Add concourse profile.

2 files changed, 98 insertions, 0 deletions

diff --git a/files/concourse.service b/files/concourse.service
new file mode 100644
index 0000000..6cb969f
--- /dev/null
+++ b/files/concourse.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Continuos thing-doer.
+
+[Service]
+ExecStart=concourse web
+EnvironmentFile=/etc/conf.d/concourse
+
+[Install]
+WantedBy=multi-user.target
diff --git a/manifests/concourse.pp b/manifests/concourse.pp
new file mode 100644
index 0000000..7679106
--- /dev/null
+++ b/manifests/concourse.pp
@@ -0,0 +1,89 @@
+# @summary Sets up the Concourse CI/CD system
+#
+# TODO file modes for just about everything.
+#
+# https://concourse-ci.org/
+class profiles::concourse (
+  String $database_name = 'atc',
+  String $database_username = 'concourse',
+  String $database_password = extlib::cache_data('profiles', 'concourse_database_password', extlib::random_password(25)),
+
+  String $keydir = '/usr/lib/concourse',
+  String $session_signing_key = "${keydir}/session_signing_key",
+  String $tsa_host_key = "${keydir}/tsa_host_key",
+  String $worker_key = "${keydir}/worker_key",
+  String $authorized_worker_keys = "${keydir}/authorized_worker_keys",
+) {
+  ensure_packages([
+    'concourse',
+    'concourse-resource-types',
+    'concourse-fly-cli',
+  ])
+
+  include ::profiles::postgresql
+
+  postgresql::server::db { $database_name:
+    user     => $database_username,
+    password => $database_password,
+    grant    => 'all',
+    comment  => 'Concourse CI',
+  }
+
+  exec { 'Concourse generate signing key':
+    command => ['concourse', 'generate-key', '-t', 'rsa', '-f', $session_signing_key],
+    creates => $session_signing_key,
+    path    => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',]
+  }
+
+  exec { 'Concourse generate TSA host key':
+    command => ['concourse', 'generate-key', '-t', 'ssh', '-f', $tsa_host_key],
+    creates => $tsa_host_key,
+    path    => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',]
+  }
+
+  exec { 'Concourse generate worker key':
+    command => ['concourse', 'generate-key', '-t', 'ssh', '-f', $worker_key],
+    creates => $worker_key,
+    path    => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',]
+  }
+
+  file { $authorized_worker_keys:
+    content   => $worker_key,
+    require   => Exec['Concourse generate worker key'],
+    subscribe => Exec['Concourse generate worker key'],
+  }
+
+  $env = {
+    'CONCOURSE_ADD_LOCAL_USER'       => 'hugo:password',
+    'CONCOURSE_MAIN_TEAM_LOCAL_USER' => 'hugo',
+
+    'CONCOURSE_SESSION_SIGNING_KEY'  => $session_signing_key,
+    'CONCOURSE_TSA_HOST_KEY'         => $tsa_host_key,
+    'CONCOURSE_TSA_AUTHORIZED_KEYS'  => $authorized_worker_keys,
+
+    'CONCOURSE_POSTGRES_USER'        => $database_username,
+    'CONCOURSE_POSTGRES_PASSWORD'    => $database_password,
+  }
+
+  $env_declarations = $env.map |$k, $v| { "${k}=${v}" }.join("\n")
+  $env_str = @("EOF")
+  # Environment file for concourse.service
+  # File managed by Puppet. Local changes WILL be overwritten.
+  ${env_declarations}
+  | EOF
+
+  file { '/etc/conf.d/concourse':
+    content => $env_str,
+  }
+
+  systemd::unit_file { 'concourse.service':
+    source => "puppet:///modules/${module_name}/concourse.service",
+  } ~> service { 'concourse':
+    ensure => running,
+    enable => true,
+  }
+
+  # concourse quickstart --worker-work-dir=/usr/local/data/concourse
+  #
+  # cat worker-key >> authorized-worker-keys
+}