ci: samba-dc: Use Kerberos authentication

2018-04-08 13:37:11 -05:00 · 2018-04-08 13:37:11 -05:00 · b13164f77e
parent ac215ab520
commit b13164f77e
1 changed files with 22 additions and 10 deletions
--- a/ci/samba-dc.jenkinsfile
+++ b/ci/samba-dc.jenkinsfile
@ -10,27 +10,39 @@ pipeline {
    }
    stages {
-        stage('Prepare') {
+        stage('kinit') {
            steps {
                withCredentials([file(
-                        credentialsId: 'vault-jenkins@pyrocufflink.blue',
+                        credentialsId: 'keytab-jenkins@pyrocufflink.blue',
-                        variable: 'SUDO_PASS_FILE')]) {
+                        variable: 'KEYTAB')]) {
-                    sh 'cp -f "${SUDO_PASS_FILE}" sudo-pass'
+                    sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
                }
            }
        }
        stage('Domain Controller') {
            steps {
-                withCredentials([file(
+                withCredentials([
-                        credentialsId: 'ansible-vault',
+                        file(
-                        variable: 'ANSIBLE_VAULT_PASSWORD_FILE')]) {
+                            credentialsId: 'ansible-vault',
-                    sshagent(['jenkins-ssh']) {
+                            variable: 'ANSIBLE_VAULT_PASSWORD_FILE',
-                        sh 'ansible-playbook --check --diff -b domain-controller.yml -e @sudo-pass'
+                        ),
-                    }
+                        file(
                            credentialsId: 'vault-jenkins@pyrocufflink.blue',
                            variable: 'SUDO_PASS_FILE',
                        ),
                        ]) {
                    sh '''
 ansible-playbook --check --diff -b domain-controller.yml -e "@${SUDO_PASS_FILE}"
 '''
                }
            }
        }
    }
    post {
        always {
            sh 'kdestroy'
        }
    }
 }