How to setup external concourse workers?

Question

I have a concourse-web and concourse-server instance but am having issues getting the worker to successfully connect with the web-server.

Apr 21 15:42:26 concourse-worker concourse[24460]: {"timestamp":"1492789346.467736244","source":"worker","message":"worker.beacon.restarting","log_level":2,"data":{"error":"failed to dial: failed to construct client connection:%!(EXTRA *errors.errorString=ssh: handshake failed: remote host public key mismatch)","session":"3"}}

I have added the workers public key (id_worker_rsa.pub) to authorized_worker_keys file on the web server but the issue remains. Is there any documentation on how to do this?

concourse:
  worker:
    config:
      garden-dns-server: 10.x.y.z
      tsa-host: web.concourse.service.consul
      tsa-public-key: /etc/concourse/.ssh/id_web_rsa.pub
      tsa-worker-private-key: /etc/concourse/.ssh/id_worker_rsa
      work-dir: /var/concourse/worker
    service: True

What `concourse worker` command are you running on the worker? — Josh Zarrabi, Apr 21 '17 at 16:34

score 1 · Accepted Answer · edited Mar 12 '18 at 18:37

1

When you start concourse-web you need to provide --tsa-host-key with path to your TSA server key and --tsa-authorized-keys with path to file containing worker public key.

When you start worker you need to provide --tsa-public-key with path to your TSA server public key and --tsa-worker-private-key with path to worker private key.

See here: https://concourse-ci.org/binaries.html

edited Mar 12 '18 at 18:37

Dwayne Forde

1,324
13
13

answered Apr 21 '17 at 23:40

Maria S

184
1
4

2

The link is 404. It would be better for the answer to include all the needed data. – Tom Apr 09 '18 at 18:10

How to setup external concourse workers?

1 Answers1