def SERIAL
def CONTAINER_ID_CLIENT
def CONTAINER_ID_SERVER
def ENAMES = [ 'prod', 'dev' ]
def CLUSTERS = ['prod': 'iru-swarm1-open.infoclinica.lan', 'dev': 'dev-iru-swarm.infoclinica.lan']
def REGISTRIES = ['prod': 'registry.infoclinica.ru:5000', 'dev': 'dev-registry.infoclinica.ru:5000']
pipeline {
agent {
label "swarm"
}
environment {
DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
DOCKER_IMAGE='iru/ovpn-rsa'
SERVICE_NAME='ovpn-rsa_server'
SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
SWARM_GIT_NAME='stack-deploy'
PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
PKI_GIT_NAME='openvpn-pki'
OVPN_GIT_DIR='openvpn'
JENKINS_MAIL='jenkins@sdsys.ru'
DOCKER_CERT_PATH='/run/secrets/swarm'
}
parameters {
string(
name: "branch",
defaultValue: "master",
description: "Which branch to use"
)
string(
name: "mailto",
defaultValue: "admin@sdsys.ru",
description: "Email which has to be notified."
)
}
stages {
stage ("Discover SERIAL") {
steps {
script {
SERIAL = sh script: "echo -n `date +%y%m%d``printf %03d $BUILD_NUMBER`", returnStdout: true
}
}
}
stage("Pull PKI repo") {
steps {
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git clone ${PKI_GIT_URL} && cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch} && cd ${WORKSPACE}
GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git clone ${SWARM_GIT_URL}
'''
}
sh '''cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ca.crt \
${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.crt \
${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.key \
${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.crt \
${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.key \
${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ta.key \
${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/dh2048.pem \
${WORKSPACE}/openvpn/keys
ls -al ${WORKSPACE}/openvpn/keys/
cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/stonevpn.crl ${WORKSPACE}/openvpn/persist
'''
}
}
stage("Build") {
steps {
echo "Building ${DOCKER_IMAGE}:${SERIAL}."
sh "docker build --no-cache -t ${DOCKER_IMAGE}:${SERIAL} ."
}
}
stage ("Push to registry") {
steps {
script {
ENAMES.each { item ->
echo "Pushing to: ${item}, CLUSTER ${CLUSTERS.get((item))}"
sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/${DOCKER_IMAGE}:${SERIAL}
docker push ${REGISTRIES.get((item))}/${DOCKER_IMAGE}:${SERIAL}
"""
}
}
}
}
stage("Staging test") {
steps {
script {
CONTAINER_ID_SERVER = sh (script: "docker run -d --rm -e mode=server --privileged ${DOCKER_IMAGE}:${SERIAL}", returnStdout: true).trim()
CONTAINER_ID_CLIENT = sh (script: "docker run -d --rm -e mode=client -e server=127.0.0.1 --privileged ${DOCKER_IMAGE}:${SERIAL}" , returnStdout: true).trim()
sh """docker exec -t ${CONTAINER_ID_CLIENT} ping -c 3 -q 10.10.20.1
if [ \$? != 0 ]; then exit 1; else echo 'OVPN_RSA is working!!!'; fi
"""
}
}
}
stage ("Tagging") {
steps {
script {
ENAMES.each { item ->
echo "Setting latest tag for $item"
sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/${DOCKER_IMAGE}:latest
docker push ${REGISTRIES.get((item))}/${DOCKER_IMAGE}:latest
"""
}
}
echo "Updating tag info in ${SWARM_GIT_NAME} repository"
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh """cd ${SWARM_GIT_NAME}
echo -n ${SERIAL} > tags/${DOCKER_IMAGE}.version
git add -A
git config --global user.email "${JENKINS_MAIL}"
git config --global user.name "Jenkins"
git commit -m '${DOCKER_IMAGE} version update'
GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git push origin master
"""
}
}
}
}
post {
always {
echo "CleaningUp work directory"
deleteDir()
sh """docker stop ${CONTAINER_ID_CLIENT}
docker stop ${CONTAINER_ID_SERVER}
docker image rm ${DOCKER_IMAGE}:${SERIAL}
"""
}
failure {
mail charset: 'UTF-8',
subject: "Jenkins build ERROR",
mimeType: 'text/html',
to: "${mailto}",
body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
}
success {
mail charset: 'UTF-8',
subject: "Jenkins build SUSCCESS",
mimeType: 'text/html',
to: "${mailto}",
body: "<b>Congradulations!!!</b> <b><br> Jenkins job succefully finished.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
}
}
}