Last active
February 1, 2018 15:20
-
-
Save calebwashburn/c054ec50d09f9f105fa2f6076f3f52be to your computer and use it in GitHub Desktop.
Concourse with UAA integration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: concourse | |
releases: | |
- name: concourse | |
- name: garden-runc | |
- name: postgres | |
- name: uaa | |
- name: credhub | |
stemcells: | |
- alias: default | |
os: ubuntu-trusty | |
version: ((stemcell-version)) | |
instance_groups: | |
- name: db | |
instances: 1 | |
persistent_disk_type: ((db_persistent_disk_type)) | |
vm_type: ((db_vm_type)) | |
stemcell: default | |
azs: [z1] | |
networks: | |
- name: concourse | |
static_ips: [((db_ip))] | |
jobs: | |
- release: postgres | |
name: postgres | |
properties: | |
databases: | |
port: 5432 | |
databases: | |
- name: atc | |
- name: credhub | |
- name: uaa | |
roles: | |
- name: atc | |
password: ((atc-db-password)) | |
- name: credhub | |
password: ((credhub-db-password)) | |
- name: uaa | |
password: ((uaa-db-password)) | |
- name: web | |
instances: ((web_instances)) | |
vm_type: ((web_vm_type)) | |
stemcell: default | |
azs: [z1] | |
networks: | |
- name: concourse | |
static_ips: ((atc_ips)) | |
jobs: | |
- release: concourse | |
name: atc | |
properties: | |
external_url: https://((concourse_host)):443 | |
basic_auth_username: admin | |
basic_auth_password: ((main-team-password)) | |
tls_cert: ((concourse-tls.certificate)) | |
tls_key: ((concourse-tls.private_key)) | |
tls_bind_port: 443 | |
postgresql: | |
host: ((db_ip)) | |
database: atc | |
sslmode: disable | |
role: | |
name: atc | |
password: ((atc-db-password)) | |
credhub: | |
url: https://((concourse_internal_host)):8844 | |
tls: | |
ca_cert: ((concourse-tls.ca)) | |
# hardcoded to side-step defect, should be able to make "false" | |
insecure_skip_verify: true | |
client_id: concourse_to_credhub | |
client_secret: ((concourse_to_credhub_secret)) | |
token_signing_key: ((token_signing_key)) | |
- release: concourse | |
name: tsa | |
properties: | |
host_key: ((tsa_host_key)) | |
token_signing_key: ((token_signing_key)) | |
authorized_keys: [((worker_key.public_key))] | |
- name: uaa | |
release: uaa | |
properties: | |
uaa: | |
ldap: | |
enabled: true | |
profile_type: search-and-bind | |
searchBase: ((user_search_base)) | |
searchFilter: uid={0} | |
ssl: | |
skipverification: true | |
url: ldaps://((ldap_server)) | |
userDN: ((ldap_user_dn)) | |
userPassword: ((ldap_password)) | |
groups: | |
groupSearchFilter: member={0} | |
profile_type: groups-map-to-scopes | |
searchBase: ((group_search_base)) | |
url: &uaa-url "https://((concourse_host)):8443" | |
port: -1 | |
scim: | |
users: | |
- name: admin | |
password: ((uaa-users-admin)) | |
groups: | |
- scim.write | |
- scim.read | |
clients: | |
credhub_cli: | |
override: true | |
authorized-grant-types: password,refresh_token | |
scope: credhub.read,credhub.write | |
authorities: "" | |
access-token-validity: 1200 | |
refresh-token-validity: 3600 | |
secret: "" | |
concourse_to_credhub: | |
override: true | |
authorized-grant-types: client_credentials | |
scope: "" | |
authorities: credhub.read,credhub.write | |
access-token-validity: 30 | |
refresh-token-validity: 3600 | |
secret: ((concourse_to_credhub_secret)) | |
concourse: | |
id: concourse | |
secret: ((concourse_client_secret)) | |
scope: "*" | |
authorized-grant-types: "authorization_code,refresh_token" | |
access-token-validity: 3600 | |
refresh-token-validity: 3600 | |
redirect-uri: https://((concourse_host)):443/auth/oauth/callback | |
admin: {client_secret: ((uaa-admin))} | |
login: {client_secret: ((uaa-login))} | |
zones: {internal: {hostnames: []}} | |
sslCertificate: ((concourse-tls.certificate)) | |
sslPrivateKey: ((concourse-tls.private_key)) | |
jwt: | |
revocable: true | |
policy: | |
active_key_id: key-1 | |
keys: | |
key-1: | |
signingKey: ((uaa-jwt.private_key)) | |
uaadb: | |
address: ((db_ip)) | |
port: 5432 | |
db_scheme: postgresql | |
databases: | |
- tag: uaa | |
name: uaa | |
roles: | |
- tag: admin | |
name: uaa | |
password: ((uaa-db-password)) | |
login: | |
saml: | |
serviceProviderCertificate: ((concourse-tls.certificate)) | |
serviceProviderKey: ((concourse-tls.private_key)) | |
serviceProviderKeyPassword: "" | |
- name: credhub | |
release: credhub | |
properties: | |
credhub: | |
port: 8844 | |
authentication: | |
uaa: | |
url: *uaa-url | |
verification_key: ((uaa-jwt.public_key)) | |
ca_certs: | |
- ((concourse-tls.ca)) | |
data_storage: | |
type: postgres | |
host: ((db_ip)) | |
port: 5432 | |
username: credhub | |
password: ((credhub-db-password)) | |
database: credhub | |
require_tls: false | |
tls: ((concourse-tls)) | |
log_level: info | |
encryption: | |
keys: | |
- provider_name: int | |
encryption_password: ((credhub-encryption-password)) | |
active: true | |
providers: | |
- name: int | |
type: internal | |
- name: worker | |
instances: ((worker_instances)) | |
vm_type: ((worker_vm_type)) | |
stemcell: default | |
azs: [z1] | |
networks: | |
- name: concourse | |
jobs: | |
- release: concourse | |
name: groundcrew | |
consumes: {baggageclaim: {from: worker-baggageclaim}} | |
properties: | |
drain_timeout: 10m | |
tsa: {worker_key: ((worker_key))} | |
- release: concourse | |
name: baggageclaim | |
properties: {log_level: debug} | |
provides: {baggageclaim: {as: worker-baggageclaim}} | |
- release: garden-runc | |
name: garden | |
properties: | |
garden: | |
listen_network: tcp | |
listen_address: 0.0.0.0:7777 | |
update: | |
canaries: 1 | |
canary_watch_time: 30000-1200000 | |
max_in_flight: 5 | |
serial: false | |
update_watch_time: 5000-1200000 | |
variables: | |
- name: atc-db-password | |
type: password | |
- name: credhub-encryption-password | |
type: password | |
options: | |
length: 40 | |
- name: credhub-db-password | |
type: password | |
- name: uaa-jwt | |
type: rsa | |
options: | |
key_length: 4096 | |
- name: uaa-users-admin | |
type: password | |
- name: uaa-admin | |
type: password | |
- name: uaa-login | |
type: password | |
- name: uaa-credhub-admin | |
type: password | |
- name: uaa-db-admin | |
type: password | |
- name: uaa-db-password | |
type: password | |
- name: concourse_to_credhub_secret | |
type: password | |
- name: credhub_cli_password | |
type: password | |
- name: concourse_client_secret | |
type: password | |
- name: main-team-password | |
type: password | |
- name: tsa_host_key | |
type: ssh | |
- name: worker_key | |
type: ssh | |
- name: token_signing_key | |
type: rsa |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment