Browse Source

Add Jenkinsfile_genkey

Admin User 7 years ago
parent
commit
aa9245c0f1
1 changed files with 180 additions and 0 deletions
  1. 180 0
      Jenkinsfile_genkey

+ 180 - 0
Jenkinsfile_genkey

@@ -0,0 +1,180 @@
+pipeline {
+  agent {
+    label "swarm"
+  }
+  environment {
+    DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
+    DOCKER_IMAGE='ovpn'
+    SERVICE_NAME="keygen"
+    PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
+    PKI_GIT_NAME='openvpn-pki'
+    OVPN_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn.git'
+    OVPN_GIT_DIR='openvpn'
+    JENKINS_MAIL='jenkins.dev@sdsys.ru'
+    SMTP_SERVER='mail.sdsys.ru'
+
+  }
+  parameters {
+    string(
+      name: "client_mail",
+      defaultValue: "tomishinets.v@sdsys.ru",
+      description: "Email which has to be recieved certs and key"
+    )
+    string(
+      name: "key_name",
+      defaultValue: "test",
+      description: "The names for generation keys and certs."
+    )
+	string(
+      name: "mode",
+      defaultValue: "client",
+      description: "For who generate cert, key and conf-file (clients or admins)"
+    )
+    string(
+      name: "mailto",
+      defaultValue: "tomishinets.v@sdsys.ru",
+      description: "Email which has to be notified."
+    )
+  }
+  stages {
+    stage("Check if already exist CNAME") {
+      steps {
+        withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
+          sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
+                git clone ${PKI_GIT_URL}'''
+        }
+        script {
+          def cert = "${WORKSPACE}/${PKI_GIT_NAME}/gost/keys/${key_name}.crt"
+          if (fileExists(cert)) {
+            currentBuild.result = 'ABORTED'
+            return
+          }
+        }
+      }
+    }
+    stage("Generate Keys and Certs") {
+      steps {
+        script {
+          if (currentBuild.result == 'ABORTED') {
+            return
+          }
+          echo "Running ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest."
+          withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
+            sh '''set +x
+                  docker run -i --rm -e TZ=Europe/Moscow -e "mode=keygen" -e "SSHKEY=$(cat ${GIT_SSH_KEY})" \
+                  ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest /tmp/keygen.sh ${key_name}
+               '''
+          }
+        }
+      }
+    }
+    stage("Generate configs") {
+      steps {
+        script {
+          if (currentBuild.result == 'ABORTED') {
+             return
+          }
+          echo "Delete old repo version"
+          sh 'rm -rf ${WORKSPACE}/${PKI_GIT_NAME} && rm -rf ${WORKSPACE}/${OVPN_GIT_DIR}'
+          echo "Generate ccd config"
+          withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
+            sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
+                  git clone ${OVPN_GIT_URL}'''
+          }
+          
+		  if (mode == 'client') {
+            def file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_client.txt"
+		  } 
+		  if (mode == 'admin') {
+		    def file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_admin.txt"
+		  }
+          string ip = readFile(file)
+          split = ip.tokenize(".")
+          if (split[3].toInteger() >= 254) {
+            currentBuild.result == 'FAILURE'
+            return
+          } else {
+              split[3] = (split[3].toInteger() + 1) + ""
+              def newIp = split.join(".")
+              string txt = split[3].toString()
+              writeFile file: file, text: newIp
+
+              def conf = "${WORKSPACE}/${OVPN_GIT_DIR}/${OVPN_GIT_DIR}/ccd/${key_name}"
+              if (mode == 'client') {
+			    writeFile file: conf, text: "ifconfig-push " + newIp + " 255.255.255.0"
+			  }
+			  if (mode == 'admin') {
+			    writeFile file: conf, text: "ifconfig-push " + newIp + " 255.255.0.0"
+			  }
+          }
+          withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
+            sh '''cd ${OVPN_GIT_DIR}
+                  echo "Add new config for ${key_name}" > ../commit.txt
+                  git add -A
+                  git config --global user.email "${JENKINS_MAIL}"
+                  git config --global user.name "Jenkins"
+                  git commit -F ../commit.txt
+                  GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
+                  git push origin master
+                  ls'''
+          }
+        }
+      }
+    }
+    stage("Send key, certs and config with email") {
+      steps {
+        script {
+          if ( currentBuild.result == 'ABORTED'  || currentBuild.result == 'FAILURE' ) {
+            return
+          }
+          echo "Pull new OPENVPN-PKI repo version"
+          withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
+            sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
+                  git clone ${PKI_GIT_URL}'''
+          }
+          echo "Send certs,key and config-file to client"
+          def fileZip = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
+          if ( !fileExists("${fileZip}")) {
+		    currentBuild.result == 'FAILURE'
+            return
+          } else {
+            withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
+              sh '''echo "Ваши ключ, сертификаты и конфигурационный файл для подключения к infoclinica.ru" | email -s "Your Certs and Key" \
+                    -f ${JENKINS_MAIL} \
+                    -r ${SMTP_SERVER} \
+                    -m login \
+                    -u ${USERNAME} \
+                    -i ${PASSWORD} \
+                    -a ${WORKSPACE}/sds-${key_name}.zip \
+                    ${client_mail}
+                 '''
+            }
+          } else {
+            currentBuild.result = 'FAILURE'
+            return
+          }
+        }
+      }
+    }
+  }
+  post {
+    always {
+      echo "CleaningUp work directory"
+      deleteDir()
+    }
+    failure {
+      mail charset: 'UTF-8',
+           subject: "Jenkins build ERROR",
+           mimeType: 'text/html',
+           to: "${mailto}",
+           body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
+    }
+    aborted {
+      mail charset: 'UTF-8',
+           subject: "Jenkins build ERROR",
+           mimeType: 'text/html',
+           to: "${client_mail}",
+           body: "<b>ATTENTION!!!</b> <b><br> Jenkins job aborted.\n\n <b><br> The CNAME ${key_name} is already exists!\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
+    }
+  }
+}