greyn/deployment
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: greyn:c2575e696a6781cc681a99b9eebfec6f3591c416
Branches Tags
greyn:main
greyn:service
greyn:release
greyn:predev
greyn:1
..
compare: greyn:c8b9a5cf0f26ebcfe71897980c65dca53d3c7ec0
Branches Tags
greyn:service
greyn:main
greyn:release
greyn:predev
greyn:1

No commits in common. "c2575e696a6781cc681a99b9eebfec6f3591c416" and "c8b9a5cf0f26ebcfe71897980c65dca53d3c7ec0" have entirely different histories.
c2575e696a ... c8b9a5cf0f

4 changed files with 34 additions and 126 deletions
Show Stats Expand all files Collapse all files

141
scripts/1clickservice.groovy
View File

@ -1,160 +1,71 @@
pipeline {
agent any
parameters {
string(name: 'servicename', description: "service name")
string(name: 'svcname', description: "service name")
string(name: 'svcdesc', description: "service description")
string(name: 'targetHost', description: "system to live on", defaultValue: "alloces")
boolean(name: 'database', description: "service has a database", defaultValue: true)
}
environment {
pw_linuxserviceaccount=""
pw_productiondatabase=""
pw_developmentdatabase=""
SUDOER=credentials('')
SUDOERSSH=credentials('')
boolean(name: 'database', description: "service has a database", defaultValue: false)
}
stages {
stage("environment setup") {
stage("type strengthening") {
steps {
script {
if (servicename.isEmpty()) {
error("servicename mandatory")
if (svcname.isEmpty()) {
error("svcname mandatory")
}
if (servicename.contains(' ')) {
error("servicename cannot have spaces. try dashes.")
}
switch (targetHost) {
case "alloces":
SUDOER=credentials('//TODO: its usually a uuid')
SUDOERSSH='//TODO: its usually a uuid'
break
default:
error("target host not recognized. btw: no .lan, all lowercase.")
}
sh env.pw_linuxserviceaccount=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
echo env.pw_linuxserviceaccount
sh env.pw_productiondatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
echo env.pw_productiondatabase
sh env.pw_developmentdatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
echo env.pw_developmentdatabase
}
//TODO: generate password for the service account
//TODO: generate password for prod DB
//TODO: generate password for dev DB
//TODO: save them somewhere. probably better to not lock myself out of these accounts from moment 0
}
}
stage("gitea project"){
environment {
GITEA = credentials('0bd7c8f5-046c-44b9-9c77-7a28a219ae31')
}
steps{
sh """
curl -X 'POST' \
'https://gitea.arg.rip/api/v1/repos/greyn/_service-template/generate' \
-H 'accept: application/json' \
-H 'Authorization: token $GITEA_PSW' \
-H 'Content-Type: application/json' \
-d '{
"description": "${svcdesc}",
"git_content": true,
"git_hooks": true,
"labels": true,
"name": "${servicename}",
"owner": "greyn",
"private": false,
"protected_branch": true,
"topics": true,
"webhooks": true
}'
"""
//TODO: set up credentials for jenkins to checkout
sshagent(['credentiald-id-using-ssh-key']) {
sh """
git clone 'ssh://git@gitea.arg.rip:8022/greyn/${servicename}.git'
pushd ${servicename}
"""
script {
//TODO: clone _template-service
//TODO: if not database version, strip out database stuff
}
if(!params.database){
sh """
#//TODO: strip database stuff. sed -i?
git add .
git commit -m "stripped database stuff"
"""
}
sshagent(['credentiald-id-using-ssh-key']) {
sh """
git push
popd
"""
}
}
}
stage("jenkins pipeline"){
steps{
//TODO: tell jenkins to scan greyn pipeline
//TODO: find this new service in jenkins
//TODO: add the shared secrets to jenkins
}
}
stage("service account"){
steps{
script {
sshagent([SUDOERSSH])
{
ssh $SUDOER_USR@${targetHost} username=${env.servicename} password=${env.pw_linuxserviceaccount} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
//jenkins, the user trying to SSH, must be able to ssh in and sudo
ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
#commands to run on remote host
useradd -m -s /bin/bash $username
echo "$username:$password" | chpasswd
loginctl enable-linger $username
ENDSSH
}
}
}
}
stage("db init"){
when { expression { return params.database } }
steps {
//i'm pretty sure "update" with nothing will init?
//meaning we don't have to init, first update will init
script {
sshagent([SUDOERSSH])
{
ssh SUDOER_USR@${targetHost} servicename=$servicename pw_productiondatabase=${env.pw_productiondatabase} pw_developmentdatabase=${env.pw_developmentdatabase} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH'
sudo -u postgres psql && bash -s << 'ENDPSQL'
create database $servicename;
create user $servicename with encrypted password '$pw_productiondatabase';
grant all privileges on database $servicename to $servicename;
ENDPSQL
ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
service_dev="${servicename}_dev"
sudo -u postgres psql && bash -s << 'ENDPSQL'
create database $service_dev;
create user $service_dev with encrypted password '$pw_developmentdatabase';
grant all privileges on database $service_dev to $service_dev;
ENDPSQL
sudo -u postgres psql
postgres=# create database mydb;
postgres=# create user myuser with encrypted password 'mypass';
postgres=# grant all privileges on database mydb to myuser;
postgres=# create database mydb_dev;
postgres=# create user myuser_dev with encrypted password 'myotherpass';
postgres=# grant all privileges on database mydb_dev to myuser_dev;
ENDSSH
}
}
}
}
stage("initial service setup"){
steps{
//TODO: use ssh credentials we generated. maybe set up the dang pkey.
sh 'scp $servicename.service $servicename@${targetHost}:~/.config/systemd/user/$servicename.service'
ssh $servicename@${targetHost} servicename=$servicename password=${env.pw_linuxserviceaccount} 'bash -s' << 'ENDSSH'
systemctl --user daemon-reload
systemctl --user enable $servicename.service
ENDSSH
script {
//TODO
}
}
post {
failure {
//TODO: post error
}
success {
//TODO: post success. Especially, tell me to come get the passwords. FTP them somewhere?
}
}
}
}

1
scripts/beefhaving_video.groovy
View File

@ -1 +0,0 @@
//TODO

1
scripts/dotnet_binary.groovy
View File

@ -1 +0,0 @@
//TODO

1
scripts/nupkg.groovy
View File

@ -1 +0,0 @@
//TODO