Skip to content

Allowing Host Access

Enable Host Access

As of v6.7.2, tasks cannot access the worker's network by default (including the BOSH DNS nameserver). If you require this behavior, you must now explicitly opt-in to it.

Using BOSH

  1. Create an operations file named allow-host-access.yml containing the following contents:

    1
    2
    3
    - type: replace
      path: /instance_groups/name=worker/jobs/name=worker/properties/garden?/allow_host_access?
      value: true
    
  2. Run bosh deploy with the newly created ops-file specified, recreating the worker VMs with --recreate:

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    bosh deploy \
    -e BOSH-ENVIRONMENT-ALIAS \
    -d CONCOURSE-DEPLOYMENT-NAME \
    ./cluster/concourse.yml \
    --recreate \
    -l versions.yml \
    -l variables.yml \
    -o ./cluster/operations/backup-atc.yml \
    -o ./cluster/operations/basic-auth.yml \
    -o ./cluster/operations/static-web.yml \
    -o ./cluster/operations/priviledged_https.yml \
    -o ./cluster/operations/tls-vars.yml \
    -o ./cluster/operations/tls.yml \
    -o ./cluster/operations/encryption.yml \
    -o allow-host-access.yml \
    --vars-store cluster-creds.yml
    

Using Helm

  1. Modify your deployment-values.yml file to include the following snippet:

    1
    2
    3
    4
    5
    6
    ...
    worker:
      env:
      - name: CONCOURSE_GARDEN_ALLOW_HOST_ACCESS
        value: "true"
    ...
    
  2. Run helm install (if creating a new deployment) or helm upgrade (if updating an existing deployment):

    1
    2
    3
    4
    5
    helm install \
        DEPLOYMENT-NAME \
        --create-namespace \
        --values ./deployment-values.yml \
        ./charts