Connect to and Test Concourse, CredHub, and UAA

This section describes both how to connect to the Concourse, CredHub, and UAA as well as provides an example for how to test that they are all working as intended.

1. To connect to the Concourse CredHub, you must get the Concourse CredHub admin password and CA certificate from the BOSH.

   If you are still connected to the BOSH CredHub from the upload releases step, you can export Concourse's CredHub Secret and CredHub CA certificate for accessing the Concourse's CredHub:

   export CONCOURSE_CREDHUB_SECRET="$(credhub get -n /p-bosh/concourse/credhub_admin_secret -q)"
   export CONCOURSE_CA_CERT="$(credhub get -n /p-bosh/concourse/atc_tls -k ca)"
   

2. Unset the environment variables previously set by om bosh-env to prepare to target the Concourse CredHub.

   unset CREDHUB_SECRET CREDHUB_CLIENT CREDHUB_SERVER CREDHUB_PROXY CREDHUB_CA_CERT
   

3. Log into the Concourse CredHub.

   credhub login \
     --server "https://${CONCOURSE_URL}:8000" \
     --client-name=credhub_admin \
     --client-secret="${CONCOURSE_CREDHUB_SECRET}" \
     --ca-cert "${CONCOURSE_CA_CERT}"
   

   Where:

   • ${CONCOURSE_URL} is the URL to the Concourse load balancer created with the terraform templates. The terraform output key is concourse_url.
   • ${CONCOURSE_CREDHUB_SECRET} is the client secret used to access the Concourse's CredHub.
   • ${CONCOURSE_CREDHUB_CA_CERT} is the CA certificate used to access the Concourse's CredHub.

   All the shell variables in this command were set in previous steps.

4. Create a new pipeline file called pipeline.yml.

   jobs:
   - name: test-job
     plan:
     - task: display-cred
       config:
         platform: linux
         image_resource:
           type: registry-image
           source:
             repository: ubuntu
         run:
           path: bash
           args: [-c, "echo Hello, ((provided-by-credhub))"]
   

5. Add the provided-by-credhub value to the Concourse CredHub for testing.

   credhub set \
     -n /concourse/main/test-pipeline/provided-by-credhub \
     -t value \
     -v "World"
   

6. Download the fly CLI and make it executable.

   curl "https://${CONCOURSE_URL}/api/v1/cli?arch=amd64&platform=${PLATFORM}" \
     --output fly \
     --cacert <(echo "${CONCOURSE_CA_CERT}")
   chmod +x fly
   

   Where:

   • ${CONCOURSE_URL} is the URL to the Concourse load balancer created with the terraform templates. The terraform output key is concourse_url.
   • ${PLATFORM} must be set to the operating system you are running: linux, windows, or darwin (Mac).

7. Log into Concourse.

   ./fly -t ci login \
     -c "https://${CONCOURSE_URL}" \
     -u "${ADMIN_USERNAME}" \
     -p "${ADMIN_PASSWORD}" \
     --ca-cert <(echo "${CONCOURSE_CA_CERT}")
   

   Where:

   • ${CONCOURSE_URL} is the URL to the Concourse load balancer created with the terraform templates. The terraform output key is concourse_url.
   • ${ADMIN_PASSWORD} and ${ADMIN_USERNAME} are values for the local.user set in previous steps.

8. Set the test pipeline.

   ./fly -t ci set-pipeline \
     -n \
     -p test-pipeline \
     -c pipeline.yml \
     --check-creds
   

9. Unpause and run the test pipeline.

   ./fly -t ci unpause-pipeline -p test-pipeline
   
   ./fly -t ci trigger-job -j test-pipeline/test-job --watch
   

10. The Concourse output from the job should include:

    Hello, World
    

Next Steps

We recommend you commit the results of your Terraform modification, and all the created config files, to source control. Be aware that terraform-outputs.yml will contain private keys for Operations Manager; you may wish to remove these and store them in CredHub instead.

For information about using Platform Automation Toolkit, see the documentation.