2 # Cookbook Name:: screwdriver
5 # Copyright 2017, whitestar
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # http://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
20 default['screwdriver']['with_ssl_cert_cookbook'] = false
21 # If ['screwdriver']['with_ssl_cert_cookbook'] is true,
22 # node['screwdriver']['docker-compose']['config']
23 # are overridden by the following 'common_name' attributes.
24 default['screwdriver']['ssl_cert']['ca_names'] = []
25 default['screwdriver']['ssl_cert']['common_name'] = node['fqdn']
26 cn = node['screwdriver']['ssl_cert']['common_name']
27 cn = node['ipaddress'] if cn.nil? || cn.empty?
29 default['screwdriver']['jwt_private_key_vault_item'] = {
31 'vault' => 'screwdriver',
32 'name' => 'jwt_private_key',
33 # single password or nested hash password path delimited by slash
34 'env_context' => false,
35 'key' => 'private', # real hash path: "/password"
36 # or nested hash password path delimited by slash
37 #'env_context' => true,
38 #'key' => 'hash/path/to/private', # real hash path: "/#{node.chef_environment}/hash/path/to/private"
41 default['screwdriver']['jwt_public_key_vault_item'] = {
43 'vault' => 'screwdriver',
44 'name' => 'jwt_public_key',
45 # single password or nested hash password path delimited by slash
46 'env_context' => false,
47 'key' => 'public', # real hash path: "/password"
48 # or nested hash password path delimited by slash
49 #'env_context' => true,
50 #'key' => 'hash/path/to/public', # real hash path: "/#{node.chef_environment}/hash/path/to/public"
53 # A password used for encrypting session data. Needs to be minimum 32 characters
54 default['screwdriver']['cookie_password_vault_item'] = {
56 'vault' => 'screwdriver',
57 'name' => 'cookie_password',
58 # single password or nested hash password path delimited by slash
59 'env_context' => false,
60 'key' => 'password', # real hash path: "/password"
61 # or nested hash password path delimited by slash
62 #'env_context' => true,
63 #'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
66 # A password used for encrypting stored secrets. Needs to be minimum 32 characters
67 default['screwdriver']['password_vault_item'] = {
69 'vault' => 'screwdriver',
71 # single password or nested hash password path delimited by slash
72 'env_context' => false,
73 'key' => 'password', # real hash path: "/password"
74 # or nested hash password path delimited by slash
75 #'env_context' => true,
76 #'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
80 force_override['screwdriver']['ui']['tls_setup_mode'] = 'reverseproxy'
81 # These hash objects are expanded to a `/config/local.yaml` file in each Docker container.
82 default['screwdriver']['api']['config'] = {
94 'socketPath' => '/var/run/docker.sock',
96 'launchVersion' => 'stable',
103 'scm_a' => { # id and display name
104 'plugin' => 'github',
106 # These 3 secrets should be set by the following `['screwdriver']['api']['scms_vault_items']` attribute.
107 'oauthClientId' => 'YOU-PROBABLY-WANT-SOMETHING-HERE', # The client id used for OAuth with github. GitHub OAuth (https://developer.github.com/v3/oauth/)
108 'oauthClientSecret' => 'AGAIN-SOMETHING-HERE-IS-USEFUL', # The client secret used for OAuth with github
109 'secret' => 'SUPER-SECRET-SIGNING-THING', # Secret to add to GitHub webhooks so that we can validate them
110 'gheHost' => 'github.screwdriver.cd', # [Optional] GitHub enterprise host
111 'username' => 'sd-buildbot', # [Optional] Username for code checkout
112 'email' => 'dev-null@screwdriver.cd', # [Optional] Email for code checkout
113 'privateRepo' => false, # [Optional] Set to true to support private repo; will need read and write access to public and private repos (https://developer.github.com/v3/oauth/#scopes)
116 'scm_b' => { # id and display name
117 'plugin' => 'bitbucket',
119 'oauthClientId' => 'YOUR-APP-KEY',
120 'oauthClientSecret' => 'YOUR-APP-SECRET',
126 default['screwdriver']['api']['scms_vault_items'] = {
130 'vault' => 'screwdriver',
132 # single oauthClientId or nested hash oauthClientId path delimited by slash
133 'env_context' => false,
134 'key' => 'oauthClientId', # real hash path: "/oauthClientId", Note: do not use `id`, which is preserved by Chef Vault.
135 # or nested hash id path delimited by slash
136 #'env_context' => true,
137 #'key' => 'hash/path/to/oauthClientId', # real hash path: "/#{node.chef_environment}/hash/path/to/oauthClientId"
139 'oauthClientSecret' => {
140 'vault' => 'screwdriver',
142 # single oauthClientSecret or nested hash oauthClientSecret path delimited by slash
143 'env_context' => false,
144 'key' => 'oauthClientSecret', # real hash path: "/oauthClientSecret"
145 # or nested hash secret path delimited by slash
146 #'env_context' => true,
147 #'key' => 'hash/path/to/oauthClientSecret', # real hash path: "/#{node.chef_environment}/hash/path/to/oauthClientSecret"
151 'vault' => 'screwdriver',
153 # single secret or nested hash secret path delimited by slash
154 'env_context' => false,
155 'key' => 'secret', # real hash path: "/secret"
156 # or nested hash password path delimited by slash
157 #'env_context' => true,
158 #'key' => 'hash/path/to/secret', # real hash path: "/#{node.chef_environment}/hash/path/to/secret"
168 default['screwdriver']['store']['config'] = {
176 force_override['screwdriver']['docker-compose']['import_ca'] = false
177 default['screwdriver']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/screwdriver"
178 default['screwdriver']['docker-compose']['bin_dir'] = "#{node['screwdriver']['docker-compose']['app_dir']}/bin"
179 default['screwdriver']['docker-compose']['config_dir'] = "#{node['screwdriver']['docker-compose']['app_dir']}/config"
180 default['screwdriver']['docker-compose']['data_dir'] = "#{node['screwdriver']['docker-compose']['app_dir']}/data"
181 default['screwdriver']['docker-compose']['etc_dir'] = "#{node['screwdriver']['docker-compose']['app_dir']}/etc"
182 default['screwdriver']['docker-compose']['jwt_private_key_reset'] = false
184 # **DEPRECATED**: use ['screwdriver']['(jwt|cookie|password)_*_vault_item'] attributes.
185 default['screwdriver']['docker-compose']['jwt_private_key_vault_item'] = {}
186 default['screwdriver']['docker-compose']['jwt_public_key_vault_item'] = {}
187 default['screwdriver']['docker-compose']['cookie_password_vault_item'] = {}
188 default['screwdriver']['docker-compose']['password_vault_item'] = {}
190 # **DEPRECATED**: use the above `['screwdriver']['api']['scms_vault_items']` attribute.
191 default['screwdriver']['docker-compose']['oauth_client_id_vault_item'] = {
193 'vault' => 'screwdriver',
194 'name' => 'oauth_client_id',
195 # single cid or nested hash cid path delimited by slash
196 'env_context' => false,
197 'key' => 'cid', # real hash path: "/cid", Note: do not use `id`, which is preserved by Chef Vault.
198 # or nested hash id path delimited by slash
199 #'env_context' => true,
200 #'key' => 'hash/path/to/cid', # real hash path: "/#{node.chef_environment}/hash/path/to/cid"
203 # **DEPRECATED**: use the above `['screwdriver']['api']['scms_vault_items']` attribute.
204 default['screwdriver']['docker-compose']['oauth_client_secret_vault_item'] = {
206 'vault' => 'screwdriver',
207 'name' => 'oauth_client_secret',
208 # single secret or nested hash secret path delimited by slash
209 'env_context' => false,
210 'key' => 'secret', # real hash path: "/secret"
211 # or nested hash secret path delimited by slash
212 #'env_context' => true,
213 #'key' => 'hash/path/to/secret', # real hash path: "/#{node.chef_environment}/hash/path/to/secret"
216 # **DEPRECATED**: use the above `['screwdriver']['api']['scms_vault_items']` attribute.
217 default['screwdriver']['docker-compose']['webhook_github_secret_vault_item'] = {
219 'vault' => 'screwdriver',
220 'name' => 'webhook_github_secret',
221 # single password or nested hash password path delimited by slash
222 'env_context' => false,
223 'key' => 'secret', # real hash path: "/secret"
224 # or nested hash password path delimited by slash
225 #'env_context' => true,
226 #'key' => 'hash/path/to/secret', # real hash path: "/#{node.chef_environment}/hash/path/to/secret"
230 # ref: https://github.com/screwdriver-cd/screwdriver/blob/master/in-a-box.py
231 force_override['screwdriver']['docker-compose']['config_format_version'] = '2'
233 # Version 2 docker-compose format
236 # this service will be active if the `['screwdriver']['with_ssl_cert_cookbook']` attribute is true.
241 'restart' => 'always',
242 'image' => 'nginx:alpine',
247 #'9000:9000', # default
250 # This volume will be set by the screwdriver::docker-compose recipe automatically.
251 #"#{node['screwdriver']['docker-compose']['etc_dir']}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro",
255 'image' => 'screwdrivercd/screwdriver:latest',
256 'command' => 'npm start', # the original command in the Dockerfile.
258 #'9001:80', # default
261 '/var/run/docker.sock:/var/run/docker.sock:rw',
262 # This volume will be set by the screwdriver::docker-compose recipe automatically.
263 #"#{node['screwdriver']['docker-compose']['data_dir']}:/sd-data:rw",
267 # http://docs.screwdriver.cd/cluster-management/configure-api
268 # https://github.com/screwdriver-cd/screwdriver/blob/master/config/custom-environment-variables.yaml
270 'URI' => "http://#{cn}:9001",
271 #'URI' => "http://#{node['ipaddress']}:9001", # unrecommended
272 # These vriables will be set by the screwdriver::docker-compose recipe automatically.
273 #'ECOSYSTEM_UI' => "http://#{cn}:9000", # Better
274 #'ECOSYSTEM_UI' => "http://#{node['ipaddress']}:9000", # unrecommended
275 #'ECOSYSTEM_UI' => 'http://ui', # NG: for an access from a client.
276 #'ECOSYSTEM_STORE' => "http://#{cn}:9002", # Better
277 #'ECOSYSTEM_STORE' => "http://#{node['ipaddress']}:9002", # unrecommended
278 #'ECOSYSTEM_STORE' => 'http://store',
279 'SECRET_WHITELIST' => '[]',
280 'SECRET_ADMINS' => '[]',
281 'DATASTORE_PLUGIN' => 'sequelize',
282 'DATASTORE_SEQUELIZE_DIALECT' => 'sqlite',
283 'DATASTORE_SEQUELIZE_STORAGE' => '/sd-data/storage.db',
284 # This variable will be set by the screwdriver::docker-compose recipe automatically.
285 #'IS_HTTPS' => 'false',
286 #'NODE_TLS_REJECT_UNAUTHORIZED' => '0', # workaround for self-signed cetificates
288 # **DEPRECATED**: use the `['screwdriver']['api']['config']['executor']` attribute.
289 'EXECUTOR_PLUGIN' => 'docker',
290 'EXECUTOR_DOCKER_DOCKER' => <<-'EOS',
292 "socketPath": "/var/run/docker.sock"
298 # **DEPRECATED**: Please use the above `['screwdriver']['api']['config']['scms']` attribute
299 # instead of `SCM_SETTINGS` env. variable.
300 # 'SCM_SETTINGS' => '{}',
302 # **DEPRECATED**: Non-Multiple SCMs setting format.
303 # - Note: Multiple SCMs not supported yet.
304 # https://github.com/screwdriver-cd/screwdriver/issues/365
305 # - OAuth Callback URL: "http://#{cn}:9001/v4/auth/login/web"
306 'SCM_PLUGIN' => 'github', # or 'gitlab' or 'bitbucket'
308 'SCM_USERNAME' => 'sd-buildbot',
309 'SCM_EMAIL' => 'dev-null@screwdriver.cd',
310 # The following variables will be set by the screwdriver::docker-compose recipe automatically.
311 'SECRET_OAUTH_CLIENT_ID' => '${SECRET_OAUTH_CLIENT_ID}',
312 'SECRET_OAUTH_CLIENT_SECRET' => '${SECRET_OAUTH_CLIENT_SECRET}',
314 'WEBHOOK_GITHUB_SECRET' => '${WEBHOOK_GITHUB_SECRET}', #'SUPER-SECRET-SIGNING-THING'
315 'SCM_GITHUB_GHE_HOST' => 'gitlab.io.example.com', # for GHE
316 'SCM_PRIVATE_REPO_SUPPORT' => 'false',
318 #'SCM_GITLAB_HOST' => 'gitlab.io.example.com',
319 #'SCM_GITLAB_PROTOCOL' => 'https',
326 'image' => 'screwdrivercd/ui:latest',
328 #'9000:80', # default
331 # These variables will be set by the screwdriver::docker-compose recipe automatically.
332 #'ECOSYSTEM_API' => 'http://api', # NG: for an access from a client.
333 #'ECOSYSTEM_API' => "http://#{cn}:9001", # Better
334 #'ECOSYSTEM_API' => "http://#{node['ipaddress']}:9001", # unrecommended
335 #'ECOSYSTEM_STORE' => 'http://store',
336 #'ECOSYSTEM_STORE' => "http://#{cn}:9002", # Better
337 #'ECOSYSTEM_STORE' => "http://#{node['ipaddress']}:9002", # unrecommended
341 'image' => 'screwdrivercd/store:latest',
343 #'9002:80', # default
346 # See https://github.com/screwdriver-cd/store/blob/master/config/custom-environment-variables.yaml
348 'URI' => "http://#{cn}:9002",
349 #'URI' => "http://#{node['ipaddress']}:9002", # unrecommended
350 #'STRATEGY' => 'memory',
351 # This variable will be set by the screwdriver::docker-compose recipe automatically.
352 #'ECOSYSTEM_UI' => "http://#{cn}:9000", # Better
353 #'ECOSYSTEM_UI' => "http://#{node['ipaddress']}:9000",
354 #'ECOSYSTEM_UI' => 'http://ui', # NG for an access from a client.
360 default['screwdriver']['docker-compose']['config'] = version_2_config