|
@@ -4,7 +4,7 @@ pipeline {
|
|
|
}
|
|
|
environment {
|
|
|
DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
|
|
|
- DOCKER_IMAGE='ovpn-rsa'
|
|
|
+ DOCKER_IMAGE='iru/ovpn-rsa'
|
|
|
SERVICE_NAME="ovpn-rsa_server"
|
|
|
PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
|
|
|
PKI_GIT_NAME='openvpn-pki'
|
|
@@ -24,15 +24,15 @@ pipeline {
|
|
|
)
|
|
|
choice (
|
|
|
choices: 'keygen\nrevoke',
|
|
|
- description: 'Whats is action?',
|
|
|
+ description: 'Whats the action?',
|
|
|
name: 'TASK_ACTION')
|
|
|
choice (
|
|
|
choices: 'client\nadmin',
|
|
|
- description: 'Whats is mode?',
|
|
|
+ description: 'Whats the mode?',
|
|
|
name: 'MODE')
|
|
|
string(
|
|
|
name: "client_mail",
|
|
|
- defaultValue: "tomishinets.v@sdsys.ru",
|
|
|
+ defaultValue: "admin@sdsys.ru",
|
|
|
description: "Email which has to be recieved certs and key"
|
|
|
)
|
|
|
string(
|
|
@@ -42,12 +42,12 @@ pipeline {
|
|
|
)
|
|
|
string(
|
|
|
name: "mailto",
|
|
|
- defaultValue: "tomishinets.v@sdsys.ru",
|
|
|
+ defaultValue: "admin@sdsys.ru",
|
|
|
description: "Email which has to be notified."
|
|
|
)
|
|
|
}
|
|
|
stages {
|
|
|
- stage("Pull repo") {
|
|
|
+ stage("Pull PKI repo") {
|
|
|
steps {
|
|
|
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
@@ -60,9 +60,9 @@ pipeline {
|
|
|
stage("Generate Keys and Certs or Revoke") {
|
|
|
steps {
|
|
|
script {
|
|
|
+ def cert = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
|
|
|
switch (TASK_ACTION) {
|
|
|
case 'keygen':
|
|
|
- def cert = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
|
|
|
if (fileExists(cert)) {
|
|
|
currentBuild.result = 'ABORTED'
|
|
|
error ("Cert already exist!!!")
|
|
@@ -71,7 +71,6 @@ pipeline {
|
|
|
COMMAND ="keygen.sh"
|
|
|
break
|
|
|
case 'revoke':
|
|
|
- def cert = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
|
|
|
if (!fileExists(cert)) {
|
|
|
currentBuild.result = 'ABORTED'
|
|
|
error ("Cert doesn't exist!!!")
|
|
@@ -83,10 +82,10 @@ pipeline {
|
|
|
echo "Running ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest."
|
|
|
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
sh """set +x
|
|
|
- docker pull $DOCKER_REGISTRY/iru/$DOCKER_IMAGE:latest
|
|
|
+ docker pull $DOCKER_REGISTRY/$DOCKER_IMAGE:latest
|
|
|
docker run -i --rm -e TZ=Europe/Moscow -e mode=keygen -e "SSHKEY=`cat ${GIT_SSH_KEY}`" \
|
|
|
-e git_url=${PKI_GIT_URL} -e git_dir=${PKI_GIT_NAME} \
|
|
|
- $DOCKER_REGISTRY/iru/$DOCKER_IMAGE:latest /tmp/$COMMAND $key_name $branch
|
|
|
+ $DOCKER_REGISTRY/$DOCKER_IMAGE:latest /tmp/$COMMAND $key_name $branch
|
|
|
"""
|
|
|
}
|
|
|
}
|
|
@@ -135,7 +134,7 @@ pipeline {
|
|
|
string txt = split[3].toString()
|
|
|
writeFile file: file, text: newIp
|
|
|
|
|
|
- def conf = "${WORKSPACE}/${OVPN_GIT_DIR}/${OVPN_GIT_DIR}/ccd/${key_name}"
|
|
|
+ def conf = "${WORKSPACE}/${OVPN_GIT_DIR}/${OVPN_GIT_DIR}/persist/ccd/${key_name}"
|
|
|
writeFile file: conf, text: "ifconfig-push " + newIp + " 255.255.0.0"
|
|
|
}
|
|
|
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
@@ -180,13 +179,13 @@ pipeline {
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
- stage("Update ccd-files and crl.pem") {
|
|
|
+ stage("Update ccd-files and stonevpn.crl") {
|
|
|
steps {
|
|
|
script {
|
|
|
def NODE = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1 docker service ps \${SERVICE_NAME} --format '{{.Node}}' --filter desired-state=Running" , returnStdout: true).trim()
|
|
|
sh "if [ -z ${NODE} ]; then echo '${SERVICE_NAME} does not running'; exit 1; fi"
|
|
|
def container_id = sh (script: "DOCKER_HOST=tcp://${NODE}:2376 DOCKER_TLS_VERIFY=1 docker ps -q -f label=ru.sdsys.subcontainer=\${SERVICE_NAME}" , returnStdout: true).trim()
|
|
|
- sh "DOCKER_HOST=tcp://${NODE}:2376 DOCKER_TLS_VERIFY=1 docker cp ${WORKSPACE}/${OVPN_GIT_DIR}/${OVPN_GIT_DIR}/ccd/ ${container_id}:/etc/${OVPN_GIT_DIR}/persist"
|
|
|
+ sh "DOCKER_HOST=tcp://${NODE}:2376 DOCKER_TLS_VERIFY=1 docker cp ${WORKSPACE}/${OVPN_GIT_DIR}/${OVPN_GIT_DIR}/persist/ccd/ ${container_id}:/etc/${OVPN_GIT_DIR}/persist"
|
|
|
sh "DOCKER_HOST=tcp://${NODE}:2376 DOCKER_TLS_VERIFY=1 docker cp ${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/keys/stonevpn.crl ${container_id}:/etc/${OVPN_GIT_DIR}/persist/stonevpn.crl"
|
|
|
}
|
|
|
}
|
|
@@ -212,4 +211,4 @@ pipeline {
|
|
|
body: "<b>ATTENTION!!!</b> <b><br> Jenkins job aborted.\n\n <b><br> The CNAME ${key_name} is already exists!\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
|
|
|
}
|
|
|
}
|
|
|
-}
|
|
|
+}
|