This section describes both how to connect to the Concourse, CredHub, and UAA as well as provides an example for how to test that they are all working as intended.
To connect to the Concourse CredHub, you must get the Concourse CredHub admin password and CA certificate from the BOSH.
If you are still connected to the BOSH CredHub from the upload releases step, you can export Concourse's CredHub Secret and CredHub CA certificate for accessing the Concourse's CredHub:
export CONCOURSE_CREDHUB_SECRET="$(credhub get -n /p-bosh/concourse/credhub_admin_secret -q)"
export CONCOURSE_CA_CERT="$(credhub get -n /p-bosh/concourse/atc_tls -k ca)"
Unset the environment variables previously set by om bosh-env
to prepare to target the Concourse CredHub.
unset CREDHUB_SECRET CREDHUB_CLIENT CREDHUB_SERVER CREDHUB_PROXY CREDHUB_CA_CERT
Log into the Concourse CredHub.
credhub login \
--server "https://${CONCOURSE_URL}:8000" \
--client-name=credhub_admin \
--client-secret="${CONCOURSE_CREDHUB_SECRET}" \
--ca-cert "${CONCOURSE_CA_CERT}"
Where:
${CONCOURSE_URL}
is the URL to the Concourse load balancer created with the terraform
templates. The terraform output
key is concourse_url
.${CONCOURSE_CREDHUB_SECRET}
is the client secret used to access the Concourse's CredHub.${CONCOURSE_CREDHUB_CA_CERT}
is the CA certificate used to access the Concourse's CredHub.All the shell variables in this command were set in previous steps.
Create a new pipeline file called pipeline.yml
.
jobs:
- name: test-job
plan:
- task: display-cred
config:
platform: linux
image_resource:
type: registry-image
source:
repository: ubuntu
run:
path: bash
args: [-c, "echo Hello, ((provided-by-credhub))"]
Add the provided-by-credhub
value to the Concourse CredHub for testing.
credhub set \
-n /concourse/main/test-pipeline/provided-by-credhub \
-t value \
-v "World"
Download the fly CLI and make it executable.
curl "https://${CONCOURSE_URL}/api/v1/cli?arch=amd64&platform=${PLATFORM}" \
--output fly \
--cacert <(echo "${CONCOURSE_CA_CERT}")
chmod +x fly
Where:
${CONCOURSE_URL}
is the URL to the Concourse load balancer created with the terraform
templates. The terraform output
key is concourse_url
.${PLATFORM}
must be set to the operating system you are running: linux
, windows
, or darwin
(Mac).Log into Concourse.
./fly -t ci login \
-c "https://${CONCOURSE_URL}" \
-u "${ADMIN_USERNAME}" \
-p "${ADMIN_PASSWORD}" \
--ca-cert <(echo "${CONCOURSE_CA_CERT}")
Where:
${CONCOURSE_URL}
is the URL to the Concourse load balancer created with the terraform
templates. The terraform output
key is concourse_url
.${ADMIN_PASSWORD}
and ${ADMIN_USERNAME}
are values for the local.user
set in previous steps.Set the test pipeline.
./fly -t ci set-pipeline \
-n \
-p test-pipeline \
-c pipeline.yml \
--check-creds
Unpause and run the test pipeline.
./fly -t ci unpause-pipeline -p test-pipeline
./fly -t ci trigger-job -j test-pipeline/test-job --watch
The Concourse output from the job should include:
Hello, World
We recommend you commit the results of your Terraform modification, and all the created config files, to source control. Be aware that terraform-outputs.yml
will contain private keys for Operations Manager; you may wish to remove these and store them in CredHub instead.
For information about using Platform Automation Toolkit, see the documentation.