Compare commits

..

No commits in common. "25a2dc093e97cbc11bb5d2a72ea112429b6514cc" and "c8b9a5cf0f26ebcfe71897980c65dca53d3c7ec0" have entirely different histories.

4 changed files with 28 additions and 50 deletions

View File

@ -1,54 +1,40 @@
pipeline { pipeline {
agent any agent any
parameters { parameters {
string(name: 'servicename', description: "service name") string(name: 'svcname', description: "service name")
string(name: 'svcdesc', description: "service description") string(name: 'svcdesc', description: "service description")
boolean(name: 'database', description: "service has a database", defaultValue: true) boolean(name: 'database', description: "service has a database", defaultValue: false)
} }
environment {
pw_linuxserviceaccount=""
pw_productiondatabase=""
pw_developmentdatabase=""
ALLOCES = credentials('//TODO: its usually a uuid')
}
stages { stages {
stage("type strengthening") { stage("type strengthening") {
steps { steps {
script { script {
if (servicename.isEmpty()) { if (svcname.isEmpty()) {
error("servicename mandatory") error("svcname mandatory")
} }
if (servicename.contains(' ')) {
error("servicename cannot have spaces. try dashes.")
}
sh env.pw_linuxserviceaccount=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
sh env.pw_productiondatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
sh env.pw_developmentdatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
//TODO: save them somewhere. probably better to not lock myself out of these accounts from moment 0
} }
//TODO: generate password for the service account
//TODO: generate password for prod DB
//TODO: generate password for dev DB
//TODO: save them somewhere. probably better to not lock myself out of these accounts from moment 0
} }
} }
stage("gitea project"){ stage("gitea project"){
steps{ steps{
//TODO: clone _template-service. Must be under greyn. script {
//TODO: if not database version, strip out database stuff //TODO: clone _template-service
} //TODO: if not database version, strip out database stuff
} }
stage("jenkins pipeline"){
steps{
//TODO: tell jenkins to scan greyn pipeline
//TODO: find this new service in jenkins
//TODO: add the shared secrets to jenkins
} }
} }
stage("service account"){ stage("service account"){
steps{ steps{
script { script {
//jenkins, the user trying to SSH, must be able to ssh in and sudo //jenkins, the user trying to SSH, must be able to ssh in and sudo
ssh user@host username=$servicename password=${env.pw_linuxserviceaccount} 'echo "$ALLOCES_PSW" | sudo -Sv && bash -s' << 'ENDSSH' ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
#commands to run on remote host
useradd -m -s /bin/bash $username useradd -m -s /bin/bash $username
echo "$username:$password" | chpasswd echo "$username:$password" | chpasswd
loginctl enable-linger $username
ENDSSH ENDSSH
} }
} }
@ -59,19 +45,16 @@ pipeline {
//i'm pretty sure "update" with nothing will init? //i'm pretty sure "update" with nothing will init?
//meaning we don't have to init, first update will init //meaning we don't have to init, first update will init
script { script {
ssh user@host servicename=$servicename pw_productiondatabase=${env.pw_productiondatabase} pw_developmentdatabase=${env.pw_developmentdatabase} 'echo "$ALLOCES_PSW" | sudo -Sv && bash -s' << 'ENDSSH' ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
sudo -u postgres psql && bash -s << 'ENDPSQL'
create database $servicename; sudo -u postgres psql
create user $servicename with encrypted password '$pw_productiondatabase'; postgres=# create database mydb;
grant all privileges on database $servicename to $servicename; postgres=# create user myuser with encrypted password 'mypass';
ENDPSQL postgres=# grant all privileges on database mydb to myuser;
service_dev="${servicename}_dev" postgres=# create database mydb_dev;
sudo -u postgres psql && bash -s << 'ENDPSQL' postgres=# create user myuser_dev with encrypted password 'myotherpass';
create database $service_dev; postgres=# grant all privileges on database mydb_dev to myuser_dev;
create user $service_dev with encrypted password '$pw_developmentdatabase';
grant all privileges on database $service_dev to $service_dev;
ENDPSQL
ENDSSH ENDSSH
} }
@ -79,11 +62,9 @@ pipeline {
} }
stage("initial service setup"){ stage("initial service setup"){
steps{ steps{
sh 'scp $servicename.service user@server:~/.config/systemd/user/$servicename.service' script {
ssh user@host servicename=$servicename svcpw=$ARG2 'echo "$ALLOCES_PSW" | sudo -Sv && bash -s' << 'ENDSSH' //TODO
systemctl --user daemon-reload }
systemctl --user enable $servicename.service
ENDSSH
} }
} }
} }

View File

@ -1 +0,0 @@
//TODO

View File

@ -1 +0,0 @@
//TODO

View File

@ -1 +0,0 @@
//TODO