Home Explore Help
Sign In
iru
/
openvpn
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Обновить 'Jenkinsfile_keygen'

Vladimir Tomishinets 6 years ago
parent
6772b3dc5b
commit
0cce395e33
1 changed files with 77 additions and 77 deletions
Split View Show Diff Stats
  1. 77 77
      Jenkinsfile_keygen

+ 77 - 77
Jenkinsfile_keygen
View File 

@@ -4,7 +4,7 @@ pipeline {
 
   }
 
   environment {
 
     DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
 
-    DOCKER_IMAGE='ovpn'
 
+    DOCKER_IMAGE='ovpn-rsa'
 
     SERVICE_NAME="keygen"
 
     PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
 
     PKI_GIT_NAME='openvpn-pki'
 
@@ -12,9 +12,23 @@ pipeline {
 
     OVPN_GIT_DIR='openvpn'
 
     JENKINS_MAIL='jenkins.dev@sdsys.ru'
 
     SMTP_SERVER='mail.sdsys.ru'
 
-
 
+    DOCKER_CERT_PATH='/run/secrets/swarm'
 
+    COMMAND=''
 
   }
 
   parameters {
 
+    string(
 
+      name: "branch",
 
+      defaultValue: "master",
 
+      description: "Which branch to use"
 
+    )
 
+    choice (
 
+      choices: 'keygen\nrevoke',
 
+      description: 'Whats is action?',
 
+      name: 'TASK_ACTION')
 
+    choice (
 
+      choices: 'client\nadmin',
 
+      description: 'Whats is mode?',
 
+      name: 'MODE')
 
     string(
 
       name: "client_mail",
 
       defaultValue: "tomishinets.v@sdsys.ru",
 
@@ -25,11 +39,6 @@ pipeline {
 
       defaultValue: "test",
 
       description: "The names for generation keys and certs."
 
     )
 
-    string(
 
-      name: "mode",
 
-      defaultValue: "client",
 
-      description: "For who generate cert, key and conf-file (clients or admins)"
 
-    )
 
     string(
 
       name: "mailto",
 
       defaultValue: "tomishinets.v@sdsys.ru",
 
@@ -37,57 +46,87 @@ pipeline {
 
     )
 
   }
 
   stages {
 
-    stage("Check if already exist CNAME") {
 
+    stage("Pull repo") {
 
       steps {
 
         withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
 
           sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
 
-                git clone ${PKI_GIT_URL}'''
 
-        }
 
-        script {
 
-          def zip = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
 
-          if (fileExists(zip)) {
 
-            currentBuild.result = 'ABORTED'
 
-            error ("Certs already exist!!!")
 
-            return
 
-          }
 
+                git clone ${PKI_GIT_URL}
 
+                cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch}
 
+             '''
 
         }
 
       }
 
     }
 
-    stage("Generate Keys and Certs") {
 
+    stage("Generate Keys and Certs or Revoke") {
 
       steps {
 
         script {
 
-          echo "Running ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest."
 
+          switch (TASK_ACTION) {
 
+            case 'keygen':
 
+              def cert = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
 
+              if (fileExists(cert)) {
 
+                currentBuild.result = 'ABORTED'
 
+                error ("Cert already exist!!!")
 
+              return
 
+              }
 
+              COMMAND ="keygen.sh"
 
+              break
 
+            case 'revoke':
 
+              def cert = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
 
+              if (!fileExists(cert)) {
 
+                currentBuild.result = 'ABORTED'
 
+                error ("Cert doesn't exist!!!")
 
+              return
 
+              }
 
+              COMMAND ="revoke.sh"
 
+              break
 
+          }
 
+          echo "Running ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest."
 
           withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
 
-            sh '''set +x
 
-                  docker pull ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest \
 
-                  && docker run -i --rm -e TZ=Europe/Moscow -e "mode=keygen" -e "SSHKEY=$(cat ${GIT_SSH_KEY})" \
 
-                  ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest /tmp/keygen.sh ${key_name}
 
-               '''
 
+            sh """set +x
 
+                  docker pull $DOCKER_REGISTRY/iru/$DOCKER_IMAGE:latest 
+                  docker run -i --rm -e TZ=Europe/Moscow -e mode=keygen -e "SSHKEY=`cat ${GIT_SSH_KEY}`" \
 
+                  -e git_url=$PKI_GIT_URL -e git_dir=$PKI_GIT_NAME \
 
+                  $DOCKER_REGISTRY/iru/$DOCKER_IMAGE:latest /tmp/$COMMAND $key_name $branch
 
+               """
 
           }
 
         }
 
       }
 
     }
 
-    stage("Generate configs") {
 
+    stage("Pull new version of REPOs") {
 
       steps {
 
         script {
 
           echo "Delete old repo version"
 
           sh 'rm -rf ${WORKSPACE}/${PKI_GIT_NAME} && rm -rf ${WORKSPACE}/${OVPN_GIT_DIR}'
 
-          echo "Generate ccd config"
 
           withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
 
             sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
 
-                  git clone ${OVPN_GIT_URL}'''
 
+                  git clone ${OVPN_GIT_URL}
 
+                  cd ${WORKSPACE}/${OVPN_GIT_DIR} && git checkout ${branch} && cd ${WORKSPACE}
 
+                  GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
 
+                  git clone ${PKI_GIT_URL}
 
+                  cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch}
 
+               '''
 
           }
 
-          
-          if (mode == 'client') {
 
-            file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_client.txt"
 
-          } 
-          if (mode == 'admin') {
 
-           file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_admin.txt"
 
+        }
 
+      }
 
+    }
 
+    stage("Generate configs") {
 
+      when {
 
+        expression { params.TASK_ACTION == 'keygen' }
 
+      }
 
+      steps {
 
+        script {
 
+          switch (MODE) {
 
+            case 'client':
 
+              file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_client.txt"
 
+              break
 
+            case 'admin':
 
+              file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_admin.txt"
 
+              break
 
           }
 
           string ip = readFile(file)
 
           split = ip.tokenize(".")
 
           if (split[3].toInteger() >= 254) {
 
             currentBuild.result == 'FAILURE'
 
+            error ("The last oktet => 254!!!")
 
             return
 
           } else {
 
               split[3] = (split[3].toInteger() + 1) + ""
 
@@ -96,13 +135,8 @@ pipeline {
 
               writeFile file: file, text: newIp
 
 
               def conf = "${WORKSPACE}/${OVPN_GIT_DIR}/${OVPN_GIT_DIR}/ccd/${key_name}"
 
-              if (mode == 'client') {
 
-                writeFile file: conf, text: "ifconfig-push " + newIp + " 255.255.255.0"
 
-              }
 
-              if (mode == 'admin') {
 
-                writeFile file: conf, text: "ifconfig-push " + newIp + " 255.255.0.0"
 
-              }
 
-            }
 
+              writeFile file: conf, text: "ifconfig-push " + newIp + " 255.255.0.0"
 
+          }
 
           withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
 
             sh '''cd ${OVPN_GIT_DIR}
 
                   echo "Add new config for ${key_name}" > ../commit.txt
 
@@ -111,48 +145,14 @@ pipeline {
 
                   git config --global user.name "Jenkins"
 
                   git commit -F ../commit.txt
 
                   GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
 
-                  git push origin master
 
+                  git push origin ${branch}
 
                '''
 
           }
 
-        }
 
-      }
 
-    }
 
-    stage("Send key, certs and config with email") {
 
-      steps {
 
-        script {
 
-          if ( currentBuild.result == 'ABORTED'  || currentBuild.result == 'FAILURE' ) {
 
-            return
 
-          }
 
-          echo "Pull new OPENVPN-PKI repo version"
 
-          withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
 
-            sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
 
-                  git clone ${PKI_GIT_URL}
 
-               '''
 
-          }
 
-          echo "Send certs,key and config-file to client"
 
-          fileZip = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
 
-          if ( !fileExists("${fileZip}")) {
 
-            currentBuild.result == 'FAILURE'
 
-            return
 
-          } else {
 
-            withEnv(["zip=${fileZip}"]) {
 
-              withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
 
-                sh '''echo "Ваши ключ, сертификаты и конфигурационный файл для подключения к infoclinica.ru" | email -s "Your Certs and Key" \
 
-                      -f ${JENKINS_MAIL} \
 
-                      -r ${SMTP_SERVER} \
 
-                      -m login \
 
-                      -u ${USERNAME} \
 
-                      -i ${PASSWORD} \
 
-                      -a ${zip} \
 
-                      ${client_mail}
 
-                   '''
 
-              }
 
-            }
 
-          } 
-        }
 
+          
       }
 
     }
 
   }
 
+    
   post {
 
     always {
 
       echo "CleaningUp work directory"