diff --git a/ci/Dockerfile b/ci/Dockerfile new file mode 100644 index 0000000..ae6caba --- /dev/null +++ b/ci/Dockerfile @@ -0,0 +1,14 @@ +FROM fedora:27 + +RUN dnf install -y \ + ansible \ + openssh-clients \ + python2-netaddr + +# XXX These UID/GIDs must match the Jenkins UID/GID on the agent +RUN groupadd -g 992 jenkins +RUN useradd -u 995 -g jenkins -c Jenkins -d /var/lib/jenkins -m jenkins + +RUN install -m 700 -o jenkins -g jenkins -d /var/lib/jenkins/.ssh +COPY known_hosts /var/lib/jenkins/.ssh/ +RUN chown jenkins:jenkins /var/lib/jenkins/.ssh/known_hosts diff --git a/ci/dch-gw.jenkinsfile b/ci/dch-gw.jenkinsfile new file mode 100644 index 0000000..ee4df48 --- /dev/null +++ b/ci/dch-gw.jenkinsfile @@ -0,0 +1,50 @@ +// vim: set ft=groovy sw=4 ts=4 sts=4 et : + +pipeline { + agent { + dockerfile { + dir 'ci' + } + } + + triggers { + pollSCM '' + } + + stages { + stage('Prepare') { + steps { + withCredentials([file( + credentialsId: 'vault-jenkins@gw0', + variable: 'SUDO_PASS_FILE')]) { + sh 'cp -f "${SUDO_PASS_FILE}" host_vars/gw0/sudo-pass' + } + } + } + + stage('Services') { + steps { + withCredentials([file( + credentialsId: 'ansible-vault', + variable: 'ANSIBLE_VAULT_PASSWORD_FILE')]) { + sshagent(['jenkins-ssh']) { + sh 'ansible-playbook --diff -b dhcpd.yml radvd.yml' + } + } + } + } + + stage('Firewall') { + steps { + withCredentials([file( + credentialsId: 'ansible-vault', + variable: 'ANSIBLE_VAULT_PASSWORD_FILE')]) { + sshagent(['jenkins-ssh']) { + sh 'ansible-playbook --diff -b dch-gw.yml' + } + } + } + + } + } +} diff --git a/ci/known_hosts b/ci/known_hosts new file mode 100644 index 0000000..c82040a --- /dev/null +++ b/ci/known_hosts @@ -0,0 +1 @@ +172.31.0.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQJj11B1OqSfx/OHkJ5rzwk6ENLjMgfaVfkYC6xc7Ly