Skip to content

Instantly share code, notes, and snippets.

@Camaloff
Created October 15, 2021 09:52
Show Gist options
  • Save Camaloff/c925c7a2b51cde4a6ca231762e4dd47c to your computer and use it in GitHub Desktop.
Save Camaloff/c925c7a2b51cde4a6ca231762e4dd47c to your computer and use it in GitHub Desktop.
@Library(['sberapi.devops_lib@develop']) _
/////////////////////////////////////////////
def NEXUS_SERVER
def NEXUS_REPO = 'Nexus_PROD'
def NEXUS_GROUP = 'Nexus_PROD'
def CONFIGS_DIR = 'configs'
def DISTRIB_DIR = 'distrib'
def SOURCE_DIR = 'source'
def INVENTORY_PATH
def CONFIGMAP_PATH
def DISTRIB_VERSION = 'D-01.005.00-07'
def VERSION
def RESULT = [:]
def NEXUS_DISTRIB_URL
def DISTRIB_FPATH
//global vars
def openshift = [:]
def secrets = []
pipeline{
agent {
label params.JENKINS_AGENT_LABEL
}
options{
timestamps()
}
tools {
oc params.TOOL_OC_VERSION
}
parameters{
credentials(//* ТУЗ APIM2
name: 'GIT_SOURCE_CRED',
credentialType: 'com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl',
defaultValue: 'SBT-SA-01869785_S',
description: '',
required: true
)
}
stages {
//#######################################################################################################################
// * #0 Prepare
stage('Prepare'){
steps{ script{
echo "******************************STAGE #0 * Prepare ******************************"
load params.SIGMA ? 'jenkins/project-sigma.properties' : 'jenkins/project.properties'
INVENTORY_PATH = "${CONFIGS_DIR}/inventories/${params.STAND}${params.SIGMA ? '.sigma':''}"
CONFIGMAP_PATH = "${CONFIGS_DIR}/inventories3/${params.STAND}${params.SIGMA ? '.sigma':''}/group_vars/all/configmap"
VERSION = DISTRIB_VERSION.toLowerCase()
NEXUS_SERVER = NEXUS_SBRF_URL
NEXUS_DISTRIB_URL = "${NEXUS_SERVER}/content/repositories/${NEXUS_REPO}/${NEXUS_GROUP}/"
NEXUS_DISTRIB_URL += "${NEXUS_ARTIFACT_ID}/${DISTRIB_VERSION}/${NEXUS_ARTIFACT_ID}-${DISTRIB_VERSION}-distrib.zip"
DISTRIB_FPATH = "${WORKSPACE}/${DISTRIB_DIR}/${NEXUS_ARTIFACT_ID}-${DISTRIB_VERSION}.zip"
RESULT.MSG = "FAIL!"
RESULT.ID = -1
currentBuild.displayName = "#${currentBuild.number}-${STAND}-${DISTRIB_VERSION} ${!STAGE_DEPLOY ? '[no deploy]':''}"
currentBuild.description = "${!STAGE_DEPLOY ? '[no deploy]':''}"
echo "*** INVENTORY_PATH = ${INVENTORY_PATH}"
echo "*** VERSION = ${VERSION}"
echo "*** NEXUS_SERVER = ${NEXUS_SERVER}"
echo '******************************END STAGE #0******************************'
}}
}
//#######################################################################################################################
// * #1 Checkout Inventory
stage('Checkout Inventory') {
steps { script {
echo "******************************STAGE #1 * Checkout Inventory repo to ./${CONFIGS_DIR}/ *****"
dir(CONFIGS_DIR) {
def scm_configs = git branch: params.GIT_CONFIGS_BRANCH,
credentialsId: params.GIT_CONFIGS_CRED,
url: params.GIT_CONFIGS_REPO
}
echo '******************************END STAGE #1******************************'
}}
}
//#######################################################################################################################
// * #2 Download distr from Nexus SBRF
stage('Download distr (Nexus SBRF)'){
when {
expression { params.DEPLOY_SOURCE == 'Nexus' }
}
steps{ script{
echo "******************************STAGE #2 * Download distr from Nexus-SBRF to >"
echo "*** ${DISTRIB_FPATH}"
//catchError(buildResult: 'FAILURE', stageResult: 'FAILURE'){
try{
httpRequest (
authentication: params.NEXUS_CRED,
outputFile: DISTRIB_FPATH,
url: NEXUS_DISTRIB_URL,
quiet: "${!STAGE_DEPLOY ? true:false}",
responseHandle: 'NONE'
)
} catch(err){
echo "***ERROR*** ${err.getMessage()}"
error("*** ERROR STAGE #2 ***")
}
echo '******************************END STAGE #2******************************'
}}
}
//#######################################################################################################################
// * #2 Download distr from JENKINS_CI_BUILD_JOB
stage('Download distr (Workspace)') {
when {
expression { params.DEPLOY_SOURCE == 'Workspace' }
}
steps { script {
echo "******************************STAGE #2 * Download distr from JENKINS_CI_BUILD_JOB *****"
step([
$class: 'CopyArtifact',
target: "${DISTRIB_DIR}",
filter: "**/package.zip",
selector: upstream(),
projectName: JENKINS_CI_BUILD_JOB,
flatten: 'true'
]) //projectName: 'SberAPI/BOAS/ankovshov/sberapi.boas_ci_build'
def distrib_file = findFiles glob: "${DISTRIB_DIR}/package.zip"
if(!distrib_file.size()){
error("***ERROR STAGE #2*** package.zip not found")
}
DISTRIB_FPATH = "${WORKSPACE}/${DISTRIB_DIR}/${distrib_file[0].name}"
echo '******************************END STAGE #2******************************'
}}
}
//#######################################################################################################################
// * #3 M36 Check distributiv
stage('M36 Check') {
when {
expression { params.STAND.toLowerCase()=='prom'}
}
steps { script {
echo "******************************STAGE #3 Проверка дистрибутива на соответствие требования P1 (M36) *****"
wrap([$class: 'BuildUser']) {
withEnv(["BUILD_USER_EMAIL=${BUILD_USER_EMAIL}", "BUILD_USER_ID=${BUILD_USER_ID}", "BUILD_USER=${BUILD_USER}"]) {
try {
def lb = library 'DeployPermission'
def DP = lb.DeployPermission.new()
def bars = DP.get_permission(NEXUS_DISTRIB_URL)
if (bars) {
echo "*** Bars metrics successfully checked"
} else {
echo "*** Bars metrics checking FAILURE"
}
} catch (err) {
echo "*** Bars metrics checking FAILURE: " + err
}}
}
echo '******************************END STAGE #3******************************'
}}
}
//#######################################################################################################################
// * #4 Unzip and Templates/Vault processing
stage('Templates/Vault processing') {
steps{ script{
echo "******************************STAGE #4 * Templates/Vault processing ****************************** \n"
echo "\n***** unzip distributive: ${DISTRIB_FPATH} to ./${DISTRIB_DIR} *****\n"
//unzip zipFile: DISTRIB_FPATH, dir: DISTRIB_DIR
//* temporery TRICK - download distributive src
dir(SOURCE_DIR){
def scm_source = git( branch: 'feature/APIM2-4097-abac-alpha-sigma-pipeline',
credentialsId: params.GIT_SOURCE_CRED,
url: GIT_SOURCE_REPO)
}
sh """
mkdir -p ./${DISTRIB_DIR}
cp -R ./${SOURCE_DIR}/.devops/openshift ./${DISTRIB_DIR}/openshift
cp -R ./${CONFIGMAP_PATH}/boas-config ./${DISTRIB_DIR}/boas-config
"""
def DOCKER_DIGEST = ['boas-admin' : '6984c12959fcae7e638bdeb64dcd1d2bb8caf10eeb38f67357db2671e672ef48', 'boas-authz' : 'f58b9a53162ad68f7c3e60d0ddbe6e38b65944debc24c112ed50486d83850803']
dir("${DISTRIB_DIR}/openshift"){
distribPrepare(DOCKER_DIGEST) //* TODO: To check if images exists
}
sh "ls -alhR ${WORKSPACE}/${DISTRIB_DIR}"
//*end trick
echo "\n***** 4.1 Заполнить файлы deployment configs параметрами ${STAND} стенда *****\n"
ansiColor('xterm'){
ansiblePlaybook (
colorized: true,
installation: 'ansible29',
inventory: "${INVENTORY_PATH}/hosts",
playbook: 'ansible/jinja2.yml',
vaultCredentialsId: params.VAULT_CRED,
disableHostKeyChecking: true,
extras: """\
-v \
""",
extraVars:[
distrib_path: "${WORKSPACE}/${DISTRIB_DIR}",
distrib_version: "${VERSION}"
]
)}
// * Decrypt vaults
echo "\n***** 4.2 ansible-vault decrypt *****\n"
dir("${INVENTORY_PATH}/secrets") {
secrets = findFiles().findAll { it.directory }
withCredentials([file(credentialsId: params.VAULT_CRED, variable: 'VAULT_TOKEN')]) {
echo '*** Decrypt vault files (.vault extension)'
secrets.each { secret ->
dir("${secret}") {
def vault_files = findFiles glob: '*.vault'
vault_files.each { file ->
sh """
ansible-vault decrypt \
--vault-password-file=${VAULT_TOKEN} ${file.name} \
--output=${file.name.replace('.vault', '')} \
"""
}
}
}
}
}
echo '******************************END STAGE #4******************************'
}}
}
//#######################################################################################################################
// * #5 Openshift prepare
stage('Openshift prepare') {
steps { script {
echo "******************************STAGE #5 * Openshift prepare ****************************** \n"
def openshift_config = readYaml file: "${INVENTORY_PATH}/group_vars/openshift.yml"
def hosts_config = readYaml file: "${INVENTORY_PATH}/hosts"
openshift.server = openshift_config.openshift.server
openshift.namespace = openshift_config.openshift.namespace
openshift.app_name = hosts_config.openshift.children.boasapp.hosts
println("openshift.server: ${openshift.server}")
println("openshift.namespace: ${openshift.namespace}")
println("openshift.app_name: ${openshift.app_name}")//*boas
try{
withCredentials([string(credentialsId: params.OPENSHIFT_TOKEN_CRED, variable: 'OPENSHIFT_TOKEN')]) {
sh """
oc login ${openshift_config.openshift.server} --token=${OPENSHIFT_TOKEN}
oc project ${openshift_config.openshift.namespace}
"""
RESULT.ID = 0
}
} catch (err){
error("***ERROR STAGE #5*** ${err.getMessage()}")
}
echo '******************************END STAGE #5******************************'
}}
}
//#######################################################################################################################
// * #6 Openshift Deploy
stage('Deploy') {
when {
expression { params.STAGE_DEPLOY == true }
}
steps { script {
echo "******************************STAGE #6 * Openshift Deploy secrets ****************************** \n"
echo '\n***** Create Openshift secrets *****\n'
dir("${INVENTORY_PATH}/secrets") {
secrets.each { secret ->
dir("${secret}") {//* ./certs ; ./keystore
def secret_name = "${openshift.app_name}-${secret.name}"//* boas-certs boas-keystore
def files = findFiles (glob: '*.*').findAll { !it.name.endsWith('.vault') }
def formated_string = files.collect { "--from-file=${it}" }.join(' ')
echo "\n*** Deploy secret: ${secret_name} ${formated_string}"
try {
sh "oc delete secret ${secret_name}"
} catch (err) {
echo "*** ${err.getMessage()}"
} finally {
sh """
oc create secret generic ${secret_name} ${formated_string}
oc label secret ${secret_name} app=${openshift.app_name} version=${VERSION}
"""
RESULT.ID = 1
}
}
}
}
dir(DISTRIB_DIR) {//* TODO: from ${INVENTORY3_PATH}/
echo '\n***** Create application configmaps *****\n'
def config_name = "boas-config"
def app_configs = findFiles glob: "${config_name}/*.yml"
if (!app_configs.size()){
RESULT.ID = 0
error("***ERROR*** Configmap files not fount in ./${DISTRIB_DIR}/${config_name}/")
}
def formated_string = app_configs.collect { "--from-file=${it}" }.join(' ')
echo "\n*** Deploy configmap: ${config_name} ${formated_string}"
try {
sh "oc delete configmap ${config_name}"
} catch (err) {
echo "*** ${err.getMessage()}"
} finally {
sh """
oc create configmap ${config_name} ${formated_string}
oc label configmap ${config_name} app=${openshift.app_name} version=${VERSION}
"""
RESULT.ID = 2
}
// ************************************************
echo '\n***** Create Openshift manifests *****'
def configs = findFiles glob: "openshift/*.yml"
configs.each { config ->
echo "\n\n*** Deploy manifest from file: ${config.name}\n"
try {
sh "oc delete -f ${config.path}"
} catch (err) {
echo "*** ${err.getMessage()}"
} finally {
sh "oc create -f ${config.path}"
RESULT.ID = 3
}
}
}
// ************************************************
if (params.RUN_DEPLOYMENT && (RESULT.ID == 3)) {
echo '\n***** Run new deployment *****\n'
sh "oc rollout latest dc/${openshift.app_name}-admin"
sh "oc rollout latest dc/${openshift.app_name}-authz"
//* надо проверить доступность образа из registry
//* и минимальные проверки успешного запуска подов
sleep(20)
for(pod in ['boas-admin-1-deploy', 'boas-authz-1-deploy']){
sh "oc describe pod ${pod} > describe_pod"
def describe_pod = [:]
describe_pod.content = readFile file: "describe_pod"
sh "cat describe_pod"
sh 'echo ----------------------------------------------'
}
}
RESULT.MSG = "Well Done!"
echo '******************************END STAGE #6******************************'
}}
}
//#######################################################################################################################
}//* end all stages
post {
always{ script{
cleanWs(notFailBuild: true)
if(RESULT.ID >= 0){
sh 'oc logout'
}
echo "***** DEPLOY ${RESULT.MSG} *****"
}}
}
}//* pipeline
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment