diff --git a/ci/radius.jenkinsfile b/ci/radius.jenkinsfile index 52bf9bf..cf1700f 100644 --- a/ci/radius.jenkinsfile +++ b/ci/radius.jenkinsfile @@ -1,97 +1,11 @@ // vim: set ft=groovy sw=4 ts=4 sts=4 et : +@Library('cfgpol')_ -pipeline { - agent { - dockerfile { - dir 'ci' - args '''\ - -v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro - ''' - } - } - - options { - lock 'cfgpol' - timeout(time: 1, unit: 'HOURS') - } - - triggers { - cron 'H H * * *' - } - - environment { - KRB5CCNAME = "${WORKSPACE}/.krb5cc" - } - - stages { - stage('kinit') { - steps { - withCredentials([file( - credentialsId: 'keytab-jenkins@pyrocufflink.blue', - variable: 'KEYTAB')]) { - sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE' - } - } - } - - stage('Remount R/W') { - steps { - withCredentials([file( - credentialsId: 'vault-jenkins@pyrocufflink.blue', - variable: 'SUDO_PASS_FILE')]) { - ansiblePlaybook \ - playbook: 'remount.yml', - limit: 'radius', - become: true, - vaultCredentialsId: 'ansible-vault', - extraVars: [ - remount_state: 'rw', - ], - extras: '-e@"${SUDO_PASS_FILE}"' - } - } - } - - stage('RADIUS Servers') { - steps { - withCredentials([file( - credentialsId: 'vault-jenkins@pyrocufflink.blue', - variable: 'SUDO_PASS_FILE')]) { - ansiblePlaybook \ - playbook: 'radius.yml', - become: true, - vaultCredentialsId: 'ansible-vault', - extras: '-e@"${SUDO_PASS_FILE}" --diff' - } - } - } - - stage('Remount R/O') { - steps { - withCredentials([file( - credentialsId: 'vault-jenkins@pyrocufflink.blue', - variable: 'SUDO_PASS_FILE')]) { - ansiblePlaybook \ - playbook: 'remount.yml', - limit: 'radius', - become: true, - vaultCredentialsId: 'ansible-vault', - extras: '-e@"${SUDO_PASS_FILE}"' - } - } - } - - } - - post { - always { - sh 'kdestroy' - } - failure { - emailext \ - to: 'gyrfalcon@ebonfire.com', - subject: '$DEFAULT_SUBJECT', - body: '$DEFAULT_CONTENT' - } - } -} +applyConfigPolicy( + 'radius', + [ + 'RADIUS Servers': [ + 'radius.yml' + ] + ] +)