From e8d1c02427fdfc9aea51b8529c881085b4c253a4 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Mon, 16 Mar 2020 21:17:41 -0500
Subject: [PATCH] fixup-vars5

---
 vars/applyConfigPolicy.groovy | 55 +++++++++++++++++++++++++++--------
 1 file changed, 43 insertions(+), 12 deletions(-)

diff --git a/vars/applyConfigPolicy.groovy b/vars/applyConfigPolicy.groovy
index 2012471..8c2257f 100644
--- a/vars/applyConfigPolicy.groovy
+++ b/vars/applyConfigPolicy.groovy
@@ -1,4 +1,4 @@
-def call(rw_pattern, stages) {
+def call(rw_limit, stages) {
     properties([
         pipelineTriggers([cron('H H * * *')])
     ])
@@ -15,9 +15,9 @@ def call(rw_pattern, stages) {
                     withEnv(["KRB5CCNAME=${WORKSPACE}/.krb5cc"]) {
                         stageKinit()
                         try {
-                            stageRemountRW(rw_pattern)
+                            stageRemountRW(rw_limit)
                             generateStages(stages)
-                            stageRemountRO(rw_pattern)
+                            stageRemountRO(rw_limit)
                         } catch (err) {
                             postFailure(err)
                         } finally {
@@ -32,14 +32,32 @@ def call(rw_pattern, stages) {
 
 def stageKinit() {
     stage('kinit') {
-        echo 'kinit'
+        withCredentials([file(
+            credentialsId: 'keytab-jenkins@pyrocufflink.blue',
+            variable: 'KEYTAB'
+        )]) {
+            sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
+        }
+        withCredentials([file(
+            credentialsId: 'vault-jenkins@pyrocufflink.blue',
+            variable: 'SUDO_PASS_FILE'
+        )]) {
+            sh 'ln -s "${SUDO_PASS_FILE}" group_vars/pyrocufflink/sudo-pass'
+        }
     }
 }
 
 
-def stageRemountRW(rw_pattern) {
+def stageRemountRW(limit) {
     stage('Remount R/W') {
-        echo 'Remount R/W'
+        ansiblePlaybook \
+            playbook: 'remount.yml',
+            limit: limit,
+            become: true,
+            vaultCredentialsId: 'ansible-vault',
+            extraVars: [
+                remount_state: 'rw',
+            ]
     }
 }
 
@@ -47,23 +65,36 @@ def generateStages(stages) {
     stages.each { name, playbooks ->
         stage(name) {
             playbooks.each { playbook -> 
-                echo playbook
+                ansiblePlaybook \
+                    playbook: playbook,
+                    become: true,
+                    vaultCredentialsId: 'ansible-vault',
+                    extras: '--diff'
             }
         }
     }
 }
 
-def stageRemountRO(rw_pattern) {
+def stageRemountRO(limit) {
     stage('Remount R/O') {
-        echo 'Remount R/O'
+        ansiblePlaybook \
+            playbook: 'remount.yml',
+            limit: limit,
+            become: true,
+            vaultCredentialsId: 'ansible-vault',
+            extras: '--diff'
     }
 }
 
 def postCleanup() {
-    echo 'Cleanup'
+    sh 'kdestroy'
+    sh 'find . -name sudo-pass -delete'
 }
 
 def postFailure(err) {
-    currentBuild.result = 'FAILURE'
-    echo "${err}"
+    emailext \
+        to: 'gyrfalcon@ebonfire.com',
+        subject: '$DEFAULT_SUBJECT',
+        body: '$DEFAULT_CONTENT'
+    error err
 }