|
|
@@ -9,11 +9,11 @@ pipeline {
|
|
|
label "swarm"
|
|
|
}
|
|
|
environment {
|
|
|
- CLUSTER_NAME_OPEN='iru-swarm1-open.infoclinica.lan'
|
|
|
+ CLUSTER_NAME_OPEN='iru-swarm1-open.infoclinica.ru'
|
|
|
CLUSTER_NAME_PROD='iru-swarm.infoclinica.lan'
|
|
|
CLUSTER_NAME_DEV='dev-iru-swarm.infoclinica.lan'
|
|
|
DOCKER_CERT_PATH='/run/secrets/swarm'
|
|
|
- IMAGE_NAME='registry.infoclinica.ru:5000/acme-dns:1.3'
|
|
|
+ IMAGE_NAME='registry.infoclinica.ru:5000/acme-dns:1.5'
|
|
|
JENKINS_MAIL='jenkins.dev@sdsys.ru'
|
|
|
SMTP_SERVER='mail.sdsys.ru'
|
|
|
RECIPIENT_MAIL_BOX='admin@sdsys.ru'
|
|
|
@@ -21,8 +21,8 @@ pipeline {
|
|
|
PKI_GIT_NAME='pki'
|
|
|
DOMAIN='infoclinica.ru'
|
|
|
PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/pki.git'
|
|
|
- STACK-DEPLOY_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
|
|
|
- STACK-DEPLOY_GIT_NAME='stack-deploy'
|
|
|
+ STACK_DEPLOY_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
|
|
|
+ STACK_DEPLOY_GIT_NAME='stack-deploy'
|
|
|
}
|
|
|
parameters {
|
|
|
string(
|
|
|
@@ -35,7 +35,7 @@ pipeline {
|
|
|
stage("Calculate Variables") {
|
|
|
steps {
|
|
|
script {
|
|
|
- ENDDATE = sh (script: "$(echo | openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null | openssl x509 -noout -enddate)", returnStdout: true).trim()
|
|
|
+ ENDDATE = sh (script: "echo|openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
|
|
|
CONFIG_DIR = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/letsencrypt'
|
|
|
BACKUP_FILE = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + DOMAIN + '.dump.gz'
|
|
|
COMMAND = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + 'renewal.sh'
|
|
|
@@ -64,22 +64,15 @@ pipeline {
|
|
|
steps {
|
|
|
script {
|
|
|
git_clone(PKI_GIT_URL)
|
|
|
- git_clone(STACK-DEPLOY_GIT_URL)
|
|
|
- withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
- sh """GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
- git clone ${PKI_GIT_URL}
|
|
|
- GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
- git clone ${STACK-DEPLOY_GIT_URL}
|
|
|
- """
|
|
|
- }
|
|
|
+ git_clone(STACK_DEPLOY_GIT_URL)
|
|
|
def NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
|
|
|
if (ENDDATE != NEW_ENDDATE) {
|
|
|
echo "Update docker secret in ${CLUSTER_NAME_PROD}"
|
|
|
def NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_PROD}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
|
|
|
- update_secret(NODE_IP, STACK-DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
+ update_secret(NODE_IP, STACK_DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
echo "Update docker secret in ${CLUSTER_NAME_DEV}"
|
|
|
NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_DEV}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
|
|
|
- update_secret(NODE_IP, STACK-DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
+ update_secret(NODE_IP, STACK_DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
@@ -113,12 +106,12 @@ def git_clone(String REPO) {
|
|
|
"""
|
|
|
}
|
|
|
}
|
|
|
-def update_secret(String NODE_IP, String STACK-DEPLOY_GIT_NAME, String DOMAIN, String CONFIG_DIR) {
|
|
|
+def update_secret(String NODE_IP, String STACK_DEPLOY_GIT_NAME, String DOMAIN, String CONFIG_DIR) {
|
|
|
sh """export DOCKER_HOST=tcp://${NODE_IP}:2376 DOCKER_TLS_VERIFY=1
|
|
|
docker service rm infrastructure_registry
|
|
|
docker secret rm infoclinica_full
|
|
|
docker secret create infoclinica_full ${CONFIG_DIR}/archive/${DOMAIN}/${DOMAIN}.full-bundle
|
|
|
- cd ${STACK-DEPLOY_GIT_NAME}
|
|
|
+ cd ${STACK_DEPLOY_GIT_NAME}
|
|
|
./infrastructure.sh
|
|
|
"""
|
|
|
}
|
Владимир Томишинец