iru
/
openvpn


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181
							pipeline {
  agent {
    label "swarm"
  }
  environment {
    DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
    DOCKER_IMAGE='ovpn'
    SERVICE_NAME="keygen"
    PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
    PKI_GIT_NAME='openvpn-pki'
    OVPN_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn.git'
    OVPN_GIT_DIR='openvpn'
    JENKINS_MAIL='jenkins.dev@sdsys.ru'
    SMTP_SERVER='mail.sdsys.ru'

  }
  parameters {
    string(
      name: "client_mail",
      defaultValue: "tomishinets.v@sdsys.ru",
      description: "Email which has to be recieved certs and key"
    )
    string(
      name: "key_name",
      defaultValue: "test",
      description: "The names for generation keys and certs."
    )
    string(
      name: "mode",
      defaultValue: "client",
      description: "For who generate cert, key and conf-file (clients or admins)"
    )
    string(
      name: "mailto",
      defaultValue: "tomishinets.v@sdsys.ru",
      description: "Email which has to be notified."
    )
  }
  stages {
    stage("Check if already exist CNAME") {
      steps {
        withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
          sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
                git clone ${PKI_GIT_URL}'''
        }
        script {
          def zip = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
          if (fileExists(zip)) {
            currentBuild.result = 'ABORTED'
            return
          }
        }
      }
    }
    stage("Generate Keys and Certs") {
      steps {
        script {
          if (currentBuild.result == 'ABORTED') {
            return
          }
          echo "Running ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest."
          withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
            sh '''set +x
                  docker pull ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest \
                  && docker run -i --rm -e TZ=Europe/Moscow -e "mode=keygen" -e "SSHKEY=$(cat ${GIT_SSH_KEY})" \
                  ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest /tmp/keygen.sh ${key_name}
               '''
          }
        }
      }
    }
    stage("Generate configs") {
      steps {
        script {
          if (currentBuild.result == 'ABORTED') {
             return
          }
          echo "Delete old repo version"
          sh 'rm -rf ${WORKSPACE}/${PKI_GIT_NAME} && rm -rf ${WORKSPACE}/${OVPN_GIT_DIR}'
          echo "Generate ccd config"
          withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
            sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
                  git clone ${OVPN_GIT_URL}'''
          }
          
          if (mode == 'client') {
            file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_client.txt"
          } 
          if (mode == 'admin') {
           file = "${WORKSPACE}/${OVPN_GIT_DIR}/ip_admin.txt"
          }
          string ip = readFile(file)
          split = ip.tokenize(".")
          if (split[3].toInteger() >= 254) {
            currentBuild.result == 'FAILURE'
            return
          } else {
              split[3] = (split[3].toInteger() + 1) + ""
              def newIp = split.join(".")
              string txt = split[3].toString()
              writeFile file: file, text: newIp

              def conf = "${WORKSPACE}/${OVPN_GIT_DIR}/${OVPN_GIT_DIR}/ccd/${key_name}"
              if (mode == 'client') {
                writeFile file: conf, text: "ifconfig-push " + newIp + " 255.255.255.0"
              }
              if (mode == 'admin') {
                writeFile file: conf, text: "ifconfig-push " + newIp + " 255.255.0.0"
              }
            }
          withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
            sh '''cd ${OVPN_GIT_DIR}
                  echo "Add new config for ${key_name}" > ../commit.txt
                  git add -A
                  git config --global user.email "${JENKINS_MAIL}"
                  git config --global user.name "Jenkins"
                  git commit -F ../commit.txt
                  GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
                  git push origin master
               '''
          }
        }
      }
    }
    stage("Send key, certs and config with email") {
      steps {
        script {
          if ( currentBuild.result == 'ABORTED'  || currentBuild.result == 'FAILURE' ) {
            return
          }
          echo "Pull new OPENVPN-PKI repo version"
          withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
            sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
                  git clone ${PKI_GIT_URL}
               '''
          }
          echo "Send certs,key and config-file to client"
          fileZip = "${WORKSPACE}/${PKI_GIT_NAME}/open/easy-rsa/client_keys/sds-${key_name}.zip"
          if ( !fileExists("${fileZip}")) {
            currentBuild.result == 'FAILURE'
            return
          } else {
            withEnv(["zip=${fileZip}"]) {
              withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
                sh '''echo "Ваши ключ, сертификаты и конфигурационный файл для подключения к infoclinica.ru" | email -s "Your Certs and Key" \
                      -f ${JENKINS_MAIL} \
                      -r ${SMTP_SERVER} \
                      -m login \
                      -u ${USERNAME} \
                      -i ${PASSWORD} \
                      -a ${zip} \
                      ${client_mail}
                   '''
              }
            }
          } 
        }
      }
    }
  }
  post {
    always {
      echo "CleaningUp work directory"
      deleteDir()
    }
    failure {
      mail charset: 'UTF-8',
           subject: "Jenkins build ERROR",
           mimeType: 'text/html',
           to: "${mailto}",
           body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
    }
    aborted {
      mail charset: 'UTF-8',
           subject: "Jenkins build ERROR",
           mimeType: 'text/html',
           to: "${client_mail}",
           body: "<b>ATTENTION!!!</b> <b><br> Jenkins job aborted.\n\n <b><br> The CNAME ${key_name} is already exists!\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
    }
  }
}