JENKINS_PASS = '' ENDDATE = '' NEW_ENDDATE = '' BACKUP_FILE = '' CONFIG_DIR = '' COMMAND = '' // TARGET_HOSTS_APACHE = [ 'sugar', 'owncloud' ] TARGET_HOSTS_APACHE = [ 'sugar', 'pbx', 'zabbix3' ] TARGET_HOSTS_PROXMOX = [ 'kvm-test', 'kvm1', 'kvm2', 'kvm3', 'kvm4', 'kvm5', 'kvm6', 'kvm7' ] TARGET_HOSTS_PBS = [ 'pbs' ] //TARGET_HOSTS_PROXMOX = [ 'kvm4' ] pipeline { agent { label "swarm" } environment { REGISTRY_OFFICE='registry.sdsys.ru' CLUSTER_OFFICE='swarm.sdsys.ru' DOCKER_CERT_PATH='/run/secrets/swarm' IMAGE_NAME='registry.infoclinica.ru:5000/acme-dns:1.5' JENKINS_MAIL='jenkins.dev@sdsys.ru' SMTP_SERVER='mail.sdsys.ru' RECIPIENT_MAIL_BOX='admin@sdsys.ru' PKI_GIT_NAME='pki' DOMAIN='sdsys.ru' PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/pki.git' SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/swarm.git' SWARM_GIT_NAME='swarm' } parameters { string( name: "mailto", defaultValue: "admin@sdsys.ru", description: "Email which has to be notified." ) } stages { stage("Calculate Variables") { steps { script { ENDDATE = sh (script: "echo|openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim() CONFIG_DIR = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/letsencrypt' BACKUP_FILE = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + DOMAIN + '.dump.gz' COMMAND = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'renewal.sh' withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) { JENKINS_USER = USERNAME JENKINS_PASS = PASSWORD } } } } // stage("Run Renewal") { // steps { // withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) { // sh """set +x // docker run -t --rm -e TZ=Europe/Moscow \ // -e DOMAIN=${DOMAIN} -e CONFIG_DIR=${CONFIG_DIR} -e BACKUP_FILE=${BACKUP_FILE} \ // -e JENKINS_MAIL=${JENKINS_MAIL} -e JENKINS_MAIL_USER=${JENKINS_USER} -e JENKINS_MAIL_PASS=${JENKINS_PASS} \ // -e git_url=${PKI_GIT_URL} -e SMTP_SERVER=${SMTP_SERVER} -e RECIPIENT_MAIL_BOX=${RECIPIENT_MAIL_BOX} \ // -e "SSHKEY=`cat ${GIT_SSH_KEY}`" -p 5353:53/udp -p 5353:53/tcp ${IMAGE_NAME} \ // /${COMMAND} // """ // } // } // } stage("Update docker secret in SWARM cluster") { steps { script { gitOps.clone(PKI_GIT_URL) gitOps.clone(SWARM_GIT_URL) NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim() ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_OFFICE} -connect ${REGISTRY_OFFICE}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim() if (ENDDATE != NEW_ENDDATE) { echo "Update docker secret in ${CLUSTER_OFFICE}" NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_OFFICE}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim() dockerWCrenewal.update_secret(NODE_IP, SWARM_GIT_NAME, DOMAIN, CONFIG_DIR) } } } } stage("Update certificate and key to Proxmox") { steps { script { NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim() TARGET_HOSTS_PROXMOX.each { item -> ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:8006 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim() if (ENDDATE != NEW_ENDDATE) { echo "Update certificate and key for ${item}" def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'proxmox.yml' def TARGET_HOST = item + '.' + DOMAIN def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN) } } } } } stage("Update certificate and key to PBS") { steps { script { NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim() TARGET_HOSTS_PBS.each { item -> ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:8007 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim() if (ENDDATE == NEW_ENDDATE) { echo "Update certificate and key for ${item}" def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'pbs.yml' def TARGET_HOST = item + '.' + DOMAIN def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN) } } } } } stage("Update certificate and key APACHE-HOSTS") { steps { script { NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim() TARGET_HOSTS_APACHE.each { item -> ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim() if (ENDDATE != NEW_ENDDATE) { echo "Update certificate and key for ${item}" def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'apache.yml' def TARGET_HOST = item + '.' + DOMAIN def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN) } } } } } stage("Update certificate and key to ZIMBRA") { steps { script { ENDDATE = sh (script: "echo|openssl s_client -servername ${SMTP_SERVER} -connect ${SMTP_SERVER}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim() if (ENDDATE != NEW_ENDDATE) { echo "Update certificate and key for ${SMTP_SERVER}" sh "cat ${PKI_GIT_NAME}/${DOMAIN}/wildcard/acme-dns/letsencrypt.ca.pem >> ${CONFIG_DIR}/live/${DOMAIN}/fullchain.pem" PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'mail.yml' TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, SMTP_SERVER, DOMAIN) } } } } } post { always { echo "CleaningUp work directory" deleteDir() } success { mail charset: 'UTF-8', subject: "Jenkins build SUCCESS", mimeType: 'text/html', to: "${mailto}", body: "ATTENTION!!!
Jenkins job successed.\n\n
Project Name:
${env.JOB_NAME}
Renewal certs and keys

\nBuild Number:
${env.BUILD_NUMBER}
\nURL Build:
${RUN_DISPLAY_URL}" } failure { mail charset: 'UTF-8', subject: "Jenkins build ERROR", mimeType: 'text/html', to: "${mailto}", body: "ATTENTION!!!
Jenkins job failed.\n\n
Project Name:
${env.JOB_NAME}
\nBuild Number:
${env.BUILD_NUMBER}
\nURL Build:
${RUN_DISPLAY_URL}" } } }