Now that you have completed Lab 1: Task Scheduler Demo and have secondary BOSH environment running (i.e. Bosh2), its time to use it for something useful. This module will help you deploy a Bosh Managed Concourse cluster to AWS.

Please read official Concourse documentation for Deploying a Bosh Concourse cluster

Disclaimer: This repo is not a substitute for a properly designed tool, however could be utilized as a starting point.

• Bosh1 (eg PCF Bosh) and Bosh2 (via CF Tasks Lab) Environments

• SSL cert and keys for Concourse Web Portal

• AWS Elastic Load Balancer configured for Concourse and SSL

• Configured Bosh2 Cloud Config

• Concourse BOSH Release and Deployment

1. Update the included openssl.cnf file with your Route53 Domain names (eg. *.yourdomain.com, *.concourse.yourdomain.com)

   [req]
   distinguished_name = req_distinguished_name
   req_extensions = v3_req
   
   [req_distinguished_name]
   countryName = Country Name (2 letter code)
   countryName_default = US
   stateOrProvinceName = State or Province Name (full name)
   stateOrProvinceName_default = WA
   localityName = Locality Name (eg, city)
   localityName_default = Seattle
   organizationalUnitName  = Organizational Unit Name (eg, section)
   organizationalUnitName_default  = Company Organization Unit
   commonName = *.yourdomain.com
   commonName_max  = 64
   
   [ v3_req ]
   # Extensions to add to a certificate request
   basicConstraints = CA:FALSE
   keyUsage = nonRepudiation, digitalSignature, keyEncipherment
   subjectAltName = @alt_names
   
   [alt_names]
   DNS.1 = *.concourse.yourdomain.com

2. Generate Concourse TLS cert and keys

   openssl genrsa -out concourse.pem 2048
   openssl req -sha256 -new -key concourse.pem -out csr.pem -config openssl.cnf
   openssl x509 -req -days 365 -in csr.pem -signkey concourse.pem -out concourse-certificate.pem
   openssl rsa -in concourse -outform PEM
   aws iam upload-server-certificate --server-certificate-name concourse-server-certificate --certificate-body file://concourse-certificate.pem --private-key file://concourse.pem
   aws iam get-server-certificate --server-certificate-name concourse-server-certificate

3. Verify AWS upload of Cert

   $ aws iam get-server-certificate --server-certificate-name concourse-server-certificate

1. Create Classic Load balancer as concourse-elb

2. Forward following ports

   80   -> 8080
   443  -> 4443
   2222 -> 2222

3. Attach your previously uploded concourse-server-certificate to the SSL port 443 of concourse-elb

4. Create a Route53 entry for concourse.yourdomain.com and set CName to DNS of concourse-elb

1. Target your original PCF Bosh Director and output Bosh1 Cloud Config

   $ bosh target 10.0.10.1
   RSA 1024 bit CA certificates are loaded due to old openssl compatibility
   Target set to 'bosh0'
   
   $ bosh cloud-config > bosh2-cloud-config.yml

2. Update bosh2-cloud-config.yml AZ and Network entries as in Sample Bosh2 Manifest

   azs:
   - name: us-west-2a
     cloud_properties:
       availability_zone: us-west-2a
   networks:
   - name: boshnet
     type: manual
     subnets:
     - dns:
       - 10.0.0.2
       range: 10.0.0.0/24
       gateway: 10.0.0.1
       azs:
       - us-west-2a
       cloud_properties:
         subnet: subnet-ff593498
       reserved:
       - 10.0.0.2-10.0.0.10
       - 10.0.0.62-10.0.0.254
       static:
       - 10.0.0.15
       - 10.0.0.16
       - 10.0.0.17
       - 10.0.0.18

3. Update bosh2-cloud-config.yml Compilation workers for the new network

   compilation:
     workers: 5
     network: boshnet
     az: us-west-2a
     reuse_compilation_vms: true
     vm_type: c4.xlarge
     vm_extensions: []

4. Replace bosh2-cloud-config.yml VM Extensions with Concourse specific values, including AWS Load Balancer

   vm_extensions:
   - name: public_ip
     cloud_properties:
       auto_assign_public_ip: true
   - name: vm-extension-concourse-worker
     cloud_properties:
       elbs:
       - concourse-elb
       ephemeral_disk:
         size: 32768

5. Update your Bosh2 Cloud Config using bosh2-cloud-config.yml

   $ bosh target 10.0.0.6
   RSA 1024 bit CA certificates are loaded due to old openssl compatibility
   Target set to 'bosh2'
   
   $ bosh update cloud-config bosh2-cloud-config.yml

1. Upload Ubuntu Stemcell

   $ bosh upload stemcell https://s3.amazonaws.com/bosh-aws-light-stemcells/light-bosh-stemcell-3421.11-aws-xen-hvm-ubuntu-trusty-go_agent.tgz --sha1 SHA1
   
   $ bosh stemcells
   Acting as user 'admin' on 'bosh2'
   
   +-----------------------------------------+---------------+----------+--------------------+
   | Name                                    | OS            | Version  | CID                |
   +-----------------------------------------+---------------+----------+--------------------+
   | bosh-aws-xen-hvm-ubuntu-trusty-go_agent | ubuntu-trusty | 3421.11* | ami-92abbdeb light |
   +-----------------------------------------+---------------+----------+--------------------+
   
   (*) Currently in-use
   
   Stemcells total: 1

2. Upload Garden Run-C and Concourse Bosh releases

   $ bosh upload release https://github.com/concourse/concourse/releases/download/v3.3.0/concourse-3.3.0.tgz
   $ bosh upload release https://bosh.io/d/github.com/cloudfoundry-incubator/garden-runc-release
   
   $ bosh releases
   Acting as user 'admin' on 'bosh2'
   
   +-------------+----------+-------------+
   | Name        | Versions | Commit Hash |
   +-------------+----------+-------------+
   | concourse   | 3.3.0*   | 53ad989     |
   | garden-runc | 1.0.0*   | 33181c87    |
   +-------------+----------+-------------+
   (*) Currently deployed
   
   Releases total: 2

3. Create Concourse Bosh Manifest by updating values in Sample Concourse manifest

4. Deploy Concourse

   $ bosh deployment concourse.yml
   $ bosh deploy
   
   Deploying
   Are you sure you want to deploy? (type 'yes' to continue): yes
   
   Director task 31
     Started preparing deployment > Preparing deployment. Done (00:00:00)
   
     Started preparing package compilation > Finding packages to compile. Done (00:00:00)
   
     Started creating missing vms
     Started creating missing vms > web/54c3d07f-3c8e-4415-85c3-0fc2e603debc (0)
     Started creating missing vms > db/557cbc56-0007-4739-9df8-a23e6190af7c (0)
     Started creating missing vms > worker/608e5e3f-3a5a-4427-a313-aff44bea6447 (0). Done (00:01:14)
        Done creating missing vms > db/557cbc56-0007-4739-9df8-a23e6190af7c (0) (00:01:14)
        Done creating missing vms > web/54c3d07f-3c8e-4415-85c3-0fc2e603debc (0) (00:01:22)
        Done creating missing vms (00:01:22)
   
     Started updating instance worker > worker/608e5e3f-3a5a-4427-a313-aff44bea6447 (0) (canary)
     Started updating instance db > db/557cbc56-0007-4739-9df8-a23e6190af7c (0) (canary)
     Started updating instance web > web/54c3d07f-3c8e-4415-85c3-0fc2e603debc (0) (canary). Done (00:00:19)
        Done updating instance worker > worker/608e5e3f-3a5a-4427-a313-aff44bea6447 (0) (canary) (00:00:35)
        Done updating instance db > db/557cbc56-0007-4739-9df8-a23e6190af7c (0) (canary) (00:00:46)
   
   Task 31 done
   
   Started        2017-07-10 17:53:22 UTC
   Finished    2017-07-10 17:55:30 UTC
   Duration    00:02:08
   
   Deployed 'concourse' to 'bosh2'

1. Access Concourse Web Interface (https://concourse.yourdomain.com) and Download the FLY CLI for your system

2. Target Concourse from the Command Line

   $ fly -t aws login -c https://concourse.yourdomain.com -k
   user: concourse
   pass: changeme

Check out some Concourse Tutorials