pipeline { agent any parameters { string(name: 'svcname', description: "service name") string(name: 'svcdesc', description: "service description") boolean(name: 'database', description: "service has a database", defaultValue: false) } stages { stage("type strengthening") { steps { script { if (svcname.isEmpty()) { error("svcname mandatory") } } //TODO: generate password for the service account //TODO: generate password for prod DB //TODO: generate password for dev DB //TODO: save them somewhere. probably better to not lock myself out of these accounts from moment 0 } } stage("gitea project"){ steps{ script { //TODO: clone _template-service //TODO: if not database version, strip out database stuff } } } stage("service account"){ steps{ script { //jenkins, the user trying to SSH, must be able to ssh in and sudo ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH' #commands to run on remote host useradd -m -s /bin/bash $username echo "$username:$password" | chpasswd ENDSSH } } } stage("db init"){ when { expression { return params.database } } steps { //i'm pretty sure "update" with nothing will init? //meaning we don't have to init, first update will init script { ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH' sudo -u postgres psql postgres=# create database mydb; postgres=# create user myuser with encrypted password 'mypass'; postgres=# grant all privileges on database mydb to myuser; postgres=# create database mydb_dev; postgres=# create user myuser_dev with encrypted password 'myotherpass'; postgres=# grant all privileges on database mydb_dev to myuser_dev; ENDSSH } } } stage("initial service setup"){ steps{ script { //TODO } } } } }