- Published on
Install Concourse CI v7.4 on Ubuntu Linux
- Authors
- Name
- Ruan Bekker
- @ruanbekker
Concourse is a Pipeline Based Continious Integration system written in Go
Resources:
- https://concourse-ci.org/
- https://github.com/concourse/concourse
- https://github.com/starkandwayne/concourse-tutorial
Older Version
An older version is available:
What is Concourse CI:
Concourse CI is a Continious Integration Platform. Concourse enables you to construct pipelines with a yaml configuration that can consist out of 3 core concepts, tasks, resources, and jobs that compose them. For more information about this have a look at their docs
What will we be doing today
We will setup a Concourse CI Server v6.7.6 (web and worker) on Ubuntu 20.04 and run the traditional Hello, World pipeline
Setup the Server:
Concourse needs PostgresSQL server:
$ apt update && apt upgrade -y
$ apt install postgresql postgresql-contrib -y
$ systemctl enable postgresql
Create the Database and User for Concourse on Postgres:
$ sudo -u postgres createuser concourse
$ sudo -u postgres createdb --owner=concourse atc
Download the Concourse Binary:
$ export CONCOURSE_VERSION=7.4.0
$ wget https://github.com/concourse/concourse/releases/download/v${CONCOURSE_VERSION}/concourse-${CONCOURSE_VERSION}-linux-amd64.tgz
$ tar -xvf concourse-${CONCOURSE_VERSION}-linux-amd64.tgz -C /usr/local/
$ rm -rf concourse-*-linux-amd64.tgz
Create the Encryption Keys:
$ mkdir /etc/concourse
$ ssh-keygen -t rsa -q -N '' -f /etc/concourse/tsa_host_key -m pem
$ ssh-keygen -t rsa -q -N '' -f /etc/concourse/worker_key -m pem
$ ssh-keygen -t rsa -q -N '' -f /etc/concourse/session_signing_key -m pem
$ cp /etc/concourse/worker_key.pub /etc/concourse/authorized_worker_keys -m pem
Set the IP Address:
$ export IP_ADDRESS=$(ifconfig $(route -n | grep '0.0.0.0' | head -1 | rev | awk '{print $1}' | rev) | grep -w 'inet' | awk '{print $2}')
Concourse Web Process Configuration:
$ cat > /etc/concourse/web_environment << EOF
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/concourse/bin
CONCOURSE_ADD_LOCAL_USER=ruan:$(openssl rand -hex 14)
CONCOURSE_SESSION_SIGNING_KEY=/etc/concourse/session_signing_key
CONCOURSE_TSA_HOST_KEY=/etc/concourse/tsa_host_key
CONCOURSE_TSA_AUTHORIZED_KEYS=/etc/concourse/authorized_worker_keys
CONCOURSE_POSTGRES_HOST=127.0.0.1
CONCOURSE_POSTGRES_USER=concourse
CONCOURSE_POSTGRES_PASSWORD=concourse
CONCOURSE_POSTGRES_DATABASE=atc
CONCOURSE_MAIN_TEAM_LOCAL_USER=ruan
CONCOURSE_EXTERNAL_URL=http://$IP_ADDRESS:8080
EOF
Concourse Worker Process Configuration:
cat > /etc/concourse/worker_environment << EOF
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/concourse/bin
CONCOURSE_WORK_DIR=/var/lib/concourse
CONCOURSE_TSA_HOST=127.0.0.1:2222
CONCOURSE_TSA_PUBLIC_KEY=/etc/concourse/tsa_host_key.pub
CONCOURSE_TSA_WORKER_PRIVATE_KEY=/etc/concourse/worker_key
CONCOURSE_GARDEN_DNS_SERVER=8.8.8.8
EOF
Create a Concourse user:
$ mkdir /var/lib/concourse
$ sudo adduser --system --group concourse
$ sudo chown -R concourse:concourse /etc/concourse /var/lib/concourse
$ sudo chmod 600 /etc/concourse/*_environment
Create SystemD Unit Files, first for the Web Service:
$ cat > /etc/systemd/system/concourse-web.service << EOF
[Unit]
Description=Concourse CI web process (ATC and TSA)
After=postgresql.service
[Service]
User=concourse
Restart=on-failure
EnvironmentFile=/etc/concourse/web_environment
ExecStart=/usr/local/concourse/bin/concourse web
[Install]
WantedBy=multi-user.target
EOF
Then the SystemD Unit File for the Worker Service:
$ cat > /etc/systemd/system/concourse-worker.service << EOF
[Unit]
Description=Concourse CI worker process
After=concourse-web.service
[Service]
User=root
Restart=on-failure
EnvironmentFile=/etc/concourse/worker_environment
ExecStart=/usr/local/concourse/bin/concourse worker
[Install]
WantedBy=multi-user.target
EOF
Create a postgres password for the concourse user:
$ cd /home/concourse/
$ sudo -u concourse psql atc
atc=> ALTER USER concourse WITH PASSWORD 'concourse';
atc=> \q
Start and Enable the Services:
$ systemctl start concourse-web concourse-worker
$ systemctl enable concourse-web concourse-worker postgresql
$ systemctl status concourse-web concourse-worker
$ systemctl is-active concourse-worker concourse-web
active
active
The listening ports should more or less look like the following:
$ netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:7777 0.0.0.0:* LISTEN 4530/concourse
tcp 0 0 127.0.0.1:7788 0.0.0.0:* LISTEN 4530/concourse
tcp 0 0 127.0.0.1:8079 0.0.0.0:* LISTEN 4525/concourse
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1283/sshd
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 4047/postgres
tcp6 0 0 :::36159 :::* LISTEN 4525/concourse
tcp6 0 0 :::46829 :::* LISTEN 4525/concourse
tcp6 0 0 :::2222 :::* LISTEN 4525/concourse
tcp6 0 0 :::8080 :::* LISTEN 4525/concourse
tcp6 0 0 :::22 :::* LISTEN 1283/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 918/dhclient
udp 0 0 0.0.0.0:42165 0.0.0.0:* 4530/concourse
You can check the logs like this:
$ sudo journalctl -fu concourse-web
$ sudo journalctl -fu concourse-worker
Make a request using the API:
$ curl http://${IP_ADDRESS}:8080/api/v1/info
{"version":"7.4.0","worker_version":"2.3","feature_flags":{"across_step":false,"build_rerun":false,"cache_streamed_volumes":false,"global_resources":false,"pipeline_instances":false,"redact_secrets":false,"resource_causality":false},"external_url":"http://x.x.x.x:8080"}
Client Side:
I will be using a the Fly cli from a Mac, so first we need to download the fly-cli for Mac:
$ export CONCOURSE_VERSION=7.4.0
$ wget https://github.com/concourse/concourse/releases/download/v${CONCOURSE_VERSION}/fly-${CONCOURSE_VERSION}-darwin-amd64.tgz
$ tar -xvf fly-${CONCOURSE_VERSION}-darwin-amd64.tgz
$ sudo mv fly /usr/local/bin/fly
$ rm -rf fly-${CONCOURSE_VERSION}-darwin-amd64.tgz
Next, we need to setup our Concourse Target by Authenticating against our Concourse Endpoint, lets setup our target with the name ci, and make sure to replace the ip address with the ip of your concourse server:
$ fly -t ci login -c http://${IP_ADDRESS}:8080
logging in to team 'main'
navigate to the following URL in your browser:
http://${IP_ADDRESS}:8080/login?fly_port=42181
or enter token manually (input hidden):
target saved
Lets list our targets:
$ fly targets
name url team expiry
ci http://x.x.x.x:8080 main Wed, 08 Nov 2021 15:32:59 UTC
Listing Registered Workers:
$ fly -t ci workers
name containers platform tags team state version
x.x.x.x 0 linux none none running 1.2
Listing Active Containers:
$ fly -t ci containers
handle worker pipeline job build # build id type name attempt
Hello World Pipeline:
Let's create a basic pipeline, that will print out Hello, World!:
Our hello-world.yml
jobs:
- name: my-job
plan:
- task: say-hello
config:
platform: linux
image_resource:
type: docker-image
source:
repository: alpine
tag: edge
run:
path: /bin/sh
args:
- -c
- |
echo "============="
echo "Hello, World!"
echo "============="
Applying the configuration to our pipeline:
$ fly -t ci set-pipeline -p yeeehaa -c hello-world.yml
jobs:
job my-job has been added:
name: my-job
plan:
- task: say-hello
config:
platform: linux
image_resource:
type: docker-image
source:
repository: alpine
tag: edge
run:
path: /bin/sh
args:
- -c
- |
echo "============="
echo "Hello, World!"
echo "============="
apply configuration? [yN]: y
pipeline created!
you can view your pipeline here: http://x.x.x.x:8080/teams/main/pipelines/yeeehaa
the pipeline is currently paused. to unpause, either:
- run the unpause-pipeline command
- click play next to the pipeline in the web ui
We can browse to the WebUI to unpause the pipeline, but since I like to do everything on cli as far as possible, I will unpause the pipeline via cli:
$ fly -t ci unpause-pipeline -p yeeehaa
unpaused 'yeeehaa'
Now our Pipeline is unpaused, but since we did not specify any triggers, we need to manually trigger the pipeline to run, you can either via the WebUI, select your pipeline which in this case will be named yeeehaa and then select the job, which will be my-job then hit the + sign, which will trigger the pipeline.
I will be using the cli:
$ fly -t ci trigger-job --job yeeehaa/my-job
started yeeehaa/my-job #1
Via the WebUI on http://x.x.x.x:8080/teams/main/pipelines/yeeehaa/jobs/my-job/builds/1 you should see the Hello, World! output, or via the cli, we also have the option to see the output, so let's trigger it again, but this time passing the --watch flag:
$ fly -t ci trigger-job --job yeeehaa/my-job --watch
started yeeehaa/my-job #2
initializing
running /bin/sh -c echo "============="
echo "Hello, World!"
echo "============="
=============
Hello, World!
=============
succeeded
Listing our Workers and Containers again:
$ fly -t ci workers
name containers platform tags team state version
x.x.x.x 2 linux none none running 1.2
$ fly -t ci containers
handle worker pipeline job build # build id type name attempt
46282555-64cd-5h1b-67b8-316486h58eb8 x.x.x.x yeeehaa my-job 2 729 task say-hello n/a
Thank You
Thanks for reading, feel free to check out my website, and subscribe to my newsletter or follow me at @ruanbekker on Twitter.
- Linktree: https://go.ruan.dev/links
- Patreon: https://go.ruan.dev/patreon
