今となってはDiegoオンリー構成が当たり前でDEAが入っているのはレガシー。Pivotal Cloud FoundryでもすでにDiegoオンリー構成になっているけれど、 BOSH LiteでCloud Foundryをインストールするドキュメントが未だにDEA構成でインストールしてからDeigoを入れる形になっている。これでもアプリは問題はないけれど、使わないインスタンスがいるので気持ち悪い。 ググってもDiegoオンリーのマニフェストがないなーと思っていたら、普通にcf releaseプロジェクトにあった。ちょうど先月、DEAとHM9000が削除されていた。
この例だとAWSにインストールするマニフェストになっているが、bosh-lite版に直すのはそんなに難しくないのでやってみる。
使用するソフトウェアバージョン
- Virtualbox ... 5.0.12r104815
- Vagrant ... 1.8.1
- BOSH Lite ... 9000.131.0
- BOSH CLI ... 1.3215.0
- cf ... 241
- cflinuxfs2-rootfs ... 1.27.0
- diego ... 0.1483.0
- etcd ... 66
- garden-linux ... 0.342.0
- stemcell ... 3262.2
BOSH Liteの準備
mkdir ~/workspace
cd ~/workspace
git clone https://github.com/cloudfoundry/bosh-lite.git
cd bosh-lite
git checkout v9000.131.0
vagrant up
bosh target 192.168.50.4 lite
# admin / admin
bosh login
# admin / admin
./bin/add-route
Stemcell及びBOSH releaseのダウンロード
mkdir ~/releases
cd ~/releases
wget https://bosh.io/d/stemcells/bosh-warden-boshlite-ubuntu-trusty-go_agent?v=3262.2 -O bosh-warden-boshlite-ubuntu-trusty-go_agent-3262.2.tgz
wget https://bosh.io/d/github.com/cloudfoundry/cf-release?v=241 -O cf-release-241.tgz
wget https://bosh.io/d/github.com/cloudfoundry/diego-release?v=0.1483.0 -O diego-release-0.1483.0.tgz
wget https://bosh.io/d/github.com/cloudfoundry/garden-linux-release?v=0.342.0 -O garden-linux-release-0.342.0.tgz
wget https://bosh.io/d/github.com/cloudfoundry-incubator/etcd-release?v=66 -O etcd-release-66.tgz
wget https://bosh.io/d/github.com/cloudfoundry/cflinuxfs2-rootfs-release?v=1.27.0 -O cflinuxfs2-rootfs-release-1.27.0.tgz
Stemcell及びBOSH releaseのアップロード
bosh upload stemcell bosh-warden-boshlite-ubuntu-trusty-go_agent-3262.2.tgz
bosh upload release cf-release-241.tgz
bosh upload release diego-release-0.1483.0.tgz
bosh upload release garden-linux-release-0.342.0.tgz
bosh upload release etcd-release-66.tgz
bosh upload release cflinuxfs2-rootfs-release-1.27.0.tgz
Cloud Foundryのmanifest作成
minimal-aws.yml
を参考に、bosh-lite版のmanifestを作成。
cf.yml
に次をコピペ。
---
name: cf
director_uuid: <%= `bosh status --uuid` %>
releases:
- {name: cf, version: latest}
- {name: diego, version: latest}
- {name: etcd, version: latest}
- {name: garden-linux, version: latest}
- {name: cflinuxfs2-rootfs , version: latest}
networks:
- name: cf_private
type: manual
subnets:
- range: 10.244.0.0/24
reserved: ["10.244.0.1 - 10.244.0.3"]
static:
- 10.244.0.100
- 10.244.0.101
- 10.244.0.102
- 10.244.0.103
- 10.244.0.104
- 10.244.0.105
- 10.244.0.34
cloud_properties: {}
resource_pools:
- name: small_z1
network: cf_private
stemcell:
name: bosh-warden-boshlite-ubuntu-trusty-go_agent
version: latest
cloud_properties:
name: random
- name: diego
network: cf_private
stemcell:
name: bosh-warden-boshlite-ubuntu-trusty-go_agent
version: latest
cloud_properties:
name: random
- name: small
network: cf_private
stemcell:
name: bosh-warden-boshlite-ubuntu-trusty-go_agent
version: latest
cloud_properties:
name: random
compilation:
workers: 8
network: cf_private
reuse_compilation_vms: true
cloud_properties:
name: random
update:
canaries: 1
max_in_flight: 1
serial: false
canary_watch_time: 30000-600000
update_watch_time: 5000-600000
jobs:
- name: nats_z1
instances: 1
resource_pool: small_z1
templates:
- {name: nats, release: cf}
- {name: nats_stream_forwarder, release: cf}
- {name: metron_agent, release: cf}
networks:
- name: cf_private
static_ips: [10.244.0.103]
- name: etcd_z1
instances: 1
resource_pool: small_z1
persistent_disk: 102400
templates:
- {name: etcd, release: cf}
- {name: etcd_metrics_server, release: cf}
- {name: metron_agent, release: cf}
networks:
- name: cf_private
static_ips: [10.244.0.104]
properties:
etcd_metrics_server:
nats:
machines: [10.244.0.103]
password: PASSWORD
username: nats
- name: consul_z1
instances: 1
persistent_disk: 1024
resource_pool: small_z1
templates:
- {name: metron_agent, release: cf}
- {name: consul_agent, release: cf}
networks:
- name: cf_private
static_ips: [10.244.0.105]
properties:
consul:
agent:
mode: server
- name: diego_cell_z1
instances: 1
resource_pool: diego
templates:
- name: consul_agent
release: cf
- name: rep
release: diego
- name: garden
release: garden-linux
- name: cflinuxfs2-rootfs-setup
release: cflinuxfs2-rootfs
- name: metron_agent
release: cf
networks:
- name: cf_private
update:
serial: true
max_in_flight: 1
properties:
metron_agent:
zone: z1
diego:
rep:
zone: z1
- name: diego_brain_z1
instances: 1
resource_pool: diego
templates:
- name: consul_agent
release: cf
- name: etcd
release: etcd
- name: bbs
release: diego
- name: auctioneer
release: diego
- name: stager
release: cf
- name: nsync
release: cf
- name: tps
release: cf
- name: cc_uploader
release: cf
- name: file_server
release: diego
- name: route_emitter
release: diego
- name: metron_agent
release: cf
persistent_disk: 20480
networks:
- name: cf_private
update:
serial: true
max_in_flight: 1
properties:
consul:
agent:
services:
etcd: {}
metron_agent:
zone: z1
- name: blobstore_z1
instances: 1
persistent_disk: 102400
resource_pool: small_z1
templates:
- {name: blobstore, release: cf}
- {name: metron_agent, release: cf}
- {name: route_registrar, release: cf}
- {name: consul_agent, release: cf}
networks:
- name: cf_private
properties:
consul:
agent:
services:
blobstore: {}
route_registrar:
routes:
- name: blobstore
port: 8080
registration_interval: 20s
tags:
component: blobstore
uris:
- "blobstore.bosh-lite.com"
- name: postgres_z1
instances: 1
persistent_disk: 1024
resource_pool: small_z1
templates:
- {name: postgres, release: cf}
- {name: metron_agent, release: cf}
networks:
- name: cf_private
static_ips: [10.244.0.101]
update:
serial: true
- name: api_z1
instances: 1
resource_pool: small_z1
templates:
- {name: cloud_controller_ng, release: cf}
- {name: cloud_controller_worker, release: cf}
- {name: cloud_controller_clock, release: cf}
- {name: metron_agent, release: cf}
- {name: route_registrar, release: cf}
- {name: consul_agent, release: cf}
- {name: go-buildpack, release: cf}
- {name: binary-buildpack, release: cf}
- {name: nodejs-buildpack, release: cf}
- {name: ruby-buildpack, release: cf}
- {name: java-buildpack, release: cf}
- {name: php-buildpack, release: cf}
- {name: python-buildpack, release: cf}
- {name: staticfile-buildpack, release: cf}
networks:
- name: cf_private
properties:
consul:
agent:
services:
cloud_controller_ng: {}
route_registrar:
routes:
- name: api
registration_interval: 20s
port: 9022
uris:
- "api.bosh-lite.com"
- name: ha_proxy_z1
instances: 1
resource_pool: small_z1
templates:
- {name: haproxy, release: cf}
- {name: consul_agent, release: cf}
- {name: metron_agent, release: cf}
networks:
- name: cf_private
static_ips: [10.244.0.34]
properties:
ha_proxy:
ssl_pem: |+
-----BEGIN CERTIFICATE-----
MIICsjCCAZoCCQC+xvE/1ZQgFzANBgkqhkiG9w0BAQUFADAaMRgwFgYDVQQDFA8q
LmJvc2gtbGl0ZS5jb20wIBcNMTUxMDA4MjIwNDQ3WhgPMjI4OTA3MjIyMjA0NDda
MBoxGDAWBgNVBAMUDyouYm9zaC1saXRlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK09Q520xrKx75uew3mAS+y4uyRPZPEjt/pYdBl40PXIwaqO
X7LGoc9lNZS/eAPX6xeVFmZbLZReQ5+Fm0moeLzsh58W9jjkWWk7oGISmxfoQz9B
X9Eh0NHCrtKXMrCPlr+2RI/qLinJDqn87UEZqwX+84JU8hBZ8RD8D7YnfuDteySV
SYOEUjkiN/pIWmbJQY1sjEyk1zH1Hiy8kmnait2sX8Td2S/aV6EJBgODOstzEtnf
HFDIfoTJxbSK/0TbF6qBaSl0CLaOop9FX2ULEZUgAuIW4dG2k/xnpMLdz7A0ZsSU
Haw9okZ5wNuYk1RSqhnqw+9KUWgXwV6RlMvtXMkCAwEAATANBgkqhkiG9w0BAQUF
AAOCAQEAShOqAFLIc93yIjhcnN7L4ZXFo+CvOgklJqFeBbwRshsEptbaddDJYmRr
ZXzOE7MiTOBM8YzKqtHvl/ZguXmIAXSZlnq6kuJHdPtcZOqu1x2GAvWWOzn9Xl4m
T3RmwF3NgiX0jgNMkkm8i8jfT7uN9BnHxMv65b9yKeM0sRFN5XigA43DDQnfF3j4
FQ9jwpmS7zOx2wn6FayOgoE4rgJfV/9637ZprQOMfUbZPKgQQplDn6bvK13rj9g9
zCC9W0fy29l7VDuAOOSI5xzsoYyH6DfX7oySxn291hidSCb/buadNG4dgI4keMGw
u5K8QQYmlSY91IJtuRRITYXGmIiPpg==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEArT1DnbTGsrHvm57DeYBL7Li7JE9k8SO3+lh0GXjQ9cjBqo5f
ssahz2U1lL94A9frF5UWZlstlF5Dn4WbSah4vOyHnxb2OORZaTugYhKbF+hDP0Ff
0SHQ0cKu0pcysI+Wv7ZEj+ouKckOqfztQRmrBf7zglTyEFnxEPwPtid+4O17JJVJ
g4RSOSI3+khaZslBjWyMTKTXMfUeLLySadqK3axfxN3ZL9pXoQkGA4M6y3MS2d8c
UMh+hMnFtIr/RNsXqoFpKXQIto6in0VfZQsRlSAC4hbh0baT/Gekwt3PsDRmxJQd
rD2iRnnA25iTVFKqGerD70pRaBfBXpGUy+1cyQIDAQABAoIBACXzdt2UnbbF3jzU
QfRbE8bvDSg+MFnXPlWcjQqLehNuAGcxu2s5snbxsBQ/Abat1XWcFoUj0k9feyb2
KPew7YpNssQ6ToRWGfRAuLjjZJCPNDQmSSxSYSGiqZO+xb8CJb8n2ctBPQ2wWwMI
Qp1xVxMAMC5MF59XZMUYwwRfkJ8LawB90+S9BjHcU3GqoPECLFkgEeIj3mrnmpAD
vhIeYvQj2W5JCpxLUA+7lnyoqnx8OTOXvBPAsKwO1Hx88yCitnxXro7i0ZAw4ErH
zrnMgWkFDvRiS3ta/QS2RcBBiZHKX/gRRT/AvqJ+Erveu0BcZ9AVy1UpPB0w9rBK
PTxS2BECgYEA3MLd6Og+xQpw4UNhy9EjeDE/b/rZK4w/vfD3WE5J3Nm4HGdSA6Q4
YmQYVg+VuCLR+HHsk58LxEf+cU0MNgDJR1/rFZRmociF+G0i7/7DuhFm891wWWGW
Iz7XeGWHi+LIeYWkteuflrkmvy/7xqArgcNqnirGhba6706MZz0G0YUCgYEAyOR5
aF7qRpLXHgMOPOzJKC4ceWA5rY8rcdJZFI7aNq5MJF9o+fNNt8YRJ1hQTzs5K/R+
HwBJel8J6CoPQo9WUXnj0md4M67sCZSBqWANMO/J0f4VkbLS/lwch+ZPS8jt3Z4z
umYW4QnloIKXxORfySo7r9DzZSgmxuDE8PVWn3UCgYAFTwpXF36q7l1YjW5EoHrh
4Q1NfBLM4UqHHsxT604LaZDr3fAy9jgE5bNQHn/TNcMm3lZ6FlEKH1EXGGs6wToV
5VCZ7D+rlE7kcntsmgvK5bA8HQ8elyItJs23r3la+9EmWvhjB4+G6FzuLBE57ZAe
RrzBoPW1MXe9WX423VjUoQKBgGea5T49jSc+fbDdtI8ZMxkExuyWAskOyEIYUJa4
obOHqn8rsZEOuKspfBlFg42JJpATtKO6WyrALvTMFDiogcTdTvBpKmXFNbgvHbvD
bKorUHN7TZZpmkVSLeisj4KvKnWcLGNaWTxQBVwFXc5OVVQC8utWoOAvl+gDba4z
aSwtAoGANdquHRNbigPj2y0cRoexYJwKgpfGEK4HXitsKZUUg09gVfagM1HynVFz
RA0LVac0oJZFdMYZyU/PXCySS237xUD2/0oySYJIK9E0C4ZxKD+DoAk5Z097z0LM
7rxStMCBWB2x4ommvEnpdgntEKkl4buIDatvmbdmdwkY3+X65Ks=
-----END RSA PRIVATE KEY-----
router:
servers:
- 10.244.0.102
- name: doppler_z1
instances: 1
resource_pool: small_z1
templates:
- {name: doppler, release: cf}
- {name: metron_agent, release: cf}
- {name: syslog_drain_binder, release: cf}
networks:
- name: cf_private
properties:
doppler: {zone: z1}
doppler_endpoint:
shared_secret: PASSWORD
- name: loggregator_trafficcontroller_z1
instances: 1
resource_pool: small_z1
templates:
- {name: loggregator_trafficcontroller, release: cf}
- {name: metron_agent, release: cf}
- {name: route_registrar, release: cf}
networks:
- name: cf_private
properties:
traffic_controller: {zone: z1}
route_registrar:
routes:
- name: doppler
registration_interval: 20s
port: 8081
uris:
- "doppler.bosh-lite.com"
- name: loggregator
registration_interval: 20s
port: 8080
uris:
- "loggregator.bosh-lite.com"
- name: uaa_z1
instances: 1
resource_pool: small_z1
templates:
- {name: uaa, release: cf}
- {name: metron_agent, release: cf}
- {name: route_registrar, release: cf}
networks:
- name: cf_private
properties:
login:
catalina_opts: -Xmx768m -XX:MaxPermSize=256m
route_registrar:
routes:
- name: uaa
registration_interval: 20s
port: 8080
uris:
- "uaa.bosh-lite.com"
- "*.uaa.bosh-lite.com"
- "login.bosh-lite.com"
- "*.login.bosh-lite.com"
uaa:
admin:
client_secret: PASSWORD
batch:
password: PASSWORD
username: batch_user
cc:
client_secret: PASSWORD
scim:
userids_enabled: true
users:
- name: admin
password: PASSWORD
groups:
- scim.write
- scim.read
- openid
- cloud_controller.admin
- doppler.firehose
- routing.router_groups.read
uaadb:
address: 10.244.0.101
databases:
- {name: uaadb, tag: uaa}
db_scheme: postgresql
port: 5524
roles:
- {name: uaaadmin, password: PASSWORD, tag: admin}
- name: router_z1
instances: 1
resource_pool: small_z1
templates:
- {name: gorouter, release: cf}
- {name: metron_agent, release: cf}
- {name: consul_agent, release: cf}
networks:
- name: cf_private
static_ips: [10.244.0.102]
properties:
dropsonde: {enabled: true}
properties:
router:
route_services_secret: PASSWORD
ssl_skip_validation: true
networks: {apps: cf_private}
app_domains: [bosh-lite.com]
cc:
allow_app_ssh_access: true
default_to_diego_backend: true
internal_api_user: internal_user
buildpacks:
blobstore_type: webdav
webdav_config:
blobstore_timeout: 5
password: PASSWORD
private_endpoint: https://blobstore.service.cf.internal:4443
public_endpoint: https://blobstore.bosh-lite.com
secret: PASSWORD
username: blobstore-username
droplets:
blobstore_type: webdav
webdav_config:
blobstore_timeout: 5
password: PASSWORD
private_endpoint: https://blobstore.service.cf.internal:4443
public_endpoint: https://blobstore.bosh-lite.com
secret: PASSWORD
username: blobstore-username
external_port: 9022
packages:
blobstore_type: webdav
webdav_config:
blobstore_timeout: 5
password: PASSWORD
private_endpoint: https://blobstore.service.cf.internal:4443
public_endpoint: https://blobstore.bosh-lite.com
secret: PASSWORD
username: blobstore-username
resource_pool:
blobstore_type: webdav
webdav_config:
blobstore_timeout: 5
password: PASSWORD
private_endpoint: https://blobstore.service.cf.internal:4443
public_endpoint: https://blobstore.bosh-lite.com
secret: PASSWORD
username: blobstore-username
bulk_api_password: PASSWORD
db_encryption_key: PASSWORD
default_running_security_groups: [public_networks, dns]
default_staging_security_groups: [public_networks, dns]
install_buildpacks:
- {name: java_buildpack, package: buildpack_java}
- {name: ruby_buildpack, package: ruby-buildpack}
- {name: nodejs_buildpack, package: nodejs-buildpack}
- {name: go_buildpack, package: go-buildpack}
- {name: python_buildpack, package: python-buildpack}
- {name: php_buildpack, package: php-buildpack}
- {name: staticfile_buildpack, package: staticfile-buildpack}
- {name: binary_buildpack, package: binary-buildpack}
internal_api_password: PASSWORD
quota_definitions:
default:
memory_limit: 102400
non_basic_services_allowed: true
total_routes: 1000
total_services: -1
security_group_definitions:
- name: public_networks
rules:
- {destination: 0.0.0.0-9.255.255.255, protocol: all}
- {destination: 11.0.0.0-169.253.255.255, protocol: all}
- {destination: 169.255.0.0-172.15.255.255, protocol: all}
- {destination: 172.32.0.0-192.167.255.255, protocol: all}
- {destination: 192.169.0.0-255.255.255.255, protocol: all}
- name: dns
rules:
- {destination: 0.0.0.0/0, ports: '53', protocol: tcp}
- {destination: 0.0.0.0/0, ports: '53', protocol: udp}
srv_api_uri: https://api.bosh-lite.com
staging_upload_password: PASSWORD
staging_upload_user: staging_upload_user
ccdb:
address: 10.244.0.101
databases:
- {name: ccdb, tag: cc}
db_scheme: postgres
port: 5524
roles:
- {name: ccadmin, password: PASSWORD, tag: admin}
consul:
agent:
log_level: null
domain: cf.internal
servers:
lan:
- 10.244.0.105
encrypt_keys:
- PASSWORD
ca_cert: |
-----BEGIN CERTIFICATE-----
MIIFBzCCAu+gAwIBAgIBATANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwhjb25z
dWxDQTAeFw0xNjAzMzEyMjAwNDlaFw0yNjAzMzEyMjAwNTJaMBMxETAPBgNVBAMT
CGNvbnN1bENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0tLZmi6x
aqbGl7VvKjJoIf2PAilPDzMNH56p7PUOHutRreKn70dzmMr/CbLShMllgjW6ZvOL
osw0iSVKWewiWtrFD8vmRx+OkmdgxPD9813EvnjsvrGyWOxmK7eTahy2ZpMrzmnV
RiDNzu0xBlnBHqAFUPOyWLXuBGFGsDgQt7tLlHIp6o0t4qkBjC/qQSKgBcQt9qxq
cnetiMDDuNhTQT7a+4Br61nwooSAOYmjR9Ox4ULSscMf1qEmQQfJNGJ8ifqF/SOM
a8Dyt7uUIFRbMzA/wdiy0BXBjJysD5B4tXtWdHSg/8de0STPWOR4dnuOdupAwub+
9ICOk1FRCEVPHyBVgQppb4SqUa9loJ2fDJQSl0PY+1kC+bC9czEoNg/hDTBYCiVM
bYPEOnx/810Pm1PoUEmp4rTQUM6EM6pFQBIW3+rxpOJlhxmRJyZzsUpZB9xsh7P2
Q80OI+XZL/QCI8/t65QamsIbV+IlG5IeALBC+oaC3Rfnfpy3cEXl1vw3Z1qTM9qR
8ZAUDLUcYcULtDjRqgvEMLaK/vd3UMAXeVpPGgEbno3eXl/spByN2nwmpZM1RcB0
CtmN+byDv0fAYlUqBsDhes0AaeY3+ZN4opEXUHGR7qDl3hwZBIHG8niFMtVTb5na
Ktam3U+e1kIVsgbz5+B2KEJKUvjI5yLGDM0CAwEAAaNmMGQwDgYDVR0PAQH/BAQD
AgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJB06Ynto2S0F7wv5hdE
y+pVN1NNMB8GA1UdIwQYMBaAFJB06Ynto2S0F7wv5hdEy+pVN1NNMA0GCSqGSIb3
DQEBCwUAA4ICAQBIMYRZ64GV/oe+yPWK5JhU8W85qT1ROfJC1Hwg6zXtP0pIUlyN
oAyCtc2i1Z3Cp2K9BIfjg+E2+UhSWnwA/6hLPd0R5KMKNOCYCPZClGlYxskQ6irD
yiceJGwFj3BJYQzOu+XSn55vvouJOG/I24azkSQ5Fwcvqm+8DdznX5P33PRw1DX7
mJKNIWflcygrxR908iAIfv0V2btVoDr1YGwPKZKwEJ5jyjrNipbM0kErWzwD6V65
6qluPalUgUnGrzbAqWgKQ/a015gUqRN1lu6XbRhoV4xCFUFLkubHVoCDJ2Y52pXD
Tu2WKmwpqx3CI2lTe0Vqs2wrSLZrcKK8t3tUsl3qEPFFdxM8+Q/WIlu6l4USOmAh
uEmdeSBefFlAYyblOfY84W2h0IsBny4KrBIWl7+QL/38cwA+BII/XoilmoIiDctd
0aT/55KDrD6kZRR9917Qp586mTagfpHL6SHQbn7hh/YQ0VFlmVffXc9T4mDkcFaR
04bsl87bgG5Bk4f1msBgmnzvJqzbzdHwVOsjZpeN6N683O6YbxK4DNPqWr/BOdkH
ZzF06444shzlvEdXlcb122q69AbWNcm+HHkmEQUYH3hoYyiwiicdqDskUScj0QpF
1ddNutiVjXZsmFRwpFxNBTCoNdns8Q9uUQfzHx8DomWgfX9TNzn7y1cc3g==
-----END CERTIFICATE-----
server_cert: |
-----BEGIN CERTIFICATE-----
MIIEMDCCAhigAwIBAgIRAOE+FRzzg4N7y23SfTwde6owDQYJKoZIhvcNAQELBQAw
EzERMA8GA1UEAxMIY29uc3VsQ0EwHhcNMTYwMzMxMjIwMDUyWhcNMTgwMzMxMjIw
MDUyWjAhMR8wHQYDVQQDExZzZXJ2ZXIuZGMxLmNmLmludGVybmFsMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiPUUo3sUf8oK98wiAzsEJuhMP1ZW/IG
PZR3bZyMN4B1WTtSEvATFU0kyCioJv6Num4hBfsYCyUbCX2r4bHwaO1TLQwY+kkT
phBkhqqsvNk230GNhEC6/oukPlPRjEZau0v0Mzlx1VUHtZCyMZk8pPo6nXxMfapM
9A7DU2YRjW0LhusGWWEsZVnTgw4A0SYrOA0lutcGkID9fFMOhdrLpk+OPVRPWFae
Hp4lDLQ6NX78W+u8g6k2ocTjZ2bE4U/87+mYPNgRDJYGkaohOxDNKwDtC97MQmmS
fdOYapff2NOjGdexWf4Nl2GPm94GDkFQmVpKOuJ5PfMKgFFl4kFBSQIDAQABo3Ew
bzAOBgNVHQ8BAf8EBAMCA7gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MB0GA1UdDgQWBBQJBvWAwnpCTcyTl0uUP9xRTG6IVjAfBgNVHSMEGDAWgBSQdOmJ
7aNktBe8L+YXRMvqVTdTTTANBgkqhkiG9w0BAQsFAAOCAgEAY1LebPT74T47BbmF
DY+I3nRgtKWpB97OrtKmKsXjGAd/RlyINmUgQQFlXasTMbUMNz6jHUPMl7o+yrt3
h8pbBDBmxqQ59cJArHABj77feRptq9tiR21b1lecM7dlf7JtQX4iIMYockEiEZHH
fA0lzw4r9jyWu8ts7b3Il1TDC0CvCcB6RDfaXLhGZ90BJBx3jh9ekWpT8F25UQwT
odGq0vSDDdrI/s7NZT3Dw1I7BpLiK2Y9ULR7NDJOZhd885rMZ2Rdt3cb+F7SO+B+
gE8NktIwkXiMIpdCF0QYSAfi4uZQkdTnL+W7v1lBDPtswuCyozgR3mInVtAeWSPX
JGDCmiHZFkHhmgoNH15zv0Jx7t9iY5uaDeeNvjbXfFrckMYY6hJf5EhowzTUKOxK
YpsJuFSFydGxcz/uivEkEl/Gk9FYxrm5FBimV52GI04Y9P3F6O0LfANgjEB1rC2v
4ebBG13nZddQHbRUzmDemVP42GC68+l2T4eczQB3qhH80HejN7cnzNEgx+24+YwB
4wtVmSqDh5sB9SlY+HBiJvFgtl0cQISYEnHlxzN/3HbS/xjjXGom9FWXmpTK9FPx
1SiBHNWnErTnrq7Vxo5rPjzK02xf6CdrUj/35TKau/ssB9IXSLV4mW9z87w4apyI
WymD9N6OHIM0MEmMcYIqph7Yo2w=
-----END CERTIFICATE-----
agent_cert: |
-----BEGIN CERTIFICATE-----
MIIEJjCCAg6gAwIBAgIRAJIdGe7fx391grV1/m9i/2AwDQYJKoZIhvcNAQELBQAw
EzERMA8GA1UEAxMIY29uc3VsQ0EwHhcNMTYwMzMxMjIwMDUzWhcNMTgwMzMxMjIw
MDUzWjAXMRUwEwYDVQQDEwxjb25zdWwgYWdlbnQwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZ7JoVMCudtjSXp6OGGG2S1xV15R3qm55+Pi4dCgO/g31O
hJoWQL3fL2S1IfZMEzVjZYRperBhoHHjudkOw8opss2pvHynwQKaj10cKkrI1zak
t59FkM2GAgkjmeGt3ZbPL+tQM3Pb8K4facxhbM44iOdPpCCGPl/CNWYv8HBtwRUv
wfTYcmQq5ameA4GEzokKwYXf4cHCMY69sPMKatGldS8B2gal+wBV7PHo+qsvdZug
YIRLWGbGDBLN9xi2JMHHrNodZKlWSEEEZaSa8kctqFw4iZRYdmKAc7i9HCRxTobP
W18Dn6GGSCCYMaMCKzrvnwyBWrN5baoNl+cvE7SlAgMBAAGjcTBvMA4GA1UdDwEB
/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYE
FEjW45GNWfzsd5+P9U1KPlLKKBqeMB8GA1UdIwQYMBaAFJB06Ynto2S0F7wv5hdE
y+pVN1NNMA0GCSqGSIb3DQEBCwUAA4ICAQDOTO7uujSHt5NUIx8h03TMQxm5Fj1m
2KaAYmut4HTNBTQHNcvNCTQ86HURj1zaVnNqGNo4zWE89jPb6RkfutcxaWIZzXw1
CtTFg/DEQlMrRHe7MvaLwr8pVidGjU+yaqDdctzIKi0zKvdb4ImyK3ZucXuoIjth
S0cMxIBB2D99+8LnPfyAnJT2PFAZ92GyWZRUTZZa3c/QMaJZLaMmp6Yihs/fubQf
PxgnbirRScO+dqxjzz+3911VHiEGrnLcjE5rvPxjsW4G2g6goK1/Lg+RbAOhAC/6
UbJQEKAlxqsvBxidkT0OtQJ/AibtPB425KzM2K+v1zXUyFmPHbJspxMCFgkHvOdf
NYJ6oVLj6lVH5vvFM8pdffbaICZTWBSQG/w5p4EObF5cIL9/PtKGTLj0bi5b8oPc
ZVRdYiXObpaMO5fJQKY+c3QMzjPczdmBaXF15EyfTUPpRtdyBfica/0BkW0w4XRK
uEC+YFgx5qEVmscss2K42ZCJ8b/vwcLH0HqMmc8OoPLakVbD/A+64Kt1mdJ7N63K
GO8DbjsU7qg9T8Y/6O7iJ/FEvvyWmUo0GJlSga/hrHH0LK5ZXVqCjkyVNjojRy0E
G8X8rON9IPCgIJmpWuOyOKDRONAteTVpYiusmG7s24aX/ZA11vUmpR0iNunbPNct
bKLaH/vFK5U4cg==
-----END CERTIFICATE-----
server_key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAoiPUUo3sUf8oK98wiAzsEJuhMP1ZW/IGPZR3bZyMN4B1WTtS
EvATFU0kyCioJv6Num4hBfsYCyUbCX2r4bHwaO1TLQwY+kkTphBkhqqsvNk230GN
hEC6/oukPlPRjEZau0v0Mzlx1VUHtZCyMZk8pPo6nXxMfapM9A7DU2YRjW0LhusG
WWEsZVnTgw4A0SYrOA0lutcGkID9fFMOhdrLpk+OPVRPWFaeHp4lDLQ6NX78W+u8
g6k2ocTjZ2bE4U/87+mYPNgRDJYGkaohOxDNKwDtC97MQmmSfdOYapff2NOjGdex
Wf4Nl2GPm94GDkFQmVpKOuJ5PfMKgFFl4kFBSQIDAQABAoIBADAJHWY31cOVLHmS
7fXgni9tbBvvcwHieibUTW2T65al4B5HjNE/fufYqwUBxo+G6sZIyk/TTBRBMfll
2f5LkUYEyZeW9e9wpvmT8bRT7EkmsTMDYMHFy6CODmLIwlQko8zJe9eRNUBWqKoJ
7ED1fRoDaEowARlZ0uKbXRLgMmMLam8yWo3aDdeZqp9lQoDLs+R5YubYPSvFkg8l
19YOrVeXnSeAIKQBx0qLzMWWcYRSFm/WuirhklI1fzrI0RoqpDM7ye7KYjYzxmXM
a9VukotuMzc316Ny903/QzgriYK04+D2LTTr6MxP5QQLQKpRpnv9BAaOzB7uluo+
RS5uGAECgYEA111bXtXHmHp69Sw9o+5Jq6LVfg/J0P5VYqy92mAcWfQsyNgSA8nJ
7q+pEu7e+bRZ/SjqsP9LNm6zF3RIbwDGJUm9dFPT9NCzjAnKDtUcVchL4oodJUKK
nhKM3DTbr5QEM7AAaaPa/oHc1fw+kMayIhGo/z04xEQuRgF7lUIDPqECgYEAwLuW
fMq8+GsJB/1eUFwU3k013rnHAxlBC7e+4bdTcUv3QC+bAIGLKkK4bcKn6ElnTrSt
KXPB7V/Loi0Gwx1035aPwDKVjdQDbug/MX2M/aKeRnQb9VPndluUJDh+deikUAI7
gqJKv92a279Dat54fjLXKPqsGQAqy403tT6hSakCgYEAkCuO3w19cDWN2lKjcPoz
lxKKmLk5AQ9BWa0J6wYr9Ivg7xK1/JM4+u/c3y/JVJ/HHhImChbc4rN4cFsHokeC
XbPff+AeI+USTMzA1u0S6toK8rxCho7k/KyuXzuDVSZhKbjIje+Cyp1kmFskBwb8
eJIZ78OsHLcHwxV7BZALXAECgYEAnCVevqvifcD6CCcWCjUQEyqqwk/xFGmZcUzk
sSo9yESrhK0M/1P008BKe2KBdohB0lo/EJ5gN1itOi8Qk3OCBMOOo0BYOhfS0EAJ
MqdtWvAtGxdmr1PS6uk3FEFQ82YP+WJVpHin5to7ZF2I2UR0ionWF7U/SOIByfgX
chfTxEECgYEAz8ob55iUxdL/9Dj3JBZp3039l5DqzqS2TVh+b2Gj1R8pvlnHXhBE
JqXK0KoItB+9qJYzTAfsQJHErPL8+15sqaZHsQrssXgHdGXSqOsTmUWCvNVYi2yr
0Iy00Tlkozwhwf5Y3PzITI1SWGqa3rZesUydj5FnuyeZTiLVajqPWe4=
-----END RSA PRIVATE KEY-----
agent_key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA2eyaFTArnbY0l6ejhhhtktcVdeUd6puefj4uHQoDv4N9ToSa
FkC93y9ktSH2TBM1Y2WEaXqwYaBx47nZDsPKKbLNqbx8p8ECmo9dHCpKyNc2pLef
RZDNhgIJI5nhrd2Wzy/rUDNz2/CuH2nMYWzOOIjnT6Qghj5fwjVmL/BwbcEVL8H0
2HJkKuWpngOBhM6JCsGF3+HBwjGOvbDzCmrRpXUvAdoGpfsAVezx6PqrL3WboGCE
S1hmxgwSzfcYtiTBx6zaHWSpVkhBBGWkmvJHLahcOImUWHZigHO4vRwkcU6Gz1tf
A5+hhkggmDGjAis6758MgVqzeW2qDZfnLxO0pQIDAQABAoIBAG3D4PBfLPjpN6BT
jegTEc3ujB6v4tuyuqg3xZ5W1wB1yH3uCHbA8WIjSwR5MMesvS1tir5eT808tWDQ
0WXAdGmAaFrgV6FfdGJJZ8qx+q0iyaE54/10LDEdgWDvN18Nx9Jf/pSM9gSIPAwS
jCFeXpjXTDsvHjq/3BfEMc5fuyFsO6hSncCoY2aXJA6XG6K/qV/ll4djys6GTCDq
fU2eVWVk2yEM7YfvNocuaocyj+nd8ozDrS2HVtvBMRurjWreNF5zk5F11HaQN/D5
OfKj8abHZuwlVSqbdaf9mdV+7ENKU1cze82p2ZqwruPGrRFtbezxBBlgEMfzJX3i
kwa830ECgYEA8wDcoIcVPCAri+Kylwitxevfk2oZcSNqI8q9TAjYDXMfyWISbMt2
35lq9wVjKx34BSO+BY2HXLnl0sUBdfwWuO4IPzkQtILtwXDdszvAerGgjtZerKXb
CiLu9ZjpcvlcxPmlitp/WYvX7bJdVsBJQU1ks+5shQLOFv5N4nhG680CgYEA5ZRc
8gSp4tuSL+1zzBXjdsQfmwkbI6Mw3kZ8e97pBxRtbyH9TyYH3ryAGwOgwFsWuCOW
Zbqx6CIUr4R20FMBndqe3bPwpL35jdooFMSKaF/a9sDbX3BXYFeJjm2qR9sw8R1E
461+tuejK18j0DwnzuZHzQ3tT8uTG77ODUQCBDkCgYAxJO15sZgDzuW/pptDnEe4
jVlr8LswfF8M2gWqiOdY4P1+tszPH97snZRaXMaPg8ITGAVoDhVgFWB7XchL2i2m
PM2CK8JLH2eCBZdwlhb5OU8lVAlVlT1VMXduR/x+ehve4jYufL3gmD2VHsttrfmi
sUo6cW+U/to7IDcUJAsDyQKBgQCFQ1u4eJCMyNvQykr/Wm1REYMvIVgJlb7WJ6A2
3yvxGiBz9AzwFqlW16CdDbwQLE/Bz5aLspV2o+HSCFhXkPdNRAwXsU2ss0Ha35mI
hJW7BHk75rLwcWum1ulYLbw8PbXpIA5PAvSdA1Sp5m4JgAGzjeR72Ou59/eKkXVW
KfXpsQKBgG7Lk0TTaeMQ8KtTjp3rYrOCW2S6s6rSUcbTLog7hZELV2/foHftri4p
bgpHFZuzo7Xt40/6LvM9htBdY9pHtGpBmHnhOqL0dCRB6VSMUZ8wo9ZIANmCxsCI
S8TIR2w+Bbw6v3yDKwPF6t+86eQvz0/YHbsomgyVPVCcLPkjhBds
-----END RSA PRIVATE KEY-----
blobstore:
admin_users:
- password: PASSWORD
username: blobstore-username
secure_link:
secret: PASSWORD
tls:
cert: |+
-----BEGIN CERTIFICATE-----
MIIDQjCCAiqgAwIBAgIJANvIxLqHTfmZMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwIBcNMTYwMzI1MTgzOTI1WhgPMjI5MDAxMDcxODM5MjVa
MEwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxDTE9VREZPVU5EUlkxJjAkBgNVBAMT
HWJsb2JzdG9yZS5zZXJ2aWNlLmNmLmludGVybmFsMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAxVKn++XNrpKfna39TdysKZvjX3CdBGGfcR0IJVQQQQGi
iiBQYG2gGeRH6T4Zja90p4EFRzgPnDaUbE8G8dlA7ehI3K83N1xWKiRbUtb5vAgW
REj2FWDkshGzDX6wV6+N+Ue2yWeEe+N4ojaQRZq8w4rArkUgO3N30eTcrxsMqgBV
OIru/EMWheuB0SQyq51n2g6Um1F+3pCtusIjJiLTwQ6NF4UQNB0fOqWo6v9fFudi
g8QSvc8GXVmXvqiQTMSU5/EoWMe06kY8EMJWWZN1Eht43d4QFhRAvhJ7ZicPoIxf
nWI/3JjBLXJp/HIuu+Rz/KbCDRNSoTux4L1xnLLafQIDAQABoywwKjAoBgNVHREE
ITAfgh1ibG9ic3RvcmUuc2VydmljZS5jZi5pbnRlcm5hbDANBgkqhkiG9w0BAQUF
AAOCAQEAO97PryaidEcYcbZTu8E0ikEkbNBzjMY3nfmmdRqAwuxRZAfLwzKbVdrH
z9eDQLOVAEz9Ftze91IlHpO+KQ3f9khidYXtcEt5j2niOJ81HMo66/lWja27fmpQ
rfS6YuEleMiTUs8v5URZAgyewb9rlvo06vPW+4GGH6GH/0d30DnFCKp7GMpLEJc+
z47Jtve2/5xXZKHdTbx2sku9tRRKx2eNSqpB2ev8jwePQ41icDZ4B11AqG2w8Woz
XL2e5p/TqF9l2rkTcBM8Koi0lz3ZIWpaet6NKvSVQspnLGRIw0I9PvOlKCttNhGT
cG1R+1W2PzUBtjo477QeJEoYa1k2sQ==
-----END CERTIFICATE-----
private_key: |+
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAxVKn++XNrpKfna39TdysKZvjX3CdBGGfcR0IJVQQQQGiiiBQ
YG2gGeRH6T4Zja90p4EFRzgPnDaUbE8G8dlA7ehI3K83N1xWKiRbUtb5vAgWREj2
FWDkshGzDX6wV6+N+Ue2yWeEe+N4ojaQRZq8w4rArkUgO3N30eTcrxsMqgBVOIru
/EMWheuB0SQyq51n2g6Um1F+3pCtusIjJiLTwQ6NF4UQNB0fOqWo6v9fFudig8QS
vc8GXVmXvqiQTMSU5/EoWMe06kY8EMJWWZN1Eht43d4QFhRAvhJ7ZicPoIxfnWI/
3JjBLXJp/HIuu+Rz/KbCDRNSoTux4L1xnLLafQIDAQABAoIBAAK2eTLAXQyKXYFo
c/QPFZrY1s5oGPCHew6uDH+e4T5TjG2DtjctKqdQeSCexvEouVzYLD9naOeH5JB8
oabPitH6gI3wJr0vGswnhc3kwLgyEEROEHwIwfwkvCZyWHBMLJKBxuSL9MlTPkRU
pbUfRHsXvEBpGOFYXAxZriMGJy1rH4/FfltbPVQX+OadL/bJE4DC/5GXnLV3ft3K
BVVZyvafhhLCrm24mNgSxHziuAG10UXk+QmjJmzj0CgqAIeLoI7+hCz7nf0puzkO
UAsxYMh5GJqSEmWtnVyk1PbhA7XBK1zRCciMcy9U+IZ3yydH+HT40+ht8T8Wyop2
Hj9jkCECgYEA7vsrzK/FV+NGhceANZdRhD35cKTr5hzLOO0J+NJVvKjHEyelgOWP
+5WL+ahuhKCvlPuCXl/lfEq7PQrpSrqs3psgDi22oMGX4P/FXjlpmwFMJM49RcYk
azBJLGj1/1F0VkG4WMSieFQ+uCZc6Q/rm/EdOyCsn4acw8SCmKuIvEkCgYEA02AF
B1lkQzqRYZbT15T+zuoTV4GRjRXQugzT+aLAyI6fW70VfZOWWtwMK86VJVmSKRqD
W4uaiKQGVQaq5szc3i+Hv6xndj7sL6e1VypFtAjjeswY/GPSjrt53SKz4TWOfCZq
8JZVQmAebPPTdjyO8DZcGb6y8C7IhKByVdCLJJUCgYAYQa5EbGLfdNYnpgRBbEZ9
4bx7zoGTLcEC2ix08QR6zbbHHvMRjjt7EcbPZGUzWQv5Vz34TkuAviUbIQxk5WW+
gohSaBltX7kGwW9LDRDHBu6vna9icaYoqxICS/UMITxptOn9OJg1Fnf3QQ2VKmSD
w4lwAvUCjCtFQ6Dt1hte4QKBgQCQCnriyzPb7Glty06JNmt9rV2I4C7Dqf4XCu7Y
yuP8x9Qou+2NKanoONPCdoCEd0l24S5qj/O68auu/WAw76IDdvhW0bGfjrl8sBiP
Uas2SGhcIgFU3OF7ip48540VB14VlEiDsq5fEQkqze1oQVRWtXSFxsJBkl/qoTvI
5tgrEQKBgQDCKTdsTsTK+UAhLB45rVg6IppDoY/X8qspaNtYYHa4bG4X9qk1Gl+2
fPuTr6OlWPa4VA4wb1DuDIk3gpdBIJWo3Jv7miUeo6CgRUalZ6kN6PpBtiY3lKK0
7sTV9KfdlETLUwh8qkEsoMJCpNzvRvRVQn5Xp25W9ssnVnXgY7qpQg==
-----END RSA PRIVATE KEY-----
ca_cert: |
-----BEGIN CERTIFICATE-----
MIIDtzCCAp+gAwIBAgIJAIPgaUgWRCE8MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwIBcNMTYwMzI1MTgzOTI1WhgPMjI5MDAxMDcxODM5MjVa
MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ
bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDDmSpF1agfBnLiyi+KlbqvetxxFqG0ONDOZQTiTnc/xkmwJdCsEwWe
CA8okKm6aB9/C5IQz8//7KnZeAWghl+PCVanr+Ax1vjZKLPO2Ccin7oQ7wVSqJ5q
5slVK2nfRtLcyXdb5rPIlNEMRpupv0jiRAaOoh5KvOSWA770zIJF3qP9IyuA8P6y
XCU4+lu6XOeaHWRCXyzpjBGgnc6M/kYx8sKp6ktu1dXYUpNld4ICjSbmLDdq6hd6
OU7WkR3/AZQ3q3F7hiRg7CVAea24RsV30a2mYgVZnUgA8A12zuHXV0S+955CUntr
Cygv4JovFCf/VaBuUG7LGJNuCy+rJrBRAgMBAAGjgacwgaQwHQYDVR0OBBYEFDcq
5thPoSs0QiQLQMmW2WxjEVSSMHUGA1UdIwRuMGyAFDcq5thPoSs0QiQLQMmW2Wxj
EVSSoUmkRzBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkggkAg+BpSBZEITwwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEANqwgDsDrQc3iKMsC8/HoCOKz/Gu7
EHDncfeuo8/+6vuHf5IsJrkpzNoFI7OWMp/PsDQ2L7jAFATKYNhpbwJwAknSlTBk
2Pi2j303EGdLLGFdhKWK46MUtBMf6KBfUn/ReFgTUIH+NrX/mnr3ZdK/O2DfIjYj
Wdc+6NNVewmA0E/n2O4BasfsIH9xZ8Sjt1yeyyW/x47i1UIgsSSg7J6h3GEfG1PA
a2avU7gd1ERzy4z0FobouMTCiQ+BDfQHT2Jg8WLbdyEj/TH56w4cF29pQ0coZOC1
bAzM00WOuWYAt8wwcB2+feZiOUxoMzE13XdDf+XaJwmBmKEKYf56+kJTkQ==
-----END CERTIFICATE-----
databases:
databases:
- {name: ccdb, tag: cc, citext: true}
- {name: uaadb, tag: uaa, citext: true}
port: 5524
roles:
- {name: ccadmin, password: PASSWORD, tag: admin}
- {name: uaaadmin, password: PASSWORD, tag: admin}
description: Cloud Foundry sponsored by Pivotal
domain: bosh-lite.com
etcd:
advertise_urls_dns_suffix: etcd.service.cf.internal
cluster:
- name: diego_z1
instances: 1
machines: ["etcd.service.cf.internal"]
peer_require_ssl: false
require_ssl: false
logger_endpoint:
port: 4443
loggregator:
etcd:
machines: [10.244.0.104]
loggregator_endpoint:
shared_secret: PASSWORD
metron_agent:
zone: z1
deployment: minimal-aws
dropsonde_incoming_port: 3457
metron_endpoint:
shared_secret: PASSWORD
nats:
machines: [10.244.0.103]
password: PASSWORD
port: 4222
user: nats
ssl:
skip_cert_verify: true
system_domain: bosh-lite.com
system_domain_organization: default_organization
uaa:
clients:
cf:
access-token-validity: 600
authorities: uaa.none
authorized-grant-types: implicit,password,refresh_token
autoapprove: true
override: true
refresh-token-validity: 2592000
scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read
cc-service-dashboards:
authorities: clients.read,clients.write,clients.admin
authorized-grant-types: client_credentials
scope: openid,cloud_controller_service_permissions.read
secret: PASSWORD
cloud_controller_username_lookup:
authorities: scim.userids
authorized-grant-types: client_credentials
secret: PASSWORD
cc_routing:
authorities: routing.router_groups.read
secret: PASSWORD
authorized-grant-types: client_credentials
gorouter:
authorities: routing.routes.read
authorized-grant-types: client_credentials,refresh_token
secret: PASSWORD
tcp_emitter:
authorities: routing.routes.write,routing.routes.read
authorized-grant-types: client_credentials,refresh_token
secret: PASSWORD
tcp_router:
authorities: routing.routes.read
authorized-grant-types: client_credentials,refresh_token
secret: PASSWORD
doppler:
authorities: uaa.resource
secret: PASSWORD
login:
authorities: oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write
authorized-grant-types: authorization_code,client_credentials,refresh_token
redirect-uri: https://login.bosh-lite.com
scope: openid,oauth.approvals
secret: PASSWORD
servicesmgmt:
authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
authorized-grant-types: authorization_code,client_credentials,password,implicit
autoapprove: true
redirect-uri: https://servicesmgmt.bosh-lite.com/auth/cloudfoundry/callback
scope: openid,cloud_controller.read,cloud_controller.write
secret: PASSWORD
jwt:
signing_key: |
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
+5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
-----END RSA PRIVATE KEY-----
verification_key: |
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
spULZVNRxq7veq/fzwIDAQAB
-----END PUBLIC KEY-----
ssl:
port: -1
url: https://uaa.bosh-lite.com
capi:
nsync:
bbs:
ca_cert: ""
client_cert: ""
client_key: ""
require_ssl: false
cc:
base_url: https://api.bosh-lite.com
basic_auth_password: PASSWORD
diego_privileged_containers: true
tps:
bbs:
ca_cert: ""
client_cert: ""
client_key: ""
require_ssl: false
cc:
base_url: https://api.bosh-lite.com
basic_auth_password: PASSWORD
traffic_controller_url: wss://doppler.bosh-lite.com:443
tps_listener:
bbs:
ca_cert: ""
client_cert: ""
client_key: ""
require_ssl: false
cc:
base_url: https://api.bosh-lite.com
basic_auth_password: PASSWORD
stager:
bbs:
ca_cert: ""
client_cert: ""
client_key: ""
require_ssl: false
cc:
base_url: https://api.bosh-lite.com
basic_auth_password: PASSWORD
diego:
auctioneer:
bbs:
ca_cert: ""
client_cert: ""
client_key: ""
require_ssl: false
bbs:
active_key_label: active
encryption_keys:
- label: active
passphrase: PASSWORD
ca_cert: ""
etcd:
ca_cert: ""
client_cert: ""
client_key: ""
require_ssl: false
require_ssl: false
server_cert: ""
server_key: ""
converger:
bbs:
ca_cert: ""
client_cert: ""
client_key: ""
require_ssl: false
rep:
bbs:
ca_cert: ""
client_cert: ""
client_key: ""
require_ssl: false
preloaded_rootfses: ["cflinuxfs2:/var/vcap/packages/cflinuxfs2/rootfs"]
executor:
memory_capacity_mb: 30720
disk_capacity_mb: 163840
route_emitter:
bbs:
ca_cert: ""
client_cert: ""
client_key: ""
require_ssl: false
nats:
machines: [10.244.0.103]
password: PASSWORD
port: 4222
user: nats
ssl:
skip_cert_verify: true
garden:
graph_cleanup_threshold_in_mb: 0
persistent_image_list: ["/var/vcap/packages/cflinuxfs2/rootfs"]
deny_networks:
- 0.0.0.0/0
BOSHでCloud Foundryをデプロイ
bosh deployment cf.yml
bosh -n deploy
ログはこちら。 コンパイル済みパッケージが使われており、たった10分でデプロイできた。今までの(DEA版, Diego版)はなんだったんだ。
$ bosh vms
Acting as user 'admin' on 'Bosh Lite Director'
Deployment `cf'
Director task 18
Task 18 done
+---------------------------------------------------------------------------+---------+-----+----------+--------------+
| VM | State | AZ | VM Type | IPs |
+---------------------------------------------------------------------------+---------+-----+----------+--------------+
| api_z1/0 (58e744c8-cb5b-4257-a754-6f320f612df2) | running | n/a | small_z1 | 10.244.0.7 |
| blobstore_z1/0 (76ef3e8a-4034-43a3-b713-6849fd3a902a) | running | n/a | small_z1 | 10.244.0.6 |
| consul_z1/0 (79bfc824-327e-4688-9d32-df075f94f513) | running | n/a | small_z1 | 10.244.0.105 |
| diego_brain_z1/0 (b7e8bb31-dc79-40f4-90e1-4d49d89e2ae3) | running | n/a | diego | 10.244.0.5 |
| diego_cell_z1/0 (8565f888-7b4a-43c6-acb7-09f9ed3edfaa) | running | n/a | diego | 10.244.0.4 |
| doppler_z1/0 (fe1bbb59-99e1-4ea3-ade2-cde14a06a720) | running | n/a | small_z1 | 10.244.0.8 |
| etcd_z1/0 (d39fb894-0ff3-4f5e-8221-6d57ee05e14e) | running | n/a | small_z1 | 10.244.0.104 |
| ha_proxy_z1/0 (1b7fb2b5-b3ca-4f42-a5d7-561e47099d90) | running | n/a | small_z1 | 10.244.0.34 |
| loggregator_trafficcontroller_z1/0 (52bf312e-909a-431a-804e-0fb1a8e2bdcc) | running | n/a | small_z1 | 10.244.0.9 |
| nats_z1/0 (c97aa97a-c500-4958-83ff-469186658f31) | running | n/a | small_z1 | 10.244.0.103 |
| postgres_z1/0 (7b5a93ef-c3fe-45f2-87aa-a009345cdc9a) | running | n/a | small_z1 | 10.244.0.101 |
| router_z1/0 (a288b028-a42f-4d1e-ac86-d8a77e291e23) | running | n/a | small_z1 | 10.244.0.102 |
| uaa_z1/0 (877c5d95-d760-421c-bdb2-314f77cdf7db) | running | n/a | small_z1 | 10.244.0.10 |
+---------------------------------------------------------------------------+---------+-----+----------+--------------+
VMs total: 13
VM(bosh liteの場合はコンテナだけど)は13個とすっきり。
Cloud Foundryにログイン & アプリケーションをデプロイ
🔼のマニフェストだとadmin
/ PASSWORD
でログインできる。
$ cf login -a api.bosh-lite.com --skip-ssl-validation -u admin -p PASSWORD
$ cf create-space demo
$ cf target -s demo
$ cd /tmp
$ git clone https://github.com/making/hacker-tackle-demo.git
$ cd hacker-tackle-demo/hacker-tackle
$ cf push
$ curl -i hacker-tackle.bosh-lite.com
HTTP/1.1 200 OK
Content-Length: 1234
Content-Type: text/plain; charset=utf-8
Date: Wed, 14 Sep 2016 03:29:03 GMT
X-Vcap-Request-Id: d7831fc1-ab20-47c7-639a-44d9a6c81f8c
0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣
0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣
0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣
0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣
0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣
0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣
0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣
0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣
0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣
0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣ 0️⃣
楽勝ですね。
Cellをスケールアウト
Cellを3インスタンスにスケールアウトしてみる。
cf.yml
の次の数字を変更して、bosh -n deploy
- name: diego_cell_z1
instances: 3 # <- 1から変更
Cellが2つ増えた。
$ bosh vms
Acting as user 'admin' on 'Bosh Lite Director'
Deployment `cf'
Director task 19
Task 19 done
+---------------------------------------------------------------------------+---------+-----+----------+--------------+
| VM | State | AZ | VM Type | IPs |
+---------------------------------------------------------------------------+---------+-----+----------+--------------+
| api_z1/0 (58e744c8-cb5b-4257-a754-6f320f612df2) | running | n/a | small_z1 | 10.244.0.7 |
| blobstore_z1/0 (76ef3e8a-4034-43a3-b713-6849fd3a902a) | running | n/a | small_z1 | 10.244.0.6 |
| consul_z1/0 (79bfc824-327e-4688-9d32-df075f94f513) | running | n/a | small_z1 | 10.244.0.105 |
| diego_brain_z1/0 (b7e8bb31-dc79-40f4-90e1-4d49d89e2ae3) | running | n/a | diego | 10.244.0.5 |
| diego_cell_z1/0 (8565f888-7b4a-43c6-acb7-09f9ed3edfaa) | running | n/a | diego | 10.244.0.4 |
| diego_cell_z1/1 (2b40d7e1-1a36-4e12-9f53-ab2ad731e897) | running | n/a | diego | 10.244.0.11 |
| diego_cell_z1/2 (49df46d2-0ca4-4f4c-996b-8662b6c21030) | running | n/a | diego | 10.244.0.12 |
| doppler_z1/0 (fe1bbb59-99e1-4ea3-ade2-cde14a06a720) | running | n/a | small_z1 | 10.244.0.8 |
| etcd_z1/0 (d39fb894-0ff3-4f5e-8221-6d57ee05e14e) | running | n/a | small_z1 | 10.244.0.104 |
| ha_proxy_z1/0 (1b7fb2b5-b3ca-4f42-a5d7-561e47099d90) | running | n/a | small_z1 | 10.244.0.34 |
| loggregator_trafficcontroller_z1/0 (52bf312e-909a-431a-804e-0fb1a8e2bdcc) | running | n/a | small_z1 | 10.244.0.9 |
| nats_z1/0 (c97aa97a-c500-4958-83ff-469186658f31) | running | n/a | small_z1 | 10.244.0.103 |
| postgres_z1/0 (7b5a93ef-c3fe-45f2-87aa-a009345cdc9a) | running | n/a | small_z1 | 10.244.0.101 |
| router_z1/0 (a288b028-a42f-4d1e-ac86-d8a77e291e23) | running | n/a | small_z1 | 10.244.0.102 |
| uaa_z1/0 (877c5d95-d760-421c-bdb2-314f77cdf7db) | running | n/a | small_z1 | 10.244.0.10 |
+---------------------------------------------------------------------------+---------+-----+----------+--------------+
VMs total: 15
アプリ側で環境変数CF_INSTANCE_IP
を表示するようにして、cf scale <app> -i 5
とかやると2,2,1で配置されていることがわかるはず。
To be continued
この続きで以下を試したい
- BOSH 2.0形式でデプロイ
- AWSにデプロイ
- Azureにデプロイ
- GCPにデプロイ