Thursday, March 29, 2018

Setting up a GitHub webhook in Jenkins

This post will detail the steps to have Jenkins automatically create a build if it detects changes to  a GitHub repository.  This can be a very useful improvement to your continuous integration setup with Jenkins because this method is only telling Jenkins to attempt a new build when a change is detected rather than polling on an interval, which can be a little bit inefficient.
There are a few steps necessary to get this process working correctly that I would like to highlight in case I have to do this again or if anybody else would like to set this up.  Most of the guides that I found were very out of date so their instructions were a little bit unclear and misleading.
The first step is to configure Jenkins to talk to GitHub.  You will need to download and install the GitHub plugin (I am using version 1.8 as of this writing).  Manage Jenkins -> Manage Plugins -> Available -> GitHub plugin
GitHub plugin
After this is installed you can either create a new build or configure an existing build job.  Since I already have one set up I will just modify it to use the GitHub hook.  There are a few things that need to be changed.
First, you will need to add your github repo:

Dealing with failed hosts: Ansible playbooks - Part 2

By default, Ansible will continue executing actions as long as there are hosts in the batch that have not yet failed. The batch size for a play is determined by the serial parameter. If serial is not set, then batch size is all the hosts specified in the hosts: field. In some situations, such as with the rolling updates described above, it may be desirable to abort the play when a certain threshold of failures have been reached. To achieve this, you can set a maximum failure percentage on a play as follows:
- hosts: webservers
  max_fail_percentage: 30
  serial: 10
In the above example, if more than 3 of the 10 servers in the group were to fail, the rest of the play would be aborted.

Wednesday, March 21, 2018

Dealing with failed hosts: Ansible playbooks - Part 1

Summary:
When using the serial keyword a single failed host aborts the entire playbook with the error "FATAL: all hosts have already failed -- aborting"
Removing the serial keyword and all hosts are evaluated and a single failure does not abort the playbook run.
Steps To Reproduce:
Create an inventory with a "test" group with three hosts, A, B, and C. Save the following playbook.
# test_fail.yml

---
- hosts: host1:host2:host3
  gather_facts: no
  tasks:
    - ping:
    - fail:
      when: inventory_hostname == 'host3'

- hosts: host4:host5
  gather_facts: no
  tasks:
    - ping:

- hosts: host6
  gather_facts: no
  tasks:
    - ping:

- hosts: host7:host8
  gather_facts: no
  tasks:
    - ping:


Monday, December 11, 2017

How to Install Confluent Kafka Cluster by using Ansible

Overview
The rise of micro-services brings another level of software architecture, which is a event driven architecture. One of the tools out there to support this mechanism is Apache Kafka. Today’s article will speak about how to install Kafka in the server by using Ansible Playbook.

Confluent Kafka Playbook
This playbook will install Confluent Kafka into 3 cluster nodes. Each node will contain one Kafka broker and one Zookeeper instance. They will in sync one another.
REFER:

Monday, August 28, 2017

Security Patching : Ansible

EXAMPLE: 1

The following playbook was run against 100+ servers and patched the bash vulnerability in less than 10 minutes. The below example updates both Debian and Red Hat Linux variants. It will first run on half of all the hosts that are defined in an inventory file.
- hosts: all
  gather_facts: yes
  remote_user: craun
  serial: "50%"
  sudo: yes
  tasks:
    - name: Update Shellshock (Debian)
      apt: name=bash
           state=latest
           update_cache=yes
      when: ansible_os_family == "Debian"

    - name: Update Shellshock (RedHat)
      yum: name=bash
           state=latest
           update_cache=yes
      when: ansible_os_family == "RedHat"
EXAMPLE: 2

The below example updates both Debian and RedHat linux variants. It will patch and reboot 25% of the servers at a time until all of the hosts defined in the inventory file are updated.
- hosts: all
  gather_facts: yes
  remote_user: craun
  serial: "25%"
  sudo: yes
  tasks:
    - name: Update OpenSSL and OpenSSH (Debian)
      apt: name={{ item }}
           state=latest
           update_cache=yes
      with_items:
        - openssl
        - openssh-client
        - openssh-server
      when: ansible_os_family == "Debian"

    - name: Update OpenSSL and OpenSSH (RedHat)
      yum: name={{ item }}
           state=latest
           update_cache=yes
      with_items:
        - openssl
        - openssh-client
        - openssh-server
      when: ansible_os_family == "RedHat"
  post_tasks:
    - name: Reboot servers
      command: reboot


Setting up Tomcat : Ansible Playbook

Use the below playbook for reference for installing tomcat.
Create mentioned handlers separately.
---
- name: Install Java 1.7
yum: name=java-1.7.0-openjdk state=present
- name: add group "tomcat"
group: name=tomcat