adds Minio support.

[metasearch/grid-chef-repo.git] / cookbooks / screwdriver / README.md

diff --git a/cookbooks/screwdriver/README.md b/cookbooks/screwdriver/README.md
index f2d5833..2550a90 100644 (file)
--- a/cookbooks/screwdriver/README.md
+++ b/cookbooks/screwdriver/README.md
@@ -5,6 +5,7 @@ This cookbook sets up a Screwdriver CI/CD service by Docker Compose.
 
 ## Contents
 
+- [Contents](#contents)
 - [Requirements](#requirements)
     - [platforms](#platforms)
     - [packages](#packages)
@@ -22,6 +23,7 @@ This cookbook sets up a Screwdriver CI/CD service by Docker Compose.
     - [Database username management (for MySQL, PostgreSQL,...) by Chef Vault](#database-username-management-for-mysql-postgresql-by-chef-vault)
     - [Database password management (for MySQL, PostgreSQL,...) by Chef Vault](#database-password-management-for-mysql-postgresql-by-chef-vault)
     - [Database root password management (for MySQL, PostgreSQL,...) by Chef Vault](#database-root-password-management-for-mysql-postgresql-by-chef-vault)
+    - [S3 (compatible) server access key management by Chef Vault](#s3-compatible-server-access-key-management-by-chef-vault)
     - [OAuth client ID, secret and GitHub webhook secret management by Chef Vault](#oauth-client-id-secret-and-github-webhook-secret-management-by-chef-vault)
     - [Note](#note)
         - [Database Initialization](#database-initialization)
@@ -55,9 +57,12 @@ This cookbook sets up a Screwdriver CI/CD service by Docker Compose.
 |`['screwdriver']['db_username_vault_item']`|Hash|Optional, Sets a database username from Chef Vault. See `attributes/default.rb`|`{}`|
 |`['screwdriver']['db_password_vault_item']`|Hash|Optional, Sets a database password from Chef Vault. See `attributes/default.rb`|`{}`|
 |`['screwdriver']['db_root_password_vault_item']`|Hash|Optional, Sets a database password for the root user from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['s3_access_key_id_vault_item']`|Hash|Optional, Sets a S3 access key id from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['s3_access_key_secret_vault_item']`|Hash|Optional, Sets a S3 access key secret from Chef Vault. See `attributes/default.rb`|`{}`|
 |`['screwdriver']['ui']['tls_setup_mode']`|String|`'reverseproxy'` only. Note: [_Add TLS support to UI docker container #377_](https://github.com/screwdriver-cd/screwdriver/issues/377)|`'reverseproxy'`|
 |`['screwdriver']['api']['config']`|Hash|This hash object is expanded to a `/config/local.yaml` file in the API Docker container.|See `attributes/default.rb`|
 |`['screwdriver']['api']['scms_vault_items']`|Hash|This hash contains Chef Vault item definitions of SCM's secrets.|See `attributes/default.rb`|
+|`['screwdriver']['store']['backend']`|String|`nil` (in memory) or `'minio'`.|`nil`|
 |`['screwdriver']['store']['config']`|Hash|This hash object is expanded to a `/config/local.yaml` file in the Store Docker container.|See `attributes/default.rb`|
 |`['screwdriver']['docker-compose']['import_ca']`|Boolean|whether import internal CA certificates or not.|`false`|
 |`['screwdriver']['docker-compose']['app_dir']`|String|Path string.|`"#{node['docker-grid']['compose']['app_dir']}/screwdriver"`|
@@ -589,6 +594,50 @@ override_attributes(
 )
 ```
 
+### S3 (compatible) server access key management by Chef Vault
+
+- create vault items.
+
+```text
+$ cat ~/sec/tmp/screwdriver_s3_access_key.json
+{
+  "kid":"********************",
+  "secret":"****************************************"
+}
+
+$ cd $CHEF_REPO_PATH
+$ knife vault create screwdriver s3_access_key --json ~/sec/tmp/screwdriver_s3_access_key.json
+```
+
+- grant reference permission to the screwdriver host
+
+```text
+$ knife vault update screwdriver s3_access_key -S 'name:screwdriver-host.example.com'
+```
+
+- modify attributes
+
+```ruby
+override_attributes(
+  'screwdriver' => {
+    # ...
+    's3_access_key_id_vault_item' => {
+      'vault' => 'screwdriver',
+      'name' => 's3_access_key',
+      'env_context' => false,
+      'key' => 'kid',
+    },
+    's3_access_key_secret_vault_item' => {
+      'vault' => 'screwdriver',
+      'name' => 's3_access_key',
+      'env_context' => false,
+      'key' => 'secret',
+    },
+    # ...
+  },
+)
+```
+
 ### OAuth client ID, secret and GitHub webhook secret management by Chef Vault
 
 - create vault items.