From 7de15cb74926cf9e074d5d28fcbf2c0b6102a741 Mon Sep 17 00:00:00 2001 From: Dr Nic Williams Date: Mon, 2 Apr 2018 11:46:48 +1000 Subject: [PATCH] update intro to bucc from docker-compose --- docs/basics/secret-parameters.md | 41 ++++++++++++++------------------ 1 file changed, 18 insertions(+), 23 deletions(-) diff --git a/docs/basics/secret-parameters.md b/docs/basics/secret-parameters.md index 198a1be2..3240851d 100644 --- a/docs/basics/secret-parameters.md +++ b/docs/basics/secret-parameters.md @@ -8,37 +8,32 @@ Concourse supports Cloud Foundry Credhub and Hashicorp Vault. They have a common ## Redeploy Concourse with Credhub -First, delete initial `tutorial` concourse: +We will now switch from our `docker-compose up` deployment of Concourse to [bucc](https://github.com/starkandwayne/bucc) to deploy a local single VM version of Concourse that has the Credhub credentials manager. As a bonus, `bucc` will allow you to deploy a production-version of Concourse to any public or private cloud. In this tutorial we will deploy `bucc` to your local machine. -``` -cd ../../.. -bosh delete-env manifests/concourse-lite.yml --state tmp/state.json -``` - -Now, switch to [bucc](https://github.com/starkandwayne/bucc) to deploy a local single VM version of Concourse that has the Credhub credentials manager. +First, you need to install [VirtualBox](https://www.virtualbox.org/wiki/Downloads) (for the local deployment of `bucc`). -In another terminal: +Next: -``` +```plain git clone https://github.com/starkandwayne/bucc ~/workspace/bucc cd ~/workspace/bucc ``` -Now run: +Now run the following to deploy `bucc` to your local machine using VirtualBox: -``` +```plain bucc up --lite ``` If this fails with `command not found: bucc`, then perhaps you do not have [`direnv`](https://direnv.net/) installed. Never fear. Run to update your `$PATH` to add the `bin/bucc` command. -``` +```plain source .envrc ``` Now run: -``` +```plain bucc up --lite ``` @@ -48,7 +43,7 @@ The `bucc up --lite` command is similar to `bosh create-env` but adds Credhub to To target and login to your new Concourse: -``` +```plain bucc fly ``` @@ -58,7 +53,7 @@ The Concourse dashboard UI is now at https://192.168.50.6/ To target and login to Credhub, the credentials manager included in `bucc`: -``` +```plain bucc credhub ``` @@ -66,7 +61,7 @@ bucc credhub Credhub will enthusiastically and frequently drop your login session: -``` +```plain You are not currently authenticated. Please log in to continue. ``` @@ -78,7 +73,7 @@ Similarly, `fly -t bucc` sessions will timeout. To re-authenticate, return to `~ Back in your main `concourse-tutorial` terminal window, return to the `tutorials/basic/parameters` folder, and install the pipeline from the preceding section to our new `bucc` concourse environment. Do not provide any explicit values for the parameters as these will come from the Credhub credentials manager: -``` +```plain cd ../parameters fly -t bucc sp -p parameters -c pipeline.yml fly -t bucc up -p parameters @@ -86,14 +81,14 @@ fly -t bucc up -p parameters ## Insert values into Credentials Manager -``` +```plain credhub set -n /concourse/main/parameters/cat-name --type value --value garfield credhub set -n /concourse/main/parameters/dog-name --type value --value oddie ``` Run the pipeline job to confirm that it dynamically fetched the secrets from Credhub: -``` +```plain fly -t bucc trigger-job -j parameters/show-animal-names -w ``` @@ -106,7 +101,7 @@ When resolving a parameter such as `((cat-name))`, it will look in the following So, if the `((cat-name))` credential is to be shared across all pipelines in the `main` team, then the `credhub set` commands would become: -``` +```plain credhub delete -n /concourse/main/parameters/cat-name credhub delete -n /concourse/main/parameters/dog-name credhub set -n /concourse/main/cat-name --type value --value garfield @@ -115,7 +110,7 @@ credhub set -n /concourse/main/dog-name --type value --value oddie Again, run the pipeline job to confirm that it dynamically fetched the team's shared secrets from Credhub: -``` +```plain fly -t bucc trigger-job -j parameters/show-animal-names -w ``` @@ -123,7 +118,7 @@ fly -t bucc trigger-job -j parameters/show-animal-names -w A great feature of Concourse Credentials Manager - regardless if backed by Cloud Foundry Credhub or Hashicorp Vault - is that you can now update secrets/parameters and the new values will automatically be used the next time a job is run. -``` +```plain credhub set -n /concourse/main/cat-name --type value --value milo credhub set -n /concourse/main/dog-name --type value --value otis @@ -132,7 +127,7 @@ fly -t bucc trigger-job -j parameters/show-animal-names -w The output will include the two new parameter values: -``` +```plain CAT_NAME=milo DOG_NAME=otis ``` \ No newline at end of file