Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

concourse-ci (21) Versions 0.2.2

Installs/Configures Concourse CI by Docker Compose

Policyfile
Berkshelf
Knife
cookbook 'concourse-ci', '= 0.2.2', :supermarket
cookbook 'concourse-ci', '= 0.2.2'
knife supermarket install concourse-ci
knife supermarket download concourse-ci
README
Dependencies
Changelog
Quality 43%

concourse-ci Cookbook

This cookbook sets up a Concourse CI service by Docker Compose.

Contents

Requirements

platforms

  • none.

packages

  • none.

cookbooks

  • docker-grid
  • ssl_cert

Attributes

Key Type Description, example Default
['concourse-ci']['fly']['version'] String '3.3.4'
['concourse-ci']['fly']['release_url'] String "https://github.com/concourse/concourse/releases/download/v#{node['concourse-ci']['fly']['version']}/fly_linux_amd64"
['concourse-ci']['fly']['release_checksum'] String nil
['concourse-ci']['fly']['auto_upgrade'] Boolean false
['concourse-ci']['fly']['install_path'] String '/usr/local/bin/fly'
['concourse-ci']['with_ssl_cert_cookbook'] Boolean See attributes/default.rb false
['concourse-ci']['ssl_cert']['ca_names'] Array Internal CA names that are imported by the ssl_cert cookbook. []
['concourse-ci']['ssl_cert']['common_name'] String Server common name for TLS node['fqdn']
['concourse-ci']['docker-image']['entrypoint'] String Concourse Docker image's entrypoint setting to import an internal CA certificate. '/usr/local/bin/dumb-init /usr/local/bin/concourse'
['concourse-ci']['docker-compose']['import_ca'] Boolean whether import internal CA certificates or not. false
['concourse-ci']['docker-compose']['app_dir'] String "#{node['docker-grid']['compose']['app_dir']}/concourse"
['concourse-ci']['docker-compose']['pgdata_dir'] String Path string or nil (unset). "#{node['concourse-ci']['docker-compose']['app_dir']}/database"
['concourse-ci']['docker-compose']['web_keys_dir'] String Path string. "#{node['concourse-ci']['docker-compose']['app_dir']}/keys/web"
['concourse-ci']['docker-compose']['worker_keys_dir'] String Path string. "#{node['concourse-ci']['docker-compose']['app_dir']}/keys/worker"
['concourse-ci']['docker-compose']['pgdata_dir'] String Path string or nil (unset, non-persistent). "#{node['concourse-ci']['docker-compose']['app_dir']}/database"
['concourse-ci']['docker-compose']['db_password_reset'] String Only available if the password is automatically generated by Chef. false
['concourse-ci']['docker-compose']['db_password_vault_item'] Hash See attributes/default.rb {}
['concourse-ci']['docker-compose']['web_encryption_key_vault_item'] Hash See attributes/default.rb {}
['concourse-ci']['docker-compose']['web_password_reset'] String Only available if the password is automatically generated by Chef. false
['concourse-ci']['docker-compose']['web_password_vault_item'] Hash See attributes/default.rb {}
['concourse-ci']['docker-compose']['web_oauth_client_id_vault_item'] Hash See attributes/default.rb {}
['concourse-ci']['docker-compose']['web_oauth_client_secret_vault_item'] Hash See attributes/default.rb {}
['concourse-ci']['docker-compose']['ssh_keys_reset'] String Resets all SSH keys forcely. false
['concourse-ci']['docker-compose']['config_format_version'] String Read only. docker-compose.yml format version. Only version 1 is supported now. '1'
['concourse-ci']['docker-compose']['config'] Hash docker-compose.yml configurations. See attributes/default.rb

Usage

Recipes

concourse-ci::default

This recipe does nothing.

concourse-ci::fly

This recipe installs the fly CLI and the fly_prune_workers command.

concourse-ci::docker-compose

This recipe generates SSH keys of each node and a docker-compose.yml file for the Concourse CI service.

Role Examples

  • roles/concourse.rb
name 'concourse'
description 'Concourse'

run_list(
  'role[docker]',
  'recipe[concourse-ci::docker-compose]',
)

image = 'concourse/concourse:latest'
port = '18080'

override_attributes(
  'concourse-ci' => {
    'docker-compose' => {
      'config' => {
        # Version 1 docker-compose format
        'concourse-web' => {
          'image' => image,
          'ports' => [
            "#{port}:8080",
          ],
          #'volumes' => [
          #  # These volumes will be set by the concourse-ci::docker-compose recipe automatically.
          #  #"#{node['concourse-ci']['docker-compose']['web_keys_dir']}:/concourse-keys",
          #],
          'environment' => {
            'CONCOURSE_EXTERNAL_URL' => "http://192.168.1.3:#{port}",
            #'CONCOURSE_RESOURCE_CHECKING_INTERVAL' => '1m',  # default
          },
        },
        'concourse-worker' => {
          'image' => image,
          #'volumes' => [
          #  # These volumes will be set by the concourse-ci::docker-compose recipe automatically.
          #  #"#{node['concourse-ci']['docker-compose']['worker_keys_dir']}:/concourse-keys",
          #],
        },
      },
    },
  },
)
  • roles/concourse-with-ssl.rb
name 'concourse-with-ssl'
description 'Concourse with SSL'

run_list(
  #'recipe[ssl_cert::server_key_pairs]',  # concourse-ci <= 0.2.1
  'role[docker]',
  'recipe[concourse-ci::docker-compose]',
)

image = 'concourse/concourse:2.6.0'
port = '18443'
cn = 'concourse.io.example.com'

override_attributes(
  'ssl_cert' => {
    'common_names' => [
      cn,
    ],
  },
  'concourse-ci' => {
    'with_ssl_cert_cookbook' => true,
    'ssl_cert' => {
      'common_name' => cn,
    },
    'docker-compose' => {
      'config' => {
        # Version 1 docker-compose format
        'concourse-web' => {
          'image' => image,
          'ports' => [
            "#{port}:8443",
          ],
          'environment' => {
            'CONCOURSE_EXTERNAL_URL' => "https://192.168.1.3:#{port}",
            'CONCOURSE_TLS_BIND_PORT' => '8443',  # activate HTTPS
            # These environments will be set by the concourse-ci::docker-compose recipe automatically.
            #'CONCOURSE_TLS_CERT' => '/root/server.crt',
            #'CONCOURSE_TLS_KEY' => '/root/server.key',
          },
          #'volumes' => [
          #  # These volumes will be set by the concourse-ci::docker-compose recipe automatically.
          #  #"#{node['concourse-ci']['docker-compose']['web_keys_dir']}:/concourse-keys",
          #  #"#{server_cert_path(node['concourse-ci']['ssl_cert']['common_name'])}:/root/server.crt:ro",
          #  #"#{server_key_path(node['concourse-ci']['ssl_cert']['common_name'])}:/root/server.key:ro",
          #],
        },
        'concourse-worker' => {
          'image' => image,
          #'volumes' => [
          #  # These volumes will be set by the concourse-ci::docker-compose recipe automatically.
          #  #"#{node['concourse-ci']['docker-compose']['worker_keys_dir']}:/concourse-keys",
          #],
        },
      },
    },
  },
)
  • roles/concourse-with-oauth.rb
name 'concourse-with-oauth'
description 'Concourse with OAuth'

run_list(
  #'recipe[ssl_cert::ca_certs]',  # concourse-ci <= 0.2.1
  'recipe[ssl_cert::server_key_pairs]',
  'role[docker]',
  'recipe[concourse-ci::docker-compose]',
)

image = 'concourse/concourse:latest'
port = '18443'
ca_name = 'grid_ca'
cn = 'concourse.io.example.com'
gitlab_cn = 'gitlab.io.example.com'

override_attributes(
  'ssl_cert' => {
    'ca_names' => [
      ca_name,
    ],
    'common_names' => [
      cn,
    ],
  },
  'concourse-ci' => {
    'with_ssl_cert_cookbook' => true,
    'ssl_cert' => {
      'ca_names' => [
        ca_name,
      ],
      'common_name' => cn,
    },
    'docker-compose' => {
      'import_ca' => true,
      'web_oauth_client_id_vault_item' => {
        'vault' => 'concourse',
        'name' => 'web_oauth_client_id',
        'env_context' => false,
        'key' => 'cid',
      },
      'web_oauth_client_secret_vault_item' => {
        'vault' => 'concourse',
        'name' => 'web_oauth_client_secret',
        'env_context' => false,
        'key' => 'secret',
      },
      'config' => {
        # Version 1 docker-compose format
        'concourse-web' => {
          'ports' => [
            #'4080:8080',
            "#{port}:8443",
          ],
          'environment' => {
            'CONCOURSE_TLS_BIND_PORT' => '8443',
            'CONCOURSE_EXTERNAL_URL' => "https://#{cn}:#{port}",
            # OAuth for the default `main`` team
            'CONCOURSE_GENERIC_OAUTH_DISPLAY_NAME' => 'GitLab',
            # The following 2 variables are set automatically,
            # if the ['concourse-ci']['docker-compose']['web_oauth_client_(id|secret)_vault_item'] attributes are specified.
            #'CONCOURSE_GENERIC_OAUTH_CLIENT_ID' => '${CONCOURSE_GENERIC_OAUTH_CLIENT_ID}',
            #'CONCOURSE_GENERIC_OAUTH_CLIENT_SECRET' => '${CONCOURSE_GENERIC_OAUTH_CLIENT_SECRET}',
            'CONCOURSE_GENERIC_OAUTH_AUTH_URL' => "https://#{gitlab_cn}/oauth/authorize",
            'CONCOURSE_GENERIC_OAUTH_TOKEN_URL' => "https://#{gitlab_cn}/oauth/token",
          },
        },
      },
    },
  },
)

SSL server keys and certificates management by ssl_cert cookbook

  • create vault items.
$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("concourse.io.example.com.prod.key")})' \
> > ~/tmp/concourse.io.example.com.prod.key.json

$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("concourse.io.example.com.prod.crt")})' \
> > ~/tmp/concourse.io.example.com.prod.crt.json

$ cd $CHEF_REPO_PATH

$ knife vault create ssl_server_keys concourse.io.example.com.prod \
> --json ~/tmp/concourse.io.example.com.prod.key.json

$ knife vault create ssl_server_certs concourse.io.example.com.prod \
> --json ~/tmp/concourse.io.example.com.prod.crt.json
  • grant reference permission to the Concourse host
$ knife vault update ssl_server_keys  concourse.io.example.com.prod -S 'name:concourse-host.example.com'
$ knife vault update ssl_server_certs concourse.io.example.com.prod -S 'name:concourse-host.example.com'
  • modify run_list and attributes
run_list(
  #'recipe[ssl_cert::server_key_pairs]',  # concourse-ci <= 0.2.1
  'recipe[concourse-ci::docker-compose]',
)

override_attributes(
  'ssl_cert' => {
    'common_names' => [
      'concourse.io.example.com',
    ],
  },
  'concourse-ci' => {
    'with_ssl_cert_cookbook' => true,
    'ssl_cert' => {
      'common_name' => 'concourse.io.example.com',
    },
    # ...
  },
)

Encryption key management by Chef Vault

  • create vault items.
# a 16 or 32-byte random character sequence.
$ cat ~/tmp/concourse_ekey.json
{"ekey":"********************************"}

$ knife vault create concourse web_encryption_key --json ~/tmp/concourse_ekey.json
  • grant reference permission to the Concourse host
$ knife vault update concourse web_encryption_key -S 'name:concourse-host.example.com'
  • modify attributes
override_attributes(
  'concourse-ci' => {
    # ...
    'docker-compose' => {
      'web_encryption_key_vault_item' => {
        'vault' => 'concourse',
        'name' => 'web_encryption_key',
        'env_context' => false,
        'key' => 'ekey',
      },
      # ...
    },
  },
)

OAuth client ID and secret management by Chef Vault

  • create vault items.
$ cat ~/tmp/concourse_oauth_client_id.json
{"cid":"***************************************************************"}
$ cat ~/tmp/concourse_oauth_client_secret.json
{"secret":"***************************************************************"}

$ knife vault create concourse web_oauth_client_id --json ~/tmp/concourse_oauth_client_id.json
$ knife vault create concourse web_oauth_client_secret --json ~/tmp/concourse_oauth_client_secret.json
  • grant reference permission to the Concourse host
$ knife vault update concourse web_oauth_client_id -S 'name:concourse-host.example.com'
$ knife vault update concourse web_oauth_client_secret -S 'name:concourse-host.example.com'
  • modify attributes
override_attributes(
  'concourse-ci' => {
    # ...
    'docker-compose' => {
      'web_oauth_client_id_vault_item' => {
        'vault' => 'concourse',
        'name' => 'web_oauth_client_id',
        'env_context' => false,
        'key' => 'cid',
      },
      'web_oauth_client_secret_vault_item' => {
        'vault' => 'concourse',
        'name' => 'web_oauth_client_secret',
        'env_context' => false,
        'key' => 'secret',
      },
      # ...
    },
  },
)

License and Authors

  • Author:: whitestar at osdn.jp
Copyright 2017, whitestar

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

docker-grid >= 0.2.7
platform_utils >= 0.4.3
ssl_cert >= 0.3.7

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

concourse-ci CHANGELOG

0.2.2

  • includes the ssl_cert::server_key_pairs and ssl_cert::ca_certs recipes automatically.

0.2.1

  • refactoring.

0.2.0

0.1.9

  • improves CA certificates import feature.
  • refactoring.

0.1.8

  • adds the fly_prune_workers command.

0.1.7

  • improves CA certificates import feature.
  • adds the ['concourse-ci']['docker-image']['entrypoint'] attribute.

0.1.6

  • adds CA certificates import feature.
  • adds the ['concourse-ci']['docker-compose']['web_oauth_client_(id|secret)_vault_item'] attributes.

0.1.5

  • adds the concourse-ci::fly recipe.

0.1.4

  • Bug fix: SSH keys directory volume mount configurations.

0.1.3

  • moves secrets from the docker-compose.yml file to the .env file.

0.1.2

  • ensures Kernel user namespace activation.

0.1.1

  • adds SSL configurations.
  • improves passwords management.
  • adds the ['concourse-ci']['docker-compose']['(db|web)_password_reset'] attributes.
  • adds the ['concourse-ci']['docker-compose']['ssh_keys_reset'] attribute.

0.1.0

  • Initial release of concourse-ci

Collaborator Number Metric
            

0.2.2 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.2.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

0.2.2 passed this metric

License Metric
            

0.2.2 passed this metric

No Binaries Metric
            

0.2.2 passed this metric

Testing File Metric
            

0.2.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.2.2 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number