=begin
'vault' => 'screwdriver',
'name' => 'jwt_private_key',
- # single password or nested hash password path delimited by slash
+ # single secret or nested hash secret path delimited by slash
'env_context' => false,
- 'key' => 'private', # real hash path: "/password"
- # or nested hash password path delimited by slash
+ 'key' => 'private', # real hash path: "/private"
+ # or nested hash secret path delimited by slash
#'env_context' => true,
#'key' => 'hash/path/to/private', # real hash path: "/#{node.chef_environment}/hash/path/to/private"
=end
=begin
'vault' => 'screwdriver',
'name' => 'jwt_public_key',
- # single password or nested hash password path delimited by slash
+ # single secret or nested hash secret path delimited by slash
'env_context' => false,
- 'key' => 'public', # real hash path: "/password"
- # or nested hash password path delimited by slash
+ 'key' => 'public', # real hash path: "/public"
+ # or nested hash secret path delimited by slash
#'env_context' => true,
#'key' => 'hash/path/to/public', # real hash path: "/#{node.chef_environment}/hash/path/to/public"
=end
# single usernaem or nested hash username path delimited by slash
'env_context' => false,
'key' => 'username', # real hash path: "/username"
- # or nested hash password path delimited by slash
+ # or nested hash username path delimited by slash
#'env_context' => true,
#'key' => 'hash/path/to/username', # real hash path: "/#{node.chef_environment}/hash/path/to/username"
=end
#'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
=end
}
+default['screwdriver']['s3_access_key_id_vault_item'] = {
+=begin
+ 'vault' => 'screwdriver',
+ 'name' => 's3_access_key',
+ # single key id or nested hash key id path delimited by slash
+ 'env_context' => false,
+ 'key' => 'kid', # real hash path: "/kid"
+ # or nested hash key id path delimited by slash
+ #'env_context' => true,
+ #'key' => 'hash/path/to/kid', # real hash path: "/#{node.chef_environment}/hash/path/to/kid"
+=end
+}
+default['screwdriver']['s3_access_key_secret_vault_item'] = {
+=begin
+ 'vault' => 'screwdriver',
+ 'name' => 's3_access_key',
+ # single secret or nested hash secret path delimited by slash
+ 'env_context' => false,
+ 'key' => 'secret', # real hash path: "/secret"
+ # or nested hash secret path delimited by slash
+ #'env_context' => true,
+ #'key' => 'hash/path/to/secret', # real hash path: "/#{node.chef_environment}/hash/path/to/secret"
+=end
+}
force_override['screwdriver']['ui']['tls_setup_mode'] = 'reverseproxy'
# These hash objects are expanded to a `/config/local.yaml` file in each Docker container.
=end
}
+default['screwdriver']['store']['backend'] = nil # or 'minio'
default['screwdriver']['store']['config'] = {
'auth' => {},
'httpd' => {
'tls' => false,
},
+=begin
+ # for Minio
+ 'strategy' => {
+ 'plugin' => 's3',
+ 's3' => {
+ 'accessKeyId' => '',
+ 'secretAccessKey' => '****************************************',
+ 'region' => 'us-east-1',
+ 'bucket' => 'screwdriver',
+ 'endpoint' => 'http://s3:9000/screwdriver',
+ 'signatureVersion' => 'v4',
+ },
+ },
+=end
}
# Useless?!
'PORT' => '80',
'URI' => "http://#{cn}:9002",
#'URI' => "http://#{node['ipaddress']}:9002", # unrecommended
- #'STRATEGY' => 'memory',
- # This variable will be set by the screwdriver::docker-compose recipe automatically.
+ # These variables will be set by the screwdriver::docker-compose recipe automatically.
#'ECOSYSTEM_UI' => "http://#{cn}:9000", # Better
#'ECOSYSTEM_UI' => "http://#{node['ipaddress']}:9000",
#'ECOSYSTEM_UI' => 'http://ui', # NG for an access from a client.
+ #'STRATEGY' => 'memory', # default
+ # * AWS S3
+ #'STRATEGY' => 's3',
+ # If node['screwdriver']['s3_access_key_{id,secret}_vault_item'] is set,
+ # these 2 variables will be set by the screwdriver::docker-compose recipe automatically.
+ #'S3_ACCESS_KEY_ID' => '${S3_ACCESS_KEY_ID}',
+ #'S3_ACCESS_KEY_SECRET' => '${S3_ACCESS_KEY_SECRET}',
+ #'S3_REGION' => 'us-east-1',
+ #'S3_BUCKET' => 'screwdriver',
+ # * Minio
+ # If node['screwdriver']['store']['backend'] is 'minio',
+ # these variables will be set by the screwdriver::docker-compose recipe automatically.
+ #'STRATEGY' => 's3',
+ #'S3_ACCESS_KEY_ID' => '${S3_ACCESS_KEY_ID}',
+ #'S3_ACCESS_KEY_SECRET' => '${S3_ACCESS_KEY_SECRET}',
+ #'S3_REGION' => 'us-east-1',
+ #'S3_BUCKET' => 'screwdriver',
+ #'S3_ENDPOINT' => 'http://s3:9000/screwdriver', # tricky!! setting for the S3 virtual hosting style.
+ #'S3_SIG_VER' => 'v4',
},
+ # for S3 compatible server
+ #'links' => [
+ # 'screwdriver.s3',
+ #],
},
},
}
}
end
+# S3 compatible server
+case node['screwdriver']['store']['backend']
+when 'minio'
+ version_2_config['services']['screwdriver.s3'] = {
+ 'image' => 'minio/minio',
+ 'ports' => [
+ #'9010:9000', # default
+ ],
+ 'command' => 'server /export',
+ 'volumes' => [
+ # This variable will be set by the screwdriver::docker-compose recipe automatically.
+ #"#{node['screwdriver']['docker-compose']['data_dir']}//minio:/export:rw",
+ ],
+ 'environment' => {
+ # These variables will be set by the screwdriver::docker-compose recipe automatically.
+ #'MINIO_ACCESS_KEY' => '${S3_ACCESS_KEY_ID}',
+ #'MINIO_SECRET_KEY' => '${S3_ACCESS_KEY_SECRET}',
+ },
+ }
+end
+
default['screwdriver']['docker-compose']['config'] = version_2_config