Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- pipeline {
- agent any
- options {
- disableConcurrentBuilds()
- buildDiscarder(logRotator(numToKeepStr: '20'))
- skipDefaultCheckout()
- skipStagesAfterUnstable()
- }
- parameters {
- booleanParam(name: 'DRY_RUN', defaultValue: false, description: 'only make a dry run, no real deploy')
- choice(name: 'MODE', choices: ['create','revoke'], description: 'Select the mode the Deploy should run in')
- string(name: 'BRANCH', defaultValue: 'master', description: 'Which Branch should be deployed')
- string(name: 'SERVER', defaultValue: 'radius', description: '(optional) to which server deploy to')
- string(name: 'USER', defaultValue: '', description: 'The user account name of the employee')
- string(name: 'COMMENT', defaultValue: '', description: 'Why running the deploy')
- }
- stages {
- stage('Preparation') {
- steps {
- dir("ansible") {
- checkout([$class: 'GitSCM', branches: [[name: '*/master']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: '19b8bee6-eab5-4aa7-bddd-bb60949ee603', url: 'git@git.pixum.net:pixum-devops/ansible-provisioning.git']]])
- }
- dir("${WORKSPACE}/radius-auth") {
- checkout([$class: 'GitSCM', branches: [[name: '*/master']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: '19b8bee6-eab5-4aa7-bddd-bb60949ee603', url: 'git@git.pixum.net:pixum-internalit/radius-auth.git']]])
- }
- }
- }
- stage('Build') {
- agent {
- docker {
- image 'webdevops/ansible:debian-8'
- reuseNode true
- args "-u root:sudo -e HOME=${WORKSPACE} -v /etc/passwd:/etc/passwd -v ${WORKSPACE}/ansible:/usr/ansible -v ${WORKSPACE}/radius-auth:/usr/radius"
- }
- }
- steps {
- script {
- if (params.MODE == "create") {
- sh "cd /usr/ansible && ansible-playbook -i inventories/office freeradius.yml --limit 'radius*' -u freeradius --private-key 'roles/freeradius/files/freeradius_priv_key' --skip-tags 'common,sensu' --tags='certCreate' -e '{'global_pixum_employees': ['${params.USER}']}'"
- sh "scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -r -i /usr/ansible/roles/freeradius/files/freeradius_priv_key freeradius@${params.SERVER}.pixum.net:/etc/freeradius/3.0/certs/clients/${params.USER}.p12 /usr/radius/certificates/${params.USER}.p12"
- sh "scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -r -i /usr/ansible/roles/freeradius/files/freeradius_priv_key freeradius@${params.SERVER}.pixum.net:/etc/freeradius/3.0/certs/clients/secrets /usr/radius/certificates/000PW.txt"
- } else {
- sh "cd /usr/ansible && ansible-playbook -i inventories/office freeradius.yml --limit 'radius*' -u freeradius --private-key 'roles/freeradius/files/freeradius_priv_key' --skip-tags 'common,sensu' --tags='certRevoke' -e '{'global_pixum_remove_employees': ['${params.USER}']}'"
- }
- }
- }
- }
- stage('Update') {
- steps {
- dir("${WORKSPACE}/radius-auth") {
- sshagent (credentials: ['jenkins-ssh-key']) {
- script {
- if (params.MODE == "create") {
- sh """#!/bin/bash
- git config --global user.email "jenkins@pixum.com"
- git config --global user.name "Jenkins"
- git add .
- git commit -m "Automatically generated certificate for \"${params.USER}\""
- git push -u origin HEAD:master
- """
- }
- }
- }
- }
- }
- }
- }
- post {
- always {
- logJob()
- notifyUnstable()
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement