X-Git-Url: http://git.osdn.net/view?a=blobdiff_plain;f=cookbooks%2Fconcourse-ci%2Fattributes%2Fdefault.rb;h=dfc39bef2936a643a205dc5c7a0a2c3d916d94f5;hb=333e6ba18a1f972a76e9931533edad128fed73f1;hp=c2c4f13f3436487888db70bfe87b7db2635dfc4e;hpb=9f51dcff0ce5e5be4603e4f2359bcc3931463ea4;p=metasearch%2Fgrid-chef-repo.git

diff --git a/cookbooks/concourse-ci/attributes/default.rb b/cookbooks/concourse-ci/attributes/default.rb
index c2c4f13..dfc39be 100644
--- a/cookbooks/concourse-ci/attributes/default.rb
+++ b/cookbooks/concourse-ci/attributes/default.rb
@@ -17,11 +17,20 @@
 # limitations under the License.
 #
 
+default['concourse-ci']['fly']['version'] = '3.3.4'
+default['concourse-ci']['fly']['release_url'] = "https://github.com/concourse/concourse/releases/download/v#{node['concourse-ci']['fly']['version']}/fly_linux_amd64"
+default['concourse-ci']['fly']['release_checksum'] = nil
+default['concourse-ci']['fly']['auto_upgrade'] = false
+default['concourse-ci']['fly']['install_path'] = '/usr/local/bin/fly'
+
 default['concourse-ci']['with_ssl_cert_cookbook'] = false
 # If ['concourse-ci']['with_ssl_cert_cookbook'] is true,
 # node['concourse-ci']['docker-compose']['config']
 # are overridden by the following 'common_name' attributes.
+default['concourse-ci']['ssl_cert']['ca_names'] = []
 default['concourse-ci']['ssl_cert']['common_name'] = node['fqdn']
+default['concourse-ci']['docker-image']['entrypoint'] = '/usr/local/bin/dumb-init /usr/local/bin/concourse'
+default['concourse-ci']['docker-compose']['import_ca'] = false
 default['concourse-ci']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/concourse"
 default['concourse-ci']['docker-compose']['pgdata_dir'] = "#{node['concourse-ci']['docker-compose']['app_dir']}/database"
 default['concourse-ci']['docker-compose']['web_keys_dir'] = "#{node['concourse-ci']['docker-compose']['app_dir']}/keys/web"
@@ -39,6 +48,18 @@ default['concourse-ci']['docker-compose']['db_password_vault_item'] = {
   #'key' => 'hash/path/to/password',  # real hash path: "/#{node.chef_environment}/hash/path/to/password"
 =end
 }
+default['concourse-ci']['docker-compose']['web_encryption_key_vault_item'] = {
+=begin
+  'vault' => 'concourse',
+  'name' => 'encryption_key',
+  # single password or nested hash password path delimited by slash
+  'env_context' => false,
+  'key' => 'ekey',  # real hash path: "/ekey"
+  # or nested hash password path delimited by slash
+  #'env_context' => true,
+  #'key' => 'hash/path/to/ekey',  # real hash path: "/#{node.chef_environment}/hash/path/to/ekey"
+=end
+}
 default['concourse-ci']['docker-compose']['web_password_reset'] = false
 default['concourse-ci']['docker-compose']['web_password_vault_item'] = {
 =begin
@@ -52,6 +73,30 @@ default['concourse-ci']['docker-compose']['web_password_vault_item'] = {
   #'key' => 'hash/path/to/password',  # real hash path: "/#{node.chef_environment}/hash/path/to/password"
 =end
 }
+default['concourse-ci']['docker-compose']['web_oauth_client_id_vault_item'] = {
+=begin
+  'vault' => 'concourse',
+  'name' => 'web_oauth_client_id',
+  # single cid or nested hash cid path delimited by slash
+  'env_context' => false,
+  'key' => 'cid',  # real hash path: "/cid", Note: do not use `id`, which is preserved by Chef Vault.
+  # or nested hash id path delimited by slash
+  #'env_context' => true,
+  #'key' => 'hash/path/to/cid',  # real hash path: "/#{node.chef_environment}/hash/path/to/cid"
+=end
+}
+default['concourse-ci']['docker-compose']['web_oauth_client_secret_vault_item'] = {
+=begin
+  'vault' => 'concourse',
+  'name' => 'web_oauth_client_secret',
+  # single secret or nested hash secret path delimited by slash
+  'env_context' => false,
+  'key' => 'secret',  # real hash path: "/secret"
+  # or nested hash secret path delimited by slash
+  #'env_context' => true,
+  #'key' => 'hash/path/to/secret',  # real hash path: "/#{node.chef_environment}/hash/path/to/secret"
+=end
+}
 default['concourse-ci']['docker-compose']['ssh_keys_reset'] = false
 
 # TODO: support version 2 format, and use `default` instead of `force_override`
@@ -72,7 +117,7 @@ version_1_config = {
     },
   },
   'concourse-web' => {
-    'restart' => 'always',
+    'restart' => 'unless-stopped',
     'image' => 'concourse/concourse',  # latest, 2.6.0,...
     'links' => [
       'concourse-db',
@@ -83,22 +128,34 @@ version_1_config = {
       #'8443:8443',  # https
     ],
     'volumes' => [
-      "#{node['concourse-ci']['docker-compose']['web_keys_dir']}:/concourse-keys",
+      # These volumes will be set by the concourse-ci::docker-compose recipe automatically.
+      #"#{node['concourse-ci']['docker-compose']['web_keys_dir']}:/concourse-keys",
     ],
     'environment' => {
       #'CONCOURSE_TLS_BIND_PORT' => '8443',  # activate HTTPS
+      # If the ['concourse-ci']['docker-compose']['web_encryption_key_vault_item'] attributes are specified.
+      # the following variable is set automatically,
+      #'CONCOURSE_ENCRYPTION_KEY' => '${CONCOURSE_ENCRYPTION_KEY}',
       'CONCOURSE_BASIC_AUTH_USERNAME' => 'concourse',
       # Note: You should use the `['concourse-ci']['docker-compose']['web_password_vault_item']` attribute.
       'CONCOURSE_BASIC_AUTH_PASSWORD' => nil,
+      # OAuth for the default `main`` team
+      #'CONCOURSE_GENERIC_OAUTH_DISPLAY_NAME' => 'GitLab',
+      # If the ['concourse-ci']['docker-compose']['web_oauth_client_(id|secret)_vault_item'] attributes are specified.
+      # the following 2 variables are set automatically,
+      #'CONCOURSE_GENERIC_OAUTH_CLIENT_ID' => '${CONCOURSE_GENERIC_OAUTH_CLIENT_ID}',
+      #'CONCOURSE_GENERIC_OAUTH_CLIENT_SECRET' => '${CONCOURSE_GENERIC_OAUTH_CLIENT_SECRET}',
+      #'CONCOURSE_GENERIC_OAUTH_AUTH_URL' => 'https://gitlab.io.example.com/oauth/authorize',
+      #'CONCOURSE_GENERIC_OAUTH_TOKEN_URL' => 'https://gitlab.io.example.com/oauth/token',
       # If you sepecify no value, Chef will sets "http://#{node['ipaddress']}:8080".
       'CONCOURSE_EXTERNAL_URL' => nil,
       # `${POSTGRES_PASSWORD}` is a placeholder of password string.
       'CONCOURSE_POSTGRES_DATA_SOURCE' => \
         'postgres://concourse:${POSTGRES_PASSWORD}@concourse-db:5432/concourse?sslmode=disable',
+      #'CONCOURSE_RESOURCE_CHECKING_INTERVAL' => '1m',  # default
     },
   },
   'concourse-worker' => {
-    'restart' => 'always',
     'image' => 'concourse/concourse',
     'privileged' => true,
     'links' => [
@@ -106,10 +163,11 @@ version_1_config = {
     ],
     'command' => 'worker',
     'volumes' => [
-      "#{node['concourse-ci']['docker-compose']['worker_keys_dir']}:/concourse-keys",
+      # These volumes will be set by the concourse-ci::docker-compose recipe automatically.
+      #"#{node['concourse-ci']['docker-compose']['worker_keys_dir']}:/concourse-keys",
     ],
     'environment' => {
-      'CONCOURSE_TSA_HOST' => 'concourse-web',
+      'CONCOURSE_TSA_HOST' => 'concourse-web:2222',
     },
   },
 }