greyn/deployment
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: greyn:c2575e696a6781cc681a99b9eebfec6f3591c416
Branches Tags
greyn:main
greyn:service
greyn:release
greyn:predev
greyn:1
..
compare: greyn:c8b9a5cf0f26ebcfe71897980c65dca53d3c7ec0
Branches Tags
greyn:service
greyn:main
greyn:release
greyn:predev
greyn:1

No commits in common. "c2575e696a6781cc681a99b9eebfec6f3591c416" and "c8b9a5cf0f26ebcfe71897980c65dca53d3c7ec0" have entirely different histories.
c2575e696a ... c8b9a5cf0f

4 changed files with 34 additions and 126 deletions
Show Stats Expand all files Collapse all files

141
scripts/1clickservice.groovy
View File

@ -1,160 +1,71 @@
pipeline { pipeline {
agent any agent any
parameters { parameters {
string(name: 'servicename', description: "service name") string(name: 'svcname', description: "service name")
string(name: 'svcdesc', description: "service description") string(name: 'svcdesc', description: "service description")
string(name: 'targetHost', description: "system to live on", defaultValue: "alloces") boolean(name: 'database', description: "service has a database", defaultValue: false)
boolean(name: 'database', description: "service has a database", defaultValue: true)
}
environment {
pw_linuxserviceaccount=""
pw_productiondatabase=""
pw_developmentdatabase=""
SUDOER=credentials('')
SUDOERSSH=credentials('')
} }
stages { stages {
stage("environment setup") { stage("type strengthening") {
steps { steps {
script { script {
if (servicename.isEmpty()) { if (svcname.isEmpty()) {
error("servicename mandatory") error("svcname mandatory")
} }
if (servicename.contains(' ')) {
error("servicename cannot have spaces. try dashes.")
}
switch (targetHost) {
case "alloces":
SUDOER=credentials('//TODO: its usually a uuid')
SUDOERSSH='//TODO: its usually a uuid'
break
default:
error("target host not recognized. btw: no .lan, all lowercase.")
}
sh env.pw_linuxserviceaccount=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
echo env.pw_linuxserviceaccount
sh env.pw_productiondatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
echo env.pw_productiondatabase
sh env.pw_developmentdatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
echo env.pw_developmentdatabase
} }
//TODO: generate password for the service account
//TODO: generate password for prod DB
//TODO: generate password for dev DB
//TODO: save them somewhere. probably better to not lock myself out of these accounts from moment 0
} }
} }
stage("gitea project"){ stage("gitea project"){
environment {
GITEA = credentials('0bd7c8f5-046c-44b9-9c77-7a28a219ae31')
}
steps{ steps{
sh """ script {
curl -X 'POST' \ //TODO: clone _template-service
'https://gitea.arg.rip/api/v1/repos/greyn/_service-template/generate' \ //TODO: if not database version, strip out database stuff
-H 'accept: application/json' \
-H 'Authorization: token $GITEA_PSW' \
-H 'Content-Type: application/json' \
-d '{
"description": "${svcdesc}",
"git_content": true,
"git_hooks": true,
"labels": true,
"name": "${servicename}",
"owner": "greyn",
"private": false,
"protected_branch": true,
"topics": true,
"webhooks": true
}'
"""
//TODO: set up credentials for jenkins to checkout
sshagent(['credentiald-id-using-ssh-key']) {
sh """
git clone 'ssh://git@gitea.arg.rip:8022/greyn/${servicename}.git'
pushd ${servicename}
"""
} }
if(!params.database){
sh """
#//TODO: strip database stuff. sed -i?
git add .
git commit -m "stripped database stuff"
"""
}
sshagent(['credentiald-id-using-ssh-key']) {
sh """
git push
popd
"""
}
}
}
stage("jenkins pipeline"){
steps{
//TODO: tell jenkins to scan greyn pipeline
//TODO: find this new service in jenkins
//TODO: add the shared secrets to jenkins
} }
} }
stage("service account"){ stage("service account"){
steps{ steps{
script { script {
sshagent([SUDOERSSH]) //jenkins, the user trying to SSH, must be able to ssh in and sudo
{ ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
ssh $SUDOER_USR@${targetHost} username=${env.servicename} password=${env.pw_linuxserviceaccount} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH' #commands to run on remote host
useradd -m -s /bin/bash $username useradd -m -s /bin/bash $username
echo "$username:$password" | chpasswd echo "$username:$password" | chpasswd
loginctl enable-linger $username
ENDSSH ENDSSH
} }
} }
} }
}
stage("db init"){ stage("db init"){
when { expression { return params.database } } when { expression { return params.database } }
steps { steps {
//i'm pretty sure "update" with nothing will init? //i'm pretty sure "update" with nothing will init?
//meaning we don't have to init, first update will init //meaning we don't have to init, first update will init
script { script {
sshagent([SUDOERSSH]) ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
{
ssh SUDOER_USR@${targetHost} servicename=$servicename pw_productiondatabase=${env.pw_productiondatabase} pw_developmentdatabase=${env.pw_developmentdatabase} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
sudo -u postgres psql && bash -s << 'ENDPSQL'
create database $servicename;
create user $servicename with encrypted password '$pw_productiondatabase';
grant all privileges on database $servicename to $servicename;
ENDPSQL
service_dev="${servicename}_dev" sudo -u postgres psql
sudo -u postgres psql && bash -s << 'ENDPSQL' postgres=# create database mydb;
create database $service_dev; postgres=# create user myuser with encrypted password 'mypass';
create user $service_dev with encrypted password '$pw_developmentdatabase'; postgres=# grant all privileges on database mydb to myuser;
grant all privileges on database $service_dev to $service_dev;
ENDPSQL postgres=# create database mydb_dev;
postgres=# create user myuser_dev with encrypted password 'myotherpass';
postgres=# grant all privileges on database mydb_dev to myuser_dev;
ENDSSH ENDSSH
} }
} }
} }
}
stage("initial service setup"){ stage("initial service setup"){
steps{ steps{
//TODO: use ssh credentials we generated. maybe set up the dang pkey. script {
sh 'scp $servicename.service $servicename@${targetHost}:~/.config/systemd/user/$servicename.service' //TODO
ssh $servicename@${targetHost} servicename=$servicename password=${env.pw_linuxserviceaccount} 'bash -s' << 'ENDSSH'
systemctl --user daemon-reload
systemctl --user enable $servicename.service
ENDSSH
} }
} }
post {
failure {
//TODO: post error
}
success {
//TODO: post success. Especially, tell me to come get the passwords. FTP them somewhere?
}
} }
} }
} }

1
scripts/beefhaving_video.groovy
View File

@ -1 +0,0 @@
//TODO

1
scripts/dotnet_binary.groovy
View File

@ -1 +0,0 @@
//TODO

1
scripts/nupkg.groovy
View File

@ -1 +0,0 @@
//TODO