pipeline {
    agent any
    options {
        buildDiscarder logRotator (
            numToKeepStr: '5',
            daysToKeepStr: '7',
            artifactNumToKeepStr: '10',
            artifactDaysToKeepStr: '7'
        )
    }
    parameters {
        string(name: "target_host", defaultValue: "", trim: true, description: "Target host")
        booleanParam(name: "rproxy_install", defaultValue: true, description: "Install Rproxy")
        booleanParam(name: "config_add", defaultValue: true, description: "Add config")
        string(name: "rproxy_service_name", defaultValue: "", trim: true, description: "Service name (for 'Add config' job only)")
        string(name: "rproxy_service_port", defaultValue: "", trim: true, description: "Service port (for 'Add config' job only)")
        string(name: "rproxy_service_address", defaultValue: "", trim: true, description: "Service address (for 'Add config' job only)")
    }
    stages {
        stage('Save certs') {
            when {
                expression {
                    return params.rproxy_install
                }
            }
            steps {
                def ask_for_certs = input message: 'Upload RootCA certificate and key', parameters: [file(name: 'rootca'), file(name: 'rootca_key')]
                withFileParameter('rootca') {
                    sh 'mv ${rootca} roles/rproxy/files/RootCA.crt'
                }
                withFileParameter('rootca_key') {
                    sh 'mv ${rootca_key} roles/rproxy/files/RootCA.key'
                }
                ask_for_certs.delete()
            }
        }
        stage('Install Rproxy') {
            when {
                expression {
                    return params.rproxy_install
                }
            }
            steps {
                script {
                    withCredentials([
                        sshUserPrivateKey(credentialsId: 'JENKINS_DEPLOYER_KEY', keyFileVariable: 'SSH_KEY'), 
                        usernamePassword(credentialsId:'JENKINS_DEPLOYER_PASS', usernameVariable: 'username', passwordVariable: 'password')
                        ]) {
                        wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: env.password]]]) {
                            sh 'ansible-playbook rproxy.yml -i ${target_host}, -t install --private-key ${SSH_KEY} -u ${username} -e "ansible_password=${password} rproxy_service_name=${rproxy_service_name} rproxy_service_port=${rproxy_service_port} rproxy_service_address=${rproxy_service_address}"'
                        }
                    }
                }
            }
        }
        stage('Add config') {
            when {
                expression {
                    return params.config_add
                }
            }
            steps {
                script {
                    withCredentials([
                        sshUserPrivateKey(credentialsId: 'JENKINS_DEPLOYER_KEY', keyFileVariable: 'SSH_KEY'), 
                        usernamePassword(credentialsId:'JENKINS_DEPLOYER_PASS', usernameVariable: 'username', passwordVariable: 'password')
                        ]) {
                        wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[password: env.password]]]) {
                            sh 'ansible-playbook rproxy.yml -i ${target_host}, -t add_config --private-key ${SSH_KEY} -u ${username} -e "ansible_password=${password} rproxy_service_name=${rproxy_service_name} rproxy_service_port=${rproxy_service_port} rproxy_service_address=${rproxy_service_address}"'
                        }
                    }
                }
            }
        }
    }
}