RubyGems - bosh-cloudfoundry - Versions diffs - 0.7.0.alpha.4 → 0.7.0.alpha.5 - Mend

bosh-cloudfoundry 0.7.0.alpha.4 → 0.7.0.alpha.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

data/bosh-cloudfoundry.gemspec +1 -1
data/bosh_release/.final_builds/jobs/cloud_controller_ng/index.yml +5 -0
data/bosh_release/.final_builds/jobs/collector/index.yml +5 -0
data/bosh_release/.final_builds/jobs/dea_next/index.yml +5 -0
data/bosh_release/.final_builds/jobs/health_manager_next/index.yml +5 -0
data/bosh_release/.final_builds/jobs/login/index.yml +5 -0
data/bosh_release/.final_builds/jobs/nats/index.yml +5 -0
data/bosh_release/.final_builds/jobs/syslog_aggregator/index.yml +5 -0
data/bosh_release/.final_builds/jobs/uaa/index.yml +5 -0
data/bosh_release/.final_builds/packages/buildpack_cache/index.yml +5 -0
data/bosh_release/.final_builds/packages/cloud_controller_ng/index.yml +5 -0
data/bosh_release/.final_builds/packages/collector/index.yml +5 -0
data/bosh_release/.final_builds/packages/dea_next/index.yml +5 -0
data/bosh_release/.final_builds/packages/gorouter/index.yml +5 -0
data/bosh_release/.final_builds/packages/login/index.yml +5 -0
data/bosh_release/.final_builds/packages/uaa/index.yml +5 -0
data/bosh_release/.final_builds/packages/warden/index.yml +5 -0
data/bosh_release/releases/cf-release-133.yml +303 -0
data/bosh_release/releases/index.yml +2 -0
data/lib/bosh/cloudfoundry.rb +3 -0
data/lib/bosh/cloudfoundry/release_version.rb +1 -1
data/spec/assets/v132/aws/medium.yml +1 -1
data/spec/assets/v133/aws/large.yml +393 -0
data/spec/assets/v133/aws/medium.yml +361 -0
data/spec/deployment_file_spec.rb +16 -8
data/spec/plugin_spec.rb +1 -1
data/spec/release_version_cpi_spec.rb +2 -2
data/spec/release_version_spec.rb +3 -3
data/templates/v132/aws/medium/deployment_file.yml.erb +4 -4
data/templates/v133/aws/large/deployment_file.yml.erb +431 -0
data/templates/v133/aws/large/spec +6 -0
data/templates/v133/aws/medium/deployment_file.yml.erb +398 -0
data/templates/v133/aws/medium/spec +6 -0
data/templates/v133/aws/small/README.md +5 -0
data/templates/v133/aws/spec +6 -0
data/templates/v133/openstack/large/deployment_file.yml.erb +431 -0
data/templates/v133/openstack/large/spec +6 -0
data/templates/v133/openstack/medium/deployment_file.yml.erb +387 -0
data/templates/v133/openstack/medium/spec +6 -0
data/templates/v133/openstack/spec +6 -0
metadata +18 -2

data/templates/v133/aws/large/spec ADDED

@@ -0,0 +1,6 @@
+---
+resources:
+- small
+- medium
+- large
+- xlarge

data/templates/v133/aws/medium/deployment_file.yml.erb ADDED

@@ -0,0 +1,398 @@
+---
+<%-
+# Example source deployment file that can be used:
+# ---
+# name: NAME
+# director_uuid: 4ae3a0f0-70a5-4c0d-95f2-7fafaefe8b9e
+# releases:
+#  - name: cf-release
+#    version: 132
+# networks: {}
+# properties:
+#   cf:
+#     dns: mycloud.com
+#     ip_addresses: ['1.2.3.4']
+#     deployment_size: medium
+#     security_group: cf
+#     persistent_disk: 4096
+#
+# Then target that deployment file:
+#
+#     $ bosh deployment path/to/file/above
+#
+# Then apply this template:
+#
+#     $ bosh diff deployment_file.yml.erb
+#
+no_ssl          = true
+protocol        = no_ssl ? "http" : "https"
+name            = find("name")
+dns             = find("properties.cf.dns")
+ip_addresses    = find("properties.cf.ip_addresses")
+security_group  = find("properties.cf.security_group")
+deployment_size = find("properties.cf.deployment_size")
+persistent_disk = find("properties.cf.persistent_disk")
+common_password = find("properties.cf.common_password")
+-%>
+name: <%= name %>
+director_uuid: <%= find("director_uuid") %>
+releases:
+ - name: cf-release
+   version: <%= find("releases.version") %>
+networks:
+- name: floating
+  type: vip
+  cloud_properties: {}
+- name: default
+  type: dynamic
+  cloud_properties:
+    security_groups:
+    - <%= security_group %>
+update:
+  canaries: 1
+  canary_watch_time: 30000-600000
+  update_watch_time: 30000-600000
+  max_in_flight: 4
+  max_errors: 1
+compilation:
+  workers: 6
+  network: default
+  reuse_compilation_vms: true
+  cloud_properties:
+    instance_type: m1.medium
+resource_pools:
+  - name: small
+    network: default
+    size: 3
+    stemcell:
+      name: bosh-stemcell
+      version: latest
+    cloud_properties:
+      instance_type: m1.small
+  - name: medium
+    network: default
+    size: 2
+    stemcell:
+      name: bosh-stemcell
+      version: latest
+    cloud_properties:
+      instance_type: m1.medium
+jobs:
+  - name: data
+    release: cf-release
+    template:
+      - postgres
+      - debian_nfs_server
+    instances: 1
+    resource_pool: small
+    persistent_disk: <%= persistent_disk %>
+    networks:
+    - name: default
+      default:
+      - dns
+      - gateway
+    properties:
+      db: databases
+  - name: core
+    release: cf-release
+    template:
+      - syslog_aggregator
+      - nats
+      - health_manager_next
+      - collector
+      - login
+    instances: 1
+    resource_pool: medium
+    networks:
+    - name: default
+      default:
+      - dns
+      - gateway
+  # need a separate job for uaa due to https://github.com/cloudfoundry/cf-release/issues/104
+  - name: uaa
+    release: cf-release
+    template:
+      - uaa
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]
+  - name: api
+    release: cf-release
+    template:
+      - cloud_controller_ng
+      - gorouter
+    instances: 1
+    resource_pool: medium
+    networks:
+    - name: default
+      default:
+      - dns
+      - gateway
+    - name: floating
+      static_ips:
+      <%- ip_addresses.each do |ip| -%>
+      - <%= ip %>
+      <%- end -%>
+    properties:
+      db: databases
+  - name: dea
+    release: cf-release
+    template:
+      - dea_next
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]
+properties:
+  cf:
+    name: <%= name %>
+    dns: <%= dns %>
+    ip_addresses: <%= ip_addresses.inspect %>
+    deployment_size: <%= deployment_size %>
+    security_group: <%= security_group %>
+    persistent_disk: <%= persistent_disk %>
+    common_password: <%= common_password %>
+  domain: <%= dns %>
+  system_domain: <%= dns %>.com
+  system_domain_organization: system_domain
+  app_domains:
+    - <%= dns %>
+  networks:
+    apps: default
+    management: default
+  nats:
+    address: 0.core.default.<%= name %>.microbosh
+    port: 4222
+    user: nats
+    password: <%= common_password %>
+    authorization_timeout: 5
+  router:
+    port: 8081
+    status:
+      port: 8080
+      user: gorouter
+      password: <%= common_password %>
+  dea: &dea
+    max_memory: 4096
+    memory_mb: 4084
+    memory_overcommit_factor: 4
+    disk_mb: 4096
+    disk_overcommit_factor: 4
+  dea_next: *dea
+  service_lifecycle:
+    serialization_data_server:
+    - 0.core.default.<%= name %>.microbosh
+  syslog_aggregator:
+    address: 0.core.default.<%= name %>.microbosh
+    port: 54321
+  serialization_data_server:
+    port: 8080
+    logging_level: debug
+    upload_token: <%= common_password %>
+    upload_timeout: 10
+  collector:
+    deployment_name: cf
+    use_tsdb: false
+    use_aws_cloudwatch: false
+    use_datadog: false
+  nfs_server:
+    address: 0.data.default.<%= name %>.microbosh
+    #network: "*.<%= name %>.microbosh"
+    #idmapd_domain: <%= dns %>
+  debian_nfs_server:
+    no_root_squash: true
+  databases: &databases
+    db_scheme: postgres
+    address: 0.data.default.<%= name %>.microbosh
+    port: 5524
+    roles:
+      - tag: admin
+        name: ccadmin
+        password: <%= common_password %>
+      - tag: admin
+        name: uaaadmin
+        password: <%= common_password %>
+    databases:
+      - tag: cc
+        name: ccdb
+        citext: true
+      - tag: uaa
+        name: uaadb
+        citext: true
+  ccdb: &ccdb
+    db_scheme: postgres
+    address: 0.data.default.<%= name %>.microbosh
+    port: 5524
+    roles:
+      - tag: admin
+        name: ccadmin
+        password: <%= common_password %>
+    databases:
+      - tag: cc
+        name: ccdb
+        citext: true
+  ccdb_ng: *ccdb
+  uaadb:
+    db_scheme: postgresql
+    address: 0.data.default.<%= name %>.microbosh
+    port: 5524
+    roles:
+      - tag: admin
+        name: uaaadmin
+        password: <%= common_password %>
+    databases:
+      - tag: uaa
+        name: uaadb
+        citext: true
+  cc_api_version: v2
+  cc: &cc
+    logging_level: debug
+    external_host: ccng
+    srv_api_uri: <%= protocol %>://api.<%= dns %>
+    cc_partition: default
+    db_encryption_key: <%= common_password %>
+    bootstrap_admin_email: admin@<%= dns %>
+    bulk_api_password: <%= common_password %>
+    uaa_resource_id: cloud_controller
+    staging_upload_user: uploaduser
+    staging_upload_password: <%= common_password %>
+    resource_pool:
+      resource_directory_key: cc-resources
+      # Local provider when using NFS
+      fog_connection:
+        provider: Local
+        local_root: /var/vcap/shared
+    packages:
+      app_package_directory_key: cc-packages
+    droplets:
+      droplet_directory_key: cc-droplets
+  ccng: *cc
+  login:
+    protocol: <%= protocol %>
+    links:
+      home: <%= protocol %>://console.<%= dns %>
+      passwd: <%= protocol %>://console.<%= dns %>/password_resets/new
+      signup: <%= protocol %>://console.<%= dns %>/register
+  uaa:
+    url: <%= protocol %>://uaa.<%= dns %>
+    spring_profiles: postgresql
+    no_ssl: <%= no_ssl %>
+    catalina_opts: -Xmx768m -XX:MaxPermSize=256m
+    resource_id: account_manager
+    jwt:
+      signing_key: |
+        -----BEGIN RSA PRIVATE KEY-----
+        MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
+        JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
+        0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
+        AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
+        Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
+        KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
+        duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
+        xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
+        +5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
+        lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
+        jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
+        HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
+        4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
+        -----END RSA PRIVATE KEY-----
+      verification_key: |
+        -----BEGIN PUBLIC KEY-----
+        MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
+        KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
+        qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
+        spULZVNRxq7veq/fzwIDAQAB
+        -----END PUBLIC KEY-----
+    cc:
+      client_secret: <%= common_password %>
+    admin:
+      client_secret: <%= common_password %>
+    batch:
+      username: batchuser
+      password: <%= common_password %>
+    client:
+      autoapprove:
+        - cf
+        - my
+        - micro
+        - support-signon
+        - login
+    clients:
+      login:
+        override: true
+        scope: openid
+        authorities: oauth.login
+        secret: <%= common_password %>
+        authorized-grant-types: authorization_code,client_credentials,refresh_token
+        redirect-uri: <%= protocol %>://login.<%= dns %>
+      support-services:
+        scope: scim.write,scim.read,openid,cloud_controller.read,cloud_controller.write
+        secret: <%= common_password %>
+        authorized-grant-types: authorization_code,client_credentials
+        redirect-uri: <%= protocol %>://support-signon.<%= dns %>
+        authorities: portal.users.read
+        access-token-validity: 1209600
+        refresh-token-validity: 1209600
+      oauth2service:
+        secret: <%= common_password %>
+        scope: openid,cloud_controller.read,cloud_controller.write
+        authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
+        authorized-grant-types: client_credentials,implicit
+        redirect-uri: <%= protocol %>://rewritten-later.cloudfoundry.com/whatever
+        override: true
+        autoapprove: true
+      cf:
+        override: true
+        authorized-grant-types: password,implicit,refresh_token
+        authorities: uaa.none
+        scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
+        access-token-validity: 7200
+        refresh-token-validity: 1209600
+      servicesmgmt:
+        override: true
+        secret: <%= common_password %>
+        scope: openid,cloud_controller.read,cloud_controller.write
+        authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
+        authorized-grant-types: authorization_code,client_credentials,password,implicit
+        redirect-uri: <%= protocol %>://servicesmgmt.mycloud.com/auth/cloudfoundry/callback
+        autoapprove: true
+    scim:
+      users:
+      - admin|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin
+      - services|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin

data/templates/v133/aws/medium/spec ADDED

@@ -0,0 +1,6 @@
+---
+resources:
+- small
+- medium
+- large
+- xlarge

data/templates/v133/aws/small/README.md ADDED

@@ -0,0 +1,5 @@
+# Small deployment of Cloud Foundry on AWS
+The plan for a small deployment is to colocate everything on a single VM; and allow for scaling in one direction - more/bigger DEAs.
+This cannot currently be implemented until a final release of [cf-release](https://github.com/cloudfoundry/cf-release) is published that includes `properties` in each job's `spec` file.

data/templates/v133/aws/spec ADDED

@@ -0,0 +1,6 @@
+---
+deployment_sizes:
+- medium
+- large
+default_deployment_size: medium

data/templates/v133/openstack/large/deployment_file.yml.erb ADDED

@@ -0,0 +1,431 @@
+---
+<%-
+# Example source deployment file that can be used:
+# ---
+# name: NAME
+# director_uuid: 4ae3a0f0-70a5-4c0d-95f2-7fafaefe8b9e
+# releases:
+#  - name: cf-release
+#    version: 132
+# networks: {}
+# properties:
+#   cf:
+#     dns: mycloud.com
+#     ip_addresses: ['1.2.3.4']
+#     deployment_size: medium
+#     security_group: cf
+#     persistent_disk: 4096
+#
+# Then target that deployment file:
+#
+#     $ bosh deployment path/to/file/above
+#
+# Then apply this template:
+#
+#     $ bosh diff deployment_file.yml.erb
+#
+name            = find("name")
+dns             = find("properties.cf.dns")
+ip_addresses    = find("properties.cf.ip_addresses")
+security_group  = find("properties.cf.security_group")
+deployment_size = find("properties.cf.deployment_size")
+persistent_disk = find("properties.cf.persistent_disk")
+common_password = find("properties.cf.common_password")
+no_ssl          = true
+protocol        = no_ssl ? "http" : "https"
+-%>
+name: <%= name %>
+director_uuid: <%= find("director_uuid") %>
+releases:
+ - name: cf-release
+   version: <%= find("releases.version") %>
+networks:
+- name: floating
+  type: vip
+  cloud_properties: {}
+- name: default
+  type: dynamic
+  cloud_properties:
+    security_groups:
+    - <%= security_group %>
+compilation:
+  workers: 6
+  network: default
+  reuse_compilation_vms: true
+  cloud_properties:
+    instance_type: m1.medium
+update:
+  canaries: 1
+  canary_watch_time: 30000-600000
+  update_watch_time: 30000-600000
+  max_in_flight: 4
+  max_errors: 1
+resource_pools:
+  - name: small
+    network: default
+    size: 9
+    stemcell:
+      name: bosh-stemcell
+      version: latest
+    cloud_properties:
+      instance_type: m1.small
+  - name: large
+    network: default
+    size: 1
+    stemcell:
+      name: bosh-stemcell
+      version: latest
+    cloud_properties:
+      instance_type: m1.large
+jobs:
+  - name: syslog_aggregator
+    release: cf-release
+    template:
+      - syslog_aggregator
+    instances: 1
+    resource_pool: small
+    persistent_disk: 65536
+    networks:
+      - name: default
+        default: [dns, gateway]
+  - name: postgres
+    release: cf-release
+    template:
+      - postgres
+    instances: 1
+    resource_pool: small
+    persistent_disk: 65536
+    networks:
+      - name: default
+        default: [dns, gateway]
+    properties:
+      db: databases
+  - name: nfs_server
+    release: cf-release
+    template:
+      - debian_nfs_server
+    instances: 1
+    resource_pool: small
+    persistent_disk: 65536
+    networks:
+      - name: default
+        default: [dns, gateway]
+  - name: nats
+    release: cf-release
+    template:
+      - nats
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]
+  - name: uaa
+    release: cf-release
+    template:
+      - uaa
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]
+  - name: login
+    release: cf-release
+    template:
+      - login
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]
+  - name: cloud_controller
+    release: cf-release
+    template:
+      - cloud_controller_ng
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]
+    properties:
+      ccdb: ccdb
+  - name: router
+    release: cf-release
+    template:
+      - gorouter
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]
+      - name: floating
+        static_ips:
+        <%- ip_addresses.each do |ip| -%>
+        - <%= ip %>
+        <%- end -%>
+  - name: health_manager
+    release: cf-release
+    template:
+      - health_manager_next
+    instances: 1
+    resource_pool: small
+    networks:
+      - name: default
+        default: [dns, gateway]
+  - name: dea
+    release: cf-release
+    template: dea_next
+    instances: 1
+    resource_pool: large
+    networks:
+      - name: default
+        default: [dns, gateway]
+properties:
+  cf:
+    name: <%= name %>
+    dns: <%= dns %>
+    ip_addresses: <%= ip_addresses.inspect %>
+    deployment_size: <%= deployment_size %>
+    security_group: <%= security_group %>
+    persistent_disk: <%= persistent_disk %>
+    common_password: <%= common_password %>
+  domain: <%= dns %>
+  system_domain: <%= dns %>
+  system_domain_organization: <%= dns %>
+  app_domains:
+    - <%= dns %>
+  networks:
+    apps: default
+    management: default
+  nats:
+    address: 0.nats.default.<%= name %>.microbosh
+    port: 4222
+    user: nats
+    password: <%= common_password %>
+    authorization_timeout: 5
+  router:
+    port: 8081
+    status:
+      port: 8080
+      user: gorouter
+      password: <%= common_password %>
+  dea: &dea
+    max_memory: 4096
+    memory_mb: 4096
+    memory_overcommit_factor: 4
+    disk_mb: 16384
+    disk_overcommit_factor: 4
+  dea_next: *dea
+  service_lifecycle:
+    serialization_data_server:
+    - 169.254.1.1
+  syslog_aggregator:
+    address: 0.syslog-aggregator.default.<%= name %>.microbosh
+    port: 54321
+  serialization_data_server:
+    port: 8080
+    logging_level: debug
+    upload_token: <%= common_password %>
+    upload_timeout: 10
+  nfs_server:
+    address: 0.nfs-server.default.<%= name %>.microbosh
+    network: "*.<%= name %>.microbosh"
+    idmapd_domain: <%= dns %>
+  debian_nfs_server:
+    no_root_squash: true
+  databases: &databases
+    db_scheme: postgres
+    address: 0.postgres.default.<%= name %>.microbosh
+    port: 5524
+    roles:
+      - tag: admin
+        name: ccadmin
+        password: <%= common_password %>
+      - tag: admin
+        name: uaaadmin
+        password: <%= common_password %>
+    databases:
+      - tag: cc
+        name: ccdb
+        citext: true
+      - tag: uaa
+        name: uaadb
+        citext: true
+  ccdb: &ccdb
+    db_scheme: postgres
+    address: 0.postgres.default.<%= name %>.microbosh
+    port: 5524
+    roles:
+      - tag: admin
+        name: ccadmin
+        password: <%= common_password %>
+    databases:
+      - tag: cc
+        name: ccdb
+        citext: true
+  ccdb_ng: *ccdb
+  uaadb:
+    db_scheme: postgresql
+    address: 0.postgres.default.<%= name %>.microbosh
+    port: 5524
+    roles:
+      - tag: admin
+        name: uaaadmin
+        password: <%= common_password %>
+    databases:
+      - tag: uaa
+        name: uaadb
+        citext: true
+  cc_api_version: v2
+  cc: &cc
+    logging_level: debug
+    external_host: ccng
+    srv_api_uri: <%= protocol %>://api.<%= dns %>
+    cc_partition: default
+    db_encryption_key: <%= common_password %>
+    bootstrap_admin_email: admin@<%= dns %>
+    bulk_api_password: <%= common_password %>
+    uaa_resource_id: cloud_controller
+    staging_upload_user: uploaduser
+    staging_upload_password: <%= common_password %>
+    resource_pool:
+      resource_directory_key: cc-resources
+      # Local provider when using NFS
+      fog_connection:
+        provider: Local
+        local_root: /var/vcap/shared
+    packages:
+      app_package_directory_key: cc-packages
+    droplets:
+      droplet_directory_key: cc-droplets
+  ccng: *cc
+  login:
+    protocol: <%= protocol %>
+    links:
+      home: <%= protocol %>://console.<%= dns %>
+      passwd: <%= protocol %>://console.<%= dns %>/password_resets/new
+      signup: <%= protocol %>://console.<%= dns %>/register
+  uaa:
+    url: <%= protocol %>://uaa.<%= dns %>
+    spring_profiles: postgresql
+    no_ssl: <%= no_ssl %>
+    catalina_opts: -Xmx768m -XX:MaxPermSize=256m
+    resource_id: account_manager
+    jwt:
+      signing_key: |
+        -----BEGIN RSA PRIVATE KEY-----
+        MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
+        JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
+        0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
+        AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
+        Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
+        KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
+        duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
+        xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
+        +5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
+        lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
+        jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
+        HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
+        4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
+        -----END RSA PRIVATE KEY-----
+      verification_key: |
+        -----BEGIN PUBLIC KEY-----
+        MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
+        KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
+        qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
+        spULZVNRxq7veq/fzwIDAQAB
+        -----END PUBLIC KEY-----
+    cc:
+      client_secret: <%= common_password %>
+    admin:
+      client_secret: <%= common_password %>
+    batch:
+      username: batch
+      password: <%= common_password %>
+    client:
+      autoapprove:
+        - cf
+        - my
+        - portal
+        - micro
+        - support-signon
+        - login
+    clients:
+      login:
+        override: true
+        scope: openid
+        authorities: oauth.login
+        secret: <%= common_password %>
+        authorized-grant-types: authorization_code,client_credentials,refresh_token
+        redirect-uri: <%= protocol %>://login.<%= dns %>
+      support-services:
+        scope: scim.write,scim.read,openid,cloud_controller.read,cloud_controller.write
+        secret: <%= common_password %>
+        authorized-grant-types: authorization_code,client_credentials
+        redirect-uri: <%= protocol %>://support-signon.<%= dns %>
+        authorities: portal.users.read
+        access-token-validity: 1209600
+        refresh-token-validity: 1209600
+      oauth2service:
+        secret: <%= common_password %>
+        scope: openid,cloud_controller.read,cloud_controller.write
+        authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
+        authorized-grant-types: client_credentials,implicit
+        redirect-uri: <%= protocol %>://rewritten-later.cloudfoundry.com/whatever
+        override: true
+        autoapprove: true
+      cf:
+        override: true
+        authorized-grant-types: password,implicit,refresh_token
+        authorities: uaa.none
+        scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
+        access-token-validity: 7200
+        refresh-token-validity: 1209600
+      servicesmgmt:
+        override: true
+        secret: <%= common_password %>
+        scope: openid,cloud_controller.read,cloud_controller.write
+        authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
+        authorized-grant-types: authorization_code,client_credentials,password,implicit
+        redirect-uri: <%= protocol %>://servicesmgmt.<%= dns %>/auth/cloudfoundry/callback
+        autoapprove: true
+    scim:
+      users:
+      - admin|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin
+      - services|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin