Jenkinsfile 8.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185
  1. def ENAMES = [ 'prod', 'dev' ]
  2. def CLUSTERS = ['prod': 'iru-swarm1-open.infoclinica.lan', 'dev': 'dev-iru-swarm.infoclinica.lan']
  3. def REGISTRIES = ['prod': 'registry.infoclinica.ru:5000', 'dev': 'dev-registry.infoclinica.ru:5000']
  4. pipeline {
  5. agent {
  6. label "swarm"
  7. }
  8. environment {
  9. DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
  10. DOCKER_IMAGE='ovpn-rsa'
  11. SERVICE_NAME='ovpn-rsa_server'
  12. SERVICE_IMAGE='container_run'
  13. SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
  14. SWARM_GIT_NAME='stack-deploy'
  15. PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
  16. PKI_GIT_NAME='openvpn-pki'
  17. OVPN_GIT_DIR='openvpn'
  18. JENKINS_MAIL='jenkins@sdsys.ru'
  19. CLUSTER_NAME='dev-iru-swarm.infoclinica.lan'
  20. DOCKER_CERT_PATH='/run/secrets/swarm'
  21. }
  22. parameters {
  23. string(
  24. name: "branch",
  25. defaultValue: "97009",
  26. description: "Which branch to use"
  27. )
  28. string(
  29. name: "mailto",
  30. defaultValue: "tomishinets.v@sdsys.ru",
  31. description: "Email which has to be notified."
  32. )
  33. }
  34. stages {
  35. stage ("Discover SERIAL") {
  36. steps {
  37. script {
  38. SERIAL = sh script: "echo -n `date +%y%m%d``printf %03d $BUILD_NUMBER`", returnStdout: true
  39. }
  40. }
  41. }
  42. stage("Pull PKI repo") {
  43. steps {
  44. withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
  45. sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  46. git clone ${PKI_GIT_URL} && cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch} && cd ${WORKSPACE}
  47. GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  48. git clone ${SWARM_GIT_URL}
  49. '''
  50. }
  51. sh '''cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ca.crt \
  52. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.crt \
  53. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.key \
  54. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.crt \
  55. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.key \
  56. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ta.key \
  57. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/stonevpn.crl \
  58. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/dh2048.pem \
  59. ${WORKSPACE}/openvpn/keys
  60. ls -al ${WORKSPACE}/openvpn/keys/
  61. '''
  62. }
  63. }
  64. /* stage("Build") {
  65. steps {
  66. echo "Building ${DOCKER_IMAGE}:${SERIAL}."
  67. sh """docker build --no-cache -t ${DOCKER_IMAGE}:${SERIAL} .
  68. if [ \$? != 0 ]; then echo 'The container was not built'; exit 1; fi
  69. """
  70. }
  71. }
  72. stage ("Push to registry") {
  73. steps {
  74. script {
  75. ENAMES.each { item ->
  76. echo "Pushing to: ${item}, CLUSTER ${CLUSTERS.get((item))}"
  77. sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
  78. docker push ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
  79. """
  80. }
  81. }
  82. }
  83. }
  84. */ stage("Run in Prod-like") {
  85. steps {
  86. script {
  87. echo "Check Prod-like cluster status"
  88. sh "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node ls"
  89. sh "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'"
  90. def DHOST = 'tcp://'+sh(script: "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'", returnStdout: true).trim()+':2376'
  91. echo "${DHOST}"
  92. sh """cd \${SWARM_GIT_NAME}/\${DOCKER_IMAGE}
  93. DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 ./ovpn-rsa-open-staging.sh
  94. """
  95. def NODE = script: "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker service ps \${SERVICE_NAME} --format '{{.Node}}' --filter desired-state=Running" , returnStdout: true
  96. /* node=\$(docker service ps \${SERVICE_NAME} --format '{{.Node}}' --filter desired-state=Running) */
  97. }
  98. }
  99. }
  100. /* stage("Prod-like") {
  101. steps {
  102. echo "Check Prod-like cluster status"
  103. sh '''ping -c 2 ${CLUSTER_NAME}
  104. if [ $? -eq 0 ]; then
  105. export DOCKER_CERT_PATH=/run/secrets/swarm
  106. export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
  107. docker node ls --format "{{.Hostname}} {{.TLSStatus}}" | while read host status
  108. do
  109. if [ $status != Ready ]; then echo "Cluster ${CLUSTER_NAME} state is inconsistent"; exit 1
  110. else echo "HOST: $host STATUS: $status"
  111. fi
  112. done
  113. else echo "Host not Found"; exit 1
  114. fi
  115. '''
  116. echo "Run containers in Prod-like"
  117. sh '''export DOCKER_CERT_PATH=/run/secrets/swarm
  118. export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
  119. export DOCKER_HOST=tcp://$(docker info -f '{{.Name}}'):2376 DOCKER_TLS_VERIFY=1
  120. if [ -z $(docker service ps -q ${DOCKER_IMAGE}) ];then
  121. docker service create --replicas 1 \
  122. --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \
  123. --name ${SERVICE_NAME} ${DOCKER_REGISTRY}/${SERVICE_IMAGE}:2 -p 1194:1194 \
  124. --privileged --security-opt seccomp=unconfined \
  125. --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
  126. -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}
  127. else
  128. docker service update \
  129. --args "-p 1194:1194 --privileged --security-opt seccomp=unconfined \
  130. --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
  131. -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}" \
  132. ${SERVICE_NAME}
  133. if [ $? != 0 ]; then docker service rollback ${SERVICE_NAME}; fi
  134. fi
  135. '''
  136. }
  137. }
  138. stage("Tagging") {
  139. steps {
  140. echo "Tagging ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} to ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest"
  141. sh '''docker tag ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} \
  142. ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
  143. docker push ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
  144. '''
  145. echo "Updating tag info in ${SWARM_GIT_NAME} repository"
  146. withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
  147. sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  148. git clone ${SWARM_GIT_URL}
  149. cd ${SWARM_GIT_NAME}
  150. echo -n ${BUILD_NUMBER} > tags/${DOCKER_IMAGE}.version
  151. git add -A
  152. git config --global user.email "${JENKINS_MAIL}"
  153. git config --global user.name "Jenkins"
  154. git commit -m 'Version update'
  155. GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  156. git push origin master
  157. '''
  158. }
  159. }
  160. }
  161. */ }
  162. post {
  163. always {
  164. echo "CleaningUp work directory"
  165. deleteDir()
  166. }
  167. failure {
  168. mail charset: 'UTF-8',
  169. subject: "Jenkins build ERROR",
  170. mimeType: 'text/html',
  171. to: "${mailto}",
  172. body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  173. }
  174. success {
  175. mail charset: 'UTF-8',
  176. subject: "Jenkins build SUSCCESS",
  177. mimeType: 'text/html',
  178. to: "${mailto}",
  179. body: "<b>Congradulations!!!</b> <b><br> Jenkins job succefully finished.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  180. }
  181. }
  182. }