This commit is contained in:
parent
f085dc4aa4
commit
88419c8985
@ -4,7 +4,6 @@ pipeline {
|
||||
string(name: 'servicename', description: "service name")
|
||||
string(name: 'svcdesc', description: "service description")
|
||||
string(name: 'targetHost', description: "system to live on", defaultValue: "moloryb.lan")
|
||||
booleanParam(name: 'database', description: "service has a database", defaultValue: true)
|
||||
}
|
||||
environment {
|
||||
SUDOER_ALLOCES = credentials('a674f816-2b35-4d60-ba60-7b66e86f3c5c')
|
||||
@ -16,7 +15,7 @@ pipeline {
|
||||
GITEA_USR='jenkins'
|
||||
}
|
||||
stages {
|
||||
stage("environment setup") {
|
||||
stage("environment setup") { //my environment, here.
|
||||
steps {
|
||||
script {
|
||||
if (servicename.isEmpty()) {
|
||||
@ -124,16 +123,10 @@ pipeline {
|
||||
git -c core.sshCommand="ssh -i '$PK'\" clone ssh://git@gitea.arg.rip:8022/greyn/${servicename}.git
|
||||
#fyi, future me: pushd is useless here, it pops out. Like it's loading a script and exiting.
|
||||
"""
|
||||
script { //there's no "if" "step" so any "if" must be in a "script" step
|
||||
if(database){
|
||||
script {
|
||||
sh """#!/bin/bash
|
||||
|
||||
pushd ${servicename}
|
||||
dbstartline=\$(sed -n '/---dbstart---/=' Jenkinsfile)
|
||||
dbendline=\$(sed -n '/---dbend---/=' Jenkinsfile)
|
||||
echo \"yes db.\"
|
||||
|
||||
sed -i \"\${dbstartline}d;\${dbendline}d\" Jenkinsfile
|
||||
|
||||
databasecredsid=\$(uuidgen)
|
||||
httpBasicAuth=\"http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/\"
|
||||
@ -160,16 +153,7 @@ pipeline {
|
||||
git add .
|
||||
git commit -m \"set up for database\"
|
||||
"""
|
||||
}
|
||||
else{
|
||||
sh """#!/bin/bash
|
||||
echo \"no db\"
|
||||
pushd ${servicename}
|
||||
sed -i '\${dbstartline},\${dbendline}d;' Jenkinsfile
|
||||
git add .
|
||||
git commit -m "stripped database lines"
|
||||
"""
|
||||
}
|
||||
|
||||
|
||||
sh """#!/bin/bash
|
||||
|
||||
@ -192,10 +176,7 @@ pipeline {
|
||||
|
||||
certCredsId=\$(uuidgen)
|
||||
|
||||
# you git cloned ${servicename}. that's why it "already exists".
|
||||
ssh-keygen -t ed25519 -f "${servicename}-ssh" -N ""
|
||||
#chmod 600 \"${servicename}-ssh\"
|
||||
#chmod 600 \"${servicename}-ssh.pub\"
|
||||
privatekeycontent=\$(cat ${servicename}-ssh)
|
||||
pubkeycontent=\$(cat ${servicename}-ssh.pub)
|
||||
CRUMB=\$(curl -s 'http://${env.JENKINS_USR}:${env.JENKINS_PSW}@alloces.lan:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')
|
||||
@ -205,7 +186,7 @@ pipeline {
|
||||
"": "0",
|
||||
"credentials": {
|
||||
"scope": "GLOBAL",
|
||||
"id": "'"\$usernameCredsId"'",
|
||||
"id": "'"\$certCredsId"'",
|
||||
"username": "${servicename}",
|
||||
"password": "",
|
||||
"privateKeySource": {
|
||||
@ -224,7 +205,9 @@ pipeline {
|
||||
pushd ${servicename}
|
||||
|
||||
linuxServiceAccountStr="linuxServiceAccount=credentials(\\"\$usernameCredsId\\")"
|
||||
linuxServiceAccountIDStr="linuxServiceAccountID=\\"\$certCredsId\\""
|
||||
sed -i "s/linuxServiceAccount=creds/\$linuxServiceAccountStr/" Jenkinsfile
|
||||
sed -i "s/linuxServiceAccountID=string/\$linuxServiceAccountIDStr/" Jenkinsfile
|
||||
sed -i 's/targetHost=string/targetHost="${targetHost}"/' Jenkinsfile
|
||||
git add .
|
||||
git commit -m "linux account, service host"
|
||||
@ -260,7 +243,6 @@ pipeline {
|
||||
}
|
||||
}
|
||||
stage("db init"){
|
||||
when { expression { return params.database } }
|
||||
steps {
|
||||
//i'm pretty sure "update" with nothing will init?
|
||||
//meaning we don't have to init, first update will init
|
||||
|
||||
@ -9,11 +9,6 @@ function restofscript(){
|
||||
sudo -u postgres psql -c "create database $servicename;"
|
||||
sudo -u postgres psql -c "create user $servicename with encrypted password '$pw_productiondatabase';"
|
||||
sudo -u postgres psql -c "grant all privileges on database $servicename to $servicename;"
|
||||
|
||||
sudo -u postgres psql -c "create database $service_dev;"
|
||||
sudo -u postgres psql -c "create user $service_dev with encrypted password '$pw_developmentdatabase';"
|
||||
sudo -u postgres psql -c "grant all privileges on database $service_dev to $service_dev;"
|
||||
|
||||
}
|
||||
|
||||
echo "${SUDOER_PSW}" | sudo -S bash -c "$(declare -f restofscript); restofscript"
|
||||
|
||||
@ -9,7 +9,7 @@ function restofscript(){
|
||||
echo "${USERNAMETOADD}:${PASSWORDTOADD}" | chpasswd
|
||||
loginctl enable-linger ${USERNAMETOADD}
|
||||
mkdir /home/${USERNAMETOADD}/.ssh
|
||||
touch /home/${USERNAMETOADD}/authorized_keys
|
||||
touch /home/${USERNAMETOADD}/.ssh/authorized_keys
|
||||
cat ssh.pub >> /home/${USERNAMETOADD}/.ssh/authorized_keys
|
||||
chmod 600 /home/${USERNAMETOADD}/authorized_keys
|
||||
chown -R "${USERNAMETOADD}:${USERNAMETOADD}" /home/${USERNAMETOADD}/.ssh
|
||||
|
||||
Loading…
Reference in New Issue
Block a user