Google Git
Sign in
apache / couchdb-infra-cm / 58c04807645c3b3a4b86c97aca9a605dd0dfda9b
commit58c04807645c3b3a4b86c97aca9a605dd0dfda9b[log] [tgz]
authorPaul J. Davis <paul.joseph.davis@gmail.com>Tue Jan 07 15:41:55 2020 -0600
committerPaul J. Davis <paul.joseph.davis@gmail.com>Wed Jan 08 12:52:09 2020 -0600
tree2877089e7f6adf1980e7dc99e3660d523285c6fa
parenta2bfe4591be3be4e82f1c06d25ee03d7f0f13dec [diff]
Switch to having agents dial into Jenkins

This changes the configuration of Jenkins agents to dial into the
Jenkins master instead of having Jenkins SSH to each node. This allows
us to expand our private cloud worker pool much further.
20 files changed
tree: 2877089e7f6adf1980e7dc99e3660d523285c6fa
  1. host_vars/
  2. roles/
  3. tools/
  4. .gitignore
  5. ansible.cfg
  6. bastions.yml
  7. ci_agents.yml
  8. production
  9. README.md
  10. requirements.txt
  11. ssh.cfg
README.md

CouchDB Infrastructure Config Management

This repository contains Ansible scripts for managing our VM testing infrastructure.

Setup

$ virtualenv venv
$ source venv/bin/activate
$ pip install -r requirements.txt

Provisioning VMs

Our main workhorse is the cx2-4x8 instance type. There are also a few ppc64le nodes for doing full builds as well. Whoever provisions a VM should make sure to generate a new inventory as well as perform the first Ansible run against the new node so that other CouchDB infra members will have access.

Bastion VMs

There should be a single bastion VM setup for each subnet. We just use the cheapest cx2-2x4 instance for these nodes so that we can jump to the other hosts.

If the bastion changes public IP addresses we have to update group_vars/ci_agents.yml and set the ansible_ssh_common_args to use the new public IP for contacting servers. We should also update ssh.cfg in this repository to make it easier for contacting servers manually.

Generating Inventory Listings

Create a ~/.couchdb-infra-cm.cfg file that contains the following options:

[ibmcloud]
api_key = <REDACTED>

The tools/gen-inventory script can then be used to generate our production inventory file:

$ ./tools/gen-inventory > production

Configuring Jenkins

Once a CI worker has been provisioned we must also configure Jenkins to have the JAR url and secret ready. The easiest approach here is to just copy the existing configuration from one of the existing nodes. When viewing the conifguration page we then dump the secret value into an encrypted vault file in the host_vars directory.

Running Ansible

$ ansible-playbook -i production ci_agents.yml

Useful Commands:

If you want to ssh directly to a node, you can do:

$ ssh -F ssh.cfg $private_ip