OFFICERenewalWildcardJenkinsfile 7.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173
  1. JENKINS_PASS = ''
  2. ENDDATE = ''
  3. NEW_ENDDATE = ''
  4. BACKUP_FILE = ''
  5. CONFIG_DIR = ''
  6. COMMAND = ''
  7. // TARGET_HOSTS_APACHE = [ 'sugar', 'owncloud' ]
  8. TARGET_HOSTS_APACHE = [ 'sugar', 'pbx', 'zabbix3' ]
  9. TARGET_HOSTS_PROXMOX = [ 'kvm-test', 'kvm1', 'kvm2', 'kvm3', 'kvm4', 'kvm5', 'kvm6', 'kvm7' ]
  10. TARGET_HOSTS_PBS = [ 'pbs' ]
  11. //TARGET_HOSTS_PROXMOX = [ 'kvm4' ]
  12. pipeline {
  13. agent {
  14. label "swarm"
  15. }
  16. environment {
  17. REGISTRY_OFFICE='registry.sdsys.ru'
  18. CLUSTER_OFFICE='swarm.sdsys.ru'
  19. DOCKER_CERT_PATH='/run/secrets/swarm'
  20. IMAGE_NAME='registry.infoclinica.ru:5000/acme-dns:1.5'
  21. JENKINS_MAIL='jenkins.dev@sdsys.ru'
  22. SMTP_SERVER='mail.sdsys.ru'
  23. RECIPIENT_MAIL_BOX='admin@sdsys.ru'
  24. PKI_GIT_NAME='pki'
  25. DOMAIN='sdsys.ru'
  26. PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/pki.git'
  27. SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/swarm.git'
  28. SWARM_GIT_NAME='swarm'
  29. }
  30. parameters {
  31. string(
  32. name: "mailto",
  33. defaultValue: "admin@sdsys.ru",
  34. description: "Email which has to be notified."
  35. )
  36. }
  37. stages {
  38. stage("Calculate Variables") {
  39. steps {
  40. script {
  41. ENDDATE = sh (script: "echo|openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
  42. CONFIG_DIR = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/letsencrypt'
  43. BACKUP_FILE = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + DOMAIN + '.dump.gz'
  44. COMMAND = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'renewal.sh'
  45. withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
  46. JENKINS_USER = USERNAME
  47. JENKINS_PASS = PASSWORD
  48. }
  49. }
  50. }
  51. }
  52. stage("Clone Repo") {
  53. steps {
  54. script {
  55. gitOps.clone(PKI_GIT_URL)
  56. gitOps.clone(SWARM_GIT_URL)
  57. }
  58. stage("Run Renewal") {
  59. steps {
  60. withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
  61. sh """set +x
  62. docker run -t --rm -e TZ=Europe/Moscow \
  63. -e DOMAIN=${DOMAIN} -e CONFIG_DIR=${CONFIG_DIR} -e BACKUP_FILE=${BACKUP_FILE} \
  64. -e JENKINS_MAIL=${JENKINS_MAIL} -e JENKINS_MAIL_USER=${JENKINS_USER} -e JENKINS_MAIL_PASS=${JENKINS_PASS} \
  65. -e git_url=${PKI_GIT_URL} -e SMTP_SERVER=${SMTP_SERVER} -e RECIPIENT_MAIL_BOX=${RECIPIENT_MAIL_BOX} \
  66. -e "SSHKEY=`cat ${GIT_SSH_KEY}`" -p 5353:53/udp -p 5353:53/tcp ${IMAGE_NAME} \
  67. /${COMMAND}
  68. """
  69. }
  70. }
  71. }
  72. // stage("Update docker secret in SWARM cluster") {
  73. // steps {
  74. // script {
  75. // gitOps.clone(PKI_GIT_URL)
  76. // gitOps.clone(SWARM_GIT_URL)
  77. // NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
  78. // ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_OFFICE} -connect ${REGISTRY_OFFICE}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
  79. // if (ENDDATE != NEW_ENDDATE) {
  80. // echo "Update docker secret in ${CLUSTER_OFFICE}"
  81. // NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_OFFICE}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
  82. // dockerWCrenewal.update_secret(NODE_IP, SWARM_GIT_NAME, DOMAIN, CONFIG_DIR)
  83. // }
  84. // }
  85. // }
  86. // }
  87. stage("Update certificate and key to Proxmox") {
  88. steps {
  89. script {
  90. NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
  91. TARGET_HOSTS_PROXMOX.each { item ->
  92. ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:8006 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
  93. if (ENDDATE != NEW_ENDDATE) {
  94. echo "Update certificate and key for ${item}"
  95. def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'proxmox.yml'
  96. def TARGET_HOST = item + '.' + DOMAIN
  97. def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
  98. dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN)
  99. }
  100. }
  101. }
  102. }
  103. }
  104. stage("Update certificate and key to PBS") {
  105. steps {
  106. script {
  107. NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
  108. TARGET_HOSTS_PBS.each { item ->
  109. ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:8007 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
  110. if (ENDDATE != NEW_ENDDATE) {
  111. echo "Update certificate and key for ${item}"
  112. def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'pbs.yml'
  113. def TARGET_HOST = item + '.' + DOMAIN
  114. def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
  115. dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN)
  116. }
  117. }
  118. }
  119. }
  120. }
  121. stage("Update certificate and key APACHE-HOSTS") {
  122. steps {
  123. script {
  124. NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
  125. TARGET_HOSTS_APACHE.each { item ->
  126. ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
  127. if (ENDDATE != NEW_ENDDATE) {
  128. echo "Update certificate and key for ${item}"
  129. def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'apache.yml'
  130. def TARGET_HOST = item + '.' + DOMAIN
  131. def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
  132. dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN)
  133. }
  134. }
  135. }
  136. }
  137. }
  138. stage("Update certificate and key to ZIMBRA") {
  139. steps {
  140. script {
  141. ENDDATE = sh (script: "echo|openssl s_client -servername ${SMTP_SERVER} -connect ${SMTP_SERVER}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
  142. if (ENDDATE != NEW_ENDDATE) {
  143. echo "Update certificate and key for ${SMTP_SERVER}"
  144. sh "cat ${PKI_GIT_NAME}/${DOMAIN}/wildcard/acme-dns/letsencrypt.ca.pem >> ${CONFIG_DIR}/live/${DOMAIN}/fullchain.pem"
  145. PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'mail.yml'
  146. TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
  147. dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, SMTP_SERVER, DOMAIN)
  148. }
  149. }
  150. }
  151. }
  152. }
  153. post {
  154. always {
  155. echo "CleaningUp work directory"
  156. deleteDir()
  157. }
  158. success {
  159. mail charset: 'UTF-8',
  160. subject: "Jenkins build SUCCESS",
  161. mimeType: 'text/html',
  162. to: "${mailto}",
  163. body: "<b>ATTENTION!!!</b> <b><br> Jenkins job successed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>Renewal certs and keys</b> <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  164. }
  165. failure {
  166. mail charset: 'UTF-8',
  167. subject: "Jenkins build ERROR",
  168. mimeType: 'text/html',
  169. to: "${mailto}",
  170. body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  171. }
  172. }
  173. }