// vim: set ft=groovy sw=4 ts=4 sts=4 et :

pipeline {
    agent {
        label 'ansible'
    }

    triggers {
        cron 'H H * * *'
    }

    environment {
        KRB5CCNAME = "${WORKSPACE}/.krb5cc"
    }

    stages {
        stage('Prepare') {
            steps {
                withCredentials([file(
                        credentialsId: 'keytab-jenkins@pyrocufflink.blue',
                        variable: 'KEYTAB'
                )]) {
                    sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
                }
                withCredentials([file(
                        credentialsId: 'vault-jenkins@pyrocufflink.blue',
                        variable: 'SUDO_PASS_FILE'
                )]) {
                    sh 'cp "${SUDO_PASS_FILE}" sudo-pass'
                }
            }
        }

        stage('Remount R/W') {
            steps {
                ansiblePlaybook \
                    playbook: 'remount.yml',
                    limit: 'ntpd',
                    become: true,
                    vaultCredentialsId: 'ansible-vault',
                    extraVars: [
                        remount_state: 'rw',
                    ],
                    extras: '-e@sudo-pass'
            }
        }

        stage('NTP') {
            steps {
                ansiblePlaybook \
                    playbook: 'ntp.yml',
                    become: true,
                    vaultCredentialsId: 'ansible-vault',
                    extras: '-e@sudo-pass --diff'
            }
        }

        stage('Remount R/O') {
            steps {
                ansiblePlaybook \
                    playbook: 'remount.yml',
                    limit: 'ntpd',
                    become: true,
                    vaultCredentialsId: 'ansible-vault',
                    extras: '-e@sudo-pass'
            }
        }

    }

    post {
        always {
            sh 'rm -f sudo-pass'
            sh 'kdestroy'
        }
    }
}