Initial add.

1 files changed, 77 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..6f51548
--- /dev/null
+++ b/README.md
@@ -0,0 +1,77 @@
+Concourse
+=========
+
+Manages all parts of [Concourse](CONCOURSE), including web nodes, worker
+nodes, and databases.
+
+Usage
+-----
+
+### Nodes
+
+#### Web node
+Web nodes acts as the front-end, and dispatcher.
+
+Each web node is stateless, and manages its state through a shared
+database. If multiple nodes are used, then a 
+[web node cluster](#web node cluster) 
+should be used.
+
+(technically clusters are always used, and default to the cluster "default").
+
+```puppet
+class { 'concourse::web':
+  postgres_user => '',
+  postgres_password => '',
+}
+```
+
+##### Authentication
+
+#### Worker Node
+
+#### Database
+
+#### Fly Client
+
+#### Web node cluster
+
+
+### Special Hiera Keys
+- `concourse::${cluster}::postgres_user`
+- `concourse::${cluster}::postgres_password`
+- `concourse::${cluster}::session_signing_key`
+- `concourse::${cluster}::tsa_private_key`
+- `concourse::${cluster}::tsa_public_key`
+
+Keys
+----
+### Session signing key
+Used by the web node for signing and verifying user session tokens.
+
+### TSA host key
+Used by the web node for the SSH worker registration gateway server ("TSA").
+
+The public key is given to each worker node to verify the remote host wthen
+connecting via SSH.
+
+### Worker key
+
+Each worker node verifies its registration with the web node via a SSH key.
+
+The public key must be listed in the web node's *authorized worker keys* file
+in order for the worker to register.
+
+Hiera Examples
+--------------
+
+```yaml
+concourse::cluster::tsa_host: concourse.example.com
+concourse::cluster::postgres_user: concourse
+concourse::cluster::postgres_password: MySuperSecretPassword
+concourse::cluster::session_signing_key: 'A valid key'
+concourse::cluster::tsa_private_key: 'A valid key'
+concourse::cluster::tsa_private_key: 'A valid key'
+```
+
+[CONCOURSE]: https://concourse-ci.org/