JENKINS_PASS = ''
ENDDATE = ''
NEW_ENDDATE = ''
BACKUP_FILE = ''
CONFIG_DIR = ''
COMMAND = ''
TARGET_HOSTS_APACHE = [ 'sugar', 'owncloud' ]
TARGET_HOSTS_PROXMOX = [ 'kvm-test', 'kvm1', 'kvm2', 'kvm3', 'kvm4', 'kvm5', 'kvm6', 'kvm7' ]
pipeline {
agent {
label "swarm"
}
environment {
REGISTRY_OFFICE='registry.sdsys.ru'
CLUSTER_OFFICE='swarm.sdsys.ru'
DOCKER_CERT_PATH='/run/secrets/swarm'
IMAGE_NAME='registry.infoclinica.ru:5000/acme-dns:1.5'
JENKINS_MAIL='jenkins.dev@sdsys.ru'
SMTP_SERVER='mail.sdsys.ru'
RECIPIENT_MAIL_BOX='admin@sdsys.ru'
PKI_GIT_NAME='pki'
DOMAIN='sdsys.ru'
PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/pki.git'
SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/swarm.git'
SWARM_GIT_NAME='swarm'
}
parameters {
string(
name: "mailto",
defaultValue: "admin@sdsys.ru",
description: "Email which has to be notified."
)
}
stages {
stage("Calculate Variables") {
steps {
script {
ENDDATE = sh (script: "echo|openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
CONFIG_DIR = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/letsencrypt'
BACKUP_FILE = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + DOMAIN + '.dump.gz'
COMMAND = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'renewal.sh'
withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
JENKINS_USER = USERNAME
JENKINS_PASS = PASSWORD
}
}
}
}
stage("Run Renewal") {
steps {
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh """set +x
docker run -t --rm -e TZ=Europe/Moscow \
-e DOMAIN=${DOMAIN} -e CONFIG_DIR=${CONFIG_DIR} -e BACKUP_FILE=${BACKUP_FILE} \
-e JENKINS_MAIL=${JENKINS_MAIL} -e JENKINS_MAIL_USER=${JENKINS_USER} -e JENKINS_MAIL_PASS=${JENKINS_PASS} \
-e git_url=${PKI_GIT_URL} -e SMTP_SERVER=${SMTP_SERVER} -e RECIPIENT_MAIL_BOX=${RECIPIENT_MAIL_BOX} \
-e "SSHKEY=`cat ${GIT_SSH_KEY}`" -p 5353:53/udp -p 5353:53/tcp ${IMAGE_NAME} \
/${COMMAND}
"""
}
}
}
stage("Update docker secret in SWARM cluster") {
steps {
script {
gitOps.clone(PKI_GIT_URL)
gitOps.clone(SWARM_GIT_URL)
NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_OFFICE} -connect ${REGISTRY_OFFICE}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
if (ENDDATE != NEW_ENDDATE) {
echo "Update docker secret in ${CLUSTER_OFFICE}"
NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_OFFICE}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
dockerWCrenewal.update_secret(NODE_IP, SWARM_GIT_NAME, DOMAIN, CONFIG_DIR)
}
}
}
}
stage("Update certificate and key to Proxmox") {
steps {
script {
NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
TARGET_HOSTS_PROXMOX.each { item ->
ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:8006 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
if (ENDDATE != NEW_ENDDATE) {
echo "Update certificate and key for ${item}"
def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'proxmox.yml'
def TARGET_HOST = item + '.' + DOMAIN
def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN)
}
}
}
}
}
stage("Update certificate and key APACHE-HOSTS") {
steps {
script {
NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
TARGET_HOSTS_APACHE.each { item ->
ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
if (ENDDATE != NEW_ENDDATE) {
echo "Update certificate and key for ${item}"
def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'apache.yml'
def TARGET_HOST = item + '.' + DOMAIN
def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN)
}
}
}
}
}
stage("Update certificate and key to ZIMBRA") {
steps {
script {
ENDDATE = sh (script: "echo|openssl s_client -servername ${SMTP_SERVER} -connect ${SMTP_SERVER}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
if (ENDDATE != NEW_ENDDATE) {
echo "Update certificate and key for ${SMTP_SERVER}"
sh "cat ${PKI_GIT_NAME}/${DOMAIN}/wildcard/acme-dns/letsencrypt.ca.pem >> ${CONFIG_DIR}/live/${DOMAIN}/fullchain.pem"
PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'mail.yml'
TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, SMTP_SERVER, DOMAIN)
}
}
}
}
}
post {
always {
echo "CleaningUp work directory"
deleteDir()
}
success {
mail charset: 'UTF-8',
subject: "Jenkins build SUCCESS",
mimeType: 'text/html',
to: "${mailto}",
body: "ATTENTION!!!
Jenkins job successed.\n\n
Project Name: ${env.JOB_NAME}
Renewal certs and keys
\nBuild Number: ${env.BUILD_NUMBER}
\nURL Build: ${RUN_DISPLAY_URL}"
}
failure {
mail charset: 'UTF-8',
subject: "Jenkins build ERROR",
mimeType: 'text/html',
to: "${mailto}",
body: "ATTENTION!!!
Jenkins job failed.\n\n
Project Name: ${env.JOB_NAME}
\nBuild Number: ${env.BUILD_NUMBER}
\nURL Build: ${RUN_DISPLAY_URL}"
}
}
}