edit-icon download-icon

Build Concourse CI in Container Service in an easy way

Last Updated: May 28, 2018

Concourse CI, a CI/CD tool whose charm lies in the minimalist design, is widely applied to the CI/CD of each Cloud Foundry module. Concourse CI officially provides the standard Docker images and you can use Alibaba Cloud Container Service to deploy a set of Concourse CI applications rapidly.

Get to know the principle of Concourse if you are not familiar with the Concourse CI tool. For more information, see Concourse official website.

1

Create a swarm cluster

Log on to the Container Service console to create a cluster. In this example, create a swarm cluster with one node.

For how to create a cluster, see Create a cluster.

Note: You must configure the external URL for Concourse, which allows you to access the Web service of Concourse from the current machine. Therefore, retain the Elastic IP (EIP) when creating a cluster.

1

Configure security group rules

The Concourse component ATC listens to the port 8080 by default. Therefore, you must configure the inbound permissions of port 8080 for the cluster security group.

  1. In the Container Service console, click Swarm > Clusters in the left-side navigation pane.

  2. Click Manage at the right of the created cluster.

  3. On the Basic Information page, click the security group ID.

    1

  4. Click Security Group Rules in the left-side navigation pane.

  5. Click Add Security Group Rules in the upper-right corner.

    1

  6. Configure the inbound permissions of port 8080 for the security group and then click OK.

    1

Create keys in the ECS instance

You must generate three private keys for running Concourse safely.

  1. Log on to the Elastic Compute Service (ECS) instance. In the root directory, create the directories keys/web and keys/worker. You can run the following command to create these two directories rapidly.

    1. mkdir -p keys/web keys/worker
  2. Run the following command to generate three private keys.

    1. ssh-keygen -t rsa -f tsa_host_key -N ''
    2. ssh-keygen -t rsa -f worker_key -N ''
    3. ssh-keygen -t rsa -f session_signing_key -N ''
  3. Copy the certificate to the corresponding directory.

    1. cp ./keys/worker/worker_key.pub ./keys/web/authorized_worker_keys
    2. cp ./keys/web/tsa_host_key.pub ./keys/worker

Deploy Concourse CI

  1. Log on to the Container Service console.

  2. Click Swarm > Configurations in the left-side navigation pane.

  3. Click Create in the upper-right corner.

  4. Enter CONCOURSE_EXTERNAL_URL as the Variable Name and http://your-ecs-public-ip:8080 as the Variable Value.

    1

  5. Click Applications in the left-side navigation pane.

  6. Select the cluster used in this example from the Cluster list.

  7. Click Create Application in the upper-right corner.

  8. Enter the basic information for the application you are about to create.

  9. Select Create with Orchestration Template.

    Use the following template:

    1. version: '2'
    2. services:
    3. concourse-db:
    4. image: postgres:9.5
    5. privileged: true
    6. environment:
    7. POSTGRES_DB: concourse
    8. POSTGRES_USER: concourse
    9. POSTGRES_PASSWORD: changeme
    10. PGDATA: /database
    11. concourse-web:
    12. image: concourse/concourse
    13. links: [concourse-db]
    14. command: web
    15. privileged: true
    16. depends_on: [concourse-db]
    17. ports: ["8080:8080"]
    18. volumes: ["/root/keys/web:/concourse-keys"]
    19. restart: unless-stopped # required so that it retries until conocurse-db comes up
    20. environment:
    21. CONCOURSE_BASIC_AUTH_USERNAME: concourse
    22. CONCOURSE_BASIC_AUTH_PASSWORD: changeme
    23. CONCOURSE_EXTERNAL_URL: "${CONCOURSE_EXTERNAL_URL}"
    24. CONCOURSE_POSTGRES_HOST: concourse-db
    25. CONCOURSE_POSTGRES_USER: concourse
    26. CONCOURSE_POSTGRES_PASSWORD: changeme
    27. CONCOURSE_POSTGRES_DATABASE: concourse
    28. concourse-worker:
    29. image: concourse/concourse
    30. privileged: true
    31. links: [concourse-web]
    32. depends_on: [concourse-web]
    33. command: worker
    34. volumes: ["/keys/worker:/concourse-keys"]
    35. environment:
    36. CONCOURSE_TSA_HOST: concourse-web
    37. dns: 8.8.8.8
  10. Click Create and Deploy. The Template Parameter dialog box appears.

  11. Select the configuration file to be associated with from the Associated Configuration File list.

  12. Click Replace Variable and then click OK.

    1

    After the application is created, the following three services are started.

    1

    Then, the Concourse CI deployment is finished. Enter http://your-ecs-public-ip:8080 in the browser to access the Concourse CI.

    1

Run a CI task (Hello world)

  1. In the browser opened in the last section, download the CLI corresponding to your operating system and install the CLI client. Use ECS (Ubuntu 16.04) as an example.

  2. For Linux and Mac OS X systems, you must add the execution permissions to the downloaded FLY CLI file first. Then, install the CLI to the system and add it to $PATH.

    1. chmod +x fly
    2. install fly /usr/local/bin/fly
  3. After the installation, you can check the version.

    1. $fly -v
    2. 3.4.0
  4. Connect to the target. The username and password are concourse and changeme by default.

    1. $ fly -t lite login -c http://your-ecs-public-ip:8080
    2. in to team 'main'
    3. username: concourse
    4. password:
    5. saved
  5. Save the following configuration template as hello.yml.

    1. jobs:
    2. - name: hello-world
    3. plan:
    4. - task: say-hello
    5. config:
    6. platform: linux
    7. image_resource:
    8. type: docker-image
    9. source: {repository: ubuntu}
    10. run:
    11. path: echo
    12. args: ["Hello, world!"]
  6. Register the task.

    1. fly -t lite set-pipeline -p hello-world -c hello.yml
  7. Start the task.

    1. fly -t lite unpause-pipeline -p hello-world

    The page indicating the successful execution is as follows.

    5

For more information about the characteristics of Concourse CI, see Concourse CI project.

Thank you! We've received your feedback.