Jenkinsfile 7.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177
  1. def ENAMES = [ 'prod', 'dev' ]
  2. def CLUSTERS = ['prod': 'iru-swarm1-open.infoclinica.lan', 'dev': 'dev-iru-swarm.infoclinica.lan']
  3. def REGISTRIES = ['prod': 'registry.infoclinica.ru:5000', 'dev': 'dev-registry.infoclinica.ru:5000']
  4. pipeline {
  5. agent {
  6. label "swarm"
  7. }
  8. environment {
  9. DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
  10. DOCKER_IMAGE='ovpn-rsa'
  11. SERVICE_NAME='ovpn_server'
  12. SERVICE_IMAGE='container_run'
  13. SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
  14. SWARM_GIT_NAME='stack-deploy'
  15. PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
  16. PKI_GIT_NAME='openvpn-pki'
  17. OVPN_GIT_DIR='openvpn'
  18. JENKINS_MAIL='jenkins@sdsys.ru'
  19. CLUSTER_NAME='dev-iru-swarm.infoclinica.lan'
  20. }
  21. parameters {
  22. string(
  23. name: "branch",
  24. defaultValue: "97009",
  25. description: "Which branch to use"
  26. )
  27. string(
  28. name: "mailto",
  29. defaultValue: "tomishinets.v@sdsys.ru",
  30. description: "Email which has to be notified."
  31. )
  32. }
  33. stages {
  34. stage ("Discover SERIAL") {
  35. steps {
  36. script {
  37. SERIAL = sh script: "echo -n `date +%y%m%d``printf %03d $BUILD_NUMBER`", returnStdout: true
  38. }
  39. }
  40. }
  41. /* stage("Pull PKI repo") {
  42. steps {
  43. withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
  44. sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  45. git clone ${PKI_GIT_URL} && cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch} && cd ${WORKSPACE}
  46. GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  47. git clone ${SWARM_GIT_URL}
  48. '''
  49. }
  50. sh '''cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ca.crt \
  51. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.crt \
  52. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.key \
  53. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.crt \
  54. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.key \
  55. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ta.key \
  56. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/stonevpn.crl \
  57. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/dh2048.pem \
  58. ${WORKSPACE}/openvpn/keys
  59. ls -al ${WORKSPACE}/openvpn/keys/
  60. '''
  61. }
  62. }
  63. stage("Build") {
  64. steps {
  65. echo "Building ${DOCKER_IMAGE}:${SERIAL}."
  66. sh """docker build --no-cache -t ${DOCKER_IMAGE}:${SERIAL} .
  67. if [ \$? != 0 ]; then echo 'The container was not built'; exit 1; fi
  68. """
  69. }
  70. }
  71. stage ("Push to registry") {
  72. steps {
  73. script {
  74. ENAMES.each { item ->
  75. echo "Pushing to: ${item}, CLUSTER ${CLUSTERS.get((item))}"
  76. sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
  77. docker push ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
  78. """
  79. }
  80. }
  81. }
  82. }
  83. */ stage("Run in Prod-like") {
  84. steps {
  85. script {
  86. echo "Check Prod-like cluster status"
  87. sh "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node ls"
  88. sh "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'"
  89. def DHOST = 'tcp://'+sh(script: "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'", returnStdout: true).trim()+':2376'
  90. }
  91. }
  92. }
  93. /* stage("Prod-like") {
  94. steps {
  95. echo "Check Prod-like cluster status"
  96. sh '''ping -c 2 ${CLUSTER_NAME}
  97. if [ $? -eq 0 ]; then
  98. export DOCKER_CERT_PATH=/run/secrets/swarm
  99. export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
  100. docker node ls --format "{{.Hostname}} {{.TLSStatus}}" | while read host status
  101. do
  102. if [ $status != Ready ]; then echo "Cluster ${CLUSTER_NAME} state is inconsistent"; exit 1
  103. else echo "HOST: $host STATUS: $status"
  104. fi
  105. done
  106. else echo "Host not Found"; exit 1
  107. fi
  108. '''
  109. echo "Run containers in Prod-like"
  110. sh '''export DOCKER_CERT_PATH=/run/secrets/swarm
  111. export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
  112. export DOCKER_HOST=tcp://$(docker info -f '{{.Name}}'):2376 DOCKER_TLS_VERIFY=1
  113. if [ -z $(docker service ps -q ${DOCKER_IMAGE}) ];then
  114. docker service create --replicas 1 \
  115. --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \
  116. --name ${SERVICE_NAME} ${DOCKER_REGISTRY}/${SERVICE_IMAGE}:2 -p 1194:1194 \
  117. --privileged --security-opt seccomp=unconfined \
  118. --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
  119. -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}
  120. else
  121. docker service update \
  122. --args "-p 1194:1194 --privileged --security-opt seccomp=unconfined \
  123. --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
  124. -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}" \
  125. ${SERVICE_NAME}
  126. if [ $? != 0 ]; then docker service rollback ${SERVICE_NAME}; fi
  127. fi
  128. '''
  129. }
  130. }
  131. stage("Tagging") {
  132. steps {
  133. echo "Tagging ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} to ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest"
  134. sh '''docker tag ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} \
  135. ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
  136. docker push ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
  137. '''
  138. echo "Updating tag info in ${SWARM_GIT_NAME} repository"
  139. withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
  140. sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  141. git clone ${SWARM_GIT_URL}
  142. cd ${SWARM_GIT_NAME}
  143. echo -n ${BUILD_NUMBER} > tags/${DOCKER_IMAGE}.version
  144. git add -A
  145. git config --global user.email "${JENKINS_MAIL}"
  146. git config --global user.name "Jenkins"
  147. git commit -m 'Version update'
  148. GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  149. git push origin master
  150. '''
  151. }
  152. }
  153. }
  154. */ }
  155. post {
  156. always {
  157. echo "CleaningUp work directory"
  158. deleteDir()
  159. }
  160. failure {
  161. mail charset: 'UTF-8',
  162. subject: "Jenkins build ERROR",
  163. mimeType: 'text/html',
  164. to: "${mailto}",
  165. body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  166. }
  167. success {
  168. mail charset: 'UTF-8',
  169. subject: "Jenkins build SUSCCESS",
  170. mimeType: 'text/html',
  171. to: "${mailto}",
  172. body: "<b>Congradulations!!!</b> <b><br> Jenkins job succefully finished.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  173. }
  174. }
  175. }