ci: samba-dc: Use Kerberos authentication

2018-04-08 13:37:11 -05:00 · 2018-04-08 13:37:11 -05:00 · b13164f77e
parent ac215ab520
commit b13164f77e
1 changed files with 22 additions and 10 deletions
--- a/ci/samba-dc.jenkinsfile
+++ b/ci/samba-dc.jenkinsfile
@ -10,27 +10,39 @@ pipeline {
    }

    stages {
-        stage('Prepare') {
+        stage('kinit') {
            steps {
                withCredentials([file(
-                        credentialsId: 'vault-jenkins@pyrocufflink.blue',
-                        variable: 'SUDO_PASS_FILE')]) {
-                    sh 'cp -f "${SUDO_PASS_FILE}" sudo-pass'
+                        credentialsId: 'keytab-jenkins@pyrocufflink.blue',
+                        variable: 'KEYTAB')]) {
+                    sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE'
                }
            }
        }

        stage('Domain Controller') {
            steps {
-                withCredentials([file(
+                withCredentials([
+                        file(
                            credentialsId: 'ansible-vault',
-                        variable: 'ANSIBLE_VAULT_PASSWORD_FILE')]) {
-                    sshagent(['jenkins-ssh']) {
-                        sh 'ansible-playbook --check --diff -b domain-controller.yml -e @sudo-pass'
+                            variable: 'ANSIBLE_VAULT_PASSWORD_FILE',
+                        ),
+                        file(
+                            credentialsId: 'vault-jenkins@pyrocufflink.blue',
+                            variable: 'SUDO_PASS_FILE',
+                        ),
+                        ]) {
+                    sh '''
+ansible-playbook --check --diff -b domain-controller.yml -e "@${SUDO_PASS_FILE}"
+'''
                }
            }
        }
    }

+    post {
+        always {
+            sh 'kdestroy'
+        }
    }
 }