JENKINS_PASS = ''
ENDDATE = ''
NEW_ENDDATE = ''
BACKUP_FILE = ''
CONFIG_DIR = ''
COMMAND = ''
pipeline {
agent {
label "swarm"
}
environment {
REGISTRY_PROD='registry.infoclinica.ru'
REGISTRY_DEV='dev-registry.infoclinica.ru'
CLUSTER_NAME_OPEN='iru-swarm1-open.infoclinica.ru'
CLUSTER_NAME_PROD='iru-swarm.infoclinica.lan'
CLUSTER_NAME_DEV='dev-iru-swarm.infoclinica.lan'
DOCKER_CERT_PATH='/run/secrets/swarm'
IMAGE_NAME='registry.infoclinica.ru:5000/acme-dns:1.5'
JENKINS_MAIL='jenkins.dev@sdsys.ru'
SMTP_SERVER='mail.sdsys.ru'
RECIPIENT_MAIL_BOX='admin@sdsys.ru'
PKI_GIT_SUBDIR='iru'
PKI_GIT_NAME='pki'
DOMAIN='infoclinica.ru'
PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/pki.git'
STACK_DEPLOY_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
STACK_DEPLOY_GIT_NAME='stack-deploy'
}
parameters {
string(
name: "mailto",
defaultValue: "admin@sdsys.ru",
description: "Email which has to be notified."
)
}
stages {
stage("Calculate Variables") {
steps {
script {
ENDDATE = sh (script: "echo|openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
CONFIG_DIR = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/letsencrypt'
BACKUP_FILE = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + DOMAIN + '.dump.gz'
COMMAND = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + 'renewal.sh'
withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
JENKINS_USER = USERNAME
JENKINS_PASS = PASSWORD
}
}
}
}
stage("Run Renewal") {
steps {
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh """set +x
DOCKER_HOST=tcp://${CLUSTER_NAME_OPEN}:2376 DOCKER_TLS_VERIFY=1 docker run -t --rm -e TZ=Europe/Moscow \
-e DOMAIN=${DOMAIN} -e CONFIG_DIR=${CONFIG_DIR} -e BACKUP_FILE=${BACKUP_FILE} \
-e JENKINS_MAIL=${JENKINS_MAIL} -e JENKINS_MAIL_USER=${JENKINS_USER} -e JENKINS_MAIL_PASS=${JENKINS_PASS} \
-e git_url=${PKI_GIT_URL} -e SMTP_SERVER=${SMTP_SERVER} -e RECIPIENT_MAIL_BOX=${RECIPIENT_MAIL_BOX} \
-e "SSHKEY=`cat ${GIT_SSH_KEY}`" -p 53:53/udp -p 53:53/tcp ${IMAGE_NAME} \
/${COMMAND}
"""
}
}
}
stage("Update secret in CLUSTERS") {
steps {
script {
git_clone(PKI_GIT_URL)
git_clone(STACK_DEPLOY_GIT_URL)
def NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_PROD} -connect ${REGISTRY_PROD}:5000 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
if (ENDDATE != NEW_ENDDATE) {
echo "Update docker secret in ${CLUSTER_NAME_PROD}"
def NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_PROD}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
update_secret(NODE_IP, STACK_DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
}
ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_DEV} -connect ${REGISTRY_DEV}:5000 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
if (ENDDATE != NEW_ENDDATE) {
echo "Update docker secret in ${CLUSTER_NAME_DEV}"
NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_DEV}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
update_secret(NODE_IP, STACK_DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
}
}
}
}
}
post {
always {
echo "CleaningUp work directory"
deleteDir()
}
success {
mail charset: 'UTF-8',
subject: "Jenkins build SUCCESS",
mimeType: 'text/html',
to: "${mailto}",
body: "ATTENTION!!!
Jenkins job successed.\n\n
Project Name: ${env.JOB_NAME}
Renewal certs and keys
\nBuild Number: ${env.BUILD_NUMBER}
\nURL Build: ${RUN_DISPLAY_URL}"
}
failure {
mail charset: 'UTF-8',
subject: "Jenkins build ERROR",
mimeType: 'text/html',
to: "${mailto}",
body: "ATTENTION!!!
Jenkins job failed.\n\n
Project Name: ${env.JOB_NAME}
\nBuild Number: ${env.BUILD_NUMBER}
\nURL Build: ${RUN_DISPLAY_URL}"
}
}
}
def git_clone(String REPO) {
withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
sh """GIT_SSH_COMMAND='ssh -i ${GIT_SSH_KEY} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' \
git clone ${REPO}
"""
}
}
def update_secret(String NODE_IP, String STACK_DEPLOY_GIT_NAME, String DOMAIN, String CONFIG_DIR) {
sh """export DOCKER_HOST=tcp://${NODE_IP}:2376 DOCKER_TLS_VERIFY=1
docker service rm infrastructure_registry
docker secret rm infoclinica_full
docker secret create infoclinica_full ${CONFIG_DIR}/archive/${DOMAIN}/${DOMAIN}.full-bundle
cd ${STACK_DEPLOY_GIT_NAME}
./infrastructure.sh
"""
}