Skip to content

Commit

Permalink
Make Credhub and UAA accessible from workers on GCP
Browse files Browse the repository at this point in the history
We had missed adding ports 8844 and 8443 to the firewall of the NAT instance
This commit also adds a check that these ports are open to the credhub check in the system tests

Signed-off-by: Colin Simmons <colin.simmons@engineerbetter.com>
  • Loading branch information
crsimmons committed Mar 6, 2019
1 parent ec28eec commit a5c7663
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 3 deletions.
8 changes: 7 additions & 1 deletion ci/tasks/credhub.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ jobs:
run:
path: bash
args:
- -c
- -exc
- |
[[ "$PASSWORD" = "c1oudc0w" ]]
apt-get update 2>&1 > /dev/null
apt-get install -y --no-install-recommends curl 2>&1 > /dev/null
credhub_status=$(curl --max-time 5 -kLso/dev/null -w "%{http_code}" https://((domain)):8844)
uaa_status=$(curl --max-time 5 -kLso/dev/null -w "%{http_code}" https://((domain)):8443)
[[ "$credhub_status" = 401 ]]
[[ "$uaa_status" = 200 ]]
6 changes: 5 additions & 1 deletion ci/tasks/lib/credhub.sh
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,12 @@ function assertPipelinesCanReadFromCredhub() {
credhub api
credhub set -n /concourse/main/password -t password -w c1oudc0w

bosh interpolate "$(dirname "$0")/credhub.yml" \
--var domain="$domain" \
> "$(dirname "$0")/credhub_interpolated.yml"

# shellcheck disable=SC2034
manifest="$(dirname "$0")/credhub.yml"
manifest="$(dirname "$0")/credhub_interpolated.yml"
# shellcheck disable=SC2034
job="credhub"
# shellcheck disable=SC2034
Expand Down
2 changes: 1 addition & 1 deletion resource/assets/gcp/infrastructure.tf
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ resource "google_compute_firewall" "from-private" {
source_ranges = ["${var.private_cidr}"]
allow {
protocol = "tcp"
ports = ["6868","4222", "25250", "25555", "25777", "5555", "2222", "7777", "7788", "7799", "22", "3307"]
ports = ["6868","4222", "25250", "25555", "25777", "5555", "2222", "7777", "7788", "7799", "22", "3307", "8844", "8443"]
}
allow {
protocol = "udp"
Expand Down

0 comments on commit a5c7663

Please sign in to comment.