This is where tcp starts. This is where you can stand up a tech challenge platform - create, run and manage services in addition to pipelines and infrastructure for them. Whether you're starting and want to create a stack, or want to manage the services within your stack, you've come to the right place.
tcp-glue
provides:
When you finishing going through the tcp creation process, you'll end up with an app with a front-end, back-end, along with pipelines deploying it into cloud infrastructure.
Follow the process below to get started.
Glue provides enhancements that alleviate pain often experienced when working with multiple repos, including cloning multiple and starting multiple communicating containers together.
- Clone all repositories (in the .repos file). If new ones are added it can be run again:
./git-clone-all
. Get onboarding developers running fast. - Start up multiple services: including core services at once, and specified individual services, all on the same network so they can talk
- Update/pull all repos
See local development instructions for more information.
In this section you will generate new repos with code for the CI/CD and cloud infrastructure. Then, with them configured as you need, you will stand up the infrastructure from the code.
There are some required configurations and setup that must be completed before running the platform.
-
GitHub Access
- Access to GitHub is required
- Membership into the ExcellaCo GitHub Organization is required.
- Please request access via
help@excella.com
- Please request access via
- Membership in the
tcp-all
ExcellaCo GitHub Team is required.- Please request access via Request to Join Button
-
GitHub and MFA
If you have Multi-Factor Authentication (MFA) setup with your GitHub account, you must create a Personal Access Token, and use the generated token as yourpassword
for cloning over SSH. -
AWS Account Access and Credentials
Access to an AWS account is required. Please contacthelp@excella.com
to gain access to the ExcellaLabs account. Regardless of the account, anaccess_key
andsecret_key
are required for programatic access to the environment. -
AWS CLI install and Configuration
Once access to an AWS account is available, as well as anaccess_key
andsecret_key
, the AWS CLI Tool must be installed, and configured by runningaws configure
-
Configure the AWS CLI when using MFA Special consideration is required when your AWS account is protected with a MFA device. To configure the CLI, a
token
is required, which will provide temporary credentials.- If you have
awsmfa
installed:
- Use
awsmfa
command to generate credentials Generate credentials with awsmfa (may need to do this on your own laptop):$ awsmfa 123456
(where 123456 is the current number from your MFA token)
Copy those credentials to the file
~/.aws/credentials
on the computer you're working on. Then set the file permissions so only you can read or write it:chomd go-rwx ~/.aws/credentials
This lets you pass
--aws-profile default
to theecs-cli
command.- If you do NOT have
awsmfa
installed:
- Obtain your MFA ARN through the AWS Console.
- Run the following command:
aws sts get-session-token --serial-number arn-of-the-mfa-device --token-code code-from-token --duration 129600 --output text
- Replace
arn-of-the-mfa-device
with your MFA device ARN. - Replace
code-from-token
with the code provided by your MFA device.
- Replace
- Update your
~/.aws/credentials
file with the information from the previous command so it looks like the following:[default] aws_access_key_id = ASIARKL72BPXXXXXXXXXXXX aws_secret_access_key = LqDp3fFerc6NeDYe2wRXXXXXXXXXX aws_session_token = FQoGZXIvYXdzEM///////////XXXXXXXXXXX
- As an added measure run
export AWS_PROFILE=default
- NOTE: You must use the
~/.aws/credentials
file (as opposed to environment variables or a file in a different location), or later steps will fail - NOTE: the credentials expire after a set time, usually 6 hours. You will need to regenerate them after they expire, or the following commands will not work.
- If you have
-
If you're using xg, download the binary in the repo root from here
Follow the below steps to deploy the following into a clean account. This will be the foundation. Then you will set up Jenkins pipelines to deploy an app into ECS:
- AWS ECS cluster
- Jenkins AMI & instance
- Sonar instance
-
Generate and configure repos (default includes front-end, API, IaC for Jenkins and ECS. If you're feeling bold you can try the experimental approach below this.)
- Clone:
https://github.com/excellaco/tcp-glue
- RUN:
cd tcp-glue
- RUN:
./git-clone-all
[3] - RUN:
./make-netrc && ./propagate-netrc
- Fill out
glue.auto.tfvars
- RUN:
./propagate-glue-auto-tfvars
(this will perform some basic checks on the values you provided) - RUN:
./update-json-file
- This updates the
jenkins/packer/jenkins.json
file with the correct email, region, and source AMI
- This updates the
- (Experimental) To use xg for the above instead, do the following:
- Fill out the
.xg/config-tcp-*.yaml files
. There is one for each service.projectName
will be the name of the respective repo. - RUN:
./xg-go
to clone and configure the repos
- Clone:
-
Create GitHub repos for each of the newly created repos (if you're feeling bold you can try the experimental xg approach below)
- Create repos in Github manually
- Push the newly created local repos to them
- Scripts to automate it (untested, must do it manually if these don't work)
- Update each name in the
.repos
so it has the repo names - Update the remotes for each repo and push by running
./git-set-remotes && ./git-push-all
- (Experimental) Use xg publish instead
-
Build the Jenkins AMI
- cd
jenkins
[5] - RUN:
./go
- Estimated time for completion is:
00:22:30
- Note the username and password for Jenkins, found near the beginning of the output ( if you miss them, they will be available in the ssm_params, see below)
- This step builds the Jenkins AMI; acutally setting up the Jenkins infrastructure stack is a later step
- NOTE: You can allow this process to run in the background, and may continue on to the next steps to save time.
- cd
-
Build the ECS infrastructure via Terraform NOTE: This must complete successfully (cf. "follow progress", below) before Sonar or Jenkins Infrastructure can be run
- RUN:
cd ../tcp-ecs
[3b] - RUN:
docker build -t tcp-ecs:latest -f Docker/Dockerfile .
[3.3]- Ensure current directory is
tcp-ecs
- Estimated time for completion is:
00:02:15
- Ensure current directory is
- RUN:
docker run -it --rm -d --name tcp-ecs -v ~/.aws/credentials:/root/.aws/credentials tcp-ecs:latest
[3.4]- Ensure current directory is
tcp-ecs
- Ensure
~/.aws/credentials
default profile is set (MFA implications) (to check:aws sts get-caller-identity
) - Follow progress with
docker logs tcp-ecs -f
- Estimated time for completion is:
00:12:30
- Ensure current directory is
- Get the SSH key:
This key will allow you to ssh through the bastion host to any of the instances you'll need to connect to. Keep it somewhere secure but accessible.
docker cp tcp-ecs:/tcp-ecs/keys/ssh . mv ssh/*.pub ssh/*.pem .
- RUN:
-
Build the Sonar Infrastructure in ECS via Terraform
cd ../terraform-aws-sonar-ecs-fargate
[4]- RUN:
docker build -t tcp-sonar:latest -f Docker/Dockerfile .
- Ensure current directory is
terraform-aws-sonar-ecs-fargate
- Estimated time for completion is:
00:01:30
- Ensure current directory is
- RUN:
docker run -it --rm -d --name tcp-sonar -v ~/.aws/credentials:/root/.aws/credentials tcp-sonar:latest
- Follow progress with
docker logs tcp-sonar -f
- Estimated time for completion is:
00:03:00
- The "duplicate security group warning" can be ignored.
- Follow progress with
-
Build the Jenkins Infrastructure via Terraform NOTE: The "Build the Jenkins AMI", "Build the ECS Infrastrucutre", and "Build the Sonar Infrastrucutre" steps above must all complete successfully before this step can be run
cd ../terraform-aws-jenkins-stack
- RUN:
docker build -t tcp-jenkins-app:latest -f Docker/Dockerfile .
- Estimated time for completion is:
00:02:00
- Estimated time for completion is:
- RUN:
docker run -it --rm -d --name tcp-jenkins-app -v ~/.aws/credentials:/root/.aws/credentials tcp-jenkins-app:latest
- Estimated time for completion is:
00:05:00
- Note the app_elb_dns output: this is the URI to use for the Jenkins instance
- Wait until the EC2 instance is registered and available through the load balancer. You can determine this by hitting the Jenkins instance in a browser, or by going to the AWS console and viewing the ELB (listed in the
app_elb_id
Terraform output). It should take no more than a few minutes.
- Estimated time for completion is:
- If you want to integrate Slack and Jenkins, please follow these steps
- Steps to setup multibranch pipeline jobs can be found here
We've leveraged SSM parameters to store all vital information, including URIs, and various credentials. If you have a question like "What's the Sonar URL?", or "What's the Jenkins Login/Password?", check the SSM parameters in the AWS account.
Parameters are stored in the form /"project_name"/"env"/"resource"/"attribute"
- The env path is only used when applicable
- In the below references, the Jenkins password for the tst00 project can be found at:
/tst00/jenkins/pass
- In the below references, the Development ECS Cluster ID can be found at:
/tst00/dev/cluser/id
- Navigate to the Jenkins instance as defined in the
sss_parameter
/"project_name"/jenkins/uri (username and password can be found at xxxx/jenkins/user and xxxx/jenkins/pass) - Click on BackEnd -> Java
- Click on "New Item" in the Left Tree
- Enter the job name, and select "Multibranch Pipeline"
- In the "Branch Sources" section select "GitHub"
- Enter the following information and hit save:
- Jobs will automatically start, and the Java application will be deployed.
- Navigate to the Jenkins instance as defined in the
sss_parameter
/"project_name"/jenkins/uri (username and password can be found at xxxx/jenkins/user and xxxx/jenkins/pass) - Click on FrontEnd -> AngularFrontEnd
- Click on "New Item" in the Left Tree
- Enter the job name, and select "Multibranch Pipeline"
- In the "Branch Sources" section select "GitHub"
- Enter the following information and hit save:
- Jobs will automatically start, and the Angular application will be deployed.
Once the application is successfully deployed, you can access the frontend URL via the sss_parameter under /"project_name"/dev/alb/endpoint
- username: user
- password: pass
To destroy the entire stack follow the below steps.
- Go into the
tcp-ecs
directory and run:./go-conatiner-bash
.
You should be in the container's bash. Do the following:
cd terraform-aws-jenkins-stack
./bin/destroy_env
cd ../terraform-aws-sonar-ecs-fargate
./bin/destroy_env
cd ../tcp-ecs
./bin/destroy_env
- Stop all running tcp containers
- Remove any tcp images
Starting up multiple services across repositories that make up an app, in order to build locally, can be a pain. Glue can help you do that and related things more easily. Among other things, you can build and start the UI, API and a containerized Postgres database, and they will be able to talk to each other.
-
Since running multiple continers locally, add more available memory for Docker to handle many services running locally:
Under Docker > Preferences > Advanced
and set the following: Memory: 4 Gb -
Follow any specific setup steps for each conatiner (currently just the JKS setup in https://github.com/excellaco/tcp-java)
-
Build and run the UI, API and database containers locally by running:
./run core
Additional commands:
./run <SERVICE NAME or ALIAS> # Run a single service
./run db # Start just a database
./git-pull-all # Pull against all of the managed repos
docker-compse down # Stop and delete the containers
Note, all of the repos you want to work with should be subdirectories of glue like this:
```
glue
└── repo 1
└── repo 2
...
└── repo x
```