diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-13 01:31:36 +0200 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-13 01:37:21 +0200 |
commit | c3a08afc04959f6f1f16ba63ca22cedcdfdac4b0 (patch) | |
tree | b353e4e2a5a7f39909c3dace7f4f8ef54cbc55be | |
parent | Add profile postpresql. (diff) | |
download | profiles-c3a08afc04959f6f1f16ba63ca22cedcdfdac4b0.tar.gz profiles-c3a08afc04959f6f1f16ba63ca22cedcdfdac4b0.tar.xz |
Add concourse profile.
-rw-r--r-- | files/concourse.service | 9 | ||||
-rw-r--r-- | manifests/concourse.pp | 89 |
2 files changed, 98 insertions, 0 deletions
diff --git a/files/concourse.service b/files/concourse.service new file mode 100644 index 0000000..6cb969f --- /dev/null +++ b/files/concourse.service @@ -0,0 +1,9 @@ +[Unit] +Description=Continuos thing-doer. + +[Service] +ExecStart=concourse web +EnvironmentFile=/etc/conf.d/concourse + +[Install] +WantedBy=multi-user.target diff --git a/manifests/concourse.pp b/manifests/concourse.pp new file mode 100644 index 0000000..7679106 --- /dev/null +++ b/manifests/concourse.pp @@ -0,0 +1,89 @@ +# @summary Sets up the Concourse CI/CD system +# +# TODO file modes for just about everything. +# +# https://concourse-ci.org/ +class profiles::concourse ( + String $database_name = 'atc', + String $database_username = 'concourse', + String $database_password = extlib::cache_data('profiles', 'concourse_database_password', extlib::random_password(25)), + + String $keydir = '/usr/lib/concourse', + String $session_signing_key = "${keydir}/session_signing_key", + String $tsa_host_key = "${keydir}/tsa_host_key", + String $worker_key = "${keydir}/worker_key", + String $authorized_worker_keys = "${keydir}/authorized_worker_keys", +) { + ensure_packages([ + 'concourse', + 'concourse-resource-types', + 'concourse-fly-cli', + ]) + + include ::profiles::postgresql + + postgresql::server::db { $database_name: + user => $database_username, + password => $database_password, + grant => 'all', + comment => 'Concourse CI', + } + + exec { 'Concourse generate signing key': + command => ['concourse', 'generate-key', '-t', 'rsa', '-f', $session_signing_key], + creates => $session_signing_key, + path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',] + } + + exec { 'Concourse generate TSA host key': + command => ['concourse', 'generate-key', '-t', 'ssh', '-f', $tsa_host_key], + creates => $tsa_host_key, + path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',] + } + + exec { 'Concourse generate worker key': + command => ['concourse', 'generate-key', '-t', 'ssh', '-f', $worker_key], + creates => $worker_key, + path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',] + } + + file { $authorized_worker_keys: + content => $worker_key, + require => Exec['Concourse generate worker key'], + subscribe => Exec['Concourse generate worker key'], + } + + $env = { + 'CONCOURSE_ADD_LOCAL_USER' => 'hugo:password', + 'CONCOURSE_MAIN_TEAM_LOCAL_USER' => 'hugo', + + 'CONCOURSE_SESSION_SIGNING_KEY' => $session_signing_key, + 'CONCOURSE_TSA_HOST_KEY' => $tsa_host_key, + 'CONCOURSE_TSA_AUTHORIZED_KEYS' => $authorized_worker_keys, + + 'CONCOURSE_POSTGRES_USER' => $database_username, + 'CONCOURSE_POSTGRES_PASSWORD' => $database_password, + } + + $env_declarations = $env.map |$k, $v| { "${k}=${v}" }.join("\n") + $env_str = @("EOF") + # Environment file for concourse.service + # File managed by Puppet. Local changes WILL be overwritten. + ${env_declarations} + | EOF + + file { '/etc/conf.d/concourse': + content => $env_str, + } + + systemd::unit_file { 'concourse.service': + source => "puppet:///modules/${module_name}/concourse.service", + } ~> service { 'concourse': + ensure => running, + enable => true, + } + + # concourse quickstart --worker-work-dir=/usr/local/data/concourse + # + # cat worker-key >> authorized-worker-keys +} |