From 5351e753d7511d236e5663fda545308cdaeebddd Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 13 Oct 2018 12:40:09 -0500 Subject: [PATCH] ci: dch-vpn: Use AD credentials Now that the VPN server is a member of the *pyrocufflink.blue* domain, Kerberos credentials are required to manage it. --- ci/dch-vpn.jenkinsfile | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/ci/dch-vpn.jenkinsfile b/ci/dch-vpn.jenkinsfile index 4fb5cb8..e372bce 100644 --- a/ci/dch-vpn.jenkinsfile +++ b/ci/dch-vpn.jenkinsfile @@ -13,10 +13,16 @@ pipeline { stage('kinit') { steps { withCredentials([file( - credentialsId: 'vault-jenkins@gw0', + credentialsId: 'keytab-jenkins@pyrocufflink.blue', + variable: 'KEYTAB' + )]) { + sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE' + } + withCredentials([file( + credentialsId: 'vault-jenkins@pyrocufflink.blue', variable: 'SUDO_PASS_FILE' )]) { - sh 'cp -f "${SUDO_PASS_FILE}" host_vars/gw0/sudo-pass' + sh 'cp "${SUDO_PASS_FILE}" group_vars/pyrocufflink/sudo-pass' } } } @@ -27,7 +33,6 @@ pipeline { playbook: 'remount.yml', limit: 'dch-vpn', become: true, - credentialsId: 'jenkins-ssh', vaultCredentialsId: 'ansible-vault', extraVars: [ remount_state: 'rw', @@ -52,7 +57,6 @@ pipeline { playbook: 'remount.yml', limit: 'dch-vpn', become: true, - credentialsId: 'jenkins-ssh', vaultCredentialsId: 'ansible-vault' } } @@ -61,6 +65,7 @@ pipeline { post { always { + sh 'kdestroy' sh 'find . -name sudo-pass -delete' } failure {