dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity
configpolicy/vars/applyConfigPolicy.groovy

106 lines
2.6 KiB
Groovy
Raw Blame History

import groovy.transform.Field
@Field
def DOCKER_ARGS = '''\
-v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
'''
def call(rw_limit, stages) {
properties([
pipelineTriggers([cron('H H * * *')])
])
timeout(time: 1, unit: 'HOURS') {
lock('cfgpol') {
node {
checkout scm
docker.build("configpolicy", 'ci').inside(DOCKER_ARGS) {
withEnv(["KRB5CCNAME=${WORKSPACE}/.krb5cc"]) {
try {
stageKinit()
stageRemountRW(rw_limit)
generateStages(stages)
stageRemountRO(rw_limit)
} catch (err) {
postFailure(err)
} finally {
postCleanup()
}
}
}
}
}
}
}
def stageKinit() {
stage('kinit') {
withCredentials([file(
credentialsId: 'keytab-jenkins@pyrocufflink.blue',
variable: 'KEYTAB'
)]) {
sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
}
withCredentials([file(
credentialsId: 'vault-jenkins@pyrocufflink.blue',
variable: 'SUDO_PASS_FILE'
)]) {
sh 'cp "${SUDO_PASS_FILE}" group_vars/pyrocufflink/sudo-pass'
}
}
}
def stageRemountRW(limit) {
stage('Remount R/W') {
ansiblePlaybook \
playbook: 'remount.yml',
limit: limit,
become: true,
vaultCredentialsId: 'ansible-vault',
extraVars: [
remount_state: 'rw',
]
}
}
def generateStages(stages) {
stages.each { name, playbooks ->
stage(name) {
playbooks.each { playbook ->
ansiblePlaybook \
playbook: playbook,
become: true,
vaultCredentialsId: 'ansible-vault',
extras: '--diff',
skippedTags: 'install'
}
}
}
}
def stageRemountRO(limit) {
stage('Remount R/O') {
ansiblePlaybook \
playbook: 'remount.yml',
limit: limit,
become: true,
vaultCredentialsId: 'ansible-vault',
extras: '--diff'
}
}
def postCleanup() {
sh 'kdestroy'
sh 'find . -name sudo-pass -delete'
}
def postFailure(err) {
currentBuild.result = 'FAILURE'
emailext \
to: 'gyrfalcon@ebonfire.com',
subject: '$DEFAULT_SUBJECT',
body: '$DEFAULT_CONTENT'
error "${err}"
}
Reference in New Issue View Git Blame Copy Permalink