|
@@ -4,7 +4,7 @@ pipeline {
|
|
|
}
|
|
|
environment {
|
|
|
DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
|
|
|
- DOCKER_IMAGE='ovpn'
|
|
|
+ DOCKER_IMAGE='ovpn-rsa'
|
|
|
SERVICE_NAME="keygen"
|
|
|
PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
|
|
|
PKI_GIT_NAME='openvpn-pki'
|
|
@@ -12,9 +12,23 @@ pipeline {
|
|
|
OVPN_GIT_DIR='openvpn'
|
|
|
JENKINS_MAIL='jenkins.dev@sdsys.ru'
|
|
|
SMTP_SERVER='mail.sdsys.ru'
|
|
|
-
|
|
|
+ DOCKER_CERT_PATH='/run/secrets/swarm'
|
|
|
+ COMMAND=''
|
|
|
}
|
|
|
parameters {
|
|
|
+ string(
|
|
|
+ name: "branch",
|
|
|
+ defaultValue: "master",
|
|
|
+ description: "Which branch to use"
|
|
|
+ )
|
|
|
+ choice (
|
|
|
+ choices: 'keygen\nrevoke',
|
|
|
+ description: 'Whats is action?',
|
|
|
+ name: 'TASK_ACTION')
|
|
|
+ choice (
|
|
|
+ choices: 'client\nadmin',
|
|
|
+ description: 'Whats is mode?',
|
|
|
+ name: 'MODE')
|
|
|
string(
|
|
|
name: "client_mail",
|
|
|
defaultValue: "tomishinets.v@sdsys.ru",
|
|
@@ -25,11 +39,6 @@ pipeline {
|
|
|
defaultValue: "test",
|
|
|
description: "The names for generation keys and certs."
|
|
|
)
|
|
|
- string(
|
|
|
- name: "mode",
|
|
|
- defaultValue: "client",
|
|
|
- description: "For who generate cert, key and conf-file (clients or admins)"
|
|
|
- )
|
|
|
string(
|
|
|
name: "mailto",
|
|
|
defaultValue: "tomishinets.v@sdsys.ru",
|
|
@@ -37,57 +46,87 @@ pipeline {
|
|
|
)
|
|
|
}
|
|
|
stages {
|
|
|
- stage("Check if already exist CNAME") {
|
|
|
+ stage("Pull repo") {
|
|
|
steps {
|
|
|
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
- git clone ${PKI_GIT_URL}'''
|
|
|
- }
|
|
|
- script {
|
|
|
- def zip = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
|
|
|
- if (fileExists(zip)) {
|
|
|
- currentBuild.result = 'ABORTED'
|
|
|
- error ("Certs already exist!!!")
|
|
|
- return
|
|
|
- }
|
|
|
+ git clone ${PKI_GIT_URL}
|
|
|
+ cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch}
|
|
|
+ '''
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
- stage("Generate Keys and Certs") {
|
|
|
+ stage("Generate Keys and Certs or Revoke") {
|
|
|
steps {
|
|
|
script {
|
|
|
- echo "Running ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest."
|
|
|
+ switch (TASK_ACTION) {
|
|
|
+ case 'keygen':
|
|
|
+ def cert = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
|
|
|
+ if (fileExists(cert)) {
|
|
|
+ currentBuild.result = 'ABORTED'
|
|
|
+ error ("Cert already exist!!!")
|
|
|
+ return
|
|
|
+ }
|
|
|
+ COMMAND ="keygen.sh"
|
|
|
+ break
|
|
|
+ case 'revoke':
|
|
|
+ def cert = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
|
|
|
+ if (!fileExists(cert)) {
|
|
|
+ currentBuild.result = 'ABORTED'
|
|
|
+ error ("Cert doesn't exist!!!")
|
|
|
+ return
|
|
|
+ }
|
|
|
+ COMMAND ="revoke.sh"
|
|
|
+ break
|
|
|
+ }
|
|
|
+ echo "Running ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest."
|
|
|
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
- sh '''set +x
|
|
|
- docker pull ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest \
|
|
|
- && docker run -i --rm -e TZ=Europe/Moscow -e "mode=keygen" -e "SSHKEY=$(cat ${GIT_SSH_KEY})" \
|
|
|
- ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest /tmp/keygen.sh ${key_name}
|
|
|
- '''
|
|
|
+ sh """set +x
|
|
|
+ docker pull $DOCKER_REGISTRY/iru/$DOCKER_IMAGE:latest
|
|
|
+ docker run -i --rm -e TZ=Europe/Moscow -e mode=keygen -e "SSHKEY=`cat ${GIT_SSH_KEY}`" \
|
|
|
+ -e git_url=$PKI_GIT_URL -e git_dir=$PKI_GIT_NAME \
|
|
|
+ $DOCKER_REGISTRY/iru/$DOCKER_IMAGE:latest /tmp/$COMMAND $key_name $branch
|
|
|
+ """
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
- stage("Generate configs") {
|
|
|
+ stage("Pull new version of REPOs") {
|
|
|
steps {
|
|
|
script {
|
|
|
echo "Delete old repo version"
|
|
|
sh 'rm -rf ${WORKSPACE}/${PKI_GIT_NAME} && rm -rf ${WORKSPACE}/${OVPN_GIT_DIR}'
|
|
|
- echo "Generate ccd config"
|
|
|
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
- git clone ${OVPN_GIT_URL}'''
|
|
|
+ git clone ${OVPN_GIT_URL}
|
|
|
+ cd ${WORKSPACE}/${OVPN_GIT_DIR} && git checkout ${branch} && cd ${WORKSPACE}
|
|
|
+ GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
+ git clone ${PKI_GIT_URL}
|
|
|
+ cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch}
|
|
|
+ '''
|
|
|
}
|
|
|
-
|
|
|
- if (mode == 'client') {
|
|
|
- file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_client.txt"
|
|
|
- }
|
|
|
- if (mode == 'admin') {
|
|
|
- file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_admin.txt"
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ stage("Generate configs") {
|
|
|
+ when {
|
|
|
+ expression { params.TASK_ACTION == 'keygen' }
|
|
|
+ }
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ switch (MODE) {
|
|
|
+ case 'client':
|
|
|
+ file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_client.txt"
|
|
|
+ break
|
|
|
+ case 'admin':
|
|
|
+ file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_admin.txt"
|
|
|
+ break
|
|
|
}
|
|
|
string ip = readFile(file)
|
|
|
split = ip.tokenize(".")
|
|
|
if (split[3].toInteger() >= 254) {
|
|
|
currentBuild.result == 'FAILURE'
|
|
|
+ error ("The last oktet => 254!!!")
|
|
|
return
|
|
|
} else {
|
|
|
split[3] = (split[3].toInteger() + 1) + ""
|
|
@@ -96,13 +135,8 @@ pipeline {
|
|
|
writeFile file: file, text: newIp
|
|
|
|
|
|
def conf = "${WORKSPACE}/${OVPN_GIT_DIR}/${OVPN_GIT_DIR}/ccd/${key_name}"
|
|
|
- if (mode == 'client') {
|
|
|
- writeFile file: conf, text: "ifconfig-push " + newIp + " 255.255.255.0"
|
|
|
- }
|
|
|
- if (mode == 'admin') {
|
|
|
- writeFile file: conf, text: "ifconfig-push " + newIp + " 255.255.0.0"
|
|
|
- }
|
|
|
- }
|
|
|
+ writeFile file: conf, text: "ifconfig-push " + newIp + " 255.255.0.0"
|
|
|
+ }
|
|
|
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
sh '''cd ${OVPN_GIT_DIR}
|
|
|
echo "Add new config for ${key_name}" > ../commit.txt
|
|
@@ -111,48 +145,14 @@ pipeline {
|
|
|
git config --global user.name "Jenkins"
|
|
|
git commit -F ../commit.txt
|
|
|
GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
- git push origin master
|
|
|
+ git push origin ${branch}
|
|
|
'''
|
|
|
}
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- stage("Send key, certs and config with email") {
|
|
|
- steps {
|
|
|
- script {
|
|
|
- if ( currentBuild.result == 'ABORTED' || currentBuild.result == 'FAILURE' ) {
|
|
|
- return
|
|
|
- }
|
|
|
- echo "Pull new OPENVPN-PKI repo version"
|
|
|
- withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
- sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
- git clone ${PKI_GIT_URL}
|
|
|
- '''
|
|
|
- }
|
|
|
- echo "Send certs,key and config-file to client"
|
|
|
- fileZip = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
|
|
|
- if ( !fileExists("${fileZip}")) {
|
|
|
- currentBuild.result == 'FAILURE'
|
|
|
- return
|
|
|
- } else {
|
|
|
- withEnv(["zip=${fileZip}"]) {
|
|
|
- withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
|
|
|
- sh '''echo "Ваши ключ, сертификаты и конфигурационный файл для подключения к infoclinica.ru" | email -s "Your Certs and Key" \
|
|
|
- -f ${JENKINS_MAIL} \
|
|
|
- -r ${SMTP_SERVER} \
|
|
|
- -m login \
|
|
|
- -u ${USERNAME} \
|
|
|
- -i ${PASSWORD} \
|
|
|
- -a ${zip} \
|
|
|
- ${client_mail}
|
|
|
- '''
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
+
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
+
|
|
|
post {
|
|
|
always {
|
|
|
echo "CleaningUp work directory"
|