久しぶりにTASをインストールしてみます。
Ops Managerはこちらの記事でインストールしたものを使用します。
TAS Tileのダウンロードとアップロード
Tanzu NetworkからTASをダウンロードするためのpivnetコマンドをコピーします。
このコマンドを実行します。
pivnet download-product-files --product-slug='elastic-runtime' --release-version='5.0.3' --product-file-id=1666815
Ops Managerにアップロードします。
om --env env.yml upload-product --product srt-5.0.3-build.2.pivotal
om --env env.yml stage-product --product-name cf --product-version 5.0.3
Ops ManagerのUIを確認すると次のように見えます。
TASのインストール
TASで利用する
om --env env.yml generate-certificate -d '*.10.220.46.42.nip.io' -d '*.apps.10.220.46.42.nip.io' -d '*.sys.10.220.46.42.nip.io' > cert.json
cat cert.json | jq -r .certificate > tls.crt
cat cert.json | jq -r .key > tls.key
$ cat tls.crt | openssl x509 -noout -text | grep 'Subject Alternative Name' -A 1
X509v3 Subject Alternative Name:
DNS:*.10.220.46.42.nip.io, DNS:*.apps.10.220.46.42.nip.io, DNS:*.sys.10.220.46.42.nip.io
om --env env.yml staged-config --product-name cf --include-placeholders > cf.yaml
product-name: cf
product-properties:
.cloud_controller.allow_app_ssh_access:
value: true
.cloud_controller.apps_domain:
value: apps.10.220.46.42.nip.io
.cloud_controller.default_app_memory:
value: 1024
.cloud_controller.default_app_ssh_access:
value: true
.cloud_controller.default_disk_quota_app:
value: 1024
.cloud_controller.default_quota_max_number_services:
value: 100
.cloud_controller.default_quota_memory_limit_mb:
value: 10240
.cloud_controller.enable_custom_buildpacks:
value: true
.cloud_controller.encrypt_key:
value:
secret: ((cloud_controller_encrypt_key.secret))
.cloud_controller.max_disk_quota_app:
value: 2048
.cloud_controller.max_file_size:
value: 2048
.cloud_controller.max_package_size:
value: 2147483648
.cloud_controller.security_event_logging_enabled:
value: true
.cloud_controller.staging_timeout_in_seconds:
value: 900
.cloud_controller.system_domain:
value: sys.10.220.46.42.nip.io
.diego_brain.starting_container_count_maximum:
value: 200
.mysql.cli_history:
value: true
.mysql.max_connections:
value: 3500
.mysql.prevent_node_auto_rejoin:
value: false
.mysql.remote_admin_access:
value: false
.mysql_monitor.poll_frequency:
value: 30
.mysql_monitor.recipient_email:
value: notify@example.com
.mysql_monitor.write_read_delay:
value: 20
.mysql_proxy.enable_inactive_mysql_port:
value: false
.mysql_proxy.shutdown_delay:
value: 30
.mysql_proxy.startup_delay:
value: 0
.nfs_server.blobstore_internal_access_rules:
value: allow 10.0.0.0/8;,allow 172.16.0.0/12;,allow 192.168.0.0/16;
.properties.app_graceful_shutdown_period_in_seconds:
value: 10
.properties.autoscale_api_disable_connection_pooling:
value: false
.properties.autoscale_api_instance_count:
value: 1
.properties.autoscale_enable_notifications:
value: true
.properties.autoscale_enable_verbose_logging:
value: false
.properties.autoscale_instance_count:
value: 3
.properties.autoscale_metric_bucket_count:
value: 120
.properties.autoscale_scaling_interval_in_seconds:
value: 35
.properties.cc_api_rate_limit:
selected_option: disable
value: disable
.properties.cc_logging_level:
value: info
.properties.ccdb_connection_validation_timeout:
value: 3600
.properties.ccdb_read_timeout:
value: 3600
.properties.ccng_monit_http_healthcheck_timeout_per_retry:
value: 6
.properties.cf_networking_database_connection_timeout:
value: 120
.properties.cf_networking_enable_space_developer_self_service:
value: false
.properties.cf_networking_internal_domains:
value:
- name: apps.internal
.properties.cloud_controller_audit_events_cutoff_age_in_days:
value: 31
.properties.cloud_controller_completed_tasks_cutoff_age_in_days:
value: 31
.properties.cloud_controller_default_health_check_timeout:
value: 60
.properties.cloud_controller_default_log_rate_limit_app:
value: 16384
.properties.cloud_controller_instance_file_descriptor_limit:
value: 16384
.properties.cloud_controller_post_bbr_healthcheck_timeout_in_seconds:
value: 60
.properties.cloud_controller_stacks:
selected_option: fs3_and_fs4_option
value: fs3_and_fs4
.properties.cloud_controller_stacks.fs3_and_fs4_option.cloud_controller_default_stack:
value: cflinuxfs4
.properties.cloud_controller_temporary_disable_deployments:
value: false
.properties.cloud_controller_worker_alert_if_above_mb:
value: 384
.properties.cloud_controller_worker_restart_if_above_mb:
value: 512
.properties.cloud_controller_worker_restart_if_consistently_above_mb:
value: 384
.properties.container_networking:
selected_option: enable
value: enable
.properties.container_networking_interface_plugin:
selected_option: silk
value: silk
.properties.container_networking_interface_plugin.silk.enable_dynamic_asgs:
value: true
.properties.container_networking_interface_plugin.silk.enable_log_traffic:
value: false
.properties.container_networking_interface_plugin.silk.enable_policy_enforcement:
value: true
.properties.container_networking_interface_plugin.silk.iptables_accepted_udp_logs_per_sec:
value: 100
.properties.container_networking_interface_plugin.silk.iptables_denied_logs_per_sec:
value: 1
.properties.container_networking_interface_plugin.silk.network_mtu:
value: 1454
.properties.container_networking_interface_plugin.silk.policy_enforcement_poll_interval:
value: 5
.properties.container_networking_interface_plugin.silk.subnet_prefix_length:
value: 24
.properties.container_networking_interface_plugin.silk.vtep_port:
value: 4789
.properties.credhub_database:
selected_option: internal_mysql
value: internal_mysql
.properties.credhub_hsm_provider_client_certificate:
value:
cert_pem: ((properties_credhub_hsm_provider_client_certificate.cert_pem))
private_key_pem: ((properties_credhub_hsm_provider_client_certificate.private_key_pem))
.properties.credhub_hsm_provider_partition_password:
value:
secret: ((properties_credhub_hsm_provider_partition_password.secret))
.properties.credhub_internal_provider_keys:
value:
- key:
secret: ((properties_credhub_internal_provider_keys_0_key.secret))
name: Key
primary: true
.properties.default_loggregator_drain_metadata:
value: true
.properties.diego_database_max_open_connections:
value: 100
.properties.disable_diego_cells:
value: false
.properties.disable_logs_in_firehose:
value: false
.properties.enable_cpu_throttling:
value: false
.properties.enable_garden_containerd_mode:
value: true
.properties.enable_smb_volume_driver:
value: true
.properties.enable_smb_volume_driver_force_noserverino:
value: false
.properties.enable_tls_to_internal_pxc:
value: false
.properties.enable_v1_firehose:
value: true
.properties.enable_v2_firehose:
value: true
.properties.garden_disk_cleanup:
selected_option: reserved
value: reserved
.properties.garden_disk_cleanup.reserved.reserved_space_for_other_jobs_in_mb:
value: 15360
.properties.gorouter_customize_metrics_reporting:
selected_option: disable
value: disable
.properties.gorouter_ssl_ciphers:
value: ECDHE-RSA-AES128-GCM-SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
.properties.isolated_routing:
selected_option: accept_all
value: accept_all
.properties.locket_database_max_open_connections:
value: 200
.properties.log_cache_max_per_source:
value: 100000
.properties.metric_registrar_blacklisted_tags:
value: deployment,job,index,ip
.properties.metric_registrar_enabled:
value: true
.properties.metric_registrar_max_metrics_per_instance:
value: -1
.properties.metric_registrar_scrape_interval_in_seconds:
value: 35
.properties.metrics_agent_disabled:
value: true
.properties.mtls_log_cache:
selected_option: tls
value: tls
.properties.mysql_activity_logging:
selected_option: enable
value: enable
.properties.mysql_activity_logging.enable.audit_logging_events:
value: connect,query
.properties.networking_poe_ssl_certs:
value:
- certificate:
cert_pem: ((properties_networking_poe_ssl_certs_0_certificate.cert_pem))
private_key_pem: ((properties_networking_poe_ssl_certs_0_certificate.private_key_pem))
name: Certificate
.properties.networkpolicyserver_database_max_open_connections:
value: 200
.properties.networkpolicyserverinternal_database_max_open_connections:
value: 200
.properties.nfs_volume_driver:
selected_option: enable
value: enable
.properties.nfs_volume_driver.enable.ldap_service_account_password:
value:
secret: ((properties_nfs_volume_driver_enable_ldap_service_account_password.secret))
.properties.policy_server_asg_syncer_interval:
value: 60
.properties.push_apps_manager_app_poll_interval:
value: 10
.properties.push_apps_manager_buildpack:
value: staticfile_buildpack
.properties.push_apps_manager_cf_cli_packages:
selected_option: cf_cli_v8
value: cf_cli_v8
.properties.push_apps_manager_currency_lookup:
value: '{ "usd": "$", "eur": "€" }'
.properties.push_apps_manager_display_plan_prices:
value: false
.properties.push_apps_manager_enable_invitations:
value: true
.properties.push_apps_manager_invitations_buildpack:
value: nodejs_buildpack
.properties.push_apps_manager_nav_links:
value:
- href: https://docs.vmware.com/en/VMware-Tanzu-Application-Service/index.html
name: Docs
- href: /tools
name: Tools
.properties.push_apps_manager_poll_interval:
value: 30
.properties.push_apps_manager_search_server_buildpack:
value: nodejs_buildpack
.properties.push_usage_service_cutoff_age_in_days:
value: 365
.properties.route_integrity:
selected_option: tls_verify
value: tls_verify
.properties.route_services:
selected_option: enable
value: enable
.properties.route_services.enable.ignore_ssl_cert_verification:
value: false
.properties.route_services.enable.internal_lookup:
value: false
.properties.router_backend_max_conn:
value: 500
.properties.router_balancing_algorithm:
selected_option: round_robin
value: round-robin
.properties.router_client_cert_validation:
selected_option: request
value: request
.properties.router_enable_proxy:
value: false
.properties.router_keepalive_connections:
selected_option: enable
value: enable
.properties.router_only_trust_client_ca_certs:
selected_option: disable
value: disable
.properties.router_redact_query_parameters:
selected_option: none
value: none
.properties.router_sticky_session_cookie_names:
value:
- name: JSESSIONID
.properties.routing_disable_http:
value: false
.properties.routing_log_client_ips:
selected_option: log_client_ips
value: log_client_ips
.properties.routing_tls_termination:
selected_option: load_balancer
value: load_balancer
.properties.routing_tls_version_range:
selected_option: tls_v1_2_v1_3
value: tls_v1_2_v1_3
.properties.saml_signature_algorithm:
value: SHA256
.properties.secure_service_instance_credentials:
value: false
.properties.security_acknowledgement:
value: X
.properties.service_discovery_controller_staleness_threshold:
value: 600
.properties.silk_database_max_open_connections:
value: 200
.properties.smoke_tests:
selected_option: on_demand
value: on_demand
.properties.smtp_auth_mechanism:
value: plain
.properties.smtp_credentials:
value:
identity: ((properties_smtp_credentials.identity))
password: ((properties_smtp_credentials.password))
.properties.smtp_enable_starttls_auto:
value: false
.properties.syslog_drop_debug:
value: true
.properties.syslog_tls:
selected_option: disabled
value: disabled
.properties.syslog_use_tcp_for_file_forwarding_local_transport:
value: false
.properties.system_blobstore:
selected_option: internal
value: internal
.properties.system_blobstore_backup_level:
selected_option: all
value: all
.properties.system_blobstore_ccdroplet_max_staged_droplets_stored:
value: 5
.properties.system_blobstore_ccpackage_max_valid_packages_stored:
value: 5
.properties.system_database:
selected_option: internal_pxc
value: internal_pxc
.properties.system_metrics_scraper_scrape_interval:
value: 15s
.properties.tcp_routing:
selected_option: disable
value: disable
.properties.uaa:
selected_option: internal
value: internal
.properties.uaa.internal.password_expires_after_months:
value: 0
.properties.uaa.internal.password_max_retry:
value: 5
.properties.uaa.internal.password_min_length:
value: 0
.properties.uaa.internal.password_min_lowercase:
value: 0
.properties.uaa.internal.password_min_numeric:
value: 0
.properties.uaa.internal.password_min_special:
value: 0
.properties.uaa.internal.password_min_uppercase:
value: 0
.properties.uaa_database:
selected_option: internal_mysql
value: internal_mysql
.properties.uaa_session_cookie_max_age:
value: 28800
.properties.uaa_session_idle_timeout:
value: 1800
.properties.vxlan_policy_agent_asg_update_interval:
value: 60
.router.disable_insecure_cookies:
value: false
.router.drain_timeout:
value: 900
.router.drain_wait:
value: 20
.router.enable_http2:
value: true
.router.enable_w3c:
value: true
.router.enable_write_access_logs:
value: true
.router.enable_zipkin:
value: false
.router.frontend_idle_timeout:
value: 900
.router.lb_healthy_threshold:
value: 20
.router.max_header_kb:
value: 48
.router.request_timeout_in_seconds:
value: 900
.router.static_ips:
value: 10.220.46.42
.uaa.apps_manager_access_token_lifetime:
value: 3600
.uaa.cf_cli_access_token_lifetime:
value: 7200
.uaa.cf_cli_refresh_token_lifetime:
value: 1209600
.uaa.customize_password_label:
value: Password
.uaa.customize_username_label:
value: Email
.uaa.enable_uri_encoding_compatibility_mode:
value: true
.uaa.enforce_system_zone_policy_in_all_zones:
value: true
.uaa.proxy_ips_regex:
value: 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
.uaa.service_provider_key_credentials:
value:
cert_pem: ((uaa_service_provider_key_credentials.cert_pem))
private_key_pem: ((uaa_service_provider_key_credentials.private_key_pem))
.uaa.service_provider_key_password:
value:
secret: ((uaa_service_provider_key_password.secret))
network-properties:
network:
name: deployment
other_availability_zones:
- name: az01
singleton_availability_zone:
name: az01
resource-config:
backup_restore:
max_in_flight: 1
additional_networks: []
additional_vm_extensions: []
instance_type:
id: automatic
instances: automatic
nsxt:
lb:
server_pools: []
ns_groups: []
vif_type: null
persistent_disk:
name: automatic
size_mb: automatic
swap_as_percent_of_memory_size: automatic
blobstore:
max_in_flight: 1
additional_networks: []
additional_vm_extensions: []
instance_type:
id: automatic
instances: automatic
nsxt:
lb:
server_pools: []
ns_groups: []
vif_type: null
persistent_disk:
name: automatic
size_mb: automatic
swap_as_percent_of_memory_size: automatic
compute:
max_in_flight: 4%
additional_networks: []
additional_vm_extensions: []
instance_type:
id: automatic
instances: automatic
nsxt:
lb:
server_pools: []
ns_groups: []
vif_type: null
swap_as_percent_of_memory_size: automatic
control:
max_in_flight: 1
additional_networks: []
additional_vm_extensions: []
instance_type:
id: automatic
instances: automatic
nsxt:
lb:
server_pools: []
ns_groups: []
vif_type: null
swap_as_percent_of_memory_size: automatic
database:
max_in_flight: 1
additional_networks: []
additional_vm_extensions: []
instance_type:
id: automatic
instances: automatic
nsxt:
lb:
server_pools: []
ns_groups: []
vif_type: null
persistent_disk:
name: automatic
size_mb: automatic
swap_as_percent_of_memory_size: automatic
mysql_monitor:
max_in_flight: 1
additional_networks: []
additional_vm_extensions: []
instance_type:
id: automatic
instances: automatic
nsxt:
lb:
server_pools: []
ns_groups: []
vif_type: null
swap_as_percent_of_memory_size: automatic
router:
max_in_flight: 1
additional_networks: []
additional_vm_extensions: []
instance_type:
id: automatic
instances: automatic
nsxt:
lb:
server_pools: []
ns_groups: []
vif_type: null
swap_as_percent_of_memory_size: automatic
tcp_router:
max_in_flight: 1
additional_networks: []
additional_vm_extensions: []
instance_type:
id: automatic
instances: 0
nsxt:
lb:
server_pools: []
ns_groups: []
vif_type: null
persistent_disk:
name: automatic
size_mb: automatic
swap_as_percent_of_memory_size: automatic
errand-config:
deploy-autoscaler:
post-deploy-state: true
deploy-notifications:
post-deploy-state: true
deploy-notifications-ui:
post-deploy-state: true
metric_registrar_smoke_test:
post-deploy-state: false
nfsbrokerpush:
post-deploy-state: true
push-apps-manager:
post-deploy-state: true
push-offline-docs:
post-deploy-state: false
push-tas-portal:
post-deploy-state: true
push-usage-service:
post-deploy-state: true
rotate_cc_database_key:
post-deploy-state: false
smbbrokerpush:
post-deploy-state: true
smoke_tests:
post-deploy-state: true
test-autoscaling:
post-deploy-state: true
grep '((' cf.yml | sed 's/.*((//g' | sed 's/))/: /g' > cf-vars.yml
cloud_controller_encrypt_key.secret:
properties_credhub_hsm_provider_client_certificate.cert_pem:
properties_credhub_hsm_provider_client_certificate.private_key_pem:
properties_credhub_hsm_provider_partition_password.secret:
properties_credhub_internal_provider_keys_0_key.secret: credhubsecret1credhubsecret1
properties_networking_poe_ssl_certs_0_certificate.cert_pem: |
-----BEGIN CERTIFICATE-----
tls.crtの内容
-----END CERTIFICATE-----
properties_networking_poe_ssl_certs_0_certificate.private_key_pem: |
-----BEGIN RSA PRIVATE KEY-----
tls.keyの内容
-----END RSA PRIVATE KEY-----
properties_nfs_volume_driver_enable_ldap_service_account_password.secret:
properties_smtp_credentials.identity:
properties_smtp_credentials.password:
uaa_service_provider_key_credentials.cert_pem: |
-----BEGIN CERTIFICATE-----
tls.crtの内容
-----END CERTIFICATE-----
uaa_service_provider_key_credentials.private_key_pem: |
-----BEGIN RSA PRIVATE KEY-----
tls.keyの内容
-----END RSA PRIVATE KEY-----
uaa_service_provider_key_password.secret:
om --env env.yml configure-product --config cf.yml --vars-file cf-vars.yml
om --env env.yml apply-changes
ADMIN_PASSWORD=$(om --env env.yml credentials -p cf -c .uaa.admin_credentials -f password)
curl "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=8.7.5&source=github-rel" -sL | tar xzvf - cf8
sudo mv cf8 /usr/local/bin/cf
cf login -a api.sys.10.220.46.42.nip.io -u admin -p ${ADMIN_PASSWORD} --skip-ssl-validation -o system -s system
cf create-org demo
cf create-space demo -o demo
cf target -o demo -s demo
mkdir -p /tmp/hello
echo '<?php echo "Hello World!";' > /tmp/hello/index.php
cf push hello -m 32m -p /tmp/hello -b php_buildpack
$ cf app hello
Showing health and status for app hello in org demo / space demo as admin...
name: hello
requested state: started
routes: hello.apps.10.220.46.42.nip.io
last uploaded: Fri 08 Dec 11:13:15 UTC 2023
stack: cflinuxfs4
buildpacks:
name version detect output buildpack name
php_buildpack 4.6.12 php php
type: web
sidecars:
instances: 1/1
memory usage: 32M
state since cpu memory disk logging details
#0 running 2023-12-08T11:13:33Z 1.1% 17.2M of 32M 481M of 1G 0/s of 16K/s
$ curl -k https://hello.apps.10.220.46.42.nip.io
Hello World!
wget https://gist.github.com/making/fca49149aea3a7307b293685ba20c7b7/raw/6daab9a0a88fe0f36072ca4d1ee622d2354f3505/pcf-ers-demo1-0.0.1-SNAPSHOT.jar
cf push attendees -p pcf-ers-demo1-0.0.1-SNAPSHOT.jar -m 768m -b java_buildpack_offline
$ cf app attendees
Showing health and status for app attendees in org demo / space demo as admin...
name: attendees
requested state: started
routes: attendees.apps.10.220.46.42.nip.io
last uploaded: Fri 08 Dec 10:50:03 UTC 2023
stack: cflinuxfs4
buildpacks:
name version detect output buildpack name
java_buildpack_offline v4.63.1-offline-https://github.com/cloudfoundry/java-buildpack#9e247374 java java
type: web
sidecars:
instances: 1/1
memory usage: 768M
state since cpu memory disk logging details
#0 running 2023-12-08T10:50:30Z 0.6% 257.7M of 768M 153.5M of 1G 0/s of 16K/s
type: task
sidecars:
instances: 0/0
memory usage: 1024M
There are no running instances of this process.