Skip to content

Instantly share code, notes, and snippets.

@spiegela

spiegela/README.md

Last active May 26, 2020 15:16
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save spiegela/9fa15fce83d8f28d22571a27bc1dadd3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save spiegela/9fa15fce83d8f28d22571a27bc1dadd3 to your computer and use it in GitHub Desktop.
Download ZIP
Concourse Docker Compose
Raw
README.md

Docker Compose orchestrated Concourse Setup

DRAFT

Prerequisites

  • Docker
  • Docker Compose

Installation

On each host:

  1. Make /srv directory to host compose applications and data on host machine
  2. Create docker-compose@.service, docker-cleanup.time, and docker-cleanup.service files so that systemctl can control Concourse services, and keep Docker pruned/healthy.
  3. reload startup config: systemctl daemon-reload
  4. Make /srv/ directory structure:

On web:

mkdir -p /srv/concourse-web/keys
mkdir -p /srv/concourse-web/postgresql

On worker:

mkdir -p /srv/concourse-worker/keys
  1. Generate keys

On web:

cd /srv/concourse-web/keys
docker run -v $(pwd):/keys --rm --entrypoint /usr/local/concourse/bin/concourse concourse/concourse:latest -- generate-key -t rsa -f /keys/session_signing_key
docker run -v $(pwd):/keys --rm --entrypoint /usr/local/concourse/bin/concourse concourse/concourse:latest -- generate-key -t ssh -f /keys/tsa_host_key

On worker:

cd /srv/concourse-worker/keys
docker run -v $(pwd):/keys --rm --entrypoint /usr/local/concourse/bin/concourse concourse/concourse:latest -- generate-key -t ssh -f /keys/worker_key
  1. Copy public keys between web and worker

Copy web:/srv/concourse-web/keys/tsa_host_key.pub to worker:/srv/concourse-worker/keys/ Copy worker:/srv/concourse-worker/keys/worker_key.pub to worker:/srv/concourse-web/keys/authorized_worker_keys

Note: authorized_worker_keys is a file, not a directory

  1. Download compose files to hosts

On web download into /srv/concourse-web On worker download into /srv/concourse-worker

  1. Start the services

On web: systemctl enable docker-compose@concourse-web and systemctl start docker-compose@concourse-web On worker: systemctl start docker-compose@concourse-worker and systemctl start docker-compose@concourse-worker

Raw
docker-cleanup.service
Unit]
Description=Docker cleanup
Requires=docker.service
After=docker.service
[Service]
Type=oneshot
WorkingDirectory=/tmp
User=root
Group=root
ExecStart=/usr/bin/docker system prune -f
[Install]
WantedBy=multi-user.target
Raw
docker-cleanup.timer
[Unit]
Description=Docker cleanup timer
[Timer]
OnUnitInactiveSec=12h
[Install]
WantedBy=timers.target
Raw
docker-compose@.service
[Unit]
Description=%i service with docker compose
Requires=docker.service
After=docker.service
[Service]
Restart=always
WorkingDirectory=/srv/%i
# Compose up
ExecStart=/usr/local/bin/docker-compose up
# Compose down, remove containers and volumes
ExecStop=/usr/local/bin/docker-compose down -v
[Install]
WantedBy=multi-user.target
Raw
web-docker-compose.yml
version: '3'
services:
db:
image: postgres
volumes:
- /srv/concourse-web/postgresql/pgdata:/var/lib/postgresql/data
ports:
- 6543:5432
environment:
POSTGRES_DB: concourse
POSTGRES_USER: concourse
POSTGRES_PASSWORD: concourse
web:
image: concourse/concourse:latest
command: web
volumes:
- /srv/concourse-web/keys:/keys
depends_on: [db]
ports:
- 8080:8080
- 2222:2222
environment:
CONCOURSE_LOG_LEVEL: info
CONCOURSE_POSTGRES_HOST: db
CONCOURSE_POSTGRES_USER: concourse
CONCOURSE_POSTGRES_PASSWORD: concourse
CONCOURSE_POSTGRES_DATABASE: concourse
CONCOURSE_EXTERNAL_URL: http://concourse-web-01:8080
CONCOURSE_ADD_LOCAL_USER: admin:admin,guest:guest
CONCOURSE_MAIN_TEAM_LOCAL_USER: admin
CONCOURSE_CLUSTER_NAME: concourse
CONCOURSE_SESSION_SIGNING_KEY: /keys/session_signing_key
CONCOURSE_TSA_HOST_KEY: /keys/tsa_host_key
CONCOURSE_TSA_AUTHORIZED_KEYS: /keys/authorized_worker_keys
Raw
worker-docker-compose.yml
version: '3'
services:
worker:
image: concourse/concourse:latest
volumes:
- /srv/concourse-worker/keys:/keys
command: worker
privileged: true
ports:
- 7777:7777
- 7788:7788
stop_signal: SIGUSR2
environment:
CONCOURSE_LOG_LEVEL: debug
CONCOURSE_TSA_HOST: concourse-web-01:2222
CONCOURSE_TSA_PUBLIC_KEY: /keys/tsa_host_key.pub
CONCOURSE_TSA_WORKER_PRIVATE_KEY: /keys/worker_key
# so we can reach Garden/Baggageclaim for debugging
CONCOURSE_BIND_IP: 0.0.0.0
CONCOURSE_BAGGAGECLAIM_BIND_IP: 0.0.0.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment