|
|
@@ -5,86 +5,85 @@ BACKUP_FILE = ''
|
|
|
CONFIG_DIR = ''
|
|
|
COMMAND = ''
|
|
|
pipeline {
|
|
|
- agent {
|
|
|
- label "swarm"
|
|
|
- }
|
|
|
- environment {
|
|
|
- CLUSTER_NAME_OPEN='iru-swarm1-open.infoclinica.lan'
|
|
|
- CLUSTER_NAME_PROD='iru-swarm.infoclinica.lan'
|
|
|
- CLUSTER_NAME_DEV='dev-iru-swarm.infoclinica.lan'
|
|
|
- DOCKER_CERT_PATH='/run/secrets/swarm'
|
|
|
- IMAGE_NAME='registry.infoclinica.ru:5000/acme-dns:1.3'
|
|
|
- JENKINS_MAIL='jenkins.dev@sdsys.ru'
|
|
|
- SMTP_SERVER='mail.sdsys.ru'
|
|
|
- RECIPIENT_MAIL_BOX='admin@sdsys.ru'
|
|
|
- PKI_GIT_SUBDIR='iru'
|
|
|
- PKI_GIT_NAME='pki'
|
|
|
- DOMAIN='infoclinica.ru'
|
|
|
- PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/pki.git'
|
|
|
- STACK-DEPLOY_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
|
|
|
- STACK-DEPLOY_GIT_NAME='stack-deploy'
|
|
|
- }
|
|
|
- parameters {
|
|
|
- string(
|
|
|
- name: "mailto",
|
|
|
- defaultValue: "admin@sdsys.ru",
|
|
|
- description: "Email which has to be notified."
|
|
|
- )
|
|
|
- }
|
|
|
- stages {
|
|
|
- stage("Calculate Variables) {
|
|
|
- steps {
|
|
|
- script {
|
|
|
- ENDDATE = sh (script: "$(echo | openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null | openssl x509 -noout -enddate)", returnStdout: true).trim()
|
|
|
- CONFIG_DIR = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/letsencrypt'
|
|
|
- BACKUP_FILE = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + DOMAIN + '.dump.gz'
|
|
|
- COMMAND = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + 'renewal.sh'
|
|
|
- withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
|
|
|
- JENKINS_USER = USERNAME
|
|
|
- JENKINS_PASS = PASSWORD
|
|
|
- }
|
|
|
+ agent {
|
|
|
+ label "swarm"
|
|
|
+ }
|
|
|
+ environment {
|
|
|
+ CLUSTER_NAME_OPEN='iru-swarm1-open.infoclinica.lan'
|
|
|
+ CLUSTER_NAME_PROD='iru-swarm.infoclinica.lan'
|
|
|
+ CLUSTER_NAME_DEV='dev-iru-swarm.infoclinica.lan'
|
|
|
+ DOCKER_CERT_PATH='/run/secrets/swarm'
|
|
|
+ IMAGE_NAME='registry.infoclinica.ru:5000/acme-dns:1.3'
|
|
|
+ JENKINS_MAIL='jenkins.dev@sdsys.ru'
|
|
|
+ SMTP_SERVER='mail.sdsys.ru'
|
|
|
+ RECIPIENT_MAIL_BOX='admin@sdsys.ru'
|
|
|
+ PKI_GIT_SUBDIR='iru'
|
|
|
+ PKI_GIT_NAME='pki'
|
|
|
+ DOMAIN='infoclinica.ru'
|
|
|
+ PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/pki.git'
|
|
|
+ STACK-DEPLOY_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
|
|
|
+ STACK-DEPLOY_GIT_NAME='stack-deploy'
|
|
|
+ }
|
|
|
+ parameters {
|
|
|
+ string(
|
|
|
+ name: "mailto",
|
|
|
+ defaultValue: "admin@sdsys.ru",
|
|
|
+ description: "Email which has to be notified."
|
|
|
+ )
|
|
|
+ }
|
|
|
+ stages {
|
|
|
+ stage("Calculate Variables") {
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ ENDDATE = sh (script: "$(echo | openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null | openssl x509 -noout -enddate)", returnStdout: true).trim()
|
|
|
+ CONFIG_DIR = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/letsencrypt'
|
|
|
+ BACKUP_FILE = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + DOMAIN + '.dump.gz'
|
|
|
+ COMMAND = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + 'renewal.sh'
|
|
|
+ withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
|
|
|
+ JENKINS_USER = USERNAME
|
|
|
+ JENKINS_PASS = PASSWORD
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
- stage("Run Renewal") {
|
|
|
- steps {
|
|
|
+ }
|
|
|
+ stage("Run Renewal") {
|
|
|
+ steps {
|
|
|
+ withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
+ sh """set +x
|
|
|
+ DOCKER_HOST=tcp://${CLUSTER_NAME_OPEN}:2376 DOCKER_TLS_VERIFY=1 docker run -t --rm -e TZ=Europe/Moscow \
|
|
|
+ -e DOMAIN=${DOMAIN} -e CONFIG_DIR=${CONFIG_DIR} -e BACKUP_FILE=${BACKUP_FILE} \
|
|
|
+ -e JENKINS_MAIL=${JENKINS_MAIL} -e JENKINS_MAIL_USER=${JENKINS_USER} -e JENKINS_MAIL_PASS=${JENKINS_PASS} \
|
|
|
+ -e git_url=${PKI_GIT_URL} -e SMTP_SERVER=${SMTP_SERVER} -e RECIPIENT_MAIL_BOX=${RECIPIENT_MAIL_BOX} \
|
|
|
+ -e "SSHKEY=`cat ${GIT_SSH_KEY}`" -p 53:53/udp -p 53:53/tcp ${IMAGE_NAME} \
|
|
|
+ /${COMMAND}
|
|
|
+ """
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ stage("Update secret in CLUSTERS") {
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ git_clone(PKI_GIT_URL)
|
|
|
+ git_clone(STACK-DEPLOY_GIT_URL)
|
|
|
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
- sh """set +x
|
|
|
- DOCKER_HOST=tcp://${CLUSTER_NAME_OPEN}:2376 DOCKER_TLS_VERIFY=1 docker run -t --rm -e TZ=Europe/Moscow \
|
|
|
- -e DOMAIN=${DOMAIN} -e CONFIG_DIR=${CONFIG_DIR} -e BACKUP_FILE=${BACKUP_FILE} \
|
|
|
- -e JENKINS_MAIL=${JENKINS_MAIL} -e JENKINS_MAIL_USER=${JENKINS_USER} -e JENKINS_MAIL_PASS=${JENKINS_PASS} \
|
|
|
- -e git_url=${PKI_GIT_URL} -e SMTP_SERVER=${SMTP_SERVER} -e RECIPIENT_MAIL_BOX=${RECIPIENT_MAIL_BOX} \
|
|
|
- -e "SSHKEY=`cat ${GIT_SSH_KEY}`" -p 53:53/udp -p 53:53/tcp ${IMAGE_NAME} \
|
|
|
- /${COMMAND}
|
|
|
+ sh """GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
+ git clone ${PKI_GIT_URL}
|
|
|
+ GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
+ git clone ${STACK-DEPLOY_GIT_URL}
|
|
|
"""
|
|
|
}
|
|
|
- }
|
|
|
- }
|
|
|
- stage("Update secret in CLUSTERS") {
|
|
|
- steps {
|
|
|
- script {
|
|
|
- git_clone(PKI_GIT_URL)
|
|
|
- git_clone(STACK-DEPLOY_GIT_URL)
|
|
|
- withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
- sh """GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
- git clone ${PKI_GIT_URL}
|
|
|
- GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
- git clone ${STACK-DEPLOY_GIT_URL}
|
|
|
- """
|
|
|
- }
|
|
|
- def NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
|
|
|
- if (ENDDATE != NEW_ENDDATE) {
|
|
|
- echo "Update docker secret in ${CLUSTER_NAME_PROD}"
|
|
|
- def NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_PROD}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
|
|
|
- update_secret(NODE_IP, STACK-DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
- echo "Update docker secret in ${CLUSTER_NAME_DEV}"
|
|
|
- NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_DEV}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
|
|
|
- update_secret(NODE_IP, STACK-DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
- }
|
|
|
+ def NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
|
|
|
+ if (ENDDATE != NEW_ENDDATE) {
|
|
|
+ echo "Update docker secret in ${CLUSTER_NAME_PROD}"
|
|
|
+ def NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_PROD}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
|
|
|
+ update_secret(NODE_IP, STACK-DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
+ echo "Update docker secret in ${CLUSTER_NAME_DEV}"
|
|
|
+ NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_DEV}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
|
|
|
+ update_secret(NODE_IP, STACK-DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
-
|
|
|
+ }
|
|
|
}
|
|
|
post {
|
|
|
always {
|
Владимир Томишинец