|
@@ -63,14 +63,14 @@ pipeline {
|
|
|
stage("Update docker secret in SWARM cluster") {
|
|
stage("Update docker secret in SWARM cluster") {
|
|
|
steps {
|
|
steps {
|
|
|
script {
|
|
script {
|
|
|
- git_clone(PKI_GIT_URL)
|
|
|
|
|
- git_clone(SWARM_GIT_URL)
|
|
|
|
|
|
|
+ gitOps.clone(PKI_GIT_URL)
|
|
|
|
|
+ gitOps.clone(SWARM_GIT_URL)
|
|
|
NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
|
|
NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
|
|
|
ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_OFFICE} -connect ${REGISTRY_OFFICE}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
|
|
ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_OFFICE} -connect ${REGISTRY_OFFICE}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
|
|
|
if (ENDDATE != NEW_ENDDATE) {
|
|
if (ENDDATE != NEW_ENDDATE) {
|
|
|
echo "Update docker secret in ${CLUSTER_OFFICE}"
|
|
echo "Update docker secret in ${CLUSTER_OFFICE}"
|
|
|
NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_OFFICE}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
|
|
NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_OFFICE}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
|
|
|
- update_secret(NODE_IP, SWARM_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
|
|
|
|
+ dockerWCrenewal.update_secret(NODE_IP, SWARM_GIT_NAME, DOMAIN, CONFIG_DIR)
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
@@ -86,7 +86,7 @@ pipeline {
|
|
|
def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'proxmox.yml'
|
|
def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'proxmox.yml'
|
|
|
def TARGET_HOST = item + '.' + DOMAIN
|
|
def TARGET_HOST = item + '.' + DOMAIN
|
|
|
def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
|
|
def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
|
|
|
- update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN)
|
|
|
|
|
|
|
+ dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN)
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
@@ -103,7 +103,7 @@ pipeline {
|
|
|
def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'apache.yml'
|
|
def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'apache.yml'
|
|
|
def TARGET_HOST = item + '.' + DOMAIN
|
|
def TARGET_HOST = item + '.' + DOMAIN
|
|
|
def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
|
|
def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
|
|
|
- update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN)
|
|
|
|
|
|
|
+ dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN)
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
@@ -118,7 +118,7 @@ pipeline {
|
|
|
sh "cat ${PKI_GIT_NAME}/${DOMAIN}/wildcard/acme-dns/letsencrypt.ca.pem >> ${CONFIG_DIR}/live/${DOMAIN}/fullchain.pem"
|
|
sh "cat ${PKI_GIT_NAME}/${DOMAIN}/wildcard/acme-dns/letsencrypt.ca.pem >> ${CONFIG_DIR}/live/${DOMAIN}/fullchain.pem"
|
|
|
PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'mail.yml'
|
|
PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'mail.yml'
|
|
|
TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
|
|
TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
|
|
|
- update_sertificate(PLAYBOOK, TARGET_DIR, SMTP_SERVER, DOMAIN)
|
|
|
|
|
|
|
+ dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, SMTP_SERVER, DOMAIN)
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
@@ -145,38 +145,3 @@ pipeline {
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
-def git_clone(String REPO) {
|
|
|
|
|
- withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
|
|
- sh """GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
|
|
|
|
|
- git clone ${REPO}
|
|
|
|
|
- """
|
|
|
|
|
- }
|
|
|
|
|
-}
|
|
|
|
|
-def update_secret(String NODE_IP, String SWARM_GIT_NAME, String DOMAIN, String CONFIG_DIR) {
|
|
|
|
|
- sh """export DOCKER_HOST=tcp://${NODE_IP}:2376 DOCKER_TLS_VERIFY=1
|
|
|
|
|
- docker stack rm registry
|
|
|
|
|
- docker stack rm proxy
|
|
|
|
|
- docker secret rm sdsys_full
|
|
|
|
|
- docker secret create sdsys_full ${CONFIG_DIR}/archive/${DOMAIN}/${DOMAIN}.full-bundle
|
|
|
|
|
- sleep 10
|
|
|
|
|
- docker stack deploy -c ${SWARM_GIT_NAME}/registry.yml registry
|
|
|
|
|
- docker stack deploy -c ${SWARM_GIT_NAME}/proxy.yml proxy
|
|
|
|
|
- """
|
|
|
|
|
-}
|
|
|
|
|
-def update_sertificate(String PLAYBOOK, String TARGET_DIR, String TARGET_HOST, String DOMAIN) {
|
|
|
|
|
- withCredentials([sshUserPrivateKey(credentialsId: 'ansible', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
|
|
|
|
|
- ansiColor('xterm') {
|
|
|
|
|
- ansiblePlaybook(
|
|
|
|
|
- credentialsId: 'ansible',
|
|
|
|
|
- playbook: PLAYBOOK,
|
|
|
|
|
- disableHostKeyChecking: true,
|
|
|
|
|
- extraVars: [
|
|
|
|
|
- TARGET_DIR: TARGET_DIR,
|
|
|
|
|
- TARGET_HOST: TARGET_HOST,
|
|
|
|
|
- DOMAIN: DOMAIN
|
|
|
|
|
- ],
|
|
|
|
|
-// extras: '-vvv',
|
|
|
|
|
- colorized: true)
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
-}
|
|
|
