|
@@ -1,33 +1,52 @@
|
|
|
+def SERIAL
|
|
|
+def CONTAINER_ID_CLIENT
|
|
|
+def ENAMES = [ 'prod', 'dev' ]
|
|
|
+def CLUSTERS = ['prod': 'iru-swarm1-open.infoclinica.lan', 'dev': 'dev-iru-swarm.infoclinica.lan']
|
|
|
+def REGISTRIES = ['prod': 'registry.infoclinica.ru:5000', 'dev': 'dev-registry.infoclinica.ru:5000']
|
|
|
+
|
|
|
pipeline {
|
|
|
agent {
|
|
|
label "swarm"
|
|
|
}
|
|
|
environment {
|
|
|
DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
|
|
|
- DOCKER_IMAGE='ovpn'
|
|
|
- SERVICE_IMAGE='container_run'
|
|
|
- SERVICE_NAME='ovpn'
|
|
|
+ DOCKER_IMAGE='ovpn-rsa'
|
|
|
+ SERVICE_NAME='ovpn-rsa_server'
|
|
|
SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
|
|
|
SWARM_GIT_NAME='stack-deploy'
|
|
|
PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
|
|
|
PKI_GIT_NAME='openvpn-pki'
|
|
|
- GOST_GIT_DIR='openvpn'
|
|
|
+ OVPN_GIT_DIR='openvpn'
|
|
|
JENKINS_MAIL='jenkins@sdsys.ru'
|
|
|
- CLUSTER_NAME='iru-swarm1-open.infoclinica.ru'
|
|
|
+ DOCKER_CERT_PATH='/run/secrets/swarm'
|
|
|
}
|
|
|
parameters {
|
|
|
+ string(
|
|
|
+ name: "branch",
|
|
|
+ defaultValue: "97009",
|
|
|
+ description: "Which branch to use"
|
|
|
+ )
|
|
|
string(
|
|
|
name: "mailto",
|
|
|
- defaultValue: "admin@sdsys.ru",
|
|
|
+ defaultValue: "tomishinets.v@sdsys.ru",
|
|
|
description: "Email which has to be notified."
|
|
|
)
|
|
|
}
|
|
|
stages {
|
|
|
+ stage ("Discover SERIAL") {
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ SERIAL = sh script: "echo -n `date +%y%m%d``printf %03d $BUILD_NUMBER`", returnStdout: true
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
stage("Pull PKI repo") {
|
|
|
steps {
|
|
|
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
- git clone ${PKI_GIT_URL}
|
|
|
+ git clone ${PKI_GIT_URL} && cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch} && cd ${WORKSPACE}
|
|
|
+ GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
+ git clone ${SWARM_GIT_URL}
|
|
|
'''
|
|
|
}
|
|
|
sh '''cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ca.crt \
|
|
@@ -45,101 +64,72 @@ pipeline {
|
|
|
}
|
|
|
stage("Build") {
|
|
|
steps {
|
|
|
- echo "Building ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}."
|
|
|
- sh "docker build --no-cache -t ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} ."
|
|
|
+ echo "Building ${DOCKER_IMAGE}:${SERIAL}."
|
|
|
+ sh """docker build --no-cache -t ${DOCKER_IMAGE}:${SERIAL} .
|
|
|
+ if [ \$? != 0 ]; then echo 'The container was not built'; exit 1; fi
|
|
|
+ """
|
|
|
}
|
|
|
}
|
|
|
- stage("Staging") {
|
|
|
+ stage ("Push to registry") {
|
|
|
steps {
|
|
|
- echo "Run ${DOCKER_IMAGE} in server mode."
|
|
|
- sh '''container_id_server=`docker run -d --rm -e "mode=server" \
|
|
|
- --privileged ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}`
|
|
|
- container_ip_server=`docker inspect ${container_id_server} --format='{{.NetworkSettings.IPAddress}}'`
|
|
|
- container_id_client=`docker run -d --rm -e "mode=client" -e "server=${container_ip_server}" --privileged ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}`
|
|
|
- sleep 15
|
|
|
- docker exec ${container_id_client} ping -c 3 -q 10.10.20.1
|
|
|
- if [ $? != 0 ]
|
|
|
- then
|
|
|
- echo "Can not connect to VPN server !!!"
|
|
|
- docker stop ${container_id_server} ${container_id_client}
|
|
|
- exit 1
|
|
|
- else
|
|
|
- echo "VPN server is started"
|
|
|
- docker stop ${container_id_server} ${container_id_client}
|
|
|
- fi
|
|
|
- '''
|
|
|
+ script {
|
|
|
+ ENAMES.each { item ->
|
|
|
+ echo "Pushing to: ${item}, CLUSTER ${CLUSTERS.get((item))}"
|
|
|
+ sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
|
|
|
+ docker push ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
|
|
|
+ """
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
|
|
}
|
|
|
- stage("Publish") {
|
|
|
+ stage("Run in Prod-like") {
|
|
|
steps {
|
|
|
- echo "Publishing ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}."
|
|
|
- sh "docker push ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}"
|
|
|
+ script {
|
|
|
+ echo "Check Prod-like cluster status"
|
|
|
+ sh "echo -n \${SERIAL} > \${SWARM_GIT_NAME}/tags/\${DOCKER_IMAGE}.version"
|
|
|
+ sh """cd \${SWARM_GIT_NAME}/\${DOCKER_IMAGE}
|
|
|
+ DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 ./ovpn-rsa-open-staging.sh
|
|
|
+ """
|
|
|
+ def NODE = sh (script: "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker service ps \${SERVICE_NAME} --format '{{.Node}}' --filter desired-state=Running" , returnStdout: true).trim()
|
|
|
+ echo "${NODE}"
|
|
|
+ CONTAINER_ID_CLIENT = sh (script: "docker run -e mode=client -e server=${NODE} --privileged -d --rm ${DOCKER_IMAGE}:${SERIAL}" , returnStdout: true).trim()
|
|
|
+ sh """docker exec -t ${CONTAINER_ID_CLIENT} ping -c 3 -q 10.10.20.1
|
|
|
+ if [ \$? != 0 ]; then exit 1; else echo 'OVPN_RSA is working!!!'; fi
|
|
|
+ """
|
|
|
+
|
|
|
+
|
|
|
+ }
|
|
|
}
|
|
|
}
|
|
|
- stage("Prod-like") {
|
|
|
+ stage ("Tagging") {
|
|
|
steps {
|
|
|
- echo "Check Prod-like cluster status"
|
|
|
- sh '''ping -c 2 ${CLUSTER_NAME}
|
|
|
- if [ $? -eq 0 ]; then
|
|
|
- export DOCKER_CERT_PATH=/run/secrets/swarm
|
|
|
- export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
|
|
|
- docker node ls --format "{{.Hostname}} {{.TLSStatus}}" | while read host status
|
|
|
- do
|
|
|
- if [ $status != Ready ]; then echo "Cluster ${CLUSTER_NAME} state is inconsistent"; exit 1
|
|
|
- else echo "HOST: $host STATUS: $status"
|
|
|
- fi
|
|
|
- done
|
|
|
- else echo "Host not Found"; exit 1
|
|
|
- fi
|
|
|
- '''
|
|
|
- echo "Run containers in Prod-like"
|
|
|
- sh '''export DOCKER_CERT_PATH=/run/secrets/swarm
|
|
|
- export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
|
|
|
- export DOCKER_HOST=tcp://$(docker info -f '{{.Name}}'):2376 DOCKER_TLS_VERIFY=1
|
|
|
- if [ -z $(docker service ps -q ${DOCKER_IMAGE}) ];then
|
|
|
- docker service create --replicas 1 \
|
|
|
- --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \
|
|
|
- --name ${SERVICE_NAME} ${DOCKER_REGISTRY}/${SERVICE_IMAGE}:2 -p 1194:1194 \
|
|
|
- --privileged --security-opt seccomp=unconfined \
|
|
|
- --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
|
|
|
- -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}
|
|
|
- else
|
|
|
- docker service update \
|
|
|
- --args "-p 1194:1194 --privileged --security-opt seccomp=unconfined \
|
|
|
- --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
|
|
|
- -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}" \
|
|
|
- ${SERVICE_NAME}
|
|
|
- if [ $? != 0 ]; then docker service rollback ${SERVICE_NAME}; fi
|
|
|
- fi
|
|
|
- '''
|
|
|
+ script {
|
|
|
+ ENAMES.each { item ->
|
|
|
+ echo "Setting latest tag for $item"
|
|
|
+ sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:latest
|
|
|
+ docker push ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:latest
|
|
|
+ """
|
|
|
+ }
|
|
|
+ }
|
|
|
+ echo "Updating tag info in ${SWARM_GIT_NAME} repository"
|
|
|
+ withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
+ sh """cd ${SWARM_GIT_NAME}
|
|
|
+ echo -n ${SERIAL} > tags/${DOCKER_IMAGE}.version
|
|
|
+ git add -A
|
|
|
+ git config --global user.email "${JENKINS_MAIL}"
|
|
|
+ git config --global user.name "Jenkins"
|
|
|
+ git commit -m 'Version update'
|
|
|
+ GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
+ git push origin master
|
|
|
+ """
|
|
|
+ }
|
|
|
}
|
|
|
}
|
|
|
- stage("Tagging") {
|
|
|
- steps {
|
|
|
- echo "Tagging ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} to ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest"
|
|
|
- sh '''docker tag ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} \
|
|
|
- ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
|
|
|
- docker push ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
|
|
|
- '''
|
|
|
- echo "Updating tag info in ${SWARM_GIT_NAME} repository"
|
|
|
- withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
- sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
- git clone ${SWARM_GIT_URL}
|
|
|
- cd ${SWARM_GIT_NAME}
|
|
|
- echo -n ${BUILD_NUMBER} > tags/${DOCKER_IMAGE}.version
|
|
|
- git add -A
|
|
|
- git config --global user.email "${JENKINS_MAIL}"
|
|
|
- git config --global user.name "Jenkins"
|
|
|
- git commit -m 'Version update'
|
|
|
- GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
- git push origin master
|
|
|
- '''
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
}
|
|
|
post {
|
|
|
always {
|
|
|
+ sh "docker stop ${CONTAINER_ID_CLIENT}"
|
|
|
+ sh "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker stack rm ${DOCKER_IMAGE}"
|
|
|
echo "CleaningUp work directory"
|
|
|
deleteDir()
|
|
|
}
|