concourse-deployer 0.3.0 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9961c750811bf5c2b0be8ccb7903655c1597f00ad643c74b2a2b470a03cb2afc
4
- data.tar.gz: 8e32bdeb837566cbc5478cc4c7c9464cd8edd1b6c68297e151828afe6c3df707
3
+ metadata.gz: 5185fe2d302bb24607cf55f54a04ba6add0733db5f9b0c6ee69603b19faab13d
4
+ data.tar.gz: 98149d8841e9da19424d99a112791eea552cb7b2994be99ceada2a5869c7e791
5
5
  SHA512:
6
- metadata.gz: d8bb2e00967f3c3cbd284f35f34e6b59855c795916a6b85d581a42aca0448f494035bc5abb660e7edb7d11a251cc1de2212dc219fa32019e3c4afced43fb0563
7
- data.tar.gz: 7457cb3e89f63f9b53b2afcbb98e08a70e7a7c936f98e86b0bb0acc76d9906249e9cc275ee0a36da4168b3185f4cad1f2f0fbace987a735a91971aac31663764
6
+ metadata.gz: a92e620f3eb30cef9ba6bfbd7a1f8e3cc4674a2ea22125490e2d733759b875deccc3cbb1da09b1a9ea491201de5d8d68743756c5002a21641905598a1827ef0d
7
+ data.tar.gz: 22248df1030c13eff79f96323633b29bacbf558489797303ae83fde0e9bd30199726441debc31c6aadb941dd63cc08178503091c606b048cc6d0c451f50c5b44
@@ -1,5 +1,23 @@
1
1
  # Changelog for `concourse-deployer`
2
2
 
3
+ ## v0.5.0 / 2020-03-29
4
+
5
+ Features:
6
+
7
+ - Concourse v6.0.0 support.
8
+
9
+
10
+ ## v0.4.0 / 2019-11-02
11
+
12
+ Features:
13
+
14
+ - use the limit-active-tasks container placement strategy
15
+
16
+ Security:
17
+
18
+ - do not create or use a local user if a main_team is defined; avoid having a username/password account that could be brute-forced
19
+
20
+
3
21
  ## v0.3.0 / 2019-02-16
4
22
 
5
23
  Features:
data/README.md CHANGED
@@ -61,15 +61,15 @@ Concourse::Deployer.new.create_tasks!
61
61
  Available tasks:
62
62
 
63
63
  ``` sh
64
- rake bbl:gcp:init[gcp_project_id] # initialize bosh-bootloader for GCP
65
- rake bbl:gcp:up # terraform your environment and deploy the bosh director
66
- rake bosh:deploy # deploy concourse
67
- rake bosh:init # prepare the concourse bosh deployment
68
- rake bosh:interpolate # view interpolated manifest
69
- rake bosh:update # macro task for all `update` subtasks
70
- rake bosh:update:concourse_deployment # update the git submodule for concourse-bosh-deployment
71
- rake bosh:update:ubuntu_stemcell # upload ubuntu stemcell to the director
72
- rake db:connect # connect to the postgres database
64
+ rake bbl:gcp:init[gcp_project_id] # initialize bosh-bootloader for GCP
65
+ rake bbl:gcp:up # terraform your environment and deploy the bosh director
66
+ rake bosh:deploy # deploy concourse
67
+ rake bosh:init # prepare the concourse bosh deployment
68
+ rake bosh:interpolate # view interpolated manifest
69
+ rake bosh:update # macro task for all `update` subtasks
70
+ rake bosh:update:concourse_deployment[commitish] # update the git submodule for concourse-bosh-deployment (default: master)
71
+ rake bosh:update:ubuntu_stemcell # upload ubuntu stemcell to the director
72
+ rake db:connect # connect to the postgres database
73
73
  ```
74
74
 
75
75
  See full instructions below.
@@ -90,7 +90,7 @@ Files which contain sensitive data:
90
90
  You will see these files listed in `.gitattributes` invoking git-crypt for them.
91
91
 
92
92
 
93
- ## Deploying to GCP
93
+ ## Deploy to GCP
94
94
 
95
95
  ### Step 0: create a GCP project, and create and config a Postgres database
96
96
 
@@ -241,7 +241,7 @@ This will:
241
241
  Note that you will need to type in your database password; this is located in `secrets.yml`.
242
242
 
243
243
 
244
- ## Upgrading `bbl`
244
+ ## Upgrade `bbl`
245
245
 
246
246
  When a new version of bosh-bootloader comes out, just [download it](https://github.com/cloudfoundry/bosh-bootloader/releases) and make sure it's in your path as `bbl` (check by running `bbl -v`) and then:
247
247
 
@@ -254,7 +254,7 @@ $ rake bbl:gcp:up
254
254
  Make sure to commit into source control all the changes in your project directory (`bbl-state.json`, `vars/`, `bosh-deployment/`, etc.).
255
255
 
256
256
 
257
- ## Upgrading `concourse-bosh-deployment`
257
+ ## Upgrade `concourse-bosh-deployment`
258
258
 
259
259
  If a new version of concourse comes out, and you'd like to upgrade, first read the [release notes for Concourse](https://concourse-ci.org/download.html) to check for any relevant breaking changes.
260
260
 
@@ -265,6 +265,12 @@ $ rake bosh:update:concourse_deployment
265
265
  $ rake bosh:deploy
266
266
  ```
267
267
 
268
+ If you want to pin your concourse deployment to a specific version (or branch):
269
+
270
+ ``` sh
271
+ $ rake bosh:update:concourse_deployment[v5.0.0]
272
+ ```
273
+
268
274
  Make sure you commit to source control the updated git submodule.
269
275
 
270
276
 
@@ -280,27 +286,9 @@ The gem is available as open source under the terms of the [MIT License](http://
280
286
 
281
287
  ## TODO
282
288
 
283
- - [ ] update windows stemcell
284
- - [ ] include windows worker in manifest
285
- - [ ] deploy windows ruby tools release to the windows vms
286
- - [x] + x_frame_options: "SAMEORIGIN"
287
- - [x] + container_placement_strategy: random
288
289
  - [ ] enable encryption https://concourse.ci/encryption.html
289
- - [x] allow scaling up/down by locally setting number of VMs (currently hardcoded in gem)
290
- - [x] start using https://github.com/dpb587/caddy-bosh-release instead of the letsencrypt rake tasks
291
-
292
-
293
- Things to follow up on:
294
-
295
- - [x] upgrading! ZOMG
296
290
  - [ ] consider swapping secrets-wizarding and rake task for deploy for a shell script that's user-modifiable
297
291
  - [ ] bbl feature for suspending/unsuspending the director VM?
298
292
  - [ ] stack driver add-on?
299
293
  - [ ] metrics? https://concourse-ci.org/metrics.html
300
294
  - [ ] credhub for credential management? https://concourse-ci.org/creds.html
301
-
302
-
303
- Things I'm not immediately planning to do but that might be nice:
304
-
305
- - [ ] ops file to make the cloud-config come in under default GCP quota
306
- - [ ] ops files for a few variations on size/cost tradeoffs
@@ -79,15 +79,6 @@ module Concourse
79
79
  ensure_in_envrc "BOSH_DEPLOYMENT", BOSH_DEPLOYMENT
80
80
 
81
81
  bosh_secrets do |v|
82
- v["local_user"] = (v["local_user"] || {}).tap do |local_user|
83
- local_user["username"] = "concourse"
84
- local_user["password"] ||= if which "apg"
85
- `apg -n1`.strip
86
- else
87
- prompt "Please enter a password"
88
- end
89
- end
90
-
91
82
  v["external_dns_name"] ||= prompt("Please enter a DNS name if you have one", bbl_external_ip)
92
83
 
93
84
  v["postgres_host"] ||= prompt("External postgres host IP")
@@ -116,6 +107,16 @@ module Concourse
116
107
  end
117
108
  end
118
109
  end
110
+ if v["main_team"].nil?
111
+ v["local_user"] = (v["local_user"] || {}).tap do |local_user|
112
+ local_user["username"] = "concourse"
113
+ local_user["password"] ||= if which "apg"
114
+ `apg -m32 -n1`.strip
115
+ else
116
+ prompt "Please enter a password"
117
+ end
118
+ end
119
+ end
119
120
  end
120
121
 
121
122
  ensure_file CONCOURSE_DEPLOYMENT_VARS do |f|
@@ -125,13 +126,14 @@ module Concourse
125
126
  "web_vm_type" => "default",
126
127
  "worker_vm_type" => "default", # "n1-standard-2"
127
128
  "worker_ephemeral_disk" => "50GB_ephemeral_disk",
129
+ "max-active-tasks-per-worker" => 4, # twice the vCPUs (?)
128
130
  }.to_yaml)
129
131
  end
130
132
  end
131
133
 
132
- def bosh_update_concourse_deployment(branch_or_tag)
133
- branch_or_tag ||= "master"
134
- ensure_git_submodule "https://github.com/concourse/concourse-bosh-deployment", branch_or_tag
134
+ def bosh_update_concourse_deployment(commitish)
135
+ commitish ||= "master"
136
+ ensure_git_submodule "https://github.com/concourse/concourse-bosh-deployment", commitish
135
137
  end
136
138
 
137
139
  def bosh_update_ubuntu_stemcell
@@ -180,18 +182,19 @@ module Concourse
180
182
  c << "-l ../versions.yml"
181
183
  c << "-l ../../#{BOSH_SECRETS}"
182
184
  c << "--vars-store ../../#{BOSH_VARS_STORE}"
183
- c << "-o operations/basic-auth.yml"
185
+ c << "-o operations/basic-auth.yml" unless bosh_secrets["main_team"]
184
186
  c << "-o operations/web-network-extension.yml"
185
187
  c << "-o operations/external-postgres.yml"
186
188
  c << "-o operations/external-postgres-tls.yml"
187
189
  c << "-o operations/external-postgres-client-cert.yml"
188
190
  c << "-o operations/worker-ephemeral-disk.yml"
189
191
  c << "-o operations/x-frame-options-sameorigin.yml"
190
- c << "-o operations/container-placement-strategy-random.yml"
192
+ c << "-o operations/container-placement-strategy-limit-active-tasks.yml"
191
193
  c << "-o operations/scale.yml"
192
194
  c << "-o ../../#{BOSH_OPERATIONS}" if File.exists?(BOSH_OPERATIONS)
193
195
  c << "-o operations/github-auth.yml" if bosh_secrets["github_client"]
194
196
  c << "--var network_name=default"
197
+ c << "--var azs=[z1]"
195
198
  c << "--var external_host='#{external_dns_name}'"
196
199
  c << "--var external_url='#{external_url}'"
197
200
  c << "--var deployment_name=#{BOSH_DEPLOYMENT}"
@@ -263,9 +266,9 @@ module Concourse
263
266
  ]
264
267
 
265
268
  namespace "update" do
266
- desc "update the git submodule for concourse-bosh-deployment"
267
- task "concourse_deployment", ["branch_or_tag"] do |t, args|
268
- bosh_update_concourse_deployment args["branch_or_tag"]
269
+ desc "update the git submodule for concourse-bosh-deployment (default: master)"
270
+ task "concourse_deployment", ["commitish"] do |t, args|
271
+ bosh_update_concourse_deployment args["commitish"]
269
272
  end
270
273
 
271
274
  desc "upload ubuntu stemcell to the director"
@@ -1,5 +1,5 @@
1
1
  module Concourse
2
2
  class Deployer
3
- VERSION = "0.3.0"
3
+ VERSION = "0.5.0"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: concourse-deployer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Dalessio
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-02-17 00:00:00.000000000 Z
11
+ date: 2020-03-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: term-ansicolor
@@ -122,7 +122,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
122
122
  - !ruby/object:Gem::Version
123
123
  version: '0'
124
124
  requirements: []
125
- rubygems_version: 3.0.1
125
+ rubygems_version: 3.1.2
126
126
  signing_key:
127
127
  specification_version: 4
128
128
  summary: Rake tasks to help BOSH-deploy a Concourse CI environment.