Concourse
=========

Manages all parts of [Concourse](CONCOURSE), including web nodes, worker
nodes, and databases.

Usage
-----

### Nodes

#### Web node
Web nodes acts as the front-end, and dispatcher.

Each web node is stateless, and manages its state through a shared
database. If multiple nodes are used, then a 
[web node cluster](#web node cluster) 
should be used.

(technically clusters are always used, and default to the cluster "default").

```puppet
class { 'concourse::web':
  postgres_user => '',
  postgres_password => '',
}
```

##### Authentication

#### Worker Node

#### Database

#### Fly Client

#### Web node cluster


### Special Hiera Keys
- `concourse::${cluster}::postgres_user`
- `concourse::${cluster}::postgres_password`
- `concourse::${cluster}::session_signing_key`
- `concourse::${cluster}::tsa_private_key`
- `concourse::${cluster}::tsa_public_key`

Keys
----
### Session signing key
Used by the web node for signing and verifying user session tokens.

### TSA host key
Used by the web node for the SSH worker registration gateway server ("TSA").

The public key is given to each worker node to verify the remote host wthen
connecting via SSH.

### Worker key

Each worker node verifies its registration with the web node via a SSH key.

The public key must be listed in the web node's *authorized worker keys* file
in order for the worker to register.

Hiera Examples
--------------

```yaml
concourse::cluster::tsa_host: concourse.example.com
concourse::cluster::postgres_user: concourse
concourse::cluster::postgres_password: MySuperSecretPassword
concourse::cluster::session_signing_key: 'A valid key'
concourse::cluster::tsa_private_key: 'A valid key'
concourse::cluster::tsa_private_key: 'A valid key'
```

[CONCOURSE]: https://concourse-ci.org/