// vim: set ft=groovy sw=4 ts=4 sts=4 et : pipeline { agent { label 'ansible' } triggers { cron 'H H * * *' } stages { stage('kinit') { steps { withCredentials([file( credentialsId: 'keytab-jenkins@pyrocufflink.blue', variable: 'KEYTAB' )]) { sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE' } withCredentials([file( credentialsId: 'vault-jenkins@pyrocufflink.blue', variable: 'SUDO_PASS_FILE' )]) { sh 'cp "${SUDO_PASS_FILE}" group_vars/pyrocufflink/sudo-pass' } } } stage('Remount R/W') { steps { ansiblePlaybook \ playbook: 'remount.yml', limit: 'dch-vpn', become: true, vaultCredentialsId: 'ansible-vault', extraVars: [ remount_state: 'rw', ] } } stage('VPN') { steps { ansiblePlaybook \ playbook: 'dch-vpn.yml', become: true, credentialsId: 'jenkins-ssh', vaultCredentialsId: 'ansible-vault', extras: '--diff' } } stage('Remount R/O') { steps { ansiblePlaybook \ playbook: 'remount.yml', limit: 'dch-vpn', become: true, vaultCredentialsId: 'ansible-vault' } } } post { always { sh 'kdestroy' sh 'find . -name sudo-pass -delete' } failure { emailext \ to: 'gyrfalcon@ebonfire.com', subject: '$DEFAULT_SUBJECT', body: '$DEFAULT_CONTENT' } } }