OSDN Git Service

(root) / metasearch / grid-chef-repo.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
adds Minio support.
[metasearch/grid-chef-repo.git] / cookbooks / screwdriver / README.md
1 screwdriver Cookbook
2 ====================
3
4 This cookbook sets up a Screwdriver CI/CD service by Docker Compose.
5
6 ## Contents
7
8 - [Contents](#contents)
9 - [Requirements](#requirements)
10     - [platforms](#platforms)
11     - [packages](#packages)
12     - [cookbooks](#cookbooks)
13 - [Attributes](#attributes)
14 - [Usage](#usage)
15     - [Recipes](#recipes)
16         - [screwdriver::default](#screwdriverdefault)
17         - [screwdriver::docker-compose](#screwdriverdocker-compose)
18     - [Role Examples](#role-examples)
19     - [SSL server keys and certificates management by ssl_cert cookbook](#ssl-server-keys-and-certificates-management-by-ssl_cert-cookbook)
20     - [JWT private and public keys management by Chef Vault](#jwt-private-and-public-keys-management-by-chef-vault)
21     - [Cookie password management by Chef Vault](#cookie-password-management-by-chef-vault)
22     - [Secrets encryption password management by Chef Vault](#secrets-encryption-password-management-by-chef-vault)
23     - [Database username management (for MySQL, PostgreSQL,...) by Chef Vault](#database-username-management-for-mysql-postgresql-by-chef-vault)
24     - [Database password management (for MySQL, PostgreSQL,...) by Chef Vault](#database-password-management-for-mysql-postgresql-by-chef-vault)
25     - [Database root password management (for MySQL, PostgreSQL,...) by Chef Vault](#database-root-password-management-for-mysql-postgresql-by-chef-vault)
26     - [S3 (compatible) server access key management by Chef Vault](#s3-compatible-server-access-key-management-by-chef-vault)
27     - [OAuth client ID, secret and GitHub webhook secret management by Chef Vault](#oauth-client-id-secret-and-github-webhook-secret-management-by-chef-vault)
28     - [Note](#note)
29         - [Database Initialization](#database-initialization)
30 - [License and Authors](#license-and-authors)
31
32 ## Requirements
33
34 ### platforms
35 - Debian >= 9.0
36 - Ubuntu >= 14.04
37 - CentOS, RHEL >= 7.3
38
39 ### packages
40 - none.
41
42 ### cookbooks
43 - `docker-grid`
44 - `ssl_cert`
45
46 ## Attributes
47
48 |Key|Type|Description, example|Default|
49 |:--|:--|:--|:--|
50 |`['screwdriver']['with_ssl_cert_cookbook']`|Boolean|See `attributes/default.rb`|`false`|
51 |`['screwdriver']['ssl_cert']['ca_names']`|Array|Internal CA names that are imported by the ssl_cert cookbook.|`[]`|
52 |`['screwdriver']['ssl_cert']['common_name']`|String|Server common name for TLS|`node['fqdn']`|
53 |`['screwdriver']['jwt_private_key_vault_item']`|Hash|Optional, Sets a JWT private key from Chef Vault. See `attributes/default.rb`|`{}`|
54 |`['screwdriver']['jwt_public_key_vault_item']`|Hash|Optional, Sets a JWT public key from Chef Vault. See `attributes/default.rb`|`{}`|
55 |`['screwdriver']['cookie_password_vault_item']`|Hash|Optional, Sets a session cookie password from Chef Vault. See `attributes/default.rb`|`{}`|
56 |`['screwdriver']['password_vault_item']`|Hash|Optional, Sets a password for secrets encryption from Chef Vault. See `attributes/default.rb`|`{}`|
57 |`['screwdriver']['db_username_vault_item']`|Hash|Optional, Sets a database username from Chef Vault. See `attributes/default.rb`|`{}`|
58 |`['screwdriver']['db_password_vault_item']`|Hash|Optional, Sets a database password from Chef Vault. See `attributes/default.rb`|`{}`|
59 |`['screwdriver']['db_root_password_vault_item']`|Hash|Optional, Sets a database password for the root user from Chef Vault. See `attributes/default.rb`|`{}`|
60 |`['screwdriver']['s3_access_key_id_vault_item']`|Hash|Optional, Sets a S3 access key id from Chef Vault. See `attributes/default.rb`|`{}`|
61 |`['screwdriver']['s3_access_key_secret_vault_item']`|Hash|Optional, Sets a S3 access key secret from Chef Vault. See `attributes/default.rb`|`{}`|
62 |`['screwdriver']['ui']['tls_setup_mode']`|String|`'reverseproxy'` only. Note: [_Add TLS support to UI docker container #377_](https://github.com/screwdriver-cd/screwdriver/issues/377)|`'reverseproxy'`|
63 |`['screwdriver']['api']['config']`|Hash|This hash object is expanded to a `/config/local.yaml` file in the API Docker container.|See `attributes/default.rb`|
64 |`['screwdriver']['api']['scms_vault_items']`|Hash|This hash contains Chef Vault item definitions of SCM's secrets.|See `attributes/default.rb`|
65 |`['screwdriver']['store']['backend']`|String|`nil` (in memory) or `'minio'`.|`nil`|
66 |`['screwdriver']['store']['config']`|Hash|This hash object is expanded to a `/config/local.yaml` file in the Store Docker container.|See `attributes/default.rb`|
67 |`['screwdriver']['docker-compose']['import_ca']`|Boolean|whether import internal CA certificates or not.|`false`|
68 |`['screwdriver']['docker-compose']['app_dir']`|String|Path string.|`"#{node['docker-grid']['compose']['app_dir']}/screwdriver"`|
69 |`['screwdriver']['docker-compose']['bin_dir']`|String|Path string.|`"#{node['screwdriver']['docker-compose']['app_dir']}/bin"`|
70 |`['screwdriver']['docker-compose']['config_dir']`|String|Path string.|`"#{node['screwdriver']['docker-compose']['app_dir']}/config"`|
71 |`['screwdriver']['docker-compose']['data_dir']`|String|Path string.|`"#{node['screwdriver']['docker-compose']['app_dir']}/data"`|
72 |`['screwdriver']['docker-compose']['etc_dir']`|String|Path string.|`"#{node['screwdriver']['docker-compose']['app_dir']}/etc"`|
73 |`['screwdriver']['docker-compose']['jwt_private_key_reset']`|Boolean|Only available if the JWT key pair is automatically generated by Chef.|`false`|
74 |`['screwdriver']['docker-compose']['jwt_private_key_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['jwt_private_key_vault_item']`. Optional, Sets a JWT private key from Chef Vault. See `attributes/default.rb`|`{}`|
75 |`['screwdriver']['docker-compose']['jwt_public_key_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['jwt_public_key_vault_item']`. Optional, Sets a JWT public key from Chef Vault. See `attributes/default.rb`|`{}`|
76 |`['screwdriver']['docker-compose']['cookie_password_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['cookie_password_vault_item']`. Optional, Sets a session cookie password from Chef Vault. See `attributes/default.rb`|`{}`|
77 |`['screwdriver']['docker-compose']['password_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['password_vault_item']`. Optional, Sets a password for secrets encryption from Chef Vault. See `attributes/default.rb`|`{}`|
78 |`['screwdriver']['docker-compose']['oauth_client_id_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['api']['scms_vault_items']`. Required, Sets a OAuth client ID for SCM from Chef Vault. See `attributes/default.rb`|`{}`|
79 |`['screwdriver']['docker-compose']['oauth_client_secret_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['api']['scms_vault_items']`. Required, Sets a OAuth secret for SCM from Chef Vault. See `attributes/default.rb`|`{}`|
80 |`['screwdriver']['docker-compose']['webhook_github_secret_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['api']['scms_vault_items']`. Required for GitHub, Sets a secret for GitHub webhook from Chef Vault. See `attributes/default.rb`|`{}`|
81 |`['screwdriver']['docker-compose']['config']`|Hash|`docker-compose.yml` configurations.|See `attributes/default.rb`|
82
83 ## Usage
84
85 ### Recipes
86
87 #### screwdriver::default
88
89 This recipe does nothing.
90
91 #### screwdriver::docker-compose
92
93 This recipe generates JWT key pair and a `docker-compose.yml` file for the Screwdriver CI/CD service.
94
95 ### Role Examples
96
97 - `roles/screwdriver.rb`
98
99 ```ruby
100 name 'screwdriver'
101 description 'screwdriver'
102
103 ui_port     = '9000'
104 api_port    = '9001'
105 store_port  = '9002'
106
107 run_list(
108   'role[docker]',
109   'recipe[screwdriver::docker-compose]',
110 )
111
112 override_attributes(
113   'screwdriver' => {
114     'api' => {
115       'config' => {
116         'executor' => {
117           'plugin' => 'docker',
118           'docker' => {
119             'options' => {
120               'docker' => {
121                 'socketPath' => '/var/run/docker.sock',
122               },
123               'launchVersion' => 'stable',
124             },
125           },
126         },
127         'scms' => {
128           'github.com' => {
129             'plugin' => 'github',
130             'config' => {
131               # OAuth Callback URL: "http://#{node['fqdn']}:9001/v4/auth/login/web"
132               'username' => 'ci-tool',
133               'email' => 'citool@mail.example.com',
134               'privateRepo' => false,
135             },
136           },
137         },
138       },
139       'scms_vault_items' => {
140         'github.com' => {
141           'oauthClientId' => {
142             'vault' => 'screwdriver',
143             'name' => 'github',
144             'env_context' => false,
145             'key' => 'oauthClientId',  # real hash path: "/oauthClientId"
146           },
147           'oauthClientSecret' => {
148             'vault' => 'screwdriver',
149             'name' => 'github',
150             'env_context' => false,
151             'key' => 'oauthClientSecret',  # real hash path: "/oauthClientSecret"
152           },
153           'secret' => {
154             'vault' => 'screwdriver',
155             'name' => 'github',
156             'env_context' => false,
157             'key' => 'secret',  # real hash path: "/secret"
158           },
159         },
160       },
161     },
162     'docker-compose' => {
163       'config' => {
164         'services' => {
165           'api' => {
166             'ports' => [
167               "#{api_port}:80",
168             ],
169             'environment' => {
170               'NODE_TLS_REJECT_UNAUTHORIZED' => '0',  # for self-signed cetificates
171               # The following variables will be set by the screwdriver::docker-compose recipe automatically.
172               #'ECOSYSTEM_UI' => "http://#{node['fqdn']}:#{ui_port}",
173               #'ECOSYSTEM_STORE' => "http://#{node['fqdn']}:#{store_port}",
174             },
175           },
176           'ui' => {
177             'ports' => [
178               "#{ui_port}:80",
179             ],
180             'environment' => {
181               # These variables will be set by the screwdriver::docker-compose recipe automatically.
182               #'ECOSYSTEM_API' => "http://#{node['fqdn']}:#{api_port}",
183               #'ECOSYSTEM_STORE' => "http://#{node['fqdn']}:#{store_port}",
184             },
185           },
186           'store' => {
187             'ports' => [
188               "#{store_port}:80",
189             ],
190             'environment' => {
191               # This variable will be set by the screwdriver::docker-compose recipe automatically.
192               #'ECOSYSTEM_UI' => "http://#{node['fqdn']}:#{ui_port}",
193             },
194           },
195         },
196       },
197     },
198   },
199 )
200 ```
201
202 - `roles/screwdriver-with-ssl.rb`
203
204 ```ruby
205 name 'screwdriver-with-ssl'
206 description 'screwdriver with SSL'
207
208 cn = 'screwdriver.io.example.com'
209 ui_port     = '9000'
210 api_port    = '9001'
211 store_port  = '9002'
212
213 run_list(
214   'role[docker]',
215   'recipe[screwdriver::docker-compose]',
216 )
217
218 override_attributes(
219   'ssl_cert' => {
220     #'common_names' => [
221     #  cn,  # screwdriver cookbook < 0.2.2
222     #],
223   },
224   'screwdriver' => {
225     'with_ssl_cert_cookbook' => true,
226     'ssl_cert' => {
227       'common_name' => cn,
228     },
229     'api' => {
230       'config' => {
231         'executor' => {
232           'plugin' => 'docker',
233           'docker' => {
234             'options' => {
235               'docker' => {
236                 'socketPath' => '/var/run/docker.sock',
237               },
238               'launchVersion' => 'stable',
239             },
240           },
241         },
242         'scms' => {
243           'github.com' => {
244             'plugin' => 'github',
245             'config' => {
246               # OAuth Callback URL: "http://#{node['fqdn']}:9001/v4/auth/login/web"
247               'username' => 'ci-tool',
248               'email' => 'citool@mail.example.com',
249               'privateRepo' => false,
250             },
251           },
252         },
253       },
254       'scms_vault_items' => {
255         'github.com' => {
256           'oauthClientId' => {
257             'vault' => 'screwdriver',
258             'name' => 'github',
259             'env_context' => false,
260             'key' => 'oauthClientId',  # real hash path: "/oauthClientId"
261           },
262           'oauthClientSecret' => {
263             'vault' => 'screwdriver',
264             'name' => 'github',
265             'env_context' => false,
266             'key' => 'oauthClientSecret',  # real hash path: "/oauthClientSecret"
267           },
268           'secret' => {
269             'vault' => 'screwdriver',
270             'name' => 'github',
271             'env_context' => false,
272             'key' => 'secret',  # real hash path: "/secret"
273           },
274         },
275       },
276     },
277     'docker-compose' => {
278       'config' => {
279         'services' => {
280           'reverseproxy' => {
281             'ports' => [
282               "#{ui_port}:9000",
283             ],
284             'environment' => {
285             },
286           },
287           'api' => {
288             'ports' => [
289               "#{api_port}:80",
290             ],
291             'environment' => {
292               'NODE_TLS_REJECT_UNAUTHORIZED' => '0',  # for self-signed cetificates
293               # The following variables will be set by the screwdriver::docker-compose recipe automatically.
294               #'ECOSYSTEM_UI' => "http://#{node['fqdn']}:#{ui_port}",
295               #'ECOSYSTEM_STORE' => "http://#{node['fqdn']}:#{store_port}",
296             },
297           },
298           'ui' => {
299             #'ports' => [
300             #  "#{ui_port}:80",
301             #],
302             'environment' => {
303               # These variables will be set by the screwdriver::docker-compose recipe automatically.
304               #'ECOSYSTEM_API' => "http://#{node['fqdn']}:#{api_port}",
305               #'ECOSYSTEM_STORE' => "http://#{node['fqdn']}:#{store_port}",
306             },
307           },
308           'store' => {
309             'ports' => [
310               "#{store_port}:80",
311             ],
312             'environment' => {
313               # These variables will be set by the screwdriver::docker-compose recipe automatically.
314               #'ECOSYSTEM_UI' => "http://#{node['fqdn']}:#{ui_port}",
315             },
316           },
317         },
318       },
319     },
320   },
321 )
322 ```
323
324 ### SSL server keys and certificates management by ssl_cert cookbook
325
326 - create vault items.
327
328 ```text
329 $ ruby -rjson -e 'puts JSON.generate({"private" => File.read("screwdriver.io.example.com.prod.key")})' \
330 > > ~/sec/tmp/screwdriver.io.example.com.prod.key.json
331
332 $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("screwdriver.io.example.com.prod.crt")})' \
333 > > ~/sec/tmp/screwdriver.io.example.com.prod.crt.json
334
335 $ cd $CHEF_REPO_PATH
336
337 $ knife vault create ssl_server_keys screwdriver.io.example.com.prod \
338 > --json ~/sec/tmp/screwdriver.io.example.com.prod.key.json
339
340 $ knife vault create ssl_server_certs screwdriver.io.example.com.prod \
341 > --json ~/sec/tmp/screwdriver.io.example.com.prod.crt.json
342 ```
343
344 - grant reference permission to the screwdriver host
345
346 ```text
347 $ knife vault update ssl_server_keys  screwdriver.io.example.com.prod -S 'name:screwdriver-host.example.com'
348 $ knife vault update ssl_server_certs screwdriver.io.example.com.prod -S 'name:screwdriver-host.example.com'
349 ```
350
351 - modify attributes
352
353 ```ruby
354 override_attributes(
355   'ssl_cert' => {
356     #'common_names' => [
357     #  'screwdriver.io.example.com',  # screwdriver cookbook < 0.2.2
358     #],
359   },
360   'screwdriver' => {
361     'with_ssl_cert_cookbook' => true,
362     'ssl_cert' => {
363       'common_name' => 'screwdriver.io.example.com',
364     },
365     # ...
366   },
367 )
368 ```
369
370 ### JWT private and public keys management by Chef Vault
371
372 - create vault items.
373
374 ```text
375 $ ruby -rjson -e 'puts JSON.generate({"private" => File.read("screwdriver_jwt_private.key")})' \
376 > > ~/sec/tmp/screwdriver_jwt_private.key.json
377
378 $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("screwdriver_jwt_public.key")})' \
379 > > ~/sec/tmp/screwdriver_jwt_public.key.json
380
381 $ cd $CHEF_REPO_PATH
382
383 $ knife vault create screwdriver jwt_private_key \
384 > --json ~/sec/tmp/screwdriver_jwt_private.key.json
385
386 $ knife vault create screwdriver screwdriver_jwt_public \
387 > --json ~/sec/tmp/screwdriver_jwt_public.key.json
388 ```
389
390 - grant reference permission to the screwdriver host
391
392 ```text
393 $ knife vault update screwdriver jwt_private_key -S 'name:screwdriver-host.example.com'
394 $ knife vault update screwdriver jwt_public_key  -S 'name:screwdriver-host.example.com'
395 ```
396
397 - modify attributes
398
399 ```ruby
400 override_attributes(
401   'screwdriver' => {
402     # ...
403     'jwt_private_key_vault_item' => {
404       'vault' => 'screwdriver',
405       'name' => 'jwt_private_key',
406       'env_context' => false,
407       'key' => 'private',
408     },
409     'jwt_public_key_vault_item' => {
410       'vault' => 'screwdriver',
411       'name' => 'jwt_public_key',
412       'env_context' => false,
413       'key' => 'public',
414     },
415     # ...
416   },
417 )
418 ```
419
420 ### Cookie password management by Chef Vault
421
422 - create vault items.
423
424 ```text
425 # A password used for encrypting session data. Needs to be minimum 32 characters
426 $ cat ~/sec/tmp/screwdriver_cookie_password.json
427 {"password":"********************************"}
428
429 $ cd $CHEF_REPO_PATH
430 $ knife vault create screwdriver cookie_password --json ~/sec/tmp/screwdriver_cookie_password.json
431 ```
432
433 - grant reference permission to the screwdriver host
434
435 ```text
436 $ knife vault update screwdriver cookie_password -S 'name:screwdriver-host.example.com'
437 ```
438
439 - modify attributes
440
441 ```ruby
442 override_attributes(
443   'screwdriver' => {
444     # ...
445     'cookie_password_vault_item' => {
446       'vault' => 'screwdriver',
447       'name' => 'cookie_password',
448       'env_context' => false,
449       'key' => 'password',
450     },
451     # ...
452   },
453 )
454 ```
455
456 ### Secrets encryption password management by Chef Vault
457
458 - create vault items.
459
460 ```text
461 # A password used for encrypting stored secrets. Needs to be minimum 32 characters
462 $ cat ~/sec/tmp/screwdriver_password.json
463 {"password":"********************************"}
464
465 $ cd $CHEF_REPO_PATH
466 $ knife vault create screwdriver password --json ~/sec/tmp/screwdriver_password.json
467 ```
468
469 - grant reference permission to the screwdriver host
470
471 ```text
472 $ knife vault update screwdriver password -S 'name:screwdriver-host.example.com'
473 ```
474
475 - modify attributes
476
477 ```ruby
478 override_attributes(
479   'screwdriver' => {
480     # ...
481     'password_vault_item' => {
482       'vault' => 'screwdriver',
483       'name' => 'password',
484       'env_context' => false,
485       'key' => 'password',
486     },
487     # ...
488   },
489 )
490 ```
491
492 ### Database username management (for MySQL, PostgreSQL,...) by Chef Vault
493
494 - create vault items.
495
496 ```text
497 $ cat ~/sec/tmp/screwdriver_db_username.json
498 {"username":"********************************"}
499
500 $ cd $CHEF_REPO_PATH
501 $ knife vault create screwdriver db_username --json ~/sec/tmp/screwdriver_db_username.json
502 ```
503
504 - grant reference permission to the screwdriver host
505
506 ```text
507 $ knife vault update screwdriver db_username -S 'name:screwdriver-host.example.com'
508 ```
509
510 - modify attributes
511
512 ```ruby
513 override_attributes(
514   'screwdriver' => {
515     # ...
516     'db_username_vault_item' => {
517       'vault' => 'screwdriver',
518       'name' => 'db_username',
519       'env_context' => false,
520       'key' => 'username',
521     },
522     # ...
523   },
524 )
525 ```
526
527 ### Database password management (for MySQL, PostgreSQL,...) by Chef Vault
528
529 - create vault items.
530
531 ```text
532 $ cat ~/sec/tmp/screwdriver_db_password.json
533 {"password":"********************************"}
534
535 $ cd $CHEF_REPO_PATH
536 $ knife vault create screwdriver db_password --json ~/sec/tmp/screwdriver_db_password.json
537 ```
538
539 - grant reference permission to the screwdriver host
540
541 ```text
542 $ knife vault update screwdriver db_password -S 'name:screwdriver-host.example.com'
543 ```
544
545 - modify attributes
546
547 ```ruby
548 override_attributes(
549   'screwdriver' => {
550     # ...
551     'db_password_vault_item' => {
552       'vault' => 'screwdriver',
553       'name' => 'db_password',
554       'env_context' => false,
555       'key' => 'password',
556     },
557     # ...
558   },
559 )
560 ```
561
562 ### Database root password management (for MySQL, PostgreSQL,...) by Chef Vault
563
564 - create vault items.
565
566 ```text
567 $ cat ~/sec/tmp/screwdriver_db_root_password.json
568 {"password":"********************************"}
569
570 $ cd $CHEF_REPO_PATH
571 $ knife vault create screwdriver db_root_password --json ~/sec/tmp/screwdriver_db_root_password.json
572 ```
573
574 - grant reference permission to the screwdriver host
575
576 ```text
577 $ knife vault update screwdriver db_root_password -S 'name:screwdriver-host.example.com'
578 ```
579
580 - modify attributes
581
582 ```ruby
583 override_attributes(
584   'screwdriver' => {
585     # ...
586     'db_root_password_vault_item' => {
587       'vault' => 'screwdriver',
588       'name' => 'db_root_password',
589       'env_context' => false,
590       'key' => 'password',
591     },
592     # ...
593   },
594 )
595 ```
596
597 ### S3 (compatible) server access key management by Chef Vault
598
599 - create vault items.
600
601 ```text
602 $ cat ~/sec/tmp/screwdriver_s3_access_key.json
603 {
604   "kid":"********************",
605   "secret":"****************************************"
606 }
607
608 $ cd $CHEF_REPO_PATH
609 $ knife vault create screwdriver s3_access_key --json ~/sec/tmp/screwdriver_s3_access_key.json
610 ```
611
612 - grant reference permission to the screwdriver host
613
614 ```text
615 $ knife vault update screwdriver s3_access_key -S 'name:screwdriver-host.example.com'
616 ```
617
618 - modify attributes
619
620 ```ruby
621 override_attributes(
622   'screwdriver' => {
623     # ...
624     's3_access_key_id_vault_item' => {
625       'vault' => 'screwdriver',
626       'name' => 's3_access_key',
627       'env_context' => false,
628       'key' => 'kid',
629     },
630     's3_access_key_secret_vault_item' => {
631       'vault' => 'screwdriver',
632       'name' => 's3_access_key',
633       'env_context' => false,
634       'key' => 'secret',
635     },
636     # ...
637   },
638 )
639 ```
640
641 ### OAuth client ID, secret and GitHub webhook secret management by Chef Vault
642
643 - create vault items.
644
645 ```text
646 $ cat ~/sec/tmp/screwdriver_github_secrets.json
647 {
648   "oauthClientId": "***************************************************************",
649   "oauthClientSecret": "***************************************************************",
650   "secret": "**************************"
651 }
652 ```
653
654 $ cd $CHEF_REPO_PATH
655
656 ```text
657 $ knife vault create screwdriver github --json ~/sec/tmp/screwdriver_github_secrets.json
658 ```
659
660 - grant reference permission to the screwdriver host
661
662 ```text
663 $ knife vault update screwdriver github -S 'name:screwdriver-host.example.com'
664 ```
665
666 - modify attributes
667
668 ```ruby
669 override_attributes(
670   'screwdriver' => {
671     # ...
672     'api' => {
673       # ...
674       'scms_vault_items' => {
675         'github.com' => {
676           'oauthClientId' => {
677             'vault' => 'screwdriver',
678             'name' => 'github',
679             'env_context' => false,
680             'key' => 'oauthClientId',  # real hash path: "/oauthClientId"
681           },
682           'oauthClientSecret' => {
683             'vault' => 'screwdriver',
684             'name' => 'github',
685             'env_context' => false,
686             'key' => 'oauthClientSecret',  # real hash path: "/oauthClientSecret"
687           },
688           'secret' => {
689             'vault' => 'screwdriver',
690             'name' => 'github',
691             'env_context' => false,
692             'key' => 'secret',  # real hash path: "/secret"
693           },
694         },
695       },
696     },
697     # ...
698   },
699 )
700 ```
701
702 ### Note
703
704 #### Database Initialization
705
706 If you use database other than sqlite, its database initialization will takes a few tens of seconds.
707 You should run a database container only at the beginning and then start the others. 
708
709 ```
710 $ sudo docker-compose up -d db
711 ...
712 Creating network "screwdriver_default" with the default driver
713 Creating screwdriver_db_1 ... done
714
715 $ sudo docker-compose up -d
716 screwdriver_db_1 is up-to-date
717 Creating screwdriver_api_1   ... done
718 Creating screwdriver_ui_1    ... done
719 Creating screwdriver_store_1 ... done
720 ```
721
722 ## License and Authors
723
724 - Author:: whitestar at osdn.jp
725
726 ```text
727 Copyright 2017, whitestar
728
729 Licensed under the Apache License, Version 2.0 (the "License");
730 you may not use this file except in compliance with the License.
731 You may obtain a copy of the License at
732
733     http://www.apache.org/licenses/LICENSE-2.0
734
735 Unless required by applicable law or agreed to in writing, software
736 distributed under the License is distributed on an "AS IS" BASIS,
737 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
738 See the License for the specific language governing permissions and
739 limitations under the License.
740 ```
Grid環境構築用のChefリポジトリです。
About OSDN
Find Software
Develop Software
Help