greyn/deployment
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
c8b9a5cf0f
deployment/scripts/1clickservice.groovy
adam c8b9a5cf0f
All checks were successful
gitea.arg.rip/deployment/pipeline/head This commit looks good
Details
more elaboration, still full of TODO's
2024-11-17 13:24:01 -05:00

71 lines
2.7 KiB
Groovy
Raw Blame History

pipeline {
agent any
parameters {
string(name: 'svcname', description: "service name")
string(name: 'svcdesc', description: "service description")
boolean(name: 'database', description: "service has a database", defaultValue: false)
}
stages {
stage("type strengthening") {
steps {
script {
if (svcname.isEmpty()) {
error("svcname mandatory")
}
}
//TODO: generate password for the service account
//TODO: generate password for prod DB
//TODO: generate password for dev DB
//TODO: save them somewhere. probably better to not lock myself out of these accounts from moment 0
}
}
stage("gitea project"){
steps{
script {
//TODO: clone _template-service
//TODO: if not database version, strip out database stuff
}
}
}
stage("service account"){
steps{
script {
//jenkins, the user trying to SSH, must be able to ssh in and sudo
ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
#commands to run on remote host
useradd -m -s /bin/bash $username
echo "$username:$password" | chpasswd
ENDSSH
}
}
}
stage("db init"){
when { expression { return params.database } }
steps {
//i'm pretty sure "update" with nothing will init?
//meaning we don't have to init, first update will init
script {
ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
sudo -u postgres psql
postgres=# create database mydb;
postgres=# create user myuser with encrypted password 'mypass';
postgres=# grant all privileges on database mydb to myuser;
postgres=# create database mydb_dev;
postgres=# create user myuser_dev with encrypted password 'myotherpass';
postgres=# grant all privileges on database mydb_dev to myuser_dev;
ENDSSH
}
}
}
stage("initial service setup"){
steps{
script {
//TODO
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink