Last active
April 20, 2024 01:17
-
-
Save mrhockeymonkey/adf7a462982340cdad2ef4f65b481227 to your computer and use it in GitHub Desktop.
Jenkins pipeline running a remote ansible playbook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!groovy | |
pipeline { | |
agent any | |
//These params will be displayed for user input when running a build, They are also accepted by the API | |
parameters { | |
string(name: 'BUILD_HOSTNAME', description: 'The name of the server to build (from Mdb)') | |
string(name: 'ILO_IP', description: 'The IP address for the server ilo') | |
booleanParam(name: 'skipOneView', description: 'Skip the OneView stage?', defaultValue: false) | |
booleanParam(name: 'skipBuild', description: 'Skip the Build stage?', defaultValue: false) | |
} | |
stages { | |
stage('Init') { | |
steps { | |
sh 'git status' | |
echo "Building $BUILD_HOSTNAME (Ilo: $ILO_IP)" | |
echo "skipOneView: ${params.skipOneView}" | |
echo "skipBuild: ${params.skipBuild}" | |
//The sshagent block will run any ssh aware commands as the user specified | |
sshagent(['ssh_user']) { | |
//To run a remote ssh command you will need to setup ssh keys (https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server) | |
sh "ssh -o StrictHostKeyChecking=no [email protected] -C \"cd ~/Project; git pull\"" | |
} | |
} | |
} | |
stage('OneView') { | |
//The when block control is this stage should be run base don the params given | |
when { | |
expression { | |
params.skipOneView == false | |
} | |
} | |
steps { | |
//The withCredentials block places a username and password securely into the environment | |
withCredentials([usernamePassword(credentialsId: 'vault_user', passwordVariable: 'VAULTPASS', usernameVariable: 'VAULTUSER')]) { | |
sshagent(['ssh_user']) { | |
//Here we invoke ansible remotely using ssh. We use the password retreived from withCredentials to feed to ansible and unlock the vault. | |
//To do this we first set the password as an environment variable and then used passmgr.py to echo this out | |
sh "ssh -o StrictHostKeyChecking=no [email protected] -C \"export VAULTPASS=$VAULTPASS; cd ~/Project; ansible-playbook oneview.yml --vault-password-file passmgr.sh -i inventory.py -l $BUILD_HOSTNAME --extra-vars 'ilo_addr=$ILO_IP'\"" | |
} | |
} | |
} | |
} | |
stage('Build') { | |
when { | |
expression { | |
params.skipBuild == false | |
} | |
} | |
steps { | |
withCredentials([usernamePassword(credentialsId: 'vault_user', passwordVariable: 'VAULTPASS', usernameVariable: 'VAULTUSER')]) { | |
sshagent(['ssh_user']) { | |
sh "ssh -o StrictHostKeyChecking=no [email protected] -C \"export VAULTPASS=$VAULTPASS; cd ~/Ansibuild; ansible-playbook build.yml --vault-password-file passmgr.sh -i inventory.py -l $BUILD_HOSTNAME --extra-vars 'ilo_addr=$ILO_IP skip_pxe=yes custom_disk_layout=UEFI_2Disk_General'\"" | |
} | |
} | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment