cookbooks/screwdriver/attributes/default.rb

   1 #
   2 # Cookbook Name:: screwdriver
   3 # Attributes:: default
   4 #
   5 # Copyright 2017, whitestar
   6 #
   7 # Licensed under the Apache License, Version 2.0 (the "License");
   8 # you may not use this file except in compliance with the License.
   9 # You may obtain a copy of the License at
  10 #
  11 #     http://www.apache.org/licenses/LICENSE-2.0
  12 #
  13 # Unless required by applicable law or agreed to in writing, software
  14 # distributed under the License is distributed on an "AS IS" BASIS,
  15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 # See the License for the specific language governing permissions and
  17 # limitations under the License.
  18 #
  19
  20 default['screwdriver']['with_ssl_cert_cookbook'] = false
  21 # If ['screwdriver']['with_ssl_cert_cookbook'] is true,
  22 # node['screwdriver']['docker-compose']['config']
  23 # are overridden by the following 'common_name' attributes.
  24 default['screwdriver']['ssl_cert']['ca_names'] = []
  25 default['screwdriver']['ssl_cert']['common_name'] = node['fqdn']
  26 cn = node['screwdriver']['ssl_cert']['common_name']
  27
  28 # These hash objects are expanded to a `/config/local.yaml` file in each Docker container.
  29 default['screwdriver']['api']['config'] = {
  30   'auth' => {},
  31   'httpd' => {
  32     'tls' => false,
  33   },
  34 }
  35 default['screwdriver']['store']['config'] = {
  36   'auth' => {},
  37   'httpd' => {
  38     'tls' => false,
  39   },
  40 }
  41
  42 # Useless?!
  43 force_override['screwdriver']['docker-compose']['import_ca'] = false
  44 default['screwdriver']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/screwdriver"
  45 default['screwdriver']['docker-compose']['bin_dir'] = "#{node['screwdriver']['docker-compose']['app_dir']}/bin"
  46 default['screwdriver']['docker-compose']['config_dir'] = "#{node['screwdriver']['docker-compose']['app_dir']}/config"
  47 default['screwdriver']['docker-compose']['data_dir'] = "#{node['screwdriver']['docker-compose']['app_dir']}/data"
  48 default['screwdriver']['docker-compose']['jwt_private_key_reset'] = false
  49 default['screwdriver']['docker-compose']['jwt_private_key_vault_item'] = {
  50 =begin
  51   'vault' => 'screwdriver',
  52   'name' => 'jwt_private_key',
  53   # single password or nested hash password path delimited by slash
  54   'env_context' => false,
  55   'key' => 'private',  # real hash path: "/password"
  56   # or nested hash password path delimited by slash
  57   #'env_context' => true,
  58   #'key' => 'hash/path/to/private',  # real hash path: "/#{node.chef_environment}/hash/path/to/private"
  59 =end
  60 }
  61 default['screwdriver']['docker-compose']['jwt_public_key_vault_item'] = {
  62 =begin
  63   'vault' => 'screwdriver',
  64   'name' => 'jwt_public_key',
  65   # single password or nested hash password path delimited by slash
  66   'env_context' => false,
  67   'key' => 'public',  # real hash path: "/password"
  68   # or nested hash password path delimited by slash
  69   #'env_context' => true,
  70   #'key' => 'hash/path/to/public',  # real hash path: "/#{node.chef_environment}/hash/path/to/public"
  71 =end
  72 }
  73 # A password used for encrypting session data. Needs to be minimum 32 characters
  74 default['screwdriver']['docker-compose']['cookie_password_vault_item'] = {
  75 =begin
  76   'vault' => 'screwdriver',
  77   'name' => 'cookie_password',
  78   # single password or nested hash password path delimited by slash
  79   'env_context' => false,
  80   'key' => 'password',  # real hash path: "/password"
  81   # or nested hash password path delimited by slash
  82   #'env_context' => true,
  83   #'key' => 'hash/path/to/password',  # real hash path: "/#{node.chef_environment}/hash/path/to/password"
  84 =end
  85 }
  86 # A password used for encrypting stored secrets. Needs to be minimum 32 characters
  87 default['screwdriver']['docker-compose']['password_vault_item'] = {
  88 =begin
  89   'vault' => 'screwdriver',
  90   'name' => 'password',
  91   # single password or nested hash password path delimited by slash
  92   'env_context' => false,
  93   'key' => 'password',  # real hash path: "/password"
  94   # or nested hash password path delimited by slash
  95   #'env_context' => true,
  96   #'key' => 'hash/path/to/password',  # real hash path: "/#{node.chef_environment}/hash/path/to/password"
  97 =end
  98 }
  99 default['screwdriver']['docker-compose']['oauth_client_id_vault_item'] = {
 100 =begin
 101   'vault' => 'screwdriver',
 102   'name' => 'oauth_client_id',
 103   # single cid or nested hash cid path delimited by slash
 104   'env_context' => false,
 105   'key' => 'cid',  # real hash path: "/cid", Note: do not use `id`, which is preserved by Chef Vault.
 106   # or nested hash id path delimited by slash
 107   #'env_context' => true,
 108   #'key' => 'hash/path/to/cid',  # real hash path: "/#{node.chef_environment}/hash/path/to/cid"
 109 =end
 110 }
 111 default['screwdriver']['docker-compose']['oauth_client_secret_vault_item'] = {
 112 =begin
 113   'vault' => 'screwdriver',
 114   'name' => 'oauth_client_secret',
 115   # single secret or nested hash secret path delimited by slash
 116   'env_context' => false,
 117   'key' => 'secret',  # real hash path: "/secret"
 118   # or nested hash secret path delimited by slash
 119   #'env_context' => true,
 120   #'key' => 'hash/path/to/secret',  # real hash path: "/#{node.chef_environment}/hash/path/to/secret"
 121 =end
 122 }
 123 default['screwdriver']['docker-compose']['webhook_github_secret_vault_item'] = {
 124 =begin
 125   'vault' => 'screwdriver',
 126   'name' => 'webhook_github_secret',
 127   # single password or nested hash password path delimited by slash
 128   'env_context' => false,
 129   'key' => 'secret',  # real hash path: "/secret"
 130   # or nested hash password path delimited by slash
 131   #'env_context' => true,
 132   #'key' => 'hash/path/to/secret',  # real hash path: "/#{node.chef_environment}/hash/path/to/secret"
 133 =end
 134 }
 135
 136 # ref: https://github.com/screwdriver-cd/screwdriver/blob/master/in-a-box.py
 137 force_override['screwdriver']['docker-compose']['config_format_version'] = '2'
 138 version_2_config = {
 139   # Version 2 docker-compose format
 140   'version' => '2',
 141   'services' => {
 142     'api' => {
 143       'image' => 'screwdrivercd/screwdriver:stable',
 144       'command' => 'npm start',  # the original command in the Dockerfile.
 145       'ports' => [
 146         #'9001:80',  # default
 147       ],
 148       'volumes' => [
 149         '/var/run/docker.sock:/var/run/docker.sock:rw',
 150         # This volume will be set by the screwdriver::docker-compose recipe automatically.
 151         #"#{node['screwdriver']['docker-compose']['data_dir']}:/sd-data:rw",
 152       ],
 153       'environment' => {
 154         # See:
 155         # http://docs.screwdriver.cd/cluster-management/configure-api
 156         # https://github.com/screwdriver-cd/screwdriver/blob/master/config/custom-environment-variables.yaml
 157         'PORT' => '80',
 158         'URI' => "http://#{cn}:9001",
 159         #'URI' => "http://#{node['ipaddress']}:9001",  # unrecommended
 160         # These vriables will be set by the screwdriver::docker-compose recipe automatically.
 161         #'ECOSYSTEM_UI' => 'http://ui',                         # NG: for an access from a client.
 162         #'ECOSYSTEM_UI' => "http://#{cn}:9000",                 # Better
 163         #'ECOSYSTEM_UI' => "http://#{node['ipaddress']}:9000",  # unrecommended
 164         #'ECOSYSTEM_STORE' => 'http://store',
 165         #'ECOSYSTEM_STORE' => "http://#{cn}:9002",                 # Better
 166         #'ECOSYSTEM_STORE' => "http://#{node['ipaddress']}:9002",  # unrecommended
 167         'SECRET_WHITELIST' => '[]',
 168         'SECRET_ADMINS' => '[]',
 169         'DATASTORE_PLUGIN' => 'sequelize',
 170         'DATASTORE_SEQUELIZE_DIALECT' => 'sqlite',
 171         'DATASTORE_SEQUELIZE_STORAGE' => '/sd-data/storage.db',
 172         'EXECUTOR_PLUGIN' => 'docker',
 173         'EXECUTOR_DOCKER_DOCKER' => <<-'EOS',
 174 {
 175   "socketPath": "/var/run/docker.sock"
 176 }
 177 EOS
 178         #'NODE_TLS_REJECT_UNAUTHORIZED' => '0',  # workaround for self-signed cetificates
 179         #
 180         # SCM settings
 181         #   - Note: Multiple SCMs not supported yet.
 182         #     https://github.com/screwdriver-cd/screwdriver/issues/365
 183         #   - OAuth Callback URL: "http://#{cn}:9001/v4/auth/login/web"
 184         #'SCM_PLUGIN' => 'github',  # or 'gitlab' or 'bitbucket'
 185         # * Commons
 186         #'SCM_USERNAME' => 'sd-buildbot',
 187         #'SCM_EMAIL' => 'dev-null@screwdriver.cd',
 188         # The following variables will be set by the screwdriver::docker-compose recipe automatically.
 189         #'SECRET_OAUTH_CLIENT_ID' => '${SECRET_OAUTH_CLIENT_ID}',
 190         #'SECRET_OAUTH_CLIENT_SECRET' => '${SECRET_OAUTH_CLIENT_SECRET}',
 191         # * GitHub only
 192         #'WEBHOOK_GITHUB_SECRET' => '${WEBHOOK_GITHUB_SECRET}',  #'SUPER-SECRET-SIGNING-THING'
 193         #'SCM_GITHUB_GHE_HOST' => 'gitlab.io.example.com',  # for GHE
 194         #'SCM_PRIVATE_REPO_SUPPORT' => 'false',
 195         # * GitLab only
 196         #'SCM_GITLAB_HOST' => 'gitlab.io.example.com',
 197         #'SCM_GITLAB_PROTOCOL' => 'https',
 198         # * Bitbucket only
 199         #   None.
 200         #
 201         # The following variables will be set by the screwdriver::docker-compose recipe automatically.
 202         #'SECRET_JWT_PRIVATE_KEY' => '${SECRET_JWT_PRIVATE_KEY}',
 203         #'SECRET_JWT_PUBLIC_KEY' => '${SECRET_JWT_PUBLIC_KEY}',
 204         #'IS_HTTPS' => 'false',
 205       },
 206     },
 207     'ui' => {
 208       'image' => 'screwdrivercd/ui:stable',
 209       'ports' => [
 210         #'9000:80',  # default
 211       ],
 212       'environment' => {
 213         # These variables will be set by the screwdriver::docker-compose recipe automatically.
 214         #'ECOSYSTEM_API' => 'http://api',                        # NG: for an access from a client.
 215         #'ECOSYSTEM_API' => "http://#{cn}:9001",                 # Better
 216         #'ECOSYSTEM_API' => "http://#{node['ipaddress']}:9001",  # unrecommended
 217         #'ECOSYSTEM_STORE' => 'http://store',
 218         #'ECOSYSTEM_STORE' => "http://#{cn}:9002",                 # Better
 219         #'ECOSYSTEM_STORE' => "http://#{node['ipaddress']}:9002",  # unrecommended
 220       },
 221     },
 222     'store' => {
 223       'image' => 'screwdrivercd/store:stable',
 224       'ports' => [
 225         #'9002:80',  # default
 226       ],
 227       'environment' => {
 228         # See https://github.com/screwdriver-cd/store/blob/master/config/custom-environment-variables.yaml
 229         'PORT' => '80',
 230         'URI' => "http://#{cn}:9002",
 231         #'URI' => "http://#{node['ipaddress']}:9002",  # unrecommended
 232         #'STRATEGY' => 'memory',
 233         # These variables will be set by the screwdriver::docker-compose recipe automatically.
 234         #'ECOSYSTEM_UI' => 'http://ui',          # NG for an access from a client.
 235         #'ECOSYSTEM_UI' => "http://#{cn}:9000",  # Better
 236         #'ECOSYSTEM_UI' => "http://#{node['ipaddress']}:9000",
 237         #'SECRET_JWT_PUBLIC_KEY' => '${SECRET_JWT_PUBLIC_KEY}',
 238       },
 239     },
 240   },
 241 }
 242
 243 default['screwdriver']['docker-compose']['config'] = version_2_config