## Contents
+- [Contents](#contents)
- [Requirements](#requirements)
- [platforms](#platforms)
- [packages](#packages)
- [JWT private and public keys management by Chef Vault](#jwt-private-and-public-keys-management-by-chef-vault)
- [Cookie password management by Chef Vault](#cookie-password-management-by-chef-vault)
- [Secrets encryption password management by Chef Vault](#secrets-encryption-password-management-by-chef-vault)
- - [OAuth client ID and secret management by Chef Vault](#oauth-client-id-and-secret-management-by-chef-vault)
- - [GitHub webhook secret management by Chef Vault](#github-webhook-secret-management-by-chef-vault)
+ - [Database username management (for MySQL, PostgreSQL,...) by Chef Vault](#database-username-management-for-mysql-postgresql-by-chef-vault)
+ - [Database password management (for MySQL, PostgreSQL,...) by Chef Vault](#database-password-management-for-mysql-postgresql-by-chef-vault)
+ - [Database root password management (for MySQL, PostgreSQL,...) by Chef Vault](#database-root-password-management-for-mysql-postgresql-by-chef-vault)
+ - [S3 (compatible) server access key management by Chef Vault](#s3-compatible-server-access-key-management-by-chef-vault)
+ - [OAuth client ID, secret and GitHub webhook secret management by Chef Vault](#oauth-client-id-secret-and-github-webhook-secret-management-by-chef-vault)
+ - [Note](#note)
+ - [Database Initialization](#database-initialization)
- [License and Authors](#license-and-authors)
## Requirements
|`['screwdriver']['with_ssl_cert_cookbook']`|Boolean|See `attributes/default.rb`|`false`|
|`['screwdriver']['ssl_cert']['ca_names']`|Array|Internal CA names that are imported by the ssl_cert cookbook.|`[]`|
|`['screwdriver']['ssl_cert']['common_name']`|String|Server common name for TLS|`node['fqdn']`|
+|`['screwdriver']['jwt_private_key_vault_item']`|Hash|Optional, Sets a JWT private key from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['jwt_public_key_vault_item']`|Hash|Optional, Sets a JWT public key from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['cookie_password_vault_item']`|Hash|Optional, Sets a session cookie password from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['password_vault_item']`|Hash|Optional, Sets a password for secrets encryption from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['db_username_vault_item']`|Hash|Optional, Sets a database username from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['db_password_vault_item']`|Hash|Optional, Sets a database password from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['db_root_password_vault_item']`|Hash|Optional, Sets a database password for the root user from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['s3_access_key_id_vault_item']`|Hash|Optional, Sets a S3 access key id from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['s3_access_key_secret_vault_item']`|Hash|Optional, Sets a S3 access key secret from Chef Vault. See `attributes/default.rb`|`{}`|
|`['screwdriver']['ui']['tls_setup_mode']`|String|`'reverseproxy'` only. Note: [_Add TLS support to UI docker container #377_](https://github.com/screwdriver-cd/screwdriver/issues/377)|`'reverseproxy'`|
|`['screwdriver']['api']['config']`|Hash|This hash object is expanded to a `/config/local.yaml` file in the API Docker container.|See `attributes/default.rb`|
+|`['screwdriver']['api']['scms_vault_items']`|Hash|This hash contains Chef Vault item definitions of SCM's secrets.|See `attributes/default.rb`|
+|`['screwdriver']['store']['backend']`|String|`nil` (in memory) or `'minio'`.|`nil`|
|`['screwdriver']['store']['config']`|Hash|This hash object is expanded to a `/config/local.yaml` file in the Store Docker container.|See `attributes/default.rb`|
|`['screwdriver']['docker-compose']['import_ca']`|Boolean|whether import internal CA certificates or not.|`false`|
|`['screwdriver']['docker-compose']['app_dir']`|String|Path string.|`"#{node['docker-grid']['compose']['app_dir']}/screwdriver"`|
|`['screwdriver']['docker-compose']['data_dir']`|String|Path string.|`"#{node['screwdriver']['docker-compose']['app_dir']}/data"`|
|`['screwdriver']['docker-compose']['etc_dir']`|String|Path string.|`"#{node['screwdriver']['docker-compose']['app_dir']}/etc"`|
|`['screwdriver']['docker-compose']['jwt_private_key_reset']`|Boolean|Only available if the JWT key pair is automatically generated by Chef.|`false`|
-|`['screwdriver']['docker-compose']['jwt_private_key_vault_item']`|Hash|Optional, Sets a JWT private key from Chef Vault. See `attributes/default.rb`|`{}`|
-|`['screwdriver']['docker-compose']['jwt_public_key_vault_item']`|Hash|Optional, Sets a JWT public key from Chef Vault. See `attributes/default.rb`|`{}`|
-|`['screwdriver']['docker-compose']['cookie_password_vault_item']`|Hash|Optional, Sets a session cookie password from Chef Vault. See `attributes/default.rb`|`{}`|
-|`['screwdriver']['docker-compose']['password_vault_item']`|Hash|Optional, Sets a password for secrets encryption from Chef Vault. See `attributes/default.rb`|`{}`|
-|`['screwdriver']['docker-compose']['oauth_client_id_vault_item']`|Hash|Required, Sets a OAuth client ID for SCM from Chef Vault. See `attributes/default.rb`|`{}`|
-|`['screwdriver']['docker-compose']['oauth_client_secret_vault_item']`|Hash|Required, Sets a OAuth secret for SCM from Chef Vault. See `attributes/default.rb`|`{}`|
-|`['screwdriver']['docker-compose']['webhook_github_secret_vault_item']`|Hash|Required for GitHub, Sets a secret for GitHub webhook from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['docker-compose']['jwt_private_key_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['jwt_private_key_vault_item']`. Optional, Sets a JWT private key from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['docker-compose']['jwt_public_key_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['jwt_public_key_vault_item']`. Optional, Sets a JWT public key from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['docker-compose']['cookie_password_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['cookie_password_vault_item']`. Optional, Sets a session cookie password from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['docker-compose']['password_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['password_vault_item']`. Optional, Sets a password for secrets encryption from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['docker-compose']['oauth_client_id_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['api']['scms_vault_items']`. Required, Sets a OAuth client ID for SCM from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['docker-compose']['oauth_client_secret_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['api']['scms_vault_items']`. Required, Sets a OAuth secret for SCM from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['docker-compose']['webhook_github_secret_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['api']['scms_vault_items']`. Required for GitHub, Sets a secret for GitHub webhook from Chef Vault. See `attributes/default.rb`|`{}`|
|`['screwdriver']['docker-compose']['config']`|Hash|`docker-compose.yml` configurations.|See `attributes/default.rb`|
## Usage
override_attributes(
'screwdriver' => {
- 'docker-compose' => {
- 'oauth_client_id_vault_item' => {
- 'vault' => 'screwdriver',
- 'name' => 'oauth_client_id',
- 'env_context' => false,
- 'key' => 'cid', # real hash path: "/cid"
+ 'api' => {
+ 'config' => {
+ 'executor' => {
+ 'plugin' => 'docker',
+ 'docker' => {
+ 'options' => {
+ 'docker' => {
+ 'socketPath' => '/var/run/docker.sock',
+ },
+ 'launchVersion' => 'stable',
+ },
+ },
+ },
+ 'scms' => {
+ 'github.com' => {
+ 'plugin' => 'github',
+ 'config' => {
+ # OAuth Callback URL: "http://#{node['fqdn']}:9001/v4/auth/login/web"
+ 'username' => 'ci-tool',
+ 'email' => 'citool@mail.example.com',
+ 'privateRepo' => false,
+ },
+ },
+ },
},
- 'oauth_client_secret_vault_item' => {
- 'vault' => 'screwdriver',
- 'name' => 'oauth_client_secret',
- 'env_context' => false,
- 'key' => 'secret', # real hash path: "/secret"
+ 'scms_vault_items' => {
+ 'github.com' => {
+ 'oauthClientId' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'github',
+ 'env_context' => false,
+ 'key' => 'oauthClientId', # real hash path: "/oauthClientId"
+ },
+ 'oauthClientSecret' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'github',
+ 'env_context' => false,
+ 'key' => 'oauthClientSecret', # real hash path: "/oauthClientSecret"
+ },
+ 'secret' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'github',
+ 'env_context' => false,
+ 'key' => 'secret', # real hash path: "/secret"
+ },
+ },
},
+ },
+ 'docker-compose' => {
'config' => {
'services' => {
'api' => {
"#{api_port}:80",
],
'environment' => {
- 'SCM_PLUGIN' => 'gitlab', # 'gitlab' or 'github' or 'bitbucket'
- # OAuth Callback URL: "http://#{node['fqdn']}:9001/v4/auth/login/web"
- 'SCM_USERNAME' => 'ci-tool',
- 'SCM_EMAIL' => 'citool@mail.example.com',
- #'WEBHOOK_GITHUB_SECRET' => 'SUPER-SECRET-SIGNING-THING',
- 'SCM_GITLAB_HOST' => 'gitlab.io.example.com',
- 'SCM_GITLAB_PROTOCOL' => 'https',
'NODE_TLS_REJECT_UNAUTHORIZED' => '0', # for self-signed cetificates
# The following variables will be set by the screwdriver::docker-compose recipe automatically.
- #'SECRET_OAUTH_CLIENT_ID' => '${SECRET_OAUTH_CLIENT_ID}',
- #'SECRET_OAUTH_CLIENT_SECRET' => '${SECRET_OAUTH_CLIENT_SECRET}',
- #'SECRET_JWT_PRIVATE_KEY' => '${SECRET_JWT_PRIVATE_KEY}',
- #'SECRET_JWT_PUBLIC_KEY' => '${SECRET_JWT_PUBLIC_KEY}',
#'ECOSYSTEM_UI' => "http://#{node['fqdn']}:#{ui_port}",
#'ECOSYSTEM_STORE' => "http://#{node['fqdn']}:#{store_port}",
},
"#{store_port}:80",
],
'environment' => {
- # These variables will be set by the screwdriver::docker-compose recipe automatically.
+ # This variable will be set by the screwdriver::docker-compose recipe automatically.
#'ECOSYSTEM_UI' => "http://#{node['fqdn']}:#{ui_port}",
- #'SECRET_JWT_PUBLIC_KEY' => '${SECRET_JWT_PUBLIC_KEY}',
},
},
},
'ssl_cert' => {
'common_name' => cn,
},
- 'docker-compose' => {
- 'oauth_client_id_vault_item' => {
- 'vault' => 'screwdriver',
- 'name' => 'oauth_client_id',
- 'env_context' => false,
- 'key' => 'cid', # real hash path: "/cid"
+ 'api' => {
+ 'config' => {
+ 'executor' => {
+ 'plugin' => 'docker',
+ 'docker' => {
+ 'options' => {
+ 'docker' => {
+ 'socketPath' => '/var/run/docker.sock',
+ },
+ 'launchVersion' => 'stable',
+ },
+ },
+ },
+ 'scms' => {
+ 'github.com' => {
+ 'plugin' => 'github',
+ 'config' => {
+ # OAuth Callback URL: "http://#{node['fqdn']}:9001/v4/auth/login/web"
+ 'username' => 'ci-tool',
+ 'email' => 'citool@mail.example.com',
+ 'privateRepo' => false,
+ },
+ },
+ },
},
- 'oauth_client_secret_vault_item' => {
- 'vault' => 'screwdriver',
- 'name' => 'oauth_client_secret',
- 'env_context' => false,
- 'key' => 'secret', # real hash path: "/secret"
+ 'scms_vault_items' => {
+ 'github.com' => {
+ 'oauthClientId' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'github',
+ 'env_context' => false,
+ 'key' => 'oauthClientId', # real hash path: "/oauthClientId"
+ },
+ 'oauthClientSecret' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'github',
+ 'env_context' => false,
+ 'key' => 'oauthClientSecret', # real hash path: "/oauthClientSecret"
+ },
+ 'secret' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'github',
+ 'env_context' => false,
+ 'key' => 'secret', # real hash path: "/secret"
+ },
+ },
},
+ },
+ 'docker-compose' => {
'config' => {
'services' => {
'reverseproxy' => {
"#{api_port}:80",
],
'environment' => {
- 'SCM_PLUGIN' => 'gitlab', # 'gitlab' or 'github' or 'bitbucket'
- # OAuth Callback URL: "http://#{node['fqdn']}:9001/v4/auth/login/web"
- 'SCM_USERNAME' => 'ci-tool',
- 'SCM_EMAIL' => 'citool@mail.example.com',
- #'WEBHOOK_GITHUB_SECRET' => 'SUPER-SECRET-SIGNING-THING',
- 'SCM_GITLAB_HOST' => 'gitlab.io.example.com',
- 'SCM_GITLAB_PROTOCOL' => 'https',
'NODE_TLS_REJECT_UNAUTHORIZED' => '0', # for self-signed cetificates
# The following variables will be set by the screwdriver::docker-compose recipe automatically.
- #'SECRET_OAUTH_CLIENT_ID' => '${SECRET_OAUTH_CLIENT_ID}',
- #'SECRET_OAUTH_CLIENT_SECRET' => '${SECRET_OAUTH_CLIENT_SECRET}',
- #'SECRET_JWT_PRIVATE_KEY' => '${SECRET_JWT_PRIVATE_KEY}',
- #'SECRET_JWT_PUBLIC_KEY' => '${SECRET_JWT_PUBLIC_KEY}',
#'ECOSYSTEM_UI' => "http://#{node['fqdn']}:#{ui_port}",
#'ECOSYSTEM_STORE' => "http://#{node['fqdn']}:#{store_port}",
},
'environment' => {
# These variables will be set by the screwdriver::docker-compose recipe automatically.
#'ECOSYSTEM_UI' => "http://#{node['fqdn']}:#{ui_port}",
- #'SECRET_JWT_PUBLIC_KEY' => '${SECRET_JWT_PUBLIC_KEY}',
},
},
},
```text
$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("screwdriver.io.example.com.prod.key")})' \
-> > ~/tmp/screwdriver.io.example.com.prod.key.json
+> > ~/sec/tmp/screwdriver.io.example.com.prod.key.json
$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("screwdriver.io.example.com.prod.crt")})' \
-> > ~/tmp/screwdriver.io.example.com.prod.crt.json
+> > ~/sec/tmp/screwdriver.io.example.com.prod.crt.json
$ cd $CHEF_REPO_PATH
$ knife vault create ssl_server_keys screwdriver.io.example.com.prod \
-> --json ~/tmp/screwdriver.io.example.com.prod.key.json
+> --json ~/sec/tmp/screwdriver.io.example.com.prod.key.json
$ knife vault create ssl_server_certs screwdriver.io.example.com.prod \
-> --json ~/tmp/screwdriver.io.example.com.prod.crt.json
+> --json ~/sec/tmp/screwdriver.io.example.com.prod.crt.json
```
- grant reference permission to the screwdriver host
override_attributes(
'screwdriver' => {
# ...
- 'docker-compose' => {
- 'jwt_private_key_vault_item' => {
- 'vault' => 'screwdriver',
- 'name' => 'jwt_private_key',
- 'env_context' => false,
- 'key' => 'private',
- },
- 'jwt_public_key_vault_item' => {
- 'vault' => 'screwdriver',
- 'name' => 'jwt_public_key',
- 'env_context' => false,
- 'key' => 'public',
- },
- # ...
+ 'jwt_private_key_vault_item' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'jwt_private_key',
+ 'env_context' => false,
+ 'key' => 'private',
},
+ 'jwt_public_key_vault_item' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'jwt_public_key',
+ 'env_context' => false,
+ 'key' => 'public',
+ },
+ # ...
},
)
```
```text
# A password used for encrypting session data. Needs to be minimum 32 characters
-$ cat ~/tmp/screwdriver_cookie_password.json
+$ cat ~/sec/tmp/screwdriver_cookie_password.json
{"password":"********************************"}
$ cd $CHEF_REPO_PATH
override_attributes(
'screwdriver' => {
# ...
- 'docker-compose' => {
- 'cookie_password_vault_item' => {
- 'vault' => 'screwdriver',
- 'name' => 'cookie_password',
- 'env_context' => false,
- 'key' => 'password',
- },
- # ...
+ 'cookie_password_vault_item' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'cookie_password',
+ 'env_context' => false,
+ 'key' => 'password',
},
+ # ...
},
)
```
```text
# A password used for encrypting stored secrets. Needs to be minimum 32 characters
-$ cat ~/tmp/screwdriver_password.json
+$ cat ~/sec/tmp/screwdriver_password.json
{"password":"********************************"}
$ cd $CHEF_REPO_PATH
override_attributes(
'screwdriver' => {
# ...
- 'docker-compose' => {
- 'password_vault_item' => {
- 'vault' => 'screwdriver',
- 'name' => 'password',
- 'env_context' => false,
- 'key' => 'password',
- },
- # ...
+ 'password_vault_item' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'password',
+ 'env_context' => false,
+ 'key' => 'password',
},
+ # ...
},
)
```
-### OAuth client ID and secret management by Chef Vault
+### Database username management (for MySQL, PostgreSQL,...) by Chef Vault
- create vault items.
```text
-$ cat ~/sec/tmp/screwdriver_oauth_client_id.json
-{"cid":"***************************************************************"}
-$ cat ~/sec/tmp/screwdriver_oauth_client_secret.json
-{"secret":"***************************************************************"}
+$ cat ~/sec/tmp/screwdriver_db_username.json
+{"username":"********************************"}
$ cd $CHEF_REPO_PATH
+$ knife vault create screwdriver db_username --json ~/sec/tmp/screwdriver_db_username.json
+```
+
+- grant reference permission to the screwdriver host
+
+```text
+$ knife vault update screwdriver db_username -S 'name:screwdriver-host.example.com'
+```
+
+- modify attributes
-$ knife vault create screwdriver oauth_client_id --json ~/sec/tmp/screwdriver_oauth_client_id.json
-$ knife vault create screwdriver oauth_client_secret --json ~/sec/tmp/screwdriver_oauth_client_secret.json
+```ruby
+override_attributes(
+ 'screwdriver' => {
+ # ...
+ 'db_username_vault_item' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'db_username',
+ 'env_context' => false,
+ 'key' => 'username',
+ },
+ # ...
+ },
+)
+```
+
+### Database password management (for MySQL, PostgreSQL,...) by Chef Vault
+
+- create vault items.
+
+```text
+$ cat ~/sec/tmp/screwdriver_db_password.json
+{"password":"********************************"}
+
+$ cd $CHEF_REPO_PATH
+$ knife vault create screwdriver db_password --json ~/sec/tmp/screwdriver_db_password.json
```
- grant reference permission to the screwdriver host
```text
-$ knife vault update screwdriver oauth_client_id -S 'name:screwdriver-host.example.com'
-$ knife vault update screwdriver oauth_client_secret -S 'name:screwdriver-host.example.com'
+$ knife vault update screwdriver db_password -S 'name:screwdriver-host.example.com'
```
- modify attributes
override_attributes(
'screwdriver' => {
# ...
- 'docker-compose' => {
- 'oauth_client_id_vault_item' => {
- 'vault' => 'screwdriver',
- 'name' => 'oauth_client_id',
- 'env_context' => false,
- 'key' => 'cid',
- },
- 'oauth_client_secret_vault_item' => {
- 'vault' => 'screwdriver',
- 'name' => 'oauth_client_secret',
- 'env_context' => false,
- 'key' => 'secret',
- },
- # ...
+ 'db_password_vault_item' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'db_password',
+ 'env_context' => false,
+ 'key' => 'password',
},
+ # ...
},
)
```
-### GitHub webhook secret management by Chef Vault
+### Database root password management (for MySQL, PostgreSQL,...) by Chef Vault
- create vault items.
```text
-$ cat ~/tmp/screwdriver_webhook_github_secret.json
-{"secret":"********************************"}
+$ cat ~/sec/tmp/screwdriver_db_root_password.json
+{"password":"********************************"}
$ cd $CHEF_REPO_PATH
-$ knife vault create screwdriver webhook_github_secret --json ~/sec/tmp/screwdriver_webhook_github_secret.json
+$ knife vault create screwdriver db_root_password --json ~/sec/tmp/screwdriver_db_root_password.json
```
- grant reference permission to the screwdriver host
```text
-$ knife vault update screwdriver webhook_github_secret -S 'name:screwdriver-host.example.com'
+$ knife vault update screwdriver db_root_password -S 'name:screwdriver-host.example.com'
```
- modify attributes
override_attributes(
'screwdriver' => {
# ...
- 'docker-compose' => {
- 'webhook_github_secret_vault_item' => {
- 'vault' => 'screwdriver',
- 'name' => 'webhook_github_secret',
- 'env_context' => false,
- 'key' => 'secret',
- },
+ 'db_root_password_vault_item' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'db_root_password',
+ 'env_context' => false,
+ 'key' => 'password',
+ },
+ # ...
+ },
+)
+```
+
+### S3 (compatible) server access key management by Chef Vault
+
+- create vault items.
+
+```text
+$ cat ~/sec/tmp/screwdriver_s3_access_key.json
+{
+ "kid":"********************",
+ "secret":"****************************************"
+}
+
+$ cd $CHEF_REPO_PATH
+$ knife vault create screwdriver s3_access_key --json ~/sec/tmp/screwdriver_s3_access_key.json
+```
+
+- grant reference permission to the screwdriver host
+
+```text
+$ knife vault update screwdriver s3_access_key -S 'name:screwdriver-host.example.com'
+```
+
+- modify attributes
+
+```ruby
+override_attributes(
+ 'screwdriver' => {
+ # ...
+ 's3_access_key_id_vault_item' => {
+ 'vault' => 'screwdriver',
+ 'name' => 's3_access_key',
+ 'env_context' => false,
+ 'key' => 'kid',
+ },
+ 's3_access_key_secret_vault_item' => {
+ 'vault' => 'screwdriver',
+ 'name' => 's3_access_key',
+ 'env_context' => false,
+ 'key' => 'secret',
+ },
+ # ...
+ },
+)
+```
+
+### OAuth client ID, secret and GitHub webhook secret management by Chef Vault
+
+- create vault items.
+
+```text
+$ cat ~/sec/tmp/screwdriver_github_secrets.json
+{
+ "oauthClientId": "***************************************************************",
+ "oauthClientSecret": "***************************************************************",
+ "secret": "**************************"
+}
+```
+
+$ cd $CHEF_REPO_PATH
+
+```text
+$ knife vault create screwdriver github --json ~/sec/tmp/screwdriver_github_secrets.json
+```
+
+- grant reference permission to the screwdriver host
+
+```text
+$ knife vault update screwdriver github -S 'name:screwdriver-host.example.com'
+```
+
+- modify attributes
+
+```ruby
+override_attributes(
+ 'screwdriver' => {
+ # ...
+ 'api' => {
# ...
+ 'scms_vault_items' => {
+ 'github.com' => {
+ 'oauthClientId' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'github',
+ 'env_context' => false,
+ 'key' => 'oauthClientId', # real hash path: "/oauthClientId"
+ },
+ 'oauthClientSecret' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'github',
+ 'env_context' => false,
+ 'key' => 'oauthClientSecret', # real hash path: "/oauthClientSecret"
+ },
+ 'secret' => {
+ 'vault' => 'screwdriver',
+ 'name' => 'github',
+ 'env_context' => false,
+ 'key' => 'secret', # real hash path: "/secret"
+ },
+ },
+ },
},
+ # ...
},
)
```
+### Note
+
+#### Database Initialization
+
+If you use database other than sqlite, its database initialization will takes a few tens of seconds.
+You should run a database container only at the beginning and then start the others.
+
+```
+$ sudo docker-compose up -d db
+...
+Creating network "screwdriver_default" with the default driver
+Creating screwdriver_db_1 ... done
+
+$ sudo docker-compose up -d
+screwdriver_db_1 is up-to-date
+Creating screwdriver_api_1 ... done
+Creating screwdriver_ui_1 ... done
+Creating screwdriver_store_1 ... done
+```
+
## License and Authors
- Author:: whitestar at osdn.jp