dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity

ci: dch-vpn: Use AD credentials

Browse Source 
Now that the VPN server is a member of the *pyrocufflink.blue* domain,
Kerberos credentials are required to manage it.
This commit is contained in:
Dustin
2018-10-13 12:40:09 -05:00
parent 6d467c7b7d
commit 5351e753d7
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ci/dch-vpn.jenkinsfile
View File

@@ -13,10 +13,16 @@ pipeline {
stage('kinit') {
steps {
withCredentials([file(
credentialsId: 'vault-jenkins@gw0',
credentialsId: 'keytab-jenkins@pyrocufflink.blue',
variable: 'KEYTAB'
)]) {
sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
}
withCredentials([file(
credentialsId: 'vault-jenkins@pyrocufflink.blue',
variable: 'SUDO_PASS_FILE'
)]) {
sh 'cp -f "${SUDO_PASS_FILE}" host_vars/gw0/sudo-pass'
sh 'cp "${SUDO_PASS_FILE}" group_vars/pyrocufflink/sudo-pass'
}
}
}
@@ -27,7 +33,6 @@ pipeline {
playbook: 'remount.yml',
limit: 'dch-vpn',
become: true,
credentialsId: 'jenkins-ssh',
vaultCredentialsId: 'ansible-vault',
extraVars: [
remount_state: 'rw',
@@ -52,7 +57,6 @@ pipeline {
playbook: 'remount.yml',
limit: 'dch-vpn',
become: true,
credentialsId: 'jenkins-ssh',
vaultCredentialsId: 'ansible-vault'
}
}
@@ -61,6 +65,7 @@ pipeline {
post {
always {
sh 'kdestroy'
sh 'find . -name sudo-pass -delete'
}
failure {