4 This cookbook sets up a Concourse CI service by Docker Compose.
8 - [Requirements](#requirements)
9 - [platforms](#platforms)
10 - [packages](#packages)
11 - [cookbooks](#cookbooks)
12 - [Attributes](#attributes)
15 - [concourse-ci::default](#concourse-cidefault)
16 - [concourse-ci::docker-compose](#concourse-cidocker-compose)
17 - [Role Examples](#role-examples)
18 - [SSL server keys and certificates management by ssl_cert cookbook](#ssl-server-keys-and-certificates-management-by-ssl_cert-cookbook)
19 - [License and Authors](#license-and-authors)
35 |Key|Type|Description, example|Default|
37 |`['concourse-ci']['docker-compose']['app_dir']`|String||`"#{node['docker-grid']['compose']['app_dir']}/concourse"`|
38 |`['concourse-ci']['docker-compose']['pgdata_dir']`|String|Path string or nil (unset).|`"#{node['concourse-ci']['docker-compose']['app_dir']}/database"`|
39 |`['concourse-ci']['docker-compose']['web_keys_dir']`|String|Path string.|`"#{node['concourse-ci']['docker-compose']['app_dir']}/keys/web"`|
40 |`['concourse-ci']['docker-compose']['worker_keys_dir']`|String|Path string.|`"#{node['concourse-ci']['docker-compose']['app_dir']}/keys/worker"`|
41 |`['concourse-ci']['docker-compose']['pgdata_dir']`|String|Path string or nil (unset, non-persistent).|`"#{node['concourse-ci']['docker-compose']['app_dir']}/database"`|
42 |`['concourse-ci']['docker-compose']['db_password_reset']`|String|Only available if the password is automatically generated by Chef.|`false`|
43 |`['concourse-ci']['docker-compose']['db_password_vault_item']`|Hash|See `attributes/default.rb`|`{}`|
44 |`['concourse-ci']['docker-compose']['web_password_reset']`|String|Only available if the password is automatically generated by Chef.|`false`|
45 |`['concourse-ci']['docker-compose']['web_password_vault_item']`|Hash|See `attributes/default.rb`|`{}`|
46 |`['concourse-ci']['docker-compose']['ssh_keys_reset']`|String|Resets all SSH keys forcely.|`false`|
47 |`['concourse-ci']['docker-compose']['config_format_version']`|String|Read only. `docker-compose.yml` format version. Only version 1 is supported now.|`'1'`|
48 |`['concourse-ci']['docker-compose']['config']`|Hash|`docker-compose.yml` configurations.|See `attributes/default.rb`|
54 #### concourse-ci::default
56 This recipe does nothing.
58 #### concourse-ci::docker-compose
60 This recipe generates SSH keys of each node and a `docker-compose.yml` file for the Concourse CI service.
64 - `roles/concourse.rb`
68 description 'Concourse'
72 'recipe[concourse-ci::docker-compose]',
75 image = 'concourse/concourse:2.6.0'
82 # Version 1 docker-compose format
89 'CONCOURSE_EXTERNAL_URL' => "http://192.168.1.3:#{port}",
92 'concourse-worker' => {
101 - `roles/concourse-with-ssl.rb`
104 name 'concourse-with-ssl'
105 description 'Concourse with SSL'
108 'recipe[ssl_cert::server_key_pairs]',
110 'recipe[concourse-ci::docker-compose]',
113 image = 'concourse/concourse:2.6.0'
115 cn = 'concourse.io.example.com'
124 'with_ssl_cert_cookbook' => true,
128 'docker-compose' => {
130 # Version 1 docker-compose format
137 'CONCOURSE_EXTERNAL_URL' => "https://192.168.1.3:#{port}",
138 'CONCOURSE_TLS_BIND_PORT' => '8443', # activate HTTPS
139 # These environments will be set by the concourse-ci::docker-compose recipe automatically.
140 #'CONCOURSE_TLS_CERT' => '/root/server.crt',
141 #'CONCOURSE_TLS_KEY' => '/root/server.key',
144 # These volumes will be set by the concourse-ci::docker-compose recipe automatically.
145 #"#{server_cert_path(node['concourse-ci']['ssl_cert']['common_name'])}:/root/server.crt:ro",
146 #"#{server_key_path(node['concourse-ci']['ssl_cert']['common_name'])}:/root/server.key:ro",
149 'concourse-worker' => {
158 ### SSL server keys and certificates management by ssl_cert cookbook
160 - create vault items.
163 $ ruby -rjson -e 'puts JSON.generate({"private" => File.read("concourse_io_example_com.prod.key")})' \
164 > > ~/tmp/concourse_io_example_com.prod.key.json
166 $ knife vault create ssl_server_keys concourse.io.example.com.prod \
167 > --json ~/tmp/concourse_io_example_com.prod.key.json
169 $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("concourse_io_example_com.prod.crt")})' \
170 > > ~/tmp/concourse_io_example_com.prod.crt.json
172 $ knife vault create ssl_server_certs concourse.io.example.com.prod \
173 > --json ~/tmp/concourse_io_example_com.prod.crt.json
176 - grant reference permission to the Concourse host
179 $ knife vault update ssl_server_keys concourse.io.example.com.prod -S 'name:concourse-host.example.com'
180 $ knife vault update ssl_server_certs concourse.io.example.com.prod -S 'name:concourse-host.example.com'
183 - modify run_list and attributes
187 'recipe[ssl_cert::server_key_pairs]',
188 'recipe[concourse-ci::docker-compose]',
194 'concourse.io.example.com',
198 'with_ssl_cert_cookbook' => true,
200 'common_name' => 'concourse.io.example.com',
207 ## License and Authors
209 - Author:: whitestar at osdn.jp
212 Copyright 2017, whitestar
214 Licensed under the Apache License, Version 2.0 (the "License");
215 you may not use this file except in compliance with the License.
216 You may obtain a copy of the License at
218 http://www.apache.org/licenses/LICENSE-2.0
220 Unless required by applicable law or agreed to in writing, software
221 distributed under the License is distributed on an "AS IS" BASIS,
222 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
223 See the License for the specific language governing permissions and
224 limitations under the License.