JENKINS_PASS = '' ENDDATE = '' NEW_ENDDATE = '' BACKUP_FILE = '' CONFIG_DIR = '' COMMAND = '' pipeline { agent { label "swarm" } environment { REGISTRY_PROD='registry.infoclinica.ru' REGISTRY_DEV='dev-registry.infoclinica.ru' CLUSTER_NAME_OPEN='iru-swarm1-open.infoclinica.ru' CLUSTER_NAME_PROD='iru-swarm.infoclinica.lan' CLUSTER_NAME_DEV='dev-iru-swarm.infoclinica.lan' DOCKER_CERT_PATH='/run/secrets/swarm' IMAGE_NAME='registry.infoclinica.ru:5000/acme-dns:1.5' JENKINS_MAIL='jenkins.dev@sdsys.ru' SMTP_SERVER='mail.sdsys.ru' RECIPIENT_MAIL_BOX='admin@sdsys.ru' PKI_GIT_SUBDIR='iru' PKI_GIT_NAME='pki' DOMAIN='infoclinica.ru' PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/pki.git' STACK_DEPLOY_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git' STACK_DEPLOY_GIT_NAME='stack-deploy' } parameters { string( name: "mailto", defaultValue: "admin@sdsys.ru", description: "Email which has to be notified." ) } stages { stage("Calculate Variables") { steps { script { ENDDATE = sh (script: "echo|openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim() CONFIG_DIR = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/letsencrypt' BACKUP_FILE = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + DOMAIN + '.dump.gz' COMMAND = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + 'renewal.sh' withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) { JENKINS_USER = USERNAME JENKINS_PASS = PASSWORD } } } } stage("Run Renewal") { steps { withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) { sh """set +x DOCKER_HOST=tcp://${CLUSTER_NAME_OPEN}:2376 DOCKER_TLS_VERIFY=1 docker run -t --rm -e TZ=Europe/Moscow \ -e DOMAIN=${DOMAIN} -e CONFIG_DIR=${CONFIG_DIR} -e BACKUP_FILE=${BACKUP_FILE} \ -e JENKINS_MAIL=${JENKINS_MAIL} -e JENKINS_MAIL_USER=${JENKINS_USER} -e JENKINS_MAIL_PASS=${JENKINS_PASS} \ -e git_url=${PKI_GIT_URL} -e SMTP_SERVER=${SMTP_SERVER} -e RECIPIENT_MAIL_BOX=${RECIPIENT_MAIL_BOX} \ -e "SSHKEY=`cat ${GIT_SSH_KEY}`" -p 53:53/udp -p 53:53/tcp ${IMAGE_NAME} \ /${COMMAND} """ } } } stage("Update secret in CLUSTERS") { steps { script { git_clone(PKI_GIT_URL) git_clone(STACK_DEPLOY_GIT_URL) def NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim() ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_PROD} -connect ${REGISTRY_PROD}:5000 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim() if (ENDDATE != NEW_ENDDATE) { echo "Update docker secret in ${CLUSTER_NAME_PROD}" def NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_PROD}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim() update_secret(NODE_IP, STACK_DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR) } ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_DEV} -connect ${REGISTRY_DEV}:5000 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim() if (ENDDATE != NEW_ENDDATE) { echo "Update docker secret in ${CLUSTER_NAME_DEV}" NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_DEV}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim() update_secret(NODE_IP, STACK_DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR) } } } } } post { always { echo "CleaningUp work directory" deleteDir() } success { mail charset: 'UTF-8', subject: "Jenkins build SUCCESS", mimeType: 'text/html', to: "${mailto}", body: "ATTENTION!!!
Jenkins job successed.\n\n
Project Name:
${env.JOB_NAME}
Renewal certs and keys

\nBuild Number:
${env.BUILD_NUMBER}
\nURL Build:
${RUN_DISPLAY_URL}" } failure { mail charset: 'UTF-8', subject: "Jenkins build ERROR", mimeType: 'text/html', to: "${mailto}", body: "ATTENTION!!!
Jenkins job failed.\n\n
Project Name:
${env.JOB_NAME}
\nBuild Number:
${env.BUILD_NUMBER}
\nURL Build:
${RUN_DISPLAY_URL}" } } } def git_clone(String REPO) { withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) { sh """GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \ git clone ${REPO} """ } } def update_secret(String NODE_IP, String STACK_DEPLOY_GIT_NAME, String DOMAIN, String CONFIG_DIR) { sh """export DOCKER_HOST=tcp://${NODE_IP}:2376 DOCKER_TLS_VERIFY=1 docker service rm infrastructure_registry docker secret rm infoclinica_full docker secret create infoclinica_full ${CONFIG_DIR}/archive/${DOMAIN}/${DOMAIN}.full-bundle cd ${STACK_DEPLOY_GIT_NAME} ./infrastructure.sh """ }