troykinsella.concourse

Panoramica Versioni Approfondimenti

ansible-concourse

This is an Ansible role designed to manage Concourse CI.

Overview

This role helps you set up and manage a Concourse CI web service (ATC/TSA) or worker service installation.

It can:

(Optional) Create a user and group named concourse to run the service.
(Optional) Format and mount a storage volume for Concourse tasks.
Install a systemd service for concourse-web and/or concourse-worker.
Download the Concourse binary from the official site.
Create a script to handle options for the executable.
Install necessary SSH key files provided via variables.

It does not:

Generate SSH key-pairs.
Manage the Postgres database.
Handle cloud infrastructure.

Installation

To install the role, run:

ansible-galaxy install troykinsella.concourse

Branches

master: Concourse 7.x (7.1.0)
support/6.x: Concourse 6.x
support/5.x: Concourse 5.x
support/4.x: Concourse 4.x
support/3.x: Concourse 3.x

Note: Concourse may have breaking changes in command options between major versions, so specific branches may not support older minor or patch versions.

Role Variables

Default values for many variables can be found in defaults/main.yml. Most of these variables correspond to options used when launching the Concourse binary. For more details, use concourse web -h or concourse worker -h.

Note: Most variables have sensible defaults and typically do not need to be set unless specific control over behavior is required.

Maintenance Variables

concourse_force_restart: Optional. Default: "no". Forces a restart of services regardless of configuration changes.

User Variables

concourse_manage_user: Optional. Default: "yes". Manages the system user for file ownership.
concourse_user: Optional. User who will own the Concourse installation directory and processes.
concourse_uid: Optional. User ID.
concourse_group: Optional. Group owning the Concourse installation directory and processes.
concourse_gid: Optional. Group ID.

Installation Variables

concourse_version: Optional. Version of Concourse to install.
concourse_install_prefix_dir: Optional. Base directory for installing Concourse.
concourse_install_dir: Optional. Path where the Concourse tarball will be extracted.
concourse_binary_path: Optional. Absolute path to the Concourse binary.
concourse_bin_dir: Optional. Directory for the Concourse binary and scripts.
concourse_etc_dir: Optional. Directory for Concourse-related files.
concourse_archive_name: Optional. Name of the Concourse tarball to install.
concourse_archive_url: Optional. URL to download the Concourse tarball.
concourse_archive_checksum: Optional. Checksum for validating the downloaded archive.
concourse_archive_os: Optional. Operating system for fetching the Concourse tarball.
concourse_archive_arch: Optional. System architecture for fetching the Concourse tarball.
concourse_archive_fetch_timeout: Optional. Timeout duration for downloading the Concourse tarball.
concourse_archive_delete_after_unarchive: Optional. Default: "yes". Delete the tarball after unpacking.
concourse_binary_mode: Optional. File permission mode for the Concourse binary.
concourse_etc_files_mode: Optional. File permission mode for files in concourse_etc_dir.

Common Variables

concourse_service_enabled: Optional. Default: "yes". Manages a systemd service for a Concourse web and/or worker instance.
concourse_service_start: Optional. Default: "yes". Starts the systemd services for Concourse.
concourse_log_level: Optional. Minimum logging level. [debug|info|error|fatal]
concourse_env_file: Optional. A file with environment variables for the systemd service unit file.

Web Variables

concourse_web: Optional. Set to "yes" to install the Concourse ATC.
concourse_bind_ip: Optional. IP address to listen for web traffic.
concourse_bind_port: Optional. Port for HTTP traffic.
concourse_tls_bind_port: Optional. Port for HTTPS traffic.
concourse_tls_certificate: Optional. Content of the TLS certificate for HTTPS.
concourse_tls_certificate_path: Optional. Path to the remote TLS certificate.
concourse_tls_key: Optional. Content of the TLS key for HTTPS.
concourse_tls_key_path: Optional. Path to the remote TLS key.
concourse_peer_address: Optional. ATC URL for other ATCs in the cluster.
concourse_external_url: Optional. External URL for accessing any ATC.
concourse_web_launcher_path: Optional. Path to the web process launch script.
concourse_web_launcher_mode: Optional. File permission mode of the web launcher script.
concourse_cli_artifacts_dir: Optional. Value for the --cli-artifacts-dir option.
concourse_authorized_worker_keys_path: Optional. Path to the authorized worker keys file.
concourse_host_key_path: Optional. Path to the host key file.
concourse_session_signing_key: Required. Session signing key.
concourse_session_signing_key_path: Optional. Path to the session signing key file.
concourse_encryption_key: Optional. Key for encrypting sensitive data.
concourse_old_encryption_key: Optional. Previously used encryption key.
concourse_host_key: Required. Host key.
concourse_authorized_worker_keys: Required. Authorized worker keys.
concourse_auth_duration: Optional. Token validity duration.
concourse_resource_checking_interval: Optional. Interval to check for resource updates.
concourse_base_resource_type_defaults: Optional. Cluster-wide resource type defaults.
concourse_base_resource_type_defaults_file: Optional. Path to the resource type defaults file.
concourse_web_options: Optional. Other options to pass to concourse.
concourse_web_env: Optional. Environment variables for the concourse web process.

Web PostgreSQL Variables

concourse_postgres_host: Optional. Postgres host to connect to.
concourse_postgres_port: Optional. Port for Postgres connection.
concourse_postgres_socket: Optional. Path to Unix socket for connection.
concourse_postgres_user: Optional. User for Postgres sign-in.
concourse_postgres_password: Optional. Password for the Postgres user.
concourse_postgres_ssl_mode: Optional. Whether to use SSL for Postgres.
concourse_postgres_ca_cert: Optional. Location of the Postgres CA cert.
concourse_postgres_client_cert: Optional. Location of the Postgres client cert.
concourse_postgres_client_key: Optional. Location of the Postgres client key.
concourse_postgres_connect_timeout: Optional. Timeout for Postgres connection.
concourse_postgres_database: Optional. Name of the Postgres database.

Web Local Authentication Variables

concourse_local_users: Optional. List of local user credentials for Concourse.
concourse_main_team_local_users: Optional. Whitelisted local users.

Web GitHub Authentication Variables

concourse_github_client_id: Optional. GitHub client ID.
concourse_github_client_secret: Optional. GitHub client secret.
concourse_main_team_github_users: Optional. Whitelisted GitHub users.
concourse_main_team_github_orgs: Optional. Whitelisted GitHub organizations.
concourse_main_team_github_teams: Optional. Whitelisted GitHub teams.

Web Other Authentication Methods

Not supported. You can provide concourse web options using the concourse_web_options variable.

Worker Variables

concourse_worker: Optional. Set to "yes" to install a Concourse worker.
concourse_worker_launcher_path: Optional. Path to the worker's launch script.
concourse_worker_land_path: Optional. Path for landing a worker.
concourse_worker_retire_path: Optional. Path for retiring a worker.
concourse_worker_binary_mode: Optional. File permission mode for worker scripts.
concourse_worker_land_on_stop: Optional. Default: "no". Land worker when stopping the service.
concourse_worker_retire_on_stop: Optional. Default: "yes". Retire worker when stopping the service.
concourse_work_dir: Optional. Directory for the worker's tasks.
concourse_tsa_public_key_path: Optional. Path to the TSA public key file.
concourse_tsa_worker_key_path: Optional. Path to the worker private key file.
concourse_tsa_host: Required. Value for the --tsa-host option.
concourse_tsa_public_key: Required. TSA public key.
concourse_tsa_worker_key: Required. TSA worker private key.
concourse_worker_tag: Optional. Value for the --tag option.
concourse_baggageclaim_driver: Optional. Driver for managing volumes.
concourse_worker_options: Optional. Other options for concourse.
concourse_worker_env: Optional. Environment variables for the concourse worker process.
concourse_manage_work_volume: Optional. Default: "no". Manages the work volume.
concourse_work_volume_device: Required if concourse_manage_work_volume is "yes".
concourse_work_volume_fs_type: Optional. Filesystem type for the work volume.
concourse_work_volume_fs_opts: Optional. Options for creating the work volume filesystem.
concourse_work_volume_fs_force_create: Optional. Default: "no". Allows creating a filesystem on an existing device.
concourse_work_volume_fs_resize: Optional. Default: "no". Grows filesystem if sizes differ.
concourse_work_volume_mount_path: Optional. Directory where the work volume will be mounted.
concourse_work_volume_mount_opts: Optional. Mount options for the work volume.

Sample Playbook

- hosts: atc
  roles:
  - role: troykinsella.concourse
    concourse_web: yes
    concourse_authorized_worker_keys:
    - "{{ worker_public_key }}"
    concourse_postgres_host: concoursedb.abc123.us-east-1.rds.amazonaws.com
    concourse_postgres_user: concourse
    concourse_postgres_password: changeme
    concourse_postgres_database: atc
    concourse_local_users:
    - name: admin
      password: my_bcrypted_password
    concourse_main_team_local_users:
    - admin
    concourse_external_url: http://concourse.example.com

- hosts: workers
  roles:
  - role: troykinsella.concourse
    concourse_worker: yes
    concourse_tsa_host: my-atc
    concourse_tsa_public_key: "{{ host_pub_key }}"
    concourse_tsa_worker_key: "{{ worker_key }}"
    concourse_worker_env:
      CONCOURSE_GARDEN_NETWORK_POOL: 10.254.0.0/16
      CONCOURSE_GARDEN_MAX_CONTAINERS: 512
      CONCOURSE_GARDEN_DOCKER_REGISTRY: https://docker.my-private-registry.org