ci: dch-vpn: Use AD credentials
Now that the VPN server is a member of the *pyrocufflink.blue* domain, Kerberos credentials are required to manage it.jenkins-master
parent
6d467c7b7d
commit
5351e753d7
|
|
@ -13,10 +13,16 @@ pipeline {
|
||||||
stage('kinit') {
|
stage('kinit') {
|
||||||
steps {
|
steps {
|
||||||
withCredentials([file(
|
withCredentials([file(
|
||||||
credentialsId: 'vault-jenkins@gw0',
|
credentialsId: 'keytab-jenkins@pyrocufflink.blue',
|
||||||
|
variable: 'KEYTAB'
|
||||||
|
)]) {
|
||||||
|
sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
|
||||||
|
}
|
||||||
|
withCredentials([file(
|
||||||
|
credentialsId: 'vault-jenkins@pyrocufflink.blue',
|
||||||
variable: 'SUDO_PASS_FILE'
|
variable: 'SUDO_PASS_FILE'
|
||||||
)]) {
|
)]) {
|
||||||
sh 'cp -f "${SUDO_PASS_FILE}" host_vars/gw0/sudo-pass'
|
sh 'cp "${SUDO_PASS_FILE}" group_vars/pyrocufflink/sudo-pass'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -27,7 +33,6 @@ pipeline {
|
||||||
playbook: 'remount.yml',
|
playbook: 'remount.yml',
|
||||||
limit: 'dch-vpn',
|
limit: 'dch-vpn',
|
||||||
become: true,
|
become: true,
|
||||||
credentialsId: 'jenkins-ssh',
|
|
||||||
vaultCredentialsId: 'ansible-vault',
|
vaultCredentialsId: 'ansible-vault',
|
||||||
extraVars: [
|
extraVars: [
|
||||||
remount_state: 'rw',
|
remount_state: 'rw',
|
||||||
|
|
@ -52,7 +57,6 @@ pipeline {
|
||||||
playbook: 'remount.yml',
|
playbook: 'remount.yml',
|
||||||
limit: 'dch-vpn',
|
limit: 'dch-vpn',
|
||||||
become: true,
|
become: true,
|
||||||
credentialsId: 'jenkins-ssh',
|
|
||||||
vaultCredentialsId: 'ansible-vault'
|
vaultCredentialsId: 'ansible-vault'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -61,6 +65,7 @@ pipeline {
|
||||||
|
|
||||||
post {
|
post {
|
||||||
always {
|
always {
|
||||||
|
sh 'kdestroy'
|
||||||
sh 'find . -name sudo-pass -delete'
|
sh 'find . -name sudo-pass -delete'
|
||||||
}
|
}
|
||||||
failure {
|
failure {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue