continuous-integrationcloudconcourseconcourse-pipelineconcourse-fly

Concourse - pass ssh keys via environment


I'm trying to ramp up a concourse ci inside cloude foundry for demo purpose. To avoid additional efforts and costs I'd like to avoid using storage services. But the TSA keys for the ssh connection between web service and worker service needs to be populated some how. My question her is, if it is possible to just pass the TSA keys via the environment in docker-compose file?

I'd expect something like this in docker-compose file:

web:
image: concourse/concourse
command: web
links: [db]
depends_on: [db]
ports: ["9090:8080"]
environment:
  CONCOURSE_EXTERNAL_URL: http://10.2.1.20:9090/
  CONCOURSE_POSTGRES_HOST: db
  CONCOURSE_POSTGRES_USER: concourse_user
  CONCOURSE_POSTGRES_PASSWORD: concourse_pass
  CONCOURSE_POSTGRES_DATABASE: concourse
  CONCOURSE_ADD_LOCAL_USER: test:test
  CONCOURSE_MAIN_TEAM_LOCAL_USER: test
  #TSA keys:
  CONCOURSE_SESSION_KEY: AA67/2C$AVG.....
  CONCOURSE_HOST_KEY: AA67/2C$AVG.....
  CONCOURSE_WORKER_KEY: AA67/2C$AVG.....
logging:
  driver: "json-file"
  options:
    max-file: "5"
    max-size: "10m"

Solution

  • Yes, according to https://concourse-ci.org/concourse-web.html#web-running, you can set:

    CONCOURSE_SESSION_SIGNING_KEY=path/to/session_signing_key
    CONCOURSE_TSA_HOST_KEY=path/to/tsa_host_key
    CONCOURSE_TSA_AUTHORIZED_KEYS=path/to/authorized_worker_keys
    

    There are similar env vars you can set for running workers too.