concourse-deployer 0.3.0 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -0
- data/README.md +18 -30
- data/lib/concourse/deployer.rb +20 -17
- data/lib/concourse/deployer/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5185fe2d302bb24607cf55f54a04ba6add0733db5f9b0c6ee69603b19faab13d
|
4
|
+
data.tar.gz: 98149d8841e9da19424d99a112791eea552cb7b2994be99ceada2a5869c7e791
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a92e620f3eb30cef9ba6bfbd7a1f8e3cc4674a2ea22125490e2d733759b875deccc3cbb1da09b1a9ea491201de5d8d68743756c5002a21641905598a1827ef0d
|
7
|
+
data.tar.gz: 22248df1030c13eff79f96323633b29bacbf558489797303ae83fde0e9bd30199726441debc31c6aadb941dd63cc08178503091c606b048cc6d0c451f50c5b44
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,23 @@
|
|
1
1
|
# Changelog for `concourse-deployer`
|
2
2
|
|
3
|
+
## v0.5.0 / 2020-03-29
|
4
|
+
|
5
|
+
Features:
|
6
|
+
|
7
|
+
- Concourse v6.0.0 support.
|
8
|
+
|
9
|
+
|
10
|
+
## v0.4.0 / 2019-11-02
|
11
|
+
|
12
|
+
Features:
|
13
|
+
|
14
|
+
- use the limit-active-tasks container placement strategy
|
15
|
+
|
16
|
+
Security:
|
17
|
+
|
18
|
+
- do not create or use a local user if a main_team is defined; avoid having a username/password account that could be brute-forced
|
19
|
+
|
20
|
+
|
3
21
|
## v0.3.0 / 2019-02-16
|
4
22
|
|
5
23
|
Features:
|
data/README.md
CHANGED
@@ -61,15 +61,15 @@ Concourse::Deployer.new.create_tasks!
|
|
61
61
|
Available tasks:
|
62
62
|
|
63
63
|
``` sh
|
64
|
-
rake bbl:gcp:init[gcp_project_id]
|
65
|
-
rake bbl:gcp:up
|
66
|
-
rake bosh:deploy
|
67
|
-
rake bosh:init
|
68
|
-
rake bosh:interpolate
|
69
|
-
rake bosh:update
|
70
|
-
rake bosh:update:concourse_deployment # update the git submodule for concourse-bosh-deployment
|
71
|
-
rake bosh:update:ubuntu_stemcell
|
72
|
-
rake db:connect
|
64
|
+
rake bbl:gcp:init[gcp_project_id] # initialize bosh-bootloader for GCP
|
65
|
+
rake bbl:gcp:up # terraform your environment and deploy the bosh director
|
66
|
+
rake bosh:deploy # deploy concourse
|
67
|
+
rake bosh:init # prepare the concourse bosh deployment
|
68
|
+
rake bosh:interpolate # view interpolated manifest
|
69
|
+
rake bosh:update # macro task for all `update` subtasks
|
70
|
+
rake bosh:update:concourse_deployment[commitish] # update the git submodule for concourse-bosh-deployment (default: master)
|
71
|
+
rake bosh:update:ubuntu_stemcell # upload ubuntu stemcell to the director
|
72
|
+
rake db:connect # connect to the postgres database
|
73
73
|
```
|
74
74
|
|
75
75
|
See full instructions below.
|
@@ -90,7 +90,7 @@ Files which contain sensitive data:
|
|
90
90
|
You will see these files listed in `.gitattributes` invoking git-crypt for them.
|
91
91
|
|
92
92
|
|
93
|
-
##
|
93
|
+
## Deploy to GCP
|
94
94
|
|
95
95
|
### Step 0: create a GCP project, and create and config a Postgres database
|
96
96
|
|
@@ -241,7 +241,7 @@ This will:
|
|
241
241
|
Note that you will need to type in your database password; this is located in `secrets.yml`.
|
242
242
|
|
243
243
|
|
244
|
-
##
|
244
|
+
## Upgrade `bbl`
|
245
245
|
|
246
246
|
When a new version of bosh-bootloader comes out, just [download it](https://github.com/cloudfoundry/bosh-bootloader/releases) and make sure it's in your path as `bbl` (check by running `bbl -v`) and then:
|
247
247
|
|
@@ -254,7 +254,7 @@ $ rake bbl:gcp:up
|
|
254
254
|
Make sure to commit into source control all the changes in your project directory (`bbl-state.json`, `vars/`, `bosh-deployment/`, etc.).
|
255
255
|
|
256
256
|
|
257
|
-
##
|
257
|
+
## Upgrade `concourse-bosh-deployment`
|
258
258
|
|
259
259
|
If a new version of concourse comes out, and you'd like to upgrade, first read the [release notes for Concourse](https://concourse-ci.org/download.html) to check for any relevant breaking changes.
|
260
260
|
|
@@ -265,6 +265,12 @@ $ rake bosh:update:concourse_deployment
|
|
265
265
|
$ rake bosh:deploy
|
266
266
|
```
|
267
267
|
|
268
|
+
If you want to pin your concourse deployment to a specific version (or branch):
|
269
|
+
|
270
|
+
``` sh
|
271
|
+
$ rake bosh:update:concourse_deployment[v5.0.0]
|
272
|
+
```
|
273
|
+
|
268
274
|
Make sure you commit to source control the updated git submodule.
|
269
275
|
|
270
276
|
|
@@ -280,27 +286,9 @@ The gem is available as open source under the terms of the [MIT License](http://
|
|
280
286
|
|
281
287
|
## TODO
|
282
288
|
|
283
|
-
- [ ] update windows stemcell
|
284
|
-
- [ ] include windows worker in manifest
|
285
|
-
- [ ] deploy windows ruby tools release to the windows vms
|
286
|
-
- [x] + x_frame_options: "SAMEORIGIN"
|
287
|
-
- [x] + container_placement_strategy: random
|
288
289
|
- [ ] enable encryption https://concourse.ci/encryption.html
|
289
|
-
- [x] allow scaling up/down by locally setting number of VMs (currently hardcoded in gem)
|
290
|
-
- [x] start using https://github.com/dpb587/caddy-bosh-release instead of the letsencrypt rake tasks
|
291
|
-
|
292
|
-
|
293
|
-
Things to follow up on:
|
294
|
-
|
295
|
-
- [x] upgrading! ZOMG
|
296
290
|
- [ ] consider swapping secrets-wizarding and rake task for deploy for a shell script that's user-modifiable
|
297
291
|
- [ ] bbl feature for suspending/unsuspending the director VM?
|
298
292
|
- [ ] stack driver add-on?
|
299
293
|
- [ ] metrics? https://concourse-ci.org/metrics.html
|
300
294
|
- [ ] credhub for credential management? https://concourse-ci.org/creds.html
|
301
|
-
|
302
|
-
|
303
|
-
Things I'm not immediately planning to do but that might be nice:
|
304
|
-
|
305
|
-
- [ ] ops file to make the cloud-config come in under default GCP quota
|
306
|
-
- [ ] ops files for a few variations on size/cost tradeoffs
|
data/lib/concourse/deployer.rb
CHANGED
@@ -79,15 +79,6 @@ module Concourse
|
|
79
79
|
ensure_in_envrc "BOSH_DEPLOYMENT", BOSH_DEPLOYMENT
|
80
80
|
|
81
81
|
bosh_secrets do |v|
|
82
|
-
v["local_user"] = (v["local_user"] || {}).tap do |local_user|
|
83
|
-
local_user["username"] = "concourse"
|
84
|
-
local_user["password"] ||= if which "apg"
|
85
|
-
`apg -n1`.strip
|
86
|
-
else
|
87
|
-
prompt "Please enter a password"
|
88
|
-
end
|
89
|
-
end
|
90
|
-
|
91
82
|
v["external_dns_name"] ||= prompt("Please enter a DNS name if you have one", bbl_external_ip)
|
92
83
|
|
93
84
|
v["postgres_host"] ||= prompt("External postgres host IP")
|
@@ -116,6 +107,16 @@ module Concourse
|
|
116
107
|
end
|
117
108
|
end
|
118
109
|
end
|
110
|
+
if v["main_team"].nil?
|
111
|
+
v["local_user"] = (v["local_user"] || {}).tap do |local_user|
|
112
|
+
local_user["username"] = "concourse"
|
113
|
+
local_user["password"] ||= if which "apg"
|
114
|
+
`apg -m32 -n1`.strip
|
115
|
+
else
|
116
|
+
prompt "Please enter a password"
|
117
|
+
end
|
118
|
+
end
|
119
|
+
end
|
119
120
|
end
|
120
121
|
|
121
122
|
ensure_file CONCOURSE_DEPLOYMENT_VARS do |f|
|
@@ -125,13 +126,14 @@ module Concourse
|
|
125
126
|
"web_vm_type" => "default",
|
126
127
|
"worker_vm_type" => "default", # "n1-standard-2"
|
127
128
|
"worker_ephemeral_disk" => "50GB_ephemeral_disk",
|
129
|
+
"max-active-tasks-per-worker" => 4, # twice the vCPUs (?)
|
128
130
|
}.to_yaml)
|
129
131
|
end
|
130
132
|
end
|
131
133
|
|
132
|
-
def bosh_update_concourse_deployment(
|
133
|
-
|
134
|
-
ensure_git_submodule "https://github.com/concourse/concourse-bosh-deployment",
|
134
|
+
def bosh_update_concourse_deployment(commitish)
|
135
|
+
commitish ||= "master"
|
136
|
+
ensure_git_submodule "https://github.com/concourse/concourse-bosh-deployment", commitish
|
135
137
|
end
|
136
138
|
|
137
139
|
def bosh_update_ubuntu_stemcell
|
@@ -180,18 +182,19 @@ module Concourse
|
|
180
182
|
c << "-l ../versions.yml"
|
181
183
|
c << "-l ../../#{BOSH_SECRETS}"
|
182
184
|
c << "--vars-store ../../#{BOSH_VARS_STORE}"
|
183
|
-
c << "-o operations/basic-auth.yml"
|
185
|
+
c << "-o operations/basic-auth.yml" unless bosh_secrets["main_team"]
|
184
186
|
c << "-o operations/web-network-extension.yml"
|
185
187
|
c << "-o operations/external-postgres.yml"
|
186
188
|
c << "-o operations/external-postgres-tls.yml"
|
187
189
|
c << "-o operations/external-postgres-client-cert.yml"
|
188
190
|
c << "-o operations/worker-ephemeral-disk.yml"
|
189
191
|
c << "-o operations/x-frame-options-sameorigin.yml"
|
190
|
-
c << "-o operations/container-placement-strategy-
|
192
|
+
c << "-o operations/container-placement-strategy-limit-active-tasks.yml"
|
191
193
|
c << "-o operations/scale.yml"
|
192
194
|
c << "-o ../../#{BOSH_OPERATIONS}" if File.exists?(BOSH_OPERATIONS)
|
193
195
|
c << "-o operations/github-auth.yml" if bosh_secrets["github_client"]
|
194
196
|
c << "--var network_name=default"
|
197
|
+
c << "--var azs=[z1]"
|
195
198
|
c << "--var external_host='#{external_dns_name}'"
|
196
199
|
c << "--var external_url='#{external_url}'"
|
197
200
|
c << "--var deployment_name=#{BOSH_DEPLOYMENT}"
|
@@ -263,9 +266,9 @@ module Concourse
|
|
263
266
|
]
|
264
267
|
|
265
268
|
namespace "update" do
|
266
|
-
desc "update the git submodule for concourse-bosh-deployment"
|
267
|
-
task "concourse_deployment", ["
|
268
|
-
bosh_update_concourse_deployment args["
|
269
|
+
desc "update the git submodule for concourse-bosh-deployment (default: master)"
|
270
|
+
task "concourse_deployment", ["commitish"] do |t, args|
|
271
|
+
bosh_update_concourse_deployment args["commitish"]
|
269
272
|
end
|
270
273
|
|
271
274
|
desc "upload ubuntu stemcell to the director"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: concourse-deployer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mike Dalessio
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-03-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: term-ansicolor
|
@@ -122,7 +122,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
122
122
|
- !ruby/object:Gem::Version
|
123
123
|
version: '0'
|
124
124
|
requirements: []
|
125
|
-
rubygems_version: 3.
|
125
|
+
rubygems_version: 3.1.2
|
126
126
|
signing_key:
|
127
127
|
specification_version: 4
|
128
128
|
summary: Rake tasks to help BOSH-deploy a Concourse CI environment.
|