2 # Cookbook Name:: screwdriver
5 # Copyright 2017, whitestar
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # http://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
20 default['screwdriver']['with_ssl_cert_cookbook'] = false
21 # If ['screwdriver']['with_ssl_cert_cookbook'] is true,
22 # node['screwdriver']['docker-compose']['config']
23 # are overridden by the following 'common_name' attributes.
24 default['screwdriver']['ssl_cert']['ca_names'] = []
25 default['screwdriver']['ssl_cert']['common_name'] = node['fqdn']
26 cn = node['screwdriver']['ssl_cert']['common_name']
28 # These hash objects are expanded to a `/config/local.yaml` file in each Docker container.
29 default['screwdriver']['api']['config'] = {
35 default['screwdriver']['store']['config'] = {
43 force_override['screwdriver']['docker-compose']['import_ca'] = false
44 default['screwdriver']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/screwdriver"
45 default['screwdriver']['docker-compose']['bin_dir'] = "#{node['screwdriver']['docker-compose']['app_dir']}/bin"
46 default['screwdriver']['docker-compose']['config_dir'] = "#{node['screwdriver']['docker-compose']['app_dir']}/config"
47 default['screwdriver']['docker-compose']['data_dir'] = "#{node['screwdriver']['docker-compose']['app_dir']}/data"
48 default['screwdriver']['docker-compose']['jwt_private_key_reset'] = false
49 default['screwdriver']['docker-compose']['jwt_private_key_vault_item'] = {
51 'vault' => 'screwdriver',
52 'name' => 'jwt_private_key',
53 # single password or nested hash password path delimited by slash
54 'env_context' => false,
55 'key' => 'private', # real hash path: "/password"
56 # or nested hash password path delimited by slash
57 #'env_context' => true,
58 #'key' => 'hash/path/to/private', # real hash path: "/#{node.chef_environment}/hash/path/to/private"
61 default['screwdriver']['docker-compose']['jwt_public_key_vault_item'] = {
63 'vault' => 'screwdriver',
64 'name' => 'jwt_public_key',
65 # single password or nested hash password path delimited by slash
66 'env_context' => false,
67 'key' => 'public', # real hash path: "/password"
68 # or nested hash password path delimited by slash
69 #'env_context' => true,
70 #'key' => 'hash/path/to/public', # real hash path: "/#{node.chef_environment}/hash/path/to/public"
73 # A password used for encrypting session data. Needs to be minimum 32 characters
74 default['screwdriver']['docker-compose']['cookie_password_vault_item'] = {
76 'vault' => 'screwdriver',
77 'name' => 'cookie_password',
78 # single password or nested hash password path delimited by slash
79 'env_context' => false,
80 'key' => 'password', # real hash path: "/password"
81 # or nested hash password path delimited by slash
82 #'env_context' => true,
83 #'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
86 # A password used for encrypting stored secrets. Needs to be minimum 32 characters
87 default['screwdriver']['docker-compose']['password_vault_item'] = {
89 'vault' => 'screwdriver',
91 # single password or nested hash password path delimited by slash
92 'env_context' => false,
93 'key' => 'password', # real hash path: "/password"
94 # or nested hash password path delimited by slash
95 #'env_context' => true,
96 #'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
99 default['screwdriver']['docker-compose']['oauth_client_id_vault_item'] = {
101 'vault' => 'screwdriver',
102 'name' => 'oauth_client_id',
103 # single cid or nested hash cid path delimited by slash
104 'env_context' => false,
105 'key' => 'cid', # real hash path: "/cid", Note: do not use `id`, which is preserved by Chef Vault.
106 # or nested hash id path delimited by slash
107 #'env_context' => true,
108 #'key' => 'hash/path/to/cid', # real hash path: "/#{node.chef_environment}/hash/path/to/cid"
111 default['screwdriver']['docker-compose']['oauth_client_secret_vault_item'] = {
113 'vault' => 'screwdriver',
114 'name' => 'oauth_client_secret',
115 # single secret or nested hash secret path delimited by slash
116 'env_context' => false,
117 'key' => 'secret', # real hash path: "/secret"
118 # or nested hash secret path delimited by slash
119 #'env_context' => true,
120 #'key' => 'hash/path/to/secret', # real hash path: "/#{node.chef_environment}/hash/path/to/secret"
123 default['screwdriver']['docker-compose']['webhook_github_secret_vault_item'] = {
125 'vault' => 'screwdriver',
126 'name' => 'webhook_github_secret',
127 # single password or nested hash password path delimited by slash
128 'env_context' => false,
129 'key' => 'secret', # real hash path: "/secret"
130 # or nested hash password path delimited by slash
131 #'env_context' => true,
132 #'key' => 'hash/path/to/secret', # real hash path: "/#{node.chef_environment}/hash/path/to/secret"
136 # ref: https://github.com/screwdriver-cd/screwdriver/blob/master/in-a-box.py
137 force_override['screwdriver']['docker-compose']['config_format_version'] = '2'
139 # Version 2 docker-compose format
143 'image' => 'screwdrivercd/screwdriver:stable',
144 'command' => 'npm start', # the original command in the Dockerfile.
146 #'9001:80', # default
149 '/var/run/docker.sock:/var/run/docker.sock:rw',
150 # This volume will be set by the screwdriver::docker-compose recipe automatically.
151 #"#{node['screwdriver']['docker-compose']['data_dir']}:/sd-data:rw",
155 # http://docs.screwdriver.cd/cluster-management/configure-api
156 # https://github.com/screwdriver-cd/screwdriver/blob/master/config/custom-environment-variables.yaml
158 'URI' => "http://#{cn}:9001",
159 #'URI' => "http://#{node['ipaddress']}:9001", # unrecommended
160 # These vriables will be set by the screwdriver::docker-compose recipe automatically.
161 #'ECOSYSTEM_UI' => 'http://ui', # NG: for an access from a client.
162 #'ECOSYSTEM_UI' => "http://#{cn}:9000", # Better
163 #'ECOSYSTEM_UI' => "http://#{node['ipaddress']}:9000", # unrecommended
164 #'ECOSYSTEM_STORE' => 'http://store',
165 #'ECOSYSTEM_STORE' => "http://#{cn}:9002", # Better
166 #'ECOSYSTEM_STORE' => "http://#{node['ipaddress']}:9002", # unrecommended
167 'SECRET_WHITELIST' => '[]',
168 'SECRET_ADMINS' => '[]',
169 'DATASTORE_PLUGIN' => 'sequelize',
170 'DATASTORE_SEQUELIZE_DIALECT' => 'sqlite',
171 'DATASTORE_SEQUELIZE_STORAGE' => '/sd-data/storage.db',
172 'EXECUTOR_PLUGIN' => 'docker',
173 'EXECUTOR_DOCKER_DOCKER' => <<-'EOS',
175 "socketPath": "/var/run/docker.sock"
178 #'NODE_TLS_REJECT_UNAUTHORIZED' => '0', # workaround for self-signed cetificates
181 # - Note: Multiple SCMs not supported yet.
182 # https://github.com/screwdriver-cd/screwdriver/issues/365
183 # - OAuth Callback URL: "http://#{cn}:9001/v4/auth/login/web"
184 #'SCM_PLUGIN' => 'github', # or 'gitlab' or 'bitbucket'
186 #'SCM_USERNAME' => 'sd-buildbot',
187 #'SCM_EMAIL' => 'dev-null@screwdriver.cd',
188 # The following variables will be set by the screwdriver::docker-compose recipe automatically.
189 #'SECRET_OAUTH_CLIENT_ID' => '${SECRET_OAUTH_CLIENT_ID}',
190 #'SECRET_OAUTH_CLIENT_SECRET' => '${SECRET_OAUTH_CLIENT_SECRET}',
192 #'WEBHOOK_GITHUB_SECRET' => '${WEBHOOK_GITHUB_SECRET}', #'SUPER-SECRET-SIGNING-THING'
193 #'SCM_GITHUB_GHE_HOST' => 'gitlab.io.example.com', # for GHE
194 #'SCM_PRIVATE_REPO_SUPPORT' => 'false',
196 #'SCM_GITLAB_HOST' => 'gitlab.io.example.com',
197 #'SCM_GITLAB_PROTOCOL' => 'https',
201 # The following variables will be set by the screwdriver::docker-compose recipe automatically.
202 #'SECRET_JWT_PRIVATE_KEY' => '${SECRET_JWT_PRIVATE_KEY}',
203 #'SECRET_JWT_PUBLIC_KEY' => '${SECRET_JWT_PUBLIC_KEY}',
204 #'IS_HTTPS' => 'false',
208 'image' => 'screwdrivercd/ui:stable',
210 #'9000:80', # default
213 # These variables will be set by the screwdriver::docker-compose recipe automatically.
214 #'ECOSYSTEM_API' => 'http://api', # NG: for an access from a client.
215 #'ECOSYSTEM_API' => "http://#{cn}:9001", # Better
216 #'ECOSYSTEM_API' => "http://#{node['ipaddress']}:9001", # unrecommended
217 #'ECOSYSTEM_STORE' => 'http://store',
218 #'ECOSYSTEM_STORE' => "http://#{cn}:9002", # Better
219 #'ECOSYSTEM_STORE' => "http://#{node['ipaddress']}:9002", # unrecommended
223 'image' => 'screwdrivercd/store:stable',
225 #'9002:80', # default
228 # See https://github.com/screwdriver-cd/store/blob/master/config/custom-environment-variables.yaml
230 'URI' => "http://#{cn}:9002",
231 #'URI' => "http://#{node['ipaddress']}:9002", # unrecommended
232 #'STRATEGY' => 'memory',
233 # These variables will be set by the screwdriver::docker-compose recipe automatically.
234 #'ECOSYSTEM_UI' => 'http://ui', # NG for an access from a client.
235 #'ECOSYSTEM_UI' => "http://#{cn}:9000", # Better
236 #'ECOSYSTEM_UI' => "http://#{node['ipaddress']}:9000",
237 #'SECRET_JWT_PUBLIC_KEY' => '${SECRET_JWT_PUBLIC_KEY}',
243 default['screwdriver']['docker-compose']['config'] = version_2_config