data_source = data_source.gsub(/<POSTGRES_PASSWORD>/, '${POSTGRES_PASSWORD}')
web_envs['CONCOURSE_POSTGRES_DATA_SOURCE'] = data_source
+template "#{bin_dir}/concourse_up" do
+ source 'opt/docker-compose/app/concourse/bin/concourse_up'
+ owner 'root'
+ group 'root'
+ mode '0755'
+ action :create
+end
+
+if node['concourse-ci']['with_ssl_cert_cookbook']
+ ::Chef::Recipe.send(:include, SSLCert::Helper)
+ cn = node['concourse-ci']['ssl_cert']['common_name']
+ # Concourse web process owner is root.
+ web_vols.push("#{server_cert_path(cn)}:/root/server.crt:ro")
+ web_vols.push("#{server_key_path(cn)}:/root/server.key:ro")
+ web_envs['CONCOURSE_TLS_CERT'] = '/root/server.crt'
+ web_envs['CONCOURSE_TLS_KEY'] = '/root/server.key'
+end
+
+# Worker
+worker_vols = config_srvs['concourse-worker']['volumes'].to_a
+worker_vols.push("#{node['concourse-ci']['docker-compose']['worker_keys_dir']}:/concourse-keys")
+
+# Common
if node['concourse-ci']['docker-compose']['import_ca']
::Chef::Recipe.send(:include, SSLCert::Helper)
node['concourse-ci']['ssl_cert']['ca_names'].each {|ca_name|
- web_vols.push("#{ca_cert_path(ca_name)}:/usr/share/ca-certificates/#{ca_name}.crt:ro")
+ ca_cert_vol = "#{ca_cert_path(ca_name)}:/usr/share/ca-certificates/#{ca_name}.crt:ro"
+ web_vols.push(ca_cert_vol)
+ worker_vols.push(ca_cert_vol)
}
import_ca_script = '/usr/local/bin/concourse_import_ca'
mode '0755'
action :create
end
- web_vols.push("#{bin_dir}/concourse_import_ca:#{import_ca_script}:ro")
+ import_ca_script_vol = "#{bin_dir}/concourse_import_ca:#{import_ca_script}:ro"
+ web_vols.push(import_ca_script_vol)
+ worker_vols.push(import_ca_script_vol)
image_entrypoint = node['concourse-ci']['docker-image']['entrypoint']
override_config_srvs['concourse-web']['entrypoint'] \
= "/bin/sh -c \"#{import_ca_script} && #{image_entrypoint} web\""
+ override_config_srvs['concourse-worker']['entrypoint'] \
+ = "/bin/sh -c \"#{import_ca_script} && #{image_entrypoint} worker\""
if config_format_version == '2'
node.rm('concourse-ci', 'docker-compose', 'config', 'services', 'concourse-web', 'command')
+ node.rm('concourse-ci', 'docker-compose', 'config', 'services', 'concourse-worker', 'command')
else
node.rm('concourse-ci', 'docker-compose', 'config', 'concourse-web', 'command')
+ node.rm('concourse-ci', 'docker-compose', 'config', 'concourse-worker', 'command')
end
end
-template "#{bin_dir}/concourse_up" do
- source 'opt/docker-compose/app/concourse/bin/concourse_up'
- owner 'root'
- group 'root'
- mode '0755'
- action :create
-end
-
-if node['concourse-ci']['with_ssl_cert_cookbook']
- ::Chef::Recipe.send(:include, SSLCert::Helper)
- cn = node['concourse-ci']['ssl_cert']['common_name']
- # Concourse web process owner is root.
- web_vols.push("#{server_cert_path(cn)}:/root/server.crt:ro")
- web_vols.push("#{server_key_path(cn)}:/root/server.key:ro")
- web_envs['CONCOURSE_TLS_CERT'] = '/root/server.crt'
- web_envs['CONCOURSE_TLS_KEY'] = '/root/server.key'
-end
-
# merge environment hash
force_override_config_srvs['concourse-web']['environment'] = web_envs unless web_envs.empty?
# reset vlumes array.
override_config_srvs['concourse-web']['volumes'] = web_vols unless web_vols.empty?
-
-# Worker
-worker_vols = config_srvs['concourse-worker']['volumes'].to_a
-worker_vols.push("#{node['concourse-ci']['docker-compose']['worker_keys_dir']}:/concourse-keys")
-# reset vlumes array.
override_config_srvs['concourse-worker']['volumes'] = worker_vols unless worker_vols.empty?
template env_file do
OSDN Git Service
