Problem with login to Concourse web component

Hi Concourse community,

I’m currently evaluating Concourse and I have downloaded and installed Concourse 6.3.0 from the linux amd64 tarball. I have set up a database for Concourse and configured access to it in PostgreSQL.

I’m able to fire up the the web component and a worker, DB access and TSA seem to be ok.
I’m able to login to Concourse on the CLI with

fly -t local login -c http://192.168.0.10:8600 -u rudolf -p concourse

Running fly to list the workers with

fly -t local workers

results in

name   containers  platform  tags  team  state    version  age   
idoru  0           linux     none  none  running  2.2      39m35s

I guess the thing that was alive for about 39m here is the worker I fired up.

The ‘-t local’ in the fly commands above is what I call ‘dangerous superficial knowledge’.
I picked that up from some articles on the web and really don’t know what that exactly means.
I just know it doesn’t work without ‘-t local’ and works if I add that.

The web component is up and running.
http://idoru:8600 just gave me a blank browser screen with a nice darkgrey background,
so I just tried the usual suspect http://idoru:8600/login which presented me with a login screen.

Using the same user/password combination as in the fly command above results in a
reload of the page with the message ‘invalid state token’ (on white background).

I use two simple shell scripts to configure and fire up the web component and a worker:

web component startup script:

#!/bin/bash

# concourse web worker config

concourseRoot=/opt/devel/srv/concourse-6.3.0

export CONCOURSE_EXTERNAL_URL=http://idoru.base.lan:8600

export CONCOURSE_ADD_LOCAL_USER=rudolf:concourse
export CONCOURSE_MAIN_TEAM_LOCAL_USER=rudolf

export CONCOURSE_CLIENT_ID=rudolf
export CONCOURSE_CLIENT_SECRET=concourse

# log-level=debug|info|error|fatal

export CONCOURSE_LOG_LEVEL=info
export CONCOURSE_BIND_IP=192.168.0.10

# web traffic

export CONCOURSE_BIND_PORT=8600

# RSA/SSL

export CONCOURSE_SESSION_SIGNING_KEY=${concourseRoot}/keys/session_signing_key
export CONCOURSE_TSA_HOST_KEY=${concourseRoot}/keys/tsa_host_key
export CONCOURSE_TSA_AUTHORIZED_KEYS=${concourseRoot}/keys/authorized_worker_keys

# postgres

export CONCOURSE_POSTGRES_HOST=192.168.0.10
export CONCOURSE_POSTGRES_PORT=5432

export CONCOURSE_POSTGRES_USER=concourse
export CONCOURSE_POSTGRES_PASSWORD=concourse
export CONCOURSE_POSTGRES_DATABASE=concourse

# TSA (internal SSH server)

export CONCOURSE_TSA_BIND_PORT=8750
export CONCOURSE_TSA_DEBUG_BIND_IP=192.168.0.10
export CONCOURSE_TSA_HOST_KEY=${concourseRoot}/keys/tsa_host_key
export CONCOURSE_TSA_PUBLIC_KEY=${concourseRoot}/keys/tsa_host_key.pub
export CONCOURSE_TSA_AUTHORIZED_KEYS=${concourseRoot}/keys/authorized_worker_keys

${concourseRoot}/bin/concourse web

worker startup script:

#!/bin/bash

concourseRoot=/opt/devel/srv/concourse-6.3.0

export CONCOURSE_WORK_DIR=/var/lib/concourse

# internal SSH server
export CONCOURSE_TSA_HOST=192.168.0.10:8750
export CONCOURSE_TSA_PUBLIC_KEY=${concourseRoot}/keys/tsa_host_key.pub
export CONCOURSE_TSA_WORKER_PRIVATE_KEY=${concourseRoot}/keys/worker_key

# port on which to listen to the gardener
export CONCOURSE_BIND_PORT=7777

${concourseRoot}/bin/concourse worker

Any help concerning how to make the web component login working is highly appreciated.

The thing that stands out to me is that you seem to be visiting URLs like http://idoru:8600 in yoru browser, whereas web startup script includes

I this value is used for redirects during the login flow. Does your test work if you visit the FQDN http://idoru.base.lan:8600 specifically?

1 Like

Answering this part specifically, the local part is just a local alias for that Concourse target on your own machine. When you run fly -t something login -c https://someconcourse fly will write something like the following into ~/.flyrc on your computer:

something:
  api: https://someconcourse
  insecure: true
  team: main
  token:
    type: Bearer
    value: some-token-goes-here

You can have valid tokens for numerous Concourses (Concii?) saved in ~/.flyrc at one time so most fly commands require you to provide the local target alias to specify which one you want to use.

1 Like

Hi jamie,
the FQDN did the trick, I have the dashboard now. Thanks a lot :slight_smile:

Hi crsimmons,
thanks a lot for the clarification, that makes sense :slight_smile: