library-chefci/
node {
createKitchenYaml()
expected result,
stash "cookbook" not hard-coded
}
parallel(
"essentials-debian-86": { node {
unstash "cookbook"
sh "kitchen test --destroy always essentials-debian-86" }},
"essentials-ubuntu-1604": { node { .. } },
"full-debian-86": { node { .. } },
"full-ubuntu-1604": { node { .. } } 43
)
Test-Kitchen (2)
Parallel instances automatically derived from kitchen status
44
* cookbook configures this via API 45
46
47
48
The Art of Cookbook Versioning
Let's agree on SemVer
I do not agree with manual changes to metadata.rb
49
Demo Time!
51
Versioning (2)
Publish stage notifies via Slack
52
"Main Chef-Repo"
Not covered here, but in site-chefcitypo3org cookbook
Freestyle job, defined via JobDSL
Uses script to parse git diff and
upload changes using knife
53
Additional Notes
Manually configured J organization-level webhook triggers
immediate builds
Everything else is done automatically, no "manual handholding"
54
Using jenkins-chefci
Ease of Use
Checkout cookbook from github.com/TYPO3-cookbooks/jenkins-chefci
Increase GitHub API rate limit
export JENKINS_GITHUB_LOGIN=johndoe WARN: allows commit
export JENKINS_GITHUB_TOKEN=123456supersecure
status update
Allow to steal your Chef credentials
export JENKINS_COPY_CHEF_CREDENTIALS=1 WARN: allows knife/berks
Run test-kitchen to access Chef Server
kitchen converge full-ubuntu-1604
56
(Potential) TODOs for you
Write your wrapper cookbook around jenkins-chefci
Point it to your organization
Add authentication, e.g., GitHub OAuth?
Fork the global library
Adjust pipeline to your needs
You don't have to agree with our (current) implementation
57
Outlook / TODOs
Documentation / blog posts
Move more stuff from site-chefcitypo3org to jenkins-chefci
chefdk() global function to run in chef/chefdk Docker container
Store Chef private key as Jenkins credential
Test using multiple chef-client version
Use JobDSL for organization-folder setup (#966)
Trigger downstream cookbooks
Read out dependencies and subscribe to successful pipeline runs
Paves the road to Policyfiles
Use Jenkins slaves
Collect chef-client deprecation warnings
58
Conclusion
Jenkins Pipelines allow to define pipelines as code
Groovy-based DSL allows programming of pipelines
Can definitively become complex, i.e., debugging
Jenkins Pipelines for Chef cookbook CI/CD
Running at TYPO3 since May 2016 (site-chefcitypo3org cookbook)
Public instance at https://chef-ci.typo3.org, open source from day 1
Warning: Many cookbooks still use v1 pipeline (git-flow)
jenkins-chefci cookbook as reusable implementation
Makes setup accessible to broader audience
No dependencies to other TYPO3 cookbooks
59
Further Reading
TYPO3's Chef CI:
https://chef-ci.typo3.org
TYPO3-cookbooks on GitHub:
https://github.com/TYPO3-cookbooks
TYPO3's Shared Global Library:
https://github.com/TYPO3-infrastructure/jenkins-pipeline-global-library-chefci/
Pipeline Tutorial:
https://github.com/jenkinsci/pipeline-plugin/blob/master/TUTORIAL.md
Getting started with pipelines:
https://jenkins.io/pipeline/getting-started-pipelines/
Step documentation:
https://jenkins.io/doc/pipeline/steps/
Pipeline shared libraries:
https://jenkins.io/doc/book/pipeline/shared-libraries/
Notifications (Mail, Slack, etc.) in Scripted Pipelines:
https://jenkins.io/blog/2016/07/18/pipline-notifications/
Declarative Pipelines
https://jenkins.io/blog/2016/12/19/declarative-pipeline-beta/
https://jenkins.io/blog/2017/02/03/declarative-pipeline-ga/
60