greyn/deployment
2
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 3 Wiki Activity

new plan. forget end-document, doesn't cooperate.
All checks were successful
gitea.arg.rip/deployment/pipeline/head This commit looks good
Details

Browse Source
This commit is contained in:
adam 2024-12-06 17:06:04 -05:00
parent 348817a74d
commit 4a4fb4158f
2 changed files with 30 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
scripts/1clickservice.groovy
View File

@ -13,6 +13,7 @@ pipeline {
SUDOERSSH = credentials('2c48e1a9-22b2-455c-9959-6b29e86d3fb5') SUDOERSSH = credentials('2c48e1a9-22b2-455c-9959-6b29e86d3fb5')
JENKINS = credentials('68391381-e095-4b47-b956-d23055b0808e') JENKINS = credentials('68391381-e095-4b47-b956-d23055b0808e')
GITEATOKEN = credentials('d0e86441-2157-405f-8539-a9a9010c6ecf') GITEATOKEN = credentials('d0e86441-2157-405f-8539-a9a9010c6ecf')
GITEA_USR='jenkins'
} }
stages { stages {
stage("environment setup") { stage("environment setup") {
@ -217,18 +218,16 @@ pipeline {
{ {
sh """#!/bin/bash sh """#!/bin/bash
ssh-keyscan -t ed25519 ${targetHost} >> ~/.ssh/known_hosts ssh-keyscan -t ed25519 ${targetHost} >> ~/.ssh/known_hosts
cat "${PK}"
ssh -i \"${PK}\" -tt ${SUDOER_USR}@${targetHost} username=${servicename} password=${env.pw_linuxserviceaccount} pubkeycontent=${env.pubkeycontent} 'echo "${SUDOER_PSW}" | sudo -Sv && bash -s' << 'ENDSSH' curl -u '${env.GITEA_USR}:${env.GITEATOKEN}' https://gitea.arg.rip/greyn/deployment/raw/branch/main/scripts/serviceaccount.sh --output serviceaccount.sh
useradd -m -s /bin/bash \$username sed -i 's/USERNAMETOADD=/USERNAMETOADD="${servicename}"/' serviceaccount.sh
echo "\$username:\$password" | chpasswd sed -i 's/PASSWORDTOADD=/PASSWORDTOADD="${env.pw_linuxserviceaccount}"/' serviceaccount.sh
loginctl enable-linger \$username sed -i 's/PUBKEYCONTENT=/PUBKEYCONTENT="${env.pubkeycontent}"/' serviceaccount.sh
cd ~/home/\$username sed -i 's/SUDOER_PSW=/SUDOER_PSW="${SUDOER_PSW}"/' serviceaccount.sh
mkdir .ssh
pushd .ssh ssh -i \"${PK}\" -tt ${SUDOER_USR}@${targetHost} <serviceaccount.sh
echo \$pubkeycontent > authorized_keys rm serviceaccount.sh
popd
chown -R \$username:\$username .ssh
ENDSSH
""" """
} }
} }

20
scripts/serviceaccount.sh Normal file
View File

@ -0,0 +1,20 @@
#!/bin/bash
USERNAMETOADD=
PASSWORDTOADD=
PUBKEYCONTENT=
SUDOER_PSW=
function restofscript(){
useradd -m -s /bin/bash ${USERNAMETOADD}
echo "${USERNAMETOADD}:${PASSWORDTOADD}" | chpasswd
loginctl enable-linger ${USERNAMETOADD}
cd ~/home/${USERNAMETOADD}
mkdir .ssh
pushd .ssh
echo ${PUBKEYCONTENT} > authorized_keys
popd
chown -R "${USERNAMETOADD}:${USERNAMETOADD}' .ssh
}
echo "${SUDOER_PSW}" | sudo -S restofscript