OFFICERenewalWildcardJenkinsfile 6.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149
  1. JENKINS_PASS = ''
  2. ENDDATE = ''
  3. NEW_ENDDATE = ''
  4. BACKUP_FILE = ''
  5. CONFIG_DIR = ''
  6. COMMAND = ''
  7. // TARGET_HOSTS_APACHE = [ 'sugar', 'owncloud' ]
  8. TARGET_HOSTS_APACHE = [ 'sugar' ]
  9. TARGET_HOSTS_PROXMOX = [ 'kvm-test', 'kvm1', 'kvm2', 'kvm3', 'kvm4', 'kvm5', 'kvm6', 'kvm7' ]
  10. //TARGET_HOSTS_PROXMOX = [ 'kvm4' ]
  11. pipeline {
  12. agent {
  13. label "swarm"
  14. }
  15. environment {
  16. REGISTRY_OFFICE='registry.sdsys.ru'
  17. CLUSTER_OFFICE='swarm.sdsys.ru'
  18. DOCKER_CERT_PATH='/run/secrets/swarm'
  19. IMAGE_NAME='registry.infoclinica.ru:5000/acme-dns:1.5'
  20. JENKINS_MAIL='jenkins.dev@sdsys.ru'
  21. SMTP_SERVER='mail.sdsys.ru'
  22. RECIPIENT_MAIL_BOX='admin@sdsys.ru'
  23. PKI_GIT_NAME='pki'
  24. DOMAIN='sdsys.ru'
  25. PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/pki.git'
  26. SWARM_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/swarm.git'
  27. SWARM_GIT_NAME='swarm'
  28. }
  29. parameters {
  30. string(
  31. name: "mailto",
  32. defaultValue: "admin@sdsys.ru",
  33. description: "Email which has to be notified."
  34. )
  35. }
  36. stages {
  37. stage("Calculate Variables") {
  38. steps {
  39. script {
  40. ENDDATE = sh (script: "echo|openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
  41. CONFIG_DIR = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/letsencrypt'
  42. BACKUP_FILE = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + DOMAIN + '.dump.gz'
  43. COMMAND = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'renewal.sh'
  44. withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
  45. JENKINS_USER = USERNAME
  46. JENKINS_PASS = PASSWORD
  47. }
  48. }
  49. }
  50. }
  51. // stage("Run Renewal") {
  52. // steps {
  53. // withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
  54. // sh """set +x
  55. // docker run -t --rm -e TZ=Europe/Moscow \
  56. // -e DOMAIN=${DOMAIN} -e CONFIG_DIR=${CONFIG_DIR} -e BACKUP_FILE=${BACKUP_FILE} \
  57. // -e JENKINS_MAIL=${JENKINS_MAIL} -e JENKINS_MAIL_USER=${JENKINS_USER} -e JENKINS_MAIL_PASS=${JENKINS_PASS} \
  58. // -e git_url=${PKI_GIT_URL} -e SMTP_SERVER=${SMTP_SERVER} -e RECIPIENT_MAIL_BOX=${RECIPIENT_MAIL_BOX} \
  59. // -e "SSHKEY=`cat ${GIT_SSH_KEY}`" -p 5353:53/udp -p 5353:53/tcp ${IMAGE_NAME} \
  60. // /${COMMAND}
  61. // """
  62. // }
  63. // }
  64. // }
  65. stage("Update docker secret in SWARM cluster") {
  66. steps {
  67. script {
  68. gitOps.clone(PKI_GIT_URL)
  69. gitOps.clone(SWARM_GIT_URL)
  70. NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
  71. ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_OFFICE} -connect ${REGISTRY_OFFICE}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
  72. if (ENDDATE != NEW_ENDDATE) {
  73. echo "Update docker secret in ${CLUSTER_OFFICE}"
  74. NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_OFFICE}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
  75. dockerWCrenewal.update_secret(NODE_IP, SWARM_GIT_NAME, DOMAIN, CONFIG_DIR)
  76. }
  77. }
  78. }
  79. }
  80. stage("Update certificate and key to Proxmox") {
  81. steps {
  82. script {
  83. NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
  84. TARGET_HOSTS_PROXMOX.each { item ->
  85. ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:8006 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
  86. if (ENDDATE != NEW_ENDDATE) {
  87. echo "Update certificate and key for ${item}"
  88. def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'proxmox.yml'
  89. def TARGET_HOST = item + '.' + DOMAIN
  90. def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
  91. dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN)
  92. }
  93. }
  94. }
  95. }
  96. }
  97. stage("Update certificate and key APACHE-HOSTS") {
  98. steps {
  99. script {
  100. NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
  101. TARGET_HOSTS_APACHE.each { item ->
  102. ENDDATE = sh (script: "echo|openssl s_client -servername ${item}.${DOMAIN} -connect ${item}.${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
  103. if (ENDDATE != NEW_ENDDATE) {
  104. echo "Update certificate and key for ${item}"
  105. def PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'apache.yml'
  106. def TARGET_HOST = item + '.' + DOMAIN
  107. def TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
  108. dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, TARGET_HOST, DOMAIN)
  109. }
  110. }
  111. }
  112. }
  113. }
  114. stage("Update certificate and key to ZIMBRA") {
  115. steps {
  116. script {
  117. ENDDATE = sh (script: "echo|openssl s_client -servername ${SMTP_SERVER} -connect ${SMTP_SERVER}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
  118. if (ENDDATE != NEW_ENDDATE) {
  119. echo "Update certificate and key for ${SMTP_SERVER}"
  120. sh "cat ${PKI_GIT_NAME}/${DOMAIN}/wildcard/acme-dns/letsencrypt.ca.pem >> ${CONFIG_DIR}/live/${DOMAIN}/fullchain.pem"
  121. PLAYBOOK = PKI_GIT_NAME + '/' + DOMAIN + '/wildcard/acme-dns/' + 'mail.yml'
  122. TARGET_DIR = WORKSPACE + '/' + CONFIG_DIR
  123. dockerWCrenewal.update_sertificate(PLAYBOOK, TARGET_DIR, SMTP_SERVER, DOMAIN)
  124. }
  125. }
  126. }
  127. }
  128. }
  129. post {
  130. always {
  131. echo "CleaningUp work directory"
  132. deleteDir()
  133. }
  134. success {
  135. mail charset: 'UTF-8',
  136. subject: "Jenkins build SUCCESS",
  137. mimeType: 'text/html',
  138. to: "${mailto}",
  139. body: "<b>ATTENTION!!!</b> <b><br> Jenkins job successed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>Renewal certs and keys</b> <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  140. }
  141. failure {
  142. mail charset: 'UTF-8',
  143. subject: "Jenkins build ERROR",
  144. mimeType: 'text/html',
  145. to: "${mailto}",
  146. body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
  147. }
  148. }
  149. }