Grid環境構築用のChefリポジトリです。
Revision | 422b374e68aab6d1a64b626adb56686f200d9e36 (tree) |
---|---|
Zeit | 2017-08-11 18:48:58 |
Autor | whitestar <whitestar@user...> |
Commiter | whitestar |
includes the ssl_cert::server_key_pairs recipe automatically.
@@ -24,8 +24,10 @@ Style/RescueModifier: | ||
24 | 24 | Enabled: false |
25 | 25 | Style/SpaceBeforeFirstArg: |
26 | 26 | Enabled: false |
27 | +Style/SpaceInsideBlockBraces: | |
28 | + Enabled: false | |
27 | 29 | Style/TrailingCommaInLiteral: |
28 | - EnforcedStyleForMultiline: comma | |
30 | + EnforcedStyleForMultiline: consistent_comma | |
29 | 31 | Style/WordArray: |
30 | 32 | Enabled: false |
31 | 33 |
@@ -1,5 +1,9 @@ | ||
1 | 1 | # jenkins-grid CHANGELOG |
2 | 2 | |
3 | +0.2.4 | |
4 | +----- | |
5 | +- includes the `ssl_cert::server_key_pairs` recipe automatically. | |
6 | + | |
3 | 7 | 0.2.3 |
4 | 8 | ----- |
5 | 9 | - adds default ports settings. |
@@ -1,3 +1,4 @@ | ||
1 | 1 | source 'https://rubygems.org' |
2 | 2 | |
3 | -#gem 'foodcritic' | |
3 | +# with Chef DK | |
4 | +gem 'stove' |
@@ -76,7 +76,7 @@ override_attributes( | ||
76 | 76 | 'services' => { |
77 | 77 | 'jenkins' => { |
78 | 78 | 'restart' => 'always', |
79 | - 'image' => 'jenkins:2.19.4', | |
79 | + 'image' => 'jenkins:latest', | |
80 | 80 | 'ports' => [ |
81 | 81 | '8080:8080', |
82 | 82 | '50000:50000', |
@@ -102,7 +102,7 @@ name 'jenkins-with-ssl-cert' | ||
102 | 102 | description 'Jenkins setup with ssl_cert cookbook' |
103 | 103 | |
104 | 104 | run_list( |
105 | - 'recipe[ssl_cert::server_key_pairs]', | |
105 | + #'recipe[ssl_cert::server_key_pairs]', # jenkins-grid <= 0.2.3 | |
106 | 106 | 'role[docker]', |
107 | 107 | 'recipe[jenkins-grid::docker-compose]', |
108 | 108 | ) |
@@ -126,7 +126,7 @@ override_attributes( | ||
126 | 126 | 'services' => { |
127 | 127 | 'jenkins' => { |
128 | 128 | 'restart' => 'always', |
129 | - 'image' => 'jenkins:2.19.4', | |
129 | + 'image' => 'jenkins:latest', | |
130 | 130 | 'expose' => [ |
131 | 131 | '8083', # for https |
132 | 132 | ], |
@@ -161,22 +161,24 @@ override_attributes( | ||
161 | 161 | ) |
162 | 162 | ``` |
163 | 163 | |
164 | -### SSL server keys and certificates management by ssl_cert cookbook | |
164 | +### SSL server keys and certificates management by `ssl_cert` cookbook | |
165 | 165 | |
166 | 166 | - create vault items. |
167 | 167 | |
168 | 168 | ```text |
169 | -$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("jenkins_io_example_com.prod.key")})' \ | |
170 | -> > ~/tmp/jenkins_io_example_com.prod.key.json | |
169 | +$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("jenkins.io.example.com.prod.key")})' \ | |
170 | +> > ~/tmp/jenkins.io.example.com.prod.key.json | |
171 | 171 | |
172 | -$ knife vault create ssl_server_keys jenkins.io.example.com.prod \ | |
173 | -> --json ~/tmp/jenkins_io_example_com.prod.key.json | |
172 | +$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("jenkins.io.example.com.prod.crt")})' \ | |
173 | +> > ~/tmp/jenkins.io.example.com.prod.crt.json | |
174 | + | |
175 | +$ cd $CHEF_REPO | |
174 | 176 | |
175 | -$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("jenkins_io_example_com.prod.crt")})' \ | |
176 | -> > ~/tmp/jenkins_io_example_com.prod.crt.json | |
177 | +$ knife vault create ssl_server_keys jenkins.io.example.com.prod \ | |
178 | +> --json ~/tmp/jenkins.io.example.com.prod.key.json | |
177 | 179 | |
178 | 180 | $ knife vault create ssl_server_certs jenkins.io.example.com.prod \ |
179 | -> --json ~/tmp/jenkins_io_example_com.prod.crt.json | |
181 | +> --json ~/tmp/jenkins.io.example.com.prod.crt.json | |
180 | 182 | ``` |
181 | 183 | |
182 | 184 | - grant reference permission to the Jenkins host |
@@ -190,7 +192,7 @@ $ knife vault update ssl_server_certs jenkins.io.example.com.prod -S 'name:jenki | ||
190 | 192 | |
191 | 193 | ```ruby |
192 | 194 | run_list( |
193 | - 'recipe[ssl_cert::server_key_pairs]', | |
195 | + #'recipe[ssl_cert::server_key_pairs]', # jenkins-grid <= 0.2.3 | |
194 | 196 | 'recipe[jenkins-grid::docker-compose]', |
195 | 197 | ) |
196 | 198 |
@@ -1,10 +1,15 @@ | ||
1 | 1 | require 'rspec/core/rake_task' |
2 | 2 | require 'rubocop/rake_task' |
3 | 3 | require 'foodcritic' |
4 | +require 'stove/rake_task' | |
4 | 5 | |
5 | 6 | namespace :style do |
6 | 7 | desc 'Run Ruby style checks' |
7 | - RuboCop::RakeTask.new(:ruby) | |
8 | + RuboCop::RakeTask.new(:ruby) do |t| | |
9 | + t.options = [ | |
10 | + '--auto-gen-config', # creates .rubocop_todo.yml | |
11 | + ] | |
12 | + end | |
8 | 13 | |
9 | 14 | desc 'Run Chef style checks' |
10 | 15 | FoodCritic::Rake::LintTask.new(:chef) do |t| |
@@ -20,4 +25,17 @@ task style: ['style:chef', 'style:ruby'] | ||
20 | 25 | desc 'Run ChefSpec examples' |
21 | 26 | RSpec::Core::RakeTask.new(:spec) |
22 | 27 | |
28 | +desc 'Publish cookbook' | |
29 | +Stove::RakeTask.new(:publish) do |t| | |
30 | + t.stove_opts = [ | |
31 | + # `--username` and `--key` are set in ~/.stove typically. | |
32 | + #'--username', 'somebody', | |
33 | + #'--key', '~/chef/chef.io.example.com/somebody.pem', | |
34 | + #'--endpoint', 'https://supermarket.io.example.com/api/v1', # default: supermarket.chef.io | |
35 | + #'--no-ssl-verify', | |
36 | + '--no-git', | |
37 | + '--log-level', 'info', | |
38 | + ] | |
39 | +end | |
40 | + | |
23 | 41 | task default: ['style', 'spec'] |
@@ -2,7 +2,7 @@ | ||
2 | 2 | # Cookbook Name:: jenkins-grid |
3 | 3 | # Attributes:: default |
4 | 4 | # |
5 | -# Copyright 2016, whitestar | |
5 | +# Copyright 2016-2017, whitestar | |
6 | 6 | # |
7 | 7 | # Licensed under the Apache License, Version 2.0 (the "License"); |
8 | 8 | # you may not use this file except in compliance with the License. |
@@ -39,7 +39,7 @@ default['jenkins-grid']['docker-compose']['config'] = { | ||
39 | 39 | 'services' => { |
40 | 40 | 'jenkins' => { |
41 | 41 | 'restart' => 'always', |
42 | - 'image' => 'jenkins:2.19.4', | |
42 | + 'image' => 'jenkins:latest', | |
43 | 43 | #'expose' => [ |
44 | 44 | # #'8083', # for https |
45 | 45 | #], |
@@ -0,0 +1,100 @@ | ||
1 | +--- | |
2 | +# $ fly -t target sp -p jenkins-grid-cookbook -c concourse.yml -l fly-vars.yml -l ~/sec/credentials-prod.yml | |
3 | +resources: | |
4 | +- name: src-git | |
5 | + type: git | |
6 | + source: | |
7 | + uri: ((git-id-osdn))@git.osdn.net:/gitroot/metasearch/grid-chef-repo.git | |
8 | + branch: master | |
9 | + paths: | |
10 | + - cookbooks/((cookbook-name)) | |
11 | + private_key: ((git-private-key)) | |
12 | + git_user: ((git-user-osdn)) | |
13 | + #check_every: 1h # default: 1m | |
14 | +- name: chefdk-cache | |
15 | + type: docker-image | |
16 | + source: | |
17 | + repository: chef/chefdk | |
18 | + tag: ((chefdk-version)) | |
19 | + # ((param)) style: fly >= 3.2.0 | |
20 | + registry_mirror: https://((registry-mirror-domain)) # e.g. https://registry.docker.example.com:5000 | |
21 | + ca_certs: | |
22 | + - domain: ((registry-mirror-domain)) # e.g. registry.docker.example.com:5000 | |
23 | + cert: ((docker-reg-ca-cert)) | |
24 | + check_every: 12h # default: 1m | |
25 | + | |
26 | +jobs: | |
27 | +- name: test-cookbook | |
28 | + plan: | |
29 | + - aggregate: | |
30 | + - get: src-git | |
31 | + params: | |
32 | + depth: 5 | |
33 | + trigger: true | |
34 | + - get: chefdk-cache | |
35 | + - task: ci-build | |
36 | + image: chefdk-cache | |
37 | + params: | |
38 | + http_proxy: ((http-proxy)) # e.g. http://proxy.example.com:3128 | |
39 | + #HTTP_PROXY: ((http-proxy)) | |
40 | + config: | |
41 | + platform: linux | |
42 | + #image_resource: | |
43 | + # type: docker-image | |
44 | + # source: | |
45 | + # repository: chef/chefdk | |
46 | + # tag: ((chefdk-version)) | |
47 | + # NG, setting disable | |
48 | + #registry_mirror: https://((registry-mirror-domain)) | |
49 | + #ca_certs: | |
50 | + #- domain: ((registry-mirror-domain)) | |
51 | + # cert: ((docker-reg-ca-cert)) | |
52 | + inputs: | |
53 | + - name: src-git | |
54 | + run: | |
55 | + #dir: ./src-git/cookbooks/((cookbook-name)) | |
56 | + #path: rake | |
57 | + path: /bin/bash | |
58 | + args: | |
59 | + - -c | |
60 | + - | | |
61 | + cd ./src-git/cookbooks/((cookbook-name)) | |
62 | + bundle install | |
63 | + rake | |
64 | +- name: publish-cookbook | |
65 | + plan: | |
66 | + - aggregate: | |
67 | + - get: src-git | |
68 | + params: | |
69 | + depth: 5 | |
70 | + trigger: false | |
71 | + passed: [test-cookbook] | |
72 | + - get: chefdk-cache | |
73 | + passed: [test-cookbook] | |
74 | + - task: publish | |
75 | + image: chefdk-cache | |
76 | + params: | |
77 | + http_proxy: ((http-proxy)) | |
78 | + chef_username: ((chef-username)) | |
79 | + chef_client_key: ((chef-client-key)) | |
80 | + config: | |
81 | + platform: linux | |
82 | + inputs: | |
83 | + - name: src-git | |
84 | + run: | |
85 | + path: /bin/bash | |
86 | + args: | |
87 | + - -c | |
88 | + - | | |
89 | + echo '{"username":"((chef-username))","key":"/root/chef-client-key.pem"}' > /root/.stove | |
90 | + echo "$chef_client_key" > /root/chef-client-key.pem | |
91 | + cd ./src-git/cookbooks/((cookbook-name)) | |
92 | + bundle install | |
93 | + rake publish | |
94 | + - put: src-git | |
95 | + params: | |
96 | + repository: src-git | |
97 | + tag_prefix: ((cookbook-name))- | |
98 | + tag: src-git/cookbooks/((cookbook-name))/version | |
99 | + only_tag: true | |
100 | + annotate: ../src-git/cookbooks/((cookbook-name))/version |
@@ -0,0 +1,3 @@ | ||
1 | +--- | |
2 | +cookbook-name: jenkins-grid | |
3 | +chefdk-version: 1.4.3 |
@@ -5,9 +5,15 @@ maintainer_email '' | ||
5 | 5 | license 'Apache 2.0' |
6 | 6 | description 'Installs/Configures jenkins-grid' |
7 | 7 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) |
8 | -version '0.2.3' | |
8 | +version IO.read(File.join(File.dirname(__FILE__), 'version')).chomp | |
9 | 9 | source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git' |
10 | 10 | issues_url 'https://osdn.jp/projects/metasearch/ticket' |
11 | 11 | |
12 | +chef_version '>= 12' | |
13 | +supports 'ubuntu', '>= 14.04' | |
14 | +%w(centos redhat).each do |os| | |
15 | + supports os, '>= 7.3' | |
16 | +end | |
17 | + | |
12 | 18 | depends 'docker-grid', '>= 0.3.6' |
13 | 19 | depends 'ssl_cert', '>= 0.3.3' |
@@ -70,6 +70,7 @@ unless jenkins_home_path.nil? | ||
70 | 70 | end |
71 | 71 | |
72 | 72 | if node['jenkins-grid']['with_ssl_cert_cookbook'] |
73 | + include_recipe 'ssl_cert::server_key_pairs' | |
73 | 74 | ::Chef::Recipe.send(:include, SSLCert::Helper) |
74 | 75 | cn = node['jenkins-grid']['ssl_cert']['common_name'] |
75 | 76 | key_path = server_key_path(cn) |
@@ -0,0 +1 @@ | ||
1 | +0.2.4 |
@@ -22,11 +22,14 @@ dockerd_extra_opts = [ | ||
22 | 22 | '--bip=192.168.100.1/24 --fixed-cidr=192.168.100.0/24', |
23 | 23 | ].join(' ') |
24 | 24 | network_mode_bridge = false |
25 | -aptly_port = '7080' # default: 8080 | |
26 | -aptly_api_port = '7081' # default: 8081 | |
27 | -concourse_port = '8080' | |
28 | -gitlab_http_port = '80' # default: 80, Note: 8080 already in use. | |
29 | -gitlab_ssh_port = '2022' | |
25 | +aptly_port = '7080' # default: 8080 | |
26 | +aptly_api_port = '7081' # default: 8081 | |
27 | +concourse_port = '8080' | |
28 | +jenkins_port = '9080' # default: 8080 | |
29 | +jenkins_agent_port = '50000' # default: 50000 | |
30 | +jenkins_home_path = '/opt/docker-compose/app/jenkins/home' | |
31 | +gitlab_http_port = '80' # default: 80, Note: 8080 already in use. | |
32 | +gitlab_ssh_port = '2022' | |
30 | 33 | nexus_ver = '3' |
31 | 34 | nexus_port = nexus_ver == '3' ? '8081' : '8071' |
32 | 35 |
@@ -36,6 +39,7 @@ run_list( | ||
36 | 39 | 'role[concourse-on-docker]', |
37 | 40 | 'role[gitlab-on-docker]', |
38 | 41 | 'role[gitlab-runner]', |
42 | + 'role[jenkins-on-docker]', | |
39 | 43 | "role[nexus#{nexus_ver}-on-docker]", |
40 | 44 | ) |
41 | 45 |
@@ -117,6 +121,23 @@ attrs = { | ||
117 | 121 | 'import_ca' => false, |
118 | 122 | }, |
119 | 123 | }, |
124 | + 'jenkins-grid' => { | |
125 | + 'docker-compose' => { | |
126 | + 'jenkins_home' => { | |
127 | + 'path' => jenkins_home_path, | |
128 | + }, | |
129 | + 'config' => { | |
130 | + 'services' => { | |
131 | + 'jenkins' => { | |
132 | + 'ports' => [ | |
133 | + "#{jenkins_port}:8080", | |
134 | + "#{jenkins_agent_port}:50000", | |
135 | + ], | |
136 | + }, | |
137 | + }, | |
138 | + }, | |
139 | + }, | |
140 | + }, | |
120 | 141 | 'nexus-grid' => { |
121 | 142 | 'docker-compose' => { |
122 | 143 | 'config' => { |
@@ -1,6 +1,8 @@ | ||
1 | 1 | name 'jenkins' |
2 | 2 | description 'Jenkins' |
3 | 3 | |
4 | +#jenkins_cn = 'jenkins.io.example.com' | |
5 | + | |
4 | 6 | run_list( |
5 | 7 | #'recipe[ssl_cert::server_key_pairs]', |
6 | 8 | 'role[docker]', |
@@ -11,13 +13,11 @@ run_list( | ||
11 | 13 | |
12 | 14 | #default_attributes() |
13 | 15 | |
14 | -jenkins_cn = 'jenkins.io.example.com' | |
15 | - | |
16 | 16 | override_attributes( |
17 | 17 | 'ssl_cert' => { |
18 | - 'common_names' => [ | |
19 | - jenkins_cn, | |
20 | - ], | |
18 | + # 'common_names' => [ | |
19 | + # jenkins_cn, | |
20 | + # ], | |
21 | 21 | }, |
22 | 22 | 'docker-grid' => { |
23 | 23 | 'engine' => { |
@@ -30,7 +30,7 @@ override_attributes( | ||
30 | 30 | 'jenkins-grid' => { |
31 | 31 | #'with_ssl_cert_cookbook' => true, |
32 | 32 | 'ssl_cert' => { |
33 | - 'common_name' => jenkins_cn, | |
33 | + #'common_name' => jenkins_cn, | |
34 | 34 | }, |
35 | 35 | 'docker-compose' => { |
36 | 36 | 'config' => { |
@@ -39,15 +39,12 @@ override_attributes( | ||
39 | 39 | 'services' => { |
40 | 40 | 'jenkins' => { |
41 | 41 | 'restart' => 'always', |
42 | - 'image' => 'jenkins:2.19.4', | |
42 | + 'image' => 'jenkins:latest', | |
43 | 43 | #'expose' => [ |
44 | 44 | # '8083', # for https |
45 | 45 | #], |
46 | - 'ports' => [ | |
47 | - '8080:8080', | |
48 | - #'8083:8083', | |
49 | - '50000:50000', | |
50 | - ], | |
46 | + #'ports' => [ | |
47 | + #], | |
51 | 48 | 'environment' => { |
52 | 49 | 'JENKINS_OPTS' => [ |
53 | 50 | #'--httpPort=-1 --httpsPort=8083', |