Work in progress
University of Wisconsin - Madison is using Maven and Jenkins to manage build and deployment of uPortal and portlets across five different environments from one central UI. The WAR Overlay feature of the Maven WAR Plugin is used to inject environment specific configuration into uPortal and each portlet. Jenkins automatically builds and deploys portlets in the development and test environments when changes or new releases are detected reducing developer overhead and turnaround time. A key-pair based token encryption tool is used to securely store credentials a version control system allowing them only to be decrypted at build time on the target server.
Prerequisites:
- Java 7
- Maven 3
Components:
- Jenkins (see below for installation and example configuration)
- Maven
- Git
- Token Encryption Service
- Projects and Scripts to use in Jenkins
Jenkins
Install Jenkins
- Download the latest Jenkins release at http://jenkins-ci.org/
- Deploy the jenkins.war file to your tomcat/webapp directory
- Restart your tomcat instance
Jenkins Configuration
- Navigate to 'Manage Jenkins' and then "Configure Global Security".
- Check 'Enable security'
- Choose 'Jenkins's own user database'
- Uncheck 'Allow users to sign up'
- Choose 'Matrix-based security'
- Enter an admin username next to 'User/group to add:'
- Enter log in information for the admin user at (http://localhost:8080/jenkins/securityRealm/firstUser)
Add JDK to Jenkins
- Navigate to 'Manage Jenkins' and then 'Configure System'.
- Click 'Add JDK' and enter Name and JAVA_HOME.
- Click 'Apply'
Add Maven to Jenkins
- Click 'Add Maven' and enter Name and MAVEN_HOME.
- Click 'Save'
Configure Keys
Set up a private-public key to gain permissions to your remote repository. You will also need to setup keys for server nodes. Below are some references on configuring private-public keys:
- Publish over ssh plugin
- If you are using github: Generating SSH Keys
Token Encryption Service
Install Token Encryption
- Clone the project at https://github.com/UW-Madison-DoIT/token-crypt.git
- Set Local Path For Keys Storage
- /token-crypt/tcrypt-web/src/main/resources/webapp.properties
- For example: edu.wisc.doit.tcrypt.path.keydirectory=/opt/keystore
- Local Directory MUST be READABLE and WRITEABLE by Tomcat process
- Build the application With Maven 3
- /token-crypt/pom.xml
- From /token-crypt/ run mvn clean package
- Deploy .war file below to Tomcat webapps
- /TokenCrypt/tcrypt-web/target/tcrypt-web-1.0.4-SNAPSHOT.war
- Caveats
- Remove the jsp-api.jar from the /WEB-INF/lib directory if you get the following error: '500 Unable to read TLD "META-INF/fmt.tld"'
Keys Setup
There is one key directory for the tcrypt service, which will hold all the public keys for each of your server environments so the tcrypt service can encrypt tokens and/or files. The other key directory should be located on each server which will contain the private key. This is used during the overlay build to decrypt the tokens in the property files.
- To create the keys, click on the "CREATE SERVICE KEY"
- Enter the name of your service (ex. my-dev.university.edu) and click the "Create Service Key" button
- Download the generated public and private keys
- Place the public key on the tcrypt server under the directory path that you created above in webapp.properties (ex., /opt/keystore).
- Place the private key on the server you created a service for under the directory path that you in webapp.properties (ex., /opt/keystore).
Projects & Scripts to use in Jenkins