RedHatTraining/rht-labs-docs.git

Ravi Srinivasan

2019-03-25 5fba8f77f8a17c3e96d90141db73e9775da1fc32

commit \| author \| age
b586be	1	# An Enslaved Hope
5a16fd	2
5e7a31	3	> In this exercise we'll break free from the chains of point'n'click Jenkins by introducing pipeline as code in the form of `Jenkinsfile`. Following this we will introduce some new Jenkins slaves that will be used in later exercises.
b586be	4
8e69d4	5	<!-- ![jenkins-fail-meme](../images/exercise4/jenkins-fail-meme.jpeg) -->
d03287	6
b586be	7	There are a number of ways pipeline as code can be achieved in Jenkins.
8e69d4	8
5e7a31	9	* The Job DSL Plugin - this is a slightly older but very functional DSL mechanism to create reusable pipelines. Create a `groovy` file to run Jenkins Domain Specific Language to create jobs, functions and other items. In Jenkins; you then can execute this file which will build all of the config.xml files needed for each Job.
8e69d4	10
a9efee	11	* The Scripted Pipeline - The scripted pipeline introduced the Jenkinsfile and the ability for developers to write their Jenkins setup as groovy code. A repo with a Jenkinsfile in its root can be pointed to by Jenkins and it will automatically build out each of the stages described within. The scripted pipeline is ultimately Groovy at its core.
8e69d4	12
d43408	13	* The Declarative Pipeline - This approach looks to simplify and opinionate what you can do and when you can do it in a pipeline. It does this by giving you top level `block` which define sections, directives and steps. The declarative syntax is not run as groovy but you can execute groovy inside script blocks. The advantage of it over scripted is validation of the config and lighter approach with requirement to understand all of the `groovy` syntax
b586be	14
5a16fd	15	_____
D	16
	17	## Learning Outcomes
	18	As a learner you will be able to
5e7a31	19	- Use a Jenkinsfile to create a declarative pipeline to build, bake and deploy the Todolist App
CM	20	- Identify the differences between scripted, declarative and DSL pipelines
867471	21	- Create Jenkins slave nodes for use in builds in future exercises
5a16fd	22
D	23	## Tools and Frameworks
8e69d4	24	<!-- > Name of tool - short description and link to docs or website -->
5a16fd	25
8e69d4	26	1. [Jenkins Pipeline](https://jenkins.io/doc/book/pipeline/) - Overview of the Jenkinsfile approach
b586be	27	1. [Pipeline Syntax](https://jenkins.io/doc/book/pipeline/syntax/) - Documentation for the declarative pipeline
D	28	1. [Groovy](http://groovy-lang.org/) - Groovy is a powerful, optionally typed and dynamic language, with static-typing and static compilation capabilities, for the Java platform aimed at improving developer productivity thanks to a concise, familiar and easy to learn syntax. It integrates smoothly with any Java program, and immediately delivers to your application powerful features, including scripting capabilities, Domain-Specific Language authoring, runtime and compile-time meta-programming and functional programming.
3fdb03	29	1. [Zed Attack Proxy](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
D	30	1. [Arachni Crawler](http://www.arachni-scanner.com/) - Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform. In addition, its simple REST API makes integration a cinch.
5a16fd	31
D	32	## Big Picture
1a8071	33	> From the previous exercise; we gated our pipeline. Now we will add a pipeline-as-code in the form of the Jenkinfile and re-use it on the Backend too.
D	34
8e69d4	35	![big-picture](../images/big-picture/big-picture-4.jpg)
5a16fd	36
D	37	_____
	38
8e69d4	39	<!-- ## 10,000 Ft View
867471	40	> The goal of this exercise is to move to using the Jenkinsfile in the todolist-api and todolist-fe projects. Additionally we will create new slaves for use in the next exercise.
5a16fd	41
853f0c	42	2. On Jenkins; create a multibranch pipeline project to scan the GitLab endpoint for each app. Use the Jenkinsfile provided to run the stages. Replace `<YOUR_NAME>` with the appropriate variable.
5a16fd	43
8e69d4	44	2. Create two new Jenkins slaves for the `OWASP ZAP` scanner and the `Arachni` WebCrawler -->
5a16fd	45
D	46	## Step by Step Instructions
8e69d4	47	<!-- > This is a fairly structured guide with references to exact filenames and sections of text to be added. -->
5a16fd	48
b586be	49	### Part 1 - The Jenkinsfile
e37e66	50	> _In this exercise we'll replace the Pipeline we created in the previous exercise with a Jenkinsfile approach_
5a16fd	51
e37e66	52	1. On your terminal navigate to your `todolist-api` project and checkout the pipeline feature branch that's been already created for you.
RS	53	```bash
	54	cd todolist-api
	55	```
b586be	56	```bash
58480f	57	git checkout feature/jenkinsfile
5a16fd	58	```
D	59
5e7a31	60	2. Open up your `todolist-api` application in your favourite editor and move to the `Jenkinsfile` in the root of the project. The high-level structure of the file is shown collapsed below.
b586be	61	![pipeline-overview](../images/exercise4/pipeline-overview.png)
D	62	Some of the key things to note:
5e7a31	63	* `pipeline {}` is how all declarative Jenkins pipelines begin.
498e55	64	* `environment {}` defines environment variables to be used across all build stages
A	65	* `options {}` contains specific Job specs you want to run globally across the jobs e.g. setting the terminal colour
	66	* `stage {}` all jobs must have one stage. This is the logical part of the build that will be executed e.g. `bake-image`
b586be	67	* `steps {}` each `stage` has one or more steps involved. These could be execute shell or git checkout etc.
5e7a31	68	* `agent {}` specifies the node the build should be run on e.g. `jenkins-slave-npm`
853f0c	69	* `post {}` hook is used to specify the post-build-actions. Jenkins declarative pipeline syntax provides very useful callbacks for `success`, `failure` and `always` which are useful for controlling the job flow
W	70	* `when {}` is used for flow control. It can be used at the stage level and be used to stop pipeline entering that stage. e.g. when branch is master; deploy to `test` environment.
b586be	71
e37e66	72	3. The Jenkinsfile is mostly complete to do all the testing etc that was done in previous exercises. Some minor changes will be needed to orchestrate namespaces. Find and replace all instances of `<YOUR_NAME>` in the Jenkinsfile. Update the `<GIT_USERNAME>` to the one you login to the cluster with; this variable is used in the namespace of your git projects when checking out code etc. Ensure the `GITLAB_DOMAIN` matches your git host.
b586be	73	```groovy
D	74	environment {
	75	// GLobal Vars
d43408	76	PIPELINES_NAMESPACE = "<YOUR_NAME>-ci-cd"
b586be	77	APP_NAME = "todolist-api"
D	78
	79	JENKINS_TAG = "${JOB_NAME}.${BUILD_NUMBER}".replace("/", "-")
	80	JOB_NAME = "${JOB_NAME}".replace("/", "-")
	81
	82	GIT_SSL_NO_VERIFY = true
	83	GIT_CREDENTIALS = credentials('jenkins-git-creds')
6c5da4	84	GITLAB_DOMAIN = "gitlab.<APPS_URL>"
5965fd	85	GITLAB_PROJECT = "<GIT_USERNAME>"
b586be	86	}
D	87	```
	88
e37e66	89	4. With these changes in place, push your changes to the `feature/jenkinsfile` branch.
b586be	90	```bash
58480f	91	git add Jenkinsfile
D	92	```
	93	```bash
	94	git commit -m "ADD - namespace and git repo to pipeline"
	95	```
	96	```bash
	97	git push
b586be	98	```
D	99
e37e66	100	5. When the changes have been successfully pushed; Open Jenkins.
b586be	101
e37e66	102	6. Create a `New Item` on Jenkins. Give it the name `todolist-api` and select `Multibranch Pipeline` from the bottom of the list as the job type.
b586be	103	![multibranch-select](../images/exercise4/multibranch-select.png)
D	104
e37e66	105	7. On the job's configure page; set the Branch Sources to `git`
b586be	106	![multibranch-select-git](../images/exercise4/multibranch-select-git.png)
D	107
e37e66	108	8. Fill in the Git settings with your `todolist-api` GitLab url and set the credentials as you've done before. `https://gitlab.<APPS_URL>/<YOUR_NAME>/todolist-api.git`
b586be	109	![multibranch-git](../images/exercise4/multibranch-git.png)
D	110
e37e66	111	9. Set the `Scan Multibranch Pipeline Triggers` to be periodic and the interval to 1 minute. This will poll the GitLab instance for new branches or change sets to build.
b586be	112	![multibranch-scan-time](../images/exercise4/multibranch-scan-time.png)
D	113
e37e66	114	10. Save the Job configuration to run the intial scan. The log will show scans for `master` and `develop` branches, which have no `Jenkinsfile` so are skipped. The resulting view will show the `feature/jenkinsfile` job corresponding the only branch that currently has one. The build should run automatically.
b586be	115	![todolist-api-multi](../images/exercise4/todolist-api-multi.png)
D	116
e37e66	117	11. The pipeline file is setup to only run `bake` & `deploy` stages when on `master` or `develop` branch. This is to provide us with very fast feedback for team members working on feature or bug fix branches. Each time someone commits or creates a new branch a basic build with testing occurs to give very rapid feedback to the team. Let's now update our `master` and `develop` branches to include the Jenkinsfile and delete the feature branch.
b586be	118	```bash
58480f	119	git checkout develop
D	120	```
	121	```bash
	122	git merge feature/jenkinsfile
abb5b1	123	# you may get merge conflicts at this point
58480f	124	```
e37e66	125	> NOTE: You may see a number of merge conflict warnings at this point. You can safely ignore them and proceed to commit the changes.
RS	126
58480f	127	```bash
D	128	git add .
	129	```
	130	```bash
	131	git commit -m "Jenkinsfile updates"
	132	```
	133	```bash
	134	git checkout master
	135	```
	136	```bash
	137	git merge develop
	138	```
	139	```bash
	140	git push -u origin --all
	141	```
	142	```bash
b586be	143	# this is to delete the branch from the remote
58480f	144	git push origin :feature/jenkinsfile
b586be	145	```
D	146
e37e66	147	12. Back on Jenkins we should see our `todolist-api` pipelines have changed with the `develop` and `master` now appearing. The `feature/jenkinsfile` branch was deleted so this job will go away after some time.
b586be	148	![todolist-api-multi-dev-test](../images/exercise4/todolist-api-multi-dev-test.png)
D	149
e37e66	150	13. With the builds running for `develop` and `master` we can explore the Blue Ocean View for Jenkins. On the Job overview page, hit the `Open Blue Ocean` button on the side to see what modern Jenkins looks like.
b586be	151	![blue-ocean-todolist-api](../images/exercise4/blue-ocean-todolist-api.png)
e37e66	152	<!-- ![open-blue-ocean](../images/exercise4/open-blue-ocean.png) -->
b586be	153
e37e66	154	14. We can move on to the `todolist-fe` job. The process is the same as before, checkout the feature branch
b586be	155	```bash
58480f	156	cd todolist-fe
D	157	```
	158	```bash
	159	git checkout feature/jenkinsfile
b586be	160	```
D	161
e37e66	162	15. Open up your `todolist-fe` application in your favourite editor and move to the `Jenkinsfile` in the root of the project. Update all `<YOUR_NAME>` and `<GIT_USERNAME>` as you did before, including in the prepare environment steps. Check the `GITLAB_DOMAIN` is set too.
b586be	163
e37e66	164	<!-- ![jenkinsfile-prep](../images/exercise4/jenkinsfile-prep.png) -->
RS	165
	166	16. Commit your changes to your feature branch as you did previously.
b586be	167	```bash
58480f	168	git add Jenkinsfile
D	169	```
	170	```bash
	171	git commit -m "ADD - namespace and git repo to pipeline"
	172	```
	173	```bash
	174	git push
b586be	175	```
D	176
e37e66	177	17. This time update your `master` and `develop` branches before creating config in Jenkins
b586be	178	```
58480f	179	git checkout develop
D	180	```
	181	```bash
	182	git merge feature/jenkinsfile
abb5b1	183	# you may get merge conflicts at this point
58480f	184	```
D	185	```bash
	186	git add .
	187	```
	188	```bash
	189	git commit -m "Jenkinsfile updates"
	190	```
	191	```bash
	192	git checkout master
	193	```
	194	```bash
	195	git merge develop
	196	```
	197	```bash
abb5b1	198	# this is to delete the branch from the remote
58480f	199	git push origin :feature/jenkinsfile
D	200	```
	201	```bash
	202	git push -u origin --all
b586be	203	```
D	204
e37e66	205	18. On Jenkins; create a new `Multibranch Pipeline` job called `todolist-fe`.
b586be	206
e37e66	207	19. Add the `todolist-fe` git repository and set the credentials for git accordingly.
b586be	208
e37e66	209	20. Set the trigger to scan every minute as done previously. Save the configuration and we should see the collection of Jobs as shown below.
b586be	210	![todolist-fe-multi](../images/exercise4/todolist-fe-multi.png)
D	211
e37e66	212	> NOTE: If the `feature/jenkinsfile` job is running, you can stop it to speed up the job execution for the `master` and `develop` branches.
RS	213
	214	21. Run the jobs and validate the app is working as expected in the `test` environment!
abb5b1	215	![todolist-test](../images/exercise4/todolist-test.png)
40c2e4	216
D	217	### Part 2 - OCP Pipeline
	218	> _This exercise adds a new BuildConfig to our cluster for the todolist-apps to run their pipelines in OpenShift using the OpenShift Jenkins Sync Plugin. We will use the OpenShift Applier to create the content in the cluster_
	219
e37e66	220	1. For the rest of the lab, ensure that you are working from the `master` branch
RS	221	```bash
1b0abc	222	cd todolist-fe
e37e66	223	git checkout master
RS	224	```
	225
17cc59	226	2. Open the `todolist-fe` app in your favourite editor. Move to the `.openshift-applier` directory. Explore the `template/ocp-pipeline`. This template creates a BuildConfig for OpenShift with a Jenkinsfile from a given repo. In this case; it will be the `Jenkinsfile` at the root of our application.
40c2e4	227
e37e66	228	3. Open the `params/ocp-pipeline` file and update `PIPELINE_SOURCE_REPOSITORY_URL` with the git url of your project (Don't forget to add the `.git` at the end). For example:
40c2e4	229	```
6c5da4	230	PIPELINE_SOURCE_REPOSITORY_URL=https://gitlab.<APPS_URL>/<GIT_USERNAME>/todolist-fe.git
40c2e4	231	PIPELINE_SOURCE_REPOSITORY_REF=develop
D	232	NAME=todolist-fe
	233	```
	234
e37e66	235	4. Create a new object in `inventory/group_vars/all.yml` to drive the `ocp-pipeline` template with the parameters file you've just created. It can be put under the existing `todolist-fe-build` object.
40c2e4	236	```yaml
1b0abc	237	- name: todolist-fe-pipeline
40c2e4	238	template: "{{ playbook_dir }}/templates/ocp-pipeline.yml"
D	239	params: "{{ playbook_dir }}/params/ocp-pipeline"
	240	namespace: "{{ ci_cd_namespace }}"
	241	tags:
	242	- pipeline
	243	```
	244	![ocp-pipeline-applier](../images/exercise4/ocp-pipeline-applier.png)
	245
e37e66	246	5. Log in to OpenShift using the `oc` client, and use the OpenShift Applier to create the cluster content
40c2e4	247	```bash
e37e66	248	oc login https://<CLUSTER_URL>
RS	249	```
	250	```bash
	251	cd todolist-fe/.openshift-applier
58480f	252	```
D	253	```bash
	254	ansible-playbook apply.yml -i inventory/ \
40c2e4	255	-e "filter_tags=pipeline"
D	256	```
e37e66	257	> NOTE: Windows users should run the `oc` command and Ansible playbook from inside the `do500-toolbox` container.
40c2e4	258
e37e66	259	6. With these changes in place, commit your changes to GitLab
752f2a	260	```bash
58480f	261	git add .
D	262	```
	263	```bash
	264	git commit -m "ADD - ocp pipeline in git repo"
	265	```
	266	```bash
	267	git push
752f2a	268	```
D	269
e37e66	270	7. Login to your OpenShift Cluster and go to the `<YOUR_NAME>-ci-cd` namespace. On the side menu; hit `Builds > Pipeline` to see your newly created pipeline running in OCP Land.
40c2e4	271	![ocp-pipeline-view](../images/exercise4/ocp-pipeline-view.png)
D	272
e37e66	273	8. Running the pipeline from here will run it in Jenkins. You can see the job sync between OpenShift and Jenkins if you login to Jenkins. You should see a folder with `<YOUR_NAME>-ci-cd` and your pipeline jobs inside of it.
40c2e4	274	![ocp-pipeline-jenkins](../images/exercise4/ocp-pipeline-jenkins.png)
D	275
e37e66	276	> NOTE: If you see failures in the first pipeline run, re-run the pipeline again and it should succeed.
RS	277
	278	9. With the configuration in place for the `todolist-fe`; repeat the process for the `todolist-api`.
	279	```bash
	280	cd todolist-api/.openshift-applier
	281	```
	282	```bash
	283	git checkout master
	284	```
	285
	286	10. Update the `todolist-api/.openshift-applier/inventory/group_vars/all.yml` with a new object to drive the params and template
40c2e4	287	```yaml
1b0abc	288	- name: todolist-api-pipeline
40c2e4	289	template: "{{ playbook_dir }}/templates/ocp-pipeline.yml"
D	290	params: "{{ playbook_dir }}/params/ocp-pipeline"
	291	namespace: "{{ ci_cd_namespace }}"
	292	tags:
	293	- pipeline
	294	```
	295
e37e66	296	11. Update the `todolist-api/.openshift-applier/params/ocp-pipeline`
40c2e4	297	```
6c5da4	298	PIPELINE_SOURCE_REPOSITORY_URL=https://gitlab.<APPS_URL>/<GIT_USERNAME>/todolist-api.git
40c2e4	299	PIPELINE_SOURCE_REPOSITORY_REF=develop
D	300	NAME=todolist-api
	301	```
	302
e37e66	303	12. Use the OpenShift Applier to create the cluster content
40c2e4	304	```bash
58480f	305	cd todolist-api/.openshift-applier
e37e66	306	```
RS	307	```bash
	308	oc login https://<CLUSTER_URL>
58480f	309	```
D	310	```bash
	311	ansible-playbook apply.yml -i inventory/ \
40c2e4	312	-e "filter_tags=pipeline"
D	313	```
	314
e37e66	315	> NOTE: Windows users should run the `oc` command and Ansible playbook from inside the `do500-toolbox` container.
RS	316
	317	13. Login to your OpenShift Cluster and go to the `<YOUR_NAME>-ci-cd` namespace. On the side menu; hit `Builds > Pipeline` to see your newly created pipeline running in OCP Land.
40c2e4	318	![ocp-pipeline-view2](../images/exercise4/ocp-pipeline-view2.png)
D	319
e37e66	320	14. Commit your changes to GitLab
752f2a	321	```bash
58480f	322	git add .
D	323	```
	324	```bash
	325	git commit -m "ADD - ocp pipeline in git repo"
	326	```
	327	```bash
	328	git push
752f2a	329	```
40c2e4	330
D	331	### Part 3 - Security Scanning Slaves
8e69d4	332	> _This part of the exercise focuses on updating the `enablement-ci-cd` repo with some new jenkins-slave pods for use in future exercise_
5a16fd	333
8e69d4	334	<!-- #### 3a - OWASP ZAP
6e5c07	335	> _OWASP ZAP (Zed Attack Proxy) is a free open source security tool used for finding security vulnerabilities in web applications._
A	336
caec0d	337	3. On your terminal; move to the `enablement-ci-cd` repo. We need to checkout a template for OpenShift to build our Jenkins Slave images and some parameters for the `zap` slave.
6e5c07	338	```bash
caec0d	339	git checkout exercise4/zap-and-arachni params/jenkins-slave-zap templates/jenkins-slave-generic-template.yml
6e5c07	340	```
A	341
3437ff	342	3. This should have created the following files which we will fill out. We will use a `ZAP` image hosted on the `rht-labs/ci-cd` repo so there will be no `Dockerfile` needed:
09d869	343	- `params/jenkins-slave-zap`
6e5c07	344
ccc1ac	345	3. Create an object in `inventory/host_vars/ci-cd-tooling.yml` called `jenkins-slave-zap` and add the following content:
64ae3c	346	```yaml
ccc1ac	347	- name: "jenkins-slave-zap"
3fdb03	348	namespace: "{{ ci_cd_namespace }}"
D	349	template: "{{ playbook_dir }}/templates/jenkins-slave-generic-template.yml"
ccc1ac	350	params: "{{ playbook_dir }}/params/jenkins-slave-zap"
3fdb03	351	tags:
D	352	- zap
6e5c07	353	```
a82977	354	![zap-object](../images/exercise4/zap-object.png)
6e5c07	355
A	356	3. Run the ansible playbook filtering with tag `zap` so only the zap build pods are run.
	357	```bash
58480f	358	ansible-playbook apply.yml -e target=tools \
3fdb03	359	-i inventory/ \
D	360	-e "filter_tags=zap"
6e5c07	361	```
A	362
6c5da4	363	3. Head to <CLUSTER_URL> on OpenShift and move to your ci-cd project > builds. You should see `jenkins-slave-zap` has been built.
8e69d4	364	![zap-build](../images/exercise4/zap-build.png) -->
6e5c07	365
e37e66	366	#### 3a - Arachni Scan
6e5c07	367	> _Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications._
09d869	368
e37e66	369	1. To save time, a slave S2I image for Arachni scanner has already been built for you and pushed to the `openshift` namespace. Tag and label the image so that it is available for builds in the `<YOUR_NAME>-ci-cd` namespace.
09d869	370	```bash
e37e66	371	oc project <YOUR_NAME>-ci-cd
09d869	372	```
e37e66	373	```bash
RS	374	oc tag openshift/jenkins-slave-arachni:latest jenkins-slave-arachni:latest
	375	```
	376	```bash
	377	oc label is jenkins-slave-arachni role=jenkins-slave-arachni
	378	```
	379	> NOTE: Windows users should run the `oc` commands in the `do500-toolbox` container.
6e5c07	380
e37e66	381	<!-- 3. Create an object in `inventory/host_vars/ci-cd-tooling.yml` called `jenkins-slave-arachni` with the following content:
64ae3c	382	```yaml
ccc1ac	383	- name: "jenkins-slave-arachni"
3fdb03	384	namespace: "{{ ci_cd_namespace }}"
D	385	template: "{{ playbook_dir }}/templates/jenkins-slave-generic-template.yml"
ccc1ac	386	params: "{{ playbook_dir }}/params/jenkins-slave-arachni"
3fdb03	387	tags:
D	388	- arachni
6e5c07	389	```
A	390
5e7a31	391	3. Update the `jenkins-slave-arachni` files `SOURCE_REPOSITORY_URL` to point to your GitLab's hosted version of the `enablement-ci-cd` repo.
09d869	392	```
6c5da4	393	SOURCE_REPOSITORY_URL=https://gitlab.<APPS_URL>/<GIT_USERNAME>/enablement-ci-cd.git
09d869	394	SOURCE_CONTEXT_DIR=docker/jenkins-slave-arachni
D	395	BUILDER_IMAGE_NAME=registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7:latest
	396	NAME=jenkins-slave-arachni
	397	SOURCE_REPOSITORY_REF=master
	398	```
	399
	400	3. With these changes in place, push your changes to the `master` branch.
	401	```bash
58480f	402	git add .
D	403	```
	404	```bash
	405	git commit -m "ADD - Arachni scanning image"
	406	```
	407	```bash
	408	git push
09d869	409	```
D	410
5e7a31	411	3. Run the Ansible playbook filtering with tag `arachni` so only the arachni build pods are run.
6e5c07	412	```bash
58480f	413	ansible-playbook apply.yml -e target=tools \
3fdb03	414	-i inventory/ \
D	415	-e "filter_tags=arachni"
e37e66	416	``` -->
6e5c07	417
e37e66	418	2. Head to <CLUSTER_URL> on OpenShift and move to your ci-cd project `Builds > Images`. You should see the `jenkins-slave-arachni` image.
45eb81	419	![builds-zap-arachni](../images/exercise4/builds-zap-arachni.png)
5a16fd	420
c0cc3d	421	3. Just like you did with the `jenkins-slave-npm`, configure the `jenkins-slave-arachni` pod template to bypass SSL certificate checks in the Jenkins global configuration settings. Log in to Jenkins and navigate to `Manage Jenkins` > `Configure System` page.
RS	422
	423	4. Locate the `Kubernetes Pod Template` section by scrolling to the bottom of the page and click on `Add Pod Template` to add a new pod template for the Arachni scanner slave.
	424	![add-kube-pod-template](../images/exercise4/add-kube-pod-template.png)
	425
	426	5. For the new pod template, enter `jenkins-slave-arachni` in the `Name` and `Labels` fields.
	427
	428	6. In the `Containers` section for the pod template, add a new container template with the following details:
	429	* Enter `jnlp` in the `Name` field
5fba8f	430	* Enter `docker-registry.default.svc:5000/<YOUR_NAME>/jenkins-slave-arachni` in the `Docker image` field
c0cc3d	431	* Enter `/tmp` in the `Working directory` field
RS	432	* Enter `${computer.jnlpmac} ${computer.name}` in the `Arguments to pass to the command` field
	433
1b0abc	434	7. Add a new environment variable for the container template called `GIT_SSL_NO_VERIFY` and set its value to `true`. Your final `jenkins-slave-arachni` kubernetes pod template should look like the following:
c0cc3d	435	![add-kube-pod-template](../images/exercise4/new-arachni-container-template.png)
RS	436
	437	8. Click `Save` at the bottom of the page to save your global Jenkins settings.
5a16fd	438	_____
D	439
8e69d4	440	<!-- ## Extension Tasks
5a16fd	441	> _Ideas for go-getters. Advanced topic for doers to get on with if they finish early. These will usually not have a solution and are provided for additional scope._
b586be	442
D	443	Jenkins S2I
	444	- Add the multi-branch configuration to the S2I to have Jenkins come alive with the `todolist-api` and `-fe` configuration cooked into it for future uses.
	445
9af076	446	Jenkins Pipeline Extension
853f0c	447	- Add an extension to the pipeline that promotes code to the UAT environment once the master job has been successful.
5e7a31	448	- Use a WAIT to allow for manual input to approve the promotion
9af076	449
D	450	Jenkins e2e extension (blue/green)
498e55	451	- Add a step in the pipeline to only deploy to the `test` environment if the e2e tests have run successfully against which ever environment (blue or green) is not deployed.
5a16fd	452
D	453	## Additional Reading
	454	> List of links or other reading that might be of use / reference for the exercise
	455
4f0295	456	## Slide Links
RH	457
	458	- [Intro](https://docs.google.com/presentation/d/1B3Fv4g66zZ8ZkqBq9TYmImJhUDvMecXCt4q3DXGWhjc/)
	459	- [Wrap-up](https://docs.google.com/presentation/d/1EOk6y798Xh1hsaQlxRuqyr23FIIf7sNY4any_yXIL7A/)
8e69d4	460	- [All Material](https://drive.google.com/drive/folders/1oCjpl33Db7aPocmpu3NNF0B9czRvFq3m) -->