|Key|Type|Description, example|Default|
|:--|:--|:--|:--|
-|`['concourse-ci']['fly']['version']`|String||`'2.7.0'`|
+|`['concourse-ci']['fly']['version']`|String||`'3.3.4'`|
|`['concourse-ci']['fly']['release_url']`|String||`"https://github.com/concourse/concourse/releases/download/v#{node['concourse-ci']['fly']['version']}/fly_linux_amd64"`|
|`['concourse-ci']['fly']['release_checksum']`|String||`nil`|
|`['concourse-ci']['fly']['auto_upgrade']`|Boolean||`false`|
'recipe[concourse-ci::docker-compose]',
)
-image = 'concourse/concourse:2.7.0'
+image = 'concourse/concourse:latest'
port = '18080'
override_attributes(
description 'Concourse with SSL'
run_list(
- 'recipe[ssl_cert::server_key_pairs]',
+ #'recipe[ssl_cert::server_key_pairs]', # concourse-ci <= 0.2.1
'role[docker]',
'recipe[concourse-ci::docker-compose]',
)
description 'Concourse with OAuth'
run_list(
- 'recipe[ssl_cert::ca_certs]',
+ #'recipe[ssl_cert::ca_certs]', # concourse-ci <= 0.2.1
'recipe[ssl_cert::server_key_pairs]',
'role[docker]',
'recipe[concourse-ci::docker-compose]',
)
-image = 'concourse/concourse:2.7.0'
+image = 'concourse/concourse:latest'
port = '18443'
ca_name = 'grid_ca'
cn = 'concourse.io.example.com'
- create vault items.
```text
-$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("concourse_io_example_com.prod.key")})' \
-> > ~/tmp/concourse_io_example_com.prod.key.json
+$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("concourse.io.example.com.prod.key")})' \
+> > ~/tmp/concourse.io.example.com.prod.key.json
-$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("concourse_io_example_com.prod.crt")})' \
-> > ~/tmp/concourse_io_example_com.prod.crt.json
+$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("concourse.io.example.com.prod.crt")})' \
+> > ~/tmp/concourse.io.example.com.prod.crt.json
$ cd $CHEF_REPO_PATH
$ knife vault create ssl_server_keys concourse.io.example.com.prod \
-> --json ~/tmp/concourse_io_example_com.prod.key.json
+> --json ~/tmp/concourse.io.example.com.prod.key.json
$ knife vault create ssl_server_certs concourse.io.example.com.prod \
-> --json ~/tmp/concourse_io_example_com.prod.crt.json
+> --json ~/tmp/concourse.io.example.com.prod.crt.json
```
- grant reference permission to the Concourse host
```ruby
run_list(
- 'recipe[ssl_cert::server_key_pairs]',
+ #'recipe[ssl_cert::server_key_pairs]', # concourse-ci <= 0.2.1
'recipe[concourse-ci::docker-compose]',
)
---
# $ fly -t target sp -p concourse-ci-cookbook -c concourse.yml -l fly-vars.yml -l ~/sec/credentials-prod.yml
-resource_types:
-- name: ya-git
- type: docker-image
- source:
- repository: whitestar/git-resource
- registry_mirror: https://((registry-mirror-domain))
- ca_certs:
- - domain: ((registry-mirror-domain))
- cert: ((docker-reg-ca-cert))
-
resources:
- name: src-git
- type: ya-git
- #type: git
+ type: git
source:
uri: ((git-id-osdn))@git.osdn.net:/gitroot/metasearch/grid-chef-repo.git
branch: master
check_every: 12h # default: 1m
jobs:
-- name: build-cookbook
+- name: test-cookbook
plan:
- aggregate:
- get: src-git
params:
depth: 5
trigger: false
+ passed: [test-cookbook]
- get: chefdk-cache
+ passed: [test-cookbook]
- task: publish
image: chefdk-cache
params:
tag_prefix: ((cookbook-name))-
tag: src-git/cookbooks/((cookbook-name))/version
only_tag: true
- annotate: src-git/cookbooks/((cookbook-name))/version
- #annotate: # path to a file containing the annotation message.
+ annotate: ../src-git/cookbooks/((cookbook-name))/version
# limitations under the License.
#
-::Chef::Recipe.send(:include, SSLCert::Helper)
-
require 'securerandom'
doc_url = 'https://concourse.ci/docker-repository.html'
end
if node['concourse-ci']['with_ssl_cert_cookbook']
+ include_recipe 'ssl_cert::server_key_pairs'
::Chef::Recipe.send(:include, SSLCert::Helper)
+
cn = node['concourse-ci']['ssl_cert']['common_name']
# Concourse web process owner is root.
web_vols.push("#{server_cert_path(cn)}:/root/server.crt:ro")
# Common
if node['concourse-ci']['docker-compose']['import_ca']
+ include_recipe 'ssl_cert::ca_certs'
::Chef::Recipe.send(:include, SSLCert::Helper)
+
node['concourse-ci']['ssl_cert']['ca_names'].each {|ca_name|
ca_cert_vol = "#{ca_cert_path(ca_name)}:/usr/share/ca-certificates/#{ca_name}.crt:ro"
web_vols.push(ca_cert_vol)