i think I have it mostly figured out, still TODOs

2024-11-17 15:01:57 -05:00 · 2024-11-17 15:01:57 -05:00 · b297a2345a
commit b297a2345a
parent c8b9a5cf0f
1 changed files with 47 additions and 28 deletions
--- a/scripts/1clickservice.groovy
+++ b/scripts/1clickservice.groovy
@ -1,40 +1,54 @@
 pipeline {
    agent any 
    parameters { 
-        string(name: 'svcname', description: "service name")
+        string(name: 'servicename', description: "service name")
        string(name: 'svcdesc', description: "service description")
-        boolean(name: 'database', description: "service has a database", defaultValue: false)
+        boolean(name: 'database', description: "service has a database", defaultValue: true)
    }
    environment {
        pw_linuxserviceaccount=""
        pw_productiondatabase=""
        pw_developmentdatabase=""
        ALLOCES = credentials('//TODO: its usually a uuid')
    }
    stages {
        stage("type strengthening") {
            steps {
                script {
-                    if (svcname.isEmpty()) {
+                    if (servicename.isEmpty()) {
-                        error("svcname mandatory")
+                        error("servicename mandatory")
                    }
                    if (servicename.contains(' ')) {
                        error("servicename cannot have spaces. try dashes.")
                    }
-                //TODO: generate password for the service account
+                    sh env.pw_linuxserviceaccount=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
-                //TODO: generate password for prod DB
+                    sh env.pw_productiondatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
-                //TODO: generate password for dev DB
+                    sh env.pw_developmentdatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
                    //TODO: save them somewhere. probably better to not lock myself out of these accounts from moment 0 
                }
            }
        }
        stage("gitea project"){
            steps{
-                script {
+                //TODO: clone _template-service. Must be under greyn.
                    //TODO: clone _template-service
                //TODO: if not database version, strip out database stuff
            }
        }
        stage("jenkins pipeline"){
            steps{
                //TODO: tell jenkins to scan greyn pipeline
                //TODO: find this new service in jenkins
                //TODO: add the shared secrets to jenkins
            }
        }
        stage("service account"){
            steps{
                script {
                    //jenkins, the user trying to SSH, must be able to ssh in and sudo
-                    ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
+                    ssh user@host username=$servicename password=${env.pw_linuxserviceaccount} 'echo "$ALLOCES_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
                        #commands to run on remote host
                        useradd -m -s /bin/bash $username
                        echo "$username:$password" | chpasswd
                        loginctl enable-linger $username
                    ENDSSH
                }
            }
@ -45,16 +59,19 @@ pipeline {
                //i'm pretty sure "update" with nothing will init? 
                //meaning we don't have to init, first update will init
                script {
-                    ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
+                    ssh user@host servicename=$servicename pw_productiondatabase=${env.pw_productiondatabase} pw_developmentdatabase=${env.pw_developmentdatabase} 'echo "$ALLOCES_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
                        sudo -u postgres psql && bash -s << 'ENDPSQL'
                            create database $servicename;
                            create user $servicename with encrypted password '$pw_productiondatabase';
                            grant all privileges on database $servicename to $servicename;
                        ENDPSQL
-                    sudo -u postgres psql
+                        service_dev="${servicename}_dev"
-                    postgres=# create database mydb;
+                        sudo -u postgres psql && bash -s << 'ENDPSQL'
-                    postgres=# create user myuser with encrypted password 'mypass';
+                            create database $service_dev;
-                    postgres=# grant all privileges on database mydb to myuser;
+                            create user $service_dev with encrypted password '$pw_developmentdatabase';
-
+                            grant all privileges on database $service_dev to $service_dev;
-                    postgres=# create database mydb_dev;
+                        ENDPSQL
                    postgres=# create user myuser_dev with encrypted password 'myotherpass';
                    postgres=# grant all privileges on database mydb_dev to myuser_dev;
                    ENDSSH
                }
@ -62,9 +79,11 @@ pipeline {
        }
        stage("initial service setup"){
            steps{
-                script {
+                sh 'scp $servicename.service user@server:~/.config/systemd/user/$servicename.service'
-                    //TODO
+                ssh user@host servicename=$servicename svcpw=$ARG2 'echo "$ALLOCES_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
-                }
+                    systemctl --user daemon-reload
                    systemctl --user enable $servicename.service
                ENDSSH
            }
        }
    }