Concourse + Credhub
Opinionated operations files for deploying Concourse with Credhub.
These files collocate the Credhub and UAA jobs with Concourse's ATC. This configuration is documented in the Control Plane reference architectures and is depicted in the following diagram:
This repo contains operations files that are meant to be used in conjunction with the manifests and operations files located at https://github.com/concourse/concourse-bosh-deployment
Concourse is now using Xenial stemcells, so upload the appropriate
stemcells for your IaaS
prior to running
Additionally, Concourse 4.0 expects a local user to exist. You can use Credhub to generate this user:
$ credhub generate -t user -z admin -n /bosh-$(bbl env-id)/concourse/local_user
Note: See Connecting to your new Credhub for instructions on how to target Credhub.
BBL Load Balancer
By placing the Credhub and UAA servers on the same instances as Concourse's ATC, we require the load balancer fronting the ATC to be extended to allow for both Credhub (port 8844) and UAA (port 8443) traffic.
If you are using
create this load balancer, you can leverage the terraform provided in the
bbl-terraform directory to extend this load balancer to support
these additional ports.
This is referred to as a plan patch.
The general flow is:
$ bbl plan --lb-type=concourse $ cp bbl-terraform/<IAAS>/*.tf $BBL_STATE_DIRECTORY/terraform/ $ bbl up
Backup/Restore via BBR
If you wish to use
to backup and restore the deployment, you'll need to add some extra operations files to your
- enable-db-backups.yml: Include the backup and restore SDK release and add backup-restorer job
- backup-atc-db.yml: Backup Concourse's ATC database (pipelines, build logs, etc)
- backup-uaa-db.yml: Backup the UAA database (users, clients, secrets, etc)
- backup-credhub-db.yml: Backup the Credhub database (Credhub secrets)
Connecting to your new Credhub
The client secret for connecting to the Concourse Credhub is stored in the BOSH
director's Credhub. This repo includes a
that you can source in order to target the Concourse Credhub.
$ CONCOURSE_URL=https://concourse.example.com source target-concourse-credhub.sh $ credhub find
Connecting to Concourse
If you used Credhub to generate the local user (see Prerequisites) then you can retrieve the credentials with the following command:
$ credhub get -n bosh-$(bbl env-id)/concourse/local_user
Once you have the credentials, log in with the
$ fly -t concourse login -c $CONCOURSE_URL -k