diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-18 18:41:38 +0200 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-18 18:41:38 +0200 |
| commit | 8c572ffbcb1941446f6c05cbaec4a7b2f5fd8ae8 (patch) | |
| tree | 5781847b166226d1d78c939ec8ac57add0c1c958 | |
| parent | Puppetserver: setup eyaml. (diff) | |
| download | profiles-8c572ffbcb1941446f6c05cbaec4a7b2f5fd8ae8.tar.gz profiles-8c572ffbcb1941446f6c05cbaec4a7b2f5fd8ae8.tar.xz | |
Replace concourse with module.
| -rw-r--r-- | files/concourse.service | 9 | ||||
| -rw-r--r-- | manifests/concourse.pp | 89 | ||||
| -rw-r--r-- | manifests/concourse_complete.pp | 59 |
3 files changed, 59 insertions, 98 deletions
diff --git a/files/concourse.service b/files/concourse.service deleted file mode 100644 index 6cb969f..0000000 --- a/files/concourse.service +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Continuos thing-doer. - -[Service] -ExecStart=concourse web -EnvironmentFile=/etc/conf.d/concourse - -[Install] -WantedBy=multi-user.target diff --git a/manifests/concourse.pp b/manifests/concourse.pp deleted file mode 100644 index 7679106..0000000 --- a/manifests/concourse.pp +++ /dev/null @@ -1,89 +0,0 @@ -# @summary Sets up the Concourse CI/CD system -# -# TODO file modes for just about everything. -# -# https://concourse-ci.org/ -class profiles::concourse ( - String $database_name = 'atc', - String $database_username = 'concourse', - String $database_password = extlib::cache_data('profiles', 'concourse_database_password', extlib::random_password(25)), - - String $keydir = '/usr/lib/concourse', - String $session_signing_key = "${keydir}/session_signing_key", - String $tsa_host_key = "${keydir}/tsa_host_key", - String $worker_key = "${keydir}/worker_key", - String $authorized_worker_keys = "${keydir}/authorized_worker_keys", -) { - ensure_packages([ - 'concourse', - 'concourse-resource-types', - 'concourse-fly-cli', - ]) - - include ::profiles::postgresql - - postgresql::server::db { $database_name: - user => $database_username, - password => $database_password, - grant => 'all', - comment => 'Concourse CI', - } - - exec { 'Concourse generate signing key': - command => ['concourse', 'generate-key', '-t', 'rsa', '-f', $session_signing_key], - creates => $session_signing_key, - path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',] - } - - exec { 'Concourse generate TSA host key': - command => ['concourse', 'generate-key', '-t', 'ssh', '-f', $tsa_host_key], - creates => $tsa_host_key, - path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',] - } - - exec { 'Concourse generate worker key': - command => ['concourse', 'generate-key', '-t', 'ssh', '-f', $worker_key], - creates => $worker_key, - path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',] - } - - file { $authorized_worker_keys: - content => $worker_key, - require => Exec['Concourse generate worker key'], - subscribe => Exec['Concourse generate worker key'], - } - - $env = { - 'CONCOURSE_ADD_LOCAL_USER' => 'hugo:password', - 'CONCOURSE_MAIN_TEAM_LOCAL_USER' => 'hugo', - - 'CONCOURSE_SESSION_SIGNING_KEY' => $session_signing_key, - 'CONCOURSE_TSA_HOST_KEY' => $tsa_host_key, - 'CONCOURSE_TSA_AUTHORIZED_KEYS' => $authorized_worker_keys, - - 'CONCOURSE_POSTGRES_USER' => $database_username, - 'CONCOURSE_POSTGRES_PASSWORD' => $database_password, - } - - $env_declarations = $env.map |$k, $v| { "${k}=${v}" }.join("\n") - $env_str = @("EOF") - # Environment file for concourse.service - # File managed by Puppet. Local changes WILL be overwritten. - ${env_declarations} - | EOF - - file { '/etc/conf.d/concourse': - content => $env_str, - } - - systemd::unit_file { 'concourse.service': - source => "puppet:///modules/${module_name}/concourse.service", - } ~> service { 'concourse': - ensure => running, - enable => true, - } - - # concourse quickstart --worker-work-dir=/usr/local/data/concourse - # - # cat worker-key >> authorized-worker-keys -} diff --git a/manifests/concourse_complete.pp b/manifests/concourse_complete.pp new file mode 100644 index 0000000..69f83b5 --- /dev/null +++ b/manifests/concourse_complete.pp @@ -0,0 +1,59 @@ +# @summary A complete concourse setup. +# +# Configures all components of a concourse setup. +# +# Session signing key is the one generated by +# concourse generate-key -t rsa -f session_signing_key +# +# The tsa key pair is the two files generated by +# concourse generate-key -t ssh -f worker_key +class profiles::concourse_complete ( + Sensitive[String] $session_signing_key, + Sensitive[String] $tsa_public_key, + Sensitive[String] $tsa_private_key, +) { + class { '::concourse': + clusters => { + $concourse::default_cluster => { + # Database settings + 'postgres_user' => 'concourse', + 'postgres_password' => Sensitive(cache_data( + 'profiles::concourse', + 'postgres_password', + extlib::random_password(25) + )), + 'db_name' => "atc-${concourse::default_cluster}", + # worker settings + 'external_domain' => 'concourse.adrift.space', + 'tsa_public_key' => $tsa_public_key, + # Web settings + 'tsa_private_key' => $tsa_private_key, + 'session_signing_key' => $session_signing_key, + }, + }, + } + include ::profiles::postgresql + + concourse::database { 'Concourse Database': + } + + include ::concourse::worker + include ::concourse::web + + # Settings are gotten through hiera instead, all namespaced directly with + # `concourse::auth::ldap::`. + include ::concourse::auth::ldap + + concourse::proxy::nginx { 'concourse.adrift.space': + } + + include ::concourse::fly + + @@dns::record { 'CNAME concourse.adrift.space.': + type => 'CNAME', + zone => 'adrift.space.', + key => 'concourse', + value => 'gandalf.adrift.space.', + } + +} |