openvpn/Jenkinsfile

def ENAMES = [ 'prod', 'dev' ]
def CLUSTERS = ['prod': 'iru-swarm1-open.infoclinica.lan', 'dev': 'dev-iru-swarm.infoclinica.lan']
def REGISTRIES = ['prod': 'registry.infoclinica.ru:5000', 'dev': 'dev-registry.infoclinica.ru:5000']

pipeline {
  agent {
    label "swarm"
  }
  environment {
    DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
    DOCKER_IMAGE='ovpn-rsa'
    SERVICE_NAME='ovpn_server'
    SERVICE_IMAGE='container_run'
    SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
    SWARM_GIT_NAME='stack-deploy'
    PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
    PKI_GIT_NAME='openvpn-pki'
    OVPN_GIT_DIR='openvpn'
    JENKINS_MAIL='jenkins@sdsys.ru'
    CLUSTER_NAME='dev-iru-swarm.infoclinica.lan'
  }
  parameters {
    string(
      name: "branch",
      defaultValue: "97009",
      description: "Which branch to use"
    )
    string(
      name: "mailto",
      defaultValue: "tomishinets.v@sdsys.ru",
      description: "Email which has to be notified."
    )
  }
  stages {
    stage ("Discover SERIAL") {
      steps {
        script {
          SERIAL = sh script: "echo -n `date +%y%m%d``printf %03d $BUILD_NUMBER`", returnStdout: true
        }
      }
    }
/*    stage("Pull PKI repo") {
      steps {
        withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
          sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
                git clone ${PKI_GIT_URL} && cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch} && cd ${WORKSPACE}
                GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
                git clone ${SWARM_GIT_URL}
             '''
        }
          sh '''cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ca.crt \
                ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.crt \
                ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.key \
                ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.crt \
                ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.key \
                ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ta.key \
                ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/stonevpn.crl \
                ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/dh2048.pem \
                ${WORKSPACE}/openvpn/keys
                ls -al ${WORKSPACE}/openvpn/keys/
             '''
      }
    }
    stage("Build") {
      steps {
        echo "Building ${DOCKER_IMAGE}:${SERIAL}."
        sh """docker build --no-cache -t ${DOCKER_IMAGE}:${SERIAL} .
              if [ \$? != 0 ]; then echo 'The container was not built'; exit 1; fi
           """
      }
    }
    stage ("Push to registry") {
      steps {
        script {
          ENAMES.each { item ->
             echo "Pushing to: ${item}, CLUSTER ${CLUSTERS.get((item))}"
             sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
                   docker push ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
                """
          }
        }
      }
    }
*/    stage("Run in Prod-like") {
      steps {
        script {
          echo "Check Prod-like cluster status"
          sh "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node ls"
          sh "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'"
            def DHOST = 'tcp://'+sh(script: "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'", returnStdout: true).trim()+':2376'
        }
      }
    }

/*    stage("Prod-like") {
      steps {
        echo "Check Prod-like cluster status"
        sh '''ping -c 2 ${CLUSTER_NAME}
              if [ $? -eq 0 ]; then
                export DOCKER_CERT_PATH=/run/secrets/swarm
                export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
                docker node ls --format "{{.Hostname}} {{.TLSStatus}}" | while read host status
                do
                  if [ $status != Ready ]; then echo "Cluster ${CLUSTER_NAME} state is inconsistent"; exit 1
                  else echo "HOST: $host STATUS: $status"
                  fi
                done
              else echo "Host not Found"; exit 1
              fi
           '''
        echo "Run containers in Prod-like"
        sh '''export DOCKER_CERT_PATH=/run/secrets/swarm
              export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
              export DOCKER_HOST=tcp://$(docker info -f '{{.Name}}'):2376 DOCKER_TLS_VERIFY=1
              if [ -z $(docker service ps -q ${DOCKER_IMAGE}) ];then
                docker service create --replicas 1 \
                --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \
                --name ${SERVICE_NAME} ${DOCKER_REGISTRY}/${SERVICE_IMAGE}:2 -p 1194:1194 \
                --privileged --security-opt seccomp=unconfined \
                --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
                -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}
              else
                docker service update \
                --args "-p 1194:1194 --privileged --security-opt seccomp=unconfined \
                --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
                -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}" \
                ${SERVICE_NAME}
                if [ $? != 0 ]; then docker service rollback ${SERVICE_NAME}; fi
              fi
           '''
      }
    }
    stage("Tagging") {
        steps {
          echo "Tagging ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} to ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest"
          sh '''docker tag ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} \
                ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
                docker push ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
             '''
          echo "Updating tag info in ${SWARM_GIT_NAME} repository"
          withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
            sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
                  git clone ${SWARM_GIT_URL}
                  cd ${SWARM_GIT_NAME}
                  echo -n ${BUILD_NUMBER} > tags/${DOCKER_IMAGE}.version
                  git add -A
                  git config --global user.email "${JENKINS_MAIL}"
                  git config --global user.name "Jenkins"
                  git commit -m 'Version update'
                  GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
                  git push origin master
               '''
         }
       }
     }
*/  }
  post {
    always {
      echo "CleaningUp work directory"
      deleteDir()
    }
    failure {
      mail charset: 'UTF-8',
           subject: "Jenkins build ERROR",
           mimeType: 'text/html',
           to: "${mailto}",
           body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
    }
    success {
      mail charset: 'UTF-8',
           subject: "Jenkins build SUSCCESS",
           mimeType: 'text/html',
           to: "${mailto}",
           body: "<b>Congradulations!!!</b> <b><br> Jenkins job succefully finished.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
    }
  }
}