pipeline {
agent {
label "swarm"
}
environment {
DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
DOCKER_IMAGE='ovpn'
SERVICE_NAME="keygen"
PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
PKI_GIT_NAME='openvpn-pki'
OVPN_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn.git'
OVPN_GIT_DIR='openvpn'
JENKINS_MAIL='jenkins.dev@sdsys.ru'
SMTP_SERVER='mail.sdsys.ru'
}
parameters {
string(
name: "client_mail",
defaultValue: "tomishinets.v@sdsys.ru",
description: "Email which has to be recieved certs and key"
)
string(
name: "key_name",
defaultValue: "test",
description: "The names for generation keys and certs."
)
string(
name: "mode",
defaultValue: "client",
description: "For who generate cert, key and conf-file (clients or admins)"
)
string(
name: "mailto",
defaultValue: "tomishinets.v@sdsys.ru",
description: "Email which has to be notified."
)
}
stages {
stage("Check if already exist CNAME") {
steps {
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git clone ${PKI_GIT_URL}'''
}
script {
def zip = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
if (fileExists(zip)) {
currentBuild.result = 'ABORTED'
return
}
}
}
}
stage("Generate Keys and Certs") {
steps {
script {
if (currentBuild.result == 'ABORTED') {
return
}
echo "Running ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest."
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh '''set +x
docker pull ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest \
&& docker run -i --rm -e TZ=Europe/Moscow -e "mode=keygen" -e "SSHKEY=$(cat ${GIT_SSH_KEY})" \
${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest /tmp/keygen.sh ${key_name}
'''
}
}
}
}
stage("Generate configs") {
steps {
script {
if (currentBuild.result == 'ABORTED') {
return
}
echo "Delete old repo version"
sh 'rm -rf ${WORKSPACE}/${PKI_GIT_NAME} && rm -rf ${WORKSPACE}/${OVPN_GIT_DIR}'
echo "Generate ccd config"
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git clone ${OVPN_GIT_URL}'''
}
if (mode == 'client') {
file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_client.txt"
}
if (mode == 'admin') {
file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_admin.txt"
}
string ip = readFile(file)
split = ip.tokenize(".")
if (split[3].toInteger() >= 254) {
currentBuild.result == 'FAILURE'
return
} else {
split[3] = (split[3].toInteger() + 1) + ""
def newIp = split.join(".")
string txt = split[3].toString()
writeFile file: file, text: newIp
def conf = "${WORKSPACE}/${OVPN_GIT_DIR}/${OVPN_GIT_DIR}/ccd/${key_name}"
if (mode == 'client') {
writeFile file: conf, text: "ifconfig-push " + newIp + " 255.255.255.0"
}
if (mode == 'admin') {
writeFile file: conf, text: "ifconfig-push " + newIp + " 255.255.0.0"
}
}
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh '''cd ${OVPN_GIT_DIR}
echo "Add new config for ${key_name}" > ../commit.txt
git add -A
git config --global user.email "${JENKINS_MAIL}"
git config --global user.name "Jenkins"
git commit -F ../commit.txt
GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git push origin master
'''
}
}
}
}
stage("Send key, certs and config with email") {
steps {
script {
if ( currentBuild.result == 'ABORTED' || currentBuild.result == 'FAILURE' ) {
return
}
echo "Pull new OPENVPN-PKI repo version"
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git clone ${PKI_GIT_URL}
'''
}
echo "Send certs,key and config-file to client"
fileZip = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
if ( !fileExists("${fileZip}")) {
currentBuild.result == 'FAILURE'
return
} else {
withEnv(["zip=${fileZip}"]) {
withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
sh '''echo "Ваши ключ, сертификаты и конфигурационный файл для подключения к infoclinica.ru" | email -s "Your Certs and Key" \
-f ${JENKINS_MAIL} \
-r ${SMTP_SERVER} \
-m login \
-u ${USERNAME} \
-i ${PASSWORD} \
-a ${zip} \
${client_mail}
'''
}
}
}
}
}
}
}
post {
always {
echo "CleaningUp work directory"
deleteDir()
}
failure {
mail charset: 'UTF-8',
subject: "Jenkins build ERROR",
mimeType: 'text/html',
to: "${mailto}",
body: "ATTENTION!!!
Jenkins job failed.\n\n
Project Name: ${env.JOB_NAME}
\nBuild Number: ${env.BUILD_NUMBER}
\nURL Build: ${RUN_DISPLAY_URL}"
}
aborted {
mail charset: 'UTF-8',
subject: "Jenkins build ERROR",
mimeType: 'text/html',
to: "${client_mail}",
body: "ATTENTION!!!
Jenkins job aborted.\n\n
The CNAME ${key_name} is already exists!\n\n
Project Name: ${env.JOB_NAME}
\nBuild Number: ${env.BUILD_NUMBER}
\nURL Build: ${RUN_DISPLAY_URL}"
}
}
}