| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183 |
- def ENAMES = [ 'prod', 'dev' ]
- def CLUSTERS = ['prod': 'iru-swarm1-open.infoclinica.lan', 'dev': 'dev-iru-swarm.infoclinica.lan']
- def REGISTRIES = ['prod': 'registry.infoclinica.ru:5000', 'dev': 'dev-registry.infoclinica.ru:5000']
- pipeline {
- agent {
- label "swarm"
- }
- environment {
- DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
- DOCKER_IMAGE='ovpn-rsa'
- SERVICE_NAME='ovpn_server'
- SERVICE_IMAGE='container_run'
- SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
- SWARM_GIT_NAME='stack-deploy'
- PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
- PKI_GIT_NAME='openvpn-pki'
- OVPN_GIT_DIR='openvpn'
- JENKINS_MAIL='jenkins@sdsys.ru'
- CLUSTER_NAME='dev-iru-swarm.infoclinica.lan'
- DOCKER_CERT_PATH='/run/secrets/swarm'
- }
- parameters {
- string(
- name: "branch",
- defaultValue: "97009",
- description: "Which branch to use"
- )
- string(
- name: "mailto",
- defaultValue: "tomishinets.v@sdsys.ru",
- description: "Email which has to be notified."
- )
- }
- stages {
- stage ("Discover SERIAL") {
- steps {
- script {
- SERIAL = sh script: "echo -n `date +%y%m%d``printf %03d $BUILD_NUMBER`", returnStdout: true
- }
- }
- }
- stage("Pull PKI repo") {
- steps {
- withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
- sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
- git clone ${PKI_GIT_URL} && cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch} && cd ${WORKSPACE}
- GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
- git clone ${SWARM_GIT_URL}
- '''
- }
- sh '''cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ca.crt \
- ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.crt \
- ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.key \
- ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.crt \
- ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.key \
- ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ta.key \
- ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/stonevpn.crl \
- ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/dh2048.pem \
- ${WORKSPACE}/openvpn/keys
- ls -al ${WORKSPACE}/openvpn/keys/
- '''
- }
- }
- /* stage("Build") {
- steps {
- echo "Building ${DOCKER_IMAGE}:${SERIAL}."
- sh """docker build --no-cache -t ${DOCKER_IMAGE}:${SERIAL} .
- if [ \$? != 0 ]; then echo 'The container was not built'; exit 1; fi
- """
- }
- }
- stage ("Push to registry") {
- steps {
- script {
- ENAMES.each { item ->
- echo "Pushing to: ${item}, CLUSTER ${CLUSTERS.get((item))}"
- sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
- docker push ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
- """
- }
- }
- }
- }
- */ stage("Run in Prod-like") {
- steps {
- script {
- echo "Check Prod-like cluster status"
- sh "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node ls"
- sh "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'"
- def DHOST = 'tcp://'+sh(script: "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'", returnStdout: true).trim()+':2376'
- echo "${DHOST}"
- sh """export DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1
- cd \${SWARM_GIT_NAME}/\${DOCKER_IMAGE}
- ./ovpn-rsa-open-staging.sh
- """
- }
- }
- }
- /* stage("Prod-like") {
- steps {
- echo "Check Prod-like cluster status"
- sh '''ping -c 2 ${CLUSTER_NAME}
- if [ $? -eq 0 ]; then
- export DOCKER_CERT_PATH=/run/secrets/swarm
- export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
- docker node ls --format "{{.Hostname}} {{.TLSStatus}}" | while read host status
- do
- if [ $status != Ready ]; then echo "Cluster ${CLUSTER_NAME} state is inconsistent"; exit 1
- else echo "HOST: $host STATUS: $status"
- fi
- done
- else echo "Host not Found"; exit 1
- fi
- '''
- echo "Run containers in Prod-like"
- sh '''export DOCKER_CERT_PATH=/run/secrets/swarm
- export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
- export DOCKER_HOST=tcp://$(docker info -f '{{.Name}}'):2376 DOCKER_TLS_VERIFY=1
- if [ -z $(docker service ps -q ${DOCKER_IMAGE}) ];then
- docker service create --replicas 1 \
- --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \
- --name ${SERVICE_NAME} ${DOCKER_REGISTRY}/${SERVICE_IMAGE}:2 -p 1194:1194 \
- --privileged --security-opt seccomp=unconfined \
- --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
- -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}
- else
- docker service update \
- --args "-p 1194:1194 --privileged --security-opt seccomp=unconfined \
- --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
- -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}" \
- ${SERVICE_NAME}
- if [ $? != 0 ]; then docker service rollback ${SERVICE_NAME}; fi
- fi
- '''
- }
- }
- stage("Tagging") {
- steps {
- echo "Tagging ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} to ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest"
- sh '''docker tag ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} \
- ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
- docker push ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
- '''
- echo "Updating tag info in ${SWARM_GIT_NAME} repository"
- withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
- sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
- git clone ${SWARM_GIT_URL}
- cd ${SWARM_GIT_NAME}
- echo -n ${BUILD_NUMBER} > tags/${DOCKER_IMAGE}.version
- git add -A
- git config --global user.email "${JENKINS_MAIL}"
- git config --global user.name "Jenkins"
- git commit -m 'Version update'
- GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
- git push origin master
- '''
- }
- }
- }
- */ }
- post {
- always {
- echo "CleaningUp work directory"
- deleteDir()
- }
- failure {
- mail charset: 'UTF-8',
- subject: "Jenkins build ERROR",
- mimeType: 'text/html',
- to: "${mailto}",
- body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
- }
- success {
- mail charset: 'UTF-8',
- subject: "Jenkins build SUSCCESS",
- mimeType: 'text/html',
- to: "${mailto}",
- body: "<b>Congradulations!!!</b> <b><br> Jenkins job succefully finished.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
- }
- }
- }
|
