I have been running a Concourse CI server locally (through docker-compose), but am running into accessibility issues with that setup (as well as an issue with workers stalling on restart), which is getting more and more in my way. I thus wanted to deploy a very simplistic Concourse setup with a single web-node and a single worker-node on a CloudFoundry service provider we are using.
The problem I am facing is that the concourse worker node expects to be run with root access, while cloud foundry explicitly does not want me to do that (https://github.com/cloudfoundry/diego-release/issues/114) when using a binary build-pack deployment.
I assume one way might be to have the worker node deployed through a docker build-pack, which would encapsulate a root account, but is this the recommended route I am supposed to take? It feels a bit weird that I can not find a simple way to run a concourse worker node on a basic cloud foundry service. I guess I was hoping this would be more straight forward and I didn’t have to rely on the docker containers any longer.
Thanks in advance for any advice!
I was going to start the worker node like this:
# needs to run as root ! sudo ./concourse worker \ --work-dir $PWD/worker \ --tsa-host 127.0.0.1:3333 \ --tsa-public-key ./keys/worker/tsa_host_key.pub \ --tsa-worker-private-key ./keys/worker/worker_key
My cloud foundry deployment manifest was going to look something like this:
applications: - name: my-concourse-ci-worker-1 memory: 1024M instances: 1 buildpack: https://github.com/cloudfoundry/binary-buildpack.git command: ./run.sh health-check-type: process no-route: true
The great thing about doing it this simplistic would be that I I could just have the keys generated locally and they would be pushed via
cf push, but if I have to put this in a docker container then managing the keys between the web node and the worker node seems more painful.