# limitations under the License.
#
+default['concourse-ci']['fly']['version'] = '3.3.4'
+default['concourse-ci']['fly']['release_url'] = "https://github.com/concourse/concourse/releases/download/v#{node['concourse-ci']['fly']['version']}/fly_linux_amd64"
+default['concourse-ci']['fly']['release_checksum'] = nil
+default['concourse-ci']['fly']['auto_upgrade'] = false
+default['concourse-ci']['fly']['install_path'] = '/usr/local/bin/fly'
+
default['concourse-ci']['with_ssl_cert_cookbook'] = false
# If ['concourse-ci']['with_ssl_cert_cookbook'] is true,
# node['concourse-ci']['docker-compose']['config']
# are overridden by the following 'common_name' attributes.
+default['concourse-ci']['ssl_cert']['ca_names'] = []
default['concourse-ci']['ssl_cert']['common_name'] = node['fqdn']
+default['concourse-ci']['docker-image']['entrypoint'] = '/usr/local/bin/dumb-init /usr/local/bin/concourse'
+default['concourse-ci']['docker-compose']['import_ca'] = false
default['concourse-ci']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/concourse"
default['concourse-ci']['docker-compose']['pgdata_dir'] = "#{node['concourse-ci']['docker-compose']['app_dir']}/database"
default['concourse-ci']['docker-compose']['web_keys_dir'] = "#{node['concourse-ci']['docker-compose']['app_dir']}/keys/web"
#'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
=end
}
+default['concourse-ci']['docker-compose']['web_encryption_key_vault_item'] = {
+=begin
+ 'vault' => 'concourse',
+ 'name' => 'encryption_key',
+ # single password or nested hash password path delimited by slash
+ 'env_context' => false,
+ 'key' => 'ekey', # real hash path: "/ekey"
+ # or nested hash password path delimited by slash
+ #'env_context' => true,
+ #'key' => 'hash/path/to/ekey', # real hash path: "/#{node.chef_environment}/hash/path/to/ekey"
+=end
+}
default['concourse-ci']['docker-compose']['web_password_reset'] = false
default['concourse-ci']['docker-compose']['web_password_vault_item'] = {
=begin
#'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
=end
}
+default['concourse-ci']['docker-compose']['web_oauth_client_id_vault_item'] = {
+=begin
+ 'vault' => 'concourse',
+ 'name' => 'web_oauth_client_id',
+ # single cid or nested hash cid path delimited by slash
+ 'env_context' => false,
+ 'key' => 'cid', # real hash path: "/cid", Note: do not use `id`, which is preserved by Chef Vault.
+ # or nested hash id path delimited by slash
+ #'env_context' => true,
+ #'key' => 'hash/path/to/cid', # real hash path: "/#{node.chef_environment}/hash/path/to/cid"
+=end
+}
+default['concourse-ci']['docker-compose']['web_oauth_client_secret_vault_item'] = {
+=begin
+ 'vault' => 'concourse',
+ 'name' => 'web_oauth_client_secret',
+ # single secret or nested hash secret path delimited by slash
+ 'env_context' => false,
+ 'key' => 'secret', # real hash path: "/secret"
+ # or nested hash secret path delimited by slash
+ #'env_context' => true,
+ #'key' => 'hash/path/to/secret', # real hash path: "/#{node.chef_environment}/hash/path/to/secret"
+=end
+}
default['concourse-ci']['docker-compose']['ssh_keys_reset'] = false
# TODO: support version 2 format, and use `default` instead of `force_override`
},
},
'concourse-web' => {
- 'restart' => 'always',
+ 'restart' => 'unless-stopped',
'image' => 'concourse/concourse', # latest, 2.6.0,...
'links' => [
'concourse-db',
#'8443:8443', # https
],
'volumes' => [
- "#{node['concourse-ci']['docker-compose']['web_keys_dir']}:/concourse-keys",
+ # These volumes will be set by the concourse-ci::docker-compose recipe automatically.
+ #"#{node['concourse-ci']['docker-compose']['web_keys_dir']}:/concourse-keys",
],
'environment' => {
#'CONCOURSE_TLS_BIND_PORT' => '8443', # activate HTTPS
+ # If the ['concourse-ci']['docker-compose']['web_encryption_key_vault_item'] attributes are specified.
+ # the following variable is set automatically,
+ #'CONCOURSE_ENCRYPTION_KEY' => '${CONCOURSE_ENCRYPTION_KEY}',
'CONCOURSE_BASIC_AUTH_USERNAME' => 'concourse',
# Note: You should use the `['concourse-ci']['docker-compose']['web_password_vault_item']` attribute.
'CONCOURSE_BASIC_AUTH_PASSWORD' => nil,
+ # OAuth for the default `main`` team
+ #'CONCOURSE_GENERIC_OAUTH_DISPLAY_NAME' => 'GitLab',
+ # If the ['concourse-ci']['docker-compose']['web_oauth_client_(id|secret)_vault_item'] attributes are specified.
+ # the following 2 variables are set automatically,
+ #'CONCOURSE_GENERIC_OAUTH_CLIENT_ID' => '${CONCOURSE_GENERIC_OAUTH_CLIENT_ID}',
+ #'CONCOURSE_GENERIC_OAUTH_CLIENT_SECRET' => '${CONCOURSE_GENERIC_OAUTH_CLIENT_SECRET}',
+ #'CONCOURSE_GENERIC_OAUTH_AUTH_URL' => 'https://gitlab.io.example.com/oauth/authorize',
+ #'CONCOURSE_GENERIC_OAUTH_TOKEN_URL' => 'https://gitlab.io.example.com/oauth/token',
# If you sepecify no value, Chef will sets "http://#{node['ipaddress']}:8080".
'CONCOURSE_EXTERNAL_URL' => nil,
# `${POSTGRES_PASSWORD}` is a placeholder of password string.
'CONCOURSE_POSTGRES_DATA_SOURCE' => \
'postgres://concourse:${POSTGRES_PASSWORD}@concourse-db:5432/concourse?sslmode=disable',
+ #'CONCOURSE_RESOURCE_CHECKING_INTERVAL' => '1m', # default
},
},
'concourse-worker' => {
- 'restart' => 'always',
'image' => 'concourse/concourse',
'privileged' => true,
'links' => [
],
'command' => 'worker',
'volumes' => [
- "#{node['concourse-ci']['docker-compose']['worker_keys_dir']}:/concourse-keys",
+ # These volumes will be set by the concourse-ci::docker-compose recipe automatically.
+ #"#{node['concourse-ci']['docker-compose']['worker_keys_dir']}:/concourse-keys",
],
'environment' => {
- 'CONCOURSE_TSA_HOST' => 'concourse-web',
+ 'CONCOURSE_TSA_HOST' => 'concourse-web:2222',
},
},
}