IK.AM

@making's tech note


Cloud Foundry(v241)のDiegoオンリー構成をBOSH Liteでデプロイ

🗃 {Dev/PaaS/CloudFoundry}
🏷 Cloud Foundry 🏷 BOSH 🏷 BOSH-Lite 🏷 Diego 
🗓 Updated at 2016-09-14T13:48:21Z  🗓 Created at 2016-09-14T03:40:26Z   🌎 English Page

今となってはDiegoオンリー構成が当たり前でDEAが入っているのはレガシー。Pivotal Cloud FoundryでもすでにDiegoオンリー構成になっているけれど、 BOSH LiteでCloud Foundryをインストールするドキュメントが未だにDEA構成でインストールしてからDeigoを入れる形になっている。これでもアプリは問題はないけれど、使わないインスタンスがいるので気持ち悪い。 ググってもDiegoオンリーのマニフェストがないなーと思っていたら、普通にcf releaseプロジェクトにあった。ちょうど先月、DEAとHM9000が削除されていた

この例だとAWSにインストールするマニフェストになっているが、bosh-lite版に直すのはそんなに難しくないのでやってみる。

使用するソフトウェアバージョン

  • Virtualbox ... 5.0.12r104815
  • Vagrant ... 1.8.1
  • BOSH Lite ... 9000.131.0
  • BOSH CLI ... 1.3215.0
  • cf ... 241
  • cflinuxfs2-rootfs ... 1.27.0
  • diego ... 0.1483.0
  • etcd ... 66
  • garden-linux ... 0.342.0
  • stemcell ... 3262.2

BOSH Liteの準備

mkdir ~/workspace
cd ~/workspace
git clone https://github.com/cloudfoundry/bosh-lite.git
cd bosh-lite
git checkout v9000.131.0
vagrant up
bosh target 192.168.50.4 lite
# admin / admin
bosh login
# admin / admin
./bin/add-route

Stemcell及びBOSH releaseのダウンロード

mkdir ~/releases
cd ~/releases
wget https://bosh.io/d/stemcells/bosh-warden-boshlite-ubuntu-trusty-go_agent?v=3262.2 -O bosh-warden-boshlite-ubuntu-trusty-go_agent-3262.2.tgz
wget https://bosh.io/d/github.com/cloudfoundry/cf-release?v=241 -O cf-release-241.tgz
wget https://bosh.io/d/github.com/cloudfoundry/diego-release?v=0.1483.0 -O diego-release-0.1483.0.tgz
wget https://bosh.io/d/github.com/cloudfoundry/garden-linux-release?v=0.342.0 -O garden-linux-release-0.342.0.tgz
wget https://bosh.io/d/github.com/cloudfoundry-incubator/etcd-release?v=66 -O etcd-release-66.tgz
wget https://bosh.io/d/github.com/cloudfoundry/cflinuxfs2-rootfs-release?v=1.27.0 -O cflinuxfs2-rootfs-release-1.27.0.tgz

Stemcell及びBOSH releaseのアップロード

bosh upload stemcell bosh-warden-boshlite-ubuntu-trusty-go_agent-3262.2.tgz
bosh upload release cf-release-241.tgz
bosh upload release diego-release-0.1483.0.tgz
bosh upload release garden-linux-release-0.342.0.tgz
bosh upload release etcd-release-66.tgz
bosh upload release cflinuxfs2-rootfs-release-1.27.0.tgz

Cloud Foundryのmanifest作成

minimal-aws.ymlを参考に、bosh-lite版のmanifestを作成。

cf.ymlに次をコピペ。

---
name: cf
director_uuid: <%= `bosh status --uuid` %>

releases:
- {name: cf, version: latest}
- {name: diego, version: latest}
- {name: etcd, version: latest}
- {name: garden-linux, version: latest}
- {name: cflinuxfs2-rootfs , version: latest}

networks:
- name: cf_private
  type: manual
  subnets:
  - range: 10.244.0.0/24
    reserved: ["10.244.0.1 - 10.244.0.3"]
    static:
    - 10.244.0.100
    - 10.244.0.101
    - 10.244.0.102
    - 10.244.0.103
    - 10.244.0.104
    - 10.244.0.105
    - 10.244.0.34
    cloud_properties: {}

resource_pools:
- name: small_z1
  network: cf_private
  stemcell:
    name: bosh-warden-boshlite-ubuntu-trusty-go_agent
    version: latest
  cloud_properties:
    name: random
- name: diego
  network: cf_private
  stemcell:
    name: bosh-warden-boshlite-ubuntu-trusty-go_agent
    version: latest
  cloud_properties:
    name: random
- name: small
  network: cf_private
  stemcell:
    name: bosh-warden-boshlite-ubuntu-trusty-go_agent
    version: latest
  cloud_properties:
    name: random

compilation:
  workers: 8
  network: cf_private
  reuse_compilation_vms: true
  cloud_properties:
    name: random

update:
  canaries: 1
  max_in_flight: 1
  serial: false
  canary_watch_time: 30000-600000
  update_watch_time: 5000-600000

jobs:
- name: nats_z1
  instances: 1
  resource_pool: small_z1
  templates:
  - {name: nats, release: cf}
  - {name: nats_stream_forwarder, release: cf}
  - {name: metron_agent, release: cf}
  networks:
  - name: cf_private
    static_ips: [10.244.0.103]

- name: etcd_z1
  instances: 1
  resource_pool: small_z1
  persistent_disk: 102400
  templates:
  - {name: etcd, release: cf}
  - {name: etcd_metrics_server, release: cf}
  - {name: metron_agent, release: cf}
  networks:
  - name: cf_private
    static_ips: [10.244.0.104]
  properties:
    etcd_metrics_server:
      nats:
        machines: [10.244.0.103]
        password: PASSWORD
        username: nats

- name: consul_z1
  instances: 1
  persistent_disk: 1024
  resource_pool: small_z1
  templates:
  - {name: metron_agent, release: cf}
  - {name: consul_agent, release: cf}
  networks:
  - name: cf_private
    static_ips: [10.244.0.105]
  properties:
    consul:
      agent:
        mode: server

- name: diego_cell_z1
  instances: 1
  resource_pool: diego
  templates:
  - name: consul_agent
    release: cf
  - name: rep
    release: diego
  - name: garden
    release: garden-linux
  - name: cflinuxfs2-rootfs-setup
    release: cflinuxfs2-rootfs
  - name: metron_agent
    release: cf
  networks:
  - name: cf_private
  update:
    serial: true
    max_in_flight: 1
  properties:
    metron_agent:
      zone: z1
    diego:
      rep:
        zone: z1

- name: diego_brain_z1
  instances: 1
  resource_pool: diego
  templates:
  - name: consul_agent
    release: cf
  - name: etcd
    release: etcd
  - name: bbs
    release: diego
  - name: auctioneer
    release: diego
  - name: stager
    release: cf
  - name: nsync
    release: cf
  - name: tps
    release: cf
  - name: cc_uploader
    release: cf
  - name: file_server
    release: diego
  - name: route_emitter
    release: diego
  - name: metron_agent
    release: cf
  persistent_disk: 20480
  networks:
  - name: cf_private
  update:
    serial: true
    max_in_flight: 1
  properties:
    consul:
      agent:
        services:
          etcd: {}
    metron_agent:
      zone: z1

- name: blobstore_z1
  instances: 1
  persistent_disk: 102400
  resource_pool: small_z1
  templates:
  - {name: blobstore, release: cf}
  - {name: metron_agent, release: cf}
  - {name: route_registrar, release: cf}
  - {name: consul_agent, release: cf}
  networks:
  - name: cf_private
  properties:
    consul:
      agent:
        services:
          blobstore: {}
    route_registrar:
      routes:
      - name: blobstore
        port: 8080
        registration_interval: 20s
        tags:
          component: blobstore
        uris:
        - "blobstore.bosh-lite.com"

- name: postgres_z1
  instances: 1
  persistent_disk: 1024
  resource_pool: small_z1
  templates:
  - {name: postgres, release: cf}
  - {name: metron_agent, release: cf}
  networks:
  - name: cf_private
    static_ips: [10.244.0.101]
  update:
    serial: true

- name: api_z1
  instances: 1
  resource_pool: small_z1
  templates:
  - {name: cloud_controller_ng, release: cf}
  - {name: cloud_controller_worker, release: cf}
  - {name: cloud_controller_clock, release: cf}
  - {name: metron_agent, release: cf}
  - {name: route_registrar, release: cf}
  - {name: consul_agent, release: cf}
  - {name: go-buildpack, release: cf}
  - {name: binary-buildpack, release: cf}
  - {name: nodejs-buildpack, release: cf}
  - {name: ruby-buildpack, release: cf}
  - {name: java-buildpack, release: cf}
  - {name: php-buildpack, release: cf}
  - {name: python-buildpack, release: cf}
  - {name: staticfile-buildpack, release: cf}
  networks:
  - name: cf_private
  properties:
    consul:
      agent:
        services:
          cloud_controller_ng: {}
    route_registrar:
      routes:
      - name: api
        registration_interval: 20s
        port: 9022
        uris:
        - "api.bosh-lite.com"

- name: ha_proxy_z1
  instances: 1
  resource_pool: small_z1
  templates:
  - {name: haproxy, release: cf}
  - {name: consul_agent, release: cf}
  - {name: metron_agent, release: cf}
  networks:
  - name: cf_private
    static_ips: [10.244.0.34]
  properties:
    ha_proxy:
      ssl_pem: |+
        -----BEGIN CERTIFICATE-----
        MIICsjCCAZoCCQC+xvE/1ZQgFzANBgkqhkiG9w0BAQUFADAaMRgwFgYDVQQDFA8q
        LmJvc2gtbGl0ZS5jb20wIBcNMTUxMDA4MjIwNDQ3WhgPMjI4OTA3MjIyMjA0NDda
        MBoxGDAWBgNVBAMUDyouYm9zaC1saXRlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
        ggEPADCCAQoCggEBAK09Q520xrKx75uew3mAS+y4uyRPZPEjt/pYdBl40PXIwaqO
        X7LGoc9lNZS/eAPX6xeVFmZbLZReQ5+Fm0moeLzsh58W9jjkWWk7oGISmxfoQz9B
        X9Eh0NHCrtKXMrCPlr+2RI/qLinJDqn87UEZqwX+84JU8hBZ8RD8D7YnfuDteySV
        SYOEUjkiN/pIWmbJQY1sjEyk1zH1Hiy8kmnait2sX8Td2S/aV6EJBgODOstzEtnf
        HFDIfoTJxbSK/0TbF6qBaSl0CLaOop9FX2ULEZUgAuIW4dG2k/xnpMLdz7A0ZsSU
        Haw9okZ5wNuYk1RSqhnqw+9KUWgXwV6RlMvtXMkCAwEAATANBgkqhkiG9w0BAQUF
        AAOCAQEAShOqAFLIc93yIjhcnN7L4ZXFo+CvOgklJqFeBbwRshsEptbaddDJYmRr
        ZXzOE7MiTOBM8YzKqtHvl/ZguXmIAXSZlnq6kuJHdPtcZOqu1x2GAvWWOzn9Xl4m
        T3RmwF3NgiX0jgNMkkm8i8jfT7uN9BnHxMv65b9yKeM0sRFN5XigA43DDQnfF3j4
        FQ9jwpmS7zOx2wn6FayOgoE4rgJfV/9637ZprQOMfUbZPKgQQplDn6bvK13rj9g9
        zCC9W0fy29l7VDuAOOSI5xzsoYyH6DfX7oySxn291hidSCb/buadNG4dgI4keMGw
        u5K8QQYmlSY91IJtuRRITYXGmIiPpg==
        -----END CERTIFICATE-----
        -----BEGIN RSA PRIVATE KEY-----
        MIIEogIBAAKCAQEArT1DnbTGsrHvm57DeYBL7Li7JE9k8SO3+lh0GXjQ9cjBqo5f
        ssahz2U1lL94A9frF5UWZlstlF5Dn4WbSah4vOyHnxb2OORZaTugYhKbF+hDP0Ff
        0SHQ0cKu0pcysI+Wv7ZEj+ouKckOqfztQRmrBf7zglTyEFnxEPwPtid+4O17JJVJ
        g4RSOSI3+khaZslBjWyMTKTXMfUeLLySadqK3axfxN3ZL9pXoQkGA4M6y3MS2d8c
        UMh+hMnFtIr/RNsXqoFpKXQIto6in0VfZQsRlSAC4hbh0baT/Gekwt3PsDRmxJQd
        rD2iRnnA25iTVFKqGerD70pRaBfBXpGUy+1cyQIDAQABAoIBACXzdt2UnbbF3jzU
        QfRbE8bvDSg+MFnXPlWcjQqLehNuAGcxu2s5snbxsBQ/Abat1XWcFoUj0k9feyb2
        KPew7YpNssQ6ToRWGfRAuLjjZJCPNDQmSSxSYSGiqZO+xb8CJb8n2ctBPQ2wWwMI
        Qp1xVxMAMC5MF59XZMUYwwRfkJ8LawB90+S9BjHcU3GqoPECLFkgEeIj3mrnmpAD
        vhIeYvQj2W5JCpxLUA+7lnyoqnx8OTOXvBPAsKwO1Hx88yCitnxXro7i0ZAw4ErH
        zrnMgWkFDvRiS3ta/QS2RcBBiZHKX/gRRT/AvqJ+Erveu0BcZ9AVy1UpPB0w9rBK
        PTxS2BECgYEA3MLd6Og+xQpw4UNhy9EjeDE/b/rZK4w/vfD3WE5J3Nm4HGdSA6Q4
        YmQYVg+VuCLR+HHsk58LxEf+cU0MNgDJR1/rFZRmociF+G0i7/7DuhFm891wWWGW
        Iz7XeGWHi+LIeYWkteuflrkmvy/7xqArgcNqnirGhba6706MZz0G0YUCgYEAyOR5
        aF7qRpLXHgMOPOzJKC4ceWA5rY8rcdJZFI7aNq5MJF9o+fNNt8YRJ1hQTzs5K/R+
        HwBJel8J6CoPQo9WUXnj0md4M67sCZSBqWANMO/J0f4VkbLS/lwch+ZPS8jt3Z4z
        umYW4QnloIKXxORfySo7r9DzZSgmxuDE8PVWn3UCgYAFTwpXF36q7l1YjW5EoHrh
        4Q1NfBLM4UqHHsxT604LaZDr3fAy9jgE5bNQHn/TNcMm3lZ6FlEKH1EXGGs6wToV
        5VCZ7D+rlE7kcntsmgvK5bA8HQ8elyItJs23r3la+9EmWvhjB4+G6FzuLBE57ZAe
        RrzBoPW1MXe9WX423VjUoQKBgGea5T49jSc+fbDdtI8ZMxkExuyWAskOyEIYUJa4
        obOHqn8rsZEOuKspfBlFg42JJpATtKO6WyrALvTMFDiogcTdTvBpKmXFNbgvHbvD
        bKorUHN7TZZpmkVSLeisj4KvKnWcLGNaWTxQBVwFXc5OVVQC8utWoOAvl+gDba4z
        aSwtAoGANdquHRNbigPj2y0cRoexYJwKgpfGEK4HXitsKZUUg09gVfagM1HynVFz
        RA0LVac0oJZFdMYZyU/PXCySS237xUD2/0oySYJIK9E0C4ZxKD+DoAk5Z097z0LM
        7rxStMCBWB2x4ommvEnpdgntEKkl4buIDatvmbdmdwkY3+X65Ks=
        -----END RSA PRIVATE KEY-----
    router:
      servers:
        - 10.244.0.102

- name: doppler_z1
  instances: 1
  resource_pool: small_z1
  templates:
  - {name: doppler, release: cf}
  - {name: metron_agent, release: cf}
  - {name: syslog_drain_binder, release: cf}
  networks:
  - name: cf_private
  properties:
    doppler: {zone: z1}
    doppler_endpoint:
      shared_secret: PASSWORD

- name: loggregator_trafficcontroller_z1
  instances: 1
  resource_pool: small_z1
  templates:
  - {name: loggregator_trafficcontroller, release: cf}
  - {name: metron_agent, release: cf}
  - {name: route_registrar, release: cf}
  networks:
  - name: cf_private
  properties:
    traffic_controller: {zone: z1}
    route_registrar:
      routes:
      - name: doppler
        registration_interval: 20s
        port: 8081
        uris:
        - "doppler.bosh-lite.com"
      - name: loggregator
        registration_interval: 20s
        port: 8080
        uris:
          - "loggregator.bosh-lite.com"

- name: uaa_z1
  instances: 1
  resource_pool: small_z1
  templates:
  - {name: uaa, release: cf}
  - {name: metron_agent, release: cf}
  - {name: route_registrar, release: cf}
  networks:
  - name: cf_private
  properties:
    login:
      catalina_opts: -Xmx768m -XX:MaxPermSize=256m
    route_registrar:
      routes:
      - name: uaa
        registration_interval: 20s
        port: 8080
        uris:
        - "uaa.bosh-lite.com"
        - "*.uaa.bosh-lite.com"
        - "login.bosh-lite.com"
        - "*.login.bosh-lite.com"
    uaa:
      admin:
        client_secret: PASSWORD
      batch:
        password: PASSWORD
        username: batch_user
      cc:
        client_secret: PASSWORD
      scim:
        userids_enabled: true
        users:
          - name: admin
            password: PASSWORD
            groups:
              - scim.write
              - scim.read
              - openid
              - cloud_controller.admin
              - doppler.firehose
              - routing.router_groups.read
    uaadb:
      address: 10.244.0.101
      databases:
      - {name: uaadb, tag: uaa}
      db_scheme: postgresql
      port: 5524
      roles:
      - {name: uaaadmin, password: PASSWORD, tag: admin}

- name: router_z1
  instances: 1
  resource_pool: small_z1
  templates:
  - {name: gorouter, release: cf}
  - {name: metron_agent, release: cf}
  - {name: consul_agent, release: cf}
  networks:
  - name: cf_private
    static_ips: [10.244.0.102]
  properties:
    dropsonde: {enabled: true}

properties:
  router:
    route_services_secret: PASSWORD
    ssl_skip_validation: true
  networks: {apps: cf_private}
  app_domains: [bosh-lite.com]
  cc:
    allow_app_ssh_access: true
    default_to_diego_backend: true
    internal_api_user: internal_user
    buildpacks:
      blobstore_type: webdav
      webdav_config:
        blobstore_timeout: 5
        password: PASSWORD
        private_endpoint: https://blobstore.service.cf.internal:4443
        public_endpoint: https://blobstore.bosh-lite.com
        secret: PASSWORD
        username: blobstore-username
    droplets:
      blobstore_type: webdav
      webdav_config:
        blobstore_timeout: 5
        password: PASSWORD
        private_endpoint: https://blobstore.service.cf.internal:4443
        public_endpoint: https://blobstore.bosh-lite.com
        secret: PASSWORD
        username: blobstore-username
    external_port: 9022
    packages:
      blobstore_type: webdav
      webdav_config:
        blobstore_timeout: 5
        password: PASSWORD
        private_endpoint: https://blobstore.service.cf.internal:4443
        public_endpoint: https://blobstore.bosh-lite.com
        secret: PASSWORD
        username: blobstore-username
    resource_pool:
      blobstore_type: webdav
      webdav_config:
        blobstore_timeout: 5
        password: PASSWORD
        private_endpoint: https://blobstore.service.cf.internal:4443
        public_endpoint: https://blobstore.bosh-lite.com
        secret: PASSWORD
        username: blobstore-username
    bulk_api_password: PASSWORD
    db_encryption_key: PASSWORD
    default_running_security_groups: [public_networks, dns]
    default_staging_security_groups: [public_networks, dns]
    install_buildpacks:
    - {name: java_buildpack, package: buildpack_java}
    - {name: ruby_buildpack, package: ruby-buildpack}
    - {name: nodejs_buildpack, package: nodejs-buildpack}
    - {name: go_buildpack, package: go-buildpack}
    - {name: python_buildpack, package: python-buildpack}
    - {name: php_buildpack, package: php-buildpack}
    - {name: staticfile_buildpack, package: staticfile-buildpack}
    - {name: binary_buildpack, package: binary-buildpack}
    internal_api_password: PASSWORD
    quota_definitions:
      default:
        memory_limit: 102400
        non_basic_services_allowed: true
        total_routes: 1000
        total_services: -1
    security_group_definitions:
    - name: public_networks
      rules:
      - {destination: 0.0.0.0-9.255.255.255, protocol: all}
      - {destination: 11.0.0.0-169.253.255.255, protocol: all}
      - {destination: 169.255.0.0-172.15.255.255, protocol: all}
      - {destination: 172.32.0.0-192.167.255.255, protocol: all}
      - {destination: 192.169.0.0-255.255.255.255, protocol: all}
    - name: dns
      rules:
      - {destination: 0.0.0.0/0, ports: '53', protocol: tcp}
      - {destination: 0.0.0.0/0, ports: '53', protocol: udp}
    srv_api_uri: https://api.bosh-lite.com
    staging_upload_password: PASSWORD
    staging_upload_user: staging_upload_user
  ccdb:
    address: 10.244.0.101
    databases:
    - {name: ccdb, tag: cc}
    db_scheme: postgres
    port: 5524
    roles:
    - {name: ccadmin, password: PASSWORD, tag: admin}
  consul:
    agent:
      log_level: null
      domain: cf.internal
      servers:
        lan:
        - 10.244.0.105
    encrypt_keys:
    - PASSWORD
    ca_cert: |
      -----BEGIN CERTIFICATE-----
      MIIFBzCCAu+gAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwhjb25z
      dWxDQTAeFw0xNjAzMzEyMjAwNDlaFw0yNjAzMzEyMjAwNTJaMBMxETAPBgNVBAMT
      CGNvbnN1bENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0tLZmi6x
      aqbGl7VvKjJoIf2PAilPDzMNH56p7PUOHutRreKn70dzmMr/CbLShMllgjW6ZvOL
      osw0iSVKWewiWtrFD8vmRx+OkmdgxPD9813EvnjsvrGyWOxmK7eTahy2ZpMrzmnV
      RiDNzu0xBlnBHqAFUPOyWLXuBGFGsDgQt7tLlHIp6o0t4qkBjC/qQSKgBcQt9qxq
      cnetiMDDuNhTQT7a+4Br61nwooSAOYmjR9Ox4ULSscMf1qEmQQfJNGJ8ifqF/SOM
      a8Dyt7uUIFRbMzA/wdiy0BXBjJysD5B4tXtWdHSg/8de0STPWOR4dnuOdupAwub+
      9ICOk1FRCEVPHyBVgQppb4SqUa9loJ2fDJQSl0PY+1kC+bC9czEoNg/hDTBYCiVM
      bYPEOnx/810Pm1PoUEmp4rTQUM6EM6pFQBIW3+rxpOJlhxmRJyZzsUpZB9xsh7P2
      Q80OI+XZL/QCI8/t65QamsIbV+IlG5IeALBC+oaC3Rfnfpy3cEXl1vw3Z1qTM9qR
      8ZAUDLUcYcULtDjRqgvEMLaK/vd3UMAXeVpPGgEbno3eXl/spByN2nwmpZM1RcB0
      CtmN+byDv0fAYlUqBsDhes0AaeY3+ZN4opEXUHGR7qDl3hwZBIHG8niFMtVTb5na
      Ktam3U+e1kIVsgbz5+B2KEJKUvjI5yLGDM0CAwEAAaNmMGQwDgYDVR0PAQH/BAQD
      AgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJB06Ynto2S0F7wv5hdE
      y+pVN1NNMB8GA1UdIwQYMBaAFJB06Ynto2S0F7wv5hdEy+pVN1NNMA0GCSqGSIb3
      DQEBCwUAA4ICAQBIMYRZ64GV/oe+yPWK5JhU8W85qT1ROfJC1Hwg6zXtP0pIUlyN
      oAyCtc2i1Z3Cp2K9BIfjg+E2+UhSWnwA/6hLPd0R5KMKNOCYCPZClGlYxskQ6irD
      yiceJGwFj3BJYQzOu+XSn55vvouJOG/I24azkSQ5Fwcvqm+8DdznX5P33PRw1DX7
      mJKNIWflcygrxR908iAIfv0V2btVoDr1YGwPKZKwEJ5jyjrNipbM0kErWzwD6V65
      6qluPalUgUnGrzbAqWgKQ/a015gUqRN1lu6XbRhoV4xCFUFLkubHVoCDJ2Y52pXD
      Tu2WKmwpqx3CI2lTe0Vqs2wrSLZrcKK8t3tUsl3qEPFFdxM8+Q/WIlu6l4USOmAh
      uEmdeSBefFlAYyblOfY84W2h0IsBny4KrBIWl7+QL/38cwA+BII/XoilmoIiDctd
      0aT/55KDrD6kZRR9917Qp586mTagfpHL6SHQbn7hh/YQ0VFlmVffXc9T4mDkcFaR
      04bsl87bgG5Bk4f1msBgmnzvJqzbzdHwVOsjZpeN6N683O6YbxK4DNPqWr/BOdkH
      ZzF06444shzlvEdXlcb122q69AbWNcm+HHkmEQUYH3hoYyiwiicdqDskUScj0QpF
      1ddNutiVjXZsmFRwpFxNBTCoNdns8Q9uUQfzHx8DomWgfX9TNzn7y1cc3g==
      -----END CERTIFICATE-----
    server_cert: |
      -----BEGIN CERTIFICATE-----
      MIIEMDCCAhigAwIBAgIRAOE+FRzzg4N7y23SfTwde6owDQYJKoZIhvcNAQELBQAw
      EzERMA8GA1UEAxMIY29uc3VsQ0EwHhcNMTYwMzMxMjIwMDUyWhcNMTgwMzMxMjIw
      MDUyWjAhMR8wHQYDVQQDExZzZXJ2ZXIuZGMxLmNmLmludGVybmFsMIIBIjANBgkq
      hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiPUUo3sUf8oK98wiAzsEJuhMP1ZW/IG
      PZR3bZyMN4B1WTtSEvATFU0kyCioJv6Num4hBfsYCyUbCX2r4bHwaO1TLQwY+kkT
      phBkhqqsvNk230GNhEC6/oukPlPRjEZau0v0Mzlx1VUHtZCyMZk8pPo6nXxMfapM
      9A7DU2YRjW0LhusGWWEsZVnTgw4A0SYrOA0lutcGkID9fFMOhdrLpk+OPVRPWFae
      Hp4lDLQ6NX78W+u8g6k2ocTjZ2bE4U/87+mYPNgRDJYGkaohOxDNKwDtC97MQmmS
      fdOYapff2NOjGdexWf4Nl2GPm94GDkFQmVpKOuJ5PfMKgFFl4kFBSQIDAQABo3Ew
      bzAOBgNVHQ8BAf8EBAMCA7gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
      MB0GA1UdDgQWBBQJBvWAwnpCTcyTl0uUP9xRTG6IVjAfBgNVHSMEGDAWgBSQdOmJ
      7aNktBe8L+YXRMvqVTdTTTANBgkqhkiG9w0BAQsFAAOCAgEAY1LebPT74T47BbmF
      DY+I3nRgtKWpB97OrtKmKsXjGAd/RlyINmUgQQFlXasTMbUMNz6jHUPMl7o+yrt3
      h8pbBDBmxqQ59cJArHABj77feRptq9tiR21b1lecM7dlf7JtQX4iIMYockEiEZHH
      fA0lzw4r9jyWu8ts7b3Il1TDC0CvCcB6RDfaXLhGZ90BJBx3jh9ekWpT8F25UQwT
      odGq0vSDDdrI/s7NZT3Dw1I7BpLiK2Y9ULR7NDJOZhd885rMZ2Rdt3cb+F7SO+B+
      gE8NktIwkXiMIpdCF0QYSAfi4uZQkdTnL+W7v1lBDPtswuCyozgR3mInVtAeWSPX
      JGDCmiHZFkHhmgoNH15zv0Jx7t9iY5uaDeeNvjbXfFrckMYY6hJf5EhowzTUKOxK
      YpsJuFSFydGxcz/uivEkEl/Gk9FYxrm5FBimV52GI04Y9P3F6O0LfANgjEB1rC2v
      4ebBG13nZddQHbRUzmDemVP42GC68+l2T4eczQB3qhH80HejN7cnzNEgx+24+YwB
      4wtVmSqDh5sB9SlY+HBiJvFgtl0cQISYEnHlxzN/3HbS/xjjXGom9FWXmpTK9FPx
      1SiBHNWnErTnrq7Vxo5rPjzK02xf6CdrUj/35TKau/ssB9IXSLV4mW9z87w4apyI
      WymD9N6OHIM0MEmMcYIqph7Yo2w=
      -----END CERTIFICATE-----
    agent_cert: |
      -----BEGIN CERTIFICATE-----
      MIIEJjCCAg6gAwIBAgIRAJIdGe7fx391grV1/m9i/2AwDQYJKoZIhvcNAQELBQAw
      EzERMA8GA1UEAxMIY29uc3VsQ0EwHhcNMTYwMzMxMjIwMDUzWhcNMTgwMzMxMjIw
      MDUzWjAXMRUwEwYDVQQDEwxjb25zdWwgYWdlbnQwggEiMA0GCSqGSIb3DQEBAQUA
      A4IBDwAwggEKAoIBAQDZ7JoVMCudtjSXp6OGGG2S1xV15R3qm55+Pi4dCgO/g31O
      hJoWQL3fL2S1IfZMEzVjZYRperBhoHHjudkOw8opss2pvHynwQKaj10cKkrI1zak
      t59FkM2GAgkjmeGt3ZbPL+tQM3Pb8K4facxhbM44iOdPpCCGPl/CNWYv8HBtwRUv
      wfTYcmQq5ameA4GEzokKwYXf4cHCMY69sPMKatGldS8B2gal+wBV7PHo+qsvdZug
      YIRLWGbGDBLN9xi2JMHHrNodZKlWSEEEZaSa8kctqFw4iZRYdmKAc7i9HCRxTobP
      W18Dn6GGSCCYMaMCKzrvnwyBWrN5baoNl+cvE7SlAgMBAAGjcTBvMA4GA1UdDwEB
      /wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYE
      FEjW45GNWfzsd5+P9U1KPlLKKBqeMB8GA1UdIwQYMBaAFJB06Ynto2S0F7wv5hdE
      y+pVN1NNMA0GCSqGSIb3DQEBCwUAA4ICAQDOTO7uujSHt5NUIx8h03TMQxm5Fj1m
      2KaAYmut4HTNBTQHNcvNCTQ86HURj1zaVnNqGNo4zWE89jPb6RkfutcxaWIZzXw1
      CtTFg/DEQlMrRHe7MvaLwr8pVidGjU+yaqDdctzIKi0zKvdb4ImyK3ZucXuoIjth
      S0cMxIBB2D99+8LnPfyAnJT2PFAZ92GyWZRUTZZa3c/QMaJZLaMmp6Yihs/fubQf
      PxgnbirRScO+dqxjzz+3911VHiEGrnLcjE5rvPxjsW4G2g6goK1/Lg+RbAOhAC/6
      UbJQEKAlxqsvBxidkT0OtQJ/AibtPB425KzM2K+v1zXUyFmPHbJspxMCFgkHvOdf
      NYJ6oVLj6lVH5vvFM8pdffbaICZTWBSQG/w5p4EObF5cIL9/PtKGTLj0bi5b8oPc
      ZVRdYiXObpaMO5fJQKY+c3QMzjPczdmBaXF15EyfTUPpRtdyBfica/0BkW0w4XRK
      uEC+YFgx5qEVmscss2K42ZCJ8b/vwcLH0HqMmc8OoPLakVbD/A+64Kt1mdJ7N63K
      GO8DbjsU7qg9T8Y/6O7iJ/FEvvyWmUo0GJlSga/hrHH0LK5ZXVqCjkyVNjojRy0E
      G8X8rON9IPCgIJmpWuOyOKDRONAteTVpYiusmG7s24aX/ZA11vUmpR0iNunbPNct
      bKLaH/vFK5U4cg==
      -----END CERTIFICATE-----
    server_key: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEpQIBAAKCAQEAoiPUUo3sUf8oK98wiAzsEJuhMP1ZW/IGPZR3bZyMN4B1WTtS
      EvATFU0kyCioJv6Num4hBfsYCyUbCX2r4bHwaO1TLQwY+kkTphBkhqqsvNk230GN
      hEC6/oukPlPRjEZau0v0Mzlx1VUHtZCyMZk8pPo6nXxMfapM9A7DU2YRjW0LhusG
      WWEsZVnTgw4A0SYrOA0lutcGkID9fFMOhdrLpk+OPVRPWFaeHp4lDLQ6NX78W+u8
      g6k2ocTjZ2bE4U/87+mYPNgRDJYGkaohOxDNKwDtC97MQmmSfdOYapff2NOjGdex
      Wf4Nl2GPm94GDkFQmVpKOuJ5PfMKgFFl4kFBSQIDAQABAoIBADAJHWY31cOVLHmS
      7fXgni9tbBvvcwHieibUTW2T65al4B5HjNE/fufYqwUBxo+G6sZIyk/TTBRBMfll
      2f5LkUYEyZeW9e9wpvmT8bRT7EkmsTMDYMHFy6CODmLIwlQko8zJe9eRNUBWqKoJ
      7ED1fRoDaEowARlZ0uKbXRLgMmMLam8yWo3aDdeZqp9lQoDLs+R5YubYPSvFkg8l
      19YOrVeXnSeAIKQBx0qLzMWWcYRSFm/WuirhklI1fzrI0RoqpDM7ye7KYjYzxmXM
      a9VukotuMzc316Ny903/QzgriYK04+D2LTTr6MxP5QQLQKpRpnv9BAaOzB7uluo+
      RS5uGAECgYEA111bXtXHmHp69Sw9o+5Jq6LVfg/J0P5VYqy92mAcWfQsyNgSA8nJ
      7q+pEu7e+bRZ/SjqsP9LNm6zF3RIbwDGJUm9dFPT9NCzjAnKDtUcVchL4oodJUKK
      nhKM3DTbr5QEM7AAaaPa/oHc1fw+kMayIhGo/z04xEQuRgF7lUIDPqECgYEAwLuW
      fMq8+GsJB/1eUFwU3k013rnHAxlBC7e+4bdTcUv3QC+bAIGLKkK4bcKn6ElnTrSt
      KXPB7V/Loi0Gwx1035aPwDKVjdQDbug/MX2M/aKeRnQb9VPndluUJDh+deikUAI7
      gqJKv92a279Dat54fjLXKPqsGQAqy403tT6hSakCgYEAkCuO3w19cDWN2lKjcPoz
      lxKKmLk5AQ9BWa0J6wYr9Ivg7xK1/JM4+u/c3y/JVJ/HHhImChbc4rN4cFsHokeC
      XbPff+AeI+USTMzA1u0S6toK8rxCho7k/KyuXzuDVSZhKbjIje+Cyp1kmFskBwb8
      eJIZ78OsHLcHwxV7BZALXAECgYEAnCVevqvifcD6CCcWCjUQEyqqwk/xFGmZcUzk
      sSo9yESrhK0M/1P008BKe2KBdohB0lo/EJ5gN1itOi8Qk3OCBMOOo0BYOhfS0EAJ
      MqdtWvAtGxdmr1PS6uk3FEFQ82YP+WJVpHin5to7ZF2I2UR0ionWF7U/SOIByfgX
      chfTxEECgYEAz8ob55iUxdL/9Dj3JBZp3039l5DqzqS2TVh+b2Gj1R8pvlnHXhBE
      JqXK0KoItB+9qJYzTAfsQJHErPL8+15sqaZHsQrssXgHdGXSqOsTmUWCvNVYi2yr
      0Iy00Tlkozwhwf5Y3PzITI1SWGqa3rZesUydj5FnuyeZTiLVajqPWe4=
      -----END RSA PRIVATE KEY-----
    agent_key: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEowIBAAKCAQEA2eyaFTArnbY0l6ejhhhtktcVdeUd6puefj4uHQoDv4N9ToSa
      FkC93y9ktSH2TBM1Y2WEaXqwYaBx47nZDsPKKbLNqbx8p8ECmo9dHCpKyNc2pLef
      RZDNhgIJI5nhrd2Wzy/rUDNz2/CuH2nMYWzOOIjnT6Qghj5fwjVmL/BwbcEVL8H0
      2HJkKuWpngOBhM6JCsGF3+HBwjGOvbDzCmrRpXUvAdoGpfsAVezx6PqrL3WboGCE
      S1hmxgwSzfcYtiTBx6zaHWSpVkhBBGWkmvJHLahcOImUWHZigHO4vRwkcU6Gz1tf
      A5+hhkggmDGjAis6758MgVqzeW2qDZfnLxO0pQIDAQABAoIBAG3D4PBfLPjpN6BT
      jegTEc3ujB6v4tuyuqg3xZ5W1wB1yH3uCHbA8WIjSwR5MMesvS1tir5eT808tWDQ
      0WXAdGmAaFrgV6FfdGJJZ8qx+q0iyaE54/10LDEdgWDvN18Nx9Jf/pSM9gSIPAwS
      jCFeXpjXTDsvHjq/3BfEMc5fuyFsO6hSncCoY2aXJA6XG6K/qV/ll4djys6GTCDq
      fU2eVWVk2yEM7YfvNocuaocyj+nd8ozDrS2HVtvBMRurjWreNF5zk5F11HaQN/D5
      OfKj8abHZuwlVSqbdaf9mdV+7ENKU1cze82p2ZqwruPGrRFtbezxBBlgEMfzJX3i
      kwa830ECgYEA8wDcoIcVPCAri+Kylwitxevfk2oZcSNqI8q9TAjYDXMfyWISbMt2
      35lq9wVjKx34BSO+BY2HXLnl0sUBdfwWuO4IPzkQtILtwXDdszvAerGgjtZerKXb
      CiLu9ZjpcvlcxPmlitp/WYvX7bJdVsBJQU1ks+5shQLOFv5N4nhG680CgYEA5ZRc
      8gSp4tuSL+1zzBXjdsQfmwkbI6Mw3kZ8e97pBxRtbyH9TyYH3ryAGwOgwFsWuCOW
      Zbqx6CIUr4R20FMBndqe3bPwpL35jdooFMSKaF/a9sDbX3BXYFeJjm2qR9sw8R1E
      461+tuejK18j0DwnzuZHzQ3tT8uTG77ODUQCBDkCgYAxJO15sZgDzuW/pptDnEe4
      jVlr8LswfF8M2gWqiOdY4P1+tszPH97snZRaXMaPg8ITGAVoDhVgFWB7XchL2i2m
      PM2CK8JLH2eCBZdwlhb5OU8lVAlVlT1VMXduR/x+ehve4jYufL3gmD2VHsttrfmi
      sUo6cW+U/to7IDcUJAsDyQKBgQCFQ1u4eJCMyNvQykr/Wm1REYMvIVgJlb7WJ6A2
      3yvxGiBz9AzwFqlW16CdDbwQLE/Bz5aLspV2o+HSCFhXkPdNRAwXsU2ss0Ha35mI
      hJW7BHk75rLwcWum1ulYLbw8PbXpIA5PAvSdA1Sp5m4JgAGzjeR72Ou59/eKkXVW
      KfXpsQKBgG7Lk0TTaeMQ8KtTjp3rYrOCW2S6s6rSUcbTLog7hZELV2/foHftri4p
      bgpHFZuzo7Xt40/6LvM9htBdY9pHtGpBmHnhOqL0dCRB6VSMUZ8wo9ZIANmCxsCI
      S8TIR2w+Bbw6v3yDKwPF6t+86eQvz0/YHbsomgyVPVCcLPkjhBds
      -----END RSA PRIVATE KEY-----

  blobstore:
    admin_users:
    - password: PASSWORD
      username: blobstore-username
    secure_link:
      secret: PASSWORD
    tls:
      cert: |+
        -----BEGIN CERTIFICATE-----
        MIIDQjCCAiqgAwIBAgIJANvIxLqHTfmZMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
        BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
        aWRnaXRzIFB0eSBMdGQwIBcNMTYwMzI1MTgzOTI1WhgPMjI5MDAxMDcxODM5MjVa
        MEwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxDTE9VREZPVU5EUlkxJjAkBgNVBAMT
        HWJsb2JzdG9yZS5zZXJ2aWNlLmNmLmludGVybmFsMIIBIjANBgkqhkiG9w0BAQEF
        AAOCAQ8AMIIBCgKCAQEAxVKn++XNrpKfna39TdysKZvjX3CdBGGfcR0IJVQQQQGi
        iiBQYG2gGeRH6T4Zja90p4EFRzgPnDaUbE8G8dlA7ehI3K83N1xWKiRbUtb5vAgW
        REj2FWDkshGzDX6wV6+N+Ue2yWeEe+N4ojaQRZq8w4rArkUgO3N30eTcrxsMqgBV
        OIru/EMWheuB0SQyq51n2g6Um1F+3pCtusIjJiLTwQ6NF4UQNB0fOqWo6v9fFudi
        g8QSvc8GXVmXvqiQTMSU5/EoWMe06kY8EMJWWZN1Eht43d4QFhRAvhJ7ZicPoIxf
        nWI/3JjBLXJp/HIuu+Rz/KbCDRNSoTux4L1xnLLafQIDAQABoywwKjAoBgNVHREE
        ITAfgh1ibG9ic3RvcmUuc2VydmljZS5jZi5pbnRlcm5hbDANBgkqhkiG9w0BAQUF
        AAOCAQEAO97PryaidEcYcbZTu8E0ikEkbNBzjMY3nfmmdRqAwuxRZAfLwzKbVdrH
        z9eDQLOVAEz9Ftze91IlHpO+KQ3f9khidYXtcEt5j2niOJ81HMo66/lWja27fmpQ
        rfS6YuEleMiTUs8v5URZAgyewb9rlvo06vPW+4GGH6GH/0d30DnFCKp7GMpLEJc+
        z47Jtve2/5xXZKHdTbx2sku9tRRKx2eNSqpB2ev8jwePQ41icDZ4B11AqG2w8Woz
        XL2e5p/TqF9l2rkTcBM8Koi0lz3ZIWpaet6NKvSVQspnLGRIw0I9PvOlKCttNhGT
        cG1R+1W2PzUBtjo477QeJEoYa1k2sQ==
        -----END CERTIFICATE-----
      private_key: |+
        -----BEGIN RSA PRIVATE KEY-----
        MIIEpAIBAAKCAQEAxVKn++XNrpKfna39TdysKZvjX3CdBGGfcR0IJVQQQQGiiiBQ
        YG2gGeRH6T4Zja90p4EFRzgPnDaUbE8G8dlA7ehI3K83N1xWKiRbUtb5vAgWREj2
        FWDkshGzDX6wV6+N+Ue2yWeEe+N4ojaQRZq8w4rArkUgO3N30eTcrxsMqgBVOIru
        /EMWheuB0SQyq51n2g6Um1F+3pCtusIjJiLTwQ6NF4UQNB0fOqWo6v9fFudig8QS
        vc8GXVmXvqiQTMSU5/EoWMe06kY8EMJWWZN1Eht43d4QFhRAvhJ7ZicPoIxfnWI/
        3JjBLXJp/HIuu+Rz/KbCDRNSoTux4L1xnLLafQIDAQABAoIBAAK2eTLAXQyKXYFo
        c/QPFZrY1s5oGPCHew6uDH+e4T5TjG2DtjctKqdQeSCexvEouVzYLD9naOeH5JB8
        oabPitH6gI3wJr0vGswnhc3kwLgyEEROEHwIwfwkvCZyWHBMLJKBxuSL9MlTPkRU
        pbUfRHsXvEBpGOFYXAxZriMGJy1rH4/FfltbPVQX+OadL/bJE4DC/5GXnLV3ft3K
        BVVZyvafhhLCrm24mNgSxHziuAG10UXk+QmjJmzj0CgqAIeLoI7+hCz7nf0puzkO
        UAsxYMh5GJqSEmWtnVyk1PbhA7XBK1zRCciMcy9U+IZ3yydH+HT40+ht8T8Wyop2
        Hj9jkCECgYEA7vsrzK/FV+NGhceANZdRhD35cKTr5hzLOO0J+NJVvKjHEyelgOWP
        +5WL+ahuhKCvlPuCXl/lfEq7PQrpSrqs3psgDi22oMGX4P/FXjlpmwFMJM49RcYk
        azBJLGj1/1F0VkG4WMSieFQ+uCZc6Q/rm/EdOyCsn4acw8SCmKuIvEkCgYEA02AF
        B1lkQzqRYZbT15T+zuoTV4GRjRXQugzT+aLAyI6fW70VfZOWWtwMK86VJVmSKRqD
        W4uaiKQGVQaq5szc3i+Hv6xndj7sL6e1VypFtAjjeswY/GPSjrt53SKz4TWOfCZq
        8JZVQmAebPPTdjyO8DZcGb6y8C7IhKByVdCLJJUCgYAYQa5EbGLfdNYnpgRBbEZ9
        4bx7zoGTLcEC2ix08QR6zbbHHvMRjjt7EcbPZGUzWQv5Vz34TkuAviUbIQxk5WW+
        gohSaBltX7kGwW9LDRDHBu6vna9icaYoqxICS/UMITxptOn9OJg1Fnf3QQ2VKmSD
        w4lwAvUCjCtFQ6Dt1hte4QKBgQCQCnriyzPb7Glty06JNmt9rV2I4C7Dqf4XCu7Y
        yuP8x9Qou+2NKanoONPCdoCEd0l24S5qj/O68auu/WAw76IDdvhW0bGfjrl8sBiP
        Uas2SGhcIgFU3OF7ip48540VB14VlEiDsq5fEQkqze1oQVRWtXSFxsJBkl/qoTvI
        5tgrEQKBgQDCKTdsTsTK+UAhLB45rVg6IppDoY/X8qspaNtYYHa4bG4X9qk1Gl+2
        fPuTr6OlWPa4VA4wb1DuDIk3gpdBIJWo3Jv7miUeo6CgRUalZ6kN6PpBtiY3lKK0
        7sTV9KfdlETLUwh8qkEsoMJCpNzvRvRVQn5Xp25W9ssnVnXgY7qpQg==
        -----END RSA PRIVATE KEY-----
      ca_cert: |
        -----BEGIN CERTIFICATE-----
        MIIDtzCCAp+gAwIBAgIJAIPgaUgWRCE8MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
        BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
        aWRnaXRzIFB0eSBMdGQwIBcNMTYwMzI1MTgzOTI1WhgPMjI5MDAxMDcxODM5MjVa
        MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ
        bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
        ggEKAoIBAQDDmSpF1agfBnLiyi+KlbqvetxxFqG0ONDOZQTiTnc/xkmwJdCsEwWe
        CA8okKm6aB9/C5IQz8//7KnZeAWghl+PCVanr+Ax1vjZKLPO2Ccin7oQ7wVSqJ5q
        5slVK2nfRtLcyXdb5rPIlNEMRpupv0jiRAaOoh5KvOSWA770zIJF3qP9IyuA8P6y
        XCU4+lu6XOeaHWRCXyzpjBGgnc6M/kYx8sKp6ktu1dXYUpNld4ICjSbmLDdq6hd6
        OU7WkR3/AZQ3q3F7hiRg7CVAea24RsV30a2mYgVZnUgA8A12zuHXV0S+955CUntr
        Cygv4JovFCf/VaBuUG7LGJNuCy+rJrBRAgMBAAGjgacwgaQwHQYDVR0OBBYEFDcq
        5thPoSs0QiQLQMmW2WxjEVSSMHUGA1UdIwRuMGyAFDcq5thPoSs0QiQLQMmW2Wxj
        EVSSoUmkRzBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8G
        A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkggkAg+BpSBZEITwwDAYDVR0T
        BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEANqwgDsDrQc3iKMsC8/HoCOKz/Gu7
        EHDncfeuo8/+6vuHf5IsJrkpzNoFI7OWMp/PsDQ2L7jAFATKYNhpbwJwAknSlTBk
        2Pi2j303EGdLLGFdhKWK46MUtBMf6KBfUn/ReFgTUIH+NrX/mnr3ZdK/O2DfIjYj
        Wdc+6NNVewmA0E/n2O4BasfsIH9xZ8Sjt1yeyyW/x47i1UIgsSSg7J6h3GEfG1PA
        a2avU7gd1ERzy4z0FobouMTCiQ+BDfQHT2Jg8WLbdyEj/TH56w4cF29pQ0coZOC1
        bAzM00WOuWYAt8wwcB2+feZiOUxoMzE13XdDf+XaJwmBmKEKYf56+kJTkQ==
        -----END CERTIFICATE-----
  databases:
    databases:
    - {name: ccdb, tag: cc, citext: true}
    - {name: uaadb, tag: uaa, citext: true}
    port: 5524
    roles:
    - {name: ccadmin, password: PASSWORD, tag: admin}
    - {name: uaaadmin, password: PASSWORD, tag: admin}
  description: Cloud Foundry sponsored by Pivotal
  domain: bosh-lite.com
  etcd:
    advertise_urls_dns_suffix: etcd.service.cf.internal
    cluster:
    - name: diego_z1
      instances: 1
    machines: ["etcd.service.cf.internal"]
    peer_require_ssl: false
    require_ssl: false

  logger_endpoint:
    port: 4443
  loggregator:
    etcd:
      machines: [10.244.0.104]
  loggregator_endpoint:
    shared_secret: PASSWORD
  metron_agent:
    zone: z1
    deployment: minimal-aws
    dropsonde_incoming_port: 3457
  metron_endpoint:
    shared_secret: PASSWORD
  nats:
    machines: [10.244.0.103]
    password: PASSWORD
    port: 4222
    user: nats
  ssl:
    skip_cert_verify: true
  system_domain: bosh-lite.com
  system_domain_organization: default_organization
  uaa:
    clients:
      cf:
        access-token-validity: 600
        authorities: uaa.none
        authorized-grant-types: implicit,password,refresh_token
        autoapprove: true
        override: true
        refresh-token-validity: 2592000
        scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read
      cc-service-dashboards:
        authorities: clients.read,clients.write,clients.admin
        authorized-grant-types: client_credentials
        scope: openid,cloud_controller_service_permissions.read
        secret: PASSWORD
      cloud_controller_username_lookup:
        authorities: scim.userids
        authorized-grant-types: client_credentials
        secret: PASSWORD
      cc_routing:
        authorities: routing.router_groups.read
        secret: PASSWORD
        authorized-grant-types: client_credentials
      gorouter:
        authorities: routing.routes.read
        authorized-grant-types: client_credentials,refresh_token
        secret: PASSWORD
      tcp_emitter:
        authorities: routing.routes.write,routing.routes.read
        authorized-grant-types: client_credentials,refresh_token
        secret: PASSWORD
      tcp_router:
        authorities: routing.routes.read
        authorized-grant-types: client_credentials,refresh_token
        secret: PASSWORD
      doppler:
        authorities: uaa.resource
        secret: PASSWORD
      login:
        authorities: oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write
        authorized-grant-types: authorization_code,client_credentials,refresh_token
        redirect-uri: https://login.bosh-lite.com
        scope: openid,oauth.approvals
        secret: PASSWORD
      servicesmgmt:
        authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
        authorized-grant-types: authorization_code,client_credentials,password,implicit
        autoapprove: true
        redirect-uri: https://servicesmgmt.bosh-lite.com/auth/cloudfoundry/callback
        scope: openid,cloud_controller.read,cloud_controller.write
        secret: PASSWORD

    jwt:
      signing_key: |
        -----BEGIN RSA PRIVATE KEY-----
        MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
        JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
        0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
        AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
        Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
        KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
        duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
        xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
        +5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
        lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
        jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
        HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
        4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
        -----END RSA PRIVATE KEY-----

      verification_key: |
        -----BEGIN PUBLIC KEY-----
        MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
        KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
        qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
        spULZVNRxq7veq/fzwIDAQAB
        -----END PUBLIC KEY-----

    ssl:
      port: -1
    url: https://uaa.bosh-lite.com
  capi:
    nsync:
      bbs:
        ca_cert: ""
        client_cert: ""
        client_key: ""
        require_ssl: false
      cc:
        base_url: https://api.bosh-lite.com
        basic_auth_password: PASSWORD
      diego_privileged_containers: true
    tps:
      bbs:
        ca_cert: ""
        client_cert: ""
        client_key: ""
        require_ssl: false
      cc:
        base_url: https://api.bosh-lite.com
        basic_auth_password: PASSWORD
      traffic_controller_url: wss://doppler.bosh-lite.com:443
    tps_listener:
      bbs:
        ca_cert: ""
        client_cert: ""
        client_key: ""
        require_ssl: false
      cc:
        base_url: https://api.bosh-lite.com
        basic_auth_password: PASSWORD
    stager:
      bbs:
        ca_cert: ""
        client_cert: ""
        client_key: ""
        require_ssl: false
      cc:
        base_url: https://api.bosh-lite.com
        basic_auth_password: PASSWORD
  diego:
    auctioneer:
      bbs:
        ca_cert: ""
        client_cert: ""
        client_key: ""
        require_ssl: false
    bbs:
      active_key_label: active
      encryption_keys:
      - label: active
        passphrase: PASSWORD
      ca_cert: ""
      etcd:
        ca_cert: ""
        client_cert: ""
        client_key: ""
        require_ssl: false
      require_ssl: false
      server_cert: ""
      server_key: ""
    converger:
      bbs:
        ca_cert: ""
        client_cert: ""
        client_key: ""
        require_ssl: false
    rep:
      bbs:
        ca_cert: ""
        client_cert: ""
        client_key: ""
        require_ssl: false
      preloaded_rootfses: ["cflinuxfs2:/var/vcap/packages/cflinuxfs2/rootfs"]
    executor:
      memory_capacity_mb: 30720
      disk_capacity_mb: 163840
    route_emitter:
      bbs:
        ca_cert: ""
        client_cert: ""
        client_key: ""
        require_ssl: false
      nats:
        machines: [10.244.0.103]
        password: PASSWORD
        port: 4222
        user: nats
    ssl:
      skip_cert_verify: true
  garden:
    graph_cleanup_threshold_in_mb: 0
    persistent_image_list: ["/var/vcap/packages/cflinuxfs2/rootfs"]
    deny_networks:
    - 0.0.0.0/0

BOSHでCloud Foundryをデプロイ

bosh deployment cf.yml
bosh -n deploy

ログはこちら。 コンパイル済みパッケージが使われており、たった10分でデプロイできた。今までの(DEA版, Diego版)はなんだったんだ。

$ bosh vms
Acting as user 'admin' on 'Bosh Lite Director'
Deployment `cf'

Director task 18

Task 18 done

+---------------------------------------------------------------------------+---------+-----+----------+--------------+
| VM                                                                        | State   | AZ  | VM Type  | IPs          |
+---------------------------------------------------------------------------+---------+-----+----------+--------------+
| api_z1/0 (58e744c8-cb5b-4257-a754-6f320f612df2)                           | running | n/a | small_z1 | 10.244.0.7   |
| blobstore_z1/0 (76ef3e8a-4034-43a3-b713-6849fd3a902a)                     | running | n/a | small_z1 | 10.244.0.6   |
| consul_z1/0 (79bfc824-327e-4688-9d32-df075f94f513)                        | running | n/a | small_z1 | 10.244.0.105 |
| diego_brain_z1/0 (b7e8bb31-dc79-40f4-90e1-4d49d89e2ae3)                   | running | n/a | diego    | 10.244.0.5   |
| diego_cell_z1/0 (8565f888-7b4a-43c6-acb7-09f9ed3edfaa)                    | running | n/a | diego    | 10.244.0.4   |
| doppler_z1/0 (fe1bbb59-99e1-4ea3-ade2-cde14a06a720)                       | running | n/a | small_z1 | 10.244.0.8   |
| etcd_z1/0 (d39fb894-0ff3-4f5e-8221-6d57ee05e14e)                          | running | n/a | small_z1 | 10.244.0.104 |
| ha_proxy_z1/0 (1b7fb2b5-b3ca-4f42-a5d7-561e47099d90)                      | running | n/a | small_z1 | 10.244.0.34  |
| loggregator_trafficcontroller_z1/0 (52bf312e-909a-431a-804e-0fb1a8e2bdcc) | running | n/a | small_z1 | 10.244.0.9   |
| nats_z1/0 (c97aa97a-c500-4958-83ff-469186658f31)                          | running | n/a | small_z1 | 10.244.0.103 |
| postgres_z1/0 (7b5a93ef-c3fe-45f2-87aa-a009345cdc9a)                      | running | n/a | small_z1 | 10.244.0.101 |
| router_z1/0 (a288b028-a42f-4d1e-ac86-d8a77e291e23)                        | running | n/a | small_z1 | 10.244.0.102 |
| uaa_z1/0 (877c5d95-d760-421c-bdb2-314f77cdf7db)                           | running | n/a | small_z1 | 10.244.0.10  |
+---------------------------------------------------------------------------+---------+-----+----------+--------------+

VMs total: 13

VM(bosh liteの場合はコンテナだけど)は13個とすっきり。

Cloud Foundryにログイン & アプリケーションをデプロイ

🔼のマニフェストだとadmin / PASSWORDでログインできる。

$ cf login -a api.bosh-lite.com --skip-ssl-validation -u admin -p PASSWORD
$ cf create-space demo
$ cf target -s demo
$ cd /tmp
$ git clone https://github.com/making/hacker-tackle-demo.git
$ cd hacker-tackle-demo/hacker-tackle
$ cf push
$ curl -i hacker-tackle.bosh-lite.com
HTTP/1.1 200 OK
Content-Length: 1234
Content-Type: text/plain; charset=utf-8
Date: Wed, 14 Sep 2016 03:29:03 GMT
X-Vcap-Request-Id: d7831fc1-ab20-47c7-639a-44d9a6c81f8c

0️⃣   0️⃣   0️⃣ 0️⃣     0️⃣ 0️⃣ 0️⃣  0️⃣    0️⃣  0️⃣ 0️⃣ 0️⃣   0️⃣ 0️⃣ 0️⃣   
0️⃣   0️⃣  0️⃣   0️⃣   0️⃣       0️⃣   0️⃣   0️⃣       0️⃣    0️⃣  
0️⃣ 0️⃣ 0️⃣  0️⃣ 0️⃣ 0️⃣   0️⃣       0️⃣ 0️⃣     0️⃣ 0️⃣     0️⃣ 0️⃣ 0️⃣  
0️⃣   0️⃣  0️⃣    0️⃣  0️⃣       0️⃣   0️⃣   0️⃣       0️⃣    0️⃣  
0️⃣   0️⃣  0️⃣    0️⃣   0️⃣ 0️⃣ 0️⃣  0️⃣    0️⃣  0️⃣ 0️⃣ 0️⃣   0️⃣    0️⃣  
                                                 
0️⃣ 0️⃣ 0️⃣ 0️⃣   0️⃣ 0️⃣     0️⃣ 0️⃣ 0️⃣  0️⃣    0️⃣  0️⃣       0️⃣ 0️⃣ 0️⃣  
   0️⃣     0️⃣   0️⃣   0️⃣       0️⃣   0️⃣   0️⃣       0️⃣ 
   0️⃣     0️⃣ 0️⃣ 0️⃣   0️⃣       0️⃣ 0️⃣     0️⃣       0️⃣ 0️⃣    
   0️⃣     0️⃣    0️⃣  0️⃣       0️⃣   0️⃣   0️⃣       0️⃣  
   0️⃣     0️⃣    0️⃣   0️⃣ 0️⃣ 0️⃣  0️⃣    0️⃣  0️⃣ 0️⃣ 0️⃣   0️⃣ 0️⃣ 0️⃣  

楽勝ですね。

Cellをスケールアウト

Cellを3インスタンスにスケールアウトしてみる。

cf.ymlの次の数字を変更して、bosh -n deploy

- name: diego_cell_z1
  instances: 3 # <- 1から変更

Cellが2つ増えた。

$ bosh vms
Acting as user 'admin' on 'Bosh Lite Director'
Deployment `cf'

Director task 19

Task 19 done

+---------------------------------------------------------------------------+---------+-----+----------+--------------+
| VM                                                                        | State   | AZ  | VM Type  | IPs          |
+---------------------------------------------------------------------------+---------+-----+----------+--------------+
| api_z1/0 (58e744c8-cb5b-4257-a754-6f320f612df2)                           | running | n/a | small_z1 | 10.244.0.7   |
| blobstore_z1/0 (76ef3e8a-4034-43a3-b713-6849fd3a902a)                     | running | n/a | small_z1 | 10.244.0.6   |
| consul_z1/0 (79bfc824-327e-4688-9d32-df075f94f513)                        | running | n/a | small_z1 | 10.244.0.105 |
| diego_brain_z1/0 (b7e8bb31-dc79-40f4-90e1-4d49d89e2ae3)                   | running | n/a | diego    | 10.244.0.5   |
| diego_cell_z1/0 (8565f888-7b4a-43c6-acb7-09f9ed3edfaa)                    | running | n/a | diego    | 10.244.0.4   |
| diego_cell_z1/1 (2b40d7e1-1a36-4e12-9f53-ab2ad731e897)                    | running | n/a | diego    | 10.244.0.11  |
| diego_cell_z1/2 (49df46d2-0ca4-4f4c-996b-8662b6c21030)                    | running | n/a | diego    | 10.244.0.12  |
| doppler_z1/0 (fe1bbb59-99e1-4ea3-ade2-cde14a06a720)                       | running | n/a | small_z1 | 10.244.0.8   |
| etcd_z1/0 (d39fb894-0ff3-4f5e-8221-6d57ee05e14e)                          | running | n/a | small_z1 | 10.244.0.104 |
| ha_proxy_z1/0 (1b7fb2b5-b3ca-4f42-a5d7-561e47099d90)                      | running | n/a | small_z1 | 10.244.0.34  |
| loggregator_trafficcontroller_z1/0 (52bf312e-909a-431a-804e-0fb1a8e2bdcc) | running | n/a | small_z1 | 10.244.0.9   |
| nats_z1/0 (c97aa97a-c500-4958-83ff-469186658f31)                          | running | n/a | small_z1 | 10.244.0.103 |
| postgres_z1/0 (7b5a93ef-c3fe-45f2-87aa-a009345cdc9a)                      | running | n/a | small_z1 | 10.244.0.101 |
| router_z1/0 (a288b028-a42f-4d1e-ac86-d8a77e291e23)                        | running | n/a | small_z1 | 10.244.0.102 |
| uaa_z1/0 (877c5d95-d760-421c-bdb2-314f77cdf7db)                           | running | n/a | small_z1 | 10.244.0.10  |
+---------------------------------------------------------------------------+---------+-----+----------+--------------+

VMs total: 15

アプリ側で環境変数CF_INSTANCE_IPを表示するようにして、cf scale <app> -i 5とかやると2,2,1で配置されていることがわかるはず。

To be continued

この続きで以下を試したい

  • BOSH 2.0形式でデプロイ
  • AWSにデプロイ
  • Azureにデプロイ
  • GCPにデプロイ

✒️️ Edit  ⏰ History  🗑 Delete