|
2 | 2 |
|
3 | 3 | \use-plugin{concourse-docs} |
4 | 4 |
|
5 | | -This guide will show you how to install Concourse on any Linux system running \link{Systemd}{https://github.com/systemd/systemd}. |
| 5 | +This guide will show you how to install Concourse on any Linux system |
| 6 | +running \link{Systemd}{https://github.com/systemd/systemd}. |
| 7 | + |
| 8 | +This guide makes the following assumptions: |
| 9 | +\ordered-list{ |
| 10 | + You have a PostgreSQL database running somewhere already. You created a |
| 11 | + database called \code{concourse}. You've created a user for Concourse to |
| 12 | + authenticate as. |
| 13 | +}{ |
| 14 | + You have generated the necessary |
| 15 | + \reference{generating-keys}{encryption Keys}. |
| 16 | +}{ |
| 17 | + The web node will be directly exposed to the internet and can therefore |
| 18 | + accept inbound traffic on port 443. |
| 19 | +}{ |
| 20 | + The Web and Worker node are being installed on separate servers and you |
| 21 | + will figure out networking between the two servers. |
| 22 | +} |
| 23 | + |
| 24 | +\section{ |
| 25 | + \title{Install the Concourse CLI}{systemd-concourse-cli} |
| 26 | + The first step is to install the \reference{concourse-cli}. We will |
| 27 | + install the CLI in \code{/use/local/concourse}, but you can choose a |
| 28 | + different install location. |
| 29 | + |
| 30 | + Run the following commands to install the Concourse CLI on both your |
| 31 | + Web and Worker servers: |
| 32 | + \codeblock{bash}{{{ |
| 33 | + CONCOURSE_VERSION="<select-a-concourse-version>" |
| 34 | + CONCOURSE_TAR="concourse.tgz" |
| 35 | + CONCOURSE_URL="https://github.com/concourse/concourse/releases/download/v${CONCOURSE_VERSION}/concourse-${CONCOURSE_VERSION}-linux-amd64.tgz" |
| 36 | + curl -L --output ./${CONCOURSE_TAR} ${CONCOURSE_URL} |
| 37 | + tar xzf ./${CONCOURSE_TAR} -C /usr/local/ |
| 38 | + rm ./${CONCOURSE_TAR} |
| 39 | + }}} |
| 40 | + |
| 41 | + If you want to make running the Concourse CLI easier, add |
| 42 | + \code{/usr/local/concourse/bin} to your \code{PATH}. |
| 43 | + |
| 44 | + \codeblock{bash}{{{ |
| 45 | + PATH="$PATH:/usr/local/concourse/bin" |
| 46 | + }}} |
| 47 | + |
| 48 | + You can move on to setting up the Web node. |
| 49 | +} |
| 50 | + |
| 51 | +\section{ |
| 52 | + \title{Web Node}{systemd-web} |
| 53 | + First lets create a new user and group for the web node to run as: |
| 54 | + |
| 55 | + \codeblock{bash}{{{ |
| 56 | + addgroup --system "concourse" |
| 57 | + adduser \ |
| 58 | + --system \ |
| 59 | + --ingroup "concourse" \ |
| 60 | + --no-create-home \ |
| 61 | + --disabled-password \ |
| 62 | + --disabled-login \ |
| 63 | + --comment "concourse web user" \ |
| 64 | + "concourse" |
| 65 | + }}} |
| 66 | + |
| 67 | + Next, place the following keys (previously generated) in |
| 68 | + \code{/usr/local/concourse/keys/}: |
| 69 | + \list{ |
| 70 | + \code{session_signing_key} |
| 71 | + }{ |
| 72 | + \code{tsa_host_key} |
| 73 | + }{ |
| 74 | + \code{worker_key.pub} |
| 75 | + } |
| 76 | + |
| 77 | + Next create a file named \code{web.env} in \code{/usr/local/concourse/} that |
| 78 | + will be used to configure the web node. This is where you can \reference{configuring-auth}{configure |
| 79 | + authentication} to Concourse and all other settings found when you run |
| 80 | + \code{concourse web --help}. |
| 81 | + |
| 82 | + \codeblock{}{{{ |
| 83 | + PATH=/usr/local/concourse/bin |
| 84 | + CONCOURSE_EXTERNAL_URL=https://ci.example.com |
| 85 | + CONCOURSE_ENABLE_LETS_ENCRYPT=true |
| 86 | + CONCOURSE_TLS_BIND_PORT=443 |
| 87 | + CONCOURSE_POSTGRES_HOST=db.example.com |
| 88 | + CONCOURSE_POSTGRES_USER=<user> |
| 89 | + CONCOURSE_POSTGRES_PASSWORD=<password> |
| 90 | + CONCOURSE_POSTGRES_DATABASE=concourse |
| 91 | + CONCOURSE_SESSION_SIGNING_KEY=/usr/local/concourse/keys/session_signing_key |
| 92 | + CONCOURSE_TSA_HOST_KEY=/usr/local/concourse/keys/tsa_host_key |
| 93 | + CONCOURSE_TSA_AUTHORIZED_KEYS=/usr/local/concourse/keys/worker_key.pub |
| 94 | + CONCOURSE_CLUSTER_NAME=Concourse |
| 95 | + CONCOURSE_MAIN_TEAM_LOCAL_USER=local |
| 96 | + CONCOURSE_ADD_LOCAL_USER=local:local |
| 97 | + }}} |
| 98 | + |
| 99 | + Set the file permissions to read-only and restricted to the \code{concourse} |
| 100 | + user and group: |
| 101 | + |
| 102 | + \codeblock{bash}{{{ |
| 103 | + chmod 0444 web.env |
| 104 | + }}} |
| 105 | + |
| 106 | + Ensure the entire \code{/usr/local/concourse} folder is owned by the |
| 107 | + \code{concourse} user and group: |
| 108 | + |
| 109 | + \codeblock{bash}{{{ |
| 110 | + chown -R concourse:concourse /usr/local/concourse |
| 111 | + }}} |
| 112 | + |
| 113 | + We can now created a new Systemd Unit file at |
| 114 | + \code{/etc/systemd/system/} named \code{concourse-web.service}. Place |
| 115 | + the following configuration in the unit file: |
| 116 | + |
| 117 | + \codeblock{}{{{ |
| 118 | + [Unit] |
| 119 | + Description=Concourse web node |
| 120 | + [Service] |
| 121 | + User=concourse |
| 122 | + Group=concourse |
| 123 | + EnvironmentFile=/usr/local/concourse/web.env |
| 124 | + ExecStart=/usr/local/concourse/bin/concourse web |
| 125 | + Restart=on-failure |
| 126 | + RestartSec=3 |
| 127 | + KillSignal=SIGTERM |
| 128 | + TimeoutStopSec=60 |
| 129 | + [Install] |
| 130 | + WantedBy=default.target |
| 131 | + }}} |
| 132 | + |
| 133 | + Finally enable and start the web service: |
| 134 | + \codeblock{bash}{{{ |
| 135 | + systemctl daemon-reload |
| 136 | + systemctl enable concourse-web |
| 137 | + systemctl start concourse-web |
| 138 | + }}} |
| 139 | + |
| 140 | + Check the status of the service: |
| 141 | + \codeblock{bash}{{{ |
| 142 | + systemctl status concourse-web |
| 143 | + }}} |
| 144 | + |
| 145 | + If the service isn't staying up, check the logs: |
| 146 | + \codeblock{bash}{{{ |
| 147 | + journalctl -u concourse-web |
| 148 | + }}} |
| 149 | + |
| 150 | +} |
| 151 | + |
| 152 | +\section{ |
| 153 | + \title{Worker Node}{systemd-worker} |
| 154 | + |
| 155 | +} |
0 commit comments