// vim: set ft=groovy sw=4 ts=4 sts=4 et : pipeline { agent { dockerfile { dir 'ci' args '''\ -v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro ''' } } options { lock 'cfgpol' timeout(time: 1, unit: 'HOURS') } triggers { cron 'H H * * *' } environment { KRB5CCNAME = "${WORKSPACE}/.krb5cc" } stages { stage('kinit') { steps { withCredentials([file( credentialsId: 'keytab-jenkins@pyrocufflink.blue', variable: 'KEYTAB')]) { sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE' } withCredentials([file( credentialsId: 'vault-jenkins@pyrocufflink.blue', variable: 'SUDO_PASS_FILE' )]) { sh 'cp "${SUDO_PASS_FILE}" group_vars/pyrocufflink/sudo-pass' } withCredentials([file( credentialsId: 'vault-jenkins@gw0', variable: 'SUDO_PASS_FILE' )]) { sh 'cp -f "${SUDO_PASS_FILE}" host_vars/gw0/sudo-pass' } } } stage('Remount R/W') { steps { ansiblePlaybook \ playbook: 'remount.yml', limit: 'zabbix', become: true, credentialsId: 'jenkins-ssh', vaultCredentialsId: 'ansible-vault', extraVars: [ remount_state: 'rw', ] } } stage('Zabbix Server') { steps { ansiblePlaybook \ playbook: 'zabbix-server.yml', become: true, vaultCredentialsId: 'ansible-vault', extras: '--diff' } } stage('Zabbix Agent') { steps { ansiblePlaybook \ playbook: 'zabbix-agent.yml', limit: '!gw0', become: true, credentialsId: 'jenkins-ssh', vaultCredentialsId: 'ansible-vault', extras: '--diff' } } stage('Remount R/O') { steps { ansiblePlaybook \ playbook: 'remount.yml', limit: 'zabbix', become: true, credentialsId: 'jenkins-ssh', vaultCredentialsId: 'ansible-vault' } } } post { always { sh 'kdestroy' sh 'find . -name sudo-pass -delete' } failure { emailext \ to: 'gyrfalcon@ebonfire.com', subject: '$DEFAULT_SUBJECT', body: '$DEFAULT_CONTENT' } } }