JENKINS_PASS = ''
ENDDATE = ''
NEW_ENDDATE = ''
BACKUP_FILE = ''
CONFIG_DIR = ''
COMMAND = ''
pipeline {
agent {
label "swarm"
}
environment {
CLUSTER_NAME_OPEN='iru-swarm1-open.infoclinica.lan'
CLUSTER_NAME_PROD='iru-swarm.infoclinica.lan'
CLUSTER_NAME_DEV='dev-iru-swarm.infoclinica.lan'
DOCKER_CERT_PATH='/run/secrets/swarm'
IMAGE_NAME='registry.infoclinica.ru:5000/acme-dns:1.3'
JENKINS_MAIL='jenkins.dev@sdsys.ru'
SMTP_SERVER='mail.sdsys.ru'
RECIPIENT_MAIL_BOX='admin@sdsys.ru'
PKI_GIT_SUBDIR='iru'
PKI_GIT_NAME='pki'
DOMAIN='infoclinica.ru'
PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/pki.git'
STACK-DEPLOY_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
STACK-DEPLOY_GIT_NAME='stack-deploy'
}
parameters {
string(
name: "mailto",
defaultValue: "admin@sdsys.ru",
description: "Email which has to be notified."
)
}
stages {
stage("Calculate Variables) {
steps {
script {
ENDDATE = sh (script: "$(echo | openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null | openssl x509 -noout -enddate)", returnStdout: true).trim()
CONFIG_DIR = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/letsencrypt'
BACKUP_FILE = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + DOMAIN + '.dump.gz'
COMMAND = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + 'renewal.sh'
withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
JENKINS_USER = USERNAME
JENKINS_PASS = PASSWORD
}
}
}
}
stage("Run Renewal") {
steps {
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh """set +x
DOCKER_HOST=tcp://${CLUSTER_NAME_OPEN}:2376 DOCKER_TLS_VERIFY=1 docker run -t --rm -e TZ=Europe/Moscow \
-e DOMAIN=${DOMAIN} -e CONFIG_DIR=${CONFIG_DIR} -e BACKUP_FILE=${BACKUP_FILE} \
-e JENKINS_MAIL=${JENKINS_MAIL} -e JENKINS_MAIL_USER=${JENKINS_USER} -e JENKINS_MAIL_PASS=${JENKINS_PASS} \
-e git_url=${PKI_GIT_URL} -e SMTP_SERVER=${SMTP_SERVER} -e RECIPIENT_MAIL_BOX=${RECIPIENT_MAIL_BOX} \
-e "SSHKEY=`cat ${GIT_SSH_KEY}`" -p 53:53/udp -p 53:53/tcp ${IMAGE_NAME} \
/${COMMAND}
"""
}
}
}
stage("Update secret in CLUSTERS") {
steps {
script {
git_clone(PKI_GIT_URL)
git_clone(STACK-DEPLOY_GIT_URL)
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh """GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git clone ${PKI_GIT_URL}
GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git clone ${STACK-DEPLOY_GIT_URL}
"""
}
def NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
if (ENDDATE != NEW_ENDDATE) {
echo "Update docker secret in ${CLUSTER_NAME_PROD}"
def NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_PROD}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
update_secret(NODE_IP, STACK-DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
echo "Update docker secret in ${CLUSTER_NAME_DEV}"
NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_DEV}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
update_secret(NODE_IP, STACK-DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
}
}
}
}
}
post {
always {
echo "CleaningUp work directory"
deleteDir()
}
success {
mail charset: 'UTF-8',
subject: "Jenkins build SUCCESS",
mimeType: 'text/html',
to: "${mailto}",
body: "<b>ATTENTION!!!</b> <b><br> Jenkins job successed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>Renewal certs and keys</b> <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
}
failure {
mail charset: 'UTF-8',
subject: "Jenkins build ERROR",
mimeType: 'text/html',
to: "${mailto}",
body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
}
}
}
def git_clone(String REPO) {
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh """GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git clone ${REPO}
"""
}
}
def update_secret(String NODE_IP, String STACK-DEPLOY_GIT_NAME, String DOMAIN, String CONFIG_DIR) {
sh """export DOCKER_HOST=tcp://${NODE_IP}:2376 DOCKER_TLS_VERIFY=1
docker service rm infrastructure_registry
docker secret rm infoclinica_full
docker secret create infoclinica_full ${CONFIG_DIR}/archive/${DOMAIN}/${DOMAIN}.full-bundle
cd ${STACK-DEPLOY_GIT_NAME}
./infrastructure.sh
"""
}