# Cookbook Name:: concourse-ci
# Recipe:: docker-compose
#
-# Copyright 2017, whitestar
+# Copyright 2017-2018, whitestar
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
#
-::Chef::Recipe.send(:include, SSLCert::Helper)
-
require 'securerandom'
doc_url = 'https://concourse.ci/docker-repository.html'
env_local = {}
File.open(env_file) do |file|
file.each_line do |line|
- env_local[$1] = $2 if line =~ /^(.*)=(.*)$/
+ env_local[$1] = $2 if line =~ /^([^=]*)=(.*)$/
end
end
end
if File.exist?(config_file)
require 'yaml'
config_srvs_local = YAML.load_file(config_file)
- config_srvs_local = config_srvs_local['services'] if config_srvs_local.key?('version') && config_srvs_local['version'] == '2'
+ config_srvs_local = config_srvs_local['services'] if config_srvs_local.key?('version') && config_srvs_local['version'].to_i >= 2
end
config_format_version = node['concourse-ci']['docker-compose']['config_format_version']
-# if config_format_version == '1'
+# if config_format_version.to_i == 1
config_srvs = node['concourse-ci']['docker-compose']['config']
override_config_srvs = node.override['concourse-ci']['docker-compose']['config']
force_override_config_srvs = node.force_override['concourse-ci']['docker-compose']['config']
-if config_format_version == '2'
+if config_format_version.to_i == 2
config_srvs = config_srvs['services']
override_config_srvs = override_config_srvs['services']
force_override_config_srvs = force_override_config_srvs['services']
web_vols.push("#{node['concourse-ci']['docker-compose']['web_keys_dir']}:/concourse-keys")
+encryption_key = nil
+encryption_key_vault_item = node['concourse-ci']['docker-compose']['web_encryption_key_vault_item']
+unless encryption_key_vault_item.empty?
+ encryption_key = get_vault_item_value(encryption_key_vault_item)
+ web_envs['CONCOURSE_ENCRYPTION_KEY'] = '${CONCOURSE_ENCRYPTION_KEY}'
+end
+
web_password_reset = node['concourse-ci']['docker-compose']['web_password_reset']
basic_auth_passwd = nil
web_password_vault_item = node['concourse-ci']['docker-compose']['web_password_vault_item']
end
external_url = web_envs_org['CONCOURSE_EXTERNAL_URL']
-web_envs['CONCOURSE_EXTERNAL_URL'] = "http://#{node['ipaddress']}:8080" if external_url.nil?
+external_url = "http://#{node['ipaddress']}:8080" if external_url.nil?
+web_envs['CONCOURSE_EXTERNAL_URL'] = external_url
data_source = web_envs_org['CONCOURSE_POSTGRES_DATA_SOURCE']
# for backward compatibility.
data_source = data_source.gsub(/<POSTGRES_PASSWORD>/, '${POSTGRES_PASSWORD}')
web_envs['CONCOURSE_POSTGRES_DATA_SOURCE'] = data_source
-if node['concourse-ci']['docker-compose']['import_ca']
- ::Chef::Recipe.send(:include, SSLCert::Helper)
- node['concourse-ci']['ssl_cert']['ca_names'].each {|ca_name|
- web_vols.push("#{ca_cert_path(ca_name)}:/usr/share/ca-certificates/#{ca_name}.crt:ro")
- }
-
- template "#{bin_dir}/concourse_import_ca" do
- source 'opt/docker-compose/app/concourse/bin/concourse_import_ca'
- owner 'root'
- group 'root'
- mode '0755'
- action :create
- end
- web_vols.push("#{bin_dir}/concourse_import_ca:/usr/local/bin/concourse_import_ca:ro")
-end
-
template "#{bin_dir}/concourse_up" do
source 'opt/docker-compose/app/concourse/bin/concourse_up'
owner 'root'
if node['concourse-ci']['with_ssl_cert_cookbook']
::Chef::Recipe.send(:include, SSLCert::Helper)
cn = node['concourse-ci']['ssl_cert']['common_name']
+ append_server_ssl_cn(cn)
+ include_recipe 'ssl_cert::server_key_pairs'
+
# Concourse web process owner is root.
web_vols.push("#{server_cert_path(cn)}:/root/server.crt:ro")
web_vols.push("#{server_key_path(cn)}:/root/server.key:ro")
web_envs['CONCOURSE_TLS_KEY'] = '/root/server.key'
end
-# merge environment hash
-force_override_config_srvs['concourse-web']['environment'] = web_envs unless web_envs.empty?
-# reset vlumes array.
-override_config_srvs['concourse-web']['volumes'] = web_vols unless web_vols.empty?
-
# Worker
worker_vols = config_srvs['concourse-worker']['volumes'].to_a
worker_vols.push("#{node['concourse-ci']['docker-compose']['worker_keys_dir']}:/concourse-keys")
+
+# Common
+if node['concourse-ci']['docker-compose']['import_ca']
+ ::Chef::Recipe.send(:include, SSLCert::Helper)
+
+ node['concourse-ci']['ssl_cert']['ca_names'].each {|ca_name|
+ append_ca_name(ca_name)
+ ca_cert_vol = "#{ca_cert_path(ca_name)}:/usr/share/ca-certificates/#{ca_name}.crt:ro"
+ web_vols.push(ca_cert_vol)
+ worker_vols.push(ca_cert_vol)
+ }
+ include_recipe 'ssl_cert::ca_certs'
+
+ import_ca_script = '/usr/local/bin/concourse_import_ca'
+ template "#{bin_dir}/concourse_import_ca" do
+ source 'opt/docker-compose/app/concourse/bin/concourse_import_ca'
+ owner 'root'
+ group 'root'
+ mode '0755'
+ action :create
+ end
+ import_ca_script_vol = "#{bin_dir}/concourse_import_ca:#{import_ca_script}:ro"
+ web_vols.push(import_ca_script_vol)
+ worker_vols.push(import_ca_script_vol)
+
+ image_entrypoint = node['concourse-ci']['docker-image']['entrypoint']
+ override_config_srvs['concourse-web']['entrypoint'] \
+ = "/bin/sh -c \"#{import_ca_script} && #{image_entrypoint} web\""
+ override_config_srvs['concourse-worker']['entrypoint'] \
+ = "/bin/sh -c \"#{import_ca_script} && #{image_entrypoint} worker\""
+ if config_format_version.to_i == 2
+ node.rm('concourse-ci', 'docker-compose', 'config', 'services', 'concourse-web', 'command')
+ node.rm('concourse-ci', 'docker-compose', 'config', 'services', 'concourse-worker', 'command')
+ else
+ node.rm('concourse-ci', 'docker-compose', 'config', 'concourse-web', 'command')
+ node.rm('concourse-ci', 'docker-compose', 'config', 'concourse-worker', 'command')
+ end
+end
+
+# merge environment hash
+force_override_config_srvs['concourse-web']['environment'] = web_envs unless web_envs.empty?
# reset vlumes array.
+override_config_srvs['concourse-web']['volumes'] = web_vols unless web_vols.empty?
override_config_srvs['concourse-worker']['volumes'] = worker_vols unless worker_vols.empty?
template env_file do
variables(
# secrets
db_passwd: db_passwd,
+ encryption_key: encryption_key,
basic_auth_passwd: basic_auth_passwd,
oauth_client_id: oauth_client_id,
oauth_client_secret: oauth_client_secret
mode '0600'
end
+template "#{bin_dir}/fly_prune_workers_main" do
+ source 'opt/docker-compose/app/concourse/bin/fly_prune_workers_main'
+ owner 'root'
+ group 'root'
+ mode '0755'
+ action :create
+ variables(
+ external_url: external_url
+ )
+end
+
log <<-"EOM"
Note: You must execute the following command manually.
See #{doc_url}
- - Start:
+ * Start:
$ cd #{app_dir}
- $ ./bin/concourse_up
- - Stop
+ $ sudo docker-compose up
+ * Stop
$ sudo docker-compose down
EOM