bosh-cloudfoundry 0.7.0.alpha.3 → 0.7.0.alpha.4
Sign up to get free protection for your applications and to get access to all the features.
- data/ChangeLog.md +1 -0
- data/bosh-cloudfoundry.gemspec +2 -1
- data/lib/bosh/cli/commands/cf.rb +35 -130
- data/lib/bosh/cloudfoundry.rb +5 -2
- data/lib/bosh/cloudfoundry/deployment_attributes.rb +35 -30
- data/lib/bosh/cloudfoundry/deployment_file.rb +192 -0
- data/lib/bosh/cloudfoundry/release_version.rb +67 -0
- data/lib/bosh/cloudfoundry/release_version_cpi.rb +55 -0
- data/lib/bosh/cloudfoundry/release_version_cpi_size.rb +49 -0
- data/spec/assets/v132/aws/large.yml +393 -0
- data/spec/assets/v132/aws/medium.yml +350 -0
- data/spec/deployment_file_spec.rb +92 -0
- data/spec/plugin_spec.rb +32 -47
- data/spec/release_version_cpi_size_spec.rb +13 -0
- data/spec/release_version_cpi_spec.rb +17 -0
- data/spec/release_version_spec.rb +38 -0
- data/spec/spec_helper.rb +2 -0
- data/templates/v132/aws/large/deployment_file.yml.erb +431 -0
- data/templates/v132/aws/{dev → large}/spec +0 -0
- data/templates/v132/{openstack/dev → aws/medium}/deployment_file.yml.erb +35 -23
- data/templates/v132/{openstack/dev → aws/medium}/spec +0 -0
- data/templates/v132/aws/small/README.md +5 -0
- data/templates/v132/aws/spec +6 -0
- data/templates/v132/openstack/large/deployment_file.yml.erb +431 -0
- data/templates/v132/openstack/large/spec +6 -0
- data/templates/v132/{aws/dev → openstack/medium}/deployment_file.yml.erb +35 -23
- data/templates/v132/openstack/medium/spec +6 -0
- data/templates/v132/openstack/spec +6 -0
- metadata +46 -10
- data/lib/bosh/cloudfoundry/release_versioned_template.rb +0 -48
- data/spec/release_versioned_template_spec.rb +0 -12
File without changes
|
@@ -12,7 +12,7 @@
|
|
12
12
|
# cf:
|
13
13
|
# dns: mycloud.com
|
14
14
|
# ip_addresses: ['1.2.3.4']
|
15
|
-
#
|
15
|
+
# deployment_size: medium
|
16
16
|
# security_group: cf
|
17
17
|
# persistent_disk: 4096
|
18
18
|
#
|
@@ -24,11 +24,13 @@
|
|
24
24
|
#
|
25
25
|
# $ bosh diff deployment_file.yml.erb
|
26
26
|
#
|
27
|
+
no_ssl = true
|
28
|
+
protocol = no_ssl ? "http" : "https"
|
27
29
|
name = find("name")
|
28
30
|
dns = find("properties.cf.dns")
|
29
31
|
ip_addresses = find("properties.cf.ip_addresses")
|
30
32
|
security_group = find("properties.cf.security_group")
|
31
|
-
|
33
|
+
deployment_size = find("properties.cf.deployment_size")
|
32
34
|
persistent_disk = find("properties.cf.persistent_disk")
|
33
35
|
common_password = find("properties.cf.common_password")
|
34
36
|
-%>
|
@@ -84,6 +86,7 @@ resource_pools:
|
|
84
86
|
|
85
87
|
jobs:
|
86
88
|
- name: core
|
89
|
+
release: cf-release
|
87
90
|
template:
|
88
91
|
- syslog_aggregator
|
89
92
|
- nats
|
@@ -103,7 +106,9 @@ jobs:
|
|
103
106
|
properties:
|
104
107
|
db: databases
|
105
108
|
|
109
|
+
# need a separate job for uaa due to https://github.com/cloudfoundry/cf-release/issues/104
|
106
110
|
- name: uaa
|
111
|
+
release: cf-release
|
107
112
|
template:
|
108
113
|
- uaa
|
109
114
|
instances: 1
|
@@ -113,6 +118,7 @@ jobs:
|
|
113
118
|
default: [dns, gateway]
|
114
119
|
|
115
120
|
- name: api
|
121
|
+
release: cf-release
|
116
122
|
template:
|
117
123
|
- cloud_controller_ng
|
118
124
|
- gorouter
|
@@ -132,6 +138,7 @@ jobs:
|
|
132
138
|
db: databases
|
133
139
|
|
134
140
|
- name: dea
|
141
|
+
release: cf-release
|
135
142
|
template:
|
136
143
|
- dea_next
|
137
144
|
instances: 1
|
@@ -145,7 +152,7 @@ properties:
|
|
145
152
|
name: <%= name %>
|
146
153
|
dns: <%= dns %>
|
147
154
|
ip_addresses: <%= ip_addresses.inspect %>
|
148
|
-
|
155
|
+
deployment_size: <%= deployment_size %>
|
149
156
|
security_group: <%= security_group %>
|
150
157
|
persistent_disk: <%= persistent_disk %>
|
151
158
|
common_password: <%= common_password %>
|
@@ -194,7 +201,7 @@ properties:
|
|
194
201
|
serialization_data_server:
|
195
202
|
port: 8080
|
196
203
|
logging_level: debug
|
197
|
-
upload_token:
|
204
|
+
upload_token: <%= common_password %>
|
198
205
|
upload_timeout: 10
|
199
206
|
|
200
207
|
collector:
|
@@ -206,7 +213,7 @@ properties:
|
|
206
213
|
nfs_server:
|
207
214
|
address: 0.core.default.<%= name %>.microbosh
|
208
215
|
#network: "*.<%= name %>.microbosh"
|
209
|
-
#idmapd_domain:
|
216
|
+
#idmapd_domain: <%= dns %>
|
210
217
|
|
211
218
|
debian_nfs_server:
|
212
219
|
no_root_squash: true
|
@@ -263,9 +270,9 @@ properties:
|
|
263
270
|
cc: &cc
|
264
271
|
logging_level: debug
|
265
272
|
external_host: ccng
|
266
|
-
srv_api_uri:
|
273
|
+
srv_api_uri: <%= protocol %>://api.<%= dns %>
|
267
274
|
cc_partition: default
|
268
|
-
db_encryption_key:
|
275
|
+
db_encryption_key: <%= common_password %>
|
269
276
|
bootstrap_admin_email: admin@<%= dns %>
|
270
277
|
bulk_api_password: <%= common_password %>
|
271
278
|
uaa_resource_id: cloud_controller
|
@@ -273,6 +280,7 @@ properties:
|
|
273
280
|
staging_upload_password: <%= common_password %>
|
274
281
|
resource_pool:
|
275
282
|
resource_directory_key: cc-resources
|
283
|
+
# Local provider when using NFS
|
276
284
|
fog_connection:
|
277
285
|
provider: Local
|
278
286
|
local_root: /var/vcap/shared
|
@@ -284,16 +292,16 @@ properties:
|
|
284
292
|
ccng: *cc
|
285
293
|
|
286
294
|
login:
|
287
|
-
protocol:
|
295
|
+
protocol: <%= protocol %>
|
288
296
|
links:
|
289
|
-
home:
|
290
|
-
passwd:
|
291
|
-
signup:
|
297
|
+
home: <%= protocol %>://console.<%= dns %>
|
298
|
+
passwd: <%= protocol %>://console.<%= dns %>/password_resets/new
|
299
|
+
signup: <%= protocol %>://console.<%= dns %>/register
|
292
300
|
|
293
301
|
uaa:
|
294
|
-
url:
|
302
|
+
url: <%= protocol %>://uaa.<%= dns %>
|
295
303
|
spring_profiles: postgresql
|
296
|
-
no_ssl:
|
304
|
+
no_ssl: <%= no_ssl %>
|
297
305
|
catalina_opts: -Xmx768m -XX:MaxPermSize=256m
|
298
306
|
resource_id: account_manager
|
299
307
|
jwt:
|
@@ -330,7 +338,6 @@ properties:
|
|
330
338
|
client:
|
331
339
|
autoapprove:
|
332
340
|
- cf
|
333
|
-
- vmc
|
334
341
|
- my
|
335
342
|
- micro
|
336
343
|
- support-signon
|
@@ -342,32 +349,37 @@ properties:
|
|
342
349
|
authorities: oauth.login
|
343
350
|
secret: <%= common_password %>
|
344
351
|
authorized-grant-types: authorization_code,client_credentials,refresh_token
|
345
|
-
redirect-uri:
|
352
|
+
redirect-uri: <%= protocol %>://login.<%= dns %>
|
346
353
|
support-services:
|
347
354
|
scope: scim.write,scim.read,openid,cloud_controller.read,cloud_controller.write
|
348
|
-
secret:
|
355
|
+
secret: <%= common_password %>
|
349
356
|
authorized-grant-types: authorization_code,client_credentials
|
350
|
-
redirect-uri:
|
357
|
+
redirect-uri: <%= protocol %>://support-signon.<%= dns %>
|
351
358
|
authorities: portal.users.read
|
352
359
|
access-token-validity: 1209600
|
353
360
|
refresh-token-validity: 1209600
|
354
|
-
|
361
|
+
oauth2service:
|
362
|
+
secret: <%= common_password %>
|
363
|
+
scope: openid,cloud_controller.read,cloud_controller.write
|
364
|
+
authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
|
365
|
+
authorized-grant-types: client_credentials,implicit
|
366
|
+
redirect-uri: <%= protocol %>://rewritten-later.cloudfoundry.com/whatever
|
355
367
|
override: true
|
356
|
-
|
357
|
-
authorities: uaa.none
|
358
|
-
scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
|
368
|
+
autoapprove: true
|
359
369
|
cf:
|
360
370
|
override: true
|
361
371
|
authorized-grant-types: password,implicit,refresh_token
|
362
372
|
authorities: uaa.none
|
363
373
|
scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
|
374
|
+
access-token-validity: 7200
|
375
|
+
refresh-token-validity: 1209600
|
364
376
|
servicesmgmt:
|
365
377
|
override: true
|
366
|
-
secret:
|
378
|
+
secret: <%= common_password %>
|
367
379
|
scope: openid,cloud_controller.read,cloud_controller.write
|
368
380
|
authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
|
369
381
|
authorized-grant-types: authorization_code,client_credentials,password,implicit
|
370
|
-
redirect-uri:
|
382
|
+
redirect-uri: <%= protocol %>://servicesmgmt.mycloud.com/auth/cloudfoundry/callback
|
371
383
|
autoapprove: true
|
372
384
|
scim:
|
373
385
|
users:
|
File without changes
|
@@ -0,0 +1,5 @@
|
|
1
|
+
# Small deployment of Cloud Foundry on AWS
|
2
|
+
|
3
|
+
The plan for a small deployment is to colocate everything on a single VM; and allow for scaling in one direction - more/bigger DEAs.
|
4
|
+
|
5
|
+
This cannot currently be implemented until a final release of [cf-release](https://github.com/cloudfoundry/cf-release) is published that includes `properties` in each job's `spec` file.
|
@@ -0,0 +1,431 @@
|
|
1
|
+
---
|
2
|
+
<%-
|
3
|
+
# Example source deployment file that can be used:
|
4
|
+
# ---
|
5
|
+
# name: NAME
|
6
|
+
# director_uuid: 4ae3a0f0-70a5-4c0d-95f2-7fafaefe8b9e
|
7
|
+
# releases:
|
8
|
+
# - name: cf-release
|
9
|
+
# version: 132
|
10
|
+
# networks: {}
|
11
|
+
# properties:
|
12
|
+
# cf:
|
13
|
+
# dns: mycloud.com
|
14
|
+
# ip_addresses: ['1.2.3.4']
|
15
|
+
# deployment_size: medium
|
16
|
+
# security_group: cf
|
17
|
+
# persistent_disk: 4096
|
18
|
+
#
|
19
|
+
# Then target that deployment file:
|
20
|
+
#
|
21
|
+
# $ bosh deployment path/to/file/above
|
22
|
+
#
|
23
|
+
# Then apply this template:
|
24
|
+
#
|
25
|
+
# $ bosh diff deployment_file.yml.erb
|
26
|
+
#
|
27
|
+
name = find("name")
|
28
|
+
dns = find("properties.cf.dns")
|
29
|
+
ip_addresses = find("properties.cf.ip_addresses")
|
30
|
+
security_group = find("properties.cf.security_group")
|
31
|
+
deployment_size = find("properties.cf.deployment_size")
|
32
|
+
persistent_disk = find("properties.cf.persistent_disk")
|
33
|
+
common_password = find("properties.cf.common_password")
|
34
|
+
no_ssl = true
|
35
|
+
protocol = no_ssl ? "http" : "https"
|
36
|
+
-%>
|
37
|
+
name: <%= name %>
|
38
|
+
director_uuid: <%= find("director_uuid") %>
|
39
|
+
|
40
|
+
releases:
|
41
|
+
- name: cf-release
|
42
|
+
version: <%= find("releases.version") %>
|
43
|
+
|
44
|
+
networks:
|
45
|
+
- name: floating
|
46
|
+
type: vip
|
47
|
+
cloud_properties: {}
|
48
|
+
- name: default
|
49
|
+
type: dynamic
|
50
|
+
cloud_properties:
|
51
|
+
security_groups:
|
52
|
+
- <%= security_group %>
|
53
|
+
|
54
|
+
compilation:
|
55
|
+
workers: 6
|
56
|
+
network: default
|
57
|
+
reuse_compilation_vms: true
|
58
|
+
cloud_properties:
|
59
|
+
instance_type: m1.medium
|
60
|
+
|
61
|
+
update:
|
62
|
+
canaries: 1
|
63
|
+
canary_watch_time: 30000-600000
|
64
|
+
update_watch_time: 30000-600000
|
65
|
+
max_in_flight: 4
|
66
|
+
max_errors: 1
|
67
|
+
|
68
|
+
resource_pools:
|
69
|
+
- name: small
|
70
|
+
network: default
|
71
|
+
size: 9
|
72
|
+
stemcell:
|
73
|
+
name: bosh-stemcell
|
74
|
+
version: latest
|
75
|
+
cloud_properties:
|
76
|
+
instance_type: m1.small
|
77
|
+
|
78
|
+
- name: large
|
79
|
+
network: default
|
80
|
+
size: 1
|
81
|
+
stemcell:
|
82
|
+
name: bosh-stemcell
|
83
|
+
version: latest
|
84
|
+
cloud_properties:
|
85
|
+
instance_type: m1.large
|
86
|
+
|
87
|
+
jobs:
|
88
|
+
- name: syslog_aggregator
|
89
|
+
release: cf-release
|
90
|
+
template:
|
91
|
+
- syslog_aggregator
|
92
|
+
instances: 1
|
93
|
+
resource_pool: small
|
94
|
+
persistent_disk: 65536
|
95
|
+
networks:
|
96
|
+
- name: default
|
97
|
+
default: [dns, gateway]
|
98
|
+
|
99
|
+
- name: postgres
|
100
|
+
release: cf-release
|
101
|
+
template:
|
102
|
+
- postgres
|
103
|
+
instances: 1
|
104
|
+
resource_pool: small
|
105
|
+
persistent_disk: 65536
|
106
|
+
networks:
|
107
|
+
- name: default
|
108
|
+
default: [dns, gateway]
|
109
|
+
properties:
|
110
|
+
db: databases
|
111
|
+
|
112
|
+
- name: nfs_server
|
113
|
+
release: cf-release
|
114
|
+
template:
|
115
|
+
- debian_nfs_server
|
116
|
+
instances: 1
|
117
|
+
resource_pool: small
|
118
|
+
persistent_disk: 65536
|
119
|
+
networks:
|
120
|
+
- name: default
|
121
|
+
default: [dns, gateway]
|
122
|
+
|
123
|
+
- name: nats
|
124
|
+
release: cf-release
|
125
|
+
template:
|
126
|
+
- nats
|
127
|
+
instances: 1
|
128
|
+
resource_pool: small
|
129
|
+
networks:
|
130
|
+
- name: default
|
131
|
+
default: [dns, gateway]
|
132
|
+
|
133
|
+
- name: uaa
|
134
|
+
release: cf-release
|
135
|
+
template:
|
136
|
+
- uaa
|
137
|
+
instances: 1
|
138
|
+
resource_pool: small
|
139
|
+
networks:
|
140
|
+
- name: default
|
141
|
+
default: [dns, gateway]
|
142
|
+
|
143
|
+
- name: login
|
144
|
+
release: cf-release
|
145
|
+
template:
|
146
|
+
- login
|
147
|
+
instances: 1
|
148
|
+
resource_pool: small
|
149
|
+
networks:
|
150
|
+
- name: default
|
151
|
+
default: [dns, gateway]
|
152
|
+
|
153
|
+
- name: cloud_controller
|
154
|
+
release: cf-release
|
155
|
+
template:
|
156
|
+
- cloud_controller_ng
|
157
|
+
instances: 1
|
158
|
+
resource_pool: small
|
159
|
+
networks:
|
160
|
+
- name: default
|
161
|
+
default: [dns, gateway]
|
162
|
+
properties:
|
163
|
+
ccdb: ccdb
|
164
|
+
|
165
|
+
- name: router
|
166
|
+
release: cf-release
|
167
|
+
template:
|
168
|
+
- gorouter
|
169
|
+
instances: 1
|
170
|
+
resource_pool: small
|
171
|
+
networks:
|
172
|
+
- name: default
|
173
|
+
default: [dns, gateway]
|
174
|
+
- name: floating
|
175
|
+
static_ips:
|
176
|
+
<%- ip_addresses.each do |ip| -%>
|
177
|
+
- <%= ip %>
|
178
|
+
<%- end -%>
|
179
|
+
|
180
|
+
- name: health_manager
|
181
|
+
release: cf-release
|
182
|
+
template:
|
183
|
+
- health_manager_next
|
184
|
+
instances: 1
|
185
|
+
resource_pool: small
|
186
|
+
networks:
|
187
|
+
- name: default
|
188
|
+
default: [dns, gateway]
|
189
|
+
|
190
|
+
- name: dea
|
191
|
+
release: cf-release
|
192
|
+
template: dea_next
|
193
|
+
instances: 1
|
194
|
+
resource_pool: large
|
195
|
+
networks:
|
196
|
+
- name: default
|
197
|
+
default: [dns, gateway]
|
198
|
+
|
199
|
+
properties:
|
200
|
+
cf:
|
201
|
+
name: <%= name %>
|
202
|
+
dns: <%= dns %>
|
203
|
+
ip_addresses: <%= ip_addresses.inspect %>
|
204
|
+
deployment_size: <%= deployment_size %>
|
205
|
+
security_group: <%= security_group %>
|
206
|
+
persistent_disk: <%= persistent_disk %>
|
207
|
+
common_password: <%= common_password %>
|
208
|
+
|
209
|
+
domain: <%= dns %>
|
210
|
+
system_domain: <%= dns %>
|
211
|
+
system_domain_organization: <%= dns %>
|
212
|
+
app_domains:
|
213
|
+
- <%= dns %>
|
214
|
+
|
215
|
+
networks:
|
216
|
+
apps: default
|
217
|
+
management: default
|
218
|
+
|
219
|
+
nats:
|
220
|
+
address: 0.nats.default.<%= name %>.microbosh
|
221
|
+
port: 4222
|
222
|
+
user: nats
|
223
|
+
password: <%= common_password %>
|
224
|
+
authorization_timeout: 5
|
225
|
+
|
226
|
+
router:
|
227
|
+
port: 8081
|
228
|
+
status:
|
229
|
+
port: 8080
|
230
|
+
user: gorouter
|
231
|
+
password: <%= common_password %>
|
232
|
+
|
233
|
+
dea: &dea
|
234
|
+
max_memory: 4096
|
235
|
+
memory_mb: 4096
|
236
|
+
memory_overcommit_factor: 4
|
237
|
+
disk_mb: 16384
|
238
|
+
disk_overcommit_factor: 4
|
239
|
+
|
240
|
+
dea_next: *dea
|
241
|
+
|
242
|
+
service_lifecycle:
|
243
|
+
serialization_data_server:
|
244
|
+
- 169.254.1.1
|
245
|
+
|
246
|
+
syslog_aggregator:
|
247
|
+
address: 0.syslog-aggregator.default.<%= name %>.microbosh
|
248
|
+
port: 54321
|
249
|
+
|
250
|
+
serialization_data_server:
|
251
|
+
port: 8080
|
252
|
+
logging_level: debug
|
253
|
+
upload_token: <%= common_password %>
|
254
|
+
upload_timeout: 10
|
255
|
+
|
256
|
+
nfs_server:
|
257
|
+
address: 0.nfs-server.default.<%= name %>.microbosh
|
258
|
+
network: "*.<%= name %>.microbosh"
|
259
|
+
idmapd_domain: <%= dns %>
|
260
|
+
|
261
|
+
debian_nfs_server:
|
262
|
+
no_root_squash: true
|
263
|
+
|
264
|
+
databases: &databases
|
265
|
+
db_scheme: postgres
|
266
|
+
address: 0.postgres.default.<%= name %>.microbosh
|
267
|
+
port: 5524
|
268
|
+
roles:
|
269
|
+
- tag: admin
|
270
|
+
name: ccadmin
|
271
|
+
password: <%= common_password %>
|
272
|
+
- tag: admin
|
273
|
+
name: uaaadmin
|
274
|
+
password: <%= common_password %>
|
275
|
+
databases:
|
276
|
+
- tag: cc
|
277
|
+
name: ccdb
|
278
|
+
citext: true
|
279
|
+
- tag: uaa
|
280
|
+
name: uaadb
|
281
|
+
citext: true
|
282
|
+
|
283
|
+
ccdb: &ccdb
|
284
|
+
db_scheme: postgres
|
285
|
+
address: 0.postgres.default.<%= name %>.microbosh
|
286
|
+
port: 5524
|
287
|
+
roles:
|
288
|
+
- tag: admin
|
289
|
+
name: ccadmin
|
290
|
+
password: <%= common_password %>
|
291
|
+
databases:
|
292
|
+
- tag: cc
|
293
|
+
name: ccdb
|
294
|
+
citext: true
|
295
|
+
|
296
|
+
ccdb_ng: *ccdb
|
297
|
+
|
298
|
+
uaadb:
|
299
|
+
db_scheme: postgresql
|
300
|
+
address: 0.postgres.default.<%= name %>.microbosh
|
301
|
+
port: 5524
|
302
|
+
roles:
|
303
|
+
- tag: admin
|
304
|
+
name: uaaadmin
|
305
|
+
password: <%= common_password %>
|
306
|
+
databases:
|
307
|
+
- tag: uaa
|
308
|
+
name: uaadb
|
309
|
+
citext: true
|
310
|
+
|
311
|
+
cc_api_version: v2
|
312
|
+
|
313
|
+
cc: &cc
|
314
|
+
logging_level: debug
|
315
|
+
external_host: ccng
|
316
|
+
srv_api_uri: <%= protocol %>://api.<%= dns %>
|
317
|
+
cc_partition: default
|
318
|
+
db_encryption_key: <%= common_password %>
|
319
|
+
bootstrap_admin_email: admin@<%= dns %>
|
320
|
+
bulk_api_password: <%= common_password %>
|
321
|
+
uaa_resource_id: cloud_controller
|
322
|
+
staging_upload_user: uploaduser
|
323
|
+
staging_upload_password: <%= common_password %>
|
324
|
+
resource_pool:
|
325
|
+
resource_directory_key: cc-resources
|
326
|
+
# Local provider when using NFS
|
327
|
+
fog_connection:
|
328
|
+
provider: Local
|
329
|
+
local_root: /var/vcap/shared
|
330
|
+
packages:
|
331
|
+
app_package_directory_key: cc-packages
|
332
|
+
droplets:
|
333
|
+
droplet_directory_key: cc-droplets
|
334
|
+
|
335
|
+
ccng: *cc
|
336
|
+
|
337
|
+
login:
|
338
|
+
protocol: <%= protocol %>
|
339
|
+
links:
|
340
|
+
home: <%= protocol %>://console.<%= dns %>
|
341
|
+
passwd: <%= protocol %>://console.<%= dns %>/password_resets/new
|
342
|
+
signup: <%= protocol %>://console.<%= dns %>/register
|
343
|
+
|
344
|
+
uaa:
|
345
|
+
url: <%= protocol %>://uaa.<%= dns %>
|
346
|
+
spring_profiles: postgresql
|
347
|
+
no_ssl: <%= no_ssl %>
|
348
|
+
catalina_opts: -Xmx768m -XX:MaxPermSize=256m
|
349
|
+
resource_id: account_manager
|
350
|
+
jwt:
|
351
|
+
signing_key: |
|
352
|
+
-----BEGIN RSA PRIVATE KEY-----
|
353
|
+
MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
|
354
|
+
JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
|
355
|
+
0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
|
356
|
+
AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
|
357
|
+
Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
|
358
|
+
KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
|
359
|
+
duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
|
360
|
+
xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
|
361
|
+
+5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
|
362
|
+
lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
|
363
|
+
jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
|
364
|
+
HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
|
365
|
+
4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
|
366
|
+
-----END RSA PRIVATE KEY-----
|
367
|
+
verification_key: |
|
368
|
+
-----BEGIN PUBLIC KEY-----
|
369
|
+
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
|
370
|
+
KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
|
371
|
+
qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
|
372
|
+
spULZVNRxq7veq/fzwIDAQAB
|
373
|
+
-----END PUBLIC KEY-----
|
374
|
+
cc:
|
375
|
+
client_secret: <%= common_password %>
|
376
|
+
admin:
|
377
|
+
client_secret: <%= common_password %>
|
378
|
+
batch:
|
379
|
+
username: batch
|
380
|
+
password: <%= common_password %>
|
381
|
+
client:
|
382
|
+
autoapprove:
|
383
|
+
- cf
|
384
|
+
- my
|
385
|
+
- portal
|
386
|
+
- micro
|
387
|
+
- support-signon
|
388
|
+
- login
|
389
|
+
clients:
|
390
|
+
login:
|
391
|
+
override: true
|
392
|
+
scope: openid
|
393
|
+
authorities: oauth.login
|
394
|
+
secret: <%= common_password %>
|
395
|
+
authorized-grant-types: authorization_code,client_credentials,refresh_token
|
396
|
+
redirect-uri: <%= protocol %>://login.<%= dns %>
|
397
|
+
support-services:
|
398
|
+
scope: scim.write,scim.read,openid,cloud_controller.read,cloud_controller.write
|
399
|
+
secret: <%= common_password %>
|
400
|
+
authorized-grant-types: authorization_code,client_credentials
|
401
|
+
redirect-uri: <%= protocol %>://support-signon.<%= dns %>
|
402
|
+
authorities: portal.users.read
|
403
|
+
access-token-validity: 1209600
|
404
|
+
refresh-token-validity: 1209600
|
405
|
+
oauth2service:
|
406
|
+
secret: <%= common_password %>
|
407
|
+
scope: openid,cloud_controller.read,cloud_controller.write
|
408
|
+
authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
|
409
|
+
authorized-grant-types: client_credentials,implicit
|
410
|
+
redirect-uri: <%= protocol %>://rewritten-later.cloudfoundry.com/whatever
|
411
|
+
override: true
|
412
|
+
autoapprove: true
|
413
|
+
cf:
|
414
|
+
override: true
|
415
|
+
authorized-grant-types: password,implicit,refresh_token
|
416
|
+
authorities: uaa.none
|
417
|
+
scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
|
418
|
+
access-token-validity: 7200
|
419
|
+
refresh-token-validity: 1209600
|
420
|
+
servicesmgmt:
|
421
|
+
override: true
|
422
|
+
secret: <%= common_password %>
|
423
|
+
scope: openid,cloud_controller.read,cloud_controller.write
|
424
|
+
authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
|
425
|
+
authorized-grant-types: authorization_code,client_credentials,password,implicit
|
426
|
+
redirect-uri: <%= protocol %>://servicesmgmt.<%= dns %>/auth/cloudfoundry/callback
|
427
|
+
autoapprove: true
|
428
|
+
scim:
|
429
|
+
users:
|
430
|
+
- admin|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin
|
431
|
+
- services|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin
|