=begin
'vault' => 'screwdriver',
'name' => 'jwt_private_key',
- # single password or nested hash password path delimited by slash
+ # single secret or nested hash secret path delimited by slash
'env_context' => false,
- 'key' => 'private', # real hash path: "/password"
- # or nested hash password path delimited by slash
+ 'key' => 'private', # real hash path: "/private"
+ # or nested hash secret path delimited by slash
#'env_context' => true,
#'key' => 'hash/path/to/private', # real hash path: "/#{node.chef_environment}/hash/path/to/private"
=end
=begin
'vault' => 'screwdriver',
'name' => 'jwt_public_key',
- # single password or nested hash password path delimited by slash
+ # single secret or nested hash secret path delimited by slash
'env_context' => false,
- 'key' => 'public', # real hash path: "/password"
- # or nested hash password path delimited by slash
+ 'key' => 'public', # real hash path: "/public"
+ # or nested hash secret path delimited by slash
#'env_context' => true,
#'key' => 'hash/path/to/public', # real hash path: "/#{node.chef_environment}/hash/path/to/public"
=end
#'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
=end
}
+default['screwdriver']['db_username_vault_item'] = {
+=begin
+ 'vault' => 'screwdriver',
+ 'name' => 'db_username',
+ # single usernaem or nested hash username path delimited by slash
+ 'env_context' => false,
+ 'key' => 'username', # real hash path: "/username"
+ # or nested hash username path delimited by slash
+ #'env_context' => true,
+ #'key' => 'hash/path/to/username', # real hash path: "/#{node.chef_environment}/hash/path/to/username"
+=end
+}
+default['screwdriver']['db_password_vault_item'] = {
+=begin
+ 'vault' => 'screwdriver',
+ 'name' => 'db_password',
+ # single password or nested hash password path delimited by slash
+ 'env_context' => false,
+ 'key' => 'password', # real hash path: "/password"
+ # or nested hash password path delimited by slash
+ #'env_context' => true,
+ #'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
+=end
+}
+default['screwdriver']['db_root_password_vault_item'] = {
+=begin
+ 'vault' => 'screwdriver',
+ 'name' => 'db_root_password',
+ # single password or nested hash password path delimited by slash
+ 'env_context' => false,
+ 'key' => 'password', # real hash path: "/password"
+ # or nested hash password path delimited by slash
+ #'env_context' => true,
+ #'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
+=end
+}
+default['screwdriver']['s3_access_key_id_vault_item'] = {
+=begin
+ 'vault' => 'screwdriver',
+ 'name' => 's3_access_key',
+ # single key id or nested hash key id path delimited by slash
+ 'env_context' => false,
+ 'key' => 'kid', # real hash path: "/kid"
+ # or nested hash key id path delimited by slash
+ #'env_context' => true,
+ #'key' => 'hash/path/to/kid', # real hash path: "/#{node.chef_environment}/hash/path/to/kid"
+=end
+}
+default['screwdriver']['s3_access_key_secret_vault_item'] = {
+=begin
+ 'vault' => 'screwdriver',
+ 'name' => 's3_access_key',
+ # single secret or nested hash secret path delimited by slash
+ 'env_context' => false,
+ 'key' => 'secret', # real hash path: "/secret"
+ # or nested hash secret path delimited by slash
+ #'env_context' => true,
+ #'key' => 'hash/path/to/secret', # real hash path: "/#{node.chef_environment}/hash/path/to/secret"
+=end
+}
force_override['screwdriver']['ui']['tls_setup_mode'] = 'reverseproxy'
# These hash objects are expanded to a `/config/local.yaml` file in each Docker container.
=end
}
+default['screwdriver']['store']['backend'] = nil # or 'minio'
default['screwdriver']['store']['config'] = {
'auth' => {},
'httpd' => {
'tls' => false,
},
+=begin
+ # for Minio
+ 'strategy' => {
+ 'plugin' => 's3',
+ 's3' => {
+ 'accessKeyId' => '',
+ 'secretAccessKey' => '****************************************',
+ 'region' => 'us-east-1',
+ 'bucket' => 'screwdriver',
+ 'endpoint' => 'http://s3:9000/screwdriver',
+ 'signatureVersion' => 'v4',
+ },
+ },
+=end
}
# Useless?!
'volumes' => [
'/var/run/docker.sock:/var/run/docker.sock:rw',
# This volume will be set by the screwdriver::docker-compose recipe automatically.
- #"#{node['screwdriver']['docker-compose']['data_dir']}:/sd-data:rw",
+ #"#{node['screwdriver']['docker-compose']['data_dir']}:/sd-data:rw", # for sqlite
],
'environment' => {
# See:
'SECRET_WHITELIST' => '[]',
'SECRET_ADMINS' => '[]',
'DATASTORE_PLUGIN' => 'sequelize',
+ 'DATASTORE_SEQUELIZE_DATABASE' => 'screwdriver',
'DATASTORE_SEQUELIZE_DIALECT' => 'sqlite',
- 'DATASTORE_SEQUELIZE_STORAGE' => '/sd-data/storage.db',
+ # This variable will be set by the screwdriver::docker-compose recipe automatically.
+ #'DATASTORE_SEQUELIZE_STORAGE' => '/sd-data/storage.db',
+ # for MySQL
+ #'DATASTORE_SEQUELIZE_DIALECT' => 'mysql',
+ # These variables will be set by the screwdriver::docker-compose recipe automatically.
+ #'DATASTORE_SEQUELIZE_USERNAME' => '${DB_USERNAME}',
+ #'DATASTORE_SEQUELIZE_PASSWORD' => '${DB_PASSWORD}',
+ #'DATASTORE_SEQUELIZE_HOST' => 'db',
# This variable will be set by the screwdriver::docker-compose recipe automatically.
#'IS_HTTPS' => 'false',
#'NODE_TLS_REJECT_UNAUTHORIZED' => '0', # workaround for self-signed cetificates
'PORT' => '80',
'URI' => "http://#{cn}:9002",
#'URI' => "http://#{node['ipaddress']}:9002", # unrecommended
- #'STRATEGY' => 'memory',
- # This variable will be set by the screwdriver::docker-compose recipe automatically.
+ # These variables will be set by the screwdriver::docker-compose recipe automatically.
#'ECOSYSTEM_UI' => "http://#{cn}:9000", # Better
#'ECOSYSTEM_UI' => "http://#{node['ipaddress']}:9000",
#'ECOSYSTEM_UI' => 'http://ui', # NG for an access from a client.
+ #'STRATEGY' => 'memory', # default
+ # * AWS S3
+ #'STRATEGY' => 's3',
+ # If node['screwdriver']['s3_access_key_{id,secret}_vault_item'] is set,
+ # these 2 variables will be set by the screwdriver::docker-compose recipe automatically.
+ #'S3_ACCESS_KEY_ID' => '${S3_ACCESS_KEY_ID}',
+ #'S3_ACCESS_KEY_SECRET' => '${S3_ACCESS_KEY_SECRET}',
+ #'S3_REGION' => 'us-east-1',
+ #'S3_BUCKET' => 'screwdriver',
+ # * Minio
+ # If node['screwdriver']['store']['backend'] is 'minio',
+ # these variables will be set by the screwdriver::docker-compose recipe automatically.
+ #'STRATEGY' => 's3',
+ #'S3_ACCESS_KEY_ID' => '${S3_ACCESS_KEY_ID}',
+ #'S3_ACCESS_KEY_SECRET' => '${S3_ACCESS_KEY_SECRET}',
+ #'S3_REGION' => 'us-east-1',
+ #'S3_BUCKET' => 'screwdriver',
+ #'S3_ENDPOINT' => 'http://s3:9000/screwdriver', # tricky!! setting for the S3 virtual hosting style.
+ #'S3_SIG_VER' => 'v4',
},
+ # for S3 compatible server
+ #'links' => [
+ # 'screwdriver.s3',
+ #],
},
},
}
+config_srvs = node['screwdriver']['docker-compose']['config']['services']
+case config_srvs['api']['environment']['DATASTORE_SEQUELIZE_DIALECT']
+when 'mysql'
+ version_2_config['services']['db'] = {
+ 'image' => 'mysql:5',
+ 'volumes' => [
+ # This variable will be set by the screwdriver::docker-compose recipe automatically.
+ #"#{node['screwdriver']['docker-compose']['data_dir']}/mysql:/var/lib/mysql:rw",
+ ],
+ 'environment' => {
+ # These variables will be set by the screwdriver::docker-compose recipe automatically.
+ #'MYSQL_ROOT_PASSWORD' => '${DB_ROOT_PASSWORD}',
+ #'MYSQL_USER' => '${DB_USERNAME}',
+ #'MYSQL_PASSWORD' => '${DB_PASSWORD}',
+ #'MYSQL_DATABASE' => 'screwdriver',
+ },
+ }
+when 'postgres'
+ version_2_config['services']['db'] = {
+ 'image' => 'postgres:9',
+ 'volumes' => [
+ # This variable will be set by the screwdriver::docker-compose recipe automatically.
+ #"#{node['screwdriver']['docker-compose']['data_dir']}/postgres:/database:rw",
+ ],
+ 'environment' => {
+ # These variables will be set by the screwdriver::docker-compose recipe automatically.
+ #'POSTGRES_USER' => '${DB_USERNAME}',
+ #'POSTGRES_PASSWORD' => '${DB_PASSWORD}',
+ #'POSTGRES_DB' => 'screwdriver',
+ #'PGDATA' => '/database',
+ },
+ }
+end
+
+# S3 compatible server
+case node['screwdriver']['store']['backend']
+when 'minio'
+ version_2_config['services']['screwdriver.s3'] = {
+ 'image' => 'minio/minio',
+ 'ports' => [
+ #'9010:9000', # default
+ ],
+ 'command' => 'server /export',
+ 'volumes' => [
+ # This variable will be set by the screwdriver::docker-compose recipe automatically.
+ #"#{node['screwdriver']['docker-compose']['data_dir']}//minio:/export:rw",
+ ],
+ 'environment' => {
+ # These variables will be set by the screwdriver::docker-compose recipe automatically.
+ #'MINIO_ACCESS_KEY' => '${S3_ACCESS_KEY_ID}',
+ #'MINIO_SECRET_KEY' => '${S3_ACCESS_KEY_SECRET}',
+ },
+ }
+end
+
default['screwdriver']['docker-compose']['config'] = version_2_config