How to do installation and configuration of GoCD on CentOS? – Part 2
Before proceeding with this tutorial, you must check “How to do installation and configuration of GoCD on CentOS? – Part 1”.
This is the second part of how to do installation and configuration of GoCD. To start, you will first need to follow the part 1 of this tutorial, then follow this part 2. In this part, you will learn about how to install GoCD server, how to do configuration of GoCD server, how to setup authentication for GoCD, how to install Nginx, how to setup SSL certificate using Let’s Encrypt SSL.
Install GoCD
- GoCD is only dependent on Java because it has been programmed in Java. To install it first of all we will execute the following command:
# sudo curl https://download.gocd.org/gocd.repo -o /etc/yum.repos.d/gocd.repo
- Execute the following command to install GoCD on your server
# sudo yum install -y go-server
- You have successfully installed go-server.
- Now you will need to start GoCD server by executing the following command.
# sudo systemctl start go-server
- Now you will need to enable GoCD server by executing the following command.
# sudo systemctl enable go-server
- Now you will need to store artifacts in a directory. You can store them in the same disk drive where you have installed the operating system (OS). Alternatively, you can get an extra dedicated drive from Alibaba Cloud to store artifacts. During continuous integration and delivery, many artifacts are produced. These artifacts are generated continuously that results in the continuous decrease of memory. A situation will come when services will fail to run on your system. I have used same disk, however, it’s completely up to you and I will recommend you to use dedicated disk. For the same disk, execute the following commands:
# sudo mkdir /opt/artifacts # sudo chown -R go:go /opt/artifacts
- Now, to access your GoCD dashboard, you will need to navigate to your domain name. You can also use your Alibaba Cloud ECS IP address. In my case, I have setup a domain name pointing to IP address of my ECS.
There are 4 ways to access your GoCD dashboard:
- http://yourdomain.com:8153 (In my case, http://imarslan.com:8153 )
- https://yourdomain.com:8154 (In my case, https://imarslan.com:8154 )
- http://yourecsip:8153 (In my case, http://254.65.248:8153 )
- https://yourecsip:8154 (In my case, https://254.65.248:8154 )
To access using https, you will need to install SSL certificate.
- Access your GoCD dashboard, you will see the following screen.
- Before adding/creating any pipeline, hover on Admin and click Server Configuration.
- Now you will see the following screen.
- Type your URL in Site URL field with port 8153 and Secure Site URL field with port 8154. In my case, I will use http://imarslan.com:8153 and https://imarslan.com:8154 You will need to replace com with your domain name.
- Now provide your SMTP details for sending any type of email notifications from your GoCD.
Replace imarslan.com with your chosen domain name.
- Now you will have to do pipeline management. For this, enter /opt/artifacts in Artifacts Directory Location, because you have chosen to store artifacts on the same disk. In case, you have chosen separate disk, the path would be different.
- For Auto delete old artifacts, I have done settings to free up-to 8GB when 3GB free space is available because I’m using the same disk for storing artifacts and I don’t want all the space to be consumed. You can adopt same settings or modify according to your demand.
- Leave all other options as these are and click on Save button to save your changes.
- To apply these changes, you will need to restart your GoCD server. To restart, execute the following command:
# sudo systemctl restart go-server
- GoCD does not provide any authentication system to access dashboard. To setup authentication, you can use a LDAP and password file. As Alibaba Cloud ECS will be accessed publicly, you must setup authentication system to avoid misuse.
Setup Authentication for GoCD Dashboard:
For setting up authentication, you will need to use htpasswd command for creating an encrypted password file. To use htpasswd, you will have to install Apache Tools.
- To install Apache Tools, execute the following command:
# sudo yum -y install httpd-tools
- After successful installation, go to next step.
- To create password file for user admin, execute the following command. Then type and retype your password and hit Enter You will see the following screen as output.
# sudo htpasswd -B -c /etc/go/passwd_auth admin
You can more users as per your demand or requirement.
- Now you have created password file. To configure authentication, hover on Admin, then hover on Security, then click Authorization Configuration.
- You will see the following screen after clicking Authorization Configuration.
- Click on Add You will see the following screen.
- In the Id field, type users, select Password File Authentication Plugin for GoCD and type path for password path file as /etc/go/passwd_auth then click on Check Connection You will see the following screen with success alert of Connection OK. Then click on Save button.
- After clicking save button, you will be automatically logged out from GoCD dashboard. You will be redirected to login screen as shown below. Click Sign in button after entering username and password for your created user. In my case, username is admin.
- Now you will have to setup administrator privileges for your admin user, otherwise, every user will have administrator privileges. For this purpose, hover on Admin and click User Summary. You will see the following screen.
- Now select username and click Roles and mark checked Go System Administrator and click Apply
- You have successfully modified admin privileges.
- If you have more than 1 user, you will first need to update your password file that you created then you can write username in Create New field and click Add button as shown below.
Setup Let’s Encrypt SSL for GoCD:
To install SSL certificate for GoCD, you will need to remove port 8153 from your Alibaba Cloud ECS Security Group Rules. You will use Nginx server, it will behave as reverse proxy to forward all the incoming requests to GoCD’s http point.
- Navigate to Security Groups, then Security Group Rules, here you will find the following rule defined. Click Delete to remove this rule.
- To install Nginx server, execute the following command:
# sudo yum -y install nginx
- You have successfully installed nginx server.
- Use the following command to enable Nginx server, so that it starts automatically after reboot.
# sudo systemctl enable nginx
- Execute the following command to start Nginx server.
# sudo systemctl start nginx
- Now when you will access your domain, you will see the following screen.
- Now to point the domain to right directory, you will need to change the default configuration of Nginx. For this purpose, execute the command below:
# sudo sed -i 's/default_server//g' /etc/nginx/nginx.conf
- Now you will need to create a new configuration file for your GoCD. To do so, execute the following command:
# sudo nano /etc/nginx/conf.d/gocd.conf
- Now copy and paste the following data in opened file, then use Ctrl+X, then type Y and hit Enter
upstream gocd { server 127.0.0.1:8153; } server { listen 80 default_server; server_name gocd.example.com; return 301 https://$host$request_uri; } server { listen 443 default_server; server_name gocd.example.com; ssl_certificate /etc/letsencrypt/live/imarslan.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/imarslan.com/privkey.pem; ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; access_log /var/log/nginx/gocd.access.log; location / { proxy_pass http://gocd; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off; } location /go { proxy_pass http://gocd/go; proxy_http_version 1.1; proxy_set_header Upgrade websocket; proxy_set_header Connection upgrade; proxy_read_timeout 86400; } } |
- You will get clone of Let’s Encrypt from official GitHub repository that will be installed in /opt/letsencrypt . To clone, type the following command and hit Enter
# sudo git clone
https://github.com/letsencrypt/letsencrypt
/opt/letsencrypt
- Now navigate to /opt/letsencrypt by executing the command:
# cd /opt/letsencrypt
- Now create your SSL certificate. Let’s Encrypt performs challenges for Domain Validation onthe basis of which Certificate Authority (CA) will authenticate your domain. On validation, you will be issued a SSL certificate by CA. To create SSL certificate for your domain using Let’s Encrypt, use the following command:
# sudo -H ./letsencrypt-auto certonly --standalone -d imarslan.com -d www.imarslan.com
Replace imarslan.com with your domain name.
- Now you will be prompted to write your email address. Type your email and hit Enter
- After it, you will be asked to agree with terms. Type A and hit Enter key to proceed.
- After successful issuance of SSL certificate, you will see the following screen.
- Now you can check if there are any error in your newly configured file.
# sudo nginx -t
- Now restart Nginx server to load your settings.
# sudo systemctl restart nginx
- Now you can access your domain name with https protocol. You can see the screenshot below.
Install GoCD Agent:
GoCD agents are required for the execution of tasks. When any change is detected in task, pipeline gets triggered and jobs get assigned to available workers. For this purpose, at least one agent must be configured. To install agent, follow the steps:
- Execute the following command to install go agent.
# sudo yum install -y go-agent
- You have successfully installed go-agent.
- Now execute the following commands to start and enable the Go Agent. Enabling will allow to start it automatically after restart.
# sudo systemctl start go-agent
# sudo systemctl enable go-agent
Here you go…now your GoCD server is ready to use.