2 # Cookbook Name:: concourse-ci
5 # Copyright 2017-2018, whitestar
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # http://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
20 default['concourse-ci']['fly']['version'] = '3.3.4'
21 default['concourse-ci']['fly']['release_url'] = "https://github.com/concourse/concourse/releases/download/v#{node['concourse-ci']['fly']['version']}/fly_linux_amd64"
22 default['concourse-ci']['fly']['release_checksum'] = nil
23 default['concourse-ci']['fly']['auto_upgrade'] = false
24 default['concourse-ci']['fly']['install_path'] = '/usr/local/bin/fly'
26 default['concourse-ci']['with_ssl_cert_cookbook'] = false
27 # If ['concourse-ci']['with_ssl_cert_cookbook'] is true,
28 # node['concourse-ci']['docker-compose']['config']
29 # are overridden by the following 'common_name' attributes.
30 default['concourse-ci']['ssl_cert']['ca_names'] = []
31 default['concourse-ci']['ssl_cert']['common_name'] = node['fqdn']
32 default['concourse-ci']['docker-image']['entrypoint'] = '/usr/local/bin/dumb-init /usr/local/bin/concourse'
33 default['concourse-ci']['docker-compose']['import_ca'] = false
34 default['concourse-ci']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/concourse"
35 default['concourse-ci']['docker-compose']['pgdata_dir'] = "#{node['concourse-ci']['docker-compose']['app_dir']}/database"
36 default['concourse-ci']['docker-compose']['web_keys_dir'] = "#{node['concourse-ci']['docker-compose']['app_dir']}/keys/web"
37 default['concourse-ci']['docker-compose']['worker_keys_dir'] = "#{node['concourse-ci']['docker-compose']['app_dir']}/keys/worker"
38 default['concourse-ci']['docker-compose']['db_password_reset'] = false
39 default['concourse-ci']['docker-compose']['db_password_vault_item'] = {
41 'vault' => 'concourse',
42 'name' => 'db_password',
43 # single password or nested hash password path delimited by slash
44 'env_context' => false,
45 'key' => 'password', # real hash path: "/password"
46 # or nested hash password path delimited by slash
47 #'env_context' => true,
48 #'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
51 default['concourse-ci']['docker-compose']['web_encryption_key_vault_item'] = {
53 'vault' => 'concourse',
54 'name' => 'encryption_key',
55 # single password or nested hash password path delimited by slash
56 'env_context' => false,
57 'key' => 'ekey', # real hash path: "/ekey"
58 # or nested hash password path delimited by slash
59 #'env_context' => true,
60 #'key' => 'hash/path/to/ekey', # real hash path: "/#{node.chef_environment}/hash/path/to/ekey"
63 default['concourse-ci']['docker-compose']['web_password_reset'] = false
64 default['concourse-ci']['docker-compose']['web_password_vault_item'] = {
66 'vault' => 'concourse',
67 'name' => 'web_password',
68 # single password or nested hash password path delimited by slash
69 'env_context' => false,
70 'key' => 'password', # real hash path: "/password"
71 # or nested hash password path delimited by slash
72 #'env_context' => true,
73 #'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
76 default['concourse-ci']['docker-compose']['web_oauth_client_id_vault_item'] = {
78 'vault' => 'concourse',
79 'name' => 'web_oauth_client_id',
80 # single cid or nested hash cid path delimited by slash
81 'env_context' => false,
82 'key' => 'cid', # real hash path: "/cid", Note: do not use `id`, which is preserved by Chef Vault.
83 # or nested hash id path delimited by slash
84 #'env_context' => true,
85 #'key' => 'hash/path/to/cid', # real hash path: "/#{node.chef_environment}/hash/path/to/cid"
88 default['concourse-ci']['docker-compose']['web_oauth_client_secret_vault_item'] = {
90 'vault' => 'concourse',
91 'name' => 'web_oauth_client_secret',
92 # single secret or nested hash secret path delimited by slash
93 'env_context' => false,
94 'key' => 'secret', # real hash path: "/secret"
95 # or nested hash secret path delimited by slash
96 #'env_context' => true,
97 #'key' => 'hash/path/to/secret', # real hash path: "/#{node.chef_environment}/hash/path/to/secret"
100 default['concourse-ci']['docker-compose']['ssh_keys_reset'] = false
102 default['concourse-ci']['docker-compose']['config_format_version'] = '1'
105 'restart' => 'always',
106 'image' => 'postgres:9.5',
108 #"#{node['concourse-ci']['docker-compose']['pgdata_dir']}:/database",
111 'POSTGRES_DB' => 'concourse',
112 'POSTGRES_USER' => 'concourse',
113 # Note: You should use the `['concourse-ci']['docker-compose']['db_password_vault_item']` attribute.
114 'POSTGRES_PASSWORD' => nil,
115 'PGDATA' => '/database',
119 'restart' => 'unless-stopped',
120 'image' => 'concourse/concourse', # latest, 2.6.0,...
126 #'8080:8080', # If you sepecify no value, Chef will sets '8080:8080'.
127 #'8443:8443', # https
130 # These volumes will be set by the concourse-ci::docker-compose recipe automatically.
131 #"#{node['concourse-ci']['docker-compose']['web_keys_dir']}:/concourse-keys",
134 #'CONCOURSE_TLS_BIND_PORT' => '8443', # activate HTTPS
135 # If the ['concourse-ci']['docker-compose']['web_encryption_key_vault_item'] attributes are specified.
136 # the following variable is set automatically,
137 #'CONCOURSE_ENCRYPTION_KEY' => '${CONCOURSE_ENCRYPTION_KEY}',
138 'CONCOURSE_BASIC_AUTH_USERNAME' => 'concourse',
139 # Note: You should use the `['concourse-ci']['docker-compose']['web_password_vault_item']` attribute.
140 'CONCOURSE_BASIC_AUTH_PASSWORD' => nil,
141 # OAuth for the default `main`` team
142 #'CONCOURSE_GENERIC_OAUTH_DISPLAY_NAME' => 'GitLab',
143 # If the ['concourse-ci']['docker-compose']['web_oauth_client_(id|secret)_vault_item'] attributes are specified.
144 # the following 2 variables are set automatically,
145 #'CONCOURSE_GENERIC_OAUTH_CLIENT_ID' => '${CONCOURSE_GENERIC_OAUTH_CLIENT_ID}',
146 #'CONCOURSE_GENERIC_OAUTH_CLIENT_SECRET' => '${CONCOURSE_GENERIC_OAUTH_CLIENT_SECRET}',
147 #'CONCOURSE_GENERIC_OAUTH_AUTH_URL' => 'https://gitlab.io.example.com/oauth/authorize',
148 #'CONCOURSE_GENERIC_OAUTH_TOKEN_URL' => 'https://gitlab.io.example.com/oauth/token',
149 # If you sepecify no value, Chef will sets "http://#{node['ipaddress']}:8080".
150 'CONCOURSE_EXTERNAL_URL' => nil,
151 # `${POSTGRES_PASSWORD}` is a placeholder of password string.
152 'CONCOURSE_POSTGRES_DATA_SOURCE' => \
153 'postgres://concourse:${POSTGRES_PASSWORD}@concourse-db:5432/concourse?sslmode=disable',
154 #'CONCOURSE_RESOURCE_CHECKING_INTERVAL' => '1m', # default
157 'concourse-worker' => {
158 'image' => 'concourse/concourse',
159 'privileged' => true,
163 'command' => 'worker',
165 # These volumes will be set by the concourse-ci::docker-compose recipe automatically.
166 #"#{node['concourse-ci']['docker-compose']['worker_keys_dir']}:/concourse-keys",
169 'CONCOURSE_TSA_HOST' => 'concourse-web:2222',
174 new_config = Marshal.load(Marshal.dump(version_1_config)) # deep copy
175 # for using networks instead
176 #new_config['concourse-web'].delete('links')
177 #new_config['concourse-worker'].delete('links')
179 # Version 2 docker-compose format
181 'services' => new_config,
184 case node['concourse-ci']['docker-compose']['config_format_version'].to_i
186 default['concourse-ci']['docker-compose']['config'] = version_1_config
188 default['concourse-ci']['docker-compose']['config'] = version_2_config