Grid環境構築用のChefリポジトリです。
Revision | 5bb4ee8adce24919137e29fb1cac7564ee7a401e (tree) |
---|---|
Zeit | 2018-02-09 21:12:17 |
Autor | whitestar <whitestar@user...> |
Commiter | whitestar |
Initial release of minio-grid
@@ -0,0 +1,2 @@ | ||
1 | +~FC001 | |
2 | +~FC019 |
@@ -0,0 +1,53 @@ | ||
1 | +AllCops: | |
2 | + Exclude: | |
3 | + - vendor/**/* | |
4 | + | |
5 | +AlignParameters: | |
6 | + Enabled: false | |
7 | +LineLength: | |
8 | + Enabled: false | |
9 | +Lint/UnusedBlockArgument: | |
10 | + Enabled: false | |
11 | +Metrics/AbcSize: | |
12 | + Enabled: false | |
13 | +Style/BlockComments: | |
14 | + Enabled: false | |
15 | +Style/BlockDelimiters: | |
16 | + Enabled: false | |
17 | +Style/ExtraSpacing: | |
18 | + Enabled: false | |
19 | +Style/FileName: | |
20 | + Enabled: false | |
21 | +Style/LeadingCommentSpace: | |
22 | + Enabled: false | |
23 | +Style/RescueModifier: | |
24 | + Enabled: false | |
25 | +Style/SpaceAroundOperators: | |
26 | + Enabled: false | |
27 | +Style/SpaceBeforeFirstArg: | |
28 | + Enabled: false | |
29 | +Style/SpaceInsideBlockBraces: | |
30 | + Enabled: false | |
31 | +Style/SpaceInsidePercentLiteralDelimiters: | |
32 | + Enabled: false | |
33 | +Style/TrailingCommaInLiteral: | |
34 | + EnforcedStyleForMultiline: consistent_comma | |
35 | +Style/WordArray: | |
36 | + Enabled: false | |
37 | + | |
38 | +#Lint/ShadowingOuterLocalVariable: | |
39 | +# Enabled: false | |
40 | +#Metrics/MethodLength: | |
41 | +# Max: 10 | |
42 | +#Metrics/ModuleLength: | |
43 | +# Max: 100 | |
44 | +#Metrics/CyclomaticComplexity: | |
45 | +# Max: 6 | |
46 | +#Metrics/PerceivedComplexity: | |
47 | +# Max: 7 | |
48 | +#Style/AccessorMethodName: | |
49 | +# Enabled: false | |
50 | +#Style/MultilineOperationIndentation: | |
51 | +# Enabled: false | |
52 | +#Style/PerlBackrefs: | |
53 | +# Enabled: false |
@@ -0,0 +1,19 @@ | ||
1 | +# | |
2 | +# Copyright 2018 whitestar | |
3 | +# | |
4 | +# Licensed under the Apache License, Version 2.0 (the "License"); | |
5 | +# you may not use this file except in compliance with the License. | |
6 | +# You may obtain a copy of the License at | |
7 | +# | |
8 | +# http://www.apache.org/licenses/LICENSE-2.0 | |
9 | +# | |
10 | +# Unless required by applicable law or agreed to in writing, software | |
11 | +# distributed under the License is distributed on an "AS IS" BASIS, | |
12 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
13 | +# See the License for the specific language governing permissions and | |
14 | +# limitations under the License. | |
15 | +# | |
16 | + | |
17 | +source 'https://supermarket.chef.io' | |
18 | + | |
19 | +metadata |
@@ -0,0 +1,5 @@ | ||
1 | +# minio-grid CHANGELOG | |
2 | + | |
3 | +0.1.0 | |
4 | +----- | |
5 | +- Initial release of minio-grid |
@@ -0,0 +1,4 @@ | ||
1 | +source 'https://rubygems.org' | |
2 | + | |
3 | +# with Chef DK | |
4 | +gem 'stove' |
@@ -0,0 +1,273 @@ | ||
1 | +minio-grid Cookbook | |
2 | +=================== | |
3 | + | |
4 | +This cookbook sets up a Minio service. | |
5 | + | |
6 | +## Contents | |
7 | + | |
8 | +- [Requirements](#requirements) | |
9 | + - [platforms](#platforms) | |
10 | + - [packages](#packages) | |
11 | +- [Attributes](#attributes) | |
12 | +- [Usage](#usage) | |
13 | + - [Recipes](#recipes) | |
14 | + - [minio-grid::default](#minio-griddefault) | |
15 | + - [minio-grid::docker-compose](#minio-griddocker-compose) | |
16 | + - [Role Examples](#role-examples) | |
17 | + - [SSL server keys and certificates management by `ssl_cert` cookbook](#ssl-server-keys-and-certificates-management-by-ssl_cert-cookbook) | |
18 | + - [Server access key management by Chef Vault](#server-access-key-management-by-chef-vault) | |
19 | +- [License and Authors](#license-and-authors) | |
20 | + | |
21 | +## Requirements | |
22 | + | |
23 | +### platforms | |
24 | + | |
25 | +- Debian >= 9.0 | |
26 | +- Ubuntu >= 14.04 | |
27 | +- CentOS,RHEL >= 7.3 | |
28 | + | |
29 | +### packages | |
30 | +- none. | |
31 | + | |
32 | +## Attributes | |
33 | + | |
34 | +|Key|Type|Description, example|Default| | |
35 | +|:--|:--|:--|:--| | |
36 | +|`['minio-grid']['with_ssl_cert_cookbook']`|Boolean|If this attribute is true, `node['minio-grid']['docker-compose']['config']` are are overridden by the following `common_name` attributes.|`false`| | |
37 | +|`['minio-grid']['ssl_cert']['common_name']`|String|Minio server common name for TLS|`node['fqdn']`| | |
38 | +|`['minio-grid']['docker-compose']['app_dir']`|String||`"#{node['docker-grid']['compose']['app_dir']}/minio"`| | |
39 | +|`['minio-grid']['docker-compose']['config_dir']`|String||`"#{node['minio-grid']['docker-compose']['app_dir']}/config"`| | |
40 | +|`['minio-grid']['docker-compose']['data_dir']`|String||`"#{node['docker-grid']['compose']['app_dir']}/data"`| | |
41 | +|`['minio-grid']['docker-compose']['config']`|Hash|`docker-compose.yml` configurations.|See `attributes/default.rb`| | |
42 | + | |
43 | +## Usage | |
44 | + | |
45 | +### Recipes | |
46 | + | |
47 | +#### minio-grid::default | |
48 | + | |
49 | +This recipe does nothing. | |
50 | + | |
51 | +#### minio-grid::docker-compose | |
52 | + | |
53 | +This recipe generates a `docker-compose.yml` for the Minio service. | |
54 | + | |
55 | +### Role Examples | |
56 | + | |
57 | +- `roles/minio-on-docker.rb` | |
58 | + | |
59 | +```ruby | |
60 | +name 'minio-on-docker' | |
61 | +description 'Minio on Docker' | |
62 | + | |
63 | +minio_port = '9000' | |
64 | + | |
65 | +run_list( | |
66 | + 'role[docker]', | |
67 | + 'recipe[minio-grid::docker-compose]', | |
68 | +) | |
69 | + | |
70 | +#env_run_lists | |
71 | + | |
72 | +#default_attributes | |
73 | + | |
74 | +override_attributes( | |
75 | + 'minio-grid' => { | |
76 | + 'docker-compose' => { | |
77 | + 'config' => { | |
78 | + 'services' => { | |
79 | + 'minio' => { | |
80 | + 'restart' => 'always', | |
81 | + 'image' => 'minio/minio', | |
82 | + 'ports' => [ | |
83 | + "#{minio_port}:9000", | |
84 | + ], | |
85 | + 'environment' => { | |
86 | + # See https://docs.minio.io/ | |
87 | + #'MINIO_REGION' => 'us-east-1', | |
88 | + #'MINIO_BROWSER' => 'on', | |
89 | + #'MINIO_DOMAIN' => 'minio.example.com', # for virtual-host-style requests | |
90 | + # These variables will be set by the minio-grid::docker-compose recipe automatically. | |
91 | + #'MINIO_ACCESS_KEY' => '${MINIO_ACCESS_KEY}', | |
92 | + #'MINIO_SECRET_KEY' => '${MINIO_SECRET_KEY}', | |
93 | + }, | |
94 | + #'volumes' => [ | |
95 | + # These volumes will be set by the minio-grid::docker-compose recipe automatically. | |
96 | + #"#{node['minio-grid']['docker-compose']['config_dir']}:/root/.minio:rw", | |
97 | + #"#{node['minio-grid']['docker-compose']['data_dir']}:/data:rw", | |
98 | + #"#{server_cert_path(node['minio-grid']['ssl_cert']['common_name'])}:/root/.minio/certs/public.crt:ro", | |
99 | + #"#{server_key_path(node['minio-grid']['ssl_cert']['common_name'])}:/root/.minio/certs/private.key:ro", | |
100 | + #], | |
101 | + }, | |
102 | + }, | |
103 | + }, | |
104 | + }, | |
105 | + }, | |
106 | +) | |
107 | +``` | |
108 | + | |
109 | +- `roles/minio-with-ssl-on-docker.rb` | |
110 | + | |
111 | +```ruby | |
112 | +name 'minio-with-ssl-on-docker' | |
113 | +description 'Minio setup with ssl_cert cookbook' | |
114 | + | |
115 | +minio_port = '9000' | |
116 | +minio_cn = 'minio.io.example.com' | |
117 | + | |
118 | +run_list( | |
119 | + 'role[docker]', | |
120 | + 'recipe[minio-grid::docker-compose]', | |
121 | +) | |
122 | + | |
123 | +#env_run_lists | |
124 | + | |
125 | +#default_attributes | |
126 | + | |
127 | +override_attributes( | |
128 | + 'minio-grid' => { | |
129 | + 'with_ssl_cert_cookbook' => true, | |
130 | + 'ssl_cert' => { | |
131 | + 'common_name' => minio_cn, | |
132 | + }, | |
133 | + 'docker-compose' => { | |
134 | + 'config' => { | |
135 | + 'services' => { | |
136 | + 'minio' => { | |
137 | + 'restart' => 'always', | |
138 | + 'image' => 'minio/minio', | |
139 | + 'ports' => [ | |
140 | + "#{minio_port}:9000", | |
141 | + ], | |
142 | + 'environment' => { | |
143 | + # See https://docs.minio.io/ | |
144 | + #'MINIO_REGION' => 'us-east-1', | |
145 | + #'MINIO_BROWSER' => 'on', | |
146 | + #'MINIO_DOMAIN' => 'minio.example.com', # for virtual-host-style requests | |
147 | + # These variables will be set by the minio-grid::docker-compose recipe automatically. | |
148 | + #'MINIO_ACCESS_KEY' => '${MINIO_ACCESS_KEY}', | |
149 | + #'MINIO_SECRET_KEY' => '${MINIO_SECRET_KEY}', | |
150 | + }, | |
151 | + #'volumes' => [ | |
152 | + # These volumes will be set by the minio-grid::docker-compose recipe automatically. | |
153 | + #"#{node['minio-grid']['docker-compose']['config_dir']}:/root/.minio:rw", | |
154 | + #"#{node['minio-grid']['docker-compose']['data_dir']}:/data:rw", | |
155 | + #"#{server_cert_path(node['minio-grid']['ssl_cert']['common_name'])}:/root/.minio/certs/public.crt:ro", | |
156 | + #"#{server_key_path(node['minio-grid']['ssl_cert']['common_name'])}:/root/.minio/certs/private.key:ro", | |
157 | + #], | |
158 | + }, | |
159 | + }, | |
160 | + }, | |
161 | + }, | |
162 | + }, | |
163 | +) | |
164 | +``` | |
165 | + | |
166 | +### SSL server keys and certificates management by `ssl_cert` cookbook | |
167 | + | |
168 | +- create chef-vault items. | |
169 | + | |
170 | +```text | |
171 | +$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("minio.io.example.com.prod.key")})' \ | |
172 | +> > ~/sec/tmp/minio.io.example.com.prod.key.json | |
173 | + | |
174 | +$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("minio.io.example.com.prod.crt")})' \ | |
175 | +> > ~/sec/tmp/minio.io.example.com.prod.crt.json | |
176 | + | |
177 | +$ cd $CHEF_REPO | |
178 | + | |
179 | +$ knife vault create ssl_server_keys minio.io.example.com.prod \ | |
180 | +> --json ~/sec/tmp/minio.io.example.com.prod.key.json | |
181 | + | |
182 | +$ knife vault create ssl_server_certs minio.io.example.com.prod \ | |
183 | +> --json ~/sec/tmp/minio.io.example.com.prod.crt.json | |
184 | +``` | |
185 | + | |
186 | +- grant reference permission to the Minio host | |
187 | + | |
188 | +```text | |
189 | +$ knife vault update ssl_server_keys minio.io.example.com.prod -S 'name:minio-host.example.com' | |
190 | +$ knife vault update ssl_server_certs minio.io.example.com.prod -S 'name:minio-host.example.com' | |
191 | +``` | |
192 | + | |
193 | +- modify run_list and attributes | |
194 | + | |
195 | +```ruby | |
196 | +run_list( | |
197 | + 'recipe[minio-grid::docker-compose]', | |
198 | +) | |
199 | + | |
200 | +override_attributes( | |
201 | + 'minio-grid' => { | |
202 | + 'with_ssl_cert_cookbook' => true, | |
203 | + 'ssl_cert' => { | |
204 | + 'common_name' => 'minio.io.example.com', | |
205 | + }, | |
206 | + # ... | |
207 | + }, | |
208 | +) | |
209 | +``` | |
210 | + | |
211 | +### Server access key management by Chef Vault | |
212 | + | |
213 | +- create vault items. | |
214 | + | |
215 | +```text | |
216 | +$ cat ~/sec/tmp/minio_access_key.json | |
217 | +{ | |
218 | + "keyid":"********************", | |
219 | + "secret":"****************************************" | |
220 | +} | |
221 | + | |
222 | +$ cd $CHEF_REPO_PATH | |
223 | +$ knife vault create minio access_key --json ~/sec/tmp/minio_access_key.json | |
224 | +``` | |
225 | + | |
226 | +- grant reference permission to the minio host | |
227 | + | |
228 | +```text | |
229 | +$ knife vault update minio access_key -S 'name:minio-host.example.com' | |
230 | +``` | |
231 | + | |
232 | +- modify attributes | |
233 | + | |
234 | +```ruby | |
235 | +override_attributes( | |
236 | + 'minio-grid' => { | |
237 | + # ... | |
238 | + 'access_key_vault_item' => { | |
239 | + 'vault' => 'minio', | |
240 | + 'name' => 'access_key', | |
241 | + 'env_context' => false, | |
242 | + 'key' => 'keyid', | |
243 | + }, | |
244 | + 'secret_key_vault_item' => { | |
245 | + 'vault' => 'minio', | |
246 | + 'name' => 'access_key', | |
247 | + 'env_context' => false, | |
248 | + 'key' => 'secret', | |
249 | + }, | |
250 | + # ... | |
251 | + }, | |
252 | +) | |
253 | +``` | |
254 | + | |
255 | +## License and Authors | |
256 | + | |
257 | +- Author:: whitestar at osdn.jp | |
258 | + | |
259 | +```text | |
260 | +Copyright 2018, whitestar | |
261 | + | |
262 | +Licensed under the Apache License, Version 2.0 (the "License"); | |
263 | +you may not use this file except in compliance with the License. | |
264 | +You may obtain a copy of the License at | |
265 | + | |
266 | + http://www.apache.org/licenses/LICENSE-2.0 | |
267 | + | |
268 | +Unless required by applicable law or agreed to in writing, software | |
269 | +distributed under the License is distributed on an "AS IS" BASIS, | |
270 | +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
271 | +See the License for the specific language governing permissions and | |
272 | +limitations under the License. | |
273 | +``` |
@@ -0,0 +1,41 @@ | ||
1 | +require 'rspec/core/rake_task' | |
2 | +require 'rubocop/rake_task' | |
3 | +require 'foodcritic' | |
4 | +require 'stove/rake_task' | |
5 | + | |
6 | +namespace :style do | |
7 | + desc 'Run Ruby style checks' | |
8 | + RuboCop::RakeTask.new(:ruby) do |t| | |
9 | + t.options = [ | |
10 | + '--auto-gen-config', # creates .rubocop_todo.yml | |
11 | + ] | |
12 | + end | |
13 | + | |
14 | + desc 'Run Chef style checks' | |
15 | + FoodCritic::Rake::LintTask.new(:chef) do |t| | |
16 | + t.options = { | |
17 | + fail_tags: ['any'], | |
18 | + } | |
19 | + end | |
20 | +end | |
21 | + | |
22 | +desc 'Run all style checks' | |
23 | +task style: ['style:chef', 'style:ruby'] | |
24 | + | |
25 | +desc 'Run ChefSpec examples' | |
26 | +RSpec::Core::RakeTask.new(:spec) | |
27 | + | |
28 | +desc 'Publish cookbook' | |
29 | +Stove::RakeTask.new(:publish) do |t| | |
30 | + t.stove_opts = [ | |
31 | + # `--username` and `--key` are set in ~/.stove typically. | |
32 | + #'--username', 'somebody', | |
33 | + #'--key', '~/chef/chef.io.example.com/somebody.pem', | |
34 | + #'--endpoint', 'https://supermarket.io.example.com/api/v1', # default: supermarket.chef.io | |
35 | + #'--no-ssl-verify', | |
36 | + '--no-git', | |
37 | + '--log-level', 'info', | |
38 | + ] | |
39 | +end | |
40 | + | |
41 | +task default: ['style', 'spec'] |
@@ -0,0 +1,87 @@ | ||
1 | +# | |
2 | +# Cookbook Name:: minio-grid | |
3 | +# Attributes:: default | |
4 | +# | |
5 | +# Copyright 2018, whitestar | |
6 | +# | |
7 | +# Licensed under the Apache License, Version 2.0 (the "License"); | |
8 | +# you may not use this file except in compliance with the License. | |
9 | +# You may obtain a copy of the License at | |
10 | +# | |
11 | +# http://www.apache.org/licenses/LICENSE-2.0 | |
12 | +# | |
13 | +# Unless required by applicable law or agreed to in writing, software | |
14 | +# distributed under the License is distributed on an "AS IS" BASIS, | |
15 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
16 | +# See the License for the specific language governing permissions and | |
17 | +# limitations under the License. | |
18 | +# | |
19 | + | |
20 | +default['minio-grid']['with_ssl_cert_cookbook'] = false | |
21 | +# If ['minio-grid']['with_ssl_cert_cookbook'] is true, | |
22 | +# node['minio-grid']['docker-compose']['config'] | |
23 | +# are overridden by the following 'common_name' attributes. | |
24 | +default['minio-grid']['ssl_cert']['common_name'] = node['fqdn'] | |
25 | + | |
26 | +default['minio-grid']['access_key_vault_item'] = { | |
27 | +=begin | |
28 | + 'vault' => 'minio', | |
29 | + 'name' => 'access_key', | |
30 | + # single key id or nested hash key id path delimited by slash | |
31 | + 'env_context' => false, | |
32 | + 'key' => 'kid', # real hash path: "/kid" | |
33 | + # or nested hash key id path delimited by slash | |
34 | + #'env_context' => true, | |
35 | + #'key' => 'hash/path/to/kid', # real hash path: "/#{node.chef_environment}/hash/path/to/kid" | |
36 | +=end | |
37 | +} | |
38 | +default['minio-grid']['secret_key_vault_item'] = { | |
39 | +=begin | |
40 | + 'vault' => 'minio', | |
41 | + 'name' => 'access_key', | |
42 | + # single key secret or nested hash key secret path delimited by slash | |
43 | + 'env_context' => false, | |
44 | + 'key' => 'secret', # real hash path: "/secret" | |
45 | + # or nested hash key secret path delimited by slash | |
46 | + #'env_context' => true, | |
47 | + #'key' => 'hash/path/to/secret', # real hash path: "/#{node.chef_environment}/hash/path/to/secret" | |
48 | +=end | |
49 | +} | |
50 | + | |
51 | +default['minio-grid']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/minio" | |
52 | +default['minio-grid']['docker-compose']['config_dir'] = "#{node['minio-grid']['docker-compose']['app_dir']}/config" | |
53 | +default['minio-grid']['docker-compose']['data_dir'] = "#{node['minio-grid']['docker-compose']['app_dir']}/data" | |
54 | + | |
55 | +force_override['minio-grid']['docker-compose']['config_format_version'] = '2' | |
56 | +version_2_config = { | |
57 | + # Version 2 docker-compose format | |
58 | + 'version' => '2', | |
59 | + 'services' => { | |
60 | + 'minio' => { | |
61 | + 'restart' => 'always', | |
62 | + 'image' => 'minio/minio', | |
63 | + 'command' => 'server /data', | |
64 | + 'ports' => [ | |
65 | + #'9000:9000', # default | |
66 | + ], | |
67 | + 'volumes' => [ | |
68 | + # These volumes will be set by the minio-grid::docker-compose recipe automatically. | |
69 | + #"#{node['minio-grid']['docker-compose']['config_dir']}:/root/.minio:rw", | |
70 | + #"#{node['minio-grid']['docker-compose']['data_dir']}:/data:rw", | |
71 | + #"#{server_cert_path(node['minio-grid']['ssl_cert']['common_name'])}:/root/.minio/certs/public.crt:ro", | |
72 | + #"#{server_key_path(node['minio-grid']['ssl_cert']['common_name'])}:/root/.minio/certs/private.key:ro", | |
73 | + ], | |
74 | + 'environment' => { | |
75 | + # See https://docs.minio.io/ | |
76 | + #'MINIO_REGION' => 'us-east-1', | |
77 | + #'MINIO_BROWSER' => 'on', | |
78 | + #'MINIO_DOMAIN' => 'minio.example.com', # for virtual-host-style requests | |
79 | + # These variables will be set by the minio-grid::docker-compose recipe automatically. | |
80 | + #'MINIO_ACCESS_KEY' => '${MINIO_ACCESS_KEY}', | |
81 | + #'MINIO_SECRET_KEY' => '${MINIO_SECRET_KEY}', | |
82 | + }, | |
83 | + }, | |
84 | + }, | |
85 | +} | |
86 | + | |
87 | +default['minio-grid']['docker-compose']['config'] = version_2_config |
@@ -0,0 +1,100 @@ | ||
1 | +--- | |
2 | +# $ fly -t target sp -p minio-grid-cookbook -c concourse.yml -l fly-vars.yml -l ~/sec/credentials-prod.yml | |
3 | +resources: | |
4 | +- name: src-git | |
5 | + type: git | |
6 | + source: | |
7 | + uri: ((git-id-osdn))@git.osdn.net:/gitroot/metasearch/grid-chef-repo.git | |
8 | + branch: master | |
9 | + paths: | |
10 | + - cookbooks/((cookbook-name)) | |
11 | + private_key: ((git-private-key)) | |
12 | + git_user: ((git-user-osdn)) | |
13 | + #check_every: 1h # default: 1m | |
14 | +- name: chefdk-cache | |
15 | + type: docker-image | |
16 | + source: | |
17 | + repository: chef/chefdk | |
18 | + tag: ((chefdk-version)) | |
19 | + # ((param)) style: fly >= 3.2.0 | |
20 | + registry_mirror: https://((registry-mirror-domain)) # e.g. https://registry.docker.example.com:5000 | |
21 | + ca_certs: | |
22 | + - domain: ((registry-mirror-domain)) # e.g. registry.docker.example.com:5000 | |
23 | + cert: ((docker-reg-ca-cert)) | |
24 | + check_every: 12h # default: 1m | |
25 | + | |
26 | +jobs: | |
27 | +- name: test-cookbook | |
28 | + plan: | |
29 | + - aggregate: | |
30 | + - get: src-git | |
31 | + params: | |
32 | + depth: 5 | |
33 | + trigger: true | |
34 | + - get: chefdk-cache | |
35 | + - task: ci-build | |
36 | + image: chefdk-cache | |
37 | + params: | |
38 | + http_proxy: ((http-proxy)) # e.g. http://proxy.example.com:3128 | |
39 | + #HTTP_PROXY: ((http-proxy)) | |
40 | + config: | |
41 | + platform: linux | |
42 | + #image_resource: | |
43 | + # type: docker-image | |
44 | + # source: | |
45 | + # repository: chef/chefdk | |
46 | + # tag: ((chefdk-version)) | |
47 | + # NG, setting disable | |
48 | + #registry_mirror: https://((registry-mirror-domain)) | |
49 | + #ca_certs: | |
50 | + #- domain: ((registry-mirror-domain)) | |
51 | + # cert: ((docker-reg-ca-cert)) | |
52 | + inputs: | |
53 | + - name: src-git | |
54 | + run: | |
55 | + #dir: ./src-git/cookbooks/((cookbook-name)) | |
56 | + #path: rake | |
57 | + path: /bin/bash | |
58 | + args: | |
59 | + - -c | |
60 | + - | | |
61 | + cd ./src-git/cookbooks/((cookbook-name)) | |
62 | + bundle install | |
63 | + rake | |
64 | +- name: publish-cookbook | |
65 | + plan: | |
66 | + - aggregate: | |
67 | + - get: src-git | |
68 | + params: | |
69 | + depth: 5 | |
70 | + trigger: false | |
71 | + passed: [test-cookbook] | |
72 | + - get: chefdk-cache | |
73 | + passed: [test-cookbook] | |
74 | + - task: publish | |
75 | + image: chefdk-cache | |
76 | + params: | |
77 | + http_proxy: ((http-proxy)) | |
78 | + chef_username: ((chef-username)) | |
79 | + chef_client_key: ((chef-client-key)) | |
80 | + config: | |
81 | + platform: linux | |
82 | + inputs: | |
83 | + - name: src-git | |
84 | + run: | |
85 | + path: /bin/bash | |
86 | + args: | |
87 | + - -c | |
88 | + - | | |
89 | + echo '{"username":"((chef-username))","key":"/root/chef-client-key.pem"}' > /root/.stove | |
90 | + echo "$chef_client_key" > /root/chef-client-key.pem | |
91 | + cd ./src-git/cookbooks/((cookbook-name)) | |
92 | + bundle install | |
93 | + rake publish | |
94 | + - put: src-git | |
95 | + params: | |
96 | + repository: src-git | |
97 | + tag_prefix: ((cookbook-name))- | |
98 | + tag: src-git/cookbooks/((cookbook-name))/version | |
99 | + only_tag: true | |
100 | + annotate: ../src-git/cookbooks/((cookbook-name))/version |
@@ -0,0 +1,3 @@ | ||
1 | +--- | |
2 | +cookbook-name: minio-grid | |
3 | +chefdk-version: 2.4.17 |
@@ -0,0 +1,20 @@ | ||
1 | +name 'minio-grid' | |
2 | +maintainer 'whitestar' | |
3 | +maintainer_email '' | |
4 | +license 'Apache 2.0' | |
5 | +description 'Installs/Configures Minio server' | |
6 | +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) | |
7 | +version IO.read(File.join(File.dirname(__FILE__), 'version')).chomp | |
8 | +source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git' | |
9 | +issues_url 'https://osdn.jp/projects/metasearch/ticket' | |
10 | + | |
11 | +chef_version '>= 12' | |
12 | +%w( centos redhat ).each do |os| | |
13 | + supports os, '>= 7.0' | |
14 | +end | |
15 | +supports 'debian', '>= 8.0' | |
16 | +supports 'ubuntu', '>= 14.04' | |
17 | + | |
18 | +depends 'docker-grid', '>= 0.4.0' | |
19 | +depends 'platform_utils', '>= 0.4.4' | |
20 | +depends 'ssl_cert', '>= 0.3.9' |
@@ -0,0 +1,18 @@ | ||
1 | +# | |
2 | +# Cookbook Name:: minio-grid | |
3 | +# Recipe:: default | |
4 | +# | |
5 | +# Copyright 2018, whitestar | |
6 | +# | |
7 | +# Licensed under the Apache License, Version 2.0 (the "License"); | |
8 | +# you may not use this file except in compliance with the License. | |
9 | +# You may obtain a copy of the License at | |
10 | +# | |
11 | +# http://www.apache.org/licenses/LICENSE-2.0 | |
12 | +# | |
13 | +# Unless required by applicable law or agreed to in writing, software | |
14 | +# distributed under the License is distributed on an "AS IS" BASIS, | |
15 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
16 | +# See the License for the specific language governing permissions and | |
17 | +# limitations under the License. | |
18 | +# |
@@ -0,0 +1,120 @@ | ||
1 | +# | |
2 | +# Cookbook Name:: minio-grid | |
3 | +# Recipe:: docker-compose | |
4 | +# | |
5 | +# Copyright 2018, whitestar | |
6 | +# | |
7 | +# Licensed under the Apache License, Version 2.0 (the "License"); | |
8 | +# you may not use this file except in compliance with the License. | |
9 | +# You may obtain a copy of the License at | |
10 | +# | |
11 | +# http://www.apache.org/licenses/LICENSE-2.0 | |
12 | +# | |
13 | +# Unless required by applicable law or agreed to in writing, software | |
14 | +# distributed under the License is distributed on an "AS IS" BASIS, | |
15 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
16 | +# See the License for the specific language governing permissions and | |
17 | +# limitations under the License. | |
18 | +# | |
19 | + | |
20 | +doc_url = 'https://hub.docker.com/r/minio/minio/' | |
21 | + | |
22 | +include_recipe 'platform_utils::kernel_user_namespace' | |
23 | +include_recipe 'docker-grid::compose' | |
24 | + | |
25 | +app_dir = node['minio-grid']['docker-compose']['app_dir'] | |
26 | +config_dir = node['minio-grid']['docker-compose']['config_dir'] | |
27 | +certs_dir = "#{config_dir}/certs" | |
28 | +data_dir = node['minio-grid']['docker-compose']['data_dir'] | |
29 | + | |
30 | +[ | |
31 | + app_dir, | |
32 | + config_dir, | |
33 | + certs_dir, | |
34 | + data_dir, | |
35 | +].each {|dir| | |
36 | + resources(directory: dir) rescue directory dir do | |
37 | + owner 'root' | |
38 | + group 'root' | |
39 | + mode '0755' | |
40 | + recursive true | |
41 | + end | |
42 | +} | |
43 | + | |
44 | +#override_minio_config = node.override['minio-grid']['config'] | |
45 | +config_srvs = node['minio-grid']['docker-compose']['config']['services'] | |
46 | +override_config_srvs = node.override['minio-grid']['docker-compose']['config']['services'] | |
47 | +force_override_config_srvs = node.force_override['minio-grid']['docker-compose']['config']['services'] | |
48 | +#minio_envs_org = config_srvs['minio']['environment'] | |
49 | +minio_envs = {} | |
50 | +minio_vols = config_srvs['minio']['volumes'].to_a | |
51 | + | |
52 | +ports = config_srvs['minio']['ports'] | |
53 | +override_config_srvs['minio']['ports'] = ['9000:9000'] if ports.empty? | |
54 | + | |
55 | +minio_vols.push("#{config_dir}:/root/.minio:rw") | |
56 | +minio_vols.push("#{data_dir}:/data:rw") | |
57 | + | |
58 | +access_key = nil | |
59 | +access_key_vault_item = node['minio-grid']['access_key_vault_item'] | |
60 | +unless access_key_vault_item.empty? | |
61 | + access_key = get_vault_item_value(access_key_vault_item) | |
62 | + minio_envs['MINIO_ACCESS_KEY'] = '${MINIO_ACCESS_KEY}' | |
63 | +end | |
64 | + | |
65 | +secret_key = nil | |
66 | +secret_key_vault_item = node['minio-grid']['secret_key_vault_item'] | |
67 | +unless secret_key_vault_item.empty? | |
68 | + secret_key = get_vault_item_value(secret_key_vault_item) | |
69 | + minio_envs['MINIO_SECRET_KEY'] = '${MINIO_SECRET_KEY}' | |
70 | +end | |
71 | + | |
72 | +if node['minio-grid']['with_ssl_cert_cookbook'] | |
73 | + ::Chef::Recipe.send(:include, SSLCert::Helper) | |
74 | + cn = node['minio-grid']['ssl_cert']['common_name'] | |
75 | + append_server_ssl_cn(cn) | |
76 | + include_recipe 'ssl_cert::server_key_pairs' | |
77 | + | |
78 | + minio_vols.push("#{server_cert_path(cn)}:/root/.minio/certs/public.crt:ro") | |
79 | + minio_vols.push("#{server_key_path(cn)}:/root/.minio/certs/private.key:ro") | |
80 | +end | |
81 | + | |
82 | +# merge environment hash | |
83 | +force_override_config_srvs['minio']['environment'] = minio_envs unless minio_envs.empty? | |
84 | +# reset vlumes array. | |
85 | +override_config_srvs['minio']['volumes'] = minio_vols unless minio_vols.empty? | |
86 | + | |
87 | +config_file = "#{app_dir}/docker-compose.yml" | |
88 | +template config_file do | |
89 | + source 'opt/docker-compose/app/minio/docker-compose.yml' | |
90 | + owner 'root' | |
91 | + group 'root' | |
92 | + mode '0644' | |
93 | +end | |
94 | + | |
95 | +env_file = "#{app_dir}/.env" | |
96 | +template env_file do | |
97 | + source 'opt/docker-compose/app/minio/.env' | |
98 | + owner 'root' | |
99 | + group 'root' | |
100 | + mode '0600' | |
101 | + sensitive true | |
102 | + # prevent Chef from logging password attribute value. | |
103 | + variables( | |
104 | + # secrets | |
105 | + access_key: access_key, | |
106 | + secret_key: secret_key | |
107 | + ) | |
108 | +end | |
109 | + | |
110 | +log 'minio docker-compose post install message' do | |
111 | + message <<-"EOM" | |
112 | +Note: You must execute the following command manually. | |
113 | + See #{doc_url} | |
114 | + * Start: | |
115 | + $ cd #{app_dir} | |
116 | + $ docker-compose up -d | |
117 | + * Stop | |
118 | + $ docker-compose down | |
119 | +EOM | |
120 | +end |
@@ -0,0 +1,9 @@ | ||
1 | +require_relative '../spec_helper' | |
2 | + | |
3 | +describe 'minio-grid::default' do | |
4 | + let(:chef_run) { ChefSpec::SoloRunner.new.converge(described_recipe) } | |
5 | + | |
6 | + #it 'does something' do | |
7 | + # expect(chef_run).to do_something('...') | |
8 | + #end | |
9 | +end |
@@ -0,0 +1,25 @@ | ||
1 | +# Added by ChefSpec | |
2 | +require 'chefspec' | |
3 | + | |
4 | +# Uncomment to use ChefSpec's Berkshelf extension | |
5 | +# require 'chefspec/berkshelf' | |
6 | + | |
7 | +RSpec.configure do |config| | |
8 | + # Specify the path for Chef Solo to find cookbooks | |
9 | + # config.cookbook_path = '/var/cookbooks' | |
10 | + | |
11 | + # Specify the path for Chef Solo to find roles | |
12 | + # config.role_path = '/var/roles' | |
13 | + | |
14 | + # Specify the Chef log_level (default: :warn) | |
15 | + # config.log_level = :debug | |
16 | + | |
17 | + # Specify the path to a local JSON file with Ohai data | |
18 | + # config.path = 'ohai.json' | |
19 | + | |
20 | + # Specify the operating platform to mock Ohai data from | |
21 | + # config.platform = 'ubuntu' | |
22 | + | |
23 | + # Specify the operating version to mock Ohai data from | |
24 | + # config.version = '12.04' | |
25 | +end |
@@ -0,0 +1,11 @@ | ||
1 | +<% | |
2 | +# Note in this file: | |
3 | +# - Do not use quotation marks (' or "). | |
4 | +# - Do not use variable reference. | |
5 | +-%> | |
6 | +<% unless @access_key.nil? %> | |
7 | +MINIO_ACCESS_KEY=<%= @access_key %> | |
8 | +<% end %> | |
9 | +<% unless @secret_key.nil? %> | |
10 | +MINIO_SECRET_KEY=<%= @secret_key %> | |
11 | +<% end %> |
@@ -0,0 +1,5 @@ | ||
1 | +<% | |
2 | +require 'yaml' | |
3 | +yaml_str = node['minio-grid']['docker-compose']['config'].to_hash.to_yaml | |
4 | +-%> | |
5 | +<%= yaml_str %> |
@@ -0,0 +1 @@ | ||
1 | +0.1.0 |