pipeline { agent any parameters { string(name: 'servicename', description: "service name") string(name: 'svcdesc', description: "service description") string(name: 'targetHost', description: "system to live on", defaultValue: "alloces") boolean(name: 'database', description: "service has a database", defaultValue: true) } environment { pw_linuxserviceaccount="" pw_productiondatabase="" pw_developmentdatabase="" SUDOER=credentials('') SUDOERSSH=credentials('') } stages { stage("environment setup") { steps { script { if (servicename.isEmpty()) { error("servicename mandatory") } if (servicename.contains(' ')) { error("servicename cannot have spaces. try dashes.") } switch (targetHost) { case "alloces": SUDOER=credentials('//TODO: its usually a uuid') SUDOERSSH='//TODO: its usually a uuid' break default: error("target host not recognized. btw: no .lan, all lowercase.") } sh env.pw_linuxserviceaccount=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) echo env.pw_linuxserviceaccount sh env.pw_productiondatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) echo env.pw_productiondatabase sh env.pw_developmentdatabase=$(mktemp -u XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) echo env.pw_developmentdatabase } } } stage("gitea project"){ environment { GITEA = credentials('0bd7c8f5-046c-44b9-9c77-7a28a219ae31') } steps{ sh """ curl -X 'POST' \ 'https://gitea.arg.rip/api/v1/repos/greyn/_service-template/generate' \ -H 'accept: application/json' \ -H 'Authorization: token $GITEA_PSW' \ -H 'Content-Type: application/json' \ -d '{ "description": "${svcdesc}", "git_content": true, "git_hooks": true, "labels": true, "name": "${servicename}", "owner": "greyn", "private": false, "protected_branch": true, "topics": true, "webhooks": true }' """ if(!params.database){ //TODO: set up credentials for jenkins to checkout sshagent(['credentiald-id-using-ssh-key']) { sh """ git clone 'ssh://git@gitea.arg.rip:8022/greyn/${servicename}.git' pushd ${servicename} #//TODO: strip database stuff. sed -i? git add . git commit -m "stripped database stuff" git push """ } } } } stage("jenkins pipeline"){ steps{ //TODO: tell jenkins to scan greyn pipeline //TODO: find this new service in jenkins //TODO: add the shared secrets to jenkins } } stage("service account"){ steps{ script { sshagent([SUDOERSSH]) { ssh $SUDOER_USR@${targetHost} username=${env.servicename} password=${env.pw_linuxserviceaccount} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH' useradd -m -s /bin/bash $username echo "$username:$password" | chpasswd loginctl enable-linger $username ENDSSH } } } } stage("db init"){ when { expression { return params.database } } steps { //i'm pretty sure "update" with nothing will init? //meaning we don't have to init, first update will init script { sshagent([SUDOERSSH]) { ssh SUDOER_USR@${targetHost} servicename=$servicename pw_productiondatabase=${env.pw_productiondatabase} pw_developmentdatabase=${env.pw_developmentdatabase} 'echo "$SUDOER_PSW" | sudo -Sv && bash -s' << 'ENDSSH' sudo -u postgres psql && bash -s << 'ENDPSQL' create database $servicename; create user $servicename with encrypted password '$pw_productiondatabase'; grant all privileges on database $servicename to $servicename; ENDPSQL service_dev="${servicename}_dev" sudo -u postgres psql && bash -s << 'ENDPSQL' create database $service_dev; create user $service_dev with encrypted password '$pw_developmentdatabase'; grant all privileges on database $service_dev to $service_dev; ENDPSQL ENDSSH } } } } stage("initial service setup"){ steps{ //TODO: use ssh credentials we generated. maybe set up the dang pkey. sh 'scp $servicename.service $servicename@${targetHost}:~/.config/systemd/user/$servicename.service' ssh $servicename@${targetHost} servicename=$servicename password=${env.pw_linuxserviceaccount} 'bash -s' << 'ENDSSH' systemctl --user daemon-reload systemctl --user enable $servicename.service ENDSSH } } post { failure { //TODO: post error } success { //TODO: post success. Especially, tell me to come get the passwords. FTP them somewhere? } } } }