1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
# @summary Sets up the Concourse CI/CD system
#
# TODO file modes for just about everything.
#
# https://concourse-ci.org/
class profiles::concourse (
String $database_name = 'atc',
String $database_username = 'concourse',
String $database_password = extlib::cache_data('profiles', 'concourse_database_password', extlib::random_password(25)),
String $keydir = '/usr/lib/concourse',
String $session_signing_key = "${keydir}/session_signing_key",
String $tsa_host_key = "${keydir}/tsa_host_key",
String $worker_key = "${keydir}/worker_key",
String $authorized_worker_keys = "${keydir}/authorized_worker_keys",
) {
ensure_packages([
'concourse',
'concourse-resource-types',
'concourse-fly-cli',
])
include ::profiles::postgresql
postgresql::server::db { $database_name:
user => $database_username,
password => $database_password,
grant => 'all',
comment => 'Concourse CI',
}
exec { 'Concourse generate signing key':
command => ['concourse', 'generate-key', '-t', 'rsa', '-f', $session_signing_key],
creates => $session_signing_key,
path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',]
}
exec { 'Concourse generate TSA host key':
command => ['concourse', 'generate-key', '-t', 'ssh', '-f', $tsa_host_key],
creates => $tsa_host_key,
path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',]
}
exec { 'Concourse generate worker key':
command => ['concourse', 'generate-key', '-t', 'ssh', '-f', $worker_key],
creates => $worker_key,
path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin',]
}
file { $authorized_worker_keys:
content => $worker_key,
require => Exec['Concourse generate worker key'],
subscribe => Exec['Concourse generate worker key'],
}
$env = {
'CONCOURSE_ADD_LOCAL_USER' => 'hugo:password',
'CONCOURSE_MAIN_TEAM_LOCAL_USER' => 'hugo',
'CONCOURSE_SESSION_SIGNING_KEY' => $session_signing_key,
'CONCOURSE_TSA_HOST_KEY' => $tsa_host_key,
'CONCOURSE_TSA_AUTHORIZED_KEYS' => $authorized_worker_keys,
'CONCOURSE_POSTGRES_USER' => $database_username,
'CONCOURSE_POSTGRES_PASSWORD' => $database_password,
}
$env_declarations = $env.map |$k, $v| { "${k}=${v}" }.join("\n")
$env_str = @("EOF")
# Environment file for concourse.service
# File managed by Puppet. Local changes WILL be overwritten.
${env_declarations}
| EOF
file { '/etc/conf.d/concourse':
content => $env_str,
}
systemd::unit_file { 'concourse.service':
source => "puppet:///modules/${module_name}/concourse.service",
} ~> service { 'concourse':
ensure => running,
enable => true,
}
# concourse quickstart --worker-work-dir=/usr/local/data/concourse
#
# cat worker-key >> authorized-worker-keys
}
|