diff --git a/scripts/1clickservice.groovy b/scripts/1clickservice.groovy index ad9de03..5ae4598 100644 --- a/scripts/1clickservice.groovy +++ b/scripts/1clickservice.groovy @@ -3,6 +3,7 @@ pipeline { parameters { string(name: 'svcname', description: "service name") string(name: 'svcdesc', description: "service description") + boolean(name: 'database', description: "service has a database", defaultValue: false) } stages { stage("type strengthening") { @@ -12,18 +13,24 @@ pipeline { error("svcname mandatory") } } + //TODO: generate password for the service account + //TODO: generate password for prod DB + //TODO: generate password for dev DB + //TODO: save them somewhere. probably better to not lock myself out of these accounts from moment 0 } } stage("gitea project"){ steps{ script { //TODO: clone _template-service + //TODO: if not database version, strip out database stuff } } } stage("service account"){ steps{ script { + //jenkins, the user trying to SSH, must be able to ssh in and sudo ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH' #commands to run on remote host useradd -m -s /bin/bash $username @@ -32,6 +39,27 @@ pipeline { } } } + stage("db init"){ + when { expression { return params.database } } + steps { + //i'm pretty sure "update" with nothing will init? + //meaning we don't have to init, first update will init + script { + ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH' + + sudo -u postgres psql + postgres=# create database mydb; + postgres=# create user myuser with encrypted password 'mypass'; + postgres=# grant all privileges on database mydb to myuser; + + postgres=# create database mydb_dev; + postgres=# create user myuser_dev with encrypted password 'myotherpass'; + postgres=# grant all privileges on database mydb_dev to myuser_dev; + + ENDSSH + } + } + } stage("initial service setup"){ steps{ script {