Jenkinsfile 7.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. def ENAMES = [ 'prod', 'dev' ]
  2. def CLUSTERS = ['prod': 'iru-swarm1-open.infoclinica.lan', 'dev': 'dev-iru-swarm.infoclinica.lan']
  3. def REGISTRIES = ['prod': 'registry.infoclinica.ru:5000', 'dev': 'dev-registry.infoclinica.ru:5000']
  4. pipeline {
  5. agent {
  6. label "swarm"
  7. }
  8. environment {
  9. DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
  10. DOCKER_IMAGE='ovpn-rsa'
  11. SERVICE_NAME='ovpn-rsa_server'
  12. SERVICE_IMAGE='container_run'
  13. SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
  14. SWARM_GIT_NAME='stack-deploy'
  15. PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
  16. PKI_GIT_NAME='openvpn-pki'
  17. OVPN_GIT_DIR='openvpn'
  18. JENKINS_MAIL='jenkins@sdsys.ru'
  19. CLUSTER_NAME='dev-iru-swarm.infoclinica.lan'
  20. DOCKER_CERT_PATH='/run/secrets/swarm'
  21. }
  22. parameters {
  23. string(
  24. name: "branch",
  25. defaultValue: "97009",
  26. description: "Which branch to use"
  27. )
  28. string(
  29. name: "mailto",
  30. defaultValue: "tomishinets.v@sdsys.ru",
  31. description: "Email which has to be notified."
  32. )
  33. }
  34. stages {
  35. stage ("Discover SERIAL") {
  36. steps {
  37. script {
  38. SERIAL = sh script: "echo -n `date +%y%m%d``printf %03d $BUILD_NUMBER`", returnStdout: true
  39. }
  40. }
  41. }
  42. stage("Pull PKI repo") {
  43. steps {
  44. withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
  45. sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  46. git clone ${PKI_GIT_URL} && cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch} && cd ${WORKSPACE}
  47. GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  48. git clone ${SWARM_GIT_URL}
  49. '''
  50. }
  51. sh '''cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ca.crt \
  52. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.crt \
  53. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.key \
  54. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.crt \
  55. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.key \
  56. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ta.key \
  57. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/stonevpn.crl \
  58. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/dh2048.pem \
  59. ${WORKSPACE}/openvpn/keys
  60. ls -al ${WORKSPACE}/openvpn/keys/
  61. '''
  62. }
  63. }
  64. /* stage("Build") {
  65. steps {
  66. echo "Building ${DOCKER_IMAGE}:${SERIAL}."
  67. sh """docker build --no-cache -t ${DOCKER_IMAGE}:${SERIAL} .
  68. if [ \$? != 0 ]; then echo 'The container was not built'; exit 1; fi
  69. """
  70. }
  71. }
  72. stage ("Push to registry") {
  73. steps {
  74. script {
  75. ENAMES.each { item ->
  76. echo "Pushing to: ${item}, CLUSTER ${CLUSTERS.get((item))}"
  77. sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
  78. docker push ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
  79. """
  80. }
  81. }
  82. }
  83. }
  84. */ stage("Run in Prod-like") {
  85. steps {
  86. script {
  87. echo "Check Prod-like cluster status"
  88. sh "echo -n \${SERIAL} > ../\${SWARM_GIT_NAME}/tags/\${DOCKER_IMAGE}.version"
  89. sh """cd \${SWARM_GIT_NAME}/\${DOCKER_IMAGE}
  90. DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 ./ovpn-rsa-open-staging.sh
  91. """
  92. def NODE = sh script: "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker service ps \${SERVICE_NAME} --format '{{.Node}}' --filter desired-state=Running" , returnStdout: true
  93. echo "${NODE}"
  94. }
  95. }
  96. }
  97. /* stage("Prod-like") {
  98. steps {
  99. echo "Check Prod-like cluster status"
  100. sh '''ping -c 2 ${CLUSTER_NAME}
  101. if [ $? -eq 0 ]; then
  102. export DOCKER_CERT_PATH=/run/secrets/swarm
  103. export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
  104. docker node ls --format "{{.Hostname}} {{.TLSStatus}}" | while read host status
  105. do
  106. if [ $status != Ready ]; then echo "Cluster ${CLUSTER_NAME} state is inconsistent"; exit 1
  107. else echo "HOST: $host STATUS: $status"
  108. fi
  109. done
  110. else echo "Host not Found"; exit 1
  111. fi
  112. '''
  113. echo "Run containers in Prod-like"
  114. sh '''export DOCKER_CERT_PATH=/run/secrets/swarm
  115. export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
  116. export DOCKER_HOST=tcp://$(docker info -f '{{.Name}}'):2376 DOCKER_TLS_VERIFY=1
  117. if [ -z $(docker service ps -q ${DOCKER_IMAGE}) ];then
  118. docker service create --replicas 1 \
  119. --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \
  120. --name ${SERVICE_NAME} ${DOCKER_REGISTRY}/${SERVICE_IMAGE}:2 -p 1194:1194 \
  121. --privileged --security-opt seccomp=unconfined \
  122. --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
  123. -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}
  124. else
  125. docker service update \
  126. --args "-p 1194:1194 --privileged --security-opt seccomp=unconfined \
  127. --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
  128. -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}" \
  129. ${SERVICE_NAME}
  130. if [ $? != 0 ]; then docker service rollback ${SERVICE_NAME}; fi
  131. fi
  132. '''
  133. }
  134. }
  135. stage("Tagging") {
  136. steps {
  137. echo "Tagging ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} to ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest"
  138. sh '''docker tag ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} \
  139. ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
  140. docker push ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
  141. '''
  142. echo "Updating tag info in ${SWARM_GIT_NAME} repository"
  143. withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
  144. sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  145. git clone ${SWARM_GIT_URL}
  146. cd ${SWARM_GIT_NAME}
  147. echo -n ${BUILD_NUMBER} > tags/${DOCKER_IMAGE}.version
  148. git add -A
  149. git config --global user.email "${JENKINS_MAIL}"
  150. git config --global user.name "Jenkins"
  151. git commit -m 'Version update'
  152. GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  153. git push origin master
  154. '''
  155. }
  156. }
  157. }
  158. */ }
  159. post {
  160. always {
  161. echo "CleaningUp work directory"
  162. deleteDir()
  163. }
  164. failure {
  165. mail charset: 'UTF-8',
  166. subject: "Jenkins build ERROR",
  167. mimeType: 'text/html',
  168. to: "${mailto}",
  169. body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  170. }
  171. success {
  172. mail charset: 'UTF-8',
  173. subject: "Jenkins build SUSCCESS",
  174. mimeType: 'text/html',
  175. to: "${mailto}",
  176. body: "<b>Congradulations!!!</b> <b><br> Jenkins job succefully finished.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  177. }
  178. }
  179. }