Compare commits

..

No commits in common. "25a2dc093e97cbc11bb5d2a72ea112429b6514cc" and "c8b9a5cf0f26ebcfe71897980c65dca53d3c7ec0" have entirely different histories.

4 changed files with 28 additions and 50 deletions

View File

@ -1,54 +1,40 @@
pipeline {
agent any
parameters {
string(name: 'servicename', description: "service name")
string(name: 'svcname', description: "service name")
string(name: 'svcdesc', description: "service description")
boolean(name: 'database', description: "service has a database", defaultValue: true)
}
environment {
pw_linuxserviceaccount=""
pw_productiondatabase=""
pw_developmentdatabase=""
ALLOCES = credentials('//TODO: its usually a uuid')
boolean(name: 'database', description: "service has a database", defaultValue: false)
}
stages {
stage("type strengthening") {
steps {
script {
if (servicename.isEmpty()) {
error("servicename mandatory")
if (svcname.isEmpty()) {
error("svcname mandatory")
}
if (servicename.contains(' ')) {
error("servicename cannot have spaces. try dashes.")
}
sh env.pw_linuxserviceaccount=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
sh env.pw_productiondatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
sh env.pw_developmentdatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
//TODO: generate password for the service account
//TODO: generate password for prod DB
//TODO: generate password for dev DB
//TODO: save them somewhere. probably better to not lock myself out of these accounts from moment 0
}
}
}
stage("gitea project"){
steps{
//TODO: clone _template-service. Must be under greyn.
script {
//TODO: clone _template-service
//TODO: if not database version, strip out database stuff
}
}
stage("jenkins pipeline"){
steps{
//TODO: tell jenkins to scan greyn pipeline
//TODO: find this new service in jenkins
//TODO: add the shared secrets to jenkins
}
}
stage("service account"){
steps{
script {
//jenkins, the user trying to SSH, must be able to ssh in and sudo
ssh user@host username=$servicename password=${env.pw_linuxserviceaccount} 'echo "$ALLOCES_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
#commands to run on remote host
useradd -m -s /bin/bash $username
echo "$username:$password" | chpasswd
loginctl enable-linger $username
ENDSSH
}
}
@ -59,19 +45,16 @@ pipeline {
//i'm pretty sure "update" with nothing will init?
//meaning we don't have to init, first update will init
script {
ssh user@host servicename=$servicename pw_productiondatabase=${env.pw_productiondatabase} pw_developmentdatabase=${env.pw_developmentdatabase} 'echo "$ALLOCES_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
sudo -u postgres psql && bash -s << 'ENDPSQL'
create database $servicename;
create user $servicename with encrypted password '$pw_productiondatabase';
grant all privileges on database $servicename to $servicename;
ENDPSQL
ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
service_dev="${servicename}_dev"
sudo -u postgres psql && bash -s << 'ENDPSQL'
create database $service_dev;
create user $service_dev with encrypted password '$pw_developmentdatabase';
grant all privileges on database $service_dev to $service_dev;
ENDPSQL
sudo -u postgres psql
postgres=# create database mydb;
postgres=# create user myuser with encrypted password 'mypass';
postgres=# grant all privileges on database mydb to myuser;
postgres=# create database mydb_dev;
postgres=# create user myuser_dev with encrypted password 'myotherpass';
postgres=# grant all privileges on database mydb_dev to myuser_dev;
ENDSSH
}
@ -79,11 +62,9 @@ pipeline {
}
stage("initial service setup"){
steps{
sh 'scp $servicename.service user@server:~/.config/systemd/user/$servicename.service'
ssh user@host servicename=$servicename svcpw=$ARG2 'echo "$ALLOCES_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
systemctl --user daemon-reload
systemctl --user enable $servicename.service
ENDSSH
script {
//TODO
}
}
}
}

View File

@ -1 +0,0 @@
//TODO

View File

@ -1 +0,0 @@
//TODO

View File

@ -1 +0,0 @@
//TODO