OSDN > Buscar Software > Internet > WWW/HTTP > Indexing/Search > Meta Search > SCM > git > grid-chef-repo > Commit

Meta Search
Fork

R/O
HTTP
SSH
HTTPS

grid-chef-repo: Commit

Grid環境構築用のChefリポジトリです。

Commit MetaInfo

Revisión	7e823972b95c4ab5c66a5ba4e23d2c2caf88bb44 (tree)
Tiempo	2017-07-25 22:17:19
Autor	whitestar <whitestar@user...>
Commiter	whitestar

Log Message

adds a reverse proxy (nginx) service to the nexus-grid::docker-compose recipe.

Cambiar Resumen

modified: cookbooks/nexus-grid/CHANGELOG.md (diff)
modified: cookbooks/nexus-grid/README.md (diff)
modified: cookbooks/nexus-grid/attributes/default.rb (diff)
modified: cookbooks/nexus-grid/recipes/docker-compose.rb (diff)
add: cookbooks/nexus-grid/templates/default/opt/docker-compose/app/nexus/etc/nginx/nginx.conf (diff)
modified: cookbooks/nexus-grid/version (diff)

Diferencia incremental

--- a/cookbooks/nexus-grid/CHANGELOG.md

+++ b/cookbooks/nexus-grid/CHANGELOG.md

		@@ -1,5 +1,10 @@
1	1	# nexus-grid CHANGELOG
2	2
	3	+0.1.1
	4	+-----
	5	+- adds a reverse proxy (nginx) service to the `nexus-grid::docker-compose` recipe.
	6	+- adds the SSL configuration feature by reverse proxy.
	7	+
3	8	0.1.0
4	9	-----
5	10	- Initial release of nexus-gird

--- a/cookbooks/nexus-grid/README.md

+++ b/cookbooks/nexus-grid/README.md

		@@ -15,6 +15,7 @@ This cookbook sets up a Sonatype Nexus Repository Manager by Docker Compose.
15	15	- [nexus-grid::default](#nexus-griddefault)
16	16	- [nexus-grid::docker-compose](#nexus-griddocker-compose)
17	17	- [Role Examples](#role-examples)
	18	+ - [SSL server keys and certificates management by ssl_cert cookbook](#ssl-server-keys-and-certificates-management-by-ssl_cert-cookbook)
18	19	- [License and Authors](#license-and-authors)
19	20
20	21	## Requirements

		@@ -36,7 +37,10 @@ This cookbook sets up a Sonatype Nexus Repository Manager by Docker Compose.
36	37
37	38	\|Key\|Type\|Description, example\|Default\|
38	39	\|:--\|:--\|:--\|:--\|
	40	+\|`['nexus-grid']['with_ssl_cert_cookbook']`\|Boolean\|Activates TLS configurations by the `ssl_cert` cookbook. See `attributes/default.rb`\|`false`\|
	41	+\|`['nexus-grid']['ssl_cert']['common_name']`\|String\|Server common name for TLS\|`node['fqdn']`\|
39	42	\|`['nexus-grid']['docker-compose']['app_dir']`\|String\|\|`"#{node['docker-grid']['compose']['app_dir']}/nexus"`\|
	43	+\|`['nexus-grid']['docker-compose']['etc_dir']`\|String\|\|`"#{node['nexus-grid']['docker-compose']['app_dir']}/etc"`\|
40	44	\|`['nexus-grid']['docker-compose']['data_dir']`\|String\|Path string or nil (unset).\|`"#{node['nexus-grid']['docker-compose']['app_dir']}/data"`\|
41	45	\|`['nexus-grid']['docker-compose']['config']`\|Hash\|`docker-compose.yml` configurations.\|See `attributes/default.rb`\|
42	46

		@@ -70,25 +74,91 @@ port = '8081'
70	74
71	75	override_attributes(
72	76	'nexus-grid' => {
73		- #'https_enabled' => true, # not supported yet.
74	77	'docker-compose' => {
75	78	'config' => {
76	79	'version' => '2',
77	80	'services' => {
	81	+ 'reverseproxy' => {
	82	+ 'ports' => [
	83	+ "#{port}:8081",
	84	+ ],
	85	+ 'volumes' => [
	86	+ # This volume will be set by the nexus-grid::docker-compose recipe automatically.
	87	+ #"#{node['nexus-grid']['docker-compose']['etc_dir']}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro",
	88	+ ],
	89	+ },
78	90	'nexus' => {
79	91	'restart' => 'always',
80	92	'image' => image,
	93	+ 'volumes' => [
	94	+ # This volume will be set by the nexus-grid::docker-compose recipe automatically.
	95	+ #"#{node['nexus-grid']['docker-compose']['data_dir']}:/nexus-data",
	96	+ ],
	97	+ 'environment' => {
	98	+ #'JAVA_MAX_HEAP' => '1200m', # passed as -Xmx. Defaults to 1200m.
	99	+ #'JAVA_MIN_HEAP' => '1200m', # passed as -Xms. Defaults to 1200m.
	100	+ #'EXTRA_JAVA_OPTS' => '', # Additional options can be passed to the JVM via this variable.
	101	+ },
	102	+ },
	103	+ },
	104	+ },
	105	+ },
	106	+ },
	107	+)
	108	+```
	109	+
	110	+- `roles/nexus-with-ssl.rb`
	111	+
	112	+```ruby
	113	+name 'nexus-with-ssl'
	114	+description 'Nexus with SSL by reverse proxy (nginx)'
	115	+
	116	+run_list(
	117	+ 'recipe[ssl_cert::server_key_pairs]',
	118	+ 'role[docker]',
	119	+ 'recipe[nexus-grid::docker-compose]',
	120	+)
	121	+
	122	+image = 'sonatype/nexus3'
	123	+port = '8081'
	124	+cn = 'nexus.io.example.com'
	125	+
	126	+override_attributes(
	127	+ 'ssl_cert' => {
	128	+ 'common_names' => [
	129	+ cn,
	130	+ ],
	131	+ },
	132	+ 'nexus-grid' => {
	133	+ 'with_ssl_cert_cookbook' => true,
	134	+ 'ssl_cert' => {
	135	+ 'common_name' => cn,
	136	+ },
	137	+ 'docker-compose' => {
	138	+ 'config' => {
	139	+ 'version' => '2',
	140	+ 'services' => {
	141	+ 'reverseproxy' => {
81	142	'ports' => [
82	143	"#{port}:8081",
83	144	],
84	145	'volumes' => [
	146	+ # These volumes will be set by the nexus-grid::docker-compose recipe automatically.
	147	+ #"#{node['nexus-grid']['docker-compose']['etc_dir']}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro",
	148	+ # and server key pair volume conf.
	149	+ ],
	150	+ },
	151	+ 'nexus' => {
	152	+ 'restart' => 'always',
	153	+ 'image' => image,
	154	+ 'volumes' => [
85	155	# This volume will be set by the nexus-grid::docker-compose recipe automatically.
86	156	#"#{node['nexus-grid']['docker-compose']['data_dir']}:/nexus-data",
87	157	],
88	158	'environment' => {
89		- #JAVA_MAX_HEAP => '1200m', # passed as -Xmx. Defaults to 1200m.
90		- #JAVA_MIN_HEAP => '1200m', # passed as -Xms. Defaults to 1200m.
91		- #EXTRA_JAVA_OPTS => '', # Additional options can be passed to the JVM via this variable.
	159	+ #'JAVA_MAX_HEAP' => '1200m', # passed as -Xmx. Defaults to 1200m.
	160	+ #'JAVA_MIN_HEAP' => '1200m', # passed as -Xms. Defaults to 1200m.
	161	+ #'EXTRA_JAVA_OPTS' => '', # Additional options can be passed to the JVM via this variable.
92	162	},
93	163	},
94	164	},

		@@ -98,6 +168,57 @@ override_attributes(
98	168	)
99	169	```
100	170
	171	+### SSL server keys and certificates management by the `ssl_cert` cookbook
	172	+
	173	+- create vault items.
	174	+
	175	+```text
	176	+$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("nexus.io.example.com.prod.key")})' \
	177	+> > ~/tmp/nexus.io.example.com.prod.key.json
	178	+
	179	+$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("nexus.io.example.com.prod.crt")})' \
	180	+> > ~/tmp/nexus.io.example.com.prod.crt.json
	181	+
	182	+$ cd $CHEF_REPO_PATH
	183	+
	184	+$ knife vault create ssl_server_keys nexus.io.example.com.prod \
	185	+> --json ~/tmp/nexus.io.example.com.prod.key.json
	186	+
	187	+$ knife vault create ssl_server_certs nexus.io.example.com.prod \
	188	+> --json ~/tmp/nexus.io.example.com.prod.crt.json
	189	+```
	190	+
	191	+- grant reference permission to the Concourse host
	192	+
	193	+```text
	194	+$ knife vault update ssl_server_keys nexus.io.example.com.prod -S 'name:nexus-host.example.com'
	195	+$ knife vault update ssl_server_certs nexus.io.example.com.prod -S 'name:nexus-host.example.com'
	196	+```
	197	+
	198	+- modify run_list and attributes
	199	+
	200	+```ruby
	201	+run_list(
	202	+ 'recipe[ssl_cert::server_key_pairs]',
	203	+ 'recipe[nexus-grid::docker-compose]',
	204	+)
	205	+
	206	+override_attributes(
	207	+ 'ssl_cert' => {
	208	+ 'common_names' => [
	209	+ 'nexus.io.example.com',
	210	+ ],
	211	+ },
	212	+ 'nexus-grid' => {
	213	+ 'with_ssl_cert_cookbook' => true,
	214	+ 'ssl_cert' => {
	215	+ 'common_name' => 'nexus.io.example.com',
	216	+ },
	217	+ # ...
	218	+ },
	219	+)
	220	+```
	221	+
101	222	## License and Authors
102	223
103	224	- Author:: whitestar at osdn.jp

--- a/cookbooks/nexus-grid/attributes/default.rb

+++ b/cookbooks/nexus-grid/attributes/default.rb

		@@ -17,16 +17,14 @@
17	17	# limitations under the License.
18	18	#
19	19
20		-# Not supported yet.
21		-force_override['nexus-grid']['https_enabled'] = false
22		-force_override['nexus-grid']['with_ssl_cert_cookbook'] = false
	20	+default['nexus-grid']['with_ssl_cert_cookbook'] = false
23	21	# If ['nexus-grid']['with_ssl_cert_cookbook'] is true,
24	22	# node['nexus-grid']['docker-compose']['config']
25	23	# are overridden by the following 'common_name' attributes.
26		-force_override['nexus-grid']['ssl_cert']['ca_names'] = []
27		-force_override['nexus-grid']['ssl_cert']['common_name'] = node['fqdn']
	24	+default['nexus-grid']['ssl_cert']['common_name'] = node['fqdn']
28	25
29	26	default['nexus-grid']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/nexus"
	27	+default['nexus-grid']['docker-compose']['etc_dir'] = "#{node['nexus-grid']['docker-compose']['app_dir']}/etc"
30	28	default['nexus-grid']['docker-compose']['data_dir'] = "#{node['nexus-grid']['docker-compose']['app_dir']}/data"
31	29
32	30	force_override['nexus-grid']['docker-compose']['config_format_version'] = '2'

		@@ -34,10 +32,28 @@ version_2_config = {
34	32	# Version 2 docker-compose format
35	33	'version' => '2',
36	34	'services' => {
	35	+ 'reverseproxy' => {
	36	+ 'depends_on' => [
	37	+ 'nexus',
	38	+ ],
	39	+ 'restart' => 'always',
	40	+ 'image' => 'nginx:alpine',
	41	+ 'expose' => [
	42	+ '8081',
	43	+ ],
	44	+ 'ports' => [
	45	+ #'8081:8081', # default
	46	+ ],
	47	+ 'volumes' => [
	48	+ # This volume will be set by the nexus-grid::docker-compose recipe automatically.
	49	+ #"#{node['nexus-grid']['docker-compose']['etc_dir']}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro",
	50	+ ],
	51	+ },
37	52	'nexus' => {
38	53	'restart' => 'always',
39	54	'image' => 'sonatype/nexus3',
40	55	'ports' => [
	56	+ # Do not expose!
41	57	#'8081:8081',
42	58	#'8443:8443',
43	59	],

		@@ -46,9 +62,9 @@ version_2_config = {
46	62	#"#{node['nexus-grid']['docker-compose']['data_dir']}:/nexus-data",
47	63	],
48	64	'environment' => {
49		- #JAVA_MAX_HEAP => '1200m', # passed as -Xmx. Defaults to 1200m.
50		- #JAVA_MIN_HEAP => '1200m', # passed as -Xms. Defaults to 1200m.
51		- #EXTRA_JAVA_OPTS => '', # Additional options can be passed to the JVM via this variable.
	65	+ #'JAVA_MAX_HEAP' => '1200m', # passed as -Xmx. Defaults to 1200m.
	66	+ #'JAVA_MIN_HEAP' => '1200m', # passed as -Xms. Defaults to 1200m.
	67	+ #'EXTRA_JAVA_OPTS' => '', # Additional options can be passed to the JVM via this variable.
52	68	},
53	69	},
54	70	},

--- a/cookbooks/nexus-grid/recipes/docker-compose.rb

+++ b/cookbooks/nexus-grid/recipes/docker-compose.rb

		@@ -17,20 +17,18 @@
17	17	# limitations under the License.
18	18	#
19	19
20		-::Chef::Recipe.send(:include, SSLCert::Helper)
21		-
22	20	doc_url = 'https://hub.docker.com/r/sonatype/nexus3/'
23	21
24	22	include_recipe 'platform_utils::kernel_user_namespace'
25	23	include_recipe 'docker-grid::compose'
26	24
27	25	app_dir = node['nexus-grid']['docker-compose']['app_dir']
	26	+etc_dir = node['nexus-grid']['docker-compose']['etc_dir']
28	27	data_dir = node['nexus-grid']['docker-compose']['data_dir']
29		-#bin_dir = "#{app_dir}/bin"
30	28
31	29	[
32	30	app_dir,
33		- #bin_dir,
	31	+ "#{etc_dir}/nginx",
34	32	].each {\|dir\|
35	33	resources(directory: dir) rescue directory dir do
36	34	owner 'root'

		@@ -43,9 +41,23 @@ data_dir = node['nexus-grid']['docker-compose']['data_dir']
43	41	config_srvs = node['nexus-grid']['docker-compose']['config']['services']
44	42	override_config_srvs = node.override['nexus-grid']['docker-compose']['config']['services']
45	43	#force_override_config_srvs = node.force_override['nexus-grid']['docker-compose']['config']['services']
46		-#envs_org = config_srvs['nexus']['environment']
47		-#envs = {}
48		-vols = config_srvs['nexus']['volumes'].to_a
	44	+#nexus_envs_org = config_srvs['nexus']['environment']
	45	+#nexus_envs = {}
	46	+rproxy_vols = config_srvs['reverseproxy']['volumes'].to_a
	47	+nexus_vols = config_srvs['nexus']['volumes'].to_a
	48	+
	49	+ports = config_srvs['reverseproxy']['ports']
	50	+override_config_srvs['reverseproxy']['ports'] = ['8081:8081'] if ports.empty?
	51	+
	52	+template "#{etc_dir}/nginx/nginx.conf" do
	53	+ source 'opt/docker-compose/app/nexus/etc/nginx/nginx.conf'
	54	+ owner 'root'
	55	+ group 'root'
	56	+ mode '0644'
	57	+ action :create
	58	+end
	59	+
	60	+rproxy_vols.push("#{etc_dir}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro")
49	61
50	62	# Data persistent
51	63	resources(directory: data_dir) rescue directory data_dir do

		@@ -55,21 +67,28 @@ resources(directory: data_dir) rescue directory data_dir do
55	67	recursive true
56	68	end if !data_dir.nil? && !data_dir.empty?
57	69
58		-vols.push("#{data_dir}:/nexus-data") if !data_dir.nil? && !data_dir.empty?
	70	+nexus_vols.push("#{data_dir}:/nexus-data") if !data_dir.nil? && !data_dir.empty?
59	71
60		-ports = config_srvs['nexus']['ports']
61		-override_config_srvs['nexus']['ports'] = ['8081:8081'] if ports.empty?
	72	+if node['nexus-grid']['with_ssl_cert_cookbook']
	73	+ ::Chef::Recipe.send(:include, SSLCert::Helper)
	74	+ cn = node['nexus-grid']['ssl_cert']['common_name']
	75	+ # Nginx parent process owner is root.
	76	+ rproxy_vols.push("#{server_cert_path(cn)}:/root/server.crt:ro")
	77	+ rproxy_vols.push("#{server_key_path(cn)}:/root/server.key:ro")
	78	+end
62	79
	80	+=begin
63	81	if node['nexus-grid']['https_enabled']
64		- etc_dir = "#{data_dir}/etc"
65		- resources(directory: etc_dir) rescue directory etc_dir do
	82	+ # TODO: TLS conf. for built-in jetty
	83	+ data_etc_dir = "#{data_dir}/etc"
	84	+ resources(directory: data_etc_dir) rescue directory data_etc_dir do
66	85	owner 200
67	86	group 200
68	87	mode '0755'
69	88	recursive true
70	89	end
71	90
72		- template "#{etc_dir}/nexus.properties" do
	91	+ template "#{data_etc_dir}/nexus.properties" do
73	92	source 'opt/docker-compose/app/nexus/data/etc/nexus.properties'
74	93	owner 200
75	94	group 200

		@@ -77,13 +96,16 @@ if node['nexus-grid']['https_enabled']
77	96	action :create
78	97	end
79	98
80		- override_config_srvs['nexus']['ports'] = ['8443:8443'] if ports.empty?
	99	+ nexus_ports = config_srvs['nexus']['ports']
	100	+ override_config_srvs['nexus']['ports'] = ['8443:8443'] if nexus_ports.empty?
81	101	end
	102	+=end
82	103
83	104	# merge environment hash
84		-#force_override_config_srvs['nexus']['environment'] = envs unless envs.empty?
	105	+#force_override_config_srvs['nexus']['environment'] = nexus_envs unless nexus_envs.empty?
85	106	# reset vlumes array.
86		-override_config_srvs['nexus']['volumes'] = vols unless vols.empty?
	107	+override_config_srvs['reverseproxy']['volumes'] = rproxy_vols unless rproxy_vols.empty?
	108	+override_config_srvs['nexus']['volumes'] = nexus_vols unless nexus_vols.empty?
87	109
88	110	config_file = "#{app_dir}/docker-compose.yml"
89	111	template config_file do

--- /dev/null

+++ b/cookbooks/nexus-grid/templates/default/opt/docker-compose/app/nexus/etc/nginx/nginx.conf

		@@ -0,0 +1,39 @@
	1	+<%
	2	+ssl_enabled = node['nexus-grid']['with_ssl_cert_cookbook']
	3	+-%>
	4	+worker_processes 1;
	5	+
	6	+events {
	7	+ worker_connections 1024;
	8	+}
	9	+
	10	+http {
	11	+ sendfile on;
	12	+
	13	+ upstream docker-nexus {
	14	+ server nexus:8081;
	15	+ }
	16	+
	17	+ server {
	18	+<% if ssl_enabled %>
	19	+ listen 8081 default ssl;
	20	+ ssl on;
	21	+ ssl_certificate /root/server.crt;
	22	+ ssl_certificate_key /root/server.key;
	23	+<% else %>
	24	+ listen 8081;
	25	+<% end %>
	26	+
	27	+ location / {
	28	+ proxy_pass http://docker-nexus;
	29	+ proxy_redirect off;
	30	+ proxy_set_header Host $http_host; # $host does not include the port number.
	31	+ proxy_set_header X-Real-IP $remote_addr;
	32	+<% if ssl_enabled %>
	33	+ proxy_set_header X-Forwarded-Proto https;
	34	+<% end %>
	35	+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	36	+ proxy_set_header X-Forwarded-Host $server_name;
	37	+ }
	38	+ }
	39	+}

--- a/cookbooks/nexus-grid/version

+++ b/cookbooks/nexus-grid/version

		@@ -1 +1 @@
1		-0.1.0
	1	+0.1.1

Show on old repository browser