|
@@ -5,7 +5,8 @@ BACKUP_FILE = ''
|
|
|
CONFIG_DIR = ''
|
|
CONFIG_DIR = ''
|
|
|
COMMAND = ''
|
|
COMMAND = ''
|
|
|
TARGET_HOSTS_APACHE = [ 'sugar', 'owncloud' ]
|
|
TARGET_HOSTS_APACHE = [ 'sugar', 'owncloud' ]
|
|
|
-TARGET_HOSTS_PROXMOX = [ 'kvm-test', 'kvm1', 'kvm2', 'kvm3', 'kvm4', 'kvm5', 'kvm6', 'kvm7' ]
|
|
|
|
|
|
|
+//TARGET_HOSTS_PROXMOX = [ 'kvm-test', 'kvm1', 'kvm2', 'kvm3', 'kvm4', 'kvm5', 'kvm6', 'kvm7' ]
|
|
|
|
|
+TARGET_HOSTS_PROXMOX = [ 'kvm-test' ]
|
|
|
pipeline {
|
|
pipeline {
|
|
|
agent {
|
|
agent {
|
|
|
label "swarm"
|
|
label "swarm"
|
|
@@ -46,40 +47,40 @@ pipeline {
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
- stage("Run Renewal") {
|
|
|
|
|
- steps {
|
|
|
|
|
- withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
|
|
- sh """set +x
|
|
|
|
|
- docker run -t --rm -e TZ=Europe/Moscow \
|
|
|
|
|
- -e DOMAIN=${DOMAIN} -e CONFIG_DIR=${CONFIG_DIR} -e BACKUP_FILE=${BACKUP_FILE} \
|
|
|
|
|
- -e JENKINS_MAIL=${JENKINS_MAIL} -e JENKINS_MAIL_USER=${JENKINS_USER} -e JENKINS_MAIL_PASS=${JENKINS_PASS} \
|
|
|
|
|
- -e git_url=${PKI_GIT_URL} -e SMTP_SERVER=${SMTP_SERVER} -e RECIPIENT_MAIL_BOX=${RECIPIENT_MAIL_BOX} \
|
|
|
|
|
- -e "SSHKEY=`cat ${GIT_SSH_KEY}`" -p 5353:53/udp -p 5353:53/tcp ${IMAGE_NAME} \
|
|
|
|
|
- /${COMMAND}
|
|
|
|
|
- """
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- stage("Update docker secret in SWARM cluster") {
|
|
|
|
|
- steps {
|
|
|
|
|
- script {
|
|
|
|
|
- gitOps.clone(PKI_GIT_URL)
|
|
|
|
|
- gitOps.clone(SWARM_GIT_URL)
|
|
|
|
|
- NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
|
|
|
|
|
- ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_OFFICE} -connect ${REGISTRY_OFFICE}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
|
|
|
|
|
- if (ENDDATE != NEW_ENDDATE) {
|
|
|
|
|
- echo "Update docker secret in ${CLUSTER_OFFICE}"
|
|
|
|
|
- NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_OFFICE}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
|
|
|
|
|
- dockerWCrenewal.update_secret(NODE_IP, SWARM_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ // stage("Run Renewal") {
|
|
|
|
|
+ // steps {
|
|
|
|
|
+ // withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
|
|
+ // sh """set +x
|
|
|
|
|
+ // docker run -t --rm -e TZ=Europe/Moscow \
|
|
|
|
|
+ // -e DOMAIN=${DOMAIN} -e CONFIG_DIR=${CONFIG_DIR} -e BACKUP_FILE=${BACKUP_FILE} \
|
|
|
|
|
+ // -e JENKINS_MAIL=${JENKINS_MAIL} -e JENKINS_MAIL_USER=${JENKINS_USER} -e JENKINS_MAIL_PASS=${JENKINS_PASS} \
|
|
|
|
|
+ // -e git_url=${PKI_GIT_URL} -e SMTP_SERVER=${SMTP_SERVER} -e RECIPIENT_MAIL_BOX=${RECIPIENT_MAIL_BOX} \
|
|
|
|
|
+ // -e "SSHKEY=`cat ${GIT_SSH_KEY}`" -p 5353:53/udp -p 5353:53/tcp ${IMAGE_NAME} \
|
|
|
|
|
+ // /${COMMAND}
|
|
|
|
|
+ // """
|
|
|
|
|
+ // }
|
|
|
|
|
+ // }
|
|
|
|
|
+ // }
|
|
|
|
|
+ // stage("Update docker secret in SWARM cluster") {
|
|
|
|
|
+ // steps {
|
|
|
|
|
+ // script {
|
|
|
|
|
+ // gitOps.clone(PKI_GIT_URL)
|
|
|
|
|
+ // gitOps.clone(SWARM_GIT_URL)
|
|
|
|
|
+ // NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
|
|
|
|
|
+ // ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_OFFICE} -connect ${REGISTRY_OFFICE}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
|
|
|
|
|
+ // if (ENDDATE != NEW_ENDDATE) {
|
|
|
|
|
+ // echo "Update docker secret in ${CLUSTER_OFFICE}"
|
|
|
|
|
+ // NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_OFFICE}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
|
|
|
|
|
+ // dockerWCrenewal.update_secret(NODE_IP, SWARM_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
|
|
+ // }
|
|
|
|
|
+ // }
|
|
|
|
|
+ // }
|
|
|
|
|
+ // }
|
|
|
stage("Update certificate and key to Proxmox") {
|
|
stage("Update certificate and key to Proxmox") {
|
|
|
steps {
|
|
steps {
|
|
|
script {
|
|
script {
|
|
|
NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
|
|
NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
|
|
|
- TARGET_HOSTS_PROXMOX.each { item ->
|
|
|
|
|
|
|
+ TARGET_HOSTS_PROXMOX.each { item ->
|
|
|
ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:8006 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
|
|
ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:8006 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
|
|
|
if (ENDDATE != NEW_ENDDATE) {
|
|
if (ENDDATE != NEW_ENDDATE) {
|
|
|
echo "Update certificate and key for ${item}"
|
|
echo "Update certificate and key for ${item}"
|
|
@@ -91,12 +92,12 @@ pipeline {
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
- }
|
|
|
|
|
|
|
+ }
|
|
|
stage("Update certificate and key APACHE-HOSTS") {
|
|
stage("Update certificate and key APACHE-HOSTS") {
|
|
|
steps {
|
|
steps {
|
|
|
script {
|
|
script {
|
|
|
NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
|
|
NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
|
|
|
- TARGET_HOSTS_APACHE.each { item ->
|
|
|
|
|
|
|
+ TARGET_HOSTS_APACHE.each { item ->
|
|
|
ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
|
|
ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
|
|
|
if (ENDDATE != NEW_ENDDATE) {
|
|
if (ENDDATE != NEW_ENDDATE) {
|
|
|
echo "Update certificate and key for ${item}"
|
|
echo "Update certificate and key for ${item}"
|
