Jenkinsfile 5.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144
  1. def SERIAL
  2. def CONTAINER_ID_CLIENT
  3. def CONTAINER_ID_SERVER
  4. def ENAMES = [ 'prod', 'dev' ]
  5. def CLUSTERS = ['prod': 'iru-swarm1-open.infoclinica.lan', 'dev': 'dev-iru-swarm.infoclinica.lan']
  6. def REGISTRIES = ['prod': 'registry.infoclinica.ru:5000', 'dev': 'dev-registry.infoclinica.ru:5000']
  7. pipeline {
  8. agent {
  9. label "swarm"
  10. }
  11. environment {
  12. DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
  13. DOCKER_IMAGE='iru/ovpn-rsa'
  14. SERVICE_NAME='ovpn-rsa_server'
  15. SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
  16. SWARM_GIT_NAME='stack-deploy'
  17. PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
  18. PKI_GIT_NAME='openvpn-pki'
  19. OVPN_GIT_DIR='openvpn'
  20. JENKINS_MAIL='jenkins@sdsys.ru'
  21. DOCKER_CERT_PATH='/run/secrets/swarm'
  22. }
  23. parameters {
  24. string(
  25. name: "branch",
  26. defaultValue: "master",
  27. description: "Which branch to use"
  28. )
  29. string(
  30. name: "mailto",
  31. defaultValue: "admin@sdsys.ru",
  32. description: "Email which has to be notified."
  33. )
  34. }
  35. stages {
  36. stage ("Discover SERIAL") {
  37. steps {
  38. script {
  39. SERIAL = sh script: "echo -n `date +%y%m%d``printf %03d $BUILD_NUMBER`", returnStdout: true
  40. }
  41. }
  42. }
  43. stage("Pull PKI repo") {
  44. steps {
  45. withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
  46. sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  47. git clone ${PKI_GIT_URL} && cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch} && cd ${WORKSPACE}
  48. GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  49. git clone ${SWARM_GIT_URL}
  50. '''
  51. }
  52. sh '''cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ca.crt \
  53. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.crt \
  54. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.key \
  55. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.crt \
  56. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.key \
  57. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ta.key \
  58. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/dh2048.pem \
  59. ${WORKSPACE}/openvpn/keys
  60. ls -al ${WORKSPACE}/openvpn/keys/
  61. cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/stonevpn.crl ${WORKSPACE}/openvpn/persist
  62. '''
  63. }
  64. }
  65. stage("Build") {
  66. steps {
  67. echo "Building ${DOCKER_IMAGE}:${SERIAL}."
  68. sh "docker build --no-cache -t ${DOCKER_IMAGE}:${SERIAL} ."
  69. }
  70. }
  71. stage ("Push to registry") {
  72. steps {
  73. script {
  74. ENAMES.each { item ->
  75. echo "Pushing to: ${item}, CLUSTER ${CLUSTERS.get((item))}"
  76. sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/${DOCKER_IMAGE}:${SERIAL}
  77. docker push ${REGISTRIES.get((item))}/${DOCKER_IMAGE}:${SERIAL}
  78. """
  79. }
  80. }
  81. }
  82. }
  83. // stage("Staging test") {
  84. // steps {
  85. // script {
  86. // CONTAINER_ID_SERVER = sh (script: "docker run -d --rm -e mode=server --privileged ${DOCKER_IMAGE}:${SERIAL}", returnStdout: true).trim()
  87. // CONTAINER_ID_CLIENT = sh (script: "docker run -d --rm -e mode=client -e server=127.0.0.1 --privileged ${DOCKER_IMAGE}:${SERIAL}" , returnStdout: true).trim()
  88. // sh """docker exec -t ${CONTAINER_ID_CLIENT} ping -c 3 -q 10.10.20.1
  89. // if [ \$? != 0 ]; then exit 1; else echo 'OVPN_RSA is working!!!'; fi
  90. // """
  91. // }
  92. // }
  93. // }
  94. stage ("Tagging") {
  95. steps {
  96. script {
  97. ENAMES.each { item ->
  98. echo "Setting latest tag for $item"
  99. sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/${DOCKER_IMAGE}:latest
  100. docker push ${REGISTRIES.get((item))}/${DOCKER_IMAGE}:latest
  101. """
  102. }
  103. }
  104. echo "Updating tag info in ${SWARM_GIT_NAME} repository"
  105. withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
  106. sh """cd ${SWARM_GIT_NAME}
  107. echo -n ${SERIAL} > tags/${DOCKER_IMAGE}.version
  108. git add -A
  109. git config --global user.email "${JENKINS_MAIL}"
  110. git config --global user.name "Jenkins"
  111. git commit -m '${DOCKER_IMAGE} version update'
  112. GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  113. git push origin master
  114. """
  115. }
  116. }
  117. }
  118. }
  119. post {
  120. always {
  121. echo "CleaningUp work directory"
  122. deleteDir()
  123. sh """docker stop ${CONTAINER_ID_CLIENT}
  124. docker stop ${CONTAINER_ID_SERVER}
  125. docker image rm ${DOCKER_IMAGE}:${SERIAL}
  126. """
  127. }
  128. failure {
  129. mail charset: 'UTF-8',
  130. subject: "Jenkins build ERROR",
  131. mimeType: 'text/html',
  132. to: "${mailto}",
  133. body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  134. }
  135. success {
  136. mail charset: 'UTF-8',
  137. subject: "Jenkins build SUSCCESS",
  138. mimeType: 'text/html',
  139. to: "${mailto}",
  140. body: "<b>Congradulations!!!</b> <b><br> Jenkins job succefully finished.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  141. }
  142. }
  143. }