github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/topgun/operations/add-credhub.yml (about) 1 --- 2 - type: replace 3 path: /releases/- 4 value: 5 name: credhub 6 version: ((credhub_release_version)) 7 8 - type: replace 9 path: /releases/- 10 value: 11 name: uaa 12 version: ((uaa_release_version)) 13 14 - type: replace 15 path: /instance_groups/name=web/jobs/name=web/properties?/postgresql?/ca_cert? 16 value: ((postgres_tls.ca)) 17 18 - type: replace 19 path: /instance_groups/name=db/jobs/name=postgres/properties?/databases?/tls? 20 value: ((postgres_tls)) 21 22 - type: replace 23 path: /instance_groups/name=db/jobs/name=postgres/properties?/databases?/roles?/- 24 value: 25 name: credhub 26 password: dummy-password 27 28 - type: replace 29 path: /instance_groups/name=db/jobs/name=postgres/properties?/databases?/databases?/- 30 value: 31 name: credhub 32 33 - type: replace 34 path: /instance_groups/- 35 value: 36 name: credhub 37 instances: 1 38 networks: [{name: test}] 39 azs: [z1] 40 persistent_disk: 10240 41 vm_type: test 42 stemcell: xenial 43 jobs: 44 - release: bpm 45 name: bpm 46 - release: credhub 47 name: credhub 48 properties: 49 credhub: 50 tls: ((credhub_tls)) 51 data_storage: 52 type: postgres 53 database: credhub 54 username: credhub 55 password: dummy-password 56 host: ((postgres_ip)) 57 port: 5432 58 tls_ca: ((postgres_ca.certificate)) 59 tls: enabled 60 encryption: 61 providers: 62 - name: main 63 type: internal 64 keys: 65 - provider_name: main 66 key_properties: 67 encryption_password: ((credhub_encryption_password)) 68 active: true 69 authorization: 70 acls: 71 enabled: false 72 authentication: 73 mutual_tls: 74 trusted_cas: [((credhub_ca.certificate))] 75 uaa: 76 enabled: true 77 url: "https://((credhub_ip)):8443" 78 ca_certs: [((credhub_tls.ca))] 79 - name: uaa 80 release: uaa 81 properties: 82 uaa: 83 ca_certs: [((postgres_ca.certificate))] 84 url: &uaa-url "https://((credhub_ip)):8443" 85 port: 8181 86 scim: 87 users: 88 - name: admin 89 password: ((uaa_users_admin)) 90 groups: 91 - scim.write 92 - scim.read 93 - bosh.admin 94 - credhub.read 95 - credhub.write 96 admin: {client_secret: ((uaa_admin))} 97 login: {client_secret: ((uaa_login))} 98 zones: {internal: {hostnames: []}} 99 sslCertificate: ((credhub_tls.certificate)) 100 sslPrivateKey: ((credhub_tls.private_key)) 101 jwt: 102 revocable: true 103 policy: 104 active_key_id: key-1 105 keys: 106 key-1: 107 signingKey: ((uaa_jwt.private_key)) 108 uaadb: 109 address: ((postgres_ip)) 110 port: 5432 111 db_scheme: postgresql 112 databases: 113 - tag: uaa 114 name: &uaa_db uaa 115 roles: 116 - tag: admin 117 name: *uaa_db 118 password: &uaa_db_passwd ((uaa_db_password)) 119 encryption: 120 active_key_label: key-1 121 encryption_keys: 122 - label: key-1 123 passphrase: ((uaa_encryption_key)) 124 login: 125 saml: 126 serviceProviderCertificate: ((credhub_tls.certificate)) 127 serviceProviderKey: ((credhub_tls.private_key)) 128 serviceProviderKeyPassword: "" 129 130 - type: replace 131 path: /instance_groups/name=web/jobs/name=web/properties?/credhub? 132 value: 133 url: https://((credhub_ip)):8844 134 tls: 135 ca_cert: ((credhub_ca)) 136 client_cert: ((credhub_client_atc)) 137 138 - type: replace 139 path: /variables?/- 140 value: 141 name: postgres_ca 142 type: certificate 143 options: 144 is_ca: true 145 common_name: postgresCA 146 147 - type: replace 148 path: /variables?/- 149 value: 150 name: postgres_tls 151 type: certificate 152 options: 153 ca: postgres_ca 154 common_name: ((postgres_ip)) 155 alternative_names: 156 - ((postgres_ip)) 157 extended_key_usage: 158 - server_auth 159 160 - type: replace 161 path: /variables?/- 162 value: 163 name: credhub_tls 164 type: certificate 165 options: 166 ca: credhub_ca 167 common_name: ((credhub_ip)) 168 alternative_names: 169 - ((credhub_ip)) 170 extended_key_usage: 171 - server_auth 172 173 - type: replace 174 path: /variables?/- 175 value: 176 name: credhub_encryption_password 177 type: password 178 179 - type: replace 180 path: /instance_groups/name=db/jobs/name=postgres/properties/databases/databases/- 181 value: 182 name: *uaa_db 183 - type: replace 184 path: /instance_groups/name=db/jobs/name=postgres/properties/databases/roles/- 185 value: 186 name: *uaa_db 187 password: *uaa_db_passwd 188 189 - type: replace 190 path: /variables?/name=uaa_db_password? 191 value: 192 name: uaa_db_password 193 type: password 194 - type: replace 195 path: /variables?/name=uaa_users_admin? 196 value: 197 name: uaa_users_admin 198 type: password 199 - type: replace 200 path: /variables?/name=concourse_to_credhub_secret? 201 value: 202 name: concourse_to_credhub_secret 203 type: password 204 - type: replace 205 path: /variables?/name=uaa_admin? 206 value: 207 name: uaa_admin 208 type: password 209 - type: replace 210 path: /variables?/name=uaa_login? 211 value: 212 name: uaa_login 213 type: password 214 - type: replace 215 path: /variables?/name=uaa_jwt? 216 value: 217 name: uaa_jwt 218 type: rsa 219 options: 220 key_length: 4096 221 - type: replace 222 path: /variables?/name=uaa_encryption_key? 223 value: 224 name: uaa_encryption_key 225 type: password 226 - path: /variables?/name=concourse_to_credhub_client_secret? 227 type: replace 228 value: 229 name: concourse_to_credhub_client_secret 230 type: password 231 232 # update UAA job by adding new client(s) 233 # concourse_to_credhub_client is used for concourse<->credhub integration 234 - path: /instance_groups/name=credhub/jobs/name=uaa/properties/uaa/clients?/concourse_to_credhub_client 235 type: replace 236 value: 237 id: concourse_to_credhub_client 238 secret: ((concourse_to_credhub_client_secret)) 239 override: true 240 authorized-grant-types: client_credentials 241 scope: "" 242 authorities: credhub.read,credhub.write 243 access-token-validity: 1200 244 refresh-token-validity: 3600 245 246 # add credhub integration with concourse 247 - path: /instance_groups/name=web/jobs/name=web/properties/credhub? 248 type: replace 249 value: 250 url: https://((credhub_ip)):8844 251 tls: 252 ca_cert: 253 certificate: ((credhub_tls.ca)) 254 client_cert: ((credhub_tls.certificate)) 255 insecure_skip_verify: false 256 client_id: concourse_to_credhub_client 257 client_secret: ((concourse_to_credhub_client_secret)) 258 path_prefix: /concourse 259 260 - type: replace 261 path: /instance_groups/name=web/update? 262 value: 263 update_watch_time: 1000-150000 264 canary_watch_time: 1000-150000