# CentOS CI - On-boarding

Note to users:

Please note that Infra space is for Fedora and CentOS related projects to

consume. Decision may take some time (often up to 2 weeks) as these are decided

by the whole team.

Once decided as go, we will create you a namespace in a openshift cluster where

you can configure your CI. We do provide a Jenkins template in case you want to be

able to consume vms/baremetal nodes to perform your CI.

Please answer the following questions so that we understand your requirement.

* How does your project relates to Fedora/CentOS?

* Describe your work flow and if you need any special permissions (other than

  admin access to namespace), please tell us and provide a reason for them.

* Do you need bare-metal/vms checkout capability? (we prefer your workflow

  containerized)

* Resources required

  * PVs:

```

Project_name:

Project_members:

 - user1@ACO_registered_email_address

 - user2@ACO_registered_email_address

```

## Steps

1. Create an entry in duffy db (with ssh key) - [follow adding-duffy-api-key.md](/operations/ci/adding_cico_tenant/adding    -duffy-api-key/)

2. Create an OpenShift namespace/project (done with ansible)

3. Create a PV(Persistent Volume) and deploy Jenkins instance (done with ansible)

## Create an entry in duffy db (with ssh key) - [follow adding-duffy-api-key.md](/operations/ci/adding_cico_tenant/adding-duffy-api-key/)

### Create an OpenShift namespace

!!! important 

    we don't use the previous specific git repo for projects, as it's now all using the `ocp-admin` ansible role, see below

To create the openshift namespace/project, just add edit the inventory/host_vars/<ocp_controller_node> and add the new project to the existin `ocp_projects_list` ansible list.

Example:

```

# Declaring projects that will be created in ocp.ci

ocp_projects_list:

  - name: ci-infra-test

    members:

      - ci-user1@centos.org

      - ci-user2@centos.org

```

Once done, don't forget to commit/push and you can then apply remotely from central CI ansible node the role directly with a specific tag.

```

 <user>  ~  ansible  CentOS_CI  ./filestore/remote_ansible_call                                        

[+] 20220325-15:10 ansible-ara-run -> == Ansible Ara manual trigger ==

Which ansible role you want to play ? (like haproxy, without -role) => ocp-admin-node

List of possible tags for role ocp-admin-node : 

 =>       TASK TAGS: [backup, certs, config, localstorage, projects, tls]

Do you want to call specific tag[s] and which one[s] ? (can be empty) => projects

Host/Group limits ? (default to whole group) => 

[+] 20220325-15:11 ansible-ara-run -> Updating first inventory/pkistore/filestore

[+] 20220325-15:11 ansible-ara-run -> Checking role [ocp-admin-node] is present and up2date ...

[+] 20220325-15:11 ansible-ara-run -> Calling now ansible with ara reporting ...

[+] 20220325-15:11 ansible-ara-run -> ansible-playbook playbooks/role-ocp-admin-node.yml  --tags projects -e ara_playbook_name=role-ocp-admin-node

PLAY [hostgroup-role-ocp-admin-node] *****************************************************************************

TASK [ocp-admin-node : Rendering template for projects] **********************************************************

Friday 25 March 2022  15:11:08 +0000 (0:00:00.445)       0:00:00.445 ********** 

ok: [ocp-admin.ci.centos.org] => (item=ci-infra-test)

ok: [ocp-admin.ci.centos.org] => (item=samba)

ok: [ocp-admin.ci.centos.org] => (item=hyperscale)

ok: [ocp-admin.ci.centos.org] => (item=networkmanager)

ok: [ocp-admin.ci.centos.org] => (item=gluster)

ok: [ocp-admin.ci.centos.org] => (item=pagure)

ok: [ocp-admin.ci.centos.org] => (item=sp-augur)

TASK [ocp-admin-node : Creating/modifying project if needed] *****************************************************

Friday 25 March 2022  15:11:11 +0000 (0:00:02.892)       0:00:03.337 ********** 

skipping: [ocp-admin.ci.centos.org] => (item=ci-infra-test) 

skipping: [ocp-admin.ci.centos.org] => (item=samba) 

skipping: [ocp-admin.ci.centos.org] => (item=hyperscale) 

skipping: [ocp-admin.ci.centos.org] => (item=networkmanager) 

skipping: [ocp-admin.ci.centos.org] => (item=gluster) 

skipping: [ocp-admin.ci.centos.org] => (item=pagure) 

skipping: [ocp-admin.ci.centos.org] => (item=sp-augur) 

TASK [ocp-admin-node : Deleting project[s] if needed] ************************************************************

Friday 25 March 2022  15:11:12 +0000 (0:00:00.597)       0:00:03.935 ********** 

ok: [ocp-admin.ci.centos.org] => (item=fedora-coreos)

ok: [ocp-admin.ci.centos.org] => (item=coreos-ci)

PLAY RECAP *******************************************************************************************************

n4-136.cloud.ci.centos.org : ok=0    changed=0    unreachable=0    failed=0    skipped=3    rescued=0    ignored=0   

ocp-admin.ci.centos.org    : ok=2    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   

Friday 25 March 2022  15:11:13 +0000 (0:00:01.320)       0:00:05.255 ********** 

=============================================================================== 

ocp-admin-node : Rendering template for projects  --------------------------------------------------------- 2.89s

ocp-admin-node : Deleting project[s] if needed ------------------------------------------------------------ 1.32s

ocp-admin-node : Creating/modifying project if needed ----------------------------------------------------- 0.60s

Playbook run took 0 days, 0 hours, 0 minutes, 5 seconds

```

!!! note

    If you need to also modify members and/or email addresses, you can just follow the same process and replay the same playbook : that will reflect changes in openshift. If you need access to that private git repository (to be fixed and moved elsewhere in the official `centos` namespace, reach out to another infra team member

!!! important

    If you have to instead delete/remove a project, you can just add the project name in the `ocp_projects_to_delete_list` ansible list and it will be deleted/removed on next ansible run

## Deploy a PV (Persistent Volume) and Jenkins instance

!!! note

    In case you just need to create a PV *outside* of jenkins, follow [Persistent storage via NFS](https://docs.infra.centos.org/operations/ci/installation/persistant_storage_nfs/). 

We have an ad-hoc ansible task (adhoc-ocp-deploy-jenkins-for-ci-tenant.yml) that will create the needed PV , create a template and apply it with the correct ssh keys and duffy api key so ensure that you followed previous steps so that you have the project keys into pkistore git repo (using project name) and also duffy api key ready (as script will ask you for it):

```

ansible-playbook-ci playbooks/adhoc-ocp-deploy-jenkins-for-ci-tenant.yml

```

Just answer the following questions (project has to exist first ! :

```

Existing project/namespace in ocp we'll deploy jenkins to/for (has to exist before !) : samba

Persistent Volume size (example 10Gi) : 10Gi

Existing Duffy API key : <duffy_api_key>

```

Now you just have to wait for jenkins to be up and running 

!!! important

    We recently had an issue with the default jenkins image having outdated (and not working) [openshift sync plugin](https://plugins.jenkins.io/openshift-sync/) so be sure that you have at least 1.0.51 running in openshift. If not, update it first, and then configmap will be synced to jenkins, for the `cico-workspace` pod template