Part III – Openshift: Deploying Openshift With Openshift Pipelines

slave. All the work we have discussed in the following two parts having been building up to this point.

We are now going to discuss building an OpenShift pipeline to deploy OpenShift.

OpenShift has made it so easy to create and run pipelines there isn’t much to show, which means this last post is relatively short.

OpenShift deployment pipeline (pulling it all together)

As discussed previously we created a special build config known as a pipeline within OpenShift. We follow the same process here. We created a new repo with a single Jenkins file in. Pseudocode of the Jenkinsfile can be seen below.

node ('openstack-jenkins-slave') {
    stage('checkout heat deployment code') {
        # pull code from git
    stage('pull OpenStack variables and credentials') {
        # get environments varaibles and secrets that a pre-seeded during the OpenShift management instance setup
    stage('cleanup HEAT environment') {
        # Cleanup the tenancy before starting a fresh install
    stage('setup host keys') {
        # Create SSH keys to manage OpenStack nodes
    stage('setup HEAT environment') {
        # Run HEAT to deploy OpenShift computing infrastructure
    stage('Set variables HEAT deployment') {
        # Create environment variables for the Jenkins slave to access the deployment
    def buildServerip = readFile("env.vars").trim()
    stage('Test HEAT deployment') {
        # Run tests to validate HEAT deploy
    stage('checkout openshift deployment code') {
        # Checkout OpenShift depoyment code from git
    stage('deploy openshift') {
        # Deploy OpenShift
    stage('validate openshift deployment') {
        # Run tests to validate OpenShift deployment

Once this pipeline is setup any changes to our deployment code, either for our HEAT deployment or OpenShift will trigger a build and validation.

There have been some “complexities” setting up the Jenkins jobs, for example access credentials. As we discussed in the previous blog post when we setup the OpenShift management cluster we create a number of secrets and variables. Things like the OpenStack API endpoints and authentication strings.

OpenShift is clever in that it handles the oauth setup of the Jenkins master and slaves to the OpenShift instance where they are running. This enables us to access the secrets we created when we seeded the cluster with the runtime of the Jenkins job allowing us to set them on the fly during the job. This is how we securely configure access to our OpenStack cloud tenancies used for CI.

We also generate SSH keys on the fly via the OpenStack API, these are injected to all the hosts in the newly created cluster to handle the Ansible deployment of OpenShift. This key is then destroyed at the same time the new OpenShift cluster is after testing has completed meaning we have no need to store keys for the CI jobs.

Finally we can monitor the process from within OpenShift, giving us a nice graphical display showing the status and time of each step.

From here we can easily click into the job to return detailed information about it progress.

The value this affords us is incredible allowing us to get solid, predicable infrastructure with minimal management so we can concentrate on driving features into our OpenShift platform.

So powerful in fact that we are looking to move many of our other infrastructure CI including OpenStack to be managed in the same fashion.

This is very much a POC for us however we can clearly see the value and will be investing a lot more in writing tests inline with this method. We’ll run some more technical blogs soon to discuss our approaches.

If you’re interested in trying out some of things in this blog post head over to OpenShift origin where you can deploy OpenShift on any machine with docker installed. Find out more here.