diff --git a/nordvpn-autoconfigure.jenkins b/nordvpn-autoconfigure.jenkins index 01ad1f8..1cd7ea9 100644 --- a/nordvpn-autoconfigure.jenkins +++ b/nordvpn-autoconfigure.jenkins @@ -1,13 +1,16 @@ -def label = "jenkins-${UUID.randomUUID().toString()}" +#!groovy -def registry = "registry.c.test-chamber-13.lan" +// repository configuration +def repository = "registry.c.test-chamber-13.lan" -def alpineImage = "${registry}/library/alpine" -def alpineTag = "latest" - -def kubectlCreds = "k8s-dl-automation-access" +// jenkins secrets def nordCreds = "nordvpn-login-creds" +// kubernetes configuration +def kubeNamespace = "dl-automation" +def kubeSecret = "openvpn" + +// list of urls that return different nordVPN servers def nordURLs = [ // canada "https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters=\\{%22country_id%22:38,%22servers_groups%22:\\[15\\],%22servers_technologies%22:\\[5\\]\\}", @@ -26,95 +29,100 @@ def nordURLs = [ // united kingdom "https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters=\\{%22country_id%22:38,%22servers_groups%22:\\[15\\],%22servers_technologies%22:\\[5\\]\\}", ] +// randomly select one from the list def nordURL = nordURLs[Math.abs(new Random().nextInt() % [8])] -def kubeNamespace = "dl-automation" -def kubeSecret = "openvpn" +// script used to retrieve a nordVPN OpenVPN configuration from NordVPN +def openVPNConfigScript = """# Get OpenVPN Config +curl \ + --silent \ + --location \ + --fail \ + "https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/\$( + curl \ + --silent \ + --location \ + --fail \ + '""" + nordURL + """' \ + | jq \ + --raw-output \ + '[.[] | select(.technologies[] | .identifier == "openvpn_tcp")][0] | .hostname' \ + ).tcp.ovpn" \ + | sed \ + --regexp-extended \ + --expression='s/auth-user-pass/auth-user-pass \\/etc\\/openvpn\\/client\\/openvpn-credentials.txt/' \ + | base64 -w 0 +""" +def label = "kubernetes-${UUID.randomUUID().toString()}" +def templateName = "pipeline-worker" podTemplate( label: label, - name: "pipeline-worker", - yaml: """--- -apiVersion: v1 -kind: Pod -metadata: - name: pipeline-worker -spec: - containers: - - name: alpine - imagePullPolicy: Always - image: ${alpineImage}:${alpineTag} - tty: true - command: - - /bin/sh -""", + name: templateName, + yaml: functions.podYaml( + repo: repository, + templateName: templateName, + alpine: true + ) ) { node (label) { def workspace = pwd() + def openVPNConfig - stage ("Update Secret") { + stage ("Prepare Container") { container ("alpine") { sh """ apk add --no-cache curl jq sed KUBE_VERSION="\$(curl --location --silent https://dl.k8s.io/release/stable.txt)" curl \ - --location \ - --silent \ - --output /usr/local/bin/kubectl \ - "https://dl.k8s.io/release/\${KUBE_VERSION}/bin/linux/amd64/kubectl" + --location \ + --silent \ + --output /usr/local/bin/kubectl \ + "https://dl.k8s.io/release/\${KUBE_VERSION}/bin/linux/amd64/kubectl" chmod +x /usr/local/bin/kubectl """ - - withCredentials([string( - credentialsId: nordCreds, - variable: "NORD_CREDS", - )]) { - - withKubeConfig([ - credentialsId: kubectlCreds, - serverUrl: "https://kubernetes.test-chamber-13.lan:6443", - namespace: kubeNamespace - ]) { - sh """ - # Get OpenVPN Config - OPENVPN_CONFIG="\$( - curl \ - --silent \ - --location \ - --fail \ - "https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/\$( - curl \ - --silent \ - --location \ - --fail \ - '""" + nordURL + """' \ - | jq \ - --raw-output \ - '[.[] | select(.technologies[] | .identifier == "openvpn_tcp")][0] | .hostname' \ - ).tcp.ovpn" \ - | sed \ - --regexp-extended \ - --expression='s/auth-user-pass/auth-user-pass \\/etc\\/openvpn\\/client\\/openvpn-credentials.txt/' \ - | base64 -w 0 - )" - printf '%s\n' \ - "apiVersion: v1" \ - "kind: Secret" \ - "metadata:" \ - " name: """ + kubeSecret + """" \ - " namespace: """ + kubeNamespace + """" \ - "data:" \ - " openvpn-credentials.txt: \${NORD_CREDS}" \ - " us5766.nordvpn.com.tcp.ovpn: \${OPENVPN_CONFIG}" > /tmp/openvpn-secret.kubectl - - kubectl apply --namespace """ + kubeNamespace + """ -f /tmp/openvpn-secret.kubectl - for i in \$(kubectl get pods --namespace """ + kubeNamespace + """ --selector app="deluge" -o name); do - kubectl delete --namespace """ + kubeNamespace + """ \${i} - done - """ - } - } } } + + stage ("Get Remote OpenVPN Config") { + container ("alpine") { + openVPNConfig = sh( + returnStdout: true, + script: openVPNConfigScript + ) + } + } + + stage ("Compile Secret") { + def k8sSecret + withCredentials([string( + credentialsId: nordCreds, + variable: "NORD_CREDS", + )]) { + k8sSecret = """apiVersion: v1 +kind: Secret +metadata: + name: """ + kubeSecret + """ + namespace: """ + kubeNamespace + """ +data: + openvpn-credentials.txt: """ + NORD_CREDS + """ + nordvpn.com.tcp.ovpn: """ + openVPNConfig + """ +""" + } + } + + functions.createSecret( + kubeAuth: "k8s-dl-automation-access", + kubeURL: "https://kubernetes.test-chamber-13.lan:6443", + namespace: "dl-automation", + secret: k8sSecret + ) + + functions.deletePod( + kubeAuth: "k8s-dl-automation-access", + kubeURL: "https://kubernetes.test-chamber-13.lan:6443", + namespace: "dl-automation", + selector: "app=deluge" + ) } } \ No newline at end of file