|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: "CCJPE: Jenkins High Availability" |
| 4 | +date: 2016-8-22 12:00:00 -0500 |
| 5 | +categories: Jenkins |
| 6 | +permalink: lessons/jenkins-ha |
| 7 | +excerpt: "Learn how to set up Jenkins HA!" |
| 8 | +weight: 11 |
| 9 | +image: 'jenkinscourse.png' |
| 10 | +difficulty: hard |
| 11 | + |
| 12 | +--- |
| 13 | +{% include youtube.html id="zHavme2iaFA" %} |
| 14 | +{% include hired3.html %} |
| 15 | + |
| 16 | +1. Table of Contents |
| 17 | +{:title="Table of Contents"} |
| 18 | +{:toc} |
| 19 | + |
| 20 | +Introduction |
| 21 | +------------ |
| 22 | +Welcome to the DevOps Library! This is Samantha, and today we're going to set |
| 23 | +up the Enterprise edition of Jenkins! Up until now, we've only been using the |
| 24 | +open-source version, but for the rest of this course, we'll mainly be focusing |
| 25 | +on enterprise functionality. |
| 26 | + |
| 27 | +Additionally, we're going to set up Jenkins the RIGHT way, in full HA mode, |
| 28 | +with two masters sitting behind a load balancer. |
| 29 | + |
| 30 | +Before we begin, we'd like to give a quick shout out to |
| 31 | +[Hired.com](http://www.hired.com/devopslibrary) for being kind enough to sponsor |
| 32 | +our Jenkins course. If you aren’t familiar with Hired, it’s a great company that |
| 33 | +completely reverses the traditional job search, by having companies apply to |
| 34 | +you, instead of you always doing the tedious work of applying. |
| 35 | + |
| 36 | +Thousands of companies look to Hired to connect with the best of the best in our |
| 37 | +field, like you! OH. And if you do end up signing up through our [personal link](http://www.hired.com/devopslibrary), and landing a new job, Hired will give you a 2k bonus for being a loyal |
| 38 | +supporter of the DevOps Library! |
| 39 | + |
| 40 | +Getting Started |
| 41 | +--------------- |
| 42 | +Alright, let’s go ahead and get started. First, we're going to spin up two |
| 43 | +Ubuntu 14.04 instances on AWS. We recommend spinning them up in two different |
| 44 | +availability zones, that way Jenkins can survive an entire Amazon zone being |
| 45 | +unavailable. |
| 46 | + |
| 47 | +To speed up the process, we have two cloud config files that you can use below, |
| 48 | +the only difference between them is the hostname. |
| 49 | + |
| 50 | +[https://www.devopslibrary.com/scripts/jenkins01.yaml](https://www.devopslibrary.com/scripts/jenkins01.yaml) |
| 51 | +[https://www.devopslibrary.com/scripts/jenkins02.yaml](https://www.devopslibrary.com/scripts/jenkins02.yaml) |
| 52 | + |
| 53 | +``` yaml |
| 54 | +#cloud-config |
| 55 | +hostname: jenkins01 |
| 56 | +fqdn: jenkins01 |
| 57 | +manage_etc_hosts: true |
| 58 | +runcmd: |
| 59 | + - add-apt-repository ppa:webupd8team/java -y |
| 60 | + - echo 'deb http://nectar-downloads.cloudbees.com/nectar/debian binary/' >> /etc/apt/sources.list |
| 61 | + - echo debconf shared/accepted-oracle-license-v1-1 select true | debconf-set-selections |
| 62 | + - echo debconf shared/accepted-oracle-license-v1-1 seen true | debconf-set-selections |
| 63 | + - wget -q -O - http://nectar-downloads.cloudbees.com/nectar/debian/cloudbees.com.key | sudo apt-key add - |
| 64 | + - apt-get update |
| 65 | + - apt-get install oracle-java8-installer nfs-common -y |
| 66 | +``` |
| 67 | +
|
| 68 | +Configuration |
| 69 | +------------- |
| 70 | +If you'd prefer to configure both instances manually, the only thing we're doing |
| 71 | +in the cloud config is installing Java 8, NFS support, and adding the Jenkins |
| 72 | +enterprise repositories. Make sure you don't install Jenkins yet as we do need |
| 73 | +to configure shared storage. |
| 74 | +
|
| 75 | +Jenkins High Availability requires that both masters share an identical |
| 76 | +"$JENKINS_HOME" folder. Technically that means that you could MacGyver |
| 77 | +something using rsync or some other method, but we HIGHLY recommend using shared |
| 78 | +storage. |
| 79 | +
|
| 80 | +Setting up Shared Storage |
| 81 | +------------------------- |
| 82 | +For us, since we're on AWS, we'll use Amazon's EFS service to create a new NFS |
| 83 | +shared file system. We do need to make sure we have the right availability |
| 84 | +zones and security groups selected, but overall it's very easy to set up. |
| 85 | +
|
| 86 | +After the EFS share comes up, click the "DNS Names" link. You should see a DNS |
| 87 | +entry for each availability zone, be sure to note them down, as we'll use them |
| 88 | +to mount the storage to our instances. |
| 89 | +
|
| 90 | +Alright, let's go ahead and SSH into both Jenkins VMs. |
| 91 | +
|
| 92 | +Next, run: |
| 93 | +
|
| 94 | +``` bash |
| 95 | +mkdir /var/lib/jenkins |
| 96 | +``` |
| 97 | + |
| 98 | +That will create a directory for our Jenkins home. Next, open up your |
| 99 | +`/etc/fstab` file and add the following line: |
| 100 | + |
| 101 | +``` bash |
| 102 | +us-yourRegion-URL-thing.amazonaws.com:/ /var/lib/jenkins nfs4 rw,hard,intr 0 2 |
| 103 | +``` |
| 104 | + |
| 105 | +This is the line where we'll need to make sure we use the right DNS name for |
| 106 | +each zone, but other than it's pretty easy. Alright, go ahead and save the |
| 107 | +file, then run "mount -a" to mount the storage, or you can just restart the |
| 108 | +instance. |
| 109 | + |
| 110 | +You can also run `df -h` if you'd like to double check that the NFS share |
| 111 | +mounted correctly. If it is, you'll see it listed like we do here. |
| 112 | + |
| 113 | +Installing Cloudbees Jenkins Platform |
| 114 | +------------------------------------- |
| 115 | +Ok, at this point, make sure you've got our NFS share mounted on both instances, |
| 116 | +then run an `apt-get install jenkins` on **jenkins01**. Once the install |
| 117 | +completes, you can access the Jenkins web UI on port 8080. |
| 118 | + |
| 119 | +Since this is the enterprise version of Jenkins, you will need to request a |
| 120 | +trial license before you can do anything else. After you complete the |
| 121 | +registration, go ahead and do a Jenkins install on the second AWS instance. |
| 122 | + |
| 123 | +Jenkins High Availability Overview |
| 124 | +---------------------------------- |
| 125 | +While that's installing, let's talk a little more in depth about what Jenkins |
| 126 | +High Availability is, and what it is not. Essentially, the Enterprise Jenkins |
| 127 | +HA plugin uses Jgroups to configure active/passive high availability when it |
| 128 | +detects that two masters are sharing the same Jenkins home. |
| 129 | + |
| 130 | +Because we installed Jenkins on the **Jenkins01** instance first, it'll start |
| 131 | +out as our "primary" instance. |
| 132 | + |
| 133 | +If you try to access **Jenkins02** on port 8080 on the other hand, you'll see a |
| 134 | +message letting you know that the node is standing by in case the primary |
| 135 | +instance fails. Effectively, a Jenkins fail-over results in the shutting down |
| 136 | +of the current Jenkins master, followed by it starting up on a second server. |
| 137 | + |
| 138 | +Failover Overview |
| 139 | +----------------- |
| 140 | +Because both masters share the same *$JENKINS_HOME*, a failover has the |
| 141 | +following characteristics. Tje following will all survive a failover event: |
| 142 | + |
| 143 | +* Jenkins Settings |
| 144 | +* Configuration of Jobs & Users |
| 145 | +* Fingerprints |
| 146 | +* Records of Builds |
| 147 | +* Artifacts |
| 148 | +* Test Reports |
| 149 | + |
| 150 | +However, by default, any builds that were in-progress won't survive. Don't worry-- |
| 151 | +Cloudbees has released two plugins to address this issue. The [Restart Aborted Builds](https://www.cloudbees.com/products/cloudbees-jenkins-platform/enterprise-edition/features/restart-aborted-builds-plugin) plugin makes it easy to kick off any jobs that were |
| 152 | +running during a restart or failover event. |
| 153 | + |
| 154 | +Or, by using the [Long-Running Build](https://www.cloudbees.com/products/cloudbees-jenkins-platform/enterprise-edition/features/long-running-build-plugin) plugin, you can create jobs that survive master restarts, although |
| 155 | +you'll have to change your jobs project type from FreeStyle to "Long Running |
| 156 | +Projects". |
| 157 | + |
| 158 | +HA Health Checks |
| 159 | +---------------- |
| 160 | +Alright, at this point, you should have two masters configured. Visit both of |
| 161 | +the Jenkins master URLs in your web browser, followed by **/ha/health-check**. |
| 162 | + |
| 163 | +**Jenkins01** should return *Running as primary*, and **Jenkins02** should |
| 164 | +return *Running as standby*. Excellent job!! If we were to shut down or have |
| 165 | +**Jenkins01** crash, **Jenkins02** would automatically take its place as primary. |
| 166 | +The problem though is that our users would still have to change URLs after any |
| 167 | +failover. That's why we still have one final step; we need to set up a load |
| 168 | +balancer! |
| 169 | + |
| 170 | +Setting up a Load Balancer |
| 171 | +-------------------------- |
| 172 | +If you're not using AWS, your best bet is probably going to be something like |
| 173 | +[HAproxy](http://www.haproxy.org/), or even an [F5](https://f5.com/products/big-ip) |
| 174 | +if you have the budget. Thankfully for us, we can quickly set up an [Amazon ELB](https://aws.amazon.com/elasticloadbalancing/), or "Elastic Load Balancer". |
| 175 | +Let's go ahead and do that now. |
| 176 | + |
| 177 | +On your AWS console, click "Load Balancers", then "Create Load Balancer". |
| 178 | +Select "Classic Load Balancer", as we'll need to route both HTTP for the web |
| 179 | +interface, as well as a TCP port for JNLP. |
| 180 | + |
| 181 | +Feel free to name the balancer whatever you'd like, then use port 80 for the |
| 182 | +listener port, and port 8080 on the instances. That way any traffic that comes |
| 183 | +in on port 80 to the load balancer will automatically be redirected to port 80 |
| 184 | +on the primary instance. You'll also want to add a TCP port for JNLP. |
| 185 | +We like to use 10001, but it doesn't matter what you use as long as it matches |
| 186 | +what you configure under your Global Security settings. |
| 187 | + |
| 188 | +Configure ELB Health Check |
| 189 | +-------------------------- |
| 190 | +Next, after you select a security group, we need to set up a health check. |
| 191 | +This is how Amazon determines to which instance traffic should flow. Remember |
| 192 | +that **/ha/health-check** URL we went to earlier? Use that for the ping path. |
| 193 | +That way, the only instance that AWS will see as healthy is the one currently |
| 194 | +running as primary. |
| 195 | + |
| 196 | +You'll also want to lower the response timeout, interval, and healthy threshold. |
| 197 | +If you copy the settings we have here, and the primary master goes down, you |
| 198 | +should only experience a minute or two of downtime in the event of a failover, |
| 199 | +give or take depending on how many plugins and jobs you're using. |
| 200 | + |
| 201 | +Alright, add the two instances, then finish creating the load balancer. |
| 202 | +Within a few minutes, the status of the load balancer should show one of two |
| 203 | +instances as healthy. Once you see that, go ahead and pull up the load balancer |
| 204 | +DNS name up in your browser. |
| 205 | + |
| 206 | +There we go!!! Great job!! You've successfully set up the Cloudbees Enterprise |
| 207 | +Jenkins platform, and not only that, we're running it in full high availability |
| 208 | +mode!!! Aside from a few performance and security tweaks, these guys are ready |
| 209 | +for production use!! Right now we should be running off of **Jenkins01**. |
| 210 | + |
| 211 | +Testing Failover |
| 212 | +---------------- |
| 213 | +If you'd like to test a failover, go ahead and crash that VM or power it off, |
| 214 | +then refresh the URL to our load balancer. Within a few minutes, the secondary |
| 215 | +master should automatically take over as the primary, and our ELB will now point |
| 216 | +us to the new master. There we go!! Cool huh? You've done a fantastic job in |
| 217 | +this episode, thank you for watching! |
| 218 | + |
| 219 | +Conclusion & Shoutout |
| 220 | +--------------------------------- |
| 221 | +We'd like to give another special shout out to [Hired.com](http://www.hired.com/devopslibrary) for |
| 222 | +sponsoring this course. If you're into DevOps, there's a pretty good chance |
| 223 | +you've had to deal with pushy recruiters and countless emails, as well as spent |
| 224 | +many hours searching for DevOps opportunities. |
| 225 | + |
| 226 | +The reason we love using [Hired.com](http://www.hired.com/devopslibrary) is that |
| 227 | +it completely reverses this situation and puts the power back in your hands, by |
| 228 | +having companies send you interview requests that you can choose to pursue. |
| 229 | +(They even come with upfront salary and equity!) |
| 230 | + |
| 231 | +By having you fill out information that is specific to what you’re looking for |
| 232 | +and your individual strengths and talents, it ensures that the only companies |
| 233 | +you'll hear from will be a great fit for you. Plus, Hired is entirely free, and |
| 234 | +they’ll even give you a $2,000 bonus after you land a job, using our DevOps |
| 235 | +Library link! |
| 236 | + |
| 237 | +We highly recommend giving them a shot, they do a fantastic job, especially for |
| 238 | +the DevOps community. |
| 239 | + |
| 240 | +Thanks for Watching! |
| 241 | +-------------------- |
| 242 | +[Subscribe to our YouTube channel](https://www.youtube.com/channel/UCOnioSzUZS-ZqsRnf38V2nA?sub_confirmation=1) or follow [DevOpsLibrary on Twitter](https://twitter.com/intent/user?screen_name=devopslibrary). |
| 243 | + |
| 244 | +{% include subscribe.html %} |
0 commit comments