def call(rw_limit, stages) { properties([ pipelineTriggers([cron('H H * * *')]) ]) timeout(time: 1, unit: 'HOURS') { lock('cfgpol') { node { checkout scm def image = docker.build( "configpolicy:${env.BRANCH_NAME}", 'ci', ) image.inside { withEnv(["KRB5CCNAME=${WORKSPACE}/.krb5cc"]) { stageKinit() try { stageRemountRW(rw_limit) generateStages(stages) stageRemountRO(rw_limit) } catch (err) { postFailure(err) } finally { postCleanup() } } } } } } } def stageKinit() { stage('kinit') { withCredentials([file( credentialsId: 'keytab-jenkins@pyrocufflink.blue', variable: 'KEYTAB' )]) { sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE' } withCredentials([file( credentialsId: 'vault-jenkins@pyrocufflink.blue', variable: 'SUDO_PASS_FILE' )]) { sh 'ln -s "${SUDO_PASS_FILE}" group_vars/pyrocufflink/sudo-pass' } } } def stageRemountRW(limit) { stage('Remount R/W') { ansiblePlaybook \ playbook: 'remount.yml', limit: limit, become: true, vaultCredentialsId: 'ansible-vault', extraVars: [ remount_state: 'rw', ] } } def generateStages(stages) { stages.each { name, playbooks -> stage(name) { playbooks.each { playbook -> ansiblePlaybook \ playbook: playbook, become: true, vaultCredentialsId: 'ansible-vault', extras: '--diff' } } } } def stageRemountRO(limit) { stage('Remount R/O') { ansiblePlaybook \ playbook: 'remount.yml', limit: limit, become: true, vaultCredentialsId: 'ansible-vault', extras: '--diff' } } def postCleanup() { sh 'kdestroy' sh 'find . -name sudo-pass -delete' } def postFailure(err) { emailext \ to: 'gyrfalcon@ebonfire.com', subject: '$DEFAULT_SUBJECT', body: '$DEFAULT_CONTENT' error err }