CID-Drone (BLOCKED)
Purpose
This software stack provides Drone, a Continuous Integration (CI) and Continuous Deployment (CD) service built on Docker container technology.
Properties
| Stack-Description | Drone Continuous Integration/Deployment (CID) |
|---|---|
| Stack-Image | docker.msg.team/ps/docker-stack-cid-drone |
| Stack-Version | 1.10.1 |
| Stack-Release | 20210121 |
| Product-Name | Drone |
| Product-Vendor | Drone.IO, Inc. |
| Product-Contact | https://drone.io/ |
| Product-Model | Open Source |
| Product-License | Apache |
| Product-Limits | none |
| Implementation Base | The Go Programming Language. |
| Execution Base | Go. |
| Initial Start Time | 00:00:02 |
| Documentation | https://docs.drone.io/ |
Topology
The stack consists of 3 containers:
- cid-drone: the Drone continuous delivery platform application.
- cid-drone-dind: the Docker-in-Docker container for Drone.
- cid-drone-postgresql: the PostgreSQL database.
Configuration
| Variable Name | Default | Meaning | |
| CFG_DRONE_SERVER | yes | If this is set to "no" then the Drone server is removed from the supervisord configuration. i.e. the server will not be started. | |
| CFG_DRONE_RUNNER_DOCKER | yes | If this is set to "no" then the Docker runner is removed from the supervisord configuration, i.e. docker commands cannot be executed via the docker runner. | |
| CFG_DRONE_RUNNER_KUBE | no | - unused - | |
| CFG_DRONE_RUNNER_SSH | no | If this is set to "no" then the SSH runner is removed from the supervisord configuration, i.e. docker commands cannot be executed via the SSH runner. | |
| CFG_DRONE_RUNNER_EXEC | no | - unused - | |
| CFG_DRONE_RPC_SECRET | secret | This is the password used internally to connect to the RCP agent. | |
| CFG_DRONE_ADMIN_TOKEN | 00000000000000000000000000000000 | This is the token used to configure the intial administrator account. | |
| CFG_DRONE_DOCKER | tcp://dind:2375 | - unused - | |
| CFG_DRONE_GIT_USERNAME | This can be used to configure central Git authentication if the git needs authentication also for public repositories or a central fixed user for private repositories | ||
| CFG_DRONE_GIT_PASSWORD | This configures the passwort for the user above. | ||
| CFG_DRONE_GIT_ALWAYS_AUTH | false | Tells Drone whether the git user will authenticate for each call. | |
| CFG_DRONE_FILTER_USERS | This sets the DRONE_USER_FILTER variable. If set, only users in this list can authenticate. See the Drone documenation for details. | ||
| CFG_DRONE_FILTER_REPOS | This sets the DRONE_REPOSITORY_FILTER variable. See the Drone documenation for details. | ||
| CFG_DRONE_GITEA | http://vcs-gitea.proxy:8080 | This sets the connection from Drone to Gitea. | |
| CFG_DRONE_GITEA_ID | drone | This sets the DRONE_GITEA_CLIENT_ID variable. See the Drone documenation for details. | |
| CFG_DRONE_GITEA_SECRET | drone | This sets the secret used to authenticate to Gitea. | |
| CFG_DRONE_VCS_SKIP_VERIFY | false | This sets the DRONE_GITEA_SKIP_VERIFY variable. See the Drone documenation for details. | |
| CFG_DRONE_RUNNER_VOLUMES | This sets the DRONE_RUNNER_VOLUMES variable. See the Drone documenation for details. | ||
| CFG_DRONE_RUNNER_ENVIRON | This sets the DRONE_RUNNER_ENVIRON variable. See the Drone documenation for details. |
See also the variables which control integration of the stack into the reverse proxy.
For changes to take effect the stack has to be reinstalled.
Setup Prerequisites
Drone requires a connection to Gitea. Either connect to an existing repository where you have access to or install the Stack VCS-Gitea.
In Gitea, you need to setup the OAuth2 configuration for Drone:
- In Gitea, as an administrative user, go to "Settings/Applications".
- In the section "Create a new OAuth2 Application" create a new application using those two parameters:
- Application name = "drone"
- Redirect URI" = "https://<path-to-your-drone-server/login", e.g. "https://drone.myprojectserver.com/login"
- Important On the following screen, copy the two values for those fields:
- Client ID
- Client Secret
- Those two values need to be entered in the next step configuring CID-Drone.
Unfortunately, Drone does not support running under a sub-url (e.g. https://myhost.example.com/cid-drone/). Therefore a special setup is necessary to let Drone execute in a document root context, i.e. it looks like Drone is running on its own web server, e.g. https://drone.myhost.example.com/. In fact the PS4 reverse proxy does the necessary magic to establish this virtual FQDN. But it has to be directed to do so, therefore apply the following configuration before installing the cid-drone stack:
DOCKER_STACK_URL_HOST=drone.myhost.example.com \
CFG_DRONE_GITEA=https://myhost.example.com/vcs-gitea/ \
CFG_DRONE_GITEA_ID=<Client ID from above> \
CFG_DRONE_GITEA_SECRET=<Client Secret from above>
After that, if you run your server with https you have to put appropriate SSL Certificate, Certificate Chain and Key files for the virtual FQDN into directory /var/lib/docker-stack/conf.
Initial Configuration
Usually, there is no need to configure anything to get up and running.
The default user to access the Tomcat Server Manager is "admin" with password "admin". It is available at <your-ps-server>/ase-tomcat/manager/.
This default admin password change be changed inside the ase-tomcat container in the file /app/lib/tomcat/conf/tomcat-users.xml.
Administration Commands
| Command | Arguments | Function | |
| docker-stack exec cid-drone drone | <DRONE_SERVER> <DRONE_TOKEN> | See the Drone documentation for the details for those two parameters. |
Related Documents