Yale is a diverse place with a wide variety of technologies and a wide range of developer skillsets. This talk will walk you through the journey that we took to standardize where we could and to bring Yale software build and deploy under control. Our goals are to reduce complexity, increase security, increase agility, accept responsibility for what should be ours and otherwise get out of the developer's way. Jenkins is an integral piece of meeting these goals.
JUC NYC 2012: Yale Build and Deployment with Jenkins
1. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Yale Build and Deploy
E Camden Fisher
Yale University ITS
2. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Who am I?
E Camden Fisher
Technical Lead
Unix Infrastructure and Virtualization
Information Technology Services
Yale University
camden.fisher@yale.edu
@fishnix
5. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Let’s Not Forget Continuous Integration!
! Maintain a Single Source Repository
! Automate the Build
! Make Your Build Self-Testing
! Everyone Commits to the Mainline Every Day
! Every Commit Should Build the Mainline on an
Integration Machine
! Keep the Build Fast
! Test in a Clone of the Production Environment
! Make it Easy for Anyone to Get the Latest Executable
! Everyone can see what's happening
! Automate Deployment
Avoid "Integration Hell!!”
6. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Why we chose Jenkins?
! Easy!
! Extensible
! Scalable
! Flexible
! Open Source
! Supported!
7. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Yale History Lesson
Application lifecycle is a progression
! Source Code Management
! Maven and Artifactory
! Building and Testing with Jenkins
! Container Configurable artifacts
! Runtime Configurable Containers
! Managed deployments with Jenkins
8. Jenkins User Conference New York, May 17 2012 #jenkinsconf
SCM
SCCS
cp –pr
RCS
Subversion
CVS VSS
9. Jenkins User Conference New York, May 17 2012 #jenkinsconf
MVN
Maven
! Project Object Model (POM)
! Simplifies dependency resolution ("oops I forgot that .jar!")
! Makes the build process easy and uniform
Artifactory (Maven Repository)
! Where do I put my built artifacts?
! Makes it easy for everyone to get the latest build!
10. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Builds: Before Jenkins
! We have a single source repo + a place to
store built artifacts, but…..
– Builds still take a long time
– Testing takes longer!
– Code coverage take even longer!
– Build environments are not standardized
– Mistakes are caught later, hard to debug
11. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Builds: Enter Jenkins
! SCM commits automatically kick off a build
! Testing and code coverage is automated and is run on
every commit.
! Broken builds immediately notify the team and the
committer
! Tests run in a Clone of the Production Environment!
! Everyone can easily see what's happening!
! Developers can get back to coding instead of building
and testing.
! Releases are quick and easy
12.
13. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Deployment: The problem.
! Configuration must be different per environment
! Choice between loss of control or loss of agility
– Often devs configure the container
– Either devs can edit deployables or they can't
! If they can... things are bad
– Code is deployed, edited and removed w/out Change
Control
– Moving quickly… "I'll clean it up later!"
– Dev environments quickly diverge from Production
– Security is compromised
! If they can't... things are worse
– Change requests are "slow”
– Systems groups must do everything
14. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Deployments: How do we fix them?
! Standardize the process!
! Promote SANE change control
! Normalize deployables/artifacts
! Single location for app configuration data
! Standardize the container
! Externalize what makes an environment
unique and special
15. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Yale Application Installer Plugin
! Standardize the process!
! Why?
– SSH creds + Delegation
– Manage keys outside
– Node name substitution
! How?
– Installer is co’d, scp’d
– install.properties on dest
– Pre-Install
– SSH exec installer
– Post-Install
16. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Container Configurable Artifacts
! Artifacts were built with embedded configuration.
– ie. datasources, SSO, service endpoints, etc
– Artifacts are different per environment! WAT!?
– "Oops, I forgot to update that parameter!"
! Externalize configuration parameters!
– deployable XML using JNDIBindingServiceMgr
– Apps self configure with JNDI
! With Container Configurable artifacts…
– The SAME artifact migrates between environments
– XML configuration data (stored as build parameters in
Jenkins) is all that differentiates environments
18. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Container Configurable Artifacts
String jndiBinding = “JNDI_PATH_HERE”;
Context ctx = null;
try {
logger.info("Loading config from JNDI path: " + jndiBinding);
ctx = new InitialContext();
Map<String, String> config = (Map<String, String>) ctx.lookup(jndiBinding);
doSomethingWithConfig(config);
} catch (Exception e) {
throw new RuntimeException("Error getting configuration from JNDI. ", e);
} finally {
try { ctx.close(); } catch (Exception e) { }
}
19. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Yale Standard Java Container
! JBoss EAP (5.1 now)
! Minimal customization to externalize
configuration into runtime
! JAAS provider for CAS SSO
! Packaged in RPM
! Configuration Management to install +
manage what’s “special”
! Meets 100% of use cases (so far)
! Runtime configurable container is key!
20. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Yale Standard Java Container
$JBOSS_HOME/deploy/jbossweb.sar/server.xml
<!-- Connector for SSL 20100624 ECF -->
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="${jboss.bind.httpsport}" address="${jboss.bind.address}”
secure="true" clientAuth="false" scheme="https”
proxyName="${jboss.proxyname}" proxyPort="${jboss.proxyport}”
SSLCertificateFile="${jboss.server.home.dir}/conf/server.crt"
SSLCertificateKeyFile="${jboss.server.home.dir}/conf/server.pem”
URIEncoding="UTF-8” SSLProtocol="TLS”>
/etc/init.d/jboss_nodexx
# JBoss variables
export JBOSS_OPTS=“-Djboss.bind.httpport=${HTTPPORT}
-Djboss.bind.httpsport=${HTTPSPORT} ${ADDLJBOPTS}”
${JBOSS_HOME}/bin/run.sh ${JBOSS_OPTS} -c ${JBOSS_NODE} -g $
{JBOSS_PARTITION} -b ${JBOSS_BIND} -u ${CLSTR_ADDR}
28. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Deployments: The result.
! Consistency!
! Jenkins writes configuration XML: $human_error--
! Eliminate shells, and elevated privileges on servers
! Container is managed by infrastructure with the O/S
! Developers can deploy to DEV at will
! Empowers developers to GTD
! Puts gates at appropriate places
! Changes to the Jenkins jobs, containers + deploys to Test/Prod
require change control
! Frees Systems folks to work on more interesting things
! Standard Container + Cloudy IaaS + Container Configurable
artifacts = Vendor-lock-in-less PaaS!
29. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Drupal Continuous Deployment
! Yale has a large shared Drupal
infrastructure
! Shared = needs change control
! Migration process looks similar to Java
! Some end users want to edit themes!
! Jenkins to the rescue!
30.
31.
32.
33.
34.
35. Jenkins User Conference New York, May 17 2012 #jenkinsconf
What’s New?
! Workflow integration through web services
! Build + Release of Apache Servicemix
bundles and “features”
! Spawning and Destroying Servicemix child
instances
! Deployment of Features and OSGI
bundles to Apache Servicemix
! Deploying Drupal 7
– git + pull
36. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Other Languages
! Php
– Code coverage and unit testing available
! Python
– CherryPy + Filelocker deployments
! Ruby
– Automated unit testing
– Automated code coverage
– Automated deployment coming soon
! .Net
– Build, unit test, archive creation
37. Jenkins User Conference New York, May 17 2012 #jenkinsconf
The Future
! RBAC + folders
– delegate responsibility to other systems groups
! Ruby deployments
! Enterprise Service Bus
! Centralized SSH mangagement
– the tools are better now
! Managing/Provisioning with cfg mgmt
! Testing and release of cfg mgmt “code”
! Cloud deployments
38. Jenkins User Conference New York, May 17 2012 #jenkinsconf
We’re hiring!
http://www.yale.edu/jobs
39. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Questions?
E Camden Fisher
camden.fisher@yale.edu
@fishnix
40. Jenkins User Conference New York, May 17 2012 #jenkinsconf
Thank You To Our Sponsors
Platinum
Sponsor
Gold
Sponsors
Silver
Sponsors
Bronze
Sponsors