# screwdriver CHANGELOG
+0.7.0
+-----
+- fix MySQL data directory's group owner.
+- add secrets generator for DB and Object Storage setup.
+- add `SECRET_HASHING_PASSWORD` env. variable support.
+- add `['screwdriver']['docker-compose']['network_mode_bridge']` attribute.
+
0.6.0
-----
- adds Minio support.
|`['screwdriver']['jwt_public_key_vault_item']`|Hash|Optional, Sets a JWT public key from Chef Vault. See `attributes/default.rb`|`{}`|
|`['screwdriver']['cookie_password_vault_item']`|Hash|Optional, Sets a session cookie password from Chef Vault. See `attributes/default.rb`|`{}`|
|`['screwdriver']['password_vault_item']`|Hash|Optional, Sets a password for secrets encryption from Chef Vault. See `attributes/default.rb`|`{}`|
+|`['screwdriver']['hashing_password_vault_item']`|Hash|Optional, Sets a hashing password for user/pipeline access tokens from Chef Vault. See `attributes/default.rb`|`{}`|
|`['screwdriver']['db_username_vault_item']`|Hash|Optional, Sets a database username from Chef Vault. See `attributes/default.rb`|`{}`|
|`['screwdriver']['db_password_vault_item']`|Hash|Optional, Sets a database password from Chef Vault. See `attributes/default.rb`|`{}`|
|`['screwdriver']['db_root_password_vault_item']`|Hash|Optional, Sets a database password for the root user from Chef Vault. See `attributes/default.rb`|`{}`|
|`['screwdriver']['docker-compose']['config_dir']`|String|Path string.|`"#{node['screwdriver']['docker-compose']['app_dir']}/config"`|
|`['screwdriver']['docker-compose']['data_dir']`|String|Path string.|`"#{node['screwdriver']['docker-compose']['app_dir']}/data"`|
|`['screwdriver']['docker-compose']['etc_dir']`|String|Path string.|`"#{node['screwdriver']['docker-compose']['app_dir']}/etc"`|
+|`['screwdriver']['docker-compose']['network_mode_bridge']`|Boolean|If this attribute is `true`, all services are connected to the default bridge network (docker0).|`false`|
|`['screwdriver']['docker-compose']['jwt_private_key_reset']`|Boolean|Only available if the JWT key pair is automatically generated by Chef.|`false`|
|`['screwdriver']['docker-compose']['jwt_private_key_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['jwt_private_key_vault_item']`. Optional, Sets a JWT private key from Chef Vault. See `attributes/default.rb`|`{}`|
|`['screwdriver']['docker-compose']['jwt_public_key_vault_item']`|Hash|**DEPRECATED**: use `['screwdriver']['jwt_public_key_vault_item']`. Optional, Sets a JWT public key from Chef Vault. See `attributes/default.rb`|`{}`|
store_port = '9002'
run_list(
+ # see https://osdn.net/projects/metasearch/scm/git/grid-chef-repo/blobs/master/roles/docker-new-repo.rb
'role[docker]',
'recipe[screwdriver::docker-compose]',
)
'launchVersion' => 'stable',
},
},
+ # TODO: implement default settings
+ 'queue' => {
+ 'enabled' => 'false', # EXECUTOR_QUEUE_ENABLED
+ 'options' => {
+ # Configuration of the redis instance containing resque
+ 'redisConnection' => {
+ 'host' => 'QUEUE_REDIS_HOST',
+ 'port' => 'QUEUE_REDIS_PORT',
+ 'options' => {
+ 'password' => 'QUEUE_REDIS_PASSWORD',
+ 'tls' => 'QUEUE_REDIS_TLS_ENABLED',
+ },
+ 'database' => 'QUEUE_REDIS_DATABASE',
+ },
+ },
+ },
=end
},
'scms' => {
default['screwdriver']['docker-compose']['config_dir'] = "#{node['screwdriver']['docker-compose']['app_dir']}/config"
default['screwdriver']['docker-compose']['data_dir'] = "#{node['screwdriver']['docker-compose']['app_dir']}/data"
default['screwdriver']['docker-compose']['etc_dir'] = "#{node['screwdriver']['docker-compose']['app_dir']}/etc"
+default['screwdriver']['docker-compose']['network_mode_bridge'] = false
default['screwdriver']['docker-compose']['jwt_private_key_reset'] = false
# **DEPRECATED**: use ['screwdriver']['(jwt|cookie|password)_*_vault_item'] attributes.
}
EOS
=end
+ 'EXECUTOR_QUEUE_ENABLED' => 'false',
+ #'QUEUE_REDIS_HOST' => 'queue',
+ # TODO:
+ #'QUEUE_REDIS_PORT' => '',
+ #'QUEUE_REDIS_PASSWORD' => '${REDIS_PASSWORD}'
+ #'QUEUE_REDIS_TLS_ENABLED' => '',
+ #'QUEUE_REDIS_DATABASE' => '',
=begin
# SCM settings
# **DEPRECATED**: Please use the above `['screwdriver']['api']['config']['scms']` attribute
}
end
+executor_queue_enabled = config_srvs['api']['environment']['EXECUTOR_QUEUE_ENABLED'] == 'true' ? true : false
+if executor_queue_enabled
+ version_2_config['services']['queue'] = {
+ 'image' => 'redis:4',
+ 'volumes' => [
+ # This variable will be set by the screwdriver::docker-compose recipe automatically.
+ # TODO:
+ ],
+ 'environment' => {
+ # These variables will be set by the screwdriver::docker-compose recipe automatically.
+ # TODO:
+ },
+ }
+end
+
# S3 compatible server
case node['screwdriver']['store']['backend']
when 'minio'
}
end
+if node['screwdriver']['docker-compose']['network_mode_bridge']
+ version_2_config['services'].each_value {|srv_config|
+ srv_config['network_mode'] = 'bridge'
+ }
+end
+
default['screwdriver']['docker-compose']['config'] = version_2_config
api_envs_org = config_srvs['api']['environment']
api_envs = {}
api_vols = config_srvs['api']['volumes'].to_a
+api_links = []
api_port = '9001' # default
api_in_port = api_envs_org['PORT']
api_vols.push("#{data_dir}:/sd-data:rw")
api_envs['DATASTORE_SEQUELIZE_STORAGE'] = '/sd-data/storage.db'
when 'mysql', 'postgres'
- override_config_srvs['api']['links'] = ['db']
+ api_links.push('db')
api_envs['DATASTORE_SEQUELIZE_HOST'] = 'db'
end
end
end
+# queue
+executor_queue_enabled = api_envs_org['EXECUTOR_QUEUE_ENABLED'] == 'true' ? true : false
+if executor_queue_enabled
+ queue_envs = {}
+ queue_vols = config_srvs['queue']['volumes'].to_a
+
+ api_links.push('queue')
+ api_envs['QUEUE_REDIS_HOST'] = 'queue'
+ # TODO: set up env. vars.
+ # QUEUE_REDIS_PORT
+ # QUEUE_REDIS_PASSWORD
+ # QUEUE_REDIS_TLS_ENABLED
+ # QUEUE_REDIS_DATABASE
+end
+
+override_config_srvs['api']['links'] = api_links unless api_links.empty?
+
# ui
#ui_envs_org = config_srvs['ui']['environment']
ui_envs = {}
store_envs_org = config_srvs['store']['environment']
store_envs = {}
store_vols = config_srvs['store']['volumes'].to_a
+store_links = []
store_port = '9002' # default
store_in_port = store_envs_org['PORT']
# S3 compatible server
if !store_backend.nil? && !store_backend.empty?
- override_config_srvs['store']['links'] = ['screwdriver.s3']
+ store_links.push('screwdriver.s3')
store_envs['STRATEGY'] = 's3'
store_envs['S3_BUCKET'] = 'screwdriver'
end
end
+override_config_srvs['store']['links'] = store_links unless store_links.empty?
+
override_store_config['auth']['jwtPublicKey'] = jwt_public_key
# Note: prevent Chef from logging JWT key attribute value. (=> template variables)
# However Docker env file format does not support multi-line value and backslash escaped string yet.
srv_vols.push("#{local_yaml_file}:/config/local.yaml:ro")
}
-# merge environment hash
+# merge environment hash and reset volumes array.
force_override_config_srvs['api']['environment'] = api_envs unless api_envs.empty?
-force_override_config_srvs['ui']['environment'] = ui_envs unless ui_envs.empty?
-force_override_config_srvs['store']['environment'] = store_envs unless store_envs.empty?
-if db_dialect != 'sqlite'
- force_override_config_srvs['db']['environment'] = db_envs unless db_envs.empty?
-end
-if !store_backend.nil? && !store_backend.empty?
- force_override_config_srvs['screwdriver.s3']['environment'] = s3_envs unless s3_envs.empty?
-end
-# reset vlumes array.
override_config_srvs['api']['volumes'] = api_vols unless api_vols.empty?
+force_override_config_srvs['ui']['environment'] = ui_envs unless ui_envs.empty?
override_config_srvs['ui']['volumes'] = ui_vols unless ui_vols.empty?
+force_override_config_srvs['store']['environment'] = store_envs unless store_envs.empty?
override_config_srvs['store']['volumes'] = store_vols unless store_vols.empty?
if db_dialect != 'sqlite'
+ force_override_config_srvs['db']['environment'] = db_envs unless db_envs.empty?
override_config_srvs['db']['volumes'] = db_vols unless db_vols.empty?
end
+if executor_queue_enabled
+ force_override_config_srvs['queue']['environment'] = queue_envs unless queue_envs.empty?
+ override_config_srvs['queue']['volumes'] = queue_vols unless queue_vols.empty?
+end
if !store_backend.nil? && !store_backend.empty?
+ force_override_config_srvs['screwdriver.s3']['environment'] = s3_envs unless s3_envs.empty?
override_config_srvs['screwdriver.s3']['volumes'] = s3_vols unless s3_vols.empty?
end
},
},
'docker-compose' => {
+ 'network_mode_bridge' => false,
'config' => {
'services' => {
'api' => {
#'image' => 'screwdrivercd/screwdriver:latest',
- #'network_mode' => 'bridge',
'ports' => [
#"#{api_port}:80",
],
},
'ui' => {
#'image' => 'screwdrivercd/ui:latest',
- #'network_mode' => 'bridge',
'ports' => [
#"#{ui_port}:80",
],
},
'store' => {
#'image' => 'screwdrivercd/store:latest',
- #'network_mode' => 'bridge',
'ports' => [
#"#{store_port}:80",
],
},
},
'db' => {
- #'network_mode' => 'bridge',
},
'screwdriver.s3' => {
- #'network_mode' => 'bridge',
},
},
},
#'ECOSYSTEM_UI' => "http://#{node['fqdn']}:#{ui_port}",
#'ECOSYSTEM_STORE' => "http://#{node['fqdn']}:#{store_port}",
'DATASTORE_SEQUELIZE_DIALECT' => 'mysql', # or 'postgres'
+ 'EXECUTOR_QUEUE_ENABLED' => 'false',
},
},
'ui' => {
},
},
'docker-compose' => {
+ 'network_mode_bridge' => false,
'config' => {
'services' => {
'api' => {
#'image' => 'screwdrivercd/screwdriver:latest',
- #'network_mode' => 'bridge',
'ports' => [
#"#{api_port}:80",
],
},
'ui' => {
#'image' => 'screwdrivercd/ui:latest',
- #'network_mode' => 'bridge',
'ports' => [
#"#{ui_port}:80",
],
},
'store' => {
#'image' => 'screwdrivercd/store:latest',
- #'network_mode' => 'bridge',
'ports' => [
#"#{store_port}:80",
],