pipeline { agent any // Define parameters parameters { string(name: 'host_ip', description: 'Target System Address, single IP Only') choice(name: 'function', choices: ['lldp', 'purge-defaults', 'none'], description: 'Choose Pi-Top Function') booleanParam(name: 'inject_ssh', defaultValue: true, description: 'Inject Jenkins SSH key') string(name: 'admin_username', defaultValue: 'pi', description: 'Admin Username') password(name: 'admin_password', defaultValue: 'pi-top', description: 'Admin Password') } environment { ANSIBLE_FORCE_COLOR = '1' jenkins_public_key = credentials('jenkins_public_key') } options { ansiColor('xterm') } stages { stage('Purge SSH Keys') { steps { script{ sh """ ssh-keygen -f "/root/.ssh/known_hosts" -R "${params.host_ip}" """ } } } stage('Inject Auth Key') { when { expression { return params.function != 'none' && params.inject_ssh } } steps { script{ // clear ssh keys echo "Target IP: ${params.host_ip}" sh """ ssh-keygen -f "/root/.ssh/known_hosts" -R "${params.host_ip}" """ } script{ admin_password = params.admin_password wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: admin_password]]]) { sh """ echo Copy public key to pi home dir sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${env.jenkins_public_key} > /home/${params.admin_username}/authorized_keys" """ } } script{ admin_password = params.admin_password wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: admin_password]]]) { sh """ echo Make sure /root/.ssh exists sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${params.admin_password} | sudo -S mkdir -p /root/.ssh/" """ } } script{ admin_password = params.admin_password wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: admin_password]]]) { sh """ echo Move public key to root sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${params.admin_password} | sudo -S mv /home/${params.admin_username}/authorized_keys /root/.ssh/authorized_keys" """ } } script{ admin_password = params.admin_password wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: admin_password]]]) { sh """ echo Restrict permissions on file sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${params.admin_password} | sudo -S chmod -R 600 /root/.ssh/" """ } } script{ admin_password = params.admin_password wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: admin_password]]]) { sh """ echo Set owner to root sshpass -p '${params.admin_password}' ssh -o StrictHostKeyChecking=no ${params.admin_username}@${params.host_ip} "echo ${params.admin_password} | sudo -S chown -R root:root /root/.ssh/" """ } } } } stage('Generate Inventory File') { steps { // Generate the dynamic inventory file sh """ jenkins_group=\$(echo ${env.BUILD_USER_GROUPS} | sed 's/,/\\n/g' | grep Jenkins | head -n 1) jenkins_user=\$(echo ${env.BUILD_USER}) cd /var/jenkins_home/ansible chmod +x /var/jenkins_home/ansible/inventory/inventory.sh /var/jenkins_home/ansible/inventory/inventory.sh -s -g \$jenkins_group -u \$jenkins_user -i ${params.host_ip} """ } } stage('Ansible Playbook') { when { expression { return params.function != 'none' } } steps { sh """ echo ${params.host_ip} hash=\$(echo -n ${params.host_ip} | md5sum | cut -c 1-8) inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" cd /var/jenkins_home/ansible ansible-playbook -i \$inventory_file /var/jenkins_home/ansible/playbooks/pi-top.yaml \ --ssh-common-args='-o StrictHostKeyChecking=no' \ --extra-vars " function=${params.function} admin_username='${params.admin_username}' " """ } } } post { always { // Remove dynamic Inventory file sh """ hash=\$(echo -n "${params.host_ip}" | md5sum | cut -c 1-8) inventory_file="/var/jenkins_home/ansible/.inv/inventory-\$hash.yml" rm \$inventory_file """ } } }