new plan. forget end-document, doesn't cooperate.

2024-12-06 17:06:04 -05:00 · 2024-12-06 17:06:04 -05:00 · 4a4fb4158f
commit 4a4fb4158f
parent 348817a74d
2 changed files with 30 additions and 11 deletions
--- a/scripts/1clickservice.groovy
+++ b/scripts/1clickservice.groovy
@ -13,6 +13,7 @@ pipeline {
        SUDOERSSH = credentials('2c48e1a9-22b2-455c-9959-6b29e86d3fb5')
        JENKINS = credentials('68391381-e095-4b47-b956-d23055b0808e')
        GITEATOKEN = credentials('d0e86441-2157-405f-8539-a9a9010c6ecf')
+        GITEA_USR='jenkins'
    }
    stages {
        stage("environment setup") {
@ -217,18 +218,16 @@ pipeline {
                    {
                        sh """#!/bin/bash
                            ssh-keyscan -t ed25519 ${targetHost} >> ~/.ssh/known_hosts
+                            cat "${PK}"

-                            ssh -i \"${PK}\" -tt ${SUDOER_USR}@${targetHost} username=${servicename} password=${env.pw_linuxserviceaccount} pubkeycontent=${env.pubkeycontent} 'echo "${SUDOER_PSW}" | sudo -Sv && bash -s' << 'ENDSSH'
-                                useradd -m -s /bin/bash \$username
-                                echo "\$username:\$password" | chpasswd
-                                loginctl enable-linger \$username
-                                cd ~/home/\$username
-                                mkdir .ssh
-                                pushd .ssh
-                                echo \$pubkeycontent > authorized_keys
-                                popd
-                                chown -R \$username:\$username .ssh
-                            ENDSSH
+                            curl -u '${env.GITEA_USR}:${env.GITEATOKEN}' https://gitea.arg.rip/greyn/deployment/raw/branch/main/scripts/serviceaccount.sh --output serviceaccount.sh
+                            sed -i 's/USERNAMETOADD=/USERNAMETOADD="${servicename}"/' serviceaccount.sh
+                            sed -i 's/PASSWORDTOADD=/PASSWORDTOADD="${env.pw_linuxserviceaccount}"/' serviceaccount.sh
+                            sed -i 's/PUBKEYCONTENT=/PUBKEYCONTENT="${env.pubkeycontent}"/' serviceaccount.sh
+                            sed -i 's/SUDOER_PSW=/SUDOER_PSW="${SUDOER_PSW}"/' serviceaccount.sh
+
+                            ssh -i \"${PK}\" -tt ${SUDOER_USR}@${targetHost} <serviceaccount.sh
+                            rm serviceaccount.sh
                        """
                    }
                }
--- a/scripts/serviceaccount.sh
+++ b/scripts/serviceaccount.sh
@ -0,0 +1,20 @@
+#!/bin/bash
+
+USERNAMETOADD=
+PASSWORDTOADD=
+PUBKEYCONTENT=
+SUDOER_PSW=
+
+function restofscript(){
+    useradd -m -s /bin/bash ${USERNAMETOADD}
+    echo "${USERNAMETOADD}:${PASSWORDTOADD}" | chpasswd
+    loginctl enable-linger ${USERNAMETOADD}
+    cd ~/home/${USERNAMETOADD}
+    mkdir .ssh
+    pushd .ssh
+    echo ${PUBKEYCONTENT} > authorized_keys
+    popd
+    chown -R "${USERNAMETOADD}:${USERNAMETOADD}' .ssh
+}
+
+echo "${SUDOER_PSW}" | sudo -S restofscript