Name: bosh-concourse-deployments
Owner: Pivotal Cloud Foundry
Description: null
Created: 2016-11-08 20:34:23.0
Updated: 2018-05-10 18:25:20.0
Pushed: 2018-05-16 19:19:23.0
Homepage: null
Size: 481
Language: Shell
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
This repo holds the Concourse Pipelines, Jobs, and Tasks to setup a Concourse environment with:
We'll start by deploying a secondary “Upgrader” Concourse VM.
This Concourse will be used to setup the main Concourse environment on GCP as well as perform upgrades later on.
These steps assume you'll deploy the Upgrader to a local vSphere environment.
Alternatively you can vagrant up
a Concourse instance on your workstation.
Create a DNS record for the Upgrader VM pointing to a valid vSphere IP.
Register Upgrader Concourse as an OAuth application with GitHub: https://github.com/settings/applications/new
Callback URL: https://YOUR_UPGRADER_URL/auth/github/callback
Copy the contents of ./upgrader/upgrader.vars.tmpl
to a LastPass note or some other safe location, filling in the appropriate values.
Deploy the Upgrader VM:
/upgrader
create-env ./upgrader.yml -l <( lpass show --notes "bosh-concourse-upgrader-create-env" )
add ./upgrader-state.json
commit && git push
The upgrader vm must be configured with the pipelines that can deploy the main Concourse deployment.
Read ./scripts/provision-gcloud-for-concourse.sh
to make sure you're not blindly running an untrusted bash script on your system
Set up the required variables and run the provision scripts:
AFORM_SERVICE_ACCOUNT_ID=concourse-deployments \
CTOR_SERVICE_ACCOUNT_ID=concourse-director \
ECT_ID=my-gcp-project-id \
OURSE_BUCKET_NAME=concourse-deployments \
ripts/provision-gcloud-for-concourse.sh
for debugging purposes you can also set TRACE=true
to show all commands being run.
Generate a set of Google Cloud Storage Interoperability Keys as described here.
Create a GitHub access token to avoid rate limiting as described here.
Register main Concourse as an OAuth application with GitHub: https://github.com/settings/applications/new
Callback URL: https://YOUR_CONCOURSE_URL/auth/github/callback
Generate the Director CA Cert by running ./scripts/generate-director-ca.sh
.
Generate the jumpbox ssh keys by running ./scripts/generate-jumpbox-ssh-key.sh
.
Add the jumpbox key as a project-wide SSH key with the username vcap
as described here.
Copy the contents of ./ci/pipeline.vars.tmpl
to a LastPass note or some other safe location, filling in the appropriate values.
Log in using the fly cli to the newly deployed upgrader Concourse vm
Set the Concourse pipeline on the upgrader vm.
-t upgrader sp -p concourse -c ~/workspace/bosh-concourse-deployments/ci/pipeline.yml -l <(lpass show note YOUR_LASTPASS_NOTE)
Configure external worker pipeline: The CPI Core team needs a few external workers and deploys them with this pipeline. If you'd like to deploy external workers yourself you can use this pipeline as an example.
-t upgrader sp -p concourse-workers -c ~/workspace/bosh-concourse-deployments/ci/pipeline-cpi-workers.yml -l <(lpass show note YOUR_LASTPASS_NOTE)
Seed empty statefiles:
il cp -n <( echo '{}' ) gs://${CONCOURSE_BUCKET_NAME}/asia/natbox-state.json
il cp -n <( echo '{}' ) gs://${CONCOURSE_BUCKET_NAME}/asia/jumpbox-state.json
il cp -n <( echo '{}' ) gs://${CONCOURSE_BUCKET_NAME}/worker/vsphere-v6.5-worker-state.json
il cp -n <( echo '{}' ) gs://${CONCOURSE_BUCKET_NAME}/worker/vcloud-v5.5-worker-state.json
il cp -n <( echo '{}' ) gs://${CONCOURSE_BUCKET_NAME}/worker/google-asia-worker-state.json
concourse/prepare-concourse-env
job.concourse/update-director
job.concourse/update-cloud-config
job.concourse/update-concourse
job.If you have deployed optional external workers you must follow a slightly modified order:
concourse/prepare-concourse-env
job.concourse/update-director
job.concourse/update-cloud-config
job.concourse-workers/prepare-asia-env
job.concourse/update-concourse
job will place a file in concourse-update-trigger
resource.
This file is used to automatically trigger the external worker jobs across pipelines.concourse/update-concourse
job. This should trigger the external worker
jobs (i.e. you don't need to manually trigger the worker jobs).Thanks to the distributed model of the CF Foundation many teams from many companies can share this CI environment to run builds against their CPIs. Currently we have created a credentials to allow the Openstack CPI team to deploy and use an external worker in one of their Openstack environments.
In this example, we are adding a new team 'DigitalOcean CPI'
The DigitalOcean CPI team has provided following:
The BOSH CPI team does the following:
concourse_tsa_public_key
in LastPass)
with the DigitalOcean CPI team (e.g. “ssh-rsa AAAAB3NTSAHostPublicKey…“)concourse_teams
on the secure note saved on LassPass.
Example:ame": "digitalocean", "github_team": "DigitalOcean/BOSH CPI", "worker_public_key": "ssh-rsa AAAAB3DigitalOceanWorker..."}]
Let the DigitalOcean CPI team know when the deploy has finished so that they can rock.
The BOSH CPI team has provided following:
Do the following:
Generate a key for your worker. The following command will create a keypair; don't use passphrase:
keygen -N '' -b 4096 -f /tmp/openstack-cpi-worker -C team_name
Transmit the public portion to the BOSH CPI team (e.g. “ssh-rsa AAAAB3DigitalOceanWorker…“).
Let the BOSH CPI team know your GitHub organization (e.g. “DigitalOcean”) and team handle (e.g. “DigitalOcean CPI”).
Pick a display name for your team and let the BOSH CPI team know. (e.g. “digitalocean”)
Create the manifest for your worker and make sure to set the following properties:
: ((worker_team_name))
: ((concourse_tsa_hostname))
_public_key: ((concourse_tsa_public_key))
ate_key: ((worker_private_key))
worker_team_name, e.g. “digitalocean”. This is the team name provided to BOSH CPI
concourse_tsa_hostname, e.g. https://bosh-cpi.ci.cf-app.com, provided by BOSH CPI
host_public_key: e.g. “ssh-rsa AAAAB3NTSAHostPublicKey…“, provided by BOSH CPI
worker_private_key: the private key generated for the worker
You can find a sample of a worker manifest here.
After deploying the worker, authenticate with Concourse and confirm worker has registered:
fly
clientfly -t cpi login -c https://bosh-cpi.ci.cf-app.com -n digitalocean
fly -t cpi workers
Refer to the Troubleshooting document under docs/.