eGov ERP DevOps

ERP jenkins (CICD) setup

ERP Stack training to the partners - (Provisioning Instances, Configuring, GitOps, CI Setup, Logging, Alerts & Monitoring)

Prerequisites:

Knowledge of -

  1. Web Server (Apache2+)

  2. Application Server (Wildfly.11+)

  3. Session, cache and tokens handling (redis-server)

  4. FileStore (NFS) and,

  5. DB (Postgres.9.6+)

  6. Elasticsearch.2.x

  7. Git/Github (Account is required)

  8. Repository manager (Nexus) (Account is required)

  9. CI/CD (jenkins) (Account is required)



Environment

Environment

Production

Server Name

LoadBalancer

Application Servers

ElasticSearch Server

Database Server

NFS/SAN Storage (Filestore)

Public IP

Required

NA

NA

NA

NA

No.of Instances

1

2

1

1

1

vCORE

2

2

2

NA

4

vRAM

4 GB

8 GB

8 GB

NA

16 GB

vSSD

50 GB

100 GB

100 GB

500 GB

100 GB

Operating System version

Ubuntu Server 16.04 LTS (64 bit)

RDS/Azure Postgres DB

NA

To be installed with:

-

jdk8u131

jdk8u131

Postgres SQL 9.6



Ports to be opened to globally

TCP : HTTP, HTTPS, SSH

SSH

SSH

NA

NA

AWS Instance Type

t2.medium

m4.large

m4.large

db.m4.xlarge

NA

Azure Instance Type

Standard_B2s

Standard_B4s

Standard_B4s

B_Gen5_4

NFS


Table 1.0: Stack Details

For the DIGIT BPA ERP stack infrastructure setup, and hosting, the above table explains the minimum base level requirements for the setting up the DIGIT BPA application. Provision for the partners can choose any of the cloud provider or on-prime for the infrastructure set up.

Setup BPA on partners instance provisioned:

  1. Load Balancer:

  2. Application Server-1:

  3. Application Server-2:

  4. Elasticsearch

  5. Database Server

  6. NFS mount (set path in db)

Git repo fork into the partners repo:

Digit-BPA: https://github.com/egovernments/digit-bpa

Digit-DCR: https://github.com/egovernments/digit-dcr

Githubwebhooks: <githrepourl>/digit-bpa/settings/hooks

  • Payload URL (https://<jenkinsurl>/github-webhook/)

  • Content type (application/x-www-form-urlencoded)

  • Event to trigger (Just Push event)

  • Active

Jenkins Setup: Requires Java (Oracle account), Maven, Nexus repo (user details), git repo.

Jenkins > Manage Jenkins > Config System:

Publish over SSH

  • Jenkins SSH Key -

  • Passphrase: {value_needs_to_be_enter}

  • SSH Servers enter server details and test config

Jenkins > Manage Jenkins > ConfigureSecurity:

Jenkins > Credentials > System > Global credentials:

Add Credentials -

  • jenkins user (username with password)

  • github user (username with password)

  • Oracle user for JDK download (username with password)

  • passcode (Secret text)

  • ssh user with private key

Jenkins > Global Tool Configuration:

  • JDK (with oracle username & password)

  • Git

  • Maven

CI Pipeline from forked repo:

Build job: https://github.com/egovernments/digit-bpa /master

Jenkins Setup: Build Job Configuration: Jenkins > Job (Maven):

General:

  • Enable project-based security

  • Discard old builds

  • GitHub project

  • Promote builds:

  • Promotion process:

  • Criteria: manually approve

  • Actions: Trigger/call builds > Predefined parameters(PROMOTED_NUMBER=${PROMOTED_NUMBER})

SCM:

  • SCM

Build Triggers:

  • GitHub hook trigger for GITScm polling

Build Env:

Pre Steps:

Build:

  • Root POM (egov/pom.xml)

  • Goals and options (clean deploy -U -s settings.xml -Dbuild.number=${BUILD_NUMBER} -Ddb.url=jdbc:postgresql://localhost:5432/digit_bpa_build -Ddb.password=postgres -Ddb.user=postgres -Ddb.driver=org.postgresql.Driver -Dnexus.user= -Dnexus.password=)

Post Steps:

  • Run only if build succeeds

Build Settings:

Post-build Actions:

  • Archive the artifcts:
    Files to archive (**/*.ear)

  • Enable email:
    - Project Recipient List(keep_as_it_is)

- Project Reply-To List (enter_email_id)
- Content Type (keep_as_it_is)
- Default Subject(keep_as_it_is)
- Default Content(keep_as_it_is)
- Attach Build Log(keep_as_it_is)

CD Pipeline for the Deployment to the partners environments:

https://github.com/egovernments/egovdevops.git (this requires perl, secret passcode for Encryption, and Decryption)

Deployment_Job: git repo(devops) for ear-deployer, passcode.

ear-deployer

General:

- Discard old builds

- Promote builds:

- Promotion process:

- Criteria: manually approve

- Actions: Trigger/call builds > Current build parameter

- This project is parameterised

- String parameter:

Name(PROMOTED_NUMBER)

SCM:

- Git:

Repositories

Branches to build

Repository browser

Additional Behaviours > Sparse Checkout

Build Triggers:

Build Env:

- Use secret texts

- Bindings > Secret Text

Variable(passcode)

Credentials(Specific credentials)

Build:

Send files or execute cmds over ssh:

- SSH Publishers:

- SSH Server:

Name

Transfers > Transfer Set:

- Source files(ear-deployer/config/digit-bpa-dev.yml)

- Exec command (sudo docker pull egovio/ear-deployer:latest && sudo docker run -it -v /home/azureuser/ear-deployer/config/digit-bpa-dev.yml:/config.yml -e 'EAR_PASSCODE=${EAR_PASSCODE}' -e ENV=dev -e BUILDNUMBER=${PROMOTED_NUMBER} -e ENV_CONFIG_FILE=/config.yml egovio/ear-deployer:latest)

Post-build Actions:

Exit criteria:

Fully up and running BPA

DevOps as a Culture