rht-labs / labs-ci-cd Goto Github PK

https://github.com/rht-labs/ansible-stacks/tree/master/roles/configure-nexus

The sonar bash scripts should be improved - i.e.:

• random sleeps (i.e.: `sleep 20) - these should be either removed or changed to be better logic
• a not unnecessary negative logic - i.e.: ! -z that can be written as -n
• should be enhanced to be part of s2i assemble process rather than Dockerfile

https://github.com/rht-labs/labs-ci-cd/blob/master/docker/sonarqube/run.sh
https://github.com/rht-labs/labs-ci-cd/blob/master/docker/sonarqube/plugins.sh

Seeing behavior consistently. Appears to be due to duplicated / unnecessary build triggers

These are carry over issues from after the merge: rht-labs/openshift-sonarqube#18

It's unlikely we need both, both let's verify that.

When create a build config it would be nice to support gitlab / github triggers in the s2i-app-build templates

Should work if you need it or not.

Currently, the jenkins-s2i config needs to be in a public repo, but it would be nice to have the functionality to use private repos as well (important for Labs engagements with internally hosted GitLab instances)

openshift/origin#17019 is being caused by mismatch of OC client in the slave to the OCP server.

https://access.redhat.com/containers/#/registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7/images/v3.6.173.0.49-5 works with OCP v3.6.173.0.21

We aren't using the extra projects in practice and they are just consuming extra resources and adding maintenance overhead. Where people need extra projects, obviously they can customize

No value is in the params file. Different templates have diff values. We need to set this value so we dont have surprises between clusters.

And have one of the example apps hit the proxy

Once #44, https://github.com/rht-labs/openshift-jenkins-s2i-config/issues/52 and rht-labs/openshift-sonarqube#16 are merged, we need to cut a release of this repo.

Before doing that, we should decided on a versioning schem.

Add an additional step to the Dockerfile to replace the default (Labs) logo in case we want to use Customer's one

Sometimes during builds of various images we get a failure:

Successfully built 1b59938f722b
Pushing image 172.30.1.1:5000/labs-ci-cd/mvn-build-pod:latest ...
error: build error: Failed to push image: unauthorized: authentication required

We need to determine why and how to prevent it.

the inventory in ci-cd-bootstrap should contain the minimal things we need. we should move the other components into different inventories related to module functions e.g. static analysis vs pen-testing vs software supply chain. these different modules so be completely standalone except for optionally depending on the bootstrap.

This allows users to easily consume the components they need

the term build pod is confusing. replace with jenkins slave a la https://github.com/rht-labs/labs-ci-cd/tree/master/docker/jenkins-slave-ansible

We have https://github.com/rht-labs/openshift-templates. Can that be the home for templates, and the we reference them from here?

When running the inventory with the latest Ansible/CASL code, an error is generated that the unprivileged user does not have rights to view requests at the cluster level.

To resolve this, the ProjectRequest items in the inventory/group_vars/all.yml need either template_action: create or file_action: create added to each item.

Carried over from old repo

Currently, the plugins.sh script will attempt to install plugins without regard to if the latest plugin is compatible with the latest SonarQube version. Need to add logic to the plugins.sh script to limit the installable plugins and log incompatible plugins being requested.

Should just document the use of Ansible and avoid a wrapper .sh that could drive the wrong behavior.

Should we add it to the inventory? It at least needs mention in the README

Hi,

What are the node memory requirements to deploy labs-ci-cd?
Asking as attempting to deploy on a single node standalone (oc cluster up) cluster?

Thanks
SRG

@pcarney8 you interested in this?

rht-labs/openshift-sonarqube#16

The SOURCE_REPOSITORY_URL in the params/jenkins-slave-ansible/build file should reference the one in this repo; not @sherl0cks one....
SOURCE_REPOSITORY_URL=https://github.com/sherl0cks/labs-ci-cd

Happy to PR and fix if it's helpful and not naggy!
:)

shipped in ocp base image

When the feature is available. This will group the db with the app in the web console.

label
- app = sonar

Add code to the Jenkins init groovy scripts to configure webhooks for SonarQube.

A little error handling loop here on the init script would be good

https://github.com/rht-labs/labs-ci-cd/blob/master/s2i-config/jenkins-master/configuration/init.groovy.d/configure-sonarqube.groovy#L88

Seems to be lots of internet examples to do this.

our current slack integration with Jenkins requires a deployment config that supports the custom env variables for slack integration. the current inventory uses the out of the box ephemeral template which does not support these env vars, and we also don't have post roles in the openshift applier yet which would allow us to add such vars. so one of a few things needs to happen (in order of my preference):

• drop the existing jenkins integration with slack in favor of a hubot deployment (@mcanoy has prototype work here)
• add a post role (once available) to add the env vars needed to make the existing integration work
• provide a custom jenkins deployment config to support the existing slack integration

https://github.com/rht-labs/openshift-jenkins-s2i-config/issues/52

For example lines 1 & 3 for memory limit:
https://github.com/rht-labs/labs-ci-cd/blob/master/params/sonarqube/build-and-deploy#L1

https://github.com/rht-labs/labs-ci-cd/blob/master/openshift-templates/jenkins-s2i-build/template.json#L81

https://github.com/rht-labs/labs-ci-cd/blob/master/openshift-templates/jenkins-s2i-build/template-with-secret.json#L83

Currently, the SonarQube image is always the "latest" version of SonarQube, thus there is no guarantee that any given release of this project will have the same version of SonarQube.

Like Sonar does

this will make it easier for tools to generate inventories with the same content, but in different namespaces

as seen here: https://github.com/rht-labs/coolstore-microservice-demo/blob/master/inventory/group_vars/all.yml#L7

openshift-applier now processes these templates locally so you do not need privileged access to run them.

To avoid confusions around the generic word "template", I'd like to vote for renaming the top level directory from template to openshift-templates

Gogs must start with an specific user ID as defined in the Dockerfile to work properly

https://github.com/rht-labs/labs-ci-cd/blob/master/docker/tool-box/Dockerfile#L4

line 2: npm: command not found when running from Jenkins

@mdanter @InfoSec812

Let's use the out of the box templates if possible

https://access.redhat.com/containers/?tab=overview#/registry.connect.redhat.com/sonatype/nexus-repository-manager

See attached build log. This is on OCP 3.7. I'm just running the inventory, nothing special.

zap-build-pod-1-build.log

build_params vs deploy_params is not being followed by convention, and it's confusing for new users. Let's consolidate these into something that is more meaningful. Perhaps each app has its own folder including all build / dev / test / uat params. I'm not a fan of 1 file per directory