bosh-cloudfoundry 0.7.0.alpha.3 → 0.7.0.alpha.4

data/templates/v132/{openstack/dev → aws/medium}/deployment_file.yml.erb

@@ -12,7 +12,7 @@
 #   cf:
 #     dns: mycloud.com
 #     ip_addresses: ['1.2.3.4']
-#     core_size: medium
+#     deployment_size: medium
 #     security_group: cf
 #     persistent_disk: 4096
 #
@@ -24,11 +24,13 @@
 #
 #     $ bosh diff deployment_file.yml.erb
 #
+no_ssl          = true
+protocol        = no_ssl ? "http" : "https"
 name            = find("name")
 dns             = find("properties.cf.dns")
 ip_addresses    = find("properties.cf.ip_addresses")
 security_group  = find("properties.cf.security_group")
-core_size       = find("properties.cf.core_size")
+deployment_size = find("properties.cf.deployment_size")
 persistent_disk = find("properties.cf.persistent_disk")
 common_password = find("properties.cf.common_password")
 -%>
@@ -84,6 +86,7 @@ resource_pools:
 
 jobs:
   - name: core
+    release: cf-release
     template:
       - syslog_aggregator
       - nats
@@ -103,7 +106,9 @@ jobs:
     properties:
       db: databases
 
+  # need a separate job for uaa due to https://github.com/cloudfoundry/cf-release/issues/104
   - name: uaa
+    release: cf-release
     template:
       - uaa
     instances: 1
@@ -113,6 +118,7 @@ jobs:
         default: [dns, gateway]
 
   - name: api
+    release: cf-release
     template:
       - cloud_controller_ng
       - gorouter
@@ -132,6 +138,7 @@ jobs:
       db: databases
 
   - name: dea
+    release: cf-release
     template:
       - dea_next
     instances: 1
@@ -145,7 +152,7 @@ properties:
     name: <%= name %>
     dns: <%= dns %>
     ip_addresses: <%= ip_addresses.inspect %>
-    core_size: <%= core_size %>
+    deployment_size: <%= deployment_size %>
     security_group: <%= security_group %>
     persistent_disk: <%= persistent_disk %>
     common_password: <%= common_password %>
@@ -194,7 +201,7 @@ properties:
   serialization_data_server:
     port: 8080
     logging_level: debug
-    upload_token: 8f7COGvThwlmulIzAgOHxMXurBrG364k
+    upload_token: <%= common_password %>
     upload_timeout: 10
 
   collector:
@@ -206,7 +213,7 @@ properties:
   nfs_server:
     address: 0.core.default.<%= name %>.microbosh
     #network: "*.<%= name %>.microbosh"
-    #idmapd_domain: iad1
+    #idmapd_domain: <%= dns %>
 
   debian_nfs_server:
     no_root_squash: true
@@ -263,9 +270,9 @@ properties:
   cc: &cc
     logging_level: debug
     external_host: ccng
-    srv_api_uri: http://api.<%= dns %>
+    srv_api_uri: <%= protocol %>://api.<%= dns %>
     cc_partition: default
-    db_encryption_key: "b963127302433579"
+    db_encryption_key: <%= common_password %>
     bootstrap_admin_email: admin@<%= dns %>
     bulk_api_password: <%= common_password %>
     uaa_resource_id: cloud_controller
@@ -273,6 +280,7 @@ properties:
     staging_upload_password: <%= common_password %>
     resource_pool:
       resource_directory_key: cc-resources
+      # Local provider when using NFS
       fog_connection:
         provider: Local
         local_root: /var/vcap/shared
@@ -284,16 +292,16 @@ properties:
   ccng: *cc
 
   login:
-    protocol: http
+    protocol: <%= protocol %>
     links:
-      home: http://console.<%= dns %>
-      passwd: http://console.<%= dns %>/password_resets/new
-      signup: http://console.<%= dns %>/register
+      home: <%= protocol %>://console.<%= dns %>
+      passwd: <%= protocol %>://console.<%= dns %>/password_resets/new
+      signup: <%= protocol %>://console.<%= dns %>/register
 
   uaa:
-    url: http://uaa.<%= dns %>
+    url: <%= protocol %>://uaa.<%= dns %>
     spring_profiles: postgresql
-    no_ssl: true
+    no_ssl: <%= no_ssl %>
     catalina_opts: -Xmx768m -XX:MaxPermSize=256m
     resource_id: account_manager
     jwt:
@@ -330,7 +338,6 @@ properties:
     client:
       autoapprove:
         - cf
-        - vmc
         - my
         - micro
         - support-signon
@@ -342,32 +349,37 @@ properties:
         authorities: oauth.login
         secret: <%= common_password %>
         authorized-grant-types: authorization_code,client_credentials,refresh_token
-        redirect-uri: http://login.<%= dns %>
+        redirect-uri: <%= protocol %>://login.<%= dns %>
       support-services:
         scope: scim.write,scim.read,openid,cloud_controller.read,cloud_controller.write
-        secret: ssosecretsso
+        secret: <%= common_password %>
         authorized-grant-types: authorization_code,client_credentials
-        redirect-uri: http://support-signon.<%= dns %>
+        redirect-uri: <%= protocol %>://support-signon.<%= dns %>
         authorities: portal.users.read
         access-token-validity: 1209600
         refresh-token-validity: 1209600
-      vmc:
+      oauth2service:
+        secret: <%= common_password %>
+        scope: openid,cloud_controller.read,cloud_controller.write
+        authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
+        authorized-grant-types: client_credentials,implicit
+        redirect-uri: <%= protocol %>://rewritten-later.cloudfoundry.com/whatever
         override: true
-        authorized-grant-types: password,implicit
-        authorities: uaa.none
-        scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
+        autoapprove: true
       cf:
         override: true
         authorized-grant-types: password,implicit,refresh_token
         authorities: uaa.none
         scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
+        access-token-validity: 7200
+        refresh-token-validity: 1209600
       servicesmgmt:
         override: true
-        secret: serivcesmgmtsecret
+        secret: <%= common_password %>
         scope: openid,cloud_controller.read,cloud_controller.write
         authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
         authorized-grant-types: authorization_code,client_credentials,password,implicit
-        redirect-uri: http://servicesmgmt.yourdomain.com/auth/cloudfoundry/callback
+        redirect-uri: <%= protocol %>://servicesmgmt.mycloud.com/auth/cloudfoundry/callback
         autoapprove: true
     scim:
       users:

data/templates/v132/aws/small/README.md

@@ -0,0 +1,5 @@
+# Small deployment of Cloud Foundry on AWS
+
+The plan for a small deployment is to colocate everything on a single VM; and allow for scaling in one direction - more/bigger DEAs.
+
+This cannot currently be implemented until a final release of [cf-release](https://github.com/cloudfoundry/cf-release) is published that includes `properties` in each job's `spec` file.

data/templates/v132/aws/spec

@@ -0,0 +1,6 @@
+---
+deployment_sizes:
+- medium
+- large
+
+default_deployment_size: medium

data/templates/v132/openstack/large/deployment_file.yml.erb

@@ -0,0 +1,431 @@
+---
+<%-
+# Example source deployment file that can be used:
+# ---
+# name: NAME
+# director_uuid: 4ae3a0f0-70a5-4c0d-95f2-7fafaefe8b9e
+# releases:
+#  - name: cf-release
+#    version: 132
+# networks: {}
+# properties:
+#   cf:
+#     dns: mycloud.com
+#     ip_addresses: ['1.2.3.4']
+#     deployment_size: medium
+#     security_group: cf
+#     persistent_disk: 4096
+#
+# Then target that deployment file:
+#
+#     $ bosh deployment path/to/file/above
+#
+# Then apply this template:
+#
+#     $ bosh diff deployment_file.yml.erb
+#
+name            = find("name")
+dns             = find("properties.cf.dns")
+ip_addresses    = find("properties.cf.ip_addresses")
+security_group  = find("properties.cf.security_group")
+deployment_size = find("properties.cf.deployment_size")
+persistent_disk = find("properties.cf.persistent_disk")
+common_password = find("properties.cf.common_password")
+no_ssl          = true
+protocol        = no_ssl ? "http" : "https"
+-%>
+name: <%= name %>
+director_uuid: <%= find("director_uuid") %>
+
+releases:
+ - name: cf-release
+   version: <%= find("releases.version") %>
+
+networks:
+- name: floating
+  type: vip
+  cloud_properties: {}
+- name: default
+  type: dynamic
+  cloud_properties:
+    security_groups:
+    - <%= security_group %>
+
+compilation:
+  workers: 6
+  network: default
+  reuse_compilation_vms: true
+  cloud_properties:
+    instance_type: m1.medium
+
+update:
+  canaries: 1
+  canary_watch_time: 30000-600000
+  update_watch_time: 30000-600000
+  max_in_flight: 4
+  max_errors: 1
+
+resource_pools:
+  - name: small
+    network: default
+    size: 9
+    stemcell:
+      name: bosh-stemcell
+      version: latest
+    cloud_properties:
+      instance_type: m1.small
+
+  - name: large
+    network: default
+    size: 1
+    stemcell:
+      name: bosh-stemcell
+      version: latest
+    cloud_properties:
+      instance_type: m1.large
+
+jobs:
+  - name: syslog_aggregator
+    release: cf-release
+    template: 
+      - syslog_aggregator
+    instances: 1
+    resource_pool: small
+    persistent_disk: 65536
+    networks:
+      - name: default
+        default: [dns, gateway]
+      
+  - name: postgres
+    release: cf-release
+    template: 
+      - postgres
+    instances: 1
+    resource_pool: small
+    persistent_disk: 65536
+    networks:
+      - name: default
+        default: [dns, gateway]
+    properties:
+      db: databases
+
+  - name: nfs_server
+    release: cf-release
+    template:
+      - debian_nfs_server
+    instances: 1
+    resource_pool: small
+    persistent_disk: 65536
+    networks:
+      - name: default
+        default: [dns, gateway]            
+
+  - name: nats
+    release: cf-release
+    template: 
+      - nats
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]            
+            
+  - name: uaa
+    release: cf-release
+    template: 
+      - uaa
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]           
+
+  - name: login
+    release: cf-release
+    template: 
+      - login
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]
+
+  - name: cloud_controller
+    release: cf-release
+    template: 
+      - cloud_controller_ng
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]
+    properties:
+      ccdb: ccdb
+
+  - name: router
+    release: cf-release
+    template: 
+      - gorouter
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]
+      - name: floating
+        static_ips:
+        <%- ip_addresses.each do |ip| -%>
+        - <%= ip %>
+        <%- end -%>
+
+  - name: health_manager
+    release: cf-release
+    template: 
+      - health_manager_next
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]
+       
+  - name: dea
+    release: cf-release
+    template: dea_next
+    instances: 1
+    resource_pool: large
+    networks:
+      - name: default
+        default: [dns, gateway]            
+
+properties:
+  cf:
+    name: <%= name %>
+    dns: <%= dns %>
+    ip_addresses: <%= ip_addresses.inspect %>
+    deployment_size: <%= deployment_size %>
+    security_group: <%= security_group %>
+    persistent_disk: <%= persistent_disk %>
+    common_password: <%= common_password %>
+
+  domain: <%= dns %>
+  system_domain: <%= dns %>
+  system_domain_organization: <%= dns %>
+  app_domains:
+    - <%= dns %>
+
+  networks:
+    apps: default
+    management: default
+
+  nats:
+    address: 0.nats.default.<%= name %>.microbosh
+    port: 4222
+    user: nats
+    password: <%= common_password %>
+    authorization_timeout: 5
+
+  router:
+    port: 8081
+    status:
+      port: 8080
+      user: gorouter
+      password: <%= common_password %>
+
+  dea: &dea
+    max_memory: 4096
+    memory_mb: 4096
+    memory_overcommit_factor: 4
+    disk_mb: 16384
+    disk_overcommit_factor: 4
+
+  dea_next: *dea
+
+  service_lifecycle:
+    serialization_data_server:
+    - 169.254.1.1 
+
+  syslog_aggregator:
+    address: 0.syslog-aggregator.default.<%= name %>.microbosh
+    port: 54321
+
+  serialization_data_server:
+    port: 8080
+    logging_level: debug
+    upload_token: <%= common_password %>
+    upload_timeout: 10
+
+  nfs_server:
+    address: 0.nfs-server.default.<%= name %>.microbosh
+    network: "*.<%= name %>.microbosh"
+    idmapd_domain: <%= dns %>
+
+  debian_nfs_server:
+    no_root_squash: true
+
+  databases: &databases
+    db_scheme: postgres
+    address: 0.postgres.default.<%= name %>.microbosh
+    port: 5524
+    roles:
+      - tag: admin
+        name: ccadmin
+        password: <%= common_password %>
+      - tag: admin
+        name: uaaadmin
+        password: <%= common_password %>
+    databases:
+      - tag: cc
+        name: ccdb
+        citext: true
+      - tag: uaa
+        name: uaadb
+        citext: true
+
+  ccdb: &ccdb
+    db_scheme: postgres
+    address: 0.postgres.default.<%= name %>.microbosh
+    port: 5524
+    roles:
+      - tag: admin
+        name: ccadmin
+        password: <%= common_password %>
+    databases:
+      - tag: cc
+        name: ccdb
+        citext: true
+
+  ccdb_ng: *ccdb
+
+  uaadb: 
+    db_scheme: postgresql
+    address: 0.postgres.default.<%= name %>.microbosh
+    port: 5524
+    roles:
+      - tag: admin
+        name: uaaadmin
+        password: <%= common_password %>
+    databases:
+      - tag: uaa
+        name: uaadb
+        citext: true
+
+  cc_api_version: v2
+
+  cc: &cc
+    logging_level: debug
+    external_host: ccng
+    srv_api_uri: <%= protocol %>://api.<%= dns %>
+    cc_partition: default
+    db_encryption_key: <%= common_password %>
+    bootstrap_admin_email: admin@<%= dns %>
+    bulk_api_password: <%= common_password %>
+    uaa_resource_id: cloud_controller
+    staging_upload_user: uploaduser
+    staging_upload_password: <%= common_password %>
+    resource_pool:
+      resource_directory_key: cc-resources
+      # Local provider when using NFS
+      fog_connection:
+        provider: Local
+        local_root: /var/vcap/shared
+    packages:
+      app_package_directory_key: cc-packages
+    droplets:
+      droplet_directory_key: cc-droplets
+
+  ccng: *cc
+
+  login:
+    protocol: <%= protocol %>
+    links:
+      home: <%= protocol %>://console.<%= dns %>
+      passwd: <%= protocol %>://console.<%= dns %>/password_resets/new
+      signup: <%= protocol %>://console.<%= dns %>/register
+
+  uaa:
+    url: <%= protocol %>://uaa.<%= dns %>
+    spring_profiles: postgresql
+    no_ssl: <%= no_ssl %>
+    catalina_opts: -Xmx768m -XX:MaxPermSize=256m
+    resource_id: account_manager
+    jwt:
+      signing_key: |
+        -----BEGIN RSA PRIVATE KEY-----
+        MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
+        JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
+        0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
+        AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
+        Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
+        KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
+        duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
+        xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
+        +5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
+        lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
+        jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
+        HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
+        4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
+        -----END RSA PRIVATE KEY-----
+      verification_key: |
+        -----BEGIN PUBLIC KEY-----
+        MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
+        KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
+        qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
+        spULZVNRxq7veq/fzwIDAQAB
+        -----END PUBLIC KEY-----
+    cc:
+      client_secret: <%= common_password %>
+    admin:
+      client_secret: <%= common_password %>
+    batch:
+      username: batch
+      password: <%= common_password %>
+    client:
+      autoapprove:
+        - cf
+        - my
+        - portal
+        - micro
+        - support-signon
+        - login
+    clients:
+      login:
+        override: true
+        scope: openid
+        authorities: oauth.login
+        secret: <%= common_password %>
+        authorized-grant-types: authorization_code,client_credentials,refresh_token
+        redirect-uri: <%= protocol %>://login.<%= dns %>
+      support-services:
+        scope: scim.write,scim.read,openid,cloud_controller.read,cloud_controller.write
+        secret: <%= common_password %>
+        authorized-grant-types: authorization_code,client_credentials
+        redirect-uri: <%= protocol %>://support-signon.<%= dns %>
+        authorities: portal.users.read
+        access-token-validity: 1209600
+        refresh-token-validity: 1209600
+      oauth2service:
+        secret: <%= common_password %>
+        scope: openid,cloud_controller.read,cloud_controller.write
+        authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
+        authorized-grant-types: client_credentials,implicit
+        redirect-uri: <%= protocol %>://rewritten-later.cloudfoundry.com/whatever
+        override: true
+        autoapprove: true
+      cf:
+        override: true
+        authorized-grant-types: password,implicit,refresh_token
+        authorities: uaa.none
+        scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
+        access-token-validity: 7200
+        refresh-token-validity: 1209600
+      servicesmgmt:
+        override: true
+        secret: <%= common_password %>
+        scope: openid,cloud_controller.read,cloud_controller.write
+        authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
+        authorized-grant-types: authorization_code,client_credentials,password,implicit
+        redirect-uri: <%= protocol %>://servicesmgmt.<%= dns %>/auth/cloudfoundry/callback
+        autoapprove: true
+    scim:
+      users:
+      - admin|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin
+      - services|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin