|
|
@@ -0,0 +1,124 @@
|
|
|
+JENKINS_PASS = ''
|
|
|
+ENDDATE = ''
|
|
|
+NEW_ENDDATE = ''
|
|
|
+BACKUP_FILE = ''
|
|
|
+CONFIG_DIR = ''
|
|
|
+COMMAND = ''
|
|
|
+pipeline {
|
|
|
+ agent {
|
|
|
+ label "swarm"
|
|
|
+ }
|
|
|
+ environment {
|
|
|
+ CLUSTER_NAME_OPEN='iru-swarm1-open.infoclinica.lan'
|
|
|
+ CLUSTER_NAME_PROD='iru-swarm.infoclinica.lan'
|
|
|
+ CLUSTER_NAME_DEV='dev-iru-swarm.infoclinica.lan'
|
|
|
+ DOCKER_CERT_PATH='/run/secrets/swarm'
|
|
|
+ IMAGE_NAME='registry.infoclinica.ru:5000/acme-dns:1.3'
|
|
|
+ JENKINS_MAIL='jenkins.dev@sdsys.ru'
|
|
|
+ SMTP_SERVER='mail.sdsys.ru'
|
|
|
+ RECIPIENT_MAIL_BOX='admin@sdsys.ru'
|
|
|
+ PKI_GIT_SUBDIR='iru'
|
|
|
+ PKI_GIT_NAME='pki'
|
|
|
+ DOMAIN='infoclinica.ru'
|
|
|
+ PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/pki.git'
|
|
|
+ STACK-DEPLOY_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
|
|
|
+ STACK-DEPLOY_GIT_NAME='stack-deploy'
|
|
|
+ }
|
|
|
+ parameters {
|
|
|
+ string(
|
|
|
+ name: "mailto",
|
|
|
+ defaultValue: "admin@sdsys.ru",
|
|
|
+ description: "Email which has to be notified."
|
|
|
+ )
|
|
|
+ }
|
|
|
+ stages {
|
|
|
+ stage("Calculate Variables) {
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ ENDDATE = sh (script: "$(echo | openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null | openssl x509 -noout -enddate)", returnStdout: true).trim()
|
|
|
+ CONFIG_DIR = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/letsencrypt'
|
|
|
+ BACKUP_FILE = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + DOMAIN + '.dump.gz'
|
|
|
+ COMMAND = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + 'renewal.sh'
|
|
|
+ withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
|
|
|
+ JENKINS_PASS = PASSWORD
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ stage("Run Renewal") {
|
|
|
+ steps {
|
|
|
+ withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
+ sh """set +x
|
|
|
+ DOCKER_HOST=tcp://${CLUSTER_NAME_OPEN}:2376 DOCKER_TLS_VERIFY=1 docker run -t --rm -e TZ=Europe/Moscow \
|
|
|
+ -e DOMAIN=${DOMAIN} -e CONFIG_DIR=${CONFIG_DIR} -e BACKUP_FILE=${BACKUP_FILE} \
|
|
|
+ -e JENKINS_MAIL_PASS=${JENKINS_PASS} -e JENKINS_MAIL_USER=${JENKINS_MAIL} \
|
|
|
+ -e git_url=${PKI_GIT_URL} -e SMTP_SERVER=${SMTP_SERVER} -e RECIPIENT_MAIL_BOX=${RECIPIENT_MAIL_BOX} \
|
|
|
+ -e "SSHKEY=`cat ${GIT_SSH_KEY}`" -p 53:53/udp -p 53:53/tcp ${IMAGE_NAME} \
|
|
|
+ /${COMMAND}
|
|
|
+ """
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ stage("Update secret in CLUSTERS") {
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ git_clone(PKI_GIT_URL)
|
|
|
+ git_clone(STACK-DEPLOY_GIT_URL)
|
|
|
+ withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
+ sh """GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
+ git clone ${PKI_GIT_URL}
|
|
|
+ GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
+ git clone ${STACK-DEPLOY_GIT_URL}
|
|
|
+ """
|
|
|
+ }
|
|
|
+ def NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
|
|
|
+ if (ENDDATE != NEW_ENDDATE) {
|
|
|
+ echo "Update docker secret in ${CLUSTER_NAME_PROD}"
|
|
|
+ def NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_PROD}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
|
|
|
+ update_secret(NODE_IP, STACK-DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
+ echo "Update docker secret in ${CLUSTER_NAME_DEV}"
|
|
|
+ NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_DEV}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
|
|
|
+ update_secret(NODE_IP, STACK-DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ }
|
|
|
+ post {
|
|
|
+ always {
|
|
|
+ echo "CleaningUp work directory"
|
|
|
+ deleteDir()
|
|
|
+ }
|
|
|
+ success {
|
|
|
+ mail charset: 'UTF-8',
|
|
|
+ subject: "Jenkins build SUCCESS",
|
|
|
+ mimeType: 'text/html',
|
|
|
+ to: "${mailto}",
|
|
|
+ body: "<b>ATTENTION!!!</b> <b><br> Jenkins job successed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>Renewal certs and keys</b> <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
|
|
|
+ }
|
|
|
+ failure {
|
|
|
+ mail charset: 'UTF-8',
|
|
|
+ subject: "Jenkins build ERROR",
|
|
|
+ mimeType: 'text/html',
|
|
|
+ to: "${mailto}",
|
|
|
+ body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
|
|
|
+ }
|
|
|
+ }
|
|
|
+}
|
|
|
+def git_clone(String REPO) {
|
|
|
+ withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
+ sh """GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
+ git clone ${REPO}
|
|
|
+ """
|
|
|
+ }
|
|
|
+}
|
|
|
+def update_secret(String NODE_IP, String STACK-DEPLOY_GIT_NAME, String DOMAIN, String CONFIG_DIR) {
|
|
|
+ sh """export DOCKER_HOST=tcp://${NODE_IP}:2376 DOCKER_TLS_VERIFY=1
|
|
|
+ docker service rm infrastructure_registry
|
|
|
+ docker secret rm infoclinica_full
|
|
|
+ docker secret create infoclinica_full ${CONFIG_DIR}/archive/${DOMAIN}/${DOMAIN}.full-bundle
|
|
|
+ cd ${STACK-DEPLOY_GIT_NAME}
|
|
|
+ ./infrastructure.sh
|
|
|
+ """
|
|
|
+}
|
Владимир Томишинец