Continuous Integration is a DevOps software development practice which enables the developers to frequently merge the modified code into the shared repository many times a day. After each merge, automatic builds and tests are performed to detect problems in the code. It enables the developers to find and resolve the errors quickly to improve software quality and provide continuous delivery of the software. Switching to and fro from Concourse is very easy as it keeps all its configuration in declarative files that can be checked into version control. It also provides a web user interface which displays the build information interactively.
Be sure to replace all occurrences of 192.0.2.1 and ci.example.com with your actual Vultr public IP address and actual domain name.
Update your base system using the guide How to Update Ubuntu 16.04. Once your system has been updated, proceed to install PostgreSQL.
PostgreSQL is an object relational database system. Concourse stores its pipeline data into a PostgreSQL database. Add the PostgreSQL repository.
echo "deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main" | sudo tee /etc/apt/sources.list.d/pgdg.list
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt update
Install the PostgreSQL database server.
sudo apt -y install postgresql
Start the PostgreSQL server and enable it to start automatically at boot time.
sudo systemctl start postgresql
sudo systemctl enable postgresql
Change the password for the default PostgreSQL user.
sudo passwd postgres
Login as the PostgreSQL user:
sudo su - postgres
Create a new PostgreSQL user for Concourse CI.
createuser concourse
Note: The default PostgreSQL user can be used for authentication of the database, but it is recommended to use a dedicated user for authentication of Concourse database in a production setup.
PostgreSQL provides a shell to run queries on the database. Switch to the PostgreSQL shell.
psql
Set a password for the newly created Concourse database user.
ALTER USER concourse WITH ENCRYPTED password 'DBPassword';
Important: Replace DBPassword with a strong password. Make a note of the password as it will be required later in the tutorial.
Create a new database for Concourse.
CREATE DATABASE concourse OWNER concourse;
Exit the psql shell.
\q
Switch to the sudo user from current postgres user.
exit
Download the latest version of the Concourse executable and store it in /usr/bin so that it can be executed directly. The latest version of the Concourse and Fly binaries can be found on the Concourse download page. New releases are very frequent. Replace the link below with the new link for the most recent version.
sudo wget https://github.com/concourse/concourse/releases/download/v3.10.0/concourse_linux_amd64 -O /usr/bin/concourse
Similarly, download the latest version of the fly executable and store it in /usr/bin.
sudo wget https://github.com/concourse/concourse/releases/download/v3.10.0/fly_linux_amd64 -O /usr/bin/fly
Fly is the command line interface used to connect to the ATC API of Concourse CI. Fly is available for multiple platforms such as Linux, Windows and MacOS.
Assign execute permission to the downloaded concourse and fly binaries.
sudo chmod +x /usr/bin/concourse /usr/bin/fly
Check if Concourse and Fly are working correctly by checking their version.
concourse -version
fly -version
RSA key pairs provide a way to encrypt the communication between the components of the Concourse.
For Concourse to work, at least three pairs of keys must be generated. For encrypting the session data, generate a session_signing_key. This key will also be used by TSA to sign the requests it makes to the ATC. To secure the TSA SSH server, generate a tsa_host_key. Finally, generate a worker_key for each worker.
Create a new directory to store the keys and configuration related to Concourse CI.
sudo mkdir /opt/concourse
Generate the required keys.
sudo ssh-keygen -t rsa -q -N '' -f /opt/concourse/session_signing_key
sudo ssh-keygen -t rsa -q -N '' -f /opt/concourse/tsa_host_key
sudo ssh-keygen -t rsa -q -N '' -f /opt/concourse/worker_key
Authorize the workers' public key by copying its contents to the authorized_worker_keys file.
sudo cp /opt/concourse/worker_key.pub /opt/concourse/authorized_worker_keys
Concourse provides two separate components which need to be started: the web and the worker. Start the Concourse web.
sudo concourse web \
--basic-auth-username admin \
--basic-auth-password StrongPass \
--session-signing-key /opt/concourse/session_signing_key \
--tsa-host-key /opt/concourse/tsa_host_key \
--tsa-authorized-keys /opt/concourse/authorized_worker_keys \
--postgres-user=concourse \
--postgres-password=DBPassword \
--postgres-database=concourse \
--external-url http://192.0.2.1:8080
Change the username and password of the basic-auth if desired. Make sure that the path to the key files are correct and make sure that the correct value for username and password in the PostgreSQL database configuration is provided.
Note: ATC will listen to the default port 8080 and TSA will listen to port 2222. If authentication is not desired, pass the --no-really-i-dont-want-any-auth option after removing the basic auth options.
Once the web server is started, the following output will be displayed.
{"timestamp":"1503657859.661247969","source":"tsa","message":"tsa.listening","log_level":1,"data":{}}
{"timestamp":"1503657859.666907549","source":"atc","message":"atc.listening","log_level":1,"data":{"debug":"127.0.0.1:8079","http":"0.0.0.0:8080"}}
Stop the server for now, as a few more things still must be setup.
Start the Concourse CI Worker.
sudo concourse worker \
--work-dir /opt/concourse/worker \
--tsa-host 127.0.0.1 \
--tsa-public-key /opt/concourse/tsa_host_key.pub \
--tsa-worker-private-key /opt/concourse/worker_key
The above command will assume that the TSA is running on localhost and listening to the default port 2222.
Though the Concourse web and worker can be started easily using the commands above, it is recommended to use Systemd to manage the server.
Using Systemd service for managing the application ensures that the application is automatically started on failures and at boot time. The Concourse server does not take data from any configuration file, but it can access the data from environment variables. Instead of setting global environment variables, create a new file to store the environment variables and then pass the variables to the Concourse CI using the Systemd service.
Create a new environment file for Concourse web.
sudo nano /opt/concourse/web.env
Populate the file.
CONCOURSE_SESSION_SIGNING_KEY=/opt/concourse/session_signing_key
CONCOURSE_TSA_HOST_KEY=/opt/concourse/tsa_host_key
CONCOURSE_TSA_AUTHORIZED_KEYS=/opt/concourse/authorized_worker_keys
CONCOURSE_POSTGRES_USER=concourse
CONCOURSE_POSTGRES_PASSWORD=DBPassword
CONCOURSE_POSTGRES_DATABASE=concourse
CONCOURSE_BASIC_AUTH_USERNAME=admin
CONCOURSE_BASIC_AUTH_PASSWORD=StrongPass
CONCOURSE_EXTERNAL_URL=http://192.0.2.1:8080
Change the username and password of the BASIC_AUTH if desired. Make sure that the path to the key files are correct and make sure that the correct value for username and password in the PostgreSQL database configuration is provided.
Similarly, create an environment file for the worker.
sudo nano /opt/concourse/worker.env
Populate the file.
CONCOURSE_WORK_DIR=/opt/concourse/worker
CONCOURSE_TSA_WORKER_PRIVATE_KEY=/opt/concourse/worker_key
CONCOURSE_TSA_PUBLIC_KEY=/opt/concourse/tsa_host_key.pub
CONCOURSE_TSA_HOST=127.0.0.1
As the environment files contain usernames and passwords, change its permissions so that it cannot be accessed by other users.
sudo chmod 600 /opt/concourse/*.env
Now create a new user for Concourse to run the web environment. This will ensure that the web server is running in an isolated environment.
sudo useradd concourse
Give the concourse user ownership over Concourse CI file's directory.
sudo chown -R concourse:concourse /opt/concourse
Create a new systemd service file for the Concourse web service.
sudo nano /etc/systemd/system/concourse-web.service
Populate the file.
[Unit]
Description=Concourse CI web server
[Service]
Type=simple
User=concourse
Group=concourse
Restart=on-failure
EnvironmentFile=/opt/concourse/web.env
ExecStart=/usr/bin/concourse web
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=concourse_web
[Install]
WantedBy=multi-user.target
Save and close the file. Create a new service file for the Concourse worker service.
sudo nano /etc/systemd/system/concourse-worker.service
Populate the file.
[Unit]
Description=Concourse CI worker process
[Service]
Type=simple
Restart=on-failure
EnvironmentFile=/opt/concourse/worker.env
ExecStart=/usr/bin/concourse worker
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=concourse_worker
[Install]
WantedBy=multi-user.target
The web and worker service can now be started directly.
sudo systemctl start concourse-web concourse-worker
To enable the worker and web process to automatically start at boot time, run the following.
sudo systemctl enable concourse-worker concourse-web
To check the status of services, run the following.
sudo systemctl status concourse-worker concourse-web
If the service is not started, or in the FAILED state, remove the cache from the /tmp directory.
sudo rm -rf /tmp/*
Restart the services.
sudo systemctl restart concourse-worker concourse-web
Notice that this time the services have started correctly. The output upon verifying the status of the services will be similar to the following.
[user@vultr ~]$ sudo systemctl status concourse-worker concourse-web
● concourse-worker.service - Concourse CI worker process
Loaded: loaded (/etc/systemd/system/concourse-worker.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2017-08-26 07:27:37 UTC; 55s ago
Main PID: 3037 (concourse)
CGroup: /system.slice/concourse-worker.service
└─3037 /usr/bin/concourse worker
Aug 26 07:27:42 vultr.guest concourse_worker[3037]: {"timestamp":"1503732462.934722900","source":"tsa","message":"t...""}}
Aug 26 07:27:42 vultr.guest concourse_worker[3037]: {"timestamp":"1503732462.941227913","source":"guardian","messag...0"}}
...
● concourse-web.service - Concourse CI web server
Loaded: loaded (/etc/systemd/system/concourse-web.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2017-08-26 07:27:37 UTC; 55s ago
Main PID: 3036 (concourse)
CGroup: /system.slice/concourse-web.service
└─3036 /usr/bin/concourse web
Aug 26 07:27:57 vultr.guest concourse_web[3036]: {"timestamp":"1503732477.925554752","source":"tsa","message":"tsa...ve"}}
Aug 26 07:28:02 vultr.guest concourse_web[3036]: {"timestamp":"1503732482.925430775","source":"tsa","message":"tsa...ve"}}
...
Hint: Some lines were ellipsized, use -l to show in full.
Once the server is started, the web interface of the Concourse CI can be accessed by going to http://192.0.2.1:8080 in any browser. Log in using the username and password provided in the environment file.
To connect to the server using Fly, run the following.
fly -t my-ci login -c http://192.0.2.1:8080
The above command is used for the initial login to the server. -t is used to provide a target name. replace my-ci with any desired target name. The above command will log in to the default team main. It will ask for the username and password provided in the environment file.
The output will look like the following.
[user@vultr ~]$ fly -t my-ci login -c http://192.0.2.1:8080
logging in to team 'main'
username: admin
password:
target saved
The target login will be saved for a day. After that, it will expire.
To log out immediately.
fly -t my-ci logout
Fly can be used to login to the server outside of the network, but only if the server has a public IP address and it is accessible from outside the network. The Windows or MacOS binary can be downloaded from the download site or from the web UI of the server.
Logins, and other information sent through the web UI to the Concourse server are not secured. The connection is not encrypted. An Nginx reverse proxy can be set up with a Let's Encrypt free SSL.
Install Nginx.
sudo apt -y install nginx
Start Nginx and enable it to automatically start at boot time.
sudo systemctl start nginx
sudo systemctl enable nginx
Add the Certbot repository.
sudo add-apt-repository --yes ppa:certbot/certbot
sudo apt-get update
Install Certbot, which is the client application for Let's Encrypt CA.
sudo apt -y install certbot
Note: To obtain certificates from Let's Encrypt CA, the domain for which the certificates are to be generated must be pointed towards the server. If not, make the necessary changes to the DNS records of the domain and wait for the DNS to propagate before making the certificate request again. Certbot checks the domain authority before providing the certificates.
Generate the SSL certificates.
sudo certbot certonly --webroot -w /var/www/html -d ci.example.com
The generated certificates are likely to be stored in the /etc/letsencrypt/live/ci.example.com/ directory. The SSL certificate will be stored as fullchain.pem and the private key will be stored as privkey.pem.
Let's Encrypt certificates expire in 90 days, so it is recommended auto renewal for the certificates is set up using cronjobs. Cron is a system service which is used to run periodic tasks.
Open the cron job file.
sudo crontab -e
Add the following line at the end of the file.
30 5 * * * /usr/bin/certbot renew --quiet
The above cron job will run everyday at 5:30 AM. If the certificate is due for expiration, it will automatically be renewed.
Create a new virtual host.
sudo nano /etc/nginx/sites-available/concourse
Populate the file.
server {
listen 80;
server_name ci.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name ci.example.com;
ssl_certificate /etc/letsencrypt/live/ci.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ci.example.com/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/concourse.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
proxy_read_timeout 90;
proxy_redirect http://localhost:8080 https://ci.example.com;
}
}
Note: Replace ci.example.com with the actual domain.
Activate the configuration file.
sudo ln -s /etc/nginx/sites-available/concourse /etc/nginx/sites-enabled/concourse
Edit the Environment file created for concourse Web.
sudo nano /opt/concourse/web.env
Change the value of CONCOURSE_EXTERNAL_URL and also add two more lines at the end of the file.
CONCOURSE_EXTERNAL_URL=https://ci.example.com
CONCOURSE_BIND_IP=127.0.0.1
CONCOURSE_BIND_PORT=8080
Save the file and restart Concourse Web, Worker and Nginx.
sudo systemctl restart concourse-worker concourse-web nginx
All the data sent to and from the browser is now secured with SSL encryptions.
¿Usando un sistema diferente? Foreman es una herramienta gratuita y de código abierto que lo ayuda con la configuración y administración de servidores físicos y virtuales. Forema
What is Packer? Packer is a server imaging tool developed by HashiCorp. Server imaging; or alternatively, immutable infrastructure; is a popular alternativ
SaltStack es un programa de administración de configuración basado en Python que está optimizado para la automatización de archivos de configuración, implementaciones y cualquier otra cosa
SaltStack, o Salt, es una solución de gestión de configuración de código abierto popular que se puede utilizar para implementar ejecución remota, gestión de configuración, bacalao
Si bien SaltStack es una gran herramienta para ejecutar operaciones en muchos servidores simultáneamente, también admite configuraciones predeterminadas definidas por host almacenadas en un
What is a Load Balancer Load Balancers sit in front of your application and distribute incoming traffic across multiple instances of your application. Fo
Hay muchas formas de automatizar el proceso de configuración y configuración de una caja. Por alguna razón, si todo nuestro sistema en este punto comprende solo
Using a Different System? Ansible is an open source tool for automating tasks. It manages the configuration of your Linux and Windows servers. It work
Introduction Strider CD is an open source continuous deployment platform. The application is written in Node.js and uses MongoDB as a storage backend. Stride
¿Usando un sistema diferente? Introducción Continuous Integration es una práctica de desarrollo de software DevOps que permite a los desarrolladores fusionar frecuentemente
¿Usando un sistema diferente? GoCD es un sistema de automatización y entrega continua de código abierto. Le permite modelar flujos de trabajo complejos utilizando su paralelo
¿Usando un sistema diferente? Ansible es una herramienta de código abierto para automatizar tareas. Gestiona la configuración de sus servidores Linux y Windows. Funciona
Jenkins es una herramienta popular de CI de código abierto (integración continua) que se usa ampliamente para el desarrollo, implementación y automatización de proyectos. Este artículo será
Introduction Chocolatey brings package management that makes administering software and dependencies easy on Linux, to Windows. You can quickly and easil
¿Usando un sistema diferente? Foreman es una herramienta gratuita y de código abierto que lo ayuda con la configuración y administración de servidores físicos y virtuales. Forema
Introduction Drone is an automated, continuous testing and delivery platform which runs on your own infrastructure. Drone supports any language, service o
ZPanel, un panel de control de alojamiento web popular, se bifurcó en 2014 a un nuevo proyecto llamado Sentora. Aprende a instalar Sentora en tu servidor con este tutorial.
Aprende cómo instalar Vtiger CRM, una aplicación de gestión de relaciones con el cliente, en CentOS 7 para aumentar tus ventas y mejorar el servicio al cliente.
Esta guía completa le mostrará cómo configurar un servidor Counter-Strike 1.6 en Linux, optimizando el rendimiento y la seguridad para el mejor juego. Aprende los pasos más recientes aquí.
Los ataques de ransomware van en aumento, pero ¿puede la IA ayudar a lidiar con el último virus informático? ¿Es la IA la respuesta? Lea aquí, sepa que la IA es una bendición o una perdición
ReactOS, un sistema operativo de código abierto y gratuito, está aquí con la última versión. ¿Puede satisfacer las necesidades de los usuarios de Windows de hoy en día y acabar con Microsoft? Averigüemos más sobre este estilo antiguo, pero una experiencia de sistema operativo más nueva.
Whatsapp finalmente lanzó la aplicación de escritorio para usuarios de Mac y Windows. Ahora puede acceder a Whatsapp desde Windows o Mac fácilmente. Disponible para Windows 8+ y Mac OS 10.9+
Lea esto para saber cómo la Inteligencia Artificial se está volviendo popular entre las empresas de pequeña escala y cómo está aumentando las probabilidades de hacerlas crecer y dar ventaja a sus competidores.
Recientemente, Apple lanzó macOS Catalina 10.15.4, una actualización complementaria para solucionar problemas, pero parece que la actualización está causando más problemas que conducen al bloqueo de las máquinas Mac. Lee este artículo para obtener más información
13 Herramientas comerciales de extracción de datos de Big Data
Nuestra computadora almacena todos los datos de una manera organizada conocida como sistema de archivos de diario. Es un método eficiente que permite a la computadora buscar y mostrar archivos tan pronto como presiona buscar.
