Grid環境構築用のChefリポジトリです。
Révision | 78d08b025abd8b08a7b185c61fe851d3cf2738f6 (tree) |
---|---|
l'heure | 2017-08-06 16:13:16 |
Auteur | whitestar <whitestar@user...> |
Commiter | whitestar |
includes the ssl_cert::server_key_pairs and ssl_cert::ca_certs recipes automatically.
@@ -1,6 +1,10 @@ | ||
1 | 1 | concourse-ci CHANGELOG |
2 | 2 | ====================== |
3 | 3 | |
4 | +0.2.2 | |
5 | +----- | |
6 | +- includes the `ssl_cert::server_key_pairs` and `ssl_cert::ca_certs` recipes automatically. | |
7 | + | |
4 | 8 | 0.2.1 |
5 | 9 | ----- |
6 | 10 | - refactoring. |
@@ -37,7 +37,7 @@ This cookbook sets up a Concourse CI service by Docker Compose. | ||
37 | 37 | |
38 | 38 | |Key|Type|Description, example|Default| |
39 | 39 | |:--|:--|:--|:--| |
40 | -|`['concourse-ci']['fly']['version']`|String||`'2.7.0'`| | |
40 | +|`['concourse-ci']['fly']['version']`|String||`'3.3.4'`| | |
41 | 41 | |`['concourse-ci']['fly']['release_url']`|String||`"https://github.com/concourse/concourse/releases/download/v#{node['concourse-ci']['fly']['version']}/fly_linux_amd64"`| |
42 | 42 | |`['concourse-ci']['fly']['release_checksum']`|String||`nil`| |
43 | 43 | |`['concourse-ci']['fly']['auto_upgrade']`|Boolean||`false`| |
@@ -92,7 +92,7 @@ run_list( | ||
92 | 92 | 'recipe[concourse-ci::docker-compose]', |
93 | 93 | ) |
94 | 94 | |
95 | -image = 'concourse/concourse:2.7.0' | |
95 | +image = 'concourse/concourse:latest' | |
96 | 96 | port = '18080' |
97 | 97 | |
98 | 98 | override_attributes( |
@@ -134,7 +134,7 @@ name 'concourse-with-ssl' | ||
134 | 134 | description 'Concourse with SSL' |
135 | 135 | |
136 | 136 | run_list( |
137 | - 'recipe[ssl_cert::server_key_pairs]', | |
137 | + #'recipe[ssl_cert::server_key_pairs]', # concourse-ci <= 0.2.1 | |
138 | 138 | 'role[docker]', |
139 | 139 | 'recipe[concourse-ci::docker-compose]', |
140 | 140 | ) |
@@ -196,13 +196,13 @@ name 'concourse-with-oauth' | ||
196 | 196 | description 'Concourse with OAuth' |
197 | 197 | |
198 | 198 | run_list( |
199 | - 'recipe[ssl_cert::ca_certs]', | |
199 | + #'recipe[ssl_cert::ca_certs]', # concourse-ci <= 0.2.1 | |
200 | 200 | 'recipe[ssl_cert::server_key_pairs]', |
201 | 201 | 'role[docker]', |
202 | 202 | 'recipe[concourse-ci::docker-compose]', |
203 | 203 | ) |
204 | 204 | |
205 | -image = 'concourse/concourse:2.7.0' | |
205 | +image = 'concourse/concourse:latest' | |
206 | 206 | port = '18443' |
207 | 207 | ca_name = 'grid_ca' |
208 | 208 | cn = 'concourse.io.example.com' |
@@ -270,19 +270,19 @@ override_attributes( | ||
270 | 270 | - create vault items. |
271 | 271 | |
272 | 272 | ```text |
273 | -$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("concourse_io_example_com.prod.key")})' \ | |
274 | -> > ~/tmp/concourse_io_example_com.prod.key.json | |
273 | +$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("concourse.io.example.com.prod.key")})' \ | |
274 | +> > ~/tmp/concourse.io.example.com.prod.key.json | |
275 | 275 | |
276 | -$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("concourse_io_example_com.prod.crt")})' \ | |
277 | -> > ~/tmp/concourse_io_example_com.prod.crt.json | |
276 | +$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("concourse.io.example.com.prod.crt")})' \ | |
277 | +> > ~/tmp/concourse.io.example.com.prod.crt.json | |
278 | 278 | |
279 | 279 | $ cd $CHEF_REPO_PATH |
280 | 280 | |
281 | 281 | $ knife vault create ssl_server_keys concourse.io.example.com.prod \ |
282 | -> --json ~/tmp/concourse_io_example_com.prod.key.json | |
282 | +> --json ~/tmp/concourse.io.example.com.prod.key.json | |
283 | 283 | |
284 | 284 | $ knife vault create ssl_server_certs concourse.io.example.com.prod \ |
285 | -> --json ~/tmp/concourse_io_example_com.prod.crt.json | |
285 | +> --json ~/tmp/concourse.io.example.com.prod.crt.json | |
286 | 286 | ``` |
287 | 287 | |
288 | 288 | - grant reference permission to the Concourse host |
@@ -296,7 +296,7 @@ $ knife vault update ssl_server_certs concourse.io.example.com.prod -S 'name:con | ||
296 | 296 | |
297 | 297 | ```ruby |
298 | 298 | run_list( |
299 | - 'recipe[ssl_cert::server_key_pairs]', | |
299 | + #'recipe[ssl_cert::server_key_pairs]', # concourse-ci <= 0.2.1 | |
300 | 300 | 'recipe[concourse-ci::docker-compose]', |
301 | 301 | ) |
302 | 302 |
@@ -17,7 +17,7 @@ | ||
17 | 17 | # limitations under the License. |
18 | 18 | # |
19 | 19 | |
20 | -default['concourse-ci']['fly']['version'] = '2.7.0' | |
20 | +default['concourse-ci']['fly']['version'] = '3.3.4' | |
21 | 21 | default['concourse-ci']['fly']['release_url'] = "https://github.com/concourse/concourse/releases/download/v#{node['concourse-ci']['fly']['version']}/fly_linux_amd64" |
22 | 22 | default['concourse-ci']['fly']['release_checksum'] = nil |
23 | 23 | default['concourse-ci']['fly']['auto_upgrade'] = false |
@@ -1,19 +1,8 @@ | ||
1 | 1 | --- |
2 | 2 | # $ fly -t target sp -p concourse-ci-cookbook -c concourse.yml -l fly-vars.yml -l ~/sec/credentials-prod.yml |
3 | -resource_types: | |
4 | -- name: ya-git | |
5 | - type: docker-image | |
6 | - source: | |
7 | - repository: whitestar/git-resource | |
8 | - registry_mirror: https://((registry-mirror-domain)) | |
9 | - ca_certs: | |
10 | - - domain: ((registry-mirror-domain)) | |
11 | - cert: ((docker-reg-ca-cert)) | |
12 | - | |
13 | 3 | resources: |
14 | 4 | - name: src-git |
15 | - type: ya-git | |
16 | - #type: git | |
5 | + type: git | |
17 | 6 | source: |
18 | 7 | uri: ((git-id-osdn))@git.osdn.net:/gitroot/metasearch/grid-chef-repo.git |
19 | 8 | branch: master |
@@ -35,7 +24,7 @@ resources: | ||
35 | 24 | check_every: 12h # default: 1m |
36 | 25 | |
37 | 26 | jobs: |
38 | -- name: build-cookbook | |
27 | +- name: test-cookbook | |
39 | 28 | plan: |
40 | 29 | - aggregate: |
41 | 30 | - get: src-git |
@@ -79,7 +68,9 @@ jobs: | ||
79 | 68 | params: |
80 | 69 | depth: 5 |
81 | 70 | trigger: false |
71 | + passed: [test-cookbook] | |
82 | 72 | - get: chefdk-cache |
73 | + passed: [test-cookbook] | |
83 | 74 | - task: publish |
84 | 75 | image: chefdk-cache |
85 | 76 | params: |
@@ -106,5 +97,4 @@ jobs: | ||
106 | 97 | tag_prefix: ((cookbook-name))- |
107 | 98 | tag: src-git/cookbooks/((cookbook-name))/version |
108 | 99 | only_tag: true |
109 | - annotate: src-git/cookbooks/((cookbook-name))/version | |
110 | - #annotate: # path to a file containing the annotation message. | |
100 | + annotate: ../src-git/cookbooks/((cookbook-name))/version |
@@ -17,8 +17,6 @@ | ||
17 | 17 | # limitations under the License. |
18 | 18 | # |
19 | 19 | |
20 | -::Chef::Recipe.send(:include, SSLCert::Helper) | |
21 | - | |
22 | 20 | require 'securerandom' |
23 | 21 | |
24 | 22 | doc_url = 'https://concourse.ci/docker-repository.html' |
@@ -220,7 +218,9 @@ template "#{bin_dir}/concourse_up" do | ||
220 | 218 | end |
221 | 219 | |
222 | 220 | if node['concourse-ci']['with_ssl_cert_cookbook'] |
221 | + include_recipe 'ssl_cert::server_key_pairs' | |
223 | 222 | ::Chef::Recipe.send(:include, SSLCert::Helper) |
223 | + | |
224 | 224 | cn = node['concourse-ci']['ssl_cert']['common_name'] |
225 | 225 | # Concourse web process owner is root. |
226 | 226 | web_vols.push("#{server_cert_path(cn)}:/root/server.crt:ro") |
@@ -235,7 +235,9 @@ worker_vols.push("#{node['concourse-ci']['docker-compose']['worker_keys_dir']}:/ | ||
235 | 235 | |
236 | 236 | # Common |
237 | 237 | if node['concourse-ci']['docker-compose']['import_ca'] |
238 | + include_recipe 'ssl_cert::ca_certs' | |
238 | 239 | ::Chef::Recipe.send(:include, SSLCert::Helper) |
240 | + | |
239 | 241 | node['concourse-ci']['ssl_cert']['ca_names'].each {|ca_name| |
240 | 242 | ca_cert_vol = "#{ca_cert_path(ca_name)}:/usr/share/ca-certificates/#{ca_name}.crt:ro" |
241 | 243 | web_vols.push(ca_cert_vol) |
@@ -1 +1 @@ | ||
1 | -0.2.1 | |
1 | +0.2.2 |