Upgrade from 5.2.x to 5.5.11 failed

Hello All,

I am in a process of upgrading the concourse from 5.2.x to 5.5.11 and i am using the concouse bosh deployment https://github.com/concourse/concourse-bosh-deployment/ and i have integration it concourse credhub > https://github.com/vmwarepivotallabs/concourse-credhub master however the installation is getting failed with the below error.

I suspect the issue is with this manifest https://github.com/vmwarepivotallabs/concourse-credhub/blob/master/operations/add-credhub-uaa-to-web.yml and i think something needs to be added here. please let me know if anyone came across this issue or error.

L Error: Unable to render instance groups for deployment. Errors are:

  • Unable to render jobs for instance group ‘web’. Errors are:
    • Unable to render templates for job ‘credhub’. Errors are:
      • Error filling in template ‘validation_authorization.yml.erb’ (line 8: When ACLs are enabled you must provide at least one permission so that some actor can access CredHub. Please update your manifest to proceed.)
      • Error filling in template ‘validation_encryption.yml.erb’ (line 62: undefined method `key?’ for nil:NilClass)
      • Error filling in template ‘application_encryption.yml.erb’ (line 27: undefined method `[]’ for nil:NilClass)
        Task 1481 | 14:52:41 | Error: Unable to render instance groups for deployment. Errors are:
  • Unable to render jobs for instance group ‘web’. Errors are:
    • Unable to render templates for job ‘credhub’. Errors are:
      • Error filling in template ‘validation_authorization.yml.erb’ (line 8: When ACLs are enabled you must provide at least one permission so that some actor can access CredHub. Please update your manifest to proceed.)
      • Error filling in template ‘validation_encryption.yml.erb’ (line 62: undefined method `key?’ for nil:NilClass)
      • Error filling in template ‘application_encryption.yml.erb’ (line 27: undefined method `[]’ for nil:NilClass)

below is the upgraded version
concourse_version: ‘5.5.11’
bpm_version: 1.1.5
postgres_version: ‘41’
bbr_sdk_version: ‘1.15.0’
uaa_version: ‘74.9.0’
credhub_version: ‘2.5.7’

this are ops file that i am using for the deployment.
-o CONCOURSE_BOSH_DEPLOYMENT/cluster/operations/basic-auth.yml
-o CONCOURSE_BOSH_DEPLOYMENT/cluster/operations/privileged-http.yml
-o CONCOURSE_BOSH_DEPLOYMENT/cluster/operations/privileged-https.yml
-o CONCOURSE_BOSH_DEPLOYMENT/cluster/operations/tls.yml
-o CONCOURSE_BOSH_DEPLOYMENT/cluster/operations/tls-vars.yml
-o operations/add-credhub-uaa-to-web.yml
-o operations/enable-db-backups.yml
-o operations/backup-atc-db.yml
-o operations/backup-uaa-db.yml
-o operations/backup-credhub-db.yml

That concourse-credhub repo looks to be quite old and outdated as well as being archived. For me manifest interpolation using your ops files fails because add-credhub-uaa-to-web.yml is still looking for a job called atc on the web.

Have you considered just using the ops files included in concourse-bosh-deployment for adding credhub rather than using the pivotal files? This would make it easier to maintain going forward since the concourse-bosh-deployment repo gets updated whenever a new version of Concourse gets released. You should be able to accomplish the same thing with

bosh deploy -d concourse concourse.yml \
  -o operations/basic-auth.yml \
  -o operations/privileged-http.yml \
  -o operations/privileged-https.yml \
  -o operations/tls.yml \
  -o operations/tls-vars.yml \
  -o operations/tls.yml \
  -o operations/uaa.yml \
  -o operations/credhub-colocated.yml \
  -o operations/backup-atc.yml

I’m not sure if your last two ops files are covered so you may need to double check that uaa and credhub are being backed up.

The official Pivotal docs also suggest that this is the way to go.