pipeline { agent { label "swarm" } environment { DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000' DOCKER_IMAGE='ovpn' SERVICE_IMAGE='container_run' SERVICE_NAME='ovpn' SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git' SWARM_GIT_NAME='stack-deploy' PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git' PKI_GIT_NAME='openvpn-pki' GOST_GIT_DIR='openvpn' JENKINS_MAIL='jenkins@sdsys.ru' CLUSTER_NAME='dev-iru-swarm.infoclinica.lan' } parameters { string( name: "mailto", defaultValue: "tomishinets.v@sdsys.ru", description: "Email which has to be notified." ) } stages { stage("Pull PKI repo") { steps { withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) { sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \ git clone ${PKI_GIT_URL} ''' } sh '''cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ca.crt \ ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.crt \ ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.key \ ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.crt \ ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.key \ ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ta.key \ ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/stonevpn.crl \ ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/dh2048.pem \ ${WORKSPACE}/openvpn/keys ls -al ${WORKSPACE}/openvpn/keys/ ''' } } stage("Build") { steps { echo "Building ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}." sh "docker build --no-cache -t ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} ." } } stage("Staging") { steps { echo "Run ${DOCKER_IMAGE} in server mode." sh '''container_id_server=`docker run -d --rm -e "mode=server" \ --privileged ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}` container_ip_server=`docker inspect ${container_id_server} --format='{{.NetworkSettings.IPAddress}}'` container_id_client=`docker run -d --rm -e "mode=client" -e "server=${container_ip_server}" --privileged ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}` sleep 15 docker exec ${container_id_client} ping -c 3 -q 10.10.20.1 if [ $? != 0 ] then echo "Can not connect to VPN server !!!" docker stop ${container_id_server} ${container_id_client} exit 1 else echo "VPN server is started" docker stop ${container_id_server} ${container_id_client} fi ''' } } stage("Publish") { steps { echo "Publishing ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}." sh "docker push ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}" } } stage("Prod-like") { steps { echo "Check Prod-like cluster status" sh '''ping -c 2 ${CLUSTER_NAME} if [ $? -eq 0 ]; then export DOCKER_CERT_PATH=/run/secrets/swarm export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1 docker node ls --format "{{.Hostname}} {{.TLSStatus}}" | while read host status do if [ $status != Ready ]; then echo "Cluster ${CLUSTER_NAME} state is inconsistent"; exit 1 else echo "HOST: $host STATUS: $status" fi done else echo "Host not Found"; exit 1 fi ''' echo "Run containers in Prod-like" sh '''export DOCKER_CERT_PATH=/run/secrets/swarm export DOCKER_HOST=tcp://dev-iru-swarm1.infoclinica.lan:2376 DOCKER_TLS_VERIFY=1 if [ !$(docker service ps -q ${DOCKER_IMAGE}) ];then docker service create --replicas 2 \ --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \ --name ${SERVICE_NAME} ${DOCKER_REGISTRY}/${SERVICE_IMAGE}:1 -p 1194:1194 \ --privileged --security-opt seccomp=unconfined \ --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} else docker service update \ --args "-p 1194:1194 --privileged --security-opt seccomp=unconfined \ --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}" \ ${SERVICE_NAME} if [ $? != 0 ]; then docker service rollback ${SERVICE_NAME}; fi fi ''' } } stage("Tagging") { steps { echo "Tagging ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} to ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest" sh '''docker tag ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} \ ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest docker push ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest ''' echo "Updating tag info in ${SWARM_GIT_NAME} repository" withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) { sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \ git clone ${SWARM_GIT_URL} cd ${SWARM_GIT_NAME} echo -n ${BUILD_NUMBER} > tags/${DOCKER_IMAGE}.version git add -A git config --global user.email "${JENKINS_MAIL}" git config --global user.name "Jenkins" git commit -m 'Version update' GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \ git push origin master ''' } } } } post { always { echo "CleaningUp work directory" deleteDir() } failure { mail charset: 'UTF-8', subject: "Jenkins build ERROR", mimeType: 'text/html', to: "${mailto}", body: "ATTENTION!!!
Jenkins job failed.\n\n
Project Name:
${env.JOB_NAME}
\nBuild Number:
${env.BUILD_NUMBER}
\nURL Build:
${RUN_DISPLAY_URL}" } success { mail charset: 'UTF-8', subject: "Jenkins build SUSCCESS", mimeType: 'text/html', to: "${mailto}", body: "Congradulations!!!
Jenkins job succefully finished.\n\n
Project Name:
${env.JOB_NAME}
\nBuild Number:
${env.BUILD_NUMBER}
\nURL Build:
${RUN_DISPLAY_URL}" } } }