1

I'm attempting to set up Concourse (previously I used 1.4.1, but that wasn't working, so I'm trying the latest version, 2.6) with Github authentication. I'm following the instructions exactly to do a bosh deployment, and everything seems to work, except the Github authentication.

When I log in, it tries to redirect to what looks like a successful callback from Github oauth:

https://concourse.example.com/auth/github/callback?code=XXXXXXXXXX&state=XXXXXXXX

But the concourse server just sits there, and eventually times out. Attempting to log in with fly -t concourse login, it redirects me to https://concourse.example.com/auth/github?team_name=main&fly_local_port=52713, but that address eventually times out as well.

What am I doing wrong? Why are none of these addresses actually working?

My bosh manifest (I know that the Bosh works fine, I have many servers deployed with it):

name: concourse

director_uuid: XXXX-XXXX-XXXX-XXXX-XXXX

releases:
- name: concourse
  version: latest
- name: garden-runc
  version: latest
- name: slack-notification-resource
  version: latest

stemcells:
- alias: trusty
  os: ubuntu-trusty
  version: latest

instance_groups:
- name: web
  instances: 1
  vm_type: concourse_web
  stemcell: trusty
  azs: [z1]
  networks: [{name: concourse}]
  jobs:
  - name: atc
    release: concourse
    properties:
      # replace with your CI's externally reachable URL e.g https://blah
      external_url: https://concourse.example.com
      # configure GitHub auth
      github_auth:
        client_id: XXXXXXXXX
        client_secret: XXXXXXXXXXXXXXXXXX
        authorize:
          - organization: example
            teams: all
      postgresql_database: &atc_db atc
  - name: tsa
    release: concourse
    properties: {}

- name: db
  instances: 1
  vm_type: concourse_db
  stemcell: trusty
  persistent_disk_type: default
  azs: [z1]
  networks: [{name: concourse}]
  jobs:
  - name: postgresql
    release: concourse
    properties:
      databases:
      - name: *atc_db
        # make up a role and password
        role: xxxxx
        password: xxxxxxxxxxx

- name: worker
  instances: 1
  vm_type: concourse_worker
  stemcell: trusty
  azs: [z1]
  networks: [{name: concourse}]
  jobs:
  - name: groundcrew
    release: concourse
    properties:
      additional_resource_types:
      - type: slack-notification
        image: /var/vcap/packages/slack-notification-resource
  - name: baggageclaim
    release: concourse
    properties: {}
  - name: garden
    release: garden-runc
    properties:
      garden:
        listen_network: tcp
        listen_address: 0.0.0.0:7777
  - name: slack-notification-resource
    release: slack-notification-resource
    properties: {}

update:
  canaries: 1
  max_in_flight: 1
  serial: false
  canary_watch_time: 1000-60000
  update_watch_time: 1000-60000

I don't have Github enterprise, so the basic one should work - though I have tried setting that up anyway, as well as manual oauth. Nothing - the concourse server just doesn't respond to the requests.

Any ideas? I've been on this for two days, I'm baffled. Destroyed and redeployed concourse dozens of times, no change.

Eddie
  • 9,696
  • 4
  • 45
  • 58
Chris Burrus
  • 347
  • 3
  • 11
  • Are you behind some kind of HTTP proxy? – materialdesigner Jan 19 '17 at 01:12
  • Nope, tried it from home as well to be 100% sure. It's definitely a server problem. The load balancer on AWS it is behind is wide open as well, just to be safe there. The site seems to work fine, except I just can't use github auth. If I set up basic auth, it works fine. – Chris Burrus Jan 19 '17 at 02:10
  • Sounds like some sort of networking problem between the Concourse ATC and GitHub, that's causing the OAuth token lookup to fail. Can you `curl` from an SSH session on the ATC to GitHub and debug the network connectivity? – DeejUK Jan 27 '17 at 12:36

0 Answers0