Jenkins to Manage Deployments

Work in progress

Contribution from Eric Dalquist and Tim Levett (University of Wisconsin - Madison)

University of Wisconsin - Madison is using Maven and Jenkins to manage build and deployment of uPortal and portlets across five different environments from one central UI. The WAR Overlay feature of the Maven WAR Plugin is used to inject environment specific configuration into uPortal and each portlet. Jenkins automatically builds and deploys portlets in the development and test environments when changes or new releases are detected reducing developer overhead and turnaround time. A key-pair based token encryption tool is used to securely store credentials a version control system allowing them only to be decrypted at build time on the target server.

Prerequisites:

Java 7
Maven 3

Components:

Jenkins (see below for installation and example configuration)
Maven
Git
Token Encryption Service
Projects and Scripts to use in Jenkins

Jenkins

Install Jenkins

Download the latest Jenkins release at http://jenkins-ci.org/
Deploy the jenkins.war file to your tomcat/webapp directory
Restart your tomcat instance

Jenkins Configuration

Navigate to 'Manage Jenkins' and then "Configure Global Security".
Check 'Enable security'
Choose 'Jenkins's own user database'
Uncheck 'Allow users to sign up'
Choose 'Matrix-based security'
Enter an admin username next to 'User/group to add:'
Enter log in information for the admin user at (http://localhost:8080/jenkins/securityRealm/firstUser)

Add JDK to Jenkins

Navigate to 'Manage Jenkins' and then 'Configure System'.
Click 'Add JDK' and enter Name and JAVA_HOME.
Click 'Apply'

Add Maven to Jenkins

Click 'Add Maven' and enter Name and MAVEN_HOME.
Click 'Save'

Configure Keys

Set up a private-public key to gain permissions to your remote repository. You will also need to setup keys for server nodes. Below are some references on configuring private-public keys:

Publish over ssh plugin
If you are using github: Generating SSH Keys

Token Encryption Service

Install Token Encryption

Clone the project at https://github.com/UW-Madison-DoIT/token-crypt.git
Set Local Path For Keys Storage
- /token-crypt/tcrypt-web/src/main/resources/webapp.properties
- For example: edu.wisc.doit.tcrypt.path.keydirectory=/opt/keystore
- Local Directory MUST be READABLE and WRITEABLE by Tomcat process
Build the application With Maven 3
- /token-crypt/pom.xml
- From /token-crypt/ run mvn clean package
Deploy .war file below to Tomcat webapps
- /TokenCrypt/tcrypt-web/target/tcrypt-web-1.0.4-SNAPSHOT.war
Caveats
- Remove the jsp-api.jar from the /WEB-INF/lib directory if you get the following error: '500 Unable to read TLD "META-INF/fmt.tld"'

Keys Setup

There is one key directory for the tcrypt service, which will hold all the public keys for each of your server environments so the tcrypt service can encrypt tokens and/or files. The other key directory should be located on each server which will contain the private key. This is used during the overlay build to decrypt the tokens in the property files.

To create the keys, click on the "CREATE SERVICE KEY"
Enter the name of your service (ex. my-dev.university.edu) and click the "Create Service Key" button
Download the generated public and private keys
Place the public key on the tcrypt server under the directory path that you created above in webapp.properties (ex., /opt/keystore).
Place the private key on the server you created a service for under the directory path that you in webapp.properties (ex., /opt/keystore).

Projects & Scripts to use in Jenkins

Additional Resources

Jenkins CI
Multi-Environment Build & Deploy of uPortal using Maven & Jenkins (youtube)
Multi-Environment Build & Deploy of uPortal using Maven & Jenkins (slides)
Projects & Scripts for use with Jenkins (github)
Token Encryption Service (github)

Having problems with these instructions?

Please send us feedback at uportal-user@lists.ja-sig.org