concourse-deployer 0.3.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -0
- data/README.md +18 -30
- data/lib/concourse/deployer.rb +20 -17
- data/lib/concourse/deployer/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5185fe2d302bb24607cf55f54a04ba6add0733db5f9b0c6ee69603b19faab13d
|
|
4
|
+
data.tar.gz: 98149d8841e9da19424d99a112791eea552cb7b2994be99ceada2a5869c7e791
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a92e620f3eb30cef9ba6bfbd7a1f8e3cc4674a2ea22125490e2d733759b875deccc3cbb1da09b1a9ea491201de5d8d68743756c5002a21641905598a1827ef0d
|
|
7
|
+
data.tar.gz: 22248df1030c13eff79f96323633b29bacbf558489797303ae83fde0e9bd30199726441debc31c6aadb941dd63cc08178503091c606b048cc6d0c451f50c5b44
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,23 @@
|
|
|
1
1
|
# Changelog for `concourse-deployer`
|
|
2
2
|
|
|
3
|
+
## v0.5.0 / 2020-03-29
|
|
4
|
+
|
|
5
|
+
Features:
|
|
6
|
+
|
|
7
|
+
- Concourse v6.0.0 support.
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
## v0.4.0 / 2019-11-02
|
|
11
|
+
|
|
12
|
+
Features:
|
|
13
|
+
|
|
14
|
+
- use the limit-active-tasks container placement strategy
|
|
15
|
+
|
|
16
|
+
Security:
|
|
17
|
+
|
|
18
|
+
- do not create or use a local user if a main_team is defined; avoid having a username/password account that could be brute-forced
|
|
19
|
+
|
|
20
|
+
|
|
3
21
|
## v0.3.0 / 2019-02-16
|
|
4
22
|
|
|
5
23
|
Features:
|
data/README.md
CHANGED
|
@@ -61,15 +61,15 @@ Concourse::Deployer.new.create_tasks!
|
|
|
61
61
|
Available tasks:
|
|
62
62
|
|
|
63
63
|
``` sh
|
|
64
|
-
rake bbl:gcp:init[gcp_project_id]
|
|
65
|
-
rake bbl:gcp:up
|
|
66
|
-
rake bosh:deploy
|
|
67
|
-
rake bosh:init
|
|
68
|
-
rake bosh:interpolate
|
|
69
|
-
rake bosh:update
|
|
70
|
-
rake bosh:update:concourse_deployment # update the git submodule for concourse-bosh-deployment
|
|
71
|
-
rake bosh:update:ubuntu_stemcell
|
|
72
|
-
rake db:connect
|
|
64
|
+
rake bbl:gcp:init[gcp_project_id] # initialize bosh-bootloader for GCP
|
|
65
|
+
rake bbl:gcp:up # terraform your environment and deploy the bosh director
|
|
66
|
+
rake bosh:deploy # deploy concourse
|
|
67
|
+
rake bosh:init # prepare the concourse bosh deployment
|
|
68
|
+
rake bosh:interpolate # view interpolated manifest
|
|
69
|
+
rake bosh:update # macro task for all `update` subtasks
|
|
70
|
+
rake bosh:update:concourse_deployment[commitish] # update the git submodule for concourse-bosh-deployment (default: master)
|
|
71
|
+
rake bosh:update:ubuntu_stemcell # upload ubuntu stemcell to the director
|
|
72
|
+
rake db:connect # connect to the postgres database
|
|
73
73
|
```
|
|
74
74
|
|
|
75
75
|
See full instructions below.
|
|
@@ -90,7 +90,7 @@ Files which contain sensitive data:
|
|
|
90
90
|
You will see these files listed in `.gitattributes` invoking git-crypt for them.
|
|
91
91
|
|
|
92
92
|
|
|
93
|
-
##
|
|
93
|
+
## Deploy to GCP
|
|
94
94
|
|
|
95
95
|
### Step 0: create a GCP project, and create and config a Postgres database
|
|
96
96
|
|
|
@@ -241,7 +241,7 @@ This will:
|
|
|
241
241
|
Note that you will need to type in your database password; this is located in `secrets.yml`.
|
|
242
242
|
|
|
243
243
|
|
|
244
|
-
##
|
|
244
|
+
## Upgrade `bbl`
|
|
245
245
|
|
|
246
246
|
When a new version of bosh-bootloader comes out, just [download it](https://github.com/cloudfoundry/bosh-bootloader/releases) and make sure it's in your path as `bbl` (check by running `bbl -v`) and then:
|
|
247
247
|
|
|
@@ -254,7 +254,7 @@ $ rake bbl:gcp:up
|
|
|
254
254
|
Make sure to commit into source control all the changes in your project directory (`bbl-state.json`, `vars/`, `bosh-deployment/`, etc.).
|
|
255
255
|
|
|
256
256
|
|
|
257
|
-
##
|
|
257
|
+
## Upgrade `concourse-bosh-deployment`
|
|
258
258
|
|
|
259
259
|
If a new version of concourse comes out, and you'd like to upgrade, first read the [release notes for Concourse](https://concourse-ci.org/download.html) to check for any relevant breaking changes.
|
|
260
260
|
|
|
@@ -265,6 +265,12 @@ $ rake bosh:update:concourse_deployment
|
|
|
265
265
|
$ rake bosh:deploy
|
|
266
266
|
```
|
|
267
267
|
|
|
268
|
+
If you want to pin your concourse deployment to a specific version (or branch):
|
|
269
|
+
|
|
270
|
+
``` sh
|
|
271
|
+
$ rake bosh:update:concourse_deployment[v5.0.0]
|
|
272
|
+
```
|
|
273
|
+
|
|
268
274
|
Make sure you commit to source control the updated git submodule.
|
|
269
275
|
|
|
270
276
|
|
|
@@ -280,27 +286,9 @@ The gem is available as open source under the terms of the [MIT License](http://
|
|
|
280
286
|
|
|
281
287
|
## TODO
|
|
282
288
|
|
|
283
|
-
- [ ] update windows stemcell
|
|
284
|
-
- [ ] include windows worker in manifest
|
|
285
|
-
- [ ] deploy windows ruby tools release to the windows vms
|
|
286
|
-
- [x] + x_frame_options: "SAMEORIGIN"
|
|
287
|
-
- [x] + container_placement_strategy: random
|
|
288
289
|
- [ ] enable encryption https://concourse.ci/encryption.html
|
|
289
|
-
- [x] allow scaling up/down by locally setting number of VMs (currently hardcoded in gem)
|
|
290
|
-
- [x] start using https://github.com/dpb587/caddy-bosh-release instead of the letsencrypt rake tasks
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
Things to follow up on:
|
|
294
|
-
|
|
295
|
-
- [x] upgrading! ZOMG
|
|
296
290
|
- [ ] consider swapping secrets-wizarding and rake task for deploy for a shell script that's user-modifiable
|
|
297
291
|
- [ ] bbl feature for suspending/unsuspending the director VM?
|
|
298
292
|
- [ ] stack driver add-on?
|
|
299
293
|
- [ ] metrics? https://concourse-ci.org/metrics.html
|
|
300
294
|
- [ ] credhub for credential management? https://concourse-ci.org/creds.html
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
Things I'm not immediately planning to do but that might be nice:
|
|
304
|
-
|
|
305
|
-
- [ ] ops file to make the cloud-config come in under default GCP quota
|
|
306
|
-
- [ ] ops files for a few variations on size/cost tradeoffs
|
data/lib/concourse/deployer.rb
CHANGED
|
@@ -79,15 +79,6 @@ module Concourse
|
|
|
79
79
|
ensure_in_envrc "BOSH_DEPLOYMENT", BOSH_DEPLOYMENT
|
|
80
80
|
|
|
81
81
|
bosh_secrets do |v|
|
|
82
|
-
v["local_user"] = (v["local_user"] || {}).tap do |local_user|
|
|
83
|
-
local_user["username"] = "concourse"
|
|
84
|
-
local_user["password"] ||= if which "apg"
|
|
85
|
-
`apg -n1`.strip
|
|
86
|
-
else
|
|
87
|
-
prompt "Please enter a password"
|
|
88
|
-
end
|
|
89
|
-
end
|
|
90
|
-
|
|
91
82
|
v["external_dns_name"] ||= prompt("Please enter a DNS name if you have one", bbl_external_ip)
|
|
92
83
|
|
|
93
84
|
v["postgres_host"] ||= prompt("External postgres host IP")
|
|
@@ -116,6 +107,16 @@ module Concourse
|
|
|
116
107
|
end
|
|
117
108
|
end
|
|
118
109
|
end
|
|
110
|
+
if v["main_team"].nil?
|
|
111
|
+
v["local_user"] = (v["local_user"] || {}).tap do |local_user|
|
|
112
|
+
local_user["username"] = "concourse"
|
|
113
|
+
local_user["password"] ||= if which "apg"
|
|
114
|
+
`apg -m32 -n1`.strip
|
|
115
|
+
else
|
|
116
|
+
prompt "Please enter a password"
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
end
|
|
119
120
|
end
|
|
120
121
|
|
|
121
122
|
ensure_file CONCOURSE_DEPLOYMENT_VARS do |f|
|
|
@@ -125,13 +126,14 @@ module Concourse
|
|
|
125
126
|
"web_vm_type" => "default",
|
|
126
127
|
"worker_vm_type" => "default", # "n1-standard-2"
|
|
127
128
|
"worker_ephemeral_disk" => "50GB_ephemeral_disk",
|
|
129
|
+
"max-active-tasks-per-worker" => 4, # twice the vCPUs (?)
|
|
128
130
|
}.to_yaml)
|
|
129
131
|
end
|
|
130
132
|
end
|
|
131
133
|
|
|
132
|
-
def bosh_update_concourse_deployment(
|
|
133
|
-
|
|
134
|
-
ensure_git_submodule "https://github.com/concourse/concourse-bosh-deployment",
|
|
134
|
+
def bosh_update_concourse_deployment(commitish)
|
|
135
|
+
commitish ||= "master"
|
|
136
|
+
ensure_git_submodule "https://github.com/concourse/concourse-bosh-deployment", commitish
|
|
135
137
|
end
|
|
136
138
|
|
|
137
139
|
def bosh_update_ubuntu_stemcell
|
|
@@ -180,18 +182,19 @@ module Concourse
|
|
|
180
182
|
c << "-l ../versions.yml"
|
|
181
183
|
c << "-l ../../#{BOSH_SECRETS}"
|
|
182
184
|
c << "--vars-store ../../#{BOSH_VARS_STORE}"
|
|
183
|
-
c << "-o operations/basic-auth.yml"
|
|
185
|
+
c << "-o operations/basic-auth.yml" unless bosh_secrets["main_team"]
|
|
184
186
|
c << "-o operations/web-network-extension.yml"
|
|
185
187
|
c << "-o operations/external-postgres.yml"
|
|
186
188
|
c << "-o operations/external-postgres-tls.yml"
|
|
187
189
|
c << "-o operations/external-postgres-client-cert.yml"
|
|
188
190
|
c << "-o operations/worker-ephemeral-disk.yml"
|
|
189
191
|
c << "-o operations/x-frame-options-sameorigin.yml"
|
|
190
|
-
c << "-o operations/container-placement-strategy-
|
|
192
|
+
c << "-o operations/container-placement-strategy-limit-active-tasks.yml"
|
|
191
193
|
c << "-o operations/scale.yml"
|
|
192
194
|
c << "-o ../../#{BOSH_OPERATIONS}" if File.exists?(BOSH_OPERATIONS)
|
|
193
195
|
c << "-o operations/github-auth.yml" if bosh_secrets["github_client"]
|
|
194
196
|
c << "--var network_name=default"
|
|
197
|
+
c << "--var azs=[z1]"
|
|
195
198
|
c << "--var external_host='#{external_dns_name}'"
|
|
196
199
|
c << "--var external_url='#{external_url}'"
|
|
197
200
|
c << "--var deployment_name=#{BOSH_DEPLOYMENT}"
|
|
@@ -263,9 +266,9 @@ module Concourse
|
|
|
263
266
|
]
|
|
264
267
|
|
|
265
268
|
namespace "update" do
|
|
266
|
-
desc "update the git submodule for concourse-bosh-deployment"
|
|
267
|
-
task "concourse_deployment", ["
|
|
268
|
-
bosh_update_concourse_deployment args["
|
|
269
|
+
desc "update the git submodule for concourse-bosh-deployment (default: master)"
|
|
270
|
+
task "concourse_deployment", ["commitish"] do |t, args|
|
|
271
|
+
bosh_update_concourse_deployment args["commitish"]
|
|
269
272
|
end
|
|
270
273
|
|
|
271
274
|
desc "upload ubuntu stemcell to the director"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: concourse-deployer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mike Dalessio
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-03-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: term-ansicolor
|
|
@@ -122,7 +122,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
122
122
|
- !ruby/object:Gem::Version
|
|
123
123
|
version: '0'
|
|
124
124
|
requirements: []
|
|
125
|
-
rubygems_version: 3.
|
|
125
|
+
rubygems_version: 3.1.2
|
|
126
126
|
signing_key:
|
|
127
127
|
specification_version: 4
|
|
128
128
|
summary: Rake tasks to help BOSH-deploy a Concourse CI environment.
|