From ed077e7ba0de41374f8d29df9abad09213d2b6a5 Mon Sep 17 00:00:00 2001 From: phermeys Date: Sun, 14 Sep 2025 14:33:41 -0700 Subject: [PATCH] init commit --- Jenkinsfile.behemoth_containers | 58 +++++++++ Jenkinsfile.cd-to-iso | 70 +++++++++++ Jenkinsfile.cifs-mount | 72 +++++++++++ Jenkinsfile.cosmos-base | 85 +++++++++++++ Jenkinsfile.cosmos-console | 85 +++++++++++++ Jenkinsfile.cosmos-nvidia | 63 ++++++++++ Jenkinsfile.cosmos-public | 77 ++++++++++++ Jenkinsfile.cosmos-server | 155 ++++++++++++++++++++++++ Jenkinsfile.deb_init | 133 ++++++++++++++++++++ Jenkinsfile.jenkins_vpn | 85 +++++++++++++ Jenkinsfile.lldp-scanner | 67 +++++++++++ Jenkinsfile.matt-profile-capture | 55 +++++++++ Jenkinsfile.mattgpt-capture | 55 +++++++++ Jenkinsfile.mc_vpn | 187 +++++++++++++++++++++++++++++ Jenkinsfile.pi-top | 158 ++++++++++++++++++++++++ Jenkinsfile.pi_init | 101 ++++++++++++++++ Jenkinsfile.public-profile-capture | 55 +++++++++ Jenkinsfile.pxe-server | 84 +++++++++++++ Jenkinsfile.rename-endpoint | 58 +++++++++ Jenkinsfile.rip-cd | 77 ++++++++++++ Jenkinsfile.test | 86 +++++++++++++ Jenkinsfile.trixie_upgrade | 64 ++++++++++ Jenkinsfile.update-endpoint | 63 ++++++++++ Jenkinsfile.vm_party | 146 ++++++++++++++++++++++ wrt/Jenkinsfile.nordvpn | 65 ++++++++++ 25 files changed, 2204 insertions(+) create mode 100644 Jenkinsfile.behemoth_containers create mode 100644 Jenkinsfile.cd-to-iso create mode 100644 Jenkinsfile.cifs-mount create mode 100644 Jenkinsfile.cosmos-base create mode 100644 Jenkinsfile.cosmos-console create mode 100644 Jenkinsfile.cosmos-nvidia create mode 100644 Jenkinsfile.cosmos-public create mode 100644 Jenkinsfile.cosmos-server create mode 100644 Jenkinsfile.deb_init create mode 100644 Jenkinsfile.jenkins_vpn create mode 100644 Jenkinsfile.lldp-scanner create mode 100644 Jenkinsfile.matt-profile-capture create mode 100644 Jenkinsfile.mattgpt-capture create mode 100644 Jenkinsfile.mc_vpn create mode 100644 Jenkinsfile.pi-top create mode 100644 Jenkinsfile.pi_init create mode 100644 Jenkinsfile.public-profile-capture create mode 100644 Jenkinsfile.pxe-server create mode 100644 Jenkinsfile.rename-endpoint create mode 100644 Jenkinsfile.rip-cd create mode 100644 Jenkinsfile.test create mode 100644 Jenkinsfile.trixie_upgrade create mode 100644 Jenkinsfile.update-endpoint create mode 100644 Jenkinsfile.vm_party create mode 100644 wrt/Jenkinsfile.nordvpn diff --git a/Jenkinsfile.behemoth_containers b/Jenkinsfile.behemoth_containers new file mode 100644 index 0000000..de0b141 --- /dev/null +++ b/Jenkinsfile.behemoth_containers @@ -0,0 +1,58 @@ +pipeline { + agent any + + environment { + ANSIBLE_FORCE_COLOR = '1' + host_ip = "172.25.1.15" + } + + options { + ansiColor('xterm') + } + + stages { + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${env.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${env.host_ip} + hash=\$(echo -n ${env.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/behemoth-containers.yaml --ssh-common-args='-o StrictHostKeyChecking=no' + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${env.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.cd-to-iso b/Jenkinsfile.cd-to-iso new file mode 100644 index 0000000..9a190c9 --- /dev/null +++ b/Jenkinsfile.cd-to-iso @@ -0,0 +1,70 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + booleanParam(name: 'eject_drive', defaultValue: false, description: 'Check this option to eject disk at appropriate times') + booleanParam(name: 'create_iso', defaultValue: false, description: 'Check this option to perform the extraction, leave unchecked for a test run') + string(name: 'disk_drive', defaultValue: '/dev/sr0', description: 'Local DVD Drive device path') + string(name: 'destination_path', defaultValue: '/mnt', description: 'Path to store ISO files') + + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/cd-to-iso.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "disk_drive=${params.disk_drive} eject_drive=${params.eject_drive} \ + destination_path=${params.destination_path} create_iso=${params.create_iso}" + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.cifs-mount b/Jenkinsfile.cifs-mount new file mode 100644 index 0000000..2b64e21 --- /dev/null +++ b/Jenkinsfile.cifs-mount @@ -0,0 +1,72 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + string(name: 'server_path', defaultValue: '//server/share', description: 'SMB Share Path') + string(name: 'target_path', defaultValue: '/folder/share', description: 'Target folder for mounting') + choice(name: 'cifs_choice', choices: ['TERRA_BEHEMOTH_SMB'], description: 'Choose stored server credentials here') + // booleanParam(name: 'validate_share', defaultValue: false, description: 'Check this option to test the share first') + + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + CIFS_CREDENTIALS = credentials("${params.cifs_choice}") + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/cifs-mount.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "CIFS_USERNAME=${env.CIFS_CREDENTIALS_USR} CIFS_PASSWORD=${env.CIFS_CREDENTIALS_PSW} \ + server_path=${params.server_path} target_path=${params.target_path} validate_share=${params.validate_share} \ + CIFS_CREDENTIALS=${env.CIFS_CREDENTIALS} CIFS_CHOICE=${params.cifs_choice}" + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.cosmos-base b/Jenkinsfile.cosmos-base new file mode 100644 index 0000000..10286d3 --- /dev/null +++ b/Jenkinsfile.cosmos-base @@ -0,0 +1,85 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + string(name: 'new_hostname', description: 'Update Hostname') + // reference for later + // choice(name: 'DEPLOY_ENV', choices: ['dev', 'staging', 'prod'], description: 'Environment to deploy to') + booleanParam(name: 'rename_host', defaultValue: true, description: 'When checked hostname will be renamed') + booleanParam(name: 'config_matt', defaultValue: true, description: 'config matt profile') + booleanParam(name: 'install_LDAP', defaultValue: false, description: 'install LDAP') + booleanParam(name: 'remove_default_vpn', defaultValue: true, description: 'Remove default OpenVPN profile') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + SATURN_BEHEMOTH = credentials('SATURN_BEHEMOTH') + APPS_LIST = 'cosmos-base' + LINUX_LDAP_PWD = credentials('LINUX_LDAP') + MATT_PASSWORD = credentials('MATT_PASSWORD') + matt_public_key = credentials('matt_public_key') + matt_private_key = credentials('matt_private_key') + cosmos_password = credentials('cosmos_password') + cosmos_root_password = credentials('cosmos_root_password') + + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/cosmos-base.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "new_hostname=${params.new_hostname}.home.cosmos saturn_behemoth=${env.SATURN_BEHEMOTH} rename_host=${params.rename_host} \ + reboot_host=${params.reboot_host} config_matt=${params.config_matt} docker_full=true \ + kde_full=true apps_list=${env.APPS_LIST} linux_ldap_pwd=${env.LINUX_LDAP_PWD} \ + install_LDAP=${params.install_LDAP} MATT_PASSWORD=${env.MATT_PASSWORD} remove_default_vpn=${params.remove_default_vpn} \ + matt_public_key='${env.matt_public_key}' matt_private_key='${env.matt_private_key}' \ + cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' " + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.cosmos-console b/Jenkinsfile.cosmos-console new file mode 100644 index 0000000..446e6a8 --- /dev/null +++ b/Jenkinsfile.cosmos-console @@ -0,0 +1,85 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + string(name: 'new_hostname', description: 'Update Hostname') + booleanParam(name: 'rename_endpoint', defaultValue: true, description: 'Uncheck to skip renaming of endpoint') + // reference for later + // choice(name: 'DEPLOY_ENV', choices: ['dev', 'staging', 'prod'], description: 'Environment to deploy to') + choice(name: 'console_type', choices: ['game boy', 'snes', 'n64'], description: 'Choose special server install if desired') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + SATURN_BEHEMOTH = credentials('SATURN_BEHEMOTH') + APPS_LIST = 'cosmos-base' + LINUX_LDAP_PWD = credentials('LINUX_LDAP') + pxe_proxy_password = credentials('pxe_proxy_password') + PXE_API_KEY = credentials('PXE_API_KEY') + matt_public_key = credentials('matt_public_key') + matt_private_key = credentials('matt_private_key') + cosmos_password = credentials('cosmos_password') + cosmos_root_password = credentials('cosmos_root_password') + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/cosmos-console.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "new_hostname=${params.new_hostname}.home.cosmos saturn_behemoth=${SATURN_BEHEMOTH} \ + docker_full=false rename_host=${params.rename_endpoint} \ + linux_ldap_pwd=${LINUX_LDAP_PWD} install_docker=false \ + install_LDAP=false console_type=${params.console_type} \ + refresh_special=${params.refresh_special} pxe_proxy_password=${pxe_proxy_password} \ + PXE_API_KEY=${PXE_API_KEY} \ + matt_public_key='${env.matt_public_key}' matt_private_key='${env.matt_private_key}' \ + cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' " + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.cosmos-nvidia b/Jenkinsfile.cosmos-nvidia new file mode 100644 index 0000000..2800e1e --- /dev/null +++ b/Jenkinsfile.cosmos-nvidia @@ -0,0 +1,63 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/cosmos-nvidia.yaml --ssh-common-args='-o StrictHostKeyChecking=no' + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.cosmos-public b/Jenkinsfile.cosmos-public new file mode 100644 index 0000000..dff3869 --- /dev/null +++ b/Jenkinsfile.cosmos-public @@ -0,0 +1,77 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + string(name: 'new_hostname', description: 'Update Hostname') + // reference for later + // choice(name: 'DEPLOY_ENV', choices: ['dev', 'staging', 'prod'], description: 'Environment to deploy to') + booleanParam(name: 'rename_host', defaultValue: true, description: 'When checked hostname will be renamed') + string(name: 'local_username', description: 'New local username for public account') + booleanParam(name: 'reset_user', defaultValue: false, description: 'When checked local user will be purged') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + APPS_LIST = 'cosmos-public' + matt_public_key = credentials('matt_public_key') + cosmos_password = credentials('cosmos_password') + cosmos_root_password = credentials('cosmos_root_password') + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/cosmos-public.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "new_hostname=${params.new_hostname} rename_host=${params.rename_host} reboot_host=${params.reboot_host} \ + local_username=${params.local_username} kde_full=false apps_list=${APPS_LIST} docker_full=true \ + reset_user=${params.reset_user} public_deploy=true matt_public_key='${env.matt_public_key}'\ + cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' " + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.cosmos-server b/Jenkinsfile.cosmos-server new file mode 100644 index 0000000..9975a64 --- /dev/null +++ b/Jenkinsfile.cosmos-server @@ -0,0 +1,155 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + string(name: 'new_hostname', description: 'Update Hostname') + booleanParam(name: 'rename_endpoint', defaultValue: true, description: 'Uncheck to skip renaming of endpoint') + booleanParam(name: 'add_domain', defaultValue: true, description: 'When checked hostname will have home.cosmos appended') + // reference for later + // choice(name: 'DEPLOY_ENV', choices: ['dev', 'staging', 'prod'], description: 'Environment to deploy to') + booleanParam(name: 'install_docker', defaultValue: true, description: 'When checked docker packages are installed and portainer started on 9100') + booleanParam(name: 'install_LDAP', defaultValue: false, description: 'When checked LDAP integration is installed with NSLCD') + choice(name: 'special_server', choices: ['none', 'Octoprint', 'Kodi', 'Timelapse', 'Build ISO', 'Jenkins VPN', 'Net Bridge', 'Carputer', 'VCR Capture'], description: 'Choose special server install if desired') + booleanParam(name: 'refresh_special', defaultValue: false, description: 'When checked only the special server step is run') + booleanParam(name: 'no_vpn', defaultValue: false, description: 'Check this option to remove default cosmos VPN') + booleanParam(name: 'public_deploy', defaultValue: true, description: 'Uncheck this option to deploy private SSH key') + booleanParam(name: 'onboard_pi', defaultValue: false, description: 'Check this option to onboard a new FriendlyElec Device') + + + + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + SATURN_BEHEMOTH = credentials('SATURN_BEHEMOTH') + APPS_LIST = 'cosmos-base' + LINUX_LDAP_PWD = credentials('LINUX_LDAP') + pxe_proxy_password = credentials('pxe_proxy_password') + PXE_API_KEY = credentials('PXE_API_KEY') + matt_public_key = credentials('matt_public_key') + matt_private_key = credentials('matt_private_key') + cosmos_password = credentials('cosmos_password') + cosmos_root_password = credentials('cosmos_root_password') + jenkins_public_key = credentials('jenkins_public_key') + tesla_api_key = credentials('tesla_api_key') + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Inject Auth Key') { + when { + expression { params.onboard_pi } + } + steps { + script{ + // clear ssh keys + echo "Target IP: ${params.host_ip}" + + sh """ + ssh-keygen -f "/root/.ssh/known_hosts" -R "${params.host_ip}" + """ + + } + + script{ + sh """ + echo Copy public key to pi home dir + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo ${env.jenkins_public_key} > /home/pi/authorized_keys" + + """ + } + + script{ + sh """ + echo Make sure /root/.ssh exists + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S mkdir -p /root/.ssh/" + """ + } + + script{ + sh """ + echo Move public key to root + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S mv /home/pi/authorized_keys /root/.ssh/authorized_keys" + + """ + } + + script{ + sh """ + echo Restrict permissions on file + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S chmod -R 600 /root/.ssh/" + + """ + } + + script{ + sh """ + echo Set owner to root + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S chown -R root:root /root/.ssh/" + + """ + } + } + } + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/cosmos-server.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "new_hostname=${params.new_hostname} saturn_behemoth=${SATURN_BEHEMOTH} \ + docker_full=false rename_host=${params.rename_endpoint} onboard_pi=${params.onboard_pi} \ + linux_ldap_pwd=${LINUX_LDAP_PWD} install_docker=${params.install_docker} \ + install_LDAP=${params.install_LDAP} special_server='${params.special_server}' \ + refresh_special=${params.refresh_special} pxe_proxy_password=${pxe_proxy_password} \ + PXE_API_KEY=${PXE_API_KEY} no_vpn=${params.no_vpn} add_domain=${params.add_domain} \ + matt_public_key='${env.matt_public_key}' matt_private_key='${env.matt_private_key}' \ + cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' \ + tesla_api_key='${tesla_api_key}' public_deploy=${params.public_deploy}" + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.deb_init b/Jenkinsfile.deb_init new file mode 100644 index 0000000..ff8359e --- /dev/null +++ b/Jenkinsfile.deb_init @@ -0,0 +1,133 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + string(name: 'admin_username', defaultValue: 'pi', description: 'Admin Username') + password(name: 'admin_password', defaultValue: 'pi', description: 'Admin Password') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + jenkins_public_key = credentials('jenkins_public_key') + } + + options { + ansiColor('xterm') + } + + stages { + + stage('Inject Auth Key') { + steps { + script{ + // clear ssh keys + echo "Target IP: ${params.host_ip}" + + sh """ + ssh-keygen -f "/root/.ssh/known_hosts" -R "${params.host_ip}" + """ + + } + script{ + admin_password = params.admin_password + wrap([$class: 'MaskPasswordsBuildWrapper', + varPasswordPairs: [[password: admin_password]]]) { + sh """ + echo Copy public key to pi home dir + sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${env.jenkins_public_key} > /home/${params.admin_username}/authorized_keys" + """ + } + } + + script{ + admin_password = params.admin_password + wrap([$class: 'MaskPasswordsBuildWrapper', + varPasswordPairs: [[password: admin_password]]]) { + sh """ + echo Make sure /root/.ssh exists + sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${params.admin_password} | sudo -S mkdir -p /root/.ssh/" + """ + } + } + + script{ + admin_password = params.admin_password + wrap([$class: 'MaskPasswordsBuildWrapper', + varPasswordPairs: [[password: admin_password]]]) { + sh """ + echo Move public key to root + sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${params.admin_password} | sudo -S mv /home/${params.admin_username}/authorized_keys /root/.ssh/authorized_keys" + """ + } + } + + script{ + admin_password = params.admin_password + wrap([$class: 'MaskPasswordsBuildWrapper', + varPasswordPairs: [[password: admin_password]]]) { + sh """ + echo Restrict permissions on file + sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${params.admin_password} | sudo -S chmod -R 600 /root/.ssh/" + """ + } + } + + script{ + admin_password = params.admin_password + wrap([$class: 'MaskPasswordsBuildWrapper', + varPasswordPairs: [[password: admin_password]]]) { + sh """ + echo Set owner to root + sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${params.admin_password} | sudo -S chown -R root:root /root/.ssh/" + """ + } + } + } + } + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Check') { + steps { + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/pi-init.yaml --ssh-common-args='-o StrictHostKeyChecking=no' + + """ + } + } + + } + + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} \ No newline at end of file diff --git a/Jenkinsfile.jenkins_vpn b/Jenkinsfile.jenkins_vpn new file mode 100644 index 0000000..d06f08e --- /dev/null +++ b/Jenkinsfile.jenkins_vpn @@ -0,0 +1,85 @@ +pipeline { + agent any + + // Define parameters + parameters { + + string(name: 'host_ip', description: 'Target System Address') + } + + + environment { + ANSIBLE_FORCE_COLOR = '1' + cosmos_password = credentials('cosmos_password') + cosmos_root_password = credentials('cosmos_root_password') + matt_private_key = credentials('matt_private_key') + matt_public_key = credentials('matt_public_key') + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + echo 'echo Hello World' > /var/jenkins_home/ansible/.inv/vpn_check.sh + chmod +x /var/jenkins_home/ansible/.inv/vpn_check.sh + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/jenkins_vpn.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "new_hostname=${params.new_hostname}.home.cosmos vpn_endpoint='${params.vpn_endpoint}' \ + cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' \ + matt_public_key='${env.matt_public_key}' matt_private_key='${env.matt_private_key}' " + + """ + } + } + + stage('Ping new VPN host') { + steps { + // Generate the dynamic inventory file + sh """ + /var/jenkins_home/ansible/.inv/vpn_check.sh + + """ + } + } + + } + + post { + always { + // Remove dynamic Inventory file and ping file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + rm /var/jenkins_home/ansible/.inv/vpn_check.sh + + """ + } + } + +} diff --git a/Jenkinsfile.lldp-scanner b/Jenkinsfile.lldp-scanner new file mode 100644 index 0000000..bedd762 --- /dev/null +++ b/Jenkinsfile.lldp-scanner @@ -0,0 +1,67 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', defaultValue: '10.250.128.10', description: 'Target System Address') + string(name: 'chrome_resolution', defaultValue: '720,1000', description: 'Chrome App Resolution') + // reference for later + // choice(name: 'DEPLOY_ENV', choices: ['dev', 'staging', 'prod'], description: 'Environment to deploy to') + booleanParam(name: 'run_test', defaultValue: false, description: 'Check this to run a test LLDP scan') + booleanParam(name: 'refresh_only', defaultValue: false, description: 'Check this to re-run on existing LLDP Scan device') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + SATURN_BEHEMOTH = credentials('SATURN_BEHEMOTH') + matt_public_key = credentials('matt_public_key') + cosmos_password = credentials('cosmos_password') + cosmos_root_password = credentials('cosmos_root_password') + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/generate_inventory.sh + /var/jenkins_home/ansible/inventory/generate_inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + cd /var/jenkins_home/ansible + + ansible-playbook -i /var/jenkins_home/ansible/.inv/inventory-${params.host_ip}.yml \ + /var/jenkins_home/ansible/playbooks/lldp-scan.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "new_hostname=MC-LLDP fixed_size='--window-size=${params.chrome_resolution}' \ + run_test=${params.run_test} rename_host=true refresh_only=${params.refresh_only} \ + public_deploy=true remove_default_vpn=true matt_public_key='${env.matt_public_key}' \ + cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' " + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh "rm /var/jenkins_home/ansible/.inv/inventory-${params.host_ip}.yml" + } + } + +} diff --git a/Jenkinsfile.matt-profile-capture b/Jenkinsfile.matt-profile-capture new file mode 100644 index 0000000..d1977c1 --- /dev/null +++ b/Jenkinsfile.matt-profile-capture @@ -0,0 +1,55 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + SSH_CREDENTIALS_ID = 'jenkins-ssh-key' + SATURN_BEHEMOTH = credentials('SATURN_BEHEMOTH') + } + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/generate_inventory.sh + /var/jenkins_home/ansible/inventory/generate_inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Pipeline') { + steps { + //Run the cosmos-base ansible playbook + sh """ + cd /var/jenkins_home/ansible + + ansible-playbook -i /var/jenkins_home/ansible/.inv/inventory-${params.host_ip}.yml \ + /var/jenkins_home/ansible/playbooks/matt-capture.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "saturn_behemoth=${SATURN_BEHEMOTH} " + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh "rm /var/jenkins_home/ansible/.inv/inventory-${params.host_ip}.yml" + } + } + +} diff --git a/Jenkinsfile.mattgpt-capture b/Jenkinsfile.mattgpt-capture new file mode 100644 index 0000000..d4328d5 --- /dev/null +++ b/Jenkinsfile.mattgpt-capture @@ -0,0 +1,55 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + SSH_CREDENTIALS_ID = 'jenkins-ssh-key' + SATURN_BEHEMOTH = credentials('SATURN_BEHEMOTH') + } + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/generate_inventory.sh + /var/jenkins_home/ansible/inventory/generate_inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Pipeline') { + steps { + //Run the cosmos-base ansible playbook + sh """ + cd /var/jenkins_home/ansible + + ansible-playbook -i /var/jenkins_home/ansible/.inv/inventory-${params.host_ip}.yml \ + /var/jenkins_home/ansible/playbooks/mattgpt-capture.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "saturn_behemoth=${SATURN_BEHEMOTH} " + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh "rm /var/jenkins_home/ansible/.inv/inventory-${params.host_ip}.yml" + } + } + +} diff --git a/Jenkinsfile.mc_vpn b/Jenkinsfile.mc_vpn new file mode 100644 index 0000000..da38e31 --- /dev/null +++ b/Jenkinsfile.mc_vpn @@ -0,0 +1,187 @@ +pipeline { + agent any + + // Define parameters + parameters { + + string(name: 'host_ip', description: 'Target System Address') + choice(name: 'new_hostname', choices: ['MC-Friendly', 'MC-NanoPi2a', 'MC-NanoPi2b', 'MC-NanoPi2c', 'MC-ZeroPi2', 'MC-RickyPi' ], description: 'Select Hostname for VPN config') + // string(name: 'new_hostname', description: 'New Hostname, must match valid CN for VPN') + booleanParam(name: 'onboard_pi', defaultValue: true, description: 'Check this option to onboard a new FriendlyElec Device') + booleanParam(name: 'redirect_all', defaultValue: false, description: 'Redirect all traffic through VPN') + } + + + environment { + ANSIBLE_FORCE_COLOR = '1' + cosmos_password = credentials('cosmos_password') + cosmos_root_password = credentials('cosmos_root_password') + matt_public_key = credentials('matt_public_key') + jenkins_public_key = credentials('jenkins_public_key') + } + + options { + ansiColor('xterm') + } + + stages { + + stage('Inject Auth Key') { + when { + expression { params.onboard_pi } + } + steps { + script{ + // clear ssh keys + echo "Target IP: ${params.host_ip}" + + sh """ + ssh-keygen -f "/root/.ssh/known_hosts" -R "${params.host_ip}" + """ + + + sh """ + echo Copy public key to pi home dir + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo ${env.jenkins_public_key} > /home/pi/authorized_keys" + """ + + sh """ + echo Make sure /root/.ssh exists + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S mkdir -p /root/.ssh/" + """ + + sh """ + echo Move public key to root + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S mv /home/pi/authorized_keys /root/.ssh/authorized_keys" + """ + + sh """ + echo Restrict permissions on file + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S chmod -R 600 /root/.ssh/" + """ + + sh """ + echo Set owner to root + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S chown -R root:root /root/.ssh/" + """ + } + } + } + + stage('Generate Inventory Files') { + steps { + // Generate the dynamic inventory files + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + vpn_ip=\$(cat /var/jenkins_home/ansible/roles/puck_vpn/vars/endpoints/${params.new_hostname}.yaml | grep remote_gateway | cut -d '"' -f 2) + /var/jenkins_home/ansible/inventory/inventory.sh \$vpn_ip + + """ + } + } + + stage('Check for VPN') { + steps { + script { + def ip = sh(script: "cat /var/jenkins_home/ansible/roles/puck_vpn/vars/endpoints/${params.new_hostname}.yaml | grep remote_gateway | cut -d '\"' -f 2", returnStdout: true).trim() + echo "Detected IP: ${ip}" + + // Set it as an environment variable for later use + env.TARGET_IP = ip + def pingResult = sh(script: "ping -W .1 -i .1 -c 1 ${TARGET_IP}", returnStatus: true) + // Set a variable in current build context + currentBuild.description = (pingResult == 0) ? "Host is up" : "Host is down" + env.HOST_UP = (pingResult == 0) ? "true" : "false" + } + } + } + + + stage('Ansible Playbook Pre-VPN') { + when { + expression { + return env.HOST_UP != 'true' + } + } + + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file /var/jenkins_home/ansible/playbooks/puck_vpn.yaml \ + --ssh-common-args='-o StrictHostKeyChecking=no' --extra-vars \ + "new_hostname=${params.new_hostname} matt_public_key='${env.matt_public_key}' \ + cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' \ + redirect_all=${params.redirect_all} " + """ + } + } + + stage('Ansible Playbook Post-VPN') { + steps { + script { + echo "Waiting for reboot" + + def ip = sh(script: "cat /var/jenkins_home/ansible/roles/puck_vpn/vars/endpoints/${params.new_hostname}.yaml | grep remote_gateway | cut -d '\"' -f 2", returnStdout: true).trim() + echo "Detected IP: ${ip}" + + def timeoutSeconds = 300 // Total timeout: 5 minutes + def waitInterval = 5 // Wait 5 seconds between pings + def startTime = System.currentTimeMillis() + def responded = false + + while ((System.currentTimeMillis() - startTime) < (timeoutSeconds * 1000)) { + def status = sh(script: "ping -c 1 ${ip}", returnStatus: true) + if (status == 0) { + responded = true + echo "IP ${ip} is now responding to ping." + break + } + // echo "Waiting for ${ip} to respond to ping..." + sleep(waitInterval) + } + } + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + vpn_ip=\$(cat /var/jenkins_home/ansible/roles/puck_vpn/vars/endpoints/${params.new_hostname}.yaml | grep remote_gateway | cut -d '"' -f 2) + echo \$vpn_ip + hash=\$(echo -n \$vpn_ip | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file /var/jenkins_home/ansible/playbooks/puck_routing.yaml \ + --ssh-common-args='-o StrictHostKeyChecking=no' + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory files + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + vpn_ip=\$(cat /var/jenkins_home/ansible/roles/puck_vpn/vars/endpoints/${params.new_hostname}.yaml | grep remote_gateway | cut -d '"' -f 2) + hash=\$(echo -n "\$vpn_ip" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file || true + + """ + } + } + +} diff --git a/Jenkinsfile.pi-top b/Jenkinsfile.pi-top new file mode 100644 index 0000000..a41aa6c --- /dev/null +++ b/Jenkinsfile.pi-top @@ -0,0 +1,158 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address, single IP Only') + choice(name: 'function', choices: ['lldp', 'purge-defaults', 'none'], description: 'Choose Pi-Top Function') + booleanParam(name: 'inject_ssh', defaultValue: true, description: 'Inject Jenkins SSH key') + string(name: 'admin_username', defaultValue: 'pi', description: 'Admin Username') + password(name: 'admin_password', defaultValue: 'pi-top', description: 'Admin Password') + + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + jenkins_public_key = credentials('jenkins_public_key') + } + + options { + ansiColor('xterm') + } + + stages { + + stage('Purge SSH Keys') { + steps { + script{ + sh """ + ssh-keygen -f "/root/.ssh/known_hosts" -R "${params.host_ip}" + """ + } + } + } + + stage('Inject Auth Key') { + when { + expression { + return params.function != 'none' && params.inject_ssh + } + } + steps { + script{ + // clear ssh keys + echo "Target IP: ${params.host_ip}" + + sh """ + ssh-keygen -f "/root/.ssh/known_hosts" -R "${params.host_ip}" + """ + + } + + script{ + admin_password = params.admin_password + wrap([$class: 'MaskPasswordsBuildWrapper', + varPasswordPairs: [[password: admin_password]]]) { + sh """ + echo Copy public key to pi home dir + sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${env.jenkins_public_key} > /home/${params.admin_username}/authorized_keys" + """ + } + } + + script{ + admin_password = params.admin_password + wrap([$class: 'MaskPasswordsBuildWrapper', + varPasswordPairs: [[password: admin_password]]]) { + sh """ + echo Make sure /root/.ssh exists + sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${params.admin_password} | sudo -S mkdir -p /root/.ssh/" + """ + } + } + + script{ + admin_password = params.admin_password + wrap([$class: 'MaskPasswordsBuildWrapper', + varPasswordPairs: [[password: admin_password]]]) { + sh """ + echo Move public key to root + sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${params.admin_password} | sudo -S mv /home/${params.admin_username}/authorized_keys /root/.ssh/authorized_keys" + """ + } + } + + script{ + admin_password = params.admin_password + wrap([$class: 'MaskPasswordsBuildWrapper', + varPasswordPairs: [[password: admin_password]]]) { + sh """ + echo Restrict permissions on file + sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${params.admin_password} | sudo -S chmod -R 600 /root/.ssh/" + """ + } + } + + script{ + admin_password = params.admin_password + wrap([$class: 'MaskPasswordsBuildWrapper', + varPasswordPairs: [[password: admin_password]]]) { + sh """ + echo Set owner to root + sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${params.admin_password} | sudo -S chown -R root:root /root/.ssh/" + """ + } + } + } + } + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + when { + expression { + return params.function != 'none' + } + } + steps { + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/pi-top.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars " function=${params.function} admin_username='${params.admin_username}' " + + """ + } + } + + } + + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.pi_init b/Jenkinsfile.pi_init new file mode 100644 index 0000000..9dd517f --- /dev/null +++ b/Jenkinsfile.pi_init @@ -0,0 +1,101 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + jenkins_public_key = credentials('jenkins_public_key') + } + + options { + ansiColor('xterm') + } + + stages { + + stage('Inject Auth Key') { + steps { + script{ + // clear ssh keys + echo "Target IP: ${params.host_ip}" + + sh """ + ssh-keygen -f "/root/.ssh/known_hosts" -R "${params.host_ip}" + """ + + sh """ + echo Copy public key to pi home dir + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo ${env.jenkins_public_key} > /home/pi/authorized_keys" + """ + + sh """ + echo Make sure /root/.ssh exists + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S mkdir -p /root/.ssh/" + """ + + sh """ + echo Move public key to root + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S mv /home/pi/authorized_keys /root/.ssh/authorized_keys" + """ + + sh """ + echo Restrict permissions on file + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S chmod -R 600 /root/.ssh/" + """ + + sh """ + echo Set owner to root + sshpass -p 'pi' ssh -o StrictHostKeyChecking=no pi@${params.host_ip} "echo pi | sudo -S chown -R root:root /root/.ssh/" + """ + } + } + } + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Check') { + steps { + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/pi-init.yaml --ssh-common-args='-o StrictHostKeyChecking=no' + + """ + } + } + + } + + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.public-profile-capture b/Jenkinsfile.public-profile-capture new file mode 100644 index 0000000..89734e4 --- /dev/null +++ b/Jenkinsfile.public-profile-capture @@ -0,0 +1,55 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + SSH_CREDENTIALS_ID = 'jenkins-ssh-key' + SATURN_BEHEMOTH = credentials('SATURN_BEHEMOTH') + } + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/generate_inventory.sh + /var/jenkins_home/ansible/inventory/generate_inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Pipeline') { + steps { + //Run the cosmos-base ansible playbook + sh """ + cd /var/jenkins_home/ansible + + ansible-playbook -i /var/jenkins_home/ansible/.inv/inventory-${params.host_ip}.yml \ + /var/jenkins_home/ansible/playbooks/public-capture.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "saturn_behemoth=${SATURN_BEHEMOTH} " + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh "rm /var/jenkins_home/ansible/.inv/inventory-${params.host_ip}.yml" + } + } + +} diff --git a/Jenkinsfile.pxe-server b/Jenkinsfile.pxe-server new file mode 100644 index 0000000..325569b --- /dev/null +++ b/Jenkinsfile.pxe-server @@ -0,0 +1,84 @@ +pipeline { + agent any + + // Define parameters + parameters { + //booleanParam(name: 'deploy_iso', defaultValue: true, description: 'Deploy extra ISO boot options - will increase pipeline runtime.') + string(name: 'host_ip', defaultValue: '172.20.20.40', description: 'PXE Server IP Address') + string(name: 'iface', defaultValue: 'eth1', description: 'Listen interface for PXE') + string(name: 'server_ip', defaultValue: '172.29.1.10', description: 'IP address for DHCP server, might not match the target IP such as in the default case where I have two interfaces') + string(name: 'router_ip', defaultValue: '172.29.1.1', description: 'IP Address for router') + string(name: 'dhcp_subnet', defaultValue: '172.29.1.0', description: 'Default Subnet for DHCP server') + string(name: 'dhcp_netmask', defaultValue: '255.255.255.0', description: 'Default netmask for DHCP server') + string(name: 'dhcp_start', defaultValue: '172.29.1.100', description: 'DHCP start IP') + string(name: 'dhcp_end', defaultValue: '172.29.1.150', description: 'DHCP end IP') + booleanParam(name: 'configure_routing', defaultValue: false, description: 'Check this option to configure the PXE server to be the gateway for the dhcp network') + string(name: 'inet_iface', defaultValue: 'eth0', description: 'Interface for internet if enabling routing') + booleanParam(name: 'refresh_only', defaultValue: false, description: 'Only run the PXE Role to refresh configs') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + SATURN_BEHEMOTH = credentials('SATURN_BEHEMOTH') + APPS_LIST = 'pxe-server' + pxe_proxy_password = credentials('pxe_proxy_password') + PXE_API_KEY = credentials('PXE_API_KEY') + LINUX_LDAP_PWD = credentials('LINUX_LDAP') + AUTHORIZED_KEY = credentials('AUTH_SSH_KEY') + matt_public_key = credentials('matt_public_key') + matt_private_key = credentials('matt_private_key') + cosmos_password = credentials('cosmos_password') + cosmos_root_password = credentials('cosmos_root_password') + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/generate_inventory.sh + /var/jenkins_home/ansible/inventory/generate_inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the pxe-server ansible playbook + // /workspace/ansible/playbooks/pxe-server.yaml + sh """ + cd /var/jenkins_home/ansible + + ansible-playbook -i /var/jenkins_home/ansible/.inv/inventory-${params.host_ip}.yml \ + /var/jenkins_home/ansible/playbooks/pxe-server.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "new_hostname=debian-pxe.home.cosmos saturn_behemoth=${SATURN_BEHEMOTH} authorized_key=${AUTHORIZED_KEY} \ + rename_host=true apps_list=${APPS_LIST} listen_interface=${params.iface} pxe_auth=${pxe_proxy_password} \ + internet_interface=${params.inet_iface} dhcp_subnet=${params.dhcp_subnet} \ + dhcp_netmask=${params.dhcp_netmask} dhcp_start=${params.dhcp_start} \ + dhcp_end=${params.dhcp_end} server_ip=${params.server_ip} \ + router_ip=${params.router_ip} configure_routing=${params.configure_routing} \ + refresh_only=${params.refresh_only} \ + matt_public_key='${env.matt_public_key}' matt_private_key='${env.matt_private_key}' \ + cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' " + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh "rm /var/jenkins_home/ansible/.inv/inventory-${params.host_ip}.yml" + } + } + +} diff --git a/Jenkinsfile.rename-endpoint b/Jenkinsfile.rename-endpoint new file mode 100644 index 0000000..6e0ae8b --- /dev/null +++ b/Jenkinsfile.rename-endpoint @@ -0,0 +1,58 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + string(name: 'new_hostname', description: 'New Target Hostname') + booleanParam(name: 'add_domain', defaultValue: true, description: 'When checked hostname will have home.cosmos appended') + + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + } + + options { + ansiColor('xterm') + } + + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/generate_inventory.sh + /var/jenkins_home/ansible/inventory/generate_inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Pipeline') { + steps { + //Run the cosmos-base ansible playbook + sh """ + cd /var/jenkins_home/ansible + + ansible-playbook -i /var/jenkins_home/ansible/.inv/inventory-${params.host_ip}.yml \ + /var/jenkins_home/ansible/playbooks/rename-endpoint.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "new_hostname=${params.new_hostname} add_domain=${params.add_domain}" + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh "rm /var/jenkins_home/ansible/.inv/inventory-${params.host_ip}.yml" + } + } + +} diff --git a/Jenkinsfile.rip-cd b/Jenkinsfile.rip-cd new file mode 100644 index 0000000..b50cba8 --- /dev/null +++ b/Jenkinsfile.rip-cd @@ -0,0 +1,77 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + choice(name: 'cifs_choice', choices: ['TERRA_BEHEMOTH_SMB'], description: 'Choose stored server credentials here') + booleanParam(name: 'eject_drive', defaultValue: false, description: 'Check this option to eject disk at appropriate times') + booleanParam(name: 'remove_local_cache', defaultValue: true, description: 'Check this option to remove local cache data') + string(name: 'disk_drive', defaultValue: '/dev/sr0', description: 'Local DVD Drive device path') + string(name: 'extra_verbose', defaultValue: 'EXTRAVERBOSE=0', description: 'Verbosity Level; 0 by default. Change to 2 for big output') + string(name: 'nogap_enable', defaultValue: 'NOGAP=y', description: 'LAME No-Gap encoding; enabled by default') + string(name: 'server_path', defaultValue: '//172.25.1.10/behemoth/mp3_rip', description: 'Remote Server Path') + + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + CIFS_CREDENTIALS = credentials("${params.cifs_choice}") + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/rip-cd.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "CIFS_USERNAME=${env.CIFS_CREDENTIALS_USR} CIFS_PASSWORD=${env.CIFS_CREDENTIALS_PSW} \ + CIFS_CREDENTIALS=${env.CIFS_CREDENTIALS} CIFS_CHOICE=${params.cifs_choice} \ + disk_drive=${params.disk_drive} extra_verbose=${params.extra_verbose} \ + nogap_enable=${params.nogap_enable} server_path=${params.server_path} \ + eject_drive=${params.eject_drive} remove_local_cache=${params.remove_local_cache}" + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.test b/Jenkinsfile.test new file mode 100644 index 0000000..c6298f1 --- /dev/null +++ b/Jenkinsfile.test @@ -0,0 +1,86 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + // string(name: 'new_hostname', description: 'Update Hostname') + // reference for later + // choice(name: 'DEPLOY_ENV', choices: ['dev', 'staging', 'prod'], description: 'Environment to deploy to') + // booleanParam(name: 'rename_host', defaultValue: true, description: 'When checked hostname will be renamed') + // booleanParam(name: 'config_matt', defaultValue: true, description: 'config matt profile') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + SATURN_BEHEMOTH = credentials('SATURN_BEHEMOTH') + pxe_proxy_password = credentials('pxe_proxy_password') + PXE_API_KEY = credentials('PXE_API_KEY') + LINUX_LDAP_PWD = credentials('LINUX_LDAP') + AUTHORIZED_KEY = credentials('AUTH_SSH_KEY') + TERRA_BEHEMOTH_SMB = credentials('TERRA_BEHEMOTH_SMB') + MATT_PASSWORD = credentials('MATT_PASSWORD') + matt_public_key = credentials('matt_public_key') + matt_private_key = credentials('matt_private_key') + cosmos_password = credentials('cosmos_password') + cosmos_root_password = credentials('cosmos_root_password') + vm_party_username_password = credentials('cosmos_root_password') + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/test.yaml --ssh-common-args='-o StrictHostKeyChecking=no'\ + --extra-vars "saturn_behemoth=${SATURN_BEHEMOTH} linux_ldap_pwd=${LINUX_LDAP_PWD} \ + pxe_proxy_password=${pxe_proxy_password} PXE_API_KEY=${PXE_API_KEY} \ + AUTHORIZED_KEY=${AUTHORIZED_KEY} TERRA_BEHEMOTH_SMB=${TERRA_BEHEMOTH_SMB} \ + CIFS_USERNAME=${env.TERRA_BEHEMOTH_SMB_USR} CIFS_PASSWORD=${env.TERRA_BEHEMOTH_SMB_PSW} \ + MATT_PASSWORD=${env.MATT_PASSWORD} host_ip=${params.host_ip} \ + matt_public_key='${env.matt_public_key}' matt_private_key='${env.matt_private_key}' \ + cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' \ + vm_party_username_password=${env.vm_party_username_password} " + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.trixie_upgrade b/Jenkinsfile.trixie_upgrade new file mode 100644 index 0000000..f5b79a3 --- /dev/null +++ b/Jenkinsfile.trixie_upgrade @@ -0,0 +1,64 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + // Run the trixie_upgrade ansible playbook + // /workspace/ansible/playbooks/trixie_upgrade.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/trixie_upgrade.yaml --ssh-common-args='-o StrictHostKeyChecking=no' + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.update-endpoint b/Jenkinsfile.update-endpoint new file mode 100644 index 0000000..0ce2dec --- /dev/null +++ b/Jenkinsfile.update-endpoint @@ -0,0 +1,63 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/update-endpoint.yaml --ssh-common-args='-o StrictHostKeyChecking=no' + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +} diff --git a/Jenkinsfile.vm_party b/Jenkinsfile.vm_party new file mode 100644 index 0000000..55c2161 --- /dev/null +++ b/Jenkinsfile.vm_party @@ -0,0 +1,146 @@ +pipeline { + agent any + + // Define parameters + parameters { + + string(name: 'host_ip', description: 'Target System Address') + string(name: 'new_hostname', defaultValue: 'vm-party-host', description: 'Update Hostname') + booleanParam(name: 'update_party', defaultValue: false, description: 'Only update VM Party service') + booleanParam(name: 'service_only', defaultValue: false, description: 'Only update VM Party python code') + booleanParam(name: 'autologin', defaultValue: true, description: 'Enable autologin with stats on screen') + + } + + + environment { + safe_subnet = true + ANSIBLE_FORCE_COLOR = '1' + cosmos_password = credentials('cosmos_password') + cosmos_root_password = credentials('cosmos_root_password') + vm_party_username_password = credentials('vm_party_username_password') + matt_public_key = credentials('matt_public_key') + jenkins_public_key = credentials('jenkins_public_key') + } + + options { + ansiColor('xterm') + } + + stages { + + stage('Initialize Environment') { + + + steps { + script { + // Get the current date (in a consistent format) and hash it + def date = sh(script: "date +%Y-%m-%dT%H:%M:%S", returnStdout: true).trim() + def hash = sh(script: "echo -n '${date}' | sha256sum | cut -c1-8", returnStdout: true).trim() + + // Set it as an environment variable + env.STAGE_TWO_HASH = hash + + } + // Generate the dynamic inventory files + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + echo Stage Two Hash: ${env.STAGE_TWO_HASH} + + """ + } + } + + + stage('Ansible Playbook Stage One') { + when { expression { env.safe_subnet } } + + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file /var/jenkins_home/ansible/playbooks/vm_party.yaml \ + --ssh-common-args='-o StrictHostKeyChecking=no' --extra-vars \ + "new_hostname=${params.new_hostname} matt_public_key='${env.matt_public_key}' \ + cosmos_password='${env.cosmos_password}' cosmos_root_password='${env.cosmos_root_password}' \ + STAGE_TWO_HASH=${env.STAGE_TWO_HASH} update_party=${params.update_party} run_stage_two=false \ + vm_party_username_password=${env.vm_party_username_password} autologin=${params.autologin} service_only=${params.service_only} " + """ + } + } + + stage('Ansible Playbook Stage Two') { + // Skip stage two when update_party is set + when { expression { params.update_party != true && env.safe_subnet } } + + steps { + script { + echo "Sleep 5 seconds..." + sleep(5) + + echo "Waiting for reboot" + + def ip = sh(script: "cat /var/jenkins_home/ansible/.inv/inventory-${env.STAGE_TWO_HASH}.yml | grep host_ip | cut -d ';' -f 2", returnStdout: true).trim() + echo "Detected IP: ${ip}" + + def timeoutSeconds = 300 // Total timeout: 5 minutes + def waitInterval = 5 // Wait 5 seconds between pings + def startTime = System.currentTimeMillis() + def responded = false + + while ((System.currentTimeMillis() - startTime) < (timeoutSeconds * 1000)) { + def status = sh(script: "ping -c 1 ${ip}", returnStatus: true) + if (status == 0) { + responded = true + echo "IP ${ip} is now responding to ping." + break + } + // echo "Waiting for ${ip} to respond to ping..." + sleep(waitInterval) + } + } + // check for forbidden subnet + + + + // Run the stage two playbook + // using the hash + sh """ + + inventory_file="/var/jenkins_home/ansible/.inv/inventory-${env.STAGE_TWO_HASH}.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file /var/jenkins_home/ansible/playbooks/vm_party.yaml \ + --ssh-common-args='-o StrictHostKeyChecking=no' --extra-vars \ + " run_stage_two=true vm_party_username_password=${env.vm_party_username_password} service_only=${params.service_only} " + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory files + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file || true + + inventory_file="/var/jenkins_home/ansible/.inv/inventory-${env.STAGE_TWO_HASH}.yml" + rm \$inventory_file || true + + """ + } + } + +} diff --git a/wrt/Jenkinsfile.nordvpn b/wrt/Jenkinsfile.nordvpn new file mode 100644 index 0000000..a0be59f --- /dev/null +++ b/wrt/Jenkinsfile.nordvpn @@ -0,0 +1,65 @@ +pipeline { + agent any + + // Define parameters + parameters { + string(name: 'host_ip', description: 'Target System Address') + text(name: 'vpn_config', defaultValue: 'Paste entire config here', description: 'OpenVPN Config') + } + + environment { + ANSIBLE_FORCE_COLOR = '1' + } + + options { + ansiColor('xterm') + } + + stages { + + + stage('Generate Inventory File') { + steps { + // Generate the dynamic inventory file + sh """ + cd /var/jenkins_home/ansible + chmod +x /var/jenkins_home/ansible/inventory/inventory.sh + /var/jenkins_home/ansible/inventory/inventory.sh ${params.host_ip} + + """ + } + } + + stage('Ansible Playbook') { + steps { + //Run the cosmos-base ansible playbook + // /workspace/ansible/playbooks/cosmos-base.yaml + sh """ + echo ${params.host_ip} + hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + + cd /var/jenkins_home/ansible + + ansible-playbook -i \$inventory_file \ + /var/jenkins_home/ansible/playbooks/wrt/nordvpn.yaml --ssh-common-args='-o StrictHostKeyChecking=no' \ + --extra-vars "new_hostname=${params.new_hostname} vpn_config=${params.vpn_config}" + + """ + } + } + } + + post { + always { + // Remove dynamic Inventory file + sh """ + hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) + inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" + rm \$inventory_file + + """ + } + } + +}