configpolicy/ci/pyrocufflink.jenkinsfile

// vim: set ft=groovy sw=4 ts=4 sts=4 et :

pipeline {
    agent {
        label 'ansible'
    }

    triggers {
        cron 'H H * * *'
    }

    stages {
        stage('kinit') {
            steps {
                withCredentials([file(
                        credentialsId: 'keytab-jenkins@pyrocufflink.blue',
                        variable: 'KEYTAB')]) {
                    sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
                }
            }
        }

        stage('Domain Member') {
            steps {
                withCredentials([file(
                        credentialsId: 'vault-jenkins@pyrocufflink.blue',
                        variable: 'SUDO_PASS_FILE')]) {
                    ansiblePlaybook \
                        playbook: 'pyrocufflink.yml',
                        become: true,
                        vaultCredentialsId: 'ansible-vault',
                        extras: '-e@"${SUDO_PASS_FILE}" --diff'
                }
            }
        }
    }

    post {
        always {
            sh 'kdestroy'
        }
    }
}