Home Explore Help
Sign In
sdsys
/
acme-dns
6
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
acme-dns
/
IRURenewalWildcardJenkinsfile

IRURenewalWildcardJenkinsfile 4.9 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 
  1. JENKINS_PASS = ''
    2. 

  2. ENDDATE = ''
    3. 

  3. NEW_ENDDATE = ''
    4. 

  4. BACKUP_FILE = ''
    5. 

  5. CONFIG_DIR = ''
    6. 

  6. COMMAND = ''
    7. 

  7. pipeline {
    8. 

  8.   agent {
    9. 

  9.     label "swarm"
    10. 

  10.   }
    11. 

  11.   environment {
    12. 

  12.     REGISTRY_PROD='registry.infoclinica.ru'
    13. 

  13.     REGISTRY_DEV='dev-registry.infoclinica.ru'
    14. 

  14.     CLUSTER_NAME_OPEN='iru-swarm1-open.infoclinica.ru'
    15. 

  15.     CLUSTER_NAME_PROD='iru-swarm.infoclinica.lan'
    16. 

  16.     CLUSTER_NAME_DEV='dev-iru-swarm.infoclinica.lan'
    17. 

  17.     DOCKER_CERT_PATH='/run/secrets/swarm'
    18. 

  18.     IMAGE_NAME='registry.infoclinica.ru:5000/acme-dns:1.5'
    19. 

  19.     JENKINS_MAIL='jenkins.dev@sdsys.ru'
    20. 

  20.     SMTP_SERVER='mail.sdsys.ru'
    21. 

  21.     RECIPIENT_MAIL_BOX='admin@sdsys.ru'
    22. 

  22.     PKI_GIT_SUBDIR='iru'
    23. 

  23.     PKI_GIT_NAME='pki'
    24. 

  24.     DOMAIN='infoclinica.ru'
    25. 

  25.     PKI_GIT_URL='ssh://git@git.sdsys.ru:8022/sdsys/pki.git'
    26. 

  26.     STACK_DEPLOY_GIT_URL='ssh://git@git.sdsys.ru:8022/iru/stack-deploy.git'
    27. 

  27.     STACK_DEPLOY_GIT_NAME='stack-deploy'
    28. 

  28.   }
    29. 

  29.   parameters {
    30. 

  30.     string(
    31. 

  31.       name: "mailto",
    32. 

  32.       defaultValue: "admin@sdsys.ru",
    33. 

  33.       description: "Email which has to be notified."
    34. 

  34.     )
    35. 

  35.   }
    36. 

  36.   stages {
    37. 

  37.     stage("Calculate Variables") {
    38. 

  38.       steps {
    39. 

  39.         script {
    40. 

  40.           ENDDATE = sh (script: "echo|openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
    41. 

  41.           CONFIG_DIR = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/letsencrypt'
    42. 

  42.           BACKUP_FILE = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + DOMAIN + '.dump.gz'
    43. 

  43.           COMMAND = PKI_GIT_NAME + '/' + PKI_GIT_SUBDIR + '/wildcard/acme-dns/' + 'renewal.sh'
    44. 

  44.           withCredentials([usernamePassword(credentialsId: 'jenkins', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
    45. 

  45.             JENKINS_USER = USERNAME
    46. 

  46.             JENKINS_PASS = PASSWORD
    47. 

  47.           }
    48. 

  48.         }
    49. 

  49.       }
    50. 

  50.     }
    51. 

  51.     stage("Run Renewal") {
    52. 

  52.       steps {
    53. 

  53.         withCredentials([sshUserPrivateKey(credentialsId: 'provision', keyFileVariable: 'GIT_SSH_KEY', passphraseVariable: '', usernameVariable: 'GIT_SSH_USERNAME')]) {
    54. 

  54.           sh """set +x
    55. 

  55.                 DOCKER_HOST=tcp://${CLUSTER_NAME_OPEN}:2376 DOCKER_TLS_VERIFY=1 docker run -t --rm -e TZ=Europe/Moscow \
    56. 

  56.                   -e DOMAIN=${DOMAIN} -e CONFIG_DIR=${CONFIG_DIR} -e BACKUP_FILE=${BACKUP_FILE} \
    57. 

  57.                   -e JENKINS_MAIL=${JENKINS_MAIL} -e JENKINS_MAIL_USER=${JENKINS_USER} -e JENKINS_MAIL_PASS=${JENKINS_PASS} \
    58. 

  58.                   -e git_url=${PKI_GIT_URL} -e SMTP_SERVER=${SMTP_SERVER} -e RECIPIENT_MAIL_BOX=${RECIPIENT_MAIL_BOX} \
    59. 

  59.                   -e "SSHKEY=`cat ${GIT_SSH_KEY}`" -p 53:53/udp -p 53:53/tcp ${IMAGE_NAME} \
    60. 

  60.                   /${COMMAND}
    61. 

  61.              """
    62. 

  62.         }
    63. 

  63.       }
    64. 

  64.     }
    65. 

  65.     stage("Update secret in CLUSTERS") {
    66. 

  66.       steps {
    67. 

  67.         script {
    68. 

  68.           gitOps.clone(PKI_GIT_URL)
    69. 

  69.           gitOps.clone(STACK_DEPLOY_GIT_URL)
    70. 

  70.           def NEW_ENDDATE = sh (script: "openssl x509 -enddate -noout -in ${CONFIG_DIR}/live/${DOMAIN}/cert.pem", returnStdout: true).trim()
    71. 

  71.           ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_PROD} -connect ${REGISTRY_PROD}:5000 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
    72. 

  72.           if (ENDDATE != NEW_ENDDATE) {
    73. 

  73.             echo "Update docker secret in ${CLUSTER_NAME_PROD}"
    74. 

  74.             def NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_PROD}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
    75. 

  75.             dockerWCrenewal.update_secretIRU(NODE_IP, STACK_DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
    76. 

  76.           }
    77. 

  77.           ENDDATE = sh (script: "echo|openssl s_client -servername ${REGISTRY_DEV} -connect ${REGISTRY_DEV}:5000 2>/dev/null|openssl x509 -noout -enddate", returnStdout: true).trim()
    78. 

  78.           if (ENDDATE != NEW_ENDDATE) {
    79. 

  79.             echo "Update docker secret in ${CLUSTER_NAME_DEV}"
    80. 

  80.             NODE_IP = sh (script: "DOCKER_HOST=tcp://${CLUSTER_NAME_DEV}:2376 DOCKER_TLS_VERIFY=1 docker node inspect self -f '{{.Status.Addr}}'" , returnStdout: true).trim()
    81. 

  81.             dockerWCrenewal.update_secretIRU(NODE_IP, STACK_DEPLOY_GIT_NAME, DOMAIN, CONFIG_DIR)
    82. 

  82.           }
    83. 

  83.         }
    84. 

  84.       }
    85. 

  85.     }
    86. 

  86.   }
    87. 

  87.   post {
    88. 

  88.     always {
    89. 

  89.       echo "CleaningUp work directory"
    90. 

  90.       deleteDir()
    91. 

  91.     }
    92. 

  92.     success {
    93. 

  93.       mail charset: 'UTF-8',
    94. 

  94.            subject: "Jenkins build SUCCESS",
    95. 

  95.            mimeType: 'text/html',
    96. 

  96.            to: "${mailto}",
    97. 

  97.            body: "<b>ATTENTION!!!</b> <b><br> Jenkins job successed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>Renewal certs and keys</b> <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
    98. 

  98.     }
    99. 

  99.     failure {
    100. 

  100.       mail charset: 'UTF-8',
    101. 

  101.            subject: "Jenkins build ERROR",
    102. 

  102.            mimeType: 'text/html',
    103. 

  103.            to: "${mailto}",
    104. 

  104.            body: "<b>ATTENTION!!!</b> <b><br> Jenkins job failed.\n\n <b><br>Project Name:</b> ${env.JOB_NAME} <b><br>\nBuild Number:</b> ${env.BUILD_NUMBER} <b><br>\nURL Build:</b> ${RUN_DISPLAY_URL}"
    105. 

  105.     }
    106. 

  106.   }
    107. 

  107. }
    108.