From 900472cf3c446266c13b31a9f054e949f372ccdf Mon Sep 17 00:00:00 2001 From: whitestar Date: Mon, 19 Jun 2017 21:47:09 +0900 Subject: [PATCH] improves CA certificates import feature. --- cookbooks/concourse-ci/CHANGELOG.md | 5 +++++ cookbooks/concourse-ci/README.md | 1 + cookbooks/concourse-ci/attributes/default.rb | 4 ++-- cookbooks/concourse-ci/metadata.rb | 2 +- cookbooks/concourse-ci/recipes/docker-compose.rb | 14 ++++++++++++-- .../opt/docker-compose/app/concourse/bin/concourse_up | 1 + 6 files changed, 22 insertions(+), 5 deletions(-) diff --git a/cookbooks/concourse-ci/CHANGELOG.md b/cookbooks/concourse-ci/CHANGELOG.md index be536ab..5f1bbeb 100644 --- a/cookbooks/concourse-ci/CHANGELOG.md +++ b/cookbooks/concourse-ci/CHANGELOG.md @@ -1,6 +1,11 @@ concourse-ci CHANGELOG ====================== +0.1.7 +----- +- improves CA certificates import feature. +- adds the `['concourse-ci']['docker-image']['entrypoint']` attribute. + 0.1.6 ----- - adds CA certificates import feature. diff --git a/cookbooks/concourse-ci/README.md b/cookbooks/concourse-ci/README.md index a23ca69..3393916 100644 --- a/cookbooks/concourse-ci/README.md +++ b/cookbooks/concourse-ci/README.md @@ -44,6 +44,7 @@ This cookbook sets up a Concourse CI service by Docker Compose. |`['concourse-ci']['with_ssl_cert_cookbook']`|Boolean|See `attributes/default.rb`|`false`| |`['concourse-ci']['ssl_cert']['ca_names']`|Array|Internal CA names that are imported by the ssl_cert cookbook.|`[]`| |`['concourse-ci']['ssl_cert']['common_name']`|String|Server common name for TLS|`node['fqdn']`| +|`['concourse-ci']['docker-image']['entrypoint']`|String|Concourse Docker image's entrypoint setting to import an internal CA certificate.|`'/usr/local/bin/dumb-init /usr/local/bin/concourse'`| |`['concourse-ci']['docker-compose']['import_ca']`|Boolean|whether import internal CA certificates or not.|`false`| |`['concourse-ci']['docker-compose']['app_dir']`|String||`"#{node['docker-grid']['compose']['app_dir']}/concourse"`| |`['concourse-ci']['docker-compose']['pgdata_dir']`|String|Path string or nil (unset).|`"#{node['concourse-ci']['docker-compose']['app_dir']}/database"`| diff --git a/cookbooks/concourse-ci/attributes/default.rb b/cookbooks/concourse-ci/attributes/default.rb index bfdf9e2..113930e 100644 --- a/cookbooks/concourse-ci/attributes/default.rb +++ b/cookbooks/concourse-ci/attributes/default.rb @@ -29,6 +29,7 @@ default['concourse-ci']['with_ssl_cert_cookbook'] = false # are overridden by the following 'common_name' attributes. default['concourse-ci']['ssl_cert']['ca_names'] = [] default['concourse-ci']['ssl_cert']['common_name'] = node['fqdn'] +default['concourse-ci']['docker-image']['entrypoint'] = '/usr/local/bin/dumb-init /usr/local/bin/concourse' default['concourse-ci']['docker-compose']['import_ca'] = false default['concourse-ci']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/concourse" default['concourse-ci']['docker-compose']['pgdata_dir'] = "#{node['concourse-ci']['docker-compose']['app_dir']}/database" @@ -104,7 +105,7 @@ version_1_config = { }, }, 'concourse-web' => { - 'restart' => 'always', + 'restart' => 'unless-stopped', 'image' => 'concourse/concourse', # latest, 2.6.0,... 'links' => [ 'concourse-db', @@ -139,7 +140,6 @@ version_1_config = { }, }, 'concourse-worker' => { - 'restart' => 'always', 'image' => 'concourse/concourse', 'privileged' => true, 'links' => [ diff --git a/cookbooks/concourse-ci/metadata.rb b/cookbooks/concourse-ci/metadata.rb index 382fbfe..e4baabc 100644 --- a/cookbooks/concourse-ci/metadata.rb +++ b/cookbooks/concourse-ci/metadata.rb @@ -5,7 +5,7 @@ maintainer_email '' license 'Apache 2.0' description 'Installs/Configures Concourse CI by Docker Compose' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '0.1.6' +version '0.1.7' source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git' issues_url 'https://osdn.jp/projects/metasearch/ticket' diff --git a/cookbooks/concourse-ci/recipes/docker-compose.rb b/cookbooks/concourse-ci/recipes/docker-compose.rb index d49697c..cde13f6 100644 --- a/cookbooks/concourse-ci/recipes/docker-compose.rb +++ b/cookbooks/concourse-ci/recipes/docker-compose.rb @@ -210,6 +210,7 @@ if node['concourse-ci']['docker-compose']['import_ca'] web_vols.push("#{ca_cert_path(ca_name)}:/usr/share/ca-certificates/#{ca_name}.crt:ro") } + import_ca_script = '/usr/local/bin/concourse_import_ca' template "#{bin_dir}/concourse_import_ca" do source 'opt/docker-compose/app/concourse/bin/concourse_import_ca' owner 'root' @@ -217,7 +218,16 @@ if node['concourse-ci']['docker-compose']['import_ca'] mode '0755' action :create end - web_vols.push("#{bin_dir}/concourse_import_ca:/usr/local/bin/concourse_import_ca:ro") + web_vols.push("#{bin_dir}/concourse_import_ca:#{import_ca_script}:ro") + + image_entrypoint = node['concourse-ci']['docker-image']['entrypoint'] + override_config_srvs['concourse-web']['entrypoint'] \ + = "/bin/sh -c \"#{import_ca_script} && #{image_entrypoint} web\"" + if config_format_version == '2' + node.rm('concourse-ci', 'docker-compose', 'config', 'services', 'concourse-web', 'command') + else + node.rm('concourse-ci', 'docker-compose', 'config', 'concourse-web', 'command') + end end template "#{bin_dir}/concourse_up" do @@ -277,7 +287,7 @@ Note: You must execute the following command manually. See #{doc_url} - Start: $ cd #{app_dir} - $ ./bin/concourse_up + $ sudo docker-compose up - Stop $ sudo docker-compose down EOM diff --git a/cookbooks/concourse-ci/templates/default/opt/docker-compose/app/concourse/bin/concourse_up b/cookbooks/concourse-ci/templates/default/opt/docker-compose/app/concourse/bin/concourse_up index d09bb3e..6921892 100644 --- a/cookbooks/concourse-ci/templates/default/opt/docker-compose/app/concourse/bin/concourse_up +++ b/cookbooks/concourse-ci/templates/default/opt/docker-compose/app/concourse/bin/concourse_up @@ -1,4 +1,5 @@ #!/bin/sh +# DEPRECATED: use `sudo docker-compose up` instead. cd <%= node['concourse-ci']['docker-compose']['app_dir'] %> sudo docker-compose up -d -- 2.11.0