Jenkinsfile 8.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. def ENAMES = [ 'prod', 'dev' ]
  2. def CLUSTERS = ['prod': 'iru-swarm1-open.infoclinica.lan', 'dev': 'dev-iru-swarm.infoclinica.lan']
  3. def REGISTRIES = ['prod': 'registry.infoclinica.ru:5000', 'dev': 'dev-registry.infoclinica.ru:5000']
  4. pipeline {
  5. agent {
  6. label "swarm"
  7. }
  8. environment {
  9. DOCKER_REGISTRY='dev-registry.infoclinica.ru:5000'
  10. DOCKER_IMAGE='ovpn-rsa'
  11. SERVICE_NAME='ovpn_server'
  12. SERVICE_IMAGE='container_run'
  13. SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
  14. SWARM_GIT_NAME='stack-deploy'
  15. PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/openvpn-pki.git'
  16. PKI_GIT_NAME='openvpn-pki'
  17. OVPN_GIT_DIR='openvpn'
  18. JENKINS_MAIL='jenkins@sdsys.ru'
  19. CLUSTER_NAME='dev-iru-swarm.infoclinica.lan'
  20. DOCKER_CERT_PATH='/run/secrets/swarm'
  21. }
  22. parameters {
  23. string(
  24. name: "branch",
  25. defaultValue: "97009",
  26. description: "Which branch to use"
  27. )
  28. string(
  29. name: "mailto",
  30. defaultValue: "tomishinets.v@sdsys.ru",
  31. description: "Email which has to be notified."
  32. )
  33. }
  34. stages {
  35. stage ("Discover SERIAL") {
  36. steps {
  37. script {
  38. SERIAL = sh script: "echo -n `date +%y%m%d``printf %03d $BUILD_NUMBER`", returnStdout: true
  39. }
  40. }
  41. }
  42. stage("Pull PKI repo") {
  43. steps {
  44. withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
  45. sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  46. git clone ${PKI_GIT_URL} && cd ${WORKSPACE}/${PKI_GIT_NAME} && git checkout ${branch} && cd ${WORKSPACE}
  47. GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  48. git clone ${SWARM_GIT_URL}
  49. '''
  50. }
  51. sh '''cp ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ca.crt \
  52. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.crt \
  53. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/server.key \
  54. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.crt \
  55. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/sds-test.key \
  56. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/ta.key \
  57. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/stonevpn.crl \
  58. ${WORKSPACE}/openvpn-pki/open/easy-rsa/keys/dh2048.pem \
  59. ${WORKSPACE}/openvpn/keys
  60. ls -al ${WORKSPACE}/openvpn/keys/
  61. '''
  62. }
  63. }
  64. /* stage("Build") {
  65. steps {
  66. echo "Building ${DOCKER_IMAGE}:${SERIAL}."
  67. sh """docker build --no-cache -t ${DOCKER_IMAGE}:${SERIAL} .
  68. if [ \$? != 0 ]; then echo 'The container was not built'; exit 1; fi
  69. """
  70. }
  71. }
  72. stage ("Push to registry") {
  73. steps {
  74. script {
  75. ENAMES.each { item ->
  76. echo "Pushing to: ${item}, CLUSTER ${CLUSTERS.get((item))}"
  77. sh """docker tag ${DOCKER_IMAGE}:${SERIAL} ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
  78. docker push ${REGISTRIES.get((item))}/iru/${DOCKER_IMAGE}:${SERIAL}
  79. """
  80. }
  81. }
  82. }
  83. }
  84. */ stage("Run in Prod-like") {
  85. steps {
  86. script {
  87. echo "Check Prod-like cluster status"
  88. sh "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node ls"
  89. sh "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'"
  90. def DHOST = 'tcp://'+sh(script: "DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'", returnStdout: true).trim()+':2376'
  91. echo "${DHOST}"
  92. sh """export DOCKER_HOST=tcp://${CLUSTERS.get((ENAMES[1]))}:2376 DOCKER_TLS_VERIFY=1
  93. cd \${SWARM_GIT_NAME}/\${DOCKER_IMAGE}
  94. ./ovpn-rsa-open-staging.sh
  95. """
  96. }
  97. }
  98. }
  99. /* stage("Prod-like") {
  100. steps {
  101. echo "Check Prod-like cluster status"
  102. sh '''ping -c 2 ${CLUSTER_NAME}
  103. if [ $? -eq 0 ]; then
  104. export DOCKER_CERT_PATH=/run/secrets/swarm
  105. export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
  106. docker node ls --format "{{.Hostname}} {{.TLSStatus}}" | while read host status
  107. do
  108. if [ $status != Ready ]; then echo "Cluster ${CLUSTER_NAME} state is inconsistent"; exit 1
  109. else echo "HOST: $host STATUS: $status"
  110. fi
  111. done
  112. else echo "Host not Found"; exit 1
  113. fi
  114. '''
  115. echo "Run containers in Prod-like"
  116. sh '''export DOCKER_CERT_PATH=/run/secrets/swarm
  117. export DOCKER_HOST=tcp://${CLUSTER_NAME}:2376 DOCKER_TLS_VERIFY=1
  118. export DOCKER_HOST=tcp://$(docker info -f '{{.Name}}'):2376 DOCKER_TLS_VERIFY=1
  119. if [ -z $(docker service ps -q ${DOCKER_IMAGE}) ];then
  120. docker service create --replicas 1 \
  121. --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \
  122. --name ${SERVICE_NAME} ${DOCKER_REGISTRY}/${SERVICE_IMAGE}:2 -p 1194:1194 \
  123. --privileged --security-opt seccomp=unconfined \
  124. --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
  125. -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}
  126. else
  127. docker service update \
  128. --args "-p 1194:1194 --privileged --security-opt seccomp=unconfined \
  129. --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
  130. -e "mode=server" ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER}" \
  131. ${SERVICE_NAME}
  132. if [ $? != 0 ]; then docker service rollback ${SERVICE_NAME}; fi
  133. fi
  134. '''
  135. }
  136. }
  137. stage("Tagging") {
  138. steps {
  139. echo "Tagging ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} to ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:latest"
  140. sh '''docker tag ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${BUILD_NUMBER} \
  141. ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
  142. docker push ${DOCKER_REGISTRY}/iru/${DOCKER_IMAGE}:latest
  143. '''
  144. echo "Updating tag info in ${SWARM_GIT_NAME} repository"
  145. withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
  146. sh '''GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  147. git clone ${SWARM_GIT_URL}
  148. cd ${SWARM_GIT_NAME}
  149. echo -n ${BUILD_NUMBER} > tags/${DOCKER_IMAGE}.version
  150. git add -A
  151. git config --global user.email "${JENKINS_MAIL}"
  152. git config --global user.name "Jenkins"
  153. git commit -m 'Version update'
  154. GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
  155. git push origin master
  156. '''
  157. }
  158. }
  159. }
  160. */ }
  161. post {
  162. always {
  163. echo "CleaningUp work directory"
  164. deleteDir()
  165. }
  166. failure {
  167. mail charset: 'UTF-8',
  168. subject: "Jenkins build ERROR",
  169. mimeType: 'text/html',
  170. to: "${mailto}",
  171. body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  172. }
  173. success {
  174. mail charset: 'UTF-8',
  175. subject: "Jenkins build SUSCCESS",
  176. mimeType: 'text/html',
  177. to: "${mailto}",
  178. body: "<b>Congradulations!!!</b> <b><br> Jenkins job succefully finished.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  179. }
  180. }
  181. }