Dustin C. Hatch
7766cc1d05
Since the host *gw0* is not a member of the *pyrocufflink.blue* domain, GSSAPI authentication does not work. As such, the SSH private key has to be made available to the `ansible-playbook` process for authentication to that host.
97 lines
2.7 KiB
Groovy
97 lines
2.7 KiB
Groovy
// vim: set ft=groovy sw=4 ts=4 sts=4 et :
|
|
|
|
pipeline {
|
|
agent {
|
|
label 'ansible'
|
|
}
|
|
|
|
triggers {
|
|
cron 'H H * * *'
|
|
}
|
|
|
|
stages {
|
|
stage('kinit') {
|
|
steps {
|
|
withCredentials([file(
|
|
credentialsId: 'keytab-jenkins@pyrocufflink.blue',
|
|
variable: 'KEYTAB')]) {
|
|
sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
|
|
}
|
|
withCredentials([file(
|
|
credentialsId: 'vault-jenkins@pyrocufflink.blue',
|
|
variable: 'SUDO_PASS_FILE'
|
|
)]) {
|
|
sh 'cp "${SUDO_PASS_FILE}" group_vars/pyrocufflink/sudo-pass'
|
|
}
|
|
withCredentials([file(
|
|
credentialsId: 'vault-jenkins@gw0',
|
|
variable: 'SUDO_PASS_FILE'
|
|
)]) {
|
|
sh 'cp -f "${SUDO_PASS_FILE}" host_vars/gw0/sudo-pass'
|
|
}
|
|
}
|
|
}
|
|
|
|
stage('Remount R/W') {
|
|
steps {
|
|
ansiblePlaybook \
|
|
playbook: 'remount.yml',
|
|
limit: 'zabbix',
|
|
become: true,
|
|
credentialsId: 'jenkins-ssh',
|
|
vaultCredentialsId: 'ansible-vault',
|
|
extraVars: [
|
|
remount_state: 'rw',
|
|
]
|
|
}
|
|
}
|
|
|
|
stage('Zabbix Server') {
|
|
steps {
|
|
ansiblePlaybook \
|
|
playbook: 'zabbix-server.yml',
|
|
become: true,
|
|
vaultCredentialsId: 'ansible-vault',
|
|
extras: '--diff'
|
|
}
|
|
}
|
|
|
|
stage('Zabbix Agent') {
|
|
steps {
|
|
ansiblePlaybook \
|
|
playbook: 'zabbix-agent.yml',
|
|
limit: '!gw0',
|
|
become: true,
|
|
credentialsId: 'jenkins-ssh',
|
|
vaultCredentialsId: 'ansible-vault',
|
|
extras: '--diff'
|
|
}
|
|
}
|
|
|
|
stage('Remount R/O') {
|
|
steps {
|
|
ansiblePlaybook \
|
|
playbook: 'remount.yml',
|
|
limit: 'zabbix',
|
|
become: true,
|
|
credentialsId: 'jenkins-ssh',
|
|
vaultCredentialsId: 'ansible-vault'
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
post {
|
|
always {
|
|
sh 'kdestroy'
|
|
sh 'find . -name sudo-pass -delete'
|
|
}
|
|
failure {
|
|
emailext \
|
|
to: 'gyrfalcon@ebonfire.com',
|
|
subject: '$DEFAULT_SUBJECT',
|
|
body: '$DEFAULT_CONTENT'
|
|
}
|
|
}
|
|
}
|