pipeline {
agent {
label "swarm"
}
environment {
DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
DOCKER_IMAGE='ovpn'
SERVICE_IMAGE='container_run'
SERVICE_NAME='ovpn'
SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
SWARM_GIT_NAME='stack-deploy'
PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
PKI_GIT_NAME='openvpn-pki'
GOST_GIT_DIR='openvpn'
JENKINS_MAIL='jenkins@sdsys.ru'
CLUSTER_NAME='dev-iru-swarm.infoclinica.lan'
}
parameters {
string(
name: "mailto",
defaultValue: "tomishinets.v@sdsys.ru",
description: "Email which has to be notified."
)
}
stages {
stage("Pull PKI repo") {
steps {
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git clone ${PKI_GIT_URL}
'''
}
sh '''cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ca.crt \
${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.crt \
${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.key \
${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.crt \
${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.key \
${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ta.key \
${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/stonevpn.crl \
${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/dh2048.pem \
${WORKSPACE}/openvpn/keys
ls -al ${WORKSPACE}/openvpn/keys/
'''
}
}
stage("Build") {
steps {
echo "Building ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}."
sh "docker build --no-cache -t ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} ."
}
}
stage("Staging") {
steps {
echo "Run ${DOCKER_IMAGE} in server mode."
sh '''container_id_server=`docker run -d --rm -e "mode=server" \
--privileged ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}`
container_ip_server=`docker inspect ${container_id_server} --format='{{.NetworkSettings.IPAddress}}'`
container_id_client=`docker run -d --rm -e "mode=client" -e "server=${container_ip_server}" --privileged ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}`
sleep 15
docker exec ${container_id_client} ping -c 3 -q 10.10.20.1
if [ $? != 0 ]
then
echo "Can not connect to VPN server !!!"
docker stop ${container_id_server} ${container_id_client}
exit 1
else
echo "VPN server is started"
docker stop ${container_id_server} ${container_id_client}
fi
'''
}
}
stage("Publish") {
steps {
echo "Publishing ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}."
sh "docker push ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}"
}
}
stage("Prod-like") {
steps {
echo "Check Prod-like cluster status"
sh '''ping -c 2 ${CLUSTER_NAME}
if [ $? -eq 0 ]; then
export DOCKER_CERT_PATH=/run/secrets/swarm
export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
docker node ls --format "{{.Hostname}} {{.TLSStatus}}" | while read host status
do
if [ $status != Ready ]; then echo "Cluster ${CLUSTER_NAME} state is inconsistent"; exit 1
else echo "HOST: $host STATUS: $status"
fi
done
else echo "Host not Found"; exit 1
fi
'''
echo "Run containers in Prod-like"
sh '''export DOCKER_CERT_PATH=/run/secrets/swarm
export DOCKER_HOST=tcp://dev-iru-swarm1.infoclinica.lan:2376 DOCKER_TLS_VERIFY=1
if [ !$(docker service ps -q ${DOCKER_IMAGE}) ];then
docker service create --replicas 2 \
--mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \
--name ${SERVICE_NAME} ${DOCKER_REGISTRY}/${SERVICE_IMAGE}:1 -p 1194:1194 \
--privileged --security-opt seccomp=unconfined \
--tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}
else
docker service update \
--args "-p 1194:1194 --privileged --security-opt seccomp=unconfined \
--tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}" \
${SERVICE_NAME}
if [ $? != 0 ]; then docker service rollback ${SERVICE_NAME}; fi
fi
'''
}
}
stage("Tagging") {
steps {
echo "Tagging ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} to ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest"
sh '''docker tag ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} \
${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
docker push ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
'''
echo "Updating tag info in ${SWARM_GIT_NAME} repository"
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git clone ${SWARM_GIT_URL}
cd ${SWARM_GIT_NAME}
echo -n ${BUILD_NUMBER} > tags/${DOCKER_IMAGE}.version
git add -A
git config --global user.email "${JENKINS_MAIL}"
git config --global user.name "Jenkins"
git commit -m 'Version update'
GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git push origin master
'''
}
}
}
}
post {
always {
echo "CleaningUp work directory"
deleteDir()
}
failure {
mail charset: 'UTF-8',
subject: "Jenkins build ERROR",
mimeType: 'text/html',
to: "${mailto}",
body: "ATTENTION!!!
Jenkins job failed.\n\n
Project Name: ${env.JOB_NAME}
\nBuild Number: ${env.BUILD_NUMBER}
\nURL Build: ${RUN_DISPLAY_URL}"
}
success {
mail charset: 'UTF-8',
subject: "Jenkins build SUSCCESS",
mimeType: 'text/html',
to: "${mailto}",
body: "Congradulations!!!
Jenkins job succefully finished.\n\n
Project Name: ${env.JOB_NAME}
\nBuild Number: ${env.BUILD_NUMBER}
\nURL Build: ${RUN_DISPLAY_URL}"
}
}
}