08. 07. 2019 Andrea Avancini Business Service Monitoring, NetEye

ISO Generation with Ansible – Part 2

As mentioned in the previous post of this series, at Würth Phoenix we build our NetEye ISOs from scratch every night to be sure that every morning everything will be fresh.
To perform this activity with no manual intervention in a robust, repeatable, and reliable way, the R&D team uses Jenkins, a well known open source tool and also one of the cornerstones of our Continuous Integration process.

To automate the build process of our ISO, we implemented a Jenkins pipeline that is responsible for creating, testing and deploying the ISO as depicted in the following screenshot. I will describe the main stages of the pipeline in the following sections.

overview of the Jenkins pipeline

Creating the ISO

Problem: How can we automatically build a NetEye ISO?

Our workhorse for the ISO creation is Ansible. In fact, our ISO builder is an Ansible playbook that calls several Ansible roles.

One might wonder: Why Ansible? Yes, Ansible is open source, extendable, well documented, both in terms of official documentation and online resources, and with a large community of users and contributors.

But, is Ansible able to give the user the flexibility to implement a task like creating an ISO?

The answer is yes. And the proof is that we are able to build our NetEye ISO daily with zero hassle.

The Ansible playbook is invoked by Jenkins any time a build of an ISO is required. If we modify the playbook source code, Jenkins is also responsible for running our Molecule test suite in order to verify the correctness of our Ansible code.

So let’s assume we didn’t break anything with our last Ansible commit: then Jenkins can start the build of the ISO by actually calling our Ansible code. The creation stage produces the .iso file, but we still have to verify if that ISO can pass our quality check.

Testing the ISO

Problem: How can we automatically create a virtual machine, mount the ISO on it, verify that the installation of NetEye worked, and that NetEye itself works, all from Jenkins?

Testing the ISO means verifying that:

  • The NetEye installation process completed without errors
  • The NetEye installed from the ISO works as expected

While digging around to find some tool that could do what needed, we came across Packer, an open source tool for creating machine images for various platforms, starting from a single configuration file (see the example below). We easily integrated it into our Jenkins pipeline.

With Packer, we automatically create a virtual machine that is based on the NetEye ISO we want to test. If VM creation is successful, meaning that the installation process of NetEye completed without errors, Packer runs our end2end test suite to verify that the version of NetEye just installed on this VM is working as expected. Below you can see a part of our configuration file for Packer.

{
  "provisioners": [
    {
      "type": "ansible",
      "playbook_file": "provisioners/ansible/setup_neteye.yml"
    },
    {
      "type": "shell",
      "script": "provisioners/scripts/run_tests.sh"
    }
  ],
  "builders": [{
     ...
    "iso_url": "/tmp/neteye4.6-centos7.stable.iso",
    ...,
    "disk_size": "{{user `disk_size`}}",
    "headless": "{{user `headless`}}",
    "http_directory": "http",
    "boot_wait": "5s",
    "boot_command": [
      "<enter>"
    ],
    ...
    "ssh_timeout": "{{user `ssh_timeout`}}",
    ...
  }],
 "variables": {
   "cpus": "<num-cpus>",
   "disk_size": "<disk-size>",
   "headless": "true",
   "memory": "<memory>"
 }
}

If Packer says everything is fine, the Jenkins pipeline proceeds to the deployment stage.

Deployment of the ISO

Having reached this point in our Jenkins pipeline, we know for sure that our new ISO has passed our quality checks and thus can be deployed to be used internally and also externally by our customers. But there is no magic here. With Jenkins, we just upload the ISO on our servers, ready to be downloaded by our customers.

Andrea Avancini

Andrea Avancini

DevOps Engineer at Würth Phoenix
Loving understanding of how things work, how things can be automated, and how to apply new technologies when needed. Passionate about technology, open-source software, and security. I found Würth Phoenix the right place for this. In the past, I co-founded a cybersecurity startup that produces security solutions for mobile apps and blockchain. Previously, I worked as researcher at Fondazione Bruno Kessler of Trento. My research was mainly focused on web and mobile app security and testing. I got my PhD in Computer Science at the University of Trento.

Author

Andrea Avancini

Loving understanding of how things work, how things can be automated, and how to apply new technologies when needed. Passionate about technology, open-source software, and security. I found Würth Phoenix the right place for this. In the past, I co-founded a cybersecurity startup that produces security solutions for mobile apps and blockchain. Previously, I worked as researcher at Fondazione Bruno Kessler of Trento. My research was mainly focused on web and mobile app security and testing. I got my PhD in Computer Science at the University of Trento.

Latest posts by Andrea Avancini

05. 11. 2021 Bug Fixes, NetEye
Bug Fixes for NetEye 4.20
01. 11. 2021 Bug Fixes, NetEye
Bug Fixes for NetEye 4.20
26. 10. 2021 Bug Fixes, NetEye
Bug Fixes for NetEye 4.20
18. 10. 2021 NetEye
New Feature for NetEye 4.20
01. 10. 2021 Business Service Monitoring, NetEye
Hosts and NetEye Upgrade
See All

Related Content

Tags: , , , ,

19. 09. 2024 Development, DevOps

Ansible Development, Part 1.5: Building an Execution Environment in a Pipeline (CI/CD)

Hello everyone, I’m back to discuss Ansible and Ansible Execution Environments. In my previous blog, we talked about why and how execution environments are critical for a successful Ansible implementation. I hope my guide was easy to follow, but as Read More
11. 09. 2024 Contribution, Development, DevOps

Ansible Development, Part 1: Building an Execution Environment

Right now, at Würth Phoenix, we are investing in automating most of our operations using Ansible. You're probably already familiar with what Ansible does, but to summarize, Ansible is an open-source, command-line IT automation application written in Python. I've talked Read More
30. 07. 2024 DevOps

Terraform Integration with Ansible

In this blog post we'll try a tool that's new to me, called Terraform, and see how easy it is to integrate it with Ansible starting with no knowledge of Terraform. Terraform is a tool that allows you to automate Read More
29. 07. 2024 DevOps

include_task vs import_task in Ansible

After updating one of our machines, we found that some of our Ansible playbooks were failing with the following error: ERROR! [DEPRECATED]: ansible.builtin.include has been removed. Use include_tasks or import_tasks instead. This feature was removed from ansible-core in a release Read More
31. 12. 2023 Development, DevOps, NetEye

Speeding up the NetEye CI Testing Phase

Over the course of the last few years, we've introduced more and more features in NetEye 4. This fact has had a side effect that's not directly visible to customers, namely that we keep adding more and more tests to Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive