omg it works.
All checks were successful
gitea.arg.rip/deployment/pipeline/head This commit looks good
All checks were successful
gitea.arg.rip/deployment/pipeline/head This commit looks good
This commit is contained in:
parent
a47de1098c
commit
a672887719
@ -97,7 +97,7 @@ pipeline {
|
||||
sh """#!/bin/bash
|
||||
|
||||
#mkdir -p ~/.ssh
|
||||
#ssh-keyscan -t ed25519 gitea.arg.rip >> ~/.ssh/known_hosts
|
||||
ssh-keyscan -t ed25519 gitea.arg.rip >> ~/.ssh/known_hosts
|
||||
#cat ~/.ssh/known_hosts
|
||||
#shit doesn't work. ssh in, git clone, get your shit set up for keys.
|
||||
git -c core.sshCommand="ssh -i '$PK'\" clone ssh://git@gitea.arg.rip:8022/greyn/${servicename}.git
|
||||
@ -222,15 +222,11 @@ pipeline {
|
||||
sh """#!/bin/bash
|
||||
ssh-keyscan -t ed25519 ${targetHost} >> ~/.ssh/known_hosts
|
||||
|
||||
curl -u '${env.GITEA_USR}:${env.GITEATOKEN}' https://gitea.arg.rip/greyn/deployment/raw/branch/service/scripts/serviceaccount.sh --output serviceaccount.sh
|
||||
curl -u '${env.GITEA_USR}:${env.GITEATOKEN}' https://gitea.arg.rip/greyn/deployment/raw/branch/main/scripts/serviceaccount.sh --output serviceaccount.sh
|
||||
sed -i 's/USERNAMETOADD=/USERNAMETOADD="${servicename}"/' serviceaccount.sh
|
||||
sed -i 's/PASSWORDTOADD=/PASSWORDTOADD="${env.pw_linuxserviceaccount}"/' serviceaccount.sh
|
||||
sed -i 's/SUDOER_PSW=/SUDOER_PSW="${SUDOER_PSW}"/' serviceaccount.sh
|
||||
|
||||
echo "serviceaccount :)"
|
||||
|
||||
cat serviceaccount.sh
|
||||
|
||||
ssh -i \"${PK}\" -tt ${SUDOER_USR}@${targetHost} <serviceaccount.sh
|
||||
rm serviceaccount.sh
|
||||
"""
|
||||
@ -247,23 +243,16 @@ pipeline {
|
||||
withCredentials([sshUserPrivateKey(credentialsId: env.SUDOERSSHID, keyFileVariable: 'PK')])
|
||||
{
|
||||
sh """#!/bin/bash
|
||||
ssh-keyscan -t ed25519 ${targetHost} >> ~/.ssh/known_hosts
|
||||
|
||||
ssh -i \"${PK}\" -tt ${SUDOER_USR}@${targetHost} servicename=${servicename} pw_productiondatabase=${env.pw_productiondatabase} pw_developmentdatabase=${env.pw_developmentdatabase} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
|
||||
sudo -u postgres psql && bash -s << 'ENDPSQL'
|
||||
create database $servicename;
|
||||
create user $servicename with encrypted password '$pw_productiondatabase';
|
||||
grant all privileges on database $servicename to $servicename;
|
||||
ENDPSQL
|
||||
curl -u '${env.GITEA_USR}:${env.GITEATOKEN}' https://gitea.arg.rip/greyn/deployment/raw/branch/main/scripts/databases.sh --output databases.sh
|
||||
|
||||
service_dev="${servicename}_dev"
|
||||
sudo -u postgres psql && bash -s << 'ENDPSQL'
|
||||
create database \$service_dev;
|
||||
create user \$service_dev with encrypted password '\$pw_developmentdatabase';
|
||||
grant all privileges on database \$service_dev to \$service_dev;
|
||||
ENDPSQL
|
||||
sed -i 's/SUDOER_PSW=/SUDOER_PSW="${SUDOER_PSW}"/' databases.sh
|
||||
sed -i 's/pw_productiondatabase=/pw_productiondatabase="${env.pw_productiondatabase}/' databases.sh
|
||||
sed -i 's/pw_developmentdatabase=/pw_developmentdatabase="${env.pw_developmentdatabase}/' databases.sh
|
||||
sed -i 's/servicename=/servicename="${servicename}"/' databases.sh
|
||||
|
||||
ENDSSH
|
||||
ssh -i \"${PK}\" -tt ${SUDOER_USR}@${targetHost} <databases.sh
|
||||
rm databases.sh
|
||||
"""
|
||||
}
|
||||
}
|
||||
@ -271,16 +260,13 @@ pipeline {
|
||||
}
|
||||
stage("initial service setup"){
|
||||
steps{
|
||||
sshagent([SUDOERSSH])
|
||||
{
|
||||
sh 'scp ${servicename}.service ${servicename}@${targetHost}:~/.config/systemd/user/${servicename}.service'
|
||||
sh """ssh -tt $SUDOER_USR@${targetHost} servicename=${servicename} pw_productiondatabase=${env.pw_productiondatabase} pw_developmentdatabase=${env.pw_developmentdatabase} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
|
||||
sudo -u ${servicename} && bash -s << 'ENDASSERVICE'
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user enable ${servicename}.service
|
||||
ENDASSERVICE
|
||||
ENDSSH"""
|
||||
}
|
||||
sh """#!/bin/bash
|
||||
ssh -i "${servicename}-ssh" -tt ${servicename}@${targetHost} "mkdir -p ~/.config/systemd/user/"
|
||||
scp -i "${servicename}-ssh" ${servicename}/${servicename}.service ${servicename}@${targetHost}:~/.config/systemd/user/${servicename}.service
|
||||
|
||||
ssh -i "${servicename}-ssh" -tt ${servicename}@${targetHost} 'systemctl --user daemon-reload'
|
||||
ssh -i "${servicename}-ssh" -tt ${servicename}@${targetHost} 'systemctl --user enable ${servicename}.service'
|
||||
"""
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user