{"id":18029339,"url":"https://github.com/dharmit/ccp-openshift","last_synced_at":"2025-03-27T03:31:06.387Z","repository":{"id":48743662,"uuid":"123950705","full_name":"dharmit/ccp-openshift","owner":"dharmit","description":"CentOS Container Pipeline Service","archived":false,"fork":false,"pushed_at":"2021-10-27T12:58:41.000Z","size":144,"stargazers_count":1,"open_issues_count":13,"forks_count":4,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-23T00:31:55.058Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://wiki.centos.org/ContainerPipeline","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dharmit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-03-05T16:58:26.000Z","updated_at":"2018-08-20T07:11:53.000Z","dependencies_parsed_at":"2022-09-23T20:51:21.991Z","dependency_job_id":null,"html_url":"https://github.com/dharmit/ccp-openshift","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dharmit%2Fccp-openshift","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dharmit%2Fccp-openshift/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dharmit%2Fccp-openshift/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dharmit%2Fccp-openshift/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dharmit","download_url":"https://codeload.github.com/dharmit/ccp-openshift/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245778440,"owners_count":20670682,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-30T09:08:55.234Z","updated_at":"2025-03-27T03:31:06.097Z","avatar_url":"https://github.com/dharmit.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"To spin up things in an OpenShift cluster based on the contents in this\nrepository, please make sure you have a minishift based VM or a CentOS VM with\nroot privileges. You'll also need to spin up Docker Distribution (registry) on\nsame VM or different VM.\n\n### Docker Distribution (registry) setup\n\nThe system on which you'd like to setup the registry, execute following\ncommands:\n\n```bash\n$ yum install -y docker-distribution\n$ systemctl enable --now docker-distribution\n```\n\nAlso make sure that the firewall rules are not blocking access to the registry\n(port 5000 by default.)\n\n### OpenShift setup\n\n**Minishift**\n\nStart the minishift VM using below command:\n\n```bash\n$ minishift start  \\\n--disk-size 50GB  \\\n--memory 8GB  \\\n--iso-url centos  \\\n--openshift-version 3.9.0  \\\n--insecure-registry \u003cregistry-ip\u003e:\u003cport\u003e\n```\n\nMemory and storage can be varied based on availability. It is recommended to\nhave 4GB memory and 20GB disk space as minimum. However, make sure to use\n`--iso-url centos` part in above command as we have setup things on CentOS based\nminishift VM.\n\n**CentOS VM**\n\nA CentOS VM with 8GB memory and 50GB disk space should suffice. You can adjust\nthe resources based on availability. It is recommended to have 4GB memory and\n20GB disk space as minimum.\n\nIn the VM, install docker and enable openshift origin repos:\n\n```bash\n$ yum install -y docker git centos-release-openshift-origin\n$ yum install -y origin-clients\n```\n\nEdit Docker config to support OpenShift's internal registry and the external\nregistry we created in earlier step. Update `/etc/docker/daemon.json`\n\n```json\n{\n\"insecure-registries\":[\"172.30.0.0/16\", \"\u003cregistry-ip\u003e:\u003cport\u003e\"]\n}\n```\n\nNow enable docker and bring up the oc cluster\n\n```bash\n$ systemctl enable --now docker\n$ oc cluster up --public-hostname=\u003cIP address of the VM\u003e\n```\n\nThis will bring up the OpenShift cluster with latest verion of OpenShift origin.\n\n**Bringing up the service**\n\nOnce the VM is ready with OpenShift cluster in it, spin up a Jenkins server\nthat can be used by the Jenkins Pipeline buildconfigs. Also, since we're going\nto be building images using Jenkins pods, we need to add few capabilities to\nthe Jenkins service account.\n\nDo this on host system:\n\n```bash\n$ oc login -u developer\n$ oc process -p MEMORY_LIMIT=1Gi openshift//jenkins-persistent| oc create -f -\n\n# to enable parallel builds\n$ oc set env dc/jenkins \\\nJENKINS_JAVA_OVERRIDES=\"-Dhudson.slaves.NodeProvisioner.initialDelay=0,-Dhudson.slaves.NodeProvisioner.MARGIN=50,-Dhudson.slaves.NodeProvisioner.MARGIN0=0.85\"\n\n$ oc login -u system:admin\n$ oc adm policy add-scc-to-user privileged system:serviceaccount:${openshift-namespace}:jenkins\n$ oc adm policy add-role-to-user system:image-builder system:serviceaccount:${openshift-namespace}:jenkins\n```\n\nwhere `openshift-namespace` is the name of the OpenShift project in which\nyou're working.\n\nThis spins up a persistent Jenkins deployment which has 1 GB memory alloted to\nit. The Jenkins service spun up by this template is recognized and used by the\nJenkins Pipelines.\n\n**Configuring DaemonSet**\n\nScanning is one of the build pipeline phase the service offers.\nIn scanning, we introspect the image built. In order to make scanning module\navailable on all the possible builder nodes, we configure and deploy\nDaemonSet. The DeamonSet spins up a pod per builder node, which avails\na docker volume for all the containers on the node. The scan stage in pipeline\nuses the volume for performing scan phase.\n\nDaemonSet needs to be deployed using cluster admin.\nConfigure it with cluster admin user:\n\n```bash\n# on host system\n$ git clone https://github.com/dharmit/ccp-openshift/\n$ cd ccp-openshift\n$ oc login -u system:admin\n$ oc create -f daemon-set/scan_data.yml\n```\n\nNote: The labels and name of pod defined for DaemonSet are used in pipeline\n[template](seed-job/template.yaml) to identify the container created using DaemonSet.\nPlease keep the mentioned fields intact in DaemonSet template.\n\nNow, login to the OpenShift cluster as user `developer` and create a build from the buildconfig under\n`seed-job` directory in cloned `ccp-openshift` repo:\n\n```bash\n# on host system\n$ oc login -u developer\n$ oc process -p PIPELINE_REPO=${PIPELINE_REPO}  \\\n-p PIPELINE_BRANCH=${PIPELINE_BRANCH}  \\\n-p REGISTRY_URL=${REGISTRY_URL}  \\\n-p NAMESPACE=`oc project -q`  \\\n-p FROM_ADDRESS=${FROM_ADDRESS}  \\\n-p SMTP_SERVER=${SMTP_SERVER} -f seed-job/buildtemplate.yaml | oc create -f -\n```\n\nIf you're a developer working on your fork, export appropriate values for the\nvariables used above. Otherwise you can use the command:\n\n```bash\n$ oc process -p PIPELINE_REPO=https://github.com/dharmit/ccp-openshift  \\\n-p PIPELINE_BRANCH=master  \\\n-p REGISTRY_URL=${REGISTRY_URL}  \\\n-p NAMESPACE=`oc project -q`  \\\n-p FROM_ADDRESS=${FROM_ADDRESS}  \\\n-p SMTP_SERVER=${SMTP_SERVER} -f seed-job/buildtemplate.yaml | oc create -f -\n```\n\n`REGISTRY_URL` is the IP:port combination of remote registry. For example\n`192.168.122.38:5000`.\n\n`FROM_ADDRESS` is the address from which emails will be sent to the end users.\n`SMTP_SERVER` is the server to be used to send emails.\n\nNow check in the OpenShift web console under Build -\u003e Pipelines and see if a\nJenkins Pipeline has been created. Be patient because the image being used is\nquite large (2.2 GB) at the moment.\n\nTo be able to build multiple container images at the same time, edit the\nJenkins deployment and add an environment variable `JENKINS_JAVA_OVERRIDES` to\nit with the value\n`-Dhudson.slaves.NodeProvisioner.initialDelay=0,-Dhudson.slaves.NodeProvisioner.MARGIN=50,-Dhudson.slaves.NodeProvisioner.MARGIN0=0.85`.\n\nSince you changed the configuration, wait for the a new deployment to take\neffect. Once it's done, exec into the Jenkins pod and check the output of `ps\n-ef`. The three configuration options we added above should up in the `java`\ncommand as space-separated and not comma-separated. Refer [this\ndiff](https://github.com/openshift/openshift-docs/pull/7259/files?short_path=05f80f3#diff-05f80f3ab954ce57c630417065819109)\nto ensure that values are passed properly.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdharmit%2Fccp-openshift","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdharmit%2Fccp-openshift","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdharmit%2Fccp-openshift/lists"}