Simple Devops Projects

Requiremts : CI/CD pipeline System

• Git - local version control system.

• GitHub - As Distributed version control system.

• Jenkins - Continous Integration tool.

• Maven - As a Build Tool.

• Anisible - Configuration Management & Deployment tool.

• docker -Containerization

• Kubernetes - As Container Management Tool.

Flow Diagram : -
What Do we Cover?

Build and Deploy on Tomcat Server.

Setup CI/CD with GitHub, Jenkins, Maven & Tomcat.

• Setup Jenkins
• Setup & Configure Maven , Git.
• Setup Tomcat Server.
• Integrating GitHub,Maven ,Tomcat Server with Jenkins
• Create a CI and CD Job.
• Test the Deployment.

1. Deploy Artifacts on a Tomcat Server

Fig. Deploy Artifacts on a Tomcat Server

Build and Deploy on Container.

Setup CI/CD with GitHub, Jenkins, Maven & Docker.

• Setting up the docker Environment.

• Write DockerFile.
• Create an Image and Container on Docker Host.
• Integrate Docker Host with Jenkins.
• Create CI/CD Job on Jenkins to build and deploy on container.

2. Deploy Artifacts on a Container

Fig. Deploy Artifacts on a Docker Container

Build and Deploy on Container.

CI/CD with GitHub, Jenkins, Maven, Ansible & Docker.

• Setting up the Ansible Server

 • Integrate Docker Host with Ansible.

• Ansible playbook to create Image.

• Ansible playbook to create Container.

• Integrate Ansible with Jenkins.

• CI/CD Job to build code on Ansible & Deploy it on docker container.

3. Deploy Artifacts on a Container

Fig. Deploy Artifacts on a Ansible Container.

Build and Deploy on Container.

CI/CD with GitHub, Jenkins, Maven, Ansible & Kubernetes.

• Setting up the Kubernetes (EKS).

• Write pod service and deployment manifest file.

• Integrate Kubernetes with Ansible.

• Ansible playbook to create deployment & service.

• CI/CD Job to build code on Ansible & Deploy it on Kubernetes.

4. Deploy Artifacts on a Kubernetes.

Fig. Deploy Artifacts on Kubernetes.

What is CI and CD
• Continuous Integration.
• Continuous Delivery.
• Continuous Deployment.
How Does CI and CD Works on AWS?

Fig. CI and CD Works on AWS.

How Does CI and CD Working on Devops?

Fig. CI and CD Works on Devops.

Note: For Continuous Deployment we need multiple environments (With

Manual Interventions).
Resources to Setup CI and CD pipeline.

• Free Tier AWS account.

• GitHub account (for source code and documentation).
• MobaXterm – enhanced terminal for windows with X11 Server tabbed
SSH clients, network tool and much more.
• Git – local version control system.

CI and CD pipeline using Git, Jenkins & Maven.

Fig. Build Code Jenkins on Maven

Setup Jenkins Server

• Setup a Linux EC2 instance
• Install Java
• Install Jenkins
 • Start Jenkins
• Access Web UI on port 8080

Setup a Linux EC2 instance

Fig.EC2 Instance for Jenkins Server

Installation of Jenkins

First Step:

Connecting MobaXterm
 Fig. MobaXterm

Second Step:

Official website: - https://pkg.jenkins.io/redhat-stable/

sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-

stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key

yum install epel-release //fails

sudo amazon-linux-extras install epel
sudo amazon-linux-extras install java-openjdk11
yum install jenkins

Installation of Java

[root@ip-172-31-31-201 ~]# java --version

openjdk 11.0.13 2021-10-19 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.13+8-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.13+8-LTS, mixed mode, sharing)

Jenkins Start

[root@ip-172-31-31-201 ~]# service jenkins status

● jenkins.service - Jenkins Continuous Integration Server
Loaded: loaded (/usr/lib/systemd/system/jenkins.service; disabled; vendor
preset: disabled)
Active: inactive (dead)
[root@ip-172-31-31-201 ~]# service Jenkins start
Starting jenkins (via systemctl): [ OK ]
[root@ip-172-31-31-201 ~]# service jenkins status
● jenkins.service - Jenkins Continuous Integration Server
Loaded: loaded (/usr/lib/systemd/system/jenkins.service; disabled; vendor
preset: disabled)
Active: active (running) since Sun 2022-05-01 19:02:31 UTC; 2min 3s ago
Main PID: 6549 (java)
CGroup: /system.slice/jenkins.service
└─6549 /usr/bin/java -Djava.awt.headless=true -jar
/usr/share/java/jenkins.war --webroot=%C/jenkins/war --httpPort=8080

May 01 19:02:02 ip-172-31-31-201.ec2.internal jenkins[6549]: This may also

be found at: /var/lib/jenkins/secrets/initialAdminPassword
May 01 19:02:02 ip-172-31-31-201.ec2.internal jenkins[6549]:
*************************************************************
May 01 19:02:02 ip-172-31-31-201.ec2.internal jenkins[6549]:
*************************************************************
May 01 19:02:02 ip-172-31-31-201.ec2.internal jenkins[6549]:
*************************************************************
May 01 19:02:31 ip-172-31-31-201.ec2.internal jenkins[6549]: 2022-05-01
19:02:31.729+0000 [id=30] INFO
jenkins.InitReactorRunner$1#onAttained...lization
May 01 19:02:31 ip-172-31-31-201.ec2.internal jenkins[6549]: 2022-05-01
19:02:31.755+0000 [id=23] INFO hudson.lifecycle.Lifecycle#onReady:
Je... running
May 01 19:02:31 ip-172-31-31-201.ec2.internal systemd[1]: Started Jenkins
Continuous Integration Server.
May 01 19:02:31 ip-172-31-31-201.ec2.internal jenkins[6549]: 2022-05-01
19:02:31.868+0000 [id=45] INFO
h.m.DownloadService$Downloadable#load:...nstaller
May 01 19:02:31 ip-172-31-31-201.ec2.internal jenkins[6549]: 2022-05-01
19:02:31.869+0000 [id=45] INFO hudson.util.Retrier#start: Performed
t...tempt #1
May 01 19:02:31 ip-172-31-31-201.ec2.internal jenkins[6549]: 2022-05-01
19:02:31.878+0000 [id=45] INFO
hudson.model.AsyncPeriodicWork#lambda$...0,935 ms
Hint: Some lines were ellipsized, use -l to show in full.
Access Web UI on port 8080:

Fig. Access Web UI on port 8080

Run First Jenkins Job:

Fig. Run First Jenkins Job

Integrate Git with Jenkins

• Install Git on Jenkins Instances

• Install GitHub plug in on Jenkins GUI

• Configure Git on Jenkins GUI

Install Git on Jenkins Instances:

yum install git

[root@Jenkins_Server ~]# git --version

git version 2.32.0

Install GitHub plug in on Jenkins GUI

Fig. Plugin Integrates git with Jenkins.

 Fig. Success Plugin Integrates git with Jenkins.

Configure Git on Jenkins GUI

Fig. Configure Git on Jenkins GUI

Run Jenkins Job to pull code from GitHub

Fig Run Jenkins Job to pull code from GitHub

[root@Jenkins_Server ~]# cd /var/lib/jenkins/workspace/PullGitHubCode

[root@Jenkins_Server PullGitHubCode]# ll
total 24
-rw-r--r-- 1 jenkins jenkins 130 May 1 20:20 Dockerfile
-rw-r--r-- 1 jenkins jenkins 5970 May 1 20:20 pom.xml
-rw-r--r-- 1 jenkins jenkins 271 May 1 20:20 README.md
-rw-r--r-- 1 jenkins jenkins 479 May 1 20:20 regapp-deploy.yml
-rw-r--r-- 1 jenkins jenkins 195 May 1 20:20 regapp-service.yml
drwxr-xr-x 3 jenkins jenkins 32 May 1 20:20 server
drwxr-xr-x 3 jenkins jenkins 32 May 1 20:20 webapp
[root@Jenkins_Server PullGitHubCode]#

.
Integrate Maven with Jenkins

• Setup Maven on Jenkins Server

• Setup Environment Variables

▪ JAVA_HOME, M2, M2_HOME

• Install Maven Plugin

• Configure Maven and Java

Setup Maven on Jenkins Server

[root@Jenkins_Server opt]# wget https://dlcdn.apache.org/maven/maven-

3/3.8.5/binaries/apache-maven-3.8.5-bin.tar.gz
[root@Jenkins_Server opt]# ll
[root@Jenkins_Server opt]# mv apache-maven-3.8.5 maven
[root@Jenkins_Server opt]# cd maven
[root@Jenkins_Server ~]# cd /opt
[root@Jenkins_Server opt]# ll
[root@Jenkins_Server maven]# cd bin
[root@Jenkins_Server bin]# ll
[root@Jenkins_Server bin]# ./mvn -v
Apache Maven 3.8.5 (3599d3414f046de2324203b78ddcf9b5e4388aa0)
Maven home: /opt/maven
Java version: 11.0.13, vendor: Red Hat, Inc., runtime: /usr/lib/jvm/java-11-
openjdk-11.0.13.0.8-1.amzn2.0.3.x86_64
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "4.14.275-207.503.amzn2.x86_64", arch:
"amd64", family: "unix"
[root@Jenkins_Server bin]# cd ..
[root@Jenkins_Server maven]# cd bin
[root@Jenkins_Server bin]# mvn -v
[root@Jenkins_Server bin]# cd ~
[root@Jenkins_Server ~]# ll -a
Setup Environment Variables
JAVA_HOME, M2, M2_HOME

[root@Jenkins_Server ~]# vi .bash_profile

# .bash_profile

# Get the aliases and functions

if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
M2_HOME=/opt/maven
M2=/opt/maven/bin
JAVA_HOME=/usr/lib/jvm/java-11-openjdk-11.0.13.0.8-1.amzn2.0.3.x86_64

# User specific environment and startup programs

PATH=$PATH:$HOME/bin:$JAVA_HOME:$M2_HOME:$M2

export PATH
[root@Jenkins_Server ~]# echo $Path

[root@Jenkins_Server ~]# source .bash_profile

[root@Jenkins_Server ~]# echo $Path

[root@Jenkins_Server ~]# vi .bash_profile

[root@Jenkins_Server ~]# echo $Path

[root@Jenkins_Server ~]# logout

[root@Jenkins_Server /]# cd ~
[root@Jenkins_Server ~]# echo $path

[root@Jenkins_Server ~]# echo $PATH

/sbin:/bin:/usr/sbin:/usr/bin
[root@Jenkins_Server ~]# vi .bash_profile
[root@Jenkins_Server ~]# echo $PATH
/sbin:/bin:/usr/sbin:/usr/bin
[root@Jenkins_Server ~]# source .bash_profile
[root@Jenkins_Server ~]# echo $PATH
/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/usr/lib/jvm/java-11-openjdk-
11.0.13.0.8-1.amzn2.0.3.x86_64:/opt/maven:/opt/maven/bin
[root@Jenkins_Server ~]# mvn -v
Apache Maven 3.8.5 (3599d3414f046de2324203b78ddcf9b5e4388aa0)
Maven home: /opt/maven
Java version: 11.0.13, vendor: Red Hat, Inc., runtime: /usr/lib/jvm/java-11-
openjdk-11.0.13.0.8-1.amzn2.0.3.x86_64
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "4.14.275-207.503.amzn2.x86_64", arch:
"amd64", family: "unix"

Install Maven Plugin

Fig Maven Plugin

Configure Maven and Java

Fig. Java Global Tool Configuration.

Fig. Maven Global Tool Configuration

Build a Java project using Jenkins and generate artifacts.

Fig. Build a Java project using Jenkins

Generate Artifacts

Fig. Artifacts Generated

Integrate Tomcat in CI/CD pipeline:

• Setup Tomcat Server

• Setup a Linux EC2 Instance

• Install Java

• Configure Tomcat

• Start Tomcat Server

• Access Web UI on port 8080

Setup a Linux EC2 Instance

Fig. EC2 Instance for Tomcat Server

Install Java

Fig. Installation of Java

 Configure Tomcat

Fig .Tomcat Configuration

Start Tomcat Server

Fig Tomcat Server Started

Access Web UI on port 8080

Fig. Access Web UI on port 8080

Edit Manage App Error

Fig. Manage App Error

# vi ./webapps/host-manager/META-INF/context.xml

Fig. allow access host manager in context file

# vi ./webapps/manager/META-INF/context.xml

Fig. allow access manager in context file

Create Tomcat Users

Configure tomcat user’s xml file

Fig. Configure tomcat user’s xml file

#.vi tomcat-users.xml

Fig. Adding Tomcat roles

Tomcat Start and Shutdown

ln -s /opt/apache-tomcat/bin/startup.sh /usr/local/bin/tomcatup
ln -s /opt/apache-tomcat-<version>/bin/shutdown.sh
/usr/local/bin/tomcatdown

Fig. Tomcat Web Application Manager

Install Tomcat with Jenkins

Install plug- in “deploy -to -container”

Configure Tomcat Server with Credentials.

Install plug- in “deploy to container”

 Fig. Plug In deploy to container

Build Maven and Deploy to Tomcat Server

 Fig. Build Maven

Fig. Deploy to tomcat server

Deploy Artifacts on Tomcat Server -Using Git Bash

saiff@LAPTOP-H8UBOVRR MINGW64 ~
$ cd D:/Devops

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops

$ pwd
/d/Devops

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops

$ git clone https://github.com/SaifPanjesha/hello-world.git
Cloning into 'hello-world'...
remote: Enumerating objects: 403, done.
remote: Total 403 (delta 0), reused 0 (delta 0), pack-reused 403
Receiving objects: 100% (403/403), 45.79 KiB | 558.00 KiB/s, done.
Resolving deltas: 100% (90/90), done.

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops

$ ll
total 4
drwxr-xr-x 1 saiff 197609 0 May 2 17:35 hello-world/
drwxr-xr-x 1 saiff 197609 0 May 2 00:39 'saiffaizalpanjesha -aws'/

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops

$ cd hello-world

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world (master)

$ ll
total 12
-rw-r--r-- 1 saiff 197609 134 May 2 17:35 Dockerfile
-rw-r--r-- 1 saiff 197609 274 May 2 17:35 README.md
-rw-r--r-- 1 saiff 197609 6190 May 2 17:35 pom.xml
-rw-r--r-- 1 saiff 197609 507 May 2 17:35 regapp-deploy.yml
-rw-r--r-- 1 saiff 197609 209 May 2 17:35 regapp-service.yml
drwxr-xr-x 1 saiff 197609 0 May 2 17:35 server/
drwxr-xr-x 1 saiff 197609 0 May 2 17:35 webapp/

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world (master)

$ cd webapps/
bash: cd: webapps/: No such file or directory

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world (master)

$ cd webapp

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp (master)

$ ll
total 4
-rw-r--r-- 1 saiff 197609 1185 May 2 17:35 pom.xml
drwxr-xr-x 1 saiff 197609 0 May 2 17:35 src/

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp (master)

$ cd src/main

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp/src/main (master)

$ ll
total 0
drwxr-xr-x 1 saiff 197609 0 May 2 17:35 webapp/

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp/src/main (master)

$ cd webapp

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp/src/main/webapp (master)

$ ll
total 4
drwxr-xr-x 1 saiff 197609 0 May 2 17:35 WEB-INF/
-rw-r--r-- 1 saiff 197609 1354 May 2 17:35 index.jsp

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp/src/main/webapp (master)

$ vi index.jsp

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp/src/main/webapp (master)

$ git status
On branch master
Your branch is up to date with 'origin/master'.

Changes not staged for commit:

 (use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: index.jsp

no changes added to commit (use "git add" and/or "git commit -a")

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp/src/main/webapp (master)

$ add .
bash: add: command not found

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp/src/main/webapp (master)

$ git add .

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp/src/main/webapp (master)

$ git status
On branch master
Your branch is up to date with 'origin/master'.

Changes to be committed:
(use "git restore --staged <file>..." to unstage)
modified: index.jsp

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp/src/main/webapp (master)

$ commit -m "updated index.jsp"
bash: commit: command not found

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp/src/main/webapp (master)

$ commit -m "updated index.jsp file"
bash: commit: command not found

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp/src/main/webapp (master)

$ git commit -m "updated index.jsp file"
[master 9d96f0d] updated index.jsp file
1 file changed, 1 insertion(+), 1 deletion(-)

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp/src/main/webapp (master)

$ git push origin master
Enumerating objects: 13, done.
Counting objects: 100% (13/13), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (7/7), 560 bytes | 560.00 KiB/s, done.
Total 7 (delta 2), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (2/2), completed with 2 local objects.
To https://github.com/SaifPanjesha/hello-world.git
75b7fc3..9d96f0d master -> master

saiff@LAPTOP-H8UBOVRR MINGW64 /d/Devops/hello-world/webapp/src/main/webapp (master)

$

Automate Build and Deploy using poll SCM

Fig. Automate Build and Deploy using poll SCM
Integrating Docker in CI/CD pipeline

Setup a Docker Environment

Setup Docker Host

• Setup a Linux EC2 Instance

• Install Docker

• Start docker services

• Basic docker commands

Setup a Linux EC2 Instance

Fig. Docker Server EC2 Instance

Install Docker
[root@ip-172-31-31-176 ~]# yum install docker -y

Start docker services

[root@ip-172-31-31-176 ~]# service docker start

Basic docker commands

[root@ip-172-31-31-176 ~]# docker images
[root@ip-172-31-31-176 ~]# docker ps //running container
[root@ip-172-31-31-176 ~]# docker ps -a // all container
[root@ip-172-31-31-176 ~]# docker - -version
[root@ip-172-31-31-176 ~]# docker - - help

Create a Tomcat Container

Fig. Creating Docker Container(https://hub.docker.com/)

• Creating Images
[root@dockerhost ~]# docker pull tomcat

[root@dockerhost ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 0183eb12bb0c 6 days ago 680MB

• Creating Container

[root@dockerhost ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

[root@dockerhost ~]# docker run -d --name tomcat-container -p 8081:8080
tomcat

78e9303c67b9f67ca161776a1321da5cb8bad4b85e64c9753a84bf91359ace21

[root@dockerhost ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS

PORTS NAMES

78e9303c67b9 tomcat "catalina.sh run" 14 seconds ago Up 13 seconds

0.0.0.0:8081->8080/tcp, :::8081->8080/tcp tomcat-container
[root@dockerhost ~]#
 Fig. Tomcat Container

Fixing Tomcat Container Issue

Fig. Fixing Tomcat Container Issue

[root@dockerhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS
PORTS NAMES
78e9303c67b9 tomcat "catalina.sh run" 21 minutes ago Up 21 minutes
0.0.0.0:8081->8080/tcp, :::8081->8080/tcp tomcat-container
[root@dockerhost ~]# docker stop tomcat-container
tomcat-container
[root@dockerhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS
PORTS NAMES
78e9303c67b9 tomcat "catalina.sh run" 22 minutes ago Exited (143) 7
seconds ago tomcat-container
[root@dockerhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@dockerhost ~]# docker run -d --name tomca2 -p 8082:8080
tomcat:latest
d4c7db9d910fdceeef014d3e3fc685e9ef04305627373c5e2df1db43c75c03fb
[root@dockerhost ~]# docker exec -it tomca2 /bin/bash
root@d4c7db9d910f:/usr/local/tomcat#

Fig. refuse to connect

Create a Docker File

Fig. Create Docker File

Docker File
vi DockerFile
FROM centos
RUN mkdir /opt/tomcat/
WORKDIR /opt/tomcat
RUN curl -O https://dlcdn.apache.org/tomcat/tomcat-9/v9.0.62/bin/apache-tomcat-
9.0.62.tar.gz
RUN tar -xvzf apache-tomcat-9.0.62.tar.gz
RUN mv apache-tomcat-9.0.62/* /opt/tomcat
RUN cd /etc/yum.repos.d/
RUN sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
RUN sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g'
/etc/yum.repos.d/CentOS-*
RUN yum -y install java
CMD /bin/bash
EXPOSE 8080

CMD ["/opt/tomcat/bin/catalina.sh", "run"]

Run:

docker build -t mytomcat .

Resolving Error for port 8082 Tomcat Container

Fig. refuse to connect

[root@dockerhost ~]# vi DockerFile

FROM tomcat:latest
RUN cp -R /usr/local/tomcat webpp.dist/* /usr/local/tomcatwebapps

Fig. resolving error for port 8085 Apache Tomcat container

Integrate Docker with Jenkins

Create a docker admin user

Install “Publish Over SSH “plugin

Add Docker Host to Jenkins “configure systems”

[root@dockerhost ~]# cat /etc/passwd //User

[root@dockerhost ~]# cat /etc/group //Groups

[root@dockerhost ~]# useradd dockeradmin // Creating Users

[root@dockerhost ~]# passwd dockeradmin // Creating Password
Changing password for user dockeradmin.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
[root@dockerhost ~]#

[root@dockerhost ~]# usermod -aG docker dockeradmin

// Modifying Docker Group
[root@dockerhost ~]# id dockeradmin
uid=1001(dockeradmin) gid=1001(dockeradmin)
groups=1001(dockeradmin),992(docker)
[root@dockerhost ~]#
[root@dockerhost ~]# vi /etc/ssh/sshd_config // Configure path password
yes
[root@dockerhost ~]# vi /etc/ssh/sshd_config
[root@dockerhost ~]# service sshd reload
Redirecting to /bin/systemctl reload sshd.service
[root@dockerhost ~]#

__|___|

https://aws.amazon.com/amazon-linux-2/
[dockeradmin@dockerhost ~]$

Install “Publish Over SSH “plugin

Fig. Publish Over SSH plugin

 Fig. Publish Over SSH plugin Success

Add Docker Host to Jenkins “configure systems”

Fig. Configure System Success

Steps to configure systems:

Login as: dockeradmin

Server refused our key
[email protected]'s password:

┌───────────────────────────────────────────────────────────────
───────┐
│ • MobaXterm Personal Edition v22.0 • │
│ (SSH client, X server and network tools) │
│ │

│ ➤ SSH session to [email protected] │

│ • Direct SSH : ✔ │

│ • SSH compression : ✔ │

│ • SSH-browser : ✔ │

│ • X11-forwarding : ✘ (disabled or not supported by server) │

│ │

│ ➤ For more info, ctrl+click on help or visit our website. │

└───────────────────────────────────────────────────────────────
───────┘

Last login: Wed May 11 11:24:01 2022 from 152.57.203.204

__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/
4 package(s) needed for security, out of 4 available
Run "sudo yum update" to apply all updates.
[dockeradmin@dockerhost ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dockeradmin/.ssh/id_rsa):
/home/dockeradmin/.ssh/id_rsa already exists.
Overwrite (y/n)? y

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/dockeradmin/.ssh/id_rsa.

Your public key has been saved in /home/dockeradmin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3NHEC/uXpcApxGxmukI0Ca3VwRMTOnyww48ZF+eyQZs
dockeradmin@dockerhost
The key's randomart image is:
+---[RSA 2048]----+
| .o.+B*... |
| o*=+BOo. |
| +O.EBo+.o |
| . .@.=o.= .|
| .o S..o . + |
| .. .+ |
| . . |
| |
| |

+----[SHA256]-----+
[dockeradmin@dockerhost ~]$ cd /home/dockeradmin
[dockeradmin@dockerhost ~]$ ll
total 0

[dockeradmin@dockerhost ~]$ cd /.ssh

-bash: cd: /.ssh: No such file or directory

[dockeradmin@dockerhost ~]$ cd /home/dockeradmin/.ssh

[dockeradmin@dockerhost .ssh]$ ll
total 8

-rw------- 1 dockeradmin dockeradmin 1679 May 11 11:35 id_rsa

-rw-r--r-- 1 dockeradmin dockeradmin 404 May 11 11:35 id_rsa.pub

[dockeradmin@dockerhost .ssh]$
Jenkins Job to build and copy the artifacts on to docker host

Creating a new Job item:

Fig. BuildandDeployonContainer item Created

 Fig. deleting Deploy war/ear on Container item.

Build Artifacts over SSH:

Fig. send build artifacts over SSH

 Fig. Configuring SSH Server

Test Case Success:

Fig. Success
[dockeradmin@dockerhost ~]$ ll
total 0
[dockeradmin@dockerhost ~]$ ll
total 0
drwxrwxr-x 3 dockeradmin dockeradmin 25 May 11 12:05 home
[dockeradmin@dockerhost ~]$ ll
total 4
drwxrwxr-x 3 dockeradmin dockeradmin 25 May 11 12:05 home
-rw-rw-r-- 1 dockeradmin dockeradmin 2912 May 11 12:07 webapp.war
[dockeradmin@dockerhost ~]$ rm -rf /home
rm: cannot remove ‘/home/ec2-user’: Permission denied
rm: cannot remove ‘/home/dockeradmin’: Permission denied
[dockeradmin@dockerhost ~]$ rm -rf home/
[dockeradmin@dockerhost ~]$ ll
total 0
[dockeradmin@dockerhost ~]$ ls
[dockeradmin@dockerhost ~]$ ll
total 0
[dockeradmin@dockerhost ~]$ cd ..
[dockeradmin@dockerhost home]$ ll
total 0
drwx------ 2 dockeradmin dockeradmin 6 May 11 12:08 dockeradmin
drwx------ 4 ec2-user ec2-user 125 May 2 21:42 ec2-user
[dockeradmin@dockerhost home]$ cd dockeradmin
[dockeradmin@dockerhost ~]$ ll
total 0
[dockeradmin@dockerhost ~]$ ll
total 4
-rw-r--r-- 1 dockeradmin dockeradmin 2912 May 11 12:09 webapp.war

Update Tomcat Docker File to automate deployment process

[root@dockerhost ~]# cd /opt

[root@dockerhost opt]# ll
total 0
drwxr-xr-x 4 root root 33 Apr 19 16:16 aws
drwx--x--x 4 root root 28 May 2 19:54 containerd
drwxr-xr-x 2 root root 6 Aug 16 2018 rh
[root@dockerhost opt]# mkdir docker
[root@dockerhost opt]# ll
total 0
drwxr-xr-x 4 root root 33 Apr 19 16:16 aws
drwx--x--x 4 root root 28 May 2 19:54 containerd
drwxr-xr-x 2 root root 6 May 11 14:14 docker
drwxr-xr-x 2 root root 6 Aug 16 2018 rh

Permission Given to docker admin :

[root@dockerhost opt]# chmod -R dockeradmin:dockeradmin docker

chmod: invalid mode: ‘dockeradmin:dockeradmin’
Try 'chmod --help' for more information.
[root@dockerhost opt]# chown -R dockeradmin:dockeradmin docker
[root@dockerhost opt]# ll
total 0
drwxr-xr-x 4 root root 33 Apr 19 16:16 aws
drwx--x--x 4 root root 28 May 2 19:54 containerd
drwxr-xr-x 2 dockeradmin dockeradmin 6 May 11 14:14 docker
drwxr-xr-x 2 root root 6 Aug 16 2018 rh

[root@dockerhost opt]# ls -ld //Given Execution Permission

drwxr-xr-x 6 root root 59 May 11 14:14 .

Searching and moving Dockerfile in docker folder

[root@dockerhost opt]# cd root/

-bash: cd: root/: No such file or directory
[root@dockerhost opt]# cd /root
[root@dockerhost ~]# ll
total 8
-rw-r--r-- 1 root root 527 May 2 21:59 Dockerfile
-rw-r--r-- 1 root root 86 May 3 07:34 DockerFile
[root@dockerhost ~]# vi DockerFile
[root@dockerhost ~]# mv Dockerfile /opt/docker
[root@dockerhost ~]# cd /opt/docker
[root@dockerhost docker]# ll
total 4
-rw-r--r-- 1 root root 527 May 2 21:59 Dockerfile
[root@dockerhost docker]# chown -R dockeradmin:dockeradmin Dockerfile
[root@dockerhost docker]# ll
total 4
-rw-r--r-- 1 dockeradmin dockeradmin 527 May 2 21:59 Dockerfile
[root@dockerhost docker]#

Configuring path to copy in cd/opt :

Fig. Remote Directory Path added

[root@dockerhost docker]# ll
total 8
-rw-r--r-- 1 dockeradmin dockeradmin 527 May 2 21:59 Dockerfile
-rw-r--r-- 1 dockeradmin dockeradmin 2912 May 11 14:31 webapp.war
[root@dockerhost docker]#
[root@dockerhost docker]# date
Wed May 11 14:34:06 UTC 2022
FROM tomcat:latest
RUN cp -R /usr/local/tomcat webpp.dist/* /usr/local/tomcatwebapps
COPY ./*.war /usr/local/tomcatwebapps

[root@dockerhost docker]# ll
total 12
-rw-r--r-- 1 dockeradmin dockeradmin 527 May 2 21:59 Dockerfile
-rw-r--r-- 1 dockeradmin dockeradmin 86 May 3 07:34 DockerFile
-rw-r--r-- 1 dockeradmin dockeradmin 2912 May 11 14:31 webapp.war
[root@dockerhost docker]# date
Wed May 11 14:38:20 UTC 2022
[root@dockerhost docker]# vi DockerFile
[root@dockerhost docker]# vi DockerFile
[root@dockerhost docker]# docker build -t tomcat:v1 .
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the
docker daemon running?
[root@dockerhost docker]# cat DockerFile
FROM tomcat:latest
RUN cp -R /usr/local/tomcat webpp.dist/* /usr/local/tomcatwebapps
COPY ./*.war /usr/local/tomcatwebapps
[root@dockerhost docker]# service docker status
Redirecting to /bin/systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor
preset: disabled)
 Active: inactive (dead)
Docs: https://docs.docker.com
[root@dockerhost docker]# service docker start
Redirecting to /bin/systemctl start docker.service
[root@dockerhost docker]# docker build -t tomcat:v1 .
Sending build context to Docker daemon 7.168kB
Step 1/13 : FROM centos
---> 5d0da3dc9764
Step 2/13 : RUN mkdir /opt/tomcat/
---> Using cache
---> 29c2831a4695
Step 3/13 : WORKDIR /opt/tomcat
---> Using cache
---> ecea7cd5c77e
Step 4/13 : RUN curl -O https://dlcdn.apache.org/tomcat/tomcat-
9/v9.0.62/bin/apache-tomcat-9.0.62.tar.gz
---> Using cache
---> 5123cdc2263f
Step 5/13 : RUN tar -xvzf apache-tomcat-9.0.62.tar.gz
---> Using cache
---> 4776da674d01
Step 6/13 : RUN mv apache-tomcat-9.0.62/* /opt/tomcat
---> Using cache
---> fce4b9b7e164
Step 7/13 : RUN cd /etc/yum.repos.d/
---> Using cache
---> f7a2265a5410
Step 8/13 : RUN sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
---> Using cache
---> 2e2e2d5d8a29
Step 9/13 : RUN sed -i
's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g'
/etc/yum.repos.d/CentOS-*
---> Using cache
---> abdcb8de2b2b
Step 10/13 : RUN yum -y install java
---> Using cache
---> 10ce50067582
Step 11/13 : CMD /bin/bash
---> Using cache
---> 4561a92d2242
Step 12/13 : EXPOSE 8080
---> Using cache
---> 95f4005d94f7
Step 13/13 : CMD ["/opt/tomcat/bin/catalina.sh", "run"]
---> Using cache
---> 9c295cdb7c8c
Successfully built 9c295cdb7c8c
Successfully tagged tomcat:v1

Checks Images:

[root@dockerhost docker]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE
demotomcat latest 9c295cdb7c8c 8 days ago 510MB
mytomcat latest 9c295cdb7c8c 8 days ago 510MB
tomcat v1 9c295cdb7c8c 8 days ago 510MB
tomcat latest 0183eb12bb0c 2 weeks ago 680MB
centos latest 5d0da3dc9764 7 months ago 231MB

Running Container :

[root@dockerhost docker]# docker run -d --name tomcatv1 -p 8086:8080

tomcat:v1
edef49a560653ec2a7d2c3cb260abdafaacea025654b5bf91e4124a61c18f0e5
[root@dockerhost docker]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS

PORTS NAMES
edef49a56065 tomcat:v1 "/opt/tomcat/bin/cat…" 7 seconds ago Up 6
seconds 0.0.0.0:8086->8080/tcp, :::8086->8080/tcp tomcatv1

[root@dockerhost docker]#
 Fig. Tomcat Started

Automate Build and Deployment on Docker Container :

cd /opt/docker;
docker build -t regapp:v1 .;
docker run -d --name regapp:v1 -p 8087:8080 regapp:v1
 Fig. Configuration on Jenkins Server

Fig. Removing all running container

docker images prune -a // remove images

 Fig . Tomcat Started on port 8088

Integrate Ansible in CI/CD Pipeline:

Fig. Using Ansible to create containers

Prepare Ansible Server:

• Setup EC2 Instance

• Setup hostname

• Create ansadmin users

• Add Users to sudoers file

• Generate ssh keys

• Enable Password Based Login

• Install Ansible

Setup EC2 Instance

Fig.EC2 Instance Setup For Ansible

Setup hostname

Fig.EC2 Setup hostname For Ansible

Create ansadmin users

Fig. ansadmin users is created

Add Users to sudoers file
The sudoers file is a file Linux and Unix administrators use to allocate system
rights to system users.
Command to enter visudo

Fig. Add Users to sudoers file

• Note: Shift +g to end of line
Configuring SSH

[root@Ansible_Server ~]# vi /etc/ssh/sshd_config

[root@Ansible_Server ~]# service sshd reload

Fig. Configuring Passwd

Enable Password Based Login

Fig. Login as ansadmin

Generated SSH Keys:

[ansadmin@Ansible_Server ~]$ ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansadmin/.ssh/id_rsa):
Created directory '/home/ansadmin/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansadmin/.ssh/id_rsa.
Your public key has been saved in /home/ansadmin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:+4bEKmcZCo4uVhQ8BYqwqn/bZwLbV+Cl30l0dUDJMlE
ansadmin@Ansible_Server
The key's randomart image is:
+---[RSA 2048]----+
|. ..o. .=Eo |
|o..+ o o o|
|o. o o ..|
|. . . . . . |
|. . oS+ . . |
|. ... . =.. . |
|.o.. = =.+ o . |
|oo. =.B =.o o |
|+....=.= .. |
+----[SHA256]-----+
[ansadmin@Ansible_Server ~]$

Install Ansible
 Fig. Installing Ansible
Note: For Installing Ansible required python which inbuilt comes amazon ec2
service.

Integrate Docker with Ansible:

• On Docker Host

• Create ansadmin
• Add ansadmin to sudoers file
• Enable Password Based Login

• On Ansible Node

• Add to host file

• Copy ssh keys
• Test the Connection
 Create ansadmin

Fig. Created ansadmin for docker

Add ansadmin to sudoers file

The sudoers file is a file Linux and Unix administrators use to allocate system
rights to system users.

Fig. Created ansadmin added to sudoers file

Enable Password Based Login

Fig. Enable Password Based Login

----------------On Ansible Node-----------------

Add to host file

[root@Ansible_Server ~]# vi /etc/ansible/hosts

Fig. Added host ipconfig address from docker host

Copy ssh keys

Fig. Copying sshkey to docker host.

[ansadmin@Ansible_Server ~]$ cat .ssh/id_rsa.pub
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCtCHrU93Nngsu3VtGfMvQktI1pktg
GWyd9z8iyiak0Dizs8AiIPGEEwoP4ihhsx8l9loSU5i1D9/rGG2KtpQh95SXUzgfvu
tnA/UEuEiPV1oTYpeteltG868/qsCLUME8b9nJU57g782QvnNBS4OBmNUHTQ6
egxxpwtOzl/O1Oq8eNe84QODGyuOk7EJqjLxOh17B/BeRG07sKLvA/n183pep6
dM+5OwdTe+c1wuoJ2V9mdD/fbIfKkC789LofxNuZPuvOF5sn9KeuJ65pOuUn6t
/L6Ev2vUw2YXe8FCQrBgY6Ab02RIc2VufjfJ+nUXwaGoV67p/2VGcyQwXdvdcb
ansadmin@Ansible_Server
[ansadmin@Ansible_Server ~]$

[ansadmin@dockerhost .ssh]$ cat authorized_keys

ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCtCHrU93Nngsu3VtGfMvQktI1pktg
GWyd9z8iyiak0Dizs8AiIPGEEwoP4ihhsx8l9loSU5i1D9/rGG2KtpQh95SXUzgfvu
tnA/UEuEiPV1oTYpeteltG868/qsCLUME8b9nJU57g782QvnNBS4OBmNUHTQ6
egxxpwtOzl/O1Oq8eNe84QODGyuOk7EJqjLxOh17B/BeRG07sKLvA/n183pep6
dM+5OwdTe+c1wuoJ2V9mdD/fbIfKkC789LofxNuZPuvOF5sn9KeuJ65pOuUn6t
/L6Ev2vUw2YXe8FCQrBgY6Ab02RIc2VufjfJ+nUXwaGoV67p/2VGcyQwXdvdcb
ansadmin@Ansible_Server
[ansadmin@dockerhost .ssh]$
Test the Connection

[ansadmin@Ansible_Server ~]$ ansible all -m ping

[ansadmin@Ansible_Server ~]$ ansible all -m command -a uptime

Fig. Connection Success

Integrate Ansible with Jenkins:

Fig. Configuring Ansible with Jenkins

Fig. Testing Success and save it.

Creating Item:

Fig. CopyArtifact_onto_Ansible

Fig. Configuring SSH Server with ansible-server

Creating docker directory on Ansible Server:

[root@Ansible_Server ~]# cd /opt

[root@Ansible_Server opt]# ll
total 0
drwxr-xr-x 4 root root 33 Apr 28 19:54 aws
drwxr-xr-x 2 root root 6 Aug 16 2018 rh
[root@Ansible_Server opt]# mkdir docker
[root@Ansible_Server opt]# ll
total 0
drwxr-xr-x 4 root root 33 Apr 28 19:54 aws
drwxr-xr-x 2 root root 6 May 13 09:36 docker
drwxr-xr-x 2 root root 6 Aug 16 2018 rh
[root@Ansible_Server opt]# chown ansadmin:ansadmin docker
[root@Ansible_Server opt]# ll
total 0
drwxr-xr-x 4 root root 33 Apr 28 19:54 aws
drwxr-xr-x 2 ansadmin ansadmin 6 May 13 09:36 docker
drwxr-xr-x 2 root root 6 Aug 16 2018 rh
[root@Ansible_Server opt]#
Console Output:

Fig. Success Build on Jenkins

[root@Ansible_Server opt]# cd docker

[root@Ansible_Server docker]# ll
total 4
-rw-rw-r-- 1 ansadmin ansadmin 2907 May 13 09:41 webapp.war
[root@Ansible_Server docker]# date
Fri May 13 09:42:51 UTC 2022
[root@Ansible_Server docker]#
Build an Image and create Container on Ansible

Step 1: Installing docker

[root@Ansible_Server docker] # yum install docker
[root@Ansible_Server docker]# cat /etc/group

Fig. Docker Successful Installed on Ansible

[root@Ansible_Server docker]# usermod -aG docker ansadmin

[root@Ansible_Server docker]# id ansadmin
uid=1001(ansadmin) gid=1001(ansadmin)
groups=1001(ansadmin),992(docker)
[root@Ansible_Server docker]# service docker start
Redirecting to /bin/systemctl start docker.service
[root@Ansible_Server docker]# service docker status
Redirecting to /bin/systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor
preset: disabled)
Active: active (running) since Fri 2022-05-13 11:51:21 UTC; 25s ago
 Docs: https://docs.docker.com
Process: 3450 ExecStartPre=/usr/libexec/docker/docker-setup-runtimes.sh
(code=exited, status=0/SUCCESS)
Process: 3440 ExecStartPre=/bin/mkdir -p /run/docker (code=exited,
status=0/SUCCESS)
Main PID: 3458 (dockerd)
Tasks: 7
Memory: 27.4M
CGroup: /system.slice/docker.service
└─3458 /usr/bin/dockerd -H fd:// --
containerd=/run/containerd/containerd.sock --default-ulimit
nofile=32768:65536

May 13 11:51:21 Ansible_Server dockerd[3458]: time="2022-05-

13T11:51:21.544859745Z" level=info msg="scheme \"unix\" not registered,
fallback to default sc...dule=grpc
May 13 11:51:21 Ansible_Server dockerd[3458]: time="2022-05-
13T11:51:21.545114355Z" level=info msg="ccResolverWrapper: sending
update to cc: {[{unix:///ru...dule=grpc
May 13 11:51:21 Ansible_Server dockerd[3458]: time="2022-05-
13T11:51:21.545391892Z" level=info msg="ClientConn switching balancer to
\"pick_first\"" module=grpc
May 13 11:51:21 Ansible_Server dockerd[3458]: time="2022-05-
13T11:51:21.584329972Z" level=info msg="Loading containers: start."
May 13 11:51:21 Ansible_Server dockerd[3458]: time="2022-05-
13T11:51:21.798738326Z" level=info msg="Default bridge (docker0) is
assigned with an IP addres... address"
May 13 11:51:21 Ansible_Server dockerd[3458]: time="2022-05-
13T11:51:21.858803093Z" level=info msg="Loading containers: done."
May 13 11:51:21 Ansible_Server dockerd[3458]: time="2022-05-
13T11:51:21.872257256Z" level=info msg="Docker daemon" commit=906f57f
graphdriver(s)=overlay2 ...=20.10.13
May 13 11:51:21 Ansible_Server dockerd[3458]: time="2022-05-
13T11:51:21.872693304Z" level=info msg="Daemon has completed
initialization"
May 13 11:51:21 Ansible_Server systemd[1]: Started Docker Application
Container Engine.
May 13 11:51:21 Ansible_Server dockerd[3458]: time="2022-05-
13T11:51:21.898522550Z" level=info msg="API listen on /run/docker.sock"
Hint: Some lines were ellipsized, use -l to show in full.
[root@Ansible_Server docker]# ^C

Creating Docker File:

[ansadmin@Ansible_Server docker]$ vi Dockerfile

FROM tomcat:latest
RUN cp -R /usr/local/tomcat webpp.dist/* /usr/local/tomcatwebapps
COPY ./*.war /usr/local/tomcatwebapps

Build The File:

docker build -t regapp:v1 .

Docker Images
[ansadmin@Ansible_Server docker]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
regapp v1 15574dfecf93 About a minute ago 510MB
tomcat latest 6a1271dfce51 36 hours ago 680MB
centos latest 5d0da3dc9764 7 months ago 231MB

Create a Container out of it :

[ansadmin@Ansible_Server docker]$ docker build -t regapp:v1 .

Output Console:

Fig.Tomcat Started
Ansible Playbook to create image and container

Fig.Default ansible-playbook hosts

[ansadmin@Ansible_Server docker]$ sudo vi /etc/ansible/hosts

Fig. Adding address for host

[ansadmin@Ansible_Server docker]$ sudo vi /etc/ansible/hosts
[ansadmin@Ansible_Server docker]$ ansible all -a uptime
[WARNING]: Platform linux on host 172.31.31.176 is using the discovered
Python interpreter at /usr/bin/python, but future installation of another
Python interpreter
could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_dis
covery.html for more information.
172.31.31.176 | CHANGED | rc=0 >>
16:35:26 up 3 min, 2 users, load average: 0.01, 0.01, 0.00
[WARNING]: Platform linux on host 172.31.26.13 is using the discovered
Python interpreter at /usr/bin/python, but future installation of another
Python interpreter
could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_dis
covery.html for more information.
172.31.26.13 | CHANGED | rc=0 >>
16:35:26 up 32 min, 2 users, load average: 0.08, 0.02, 0.01
[ansadmin@Ansible_Server docker]$
Creating playbook:

Fig. regapp.yml is created for ansible playbook

Fig. Successful docker Image is Created

Copying Images on dockerhub:

Fig .Dockerhub account

Fig. Added Images to Docker Hub

 Fig. Successful Copying Images on Docker Hub

Jenkins Job to build an image on ansible:

[ansadmin@Ansible_Server docker]$ vi regapp.yml

Fig. Created Ansible playbook

[ansadmin@Ansible_Server docker]$ vi regapp.yml
[ansadmin@Ansible_Server docker]$ ^C
[ansadmin@Ansible_Server docker]$ ansible-playbook regapp.yml --check

PLAY [ansible]
****************************************************************
****************************************************************
***********************

TASK [Gathering Facts]

****************************************************************
****************************************************************
***************
[WARNING]: Platform linux on host 172.31.26.13 is using the discovered
Python interpreter at /usr/bin/python, but future installation of another
Python interpreter
could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_dis
covery.html for more information.
ok: [172.31.26.13]

TASK [create docker image]

****************************************************************
****************************************************************
***********
skipping: [172.31.26.13]

TASK [create tag to push image on docker hub]

****************************************************************
********************************************************
skipping: [172.31.26.13]
TASK [push docker image on docker hub]
****************************************************************
***************************************************************
skipping: [172.31.26.13]

PLAY RECAP
****************************************************************
****************************************************************
***************************
172.31.26.13 : ok=1 changed=0 unreachable=0 failed=0
skipped=3 rescued=0 ignored=0

[ansadmin@Ansible_Server docker]$

Fig. Configuring Artifact onto Ansible

ansible-playbook /opt/docker/regapp.yml
 Fig. Editing index.jsp file

[ansadmin@Ansible_Server docker]$ ll
total 12
-rw-rw-r-- 1 ansadmin ansadmin 528 May 13 12:12 Dockerfile
-rw-rw-r-- 1 ansadmin ansadmin 357 May 13 18:21 regapp.yml
-rw-rw-r-- 1 ansadmin ansadmin 2913 May 13 18:59 webapp.war
[ansadmin@Ansible_Server docker]$ date
Fri May 13 19:00:02 UTC 2022
[ansadmin@Ansible_Server docker]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
regapp latest 15574dfecf93 7 hours ago 510MB
regapp v1 15574dfecf93 7 hours ago 510MB
saifshah/regapp latest 15574dfecf93 7 hours ago 510MB
tomcat latest 6a1271dfce51 43 hours ago 680MB
centos latest 5d0da3dc9764 8 months ago 231MB
[ansadmin@Ansible_Server docker]$

Fig. Success Build an image on ansible

How to create container on dockerhost using ansible playbook -Devops
Project:

Fig. Create new dockerhosts playbook for ansible

Fig. Successful Check

 Fig. Error to fix permission

Fig. Fixed Permission Error

Fig. ansible-playbook deploy-regapp.yml success

 Fig. Images and Container are running

Fig. Access to the port 8082 on server

Continous deployment of docker container using ansible playbook

Deploy ansible playbook

• Remove existing container

• Remove existing image
• Create new container
 Fig. Creating ansible playbook
Note : ignore_errors : yes // ignoring the tasks

Fig . Check Succesful

Fig . Docker Images and Container

 Fig. Succesful ansible playbook created

Fig . Docker images and container output after ansible playbook

Hint: https://docs.ansible.com/ansible/2.4/docker_image_module.html

Jenkins CI/CD to deploy on container using Ansible

Fig. Configuring deploy_regapp.yml

 Fig. Build Success

Fig. Success Build an image on ansible

Kubernetes:

Fig. Kubernetes

Kubernetes installation methods:

Installing Kubernetes with deployment tools

Bootstrapping clusters with kubeadm

Installing Kubernetes with kops
Installing Kubernetes with Kubespray

Turnkey Cloud Solutions

Windows in Kubernetes

Windows containers in Kubernetes

EKS installation procedure

Kubernetes Setup using eksctl

Pre-requisites:

• an EC2 Instance

Fig. EKS Bootstrap Server

• Install AWSCLI latest version

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o
"awscliv2.zip"

unzip awscliv2.zip

sudo ./aws/install
 Fig. Successful AWS cli updated

1. Setup kubectl

a. Download kubectl version 1.22

curl -o kubectl https://s3.us-west-2.amazonaws.com/amazon-

eks/1.22.6/2022-03-09/bin/linux/amd64/kubectl

Fig. Kubectl version 1.22

b. Grant execution permissions to kubectl executable

[root@ip-172-31-85-40 ~]# chmod +x kubectl

c. Move kubectl onto /usr/local/bin

[root@ip-172-31-85-40 ~]# mv kubectl /usr/local/bin

d. Test that your kubectl installation was successful

[root@ip-172-31-85-40 ~]# kubectl version

Client Version: version.Info{Major:"1", Minor:"22+", GitVersion:"v1.22.6-

eks-7d68063",
GitCommit:"f24e667e49fb137336f7b064dba897beed639bad",
GitTreeState:"clean", BuildDate:"2022-02-23T19:32:14Z",
GoVersion:"go1.16.12", Compiler:"gc", Platform:"linux/amd64"}

The connection to the server localhost:8080 was refused - did you specify
the right host or port?

2. Setup eksctl

a. Download and extract the latest release

curl --silent --location

"https://github.com/weaveworks/eksctl/releases/latest/download/ek
sctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp

Fig. eksctl download and release

b. Move the extracted binary to /usr/local/bin

[root@ip-172-31-85-40 tmp]# mv eksctl /usr/local/bin

c. Test that your eksctl installation was successful

[root@ip-172-31-85-40 tmp]# eksctl version

0.97.0
3. Create an IAM Role and attache it to EC2 instance
Note: create IAM user with programmatic access if your bootstrap
system is outside of AWS
IAM user should have access to
IAM
EC2
CloudFormation
Note: Check eksctl documentaiton for Minimum IAM policies

Fig. Created IAM role

Fig. Role Save to EC2 Instance

 4. Create your cluster and nodes

eksctl create cluster --name cluster-name \

--region region-name \
--node-type instance-type \
--nodes-min 2 \
--nodes-max 2 \
--zones <AZ-1>,<AZ-2>

Example :
eksctl create cluster --name saifshah-cluster \
--region us-east-1 \
--node-type t2.small \

Output:
 Fig. Cluster Created

Fig. Stacks in CloudFormation

5. To delete the EKS clsuter

eksctl delete cluster saifshah --region us-east-1
 6. Validate your cluster using by creating by checking nodes and by
creating a pod

Fig. cat /root/. kube/config

Fig. Created nodes and check all service/Kubernetes

Creating a pod:

Fig . Pod Successful created

Command for only showing pod:
[root@EKS_Bootstrap_Server tmp]# kubectl get po
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
NAME READY STATUS RESTARTS AGE
webapp 0/1 ImagePullBackOff 0 2m44s
[root@EKS_Bootstrap_Server tmp]#

---------------------------------------------------------------------------------------------------------
Run Kubernetes Basic Commands:

7. Deploying Nginx Container

kubectl create deployment demo-nginx --image=nginx --replicas=2 --port=80

# kubectl deployment regapp --image=saifshah/regapp --replicas=2 --
port=8080

kubectl get all

kubectl get pod
 Fig. Deploying Ngnix Container

8. Expose the deployment as service. This will create an ELB in front of

those 2 containers and allow us to publicly access them.

kubectl expose deployment demo-nginx --port=80 --type=LoadBalancer

# kubectl expose deployment regapp --port=8080 --type=LoadBalancer
kubectl get services -o wide

Fig. Deployment as a service

 Fig. Created load balancer after deployment.

kubectl get services -o wide

Fig. Kubectl services.

Create a Manifest File:

Fig. Deleted earlier configuration

Creating a manifest file:

[root@EKS_Bootstrap_Server tmp]# vi pod.yml

apiVersion v1
kind: pod
metadata:
name: data-pod
labels:
users: my-user
spec:
containers:
- name: demo-nginx
image: ngnix
ports:
- name: demo-nginx
containerPort: 80

Creating a service manifest file:

[root@EKS_Bootstrap_Server tmp]# vi service.yml

[root@EKS_Bootstrap_Server tmp]# cat service.yml
apiVersion: v1
kind: Service
metadata:
name: demo-Service
spec:
ports:
- name: ngnix-port
port: 80
targetPort: 80

type: LoadBalancer

Output: pod.yml
[root@EKS_Bootstrap_Server tmp]# cat pod.yml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
labels:
app: demo-app

spec:
containers:
- name: nginx-container
image: nginx
ports:
- name: nginx
 containerPort: 80
[root@EKS_Bootstrap_Server tmp]# kubectl apply -f pod.yml //applying
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
pod/nginx-pod created
[root@EKS_Bootstrap_Server tmp]# kubectl get all
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
NAME READY STATUS RESTARTS AGE
pod/nginx-pod 1/1 Running 0 25s

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

service/kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 7h37m
[root@EKS_Bootstrap_Server tmp]#

Output : service.yml

[root@EKS_Bootstrap_Server tmp]# clear

[root@EKS_Bootstrap_Server tmp]# ll
total 8
-rw-r--r-- 1 root root 199 May 16 20:11 pod.yml
-rw-r--r-- 1 root root 160 May 16 20:16 service.yml
drwx------ 3 root root 17 May 16 19:39 systemd-private-
2a2e6e9d1ac347feaab952b1c678ed15-chronyd.service-2einFz
[root@EKS_Bootstrap_Server tmp]# cat service.yml
apiVersion: v1
kind: Service
metadata:
name: demo-service

spec:
ports:
- name: ngnix-port
port: 80
targetPort: 80

type: LoadBalancer

[root@EKS_Bootstrap_Server tmp]# kubectl apply -f service.yml

Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
service/demo-service created
[root@EKS_Bootstrap_Server tmp]# kubectl get all
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
NAME READY STATUS RESTARTS AGE
pod/nginx-pod 1/1 Running 0 5m32s

NAME TYPE CLUSTER-IP EXTERNAL-IP

PORT(S) AGE
service/demo-service LoadBalancer 10.100.56.237
afade1324bbc8455fa7b71537a4bcf6e-1513829373.us-east-
1.elb.amazonaws.com 80:31295/TCP 22s
service/kubernetes ClusterIP 10.100.0.1 <none>
443/TCP 7h42m
[root@EKS_Bootstrap_Server tmp]#

Fig. LoadBalancer is created.

Setup Pod and Service:

Fig. Adding Label as a selector app

Fig. Using Labels & Selector

 Fig. Output Successful out of Service Load Balancer Working.

Integrating Kubernetes in CI/CD pipeline:

Deleting previous configuration:

[root@EKS_Bootstrap_Server tmp]# kubectl get all
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
NAME READY STATUS RESTARTS AGE
pod/nginx-pod 1/1 Running 0 35m

NAME TYPE CLUSTER-IP EXTERNAL-IP

PORT(S) AGE
service/demo-service LoadBalancer 10.100.56.237
afade1324bbc8455fa7b71537a4bcf6e-1513829373.us-east-
1.elb.amazonaws.com 80:31295/TCP 30m
service/kubernetes ClusterIP 10.100.0.1 <none>
443/TCP 8h
[root@EKS_Bootstrap_Server tmp]# kubectl delete pod/nginx-pod
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
pod "nginx-pod" deleted
[root@EKS_Bootstrap_Server tmp]# kubectl get po
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
No resources found in default namespace.
[root@EKS_Bootstrap_Server tmp]# kubectl delete service/demo-service
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
service "demo-service" deleted
[root@EKS_Bootstrap_Server tmp]#

Write a deployment file:

[root@EKS_Bootstrap_Server ~]# cat regapp-deploy.yml

apiVersion: apps/v1
kind: Deployment
metadata:
name: saifshah-regapp
labels:
app: regapp
spec:
replicas: 3
selector:
matchLabels:
app: regapp

template:
metadata:
labels:
app: regapp
spec:
containers:
- name: regapp
image: saifshah/regapp
imagePullPolicy: Always
ports:
- containerPort: 8080
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1

[root@EKS_Bootstrap_Server ~]# cat regapp-service.yml

apiVersion: v1
kind: Service
metadata:
name: saifshah-service
labels:
app: regapp
spec:
selector:
app: regapp

ports:
- port: 8080
targetPort: 8080

type: LoadBalancer

[root@EKS_Bootstrap_Server ~]#

[root@EKS_Bootstrap_Server ~]# ls
aws awscliv2.zip regapp-deploy.yml regapp-service.yml
[root@EKS_Bootstrap_Server ~]# kubectl apply -f regapp-deploy.yml
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
error: error when retrieving current configuration of:
Resource: "apps/v1, Resource=deployments", GroupVersionKind: "apps/v1,
Kind=Deployment"
Name: "saifshah/regapp", Namespace: "default"
from server for: "regapp-deploy.yml": invalid resource name
"saifshah/regapp": [may not contain '/']
[root@EKS_Bootstrap_Server ~]# vi regapp-deploy.yml
[root@EKS_Bootstrap_Server ~]# clear
[root@EKS_Bootstrap_Server ~]# ls
aws awscliv2.zip regapp-deploy.yml regapp-service.yml
[root@EKS_Bootstrap_Server ~]# kubectl apply -f regapp-deploy.yml
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
deployment.apps/saifshah-regapp created
[root@EKS_Bootstrap_Server ~]# vi regapp-service.yml
[root@EKS_Bootstrap_Server ~]# kubectl apply -f regapp-service.yml
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
service/saifshah-service created
[root@EKS_Bootstrap_Server ~]# kubectl get all
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
NAME READY STATUS RESTARTS AGE
pod/saifshah-regapp-67dc7d6554-5gdbh 1/1 Running 0 3m53s
pod/saifshah-regapp-67dc7d6554-n8vfm 1/1 Running 0 3m53s
pod/saifshah-regapp-67dc7d6554-q4bnf 1/1 Running 0 3m53s

NAME TYPE CLUSTER-IP EXTERNAL-IP

PORT(S) AGE
service/kubernetes ClusterIP 10.100.0.1 <none>
443/TCP 24h
service/saifshah-service LoadBalancer 10.100.223.173
a1968e704ce994e9e8a9832790201698-1437160444.us-east-
1.elb.amazonaws.com 8080:32727/TCP 3m4s

NAME READY UP-TO-DATE AVAILABLE AGE

deployment.apps/saifshah-regapp 3/3 3 3 3m53s

NAME DESIRED CURRENT READY AGE

replicaset.apps/saifshah-regapp-67dc7d6554 3 3 3 3m53s
[root@EKS_Bootstrap_Server ~]# kubectl describe
error: You must specify the type of resource to describe. Use "kubectl api-
resources" for a complete list of supported resources.
[root@EKS_Bootstrap_Server ~]# kubectl describe service/saifshah-service
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
Name: saifshah-service
Namespace: default
Labels: app=regapp
Annotations: <none>
Selector: app=regapp
Type: LoadBalancer
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.100.223.173
IPs: 10.100.223.173
LoadBalancer Ingress: a1968e704ce994e9e8a9832790201698-
1437160444.us-east-1.elb.amazonaws.com
Port: <unset> 8080/TCP
TargetPort: 8080/TCP
NodePort: <unset> 32727/TCP
Endpoints:
192.168.0.41:8080,192.168.27.33:8080,192.168.33.84:8080
Session Affinity: None
External Traffic Policy: Cluster
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal EnsuringLoadBalancer 3m42s service-controller Ensuring load
balancer
Normal EnsuredLoadBalancer 3m37s service-controller Ensured load
balancer
[root@EKS_Bootstrap_Server ~]# kubectl get pod -o wide
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
NAME READY STATUS RESTARTS AGE IP NODE
NOMINATED NODE READINESS GATES
saifshah-regapp-67dc7d6554-5gdbh 1/1 Running 0 5m38s
192.168.0.41 ip-192-168-0-77.ec2.internal <none> <none>
saifshah-regapp-67dc7d6554-n8vfm 1/1 Running 0 5m38s
192.168.33.84 ip-192-168-48-13.ec2.internal <none> <none>
saifshah-regapp-67dc7d6554-q4bnf 1/1 Running 0 5m38s
192.168.27.33 ip-192-168-0-77.ec2.internal <none> <none>
[root@EKS_Bootstrap_Server ~]#
After deletion 3 pods in replica set :

[root@EKS_Bootstrap_Server ~]# kubectl delete pod saifshah-regapp-

67dc7d6554-5gdbh
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
pod "saifshah-regapp-67dc7d6554-5gdbh" deleted
[root@EKS_Bootstrap_Server ~]# kubectl get pod -o wide
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
NAME READY STATUS RESTARTS AGE IP NODE
NOMINATED NODE READINESS GATES
saifshah-regapp-67dc7d6554-n8vfm 1/1 Running 0 12m
192.168.33.84 ip-192-168-48-13.ec2.internal <none> <none>
saifshah-regapp-67dc7d6554-q4bnf 1/1 Running 0 12m
192.168.27.33 ip-192-168-0-77.ec2.internal <none> <none>
saifshah-regapp-67dc7d6554-r6mkj 1/1 Running 0 6s
192.168.18.246 ip-192-168-0-77.ec2.internal <none> <none> //new
pod created
[root@EKS_Bootstrap_Server ~]#
Integrate Kubernetes Bootstrap Server with Ansible:

On Bootstrap Server:

• Create ansadmin
[root@EKS_Bootstrap_Server ~]# useradd ansadmin
[root@EKS_Bootstrap_Server ~]# visudo
• Add ansadmin to sudoers file

Fig. Add ansadmin to sudoers file

 • Enable Password based login

[root@EKS_Bootstrap_Server ~]# service sshd reload

Redirecting to /bin/systemctl reload sshd.service

Fig. [root@EKS_Bootstrap_Server ~]# vi /etc/ssh/sshd_config

On Ansible Node:
[root@Ansible_Server ~]# sudo su - ansadmin
Last login: Sat May 14 08:19:14 UTC 2022 from 152.57.213.2 on pts/1
[ansadmin@Ansible_Server ~]$ cd /opt/docker
[ansadmin@Ansible_Server docker]$ ll
total 16
-rw-rw-r-- 1 ansadmin ansadmin 381 May 14 07:49 deploy_regapp.yml
-rw-rw-r-- 1 ansadmin ansadmin 528 May 13 12:12 Dockerfile
-rw-rw-r-- 1 ansadmin ansadmin 357 May 13 18:21 regapp.yml
-rw-rw-r-- 1 ansadmin ansadmin 2913 May 14 08:28 webapp.war
[ansadmin@Ansible_Server docker]$ mv regapp.yml
create_image_regapp.yml
[ansadmin@Ansible_Server docker]$ ll
total 16
-rw-rw-r-- 1 ansadmin ansadmin 357 May 13 18:21
create_image_regapp.yml
-rw-rw-r-- 1 ansadmin ansadmin 381 May 14 07:49 deploy_regapp.yml
-rw-rw-r-- 1 ansadmin ansadmin 528 May 13 12:12 Dockerfile
-rw-rw-r-- 1 ansadmin ansadmin 2913 May 14 08:28 webapp.war
[ansadmin@Ansible_Server docker]$ cat deploy_regapp.yml
---
- hosts : dockerhost

tasks:
- name : stop existing container
command : docker stop regapp-server

- name : remove the container

command : docker rm regapp-server

- name : remove image

command : docker rmi saifshah/regapp:latest

- name : create docker container

command : docker run -d --name regapp-server -p 8082:8080
saifshah/regapp:latest
[ansadmin@Ansible_Server docker]$ mv deploy_regapp.yml
docker_deployment_regapp.yml
[ansadmin@Ansible_Server docker]$ ll
total 16
-rw-rw-r-- 1 ansadmin ansadmin 357 May 13 18:21
create_image_regapp.yml
-rw-rw-r-- 1 ansadmin ansadmin 381 May 14 07:49
docker_deployment_regapp.yml
-rw-rw-r-- 1 ansadmin ansadmin 528 May 13 12:12 Dockerfile
-rw-rw-r-- 1 ansadmin ansadmin 2913 May 14 08:28 webapp.war
[ansadmin@Ansible_Server docker]$

[root@EKS_Bootstrap_Server ~]# passwd ansadmin

Changing password for user ansadmin.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
[root@EKS_Bootstrap_Server ~]#

• Add to hosts file

[ansadmin@Ansible_Server docker]$ vi hosts
[ansadmin@Ansible_Server docker]$ cat hosts
localhost

[kubernetes]
172.31.85.40

[ansible]
172.31.26.13
[ansadmin@Ansible_Server docker]$

• Copy ssh keys

[ansadmin@Ansible_Server docker]$ ssh-copy-id 172.31.85.40

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed:
"/home/ansadmin/.ssh/id_rsa.pub"
The authenticity of host '172.31.85.40 (172.31.85.40)' can't be
established.
ECDSA key fingerprint is
SHA256:eBN1hfJascvuNM/WaTVamjZqJOqCVahsgPQKljMW+0E.
ECDSA key fingerprint is
MD5:5f:dd:07:95:8a:01:be:8a:85:a8:52:7e:4e:e7:46:a2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are
prompted now it is to install the new keys
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '172.31.85.40'"

and check to make sure that only the key(s) you wanted were added.
 • Test the Connection

[ansadmin@Ansible_Server docker]$ ansible -i hosts all -a uptime

[WARNING]: Platform linux on host 172.31.85.40 is using the
discovered Python interpreter at /usr/bin/python, but future
installation of another Python interpreter
could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpret
er_discovery.html for more information.
172.31.85.40 | CHANGED | rc=0 >>
18:47:04 up 25 min, 3 users, load average: 0.00, 0.00, 0.00
[WARNING]: Platform linux on host localhost is using the discovered
Python interpreter at /usr/bin/python, but future installation of
another Python interpreter
could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpret
er_discovery.html for more information.
localhost | CHANGED | rc=0 >>
18:47:04 up 26 min, 4 users, load average: 0.00, 0.00, 0.00
[WARNING]: Platform linux on host 172.31.26.13 is using the
discovered Python interpreter at /usr/bin/python, but future
installation of another Python interpreter
could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpret
er_discovery.html for more information.
172.31.26.13 | CHANGED | rc=0 >>
18:47:04 up 26 min, 4 users, load average: 0.00, 0.00, 0.00

Create Ansible Playbooks for deployment and Service File:

[ansadmin@Ansible_Server docker]$ vi kube_deploy.yml

 Fig. Kubernetes deploy file created

[ansadmin@Ansible_Server docker]$ vi kube_service.yml

Fig. Kubernetes service file created

[ansadmin@Ansible_Server docker]$ ls
create_image_regapp.yml docker_deployment_regapp.yml Dockerfile hosts
webapp.war
[ansadmin@Ansible_Server docker]$ vi kube_deploy.yml
[ansadmin@Ansible_Server docker]$ vi kube_deploy.yml
[ansadmin@Ansible_Server docker]$ ^C
[ansadmin@Ansible_Server docker]$ vi kube_service.yml
[ansadmin@Ansible_Server docker]$ ^C
[ansadmin@Ansible_Server docker]$ ansible-playbook -i /root/docker/hosts
kube_deploy.yml
[WARNING]: Unable to parse /root/docker/hosts as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note
that the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: kubernetes

PLAY [kubernetes]
****************************************************************
****************************************************************
********************
skipping: no hosts matched

PLAY RECAP
****************************************************************
****************************************************************
***************************

[ansadmin@Ansible_Server docker]$ ansible-playbook -i /opt/docker/hosts

kube_deploy.yml
PLAY [kubernetes]
****************************************************************
****************************************************************
********************

TASK [Gathering Facts]

****************************************************************
****************************************************************
***************
[WARNING]: Platform linux on host 172.31.85.40 is using the discovered
Python interpreter at /usr/bin/python, but future installation of another
Python interpreter
could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_dis
covery.html for more information.
ok: [172.31.85.40]

TASK [deploy regapp on kubernetes]

****************************************************************
****************************************************************
***
fatal: [172.31.85.40]: FAILED! => {"changed": false, "cmd": "kubectl apply -f
/root/regapp-deploy.yml", "msg": "[Errno 2] No such file or directory", "rc":
2}

PLAY RECAP
****************************************************************
****************************************************************
***************************
172.31.85.40 : ok=1 changed=0 unreachable=0 failed=1
skipped=0 rescued=0 ignored=0
[ansadmin@Ansible_Server docker]$ vi kube_deploy.yml
[ansadmin@Ansible_Server docker]$ ansible-playbook -i /opt/docker/hosts
kube_deploy.yml

PLAY [kubernetes]
****************************************************************
****************************************************************
********************

TASK [Gathering Facts]

****************************************************************
****************************************************************
***************
fatal: [172.31.85.40]: UNREACHABLE! => {"changed": false, "msg": "Failed to
connect to the host via ssh: Permission denied (publickey,gssapi-
keyex,gssapi-with-mic,password).", "unreachable": true}

PLAY RECAP
****************************************************************
****************************************************************
***************************
172.31.85.40 : ok=0 changed=0 unreachable=1 failed=0
skipped=0 rescued=0 ignored=0

[ansadmin@Ansible_Server docker]$ vi kube_deploy.yml

[ansadmin@Ansible_Server docker]$ ls
create_image_regapp.yml docker_deployment_regapp.yml Dockerfile hosts
kube_deploy.yml kube_service.yml webapp.war
[ansadmin@Ansible_Server docker]$ vi kube_service.yml
[ansadmin@Ansible_Server docker]$

[ansadmin@Ansible_Server docker]$ ansible-playbook -i /opt/docker/hosts

kube_deploy.yml

PLAY [kubernetes]
****************************************************************
****************************************************************
********************

TASK [Gathering Facts]

****************************************************************
****************************************************************
***************
fatal: [172.31.85.40]: UNREACHABLE! => {"changed": false, "msg": "Failed to
connect to the host via ssh: Permission denied (publickey,gssapi-
keyex,gssapi-with-mic,password).", "unreachable": true}

PLAY RECAP
****************************************************************
****************************************************************
***************************
172.31.85.40 : ok=0 changed=0 unreachable=1 failed=0
skipped=0 rescued=0 ignored=0

[ansadmin@Ansible_Server docker]$ vi kube_deploy.yml

[ansadmin@Ansible_Server docker]$ ls
create_image_regapp.yml docker_deployment_regapp.yml Dockerfile hosts
kube_deploy.yml kube_service.yml webapp.war
[ansadmin@Ansible_Server docker]$ vi kube_service.yml
[ansadmin@Ansible_Server docker]$ ^C
[ansadmin@Ansible_Server docker]$ ansible-playbook -i /opt/docker/hosts
kube_deploy.yml

PLAY [kubernetes]
****************************************************************
****************************************************************
********************

TASK [Gathering Facts]

****************************************************************
****************************************************************
***************
fatal: [172.31.85.40]: UNREACHABLE! => {"changed": false, "msg": "Failed to
connect to the host via ssh: Permission denied (publickey,gssapi-
keyex,gssapi-with-mic,password).", "unreachable": true}

PLAY RECAP
****************************************************************
****************************************************************
***************************
172.31.85.40 : ok=0 changed=0 unreachable=1 failed=0
skipped=0 rescued=0 ignored=0

[ansadmin@Ansible_Server docker]$

[ansadmin@Ansible_Server docker]$ ssh_copy-id 172.31.85.40

-bash: ssh_copy-id: command not found
[ansadmin@Ansible_Server docker]$ ssh-copy-id 172.31.85.40
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed:
"/home/ansadmin/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter
out any that are already installed

/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already

exist on the remote system.
(if you think this is a mistake, you may want to use -f option)

[ansadmin@Ansible_Server docker]$ ansible-playbook -i /opt/docker/hosts

kube_deploy.yml

PLAY [kubernetes]
****************************************************************
****************************************************************
******************

TASK [Gathering Facts]

****************************************************************
****************************************************************
*************
fatal: [172.31.85.40]: UNREACHABLE! => {"changed": false, "msg": "Failed to
connect to the host via ssh: Permission denied (publickey,gssapi-
keyex,gssapi-with-mic,psword).", "unreachable": true}

PLAY RECAP
****************************************************************
****************************************************************
*************************
172.31.85.40 : ok=0 changed=0 unreachable=1 failed=0
skipped=0 rescued=0 ignored=0
[ansadmin@Ansible_Server docker]$ ssh-copy-id 172.31.85.40
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed:
"/home/ansadmin/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter
out any that are already installed

/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already

exist on the remote system.
(if you think this is a mistake, you may want to use -f option)

[ansadmin@Ansible_Server docker]$ ssh-copy-id [email protected]

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed:
"/home/ansadmin/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter
out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are
prompted now it is to install the new keys
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '[email protected]'"

and check to make sure that only the key(s) you wanted were added.

[ansadmin@Ansible_Server docker]$ vi kube_service.yml

[ansadmin@Ansible_Server docker]$ cat kube_deploy.yml
---
- hosts: kubernetes
#become: true
user: root

tasks:
- name: deploy regapp on kubernetes
command: kubectl apply -f regapp-deploy.yml
[ansadmin@Ansible_Server docker]$ cat kube_service.yml
---
- hosts: kubernetes
# become: true
user : root

tasks:
- name: deploy regapp on kubernetes
command: kubectl apply -f regapp-service.yml
[ansadmin@Ansible_Server docker]$ ansible-playbook -i /opt/docker/hosts
kube_service.yml

PLAY [kubernetes]
****************************************************************
****************************************************************
******************

TASK [Gathering Facts]

****************************************************************
****************************************************************
*************
[WARNING]: Platform linux on host 172.31.85.40 is using the discovered
Python interpreter at /usr/bin/python, but future installation of another
Python interpreter
could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_dis
covery.html for more information.
ok: [172.31.85.40]

TASK [deploy regapp on kubernetes]

****************************************************************
****************************************************************
*
changed: [172.31.85.40]

PLAY RECAP
****************************************************************
****************************************************************
*************************
172.31.85.40 : ok=2 changed=1 unreachable=0 failed=0
skipped=0 rescued=0 ignored=0

[ansadmin@Ansible_Server docker]$
 Fig. Ansible Deploy and Service playbook

Create Jenkins Deployment Job for Kubernetes:

Fig. Deploy_on_Kubernetes

[ansadmin@Ansible_Server docker]$ ll
total 28
-rw-rw-r-- 1 ansadmin ansadmin 357 May 13 18:21
create_image_regapp.yml
-rw-rw-r-- 1 ansadmin ansadmin 381 May 14 07:49
docker_deployment_regapp.yml
-rw-rw-r-- 1 ansadmin ansadmin 528 May 13 12:12 Dockerfile
-rw-rw-r-- 1 ansadmin ansadmin 62 May 17 18:42 hosts
-rw-rw-r-- 1 ansadmin ansadmin 154 May 17 19:13 kube_deploy.yml
-rw-rw-r-- 1 ansadmin ansadmin 154 May 17 19:31 kube_service.yml
-rw-rw-r-- 1 ansadmin ansadmin 2913 May 14 08:28 webapp.war
[ansadmin@Ansible_Server docker]$ ansible-playbook -i /opt/docker/hosts
kube_service.yml^C
[ansadmin@Ansible_Server docker]$

[root@EKS_Bootstrap_Server ~]# kubectl get all

Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
NAME READY STATUS RESTARTS AGE
pod/saifshah-regapp-67dc7d6554-9pt6r 1/1 Running 0 13h
pod/saifshah-regapp-67dc7d6554-dhnqk 1/1 Running 0 13h
pod/saifshah-regapp-67dc7d6554-nb9rw 1/1 Running 0 13h

NAME TYPE CLUSTER-IP EXTERNAL-IP

PORT(S) AGE
service/kubernetes ClusterIP 10.100.0.1 <none>
443/TCP 45h
service/saifshah-service LoadBalancer 10.100.36.222
a349ca007bb744309aaffed48b239862-152577359.us-east-
1.elb.amazonaws.com 8080:31709/TCP 14h

NAME READY UP-TO-DATE AVAILABLE AGE

deployment.apps/saifshah-regapp 3/3 3 3 14h

NAME DESIRED CURRENT READY AGE

replicaset.apps/saifshah-regapp-67dc7d6554 3 3 3 14h
[root@EKS_Bootstrap_Server ~]# kubectl delete deployment.apps/saifshah-
regapp
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
deployment.apps "saifshah-regapp" deleted
[root@EKS_Bootstrap_Server ~]# kubectl delete service/saifshah-service
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
service "saifshah-service" deleted

[root@EKS_Bootstrap_Server ~]#
[root@EKS_Bootstrap_Server ~]# clear
[root@EKS_Bootstrap_Server ~]# kubectl get all
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 45h
[root@EKS_Bootstrap_Server ~]# kubectl get all
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
NAME READY STATUS RESTARTS AGE
pod/saifshah-regapp-67dc7d6554-m4ck9 1/1 Running 0 27s
pod/saifshah-regapp-67dc7d6554-rr58w 1/1 Running 0 27s
pod/saifshah-regapp-67dc7d6554-x24cx 1/1 Running 0 27s

NAME TYPE CLUSTER-IP EXTERNAL-IP

PORT(S) AGE
service/kubernetes ClusterIP 10.100.0.1 <none>
443/TCP 45h
service/saifshah-service LoadBalancer 10.100.156.66
a5cc75730006140938846b05fc830300-559804141.us-east-
1.elb.amazonaws.com 8080:30620/TCP 23s

NAME READY UP-TO-DATE AVAILABLE AGE

deployment.apps/saifshah-regapp 3/3 3 3 27s

NAME DESIRED CURRENT READY AGE

replicaset.apps/saifshah-regapp-67dc7d6554 3 3 3 27s
[root@EKS_Bootstrap_Server ~]#
[ansadmin@Ansible_Server docker]$ vi kube_deploy.yml

Fig. Merging Service File & Deployment File

Fig. Exec Command Merge Service File & Deployment File

 Fig. Build Success

Fig. kubectl get all services & deployment .

CI Job to create Image for Kubernetes:

 Fig. Creating CI Job

Fig. Adding Image File

[ansadmin@Ansible_Server docker]$ ll
total 28
-rw-rw-r-- 1 ansadmin ansadmin 357 May 13 18:21 create_image_regapp.yml
-rw-rw-r-- 1 ansadmin ansadmin 381 May 14 07:49
docker_deployment_regapp.yml
-rw-rw-r-- 1 ansadmin ansadmin 528 May 13 12:12 Dockerfile
-rw-rw-r-- 1 ansadmin ansadmin 62 May 17 18:42 hosts
-rw-rw-r-- 1 ansadmin ansadmin 245 May 18 09:48 kube_deploy.yml
-rw-rw-r-- 1 ansadmin ansadmin 154 May 17 19:31 kube_service.yml
-rw-rw-r-- 1 ansadmin ansadmin 2913 May 14 08:28 webapp.war
[ansadmin@Ansible_Server docker]$ cat create_image_regapp.yml
---
- hosts: ansible

tasks:

- name : create docker image

command : docker build -t regapp:latest .
args :
chdir : /opt/docker

- name : create tag to push image on docker hub

command : docker tag regapp:latest saifshah/regapp:latest

- name : push docker image on docker hub

command : docker push saifshah/regapp:latest

[ansadmin@Ansible_Server docker]$ ^C
[ansadmin@Ansible_Server docker]$ docker login
Authenticating with existing credentials...
Login did not succeed, error: Cannot connect to the Docker daemon at
unix:///var/run/docker.sock. Is the docker daemon running?
Login with your Docker ID to push and pull images from Docker Hub. If you
don't have a Docker ID, head over to https://hub.docker.com to create one.
Username (saifshah): saifshah
Password:
WARNING! Your password will be stored unencrypted in
/home/ansadmin/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-
store

Login Succeeded
[ansadmin@Ansible_Server docker]$ docker images
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the
docker daemon running?
[ansadmin@Ansible_Server docker]$ service docker start
Redirecting to /bin/systemctl start docker.service
Failed to start docker.service: The name org.freedesktop.PolicyKit1 was not
provided by any .service files
See system logs and 'systemctl status docker.service' for details.
[ansadmin@Ansible_Server docker]$ docker images
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the
docker daemon running?
[ansadmin@Ansible_Server docker]$ sudo service docker start
Redirecting to /bin/systemctl start docker.service
[ansadmin@Ansible_Server docker]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
saifshah/regapp latest 15574dfecf93 4 days ago 510MB
regapp latest 15574dfecf93 4 days ago 510MB
regapp v1 15574dfecf93 4 days ago 510MB
tomcat latest 6a1271dfce51 6 days ago 680MB
centos latest 5d0da3dc9764 8 months ago 231MB
[ansadmin@Ansible_Server docker]$

Fig. Build Success

 Fig. Image Created on Docker hub

Enable rolling update to create pod from latest docker image:

Fig. Deploying on Kubernetes

Fig. Rolling update for configuration
 Fig. Build Success

Error : Unable to upload Latest Image

[root@EKS_Bootstrap_Server ~]# cd /opt/docker

-bash: cd: /opt/docker: No such file or directory
[root@EKS_Bootstrap_Server ~]# kubectl get all
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
NAME READY STATUS RESTARTS AGE
pod/saifshah-regapp-67dc7d6554-m4ck9 1/1 Running 0 93m
pod/saifshah-regapp-67dc7d6554-rr58w 1/1 Running 0 93m
pod/saifshah-regapp-67dc7d6554-x24cx 1/1 Running 0 93m

NAME TYPE CLUSTER-IP EXTERNAL-IP

PORT(S) AGE
service/kubernetes ClusterIP 10.100.0.1 <none>
443/TCP 46h
service/saifshah-service LoadBalancer 10.100.156.66
a5cc75730006140938846b05fc830300-559804141.us-east-
1.elb.amazonaws.com 8080:30620/TCP 93m

NAME READY UP-TO-DATE AVAILABLE AGE

deployment.apps/saifshah-regapp 3/3 3 3 93m

NAME DESIRED CURRENT READY AGE

replicaset.apps/saifshah-regapp-67dc7d6554 3 3 3 93m
[root@EKS_Bootstrap_Server ~]# ^C
[root@EKS_Bootstrap_Server ~]#

Complete CI and CD job to build and deploy code on Kubernetes:

[ansadmin@Ansible_Server docker]$ ll
total 28
-rw-rw-r-- 1 ansadmin ansadmin 357 May 13 18:21
create_image_regapp.yml
-rw-rw-r-- 1 ansadmin ansadmin 381 May 14 07:49
docker_deployment_regapp.yml
-rw-rw-r-- 1 ansadmin ansadmin 528 May 13 12:12 Dockerfile
-rw-rw-r-- 1 ansadmin ansadmin 62 May 17 18:42 hosts
-rw-rw-r-- 1 ansadmin ansadmin 245 May 18 09:48 kube_deploy.yml
-rw-rw-r-- 1 ansadmin ansadmin 154 May 17 19:31 kube_service.yml
-rw-rw-r-- 1 ansadmin ansadmin 2913 May 18 11:17 webapp.war
[ansadmin@Ansible_Server docker]$ vi kube_deploy.yml
[ansadmin@Ansible_Server docker]$ cat kube_deploy.yml
---
- hosts: kubernetes
#become: true
user: root

tasks:
- name: deploy regapp on kubernetes
command: kubectl apply -f regapp-deploy.yml

- name : create service for regapp

command: kubectl apply -f regapp-service.yml

- name: update deployment with new pods if image updated in docker hub
command: kubectl rollout restart deployment.apps/saifshah-regapp
[ansadmin@Ansible_Server docker]$

Output :
 Fig. Bootstrap Server Running

Fig. Ansible Server Webapp.war time change after success

 Fig. Docker latest Image

Fig. Access to load balancer on port 8080

Cleaning Setup:

[root@EKS_Bootstrap_Server ~]# kubectl delete deployment.apps/saifshah-

regapp
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
deployment.apps "saifshah-regapp" deleted
[root@EKS_Bootstrap_Server ~]# kubectl delete service/saifshah-service
Kubeconfig user entry is using deprecated API version
client.authentication.k8s.io/v1alpha1. Run 'aws eks update-kubeconfig' to
update.
service "saifshah-service" deleted
[root@EKS_Bootstrap_Server ~]#

Deleting Cluster:

eksctl delete cluster saifshah --region us-east-1

 Fig . Cluster Deleted

Fig. Terminates all Instances

Other Courses:

Complete DevOps Course:

Ansible For DevOps Beginners And System Admins:

Git and GitHub For DevOps Engineers:

Linux For DevOps Engineers: