kite 0.0.2 → 0.0.3

data/tpl/gcp/concourse.tf

@@ -0,0 +1,62 @@
+resource "google_compute_subnetwork" "concourse-public-subnet-1" {
+  name          = "concourse-public-${var.region}-1"
+  ip_cidr_range = "10.150.0.0/16"
+  network       = "${google_compute_network.network.self_link}"
+}
+
+resource "google_compute_firewall" "concourse-public" {
+  name    = "concourse-public"
+  network = "${google_compute_network.network.name}"
+
+  allow {
+    protocol = "tcp"
+    ports    = ["80", "8080", "443", "4443"]
+  }
+  source_ranges = ["0.0.0.0/0"]
+
+  target_tags = ["concourse-public"]
+}
+
+resource "google_compute_firewall" "concourse-internal" {
+  name    = "concourse-internal"
+  network = "${google_compute_network.network.name}"
+
+  allow {
+    protocol = "icmp"
+  }
+
+  allow {
+    protocol = "tcp"
+  }
+
+  allow {
+    protocol = "udp"
+  }
+
+  target_tags = ["concourse-internal", "bosh-internal"]
+  source_tags = ["concourse-internal", "bosh-internal"]
+}
+
+resource "google_compute_address" "concourse" {
+  name = "concourse"
+}
+
+resource "google_compute_target_pool" "concourse-target-pool" {
+  name = "concourse-target-pool"
+}
+
+resource "google_compute_forwarding_rule" "concourse-http-forwarding-rule" {
+  name        = "concourse-http-forwarding-rule"
+  target      = "${google_compute_target_pool.concourse-target-pool.self_link}"
+  port_range  = "80-80"
+  ip_protocol = "TCP"
+  ip_address  = "${google_compute_address.concourse.address}"
+}
+
+resource "google_compute_forwarding_rule" "concourse-https-forwarding-rule" {
+  name        = "concourse-https-forwarding-rule"
+  target      = "${google_compute_target_pool.concourse-target-pool.self_link}"
+  port_range  = "443-443"
+  ip_protocol = "TCP"
+  ip_address  = "${google_compute_address.concourse.address}"
+}

data/tpl/gcp/concourse.yml.erb

@@ -0,0 +1,101 @@
+---
+<%
+['director_uuid', 'common_password', 'atc_password', 'external_ip'].each do |val|
+  if ENV[val].nil? || ENV[val].empty?
+    raise "Missing environment variable: #{val}"
+  end
+end
+
+director_uuid = ENV['director_uuid']
+external_url = "http://#{ENV['external_ip']}"
+common_password = ENV['common_password']
+atc_password = ENV['atc_password']
+deployment_name = "concourse"
+%>
+name: <%= deployment_name %>
+director_uuid: <%= director_uuid %>
+
+releases:
+- name: concourse
+  version: 2.5.0
+- name: garden-runc
+  version: 1.0.3
+
+instance_groups:
+- name: web
+  instances: 1
+  vm_type: common
+  azs: [z1]
+  vm_extensions: [concourse-lb]
+  stemcell: trusty
+  networks:
+  - name: public
+    default: [dns, gateway]
+
+  jobs:
+  - name: atc
+    release: concourse
+    properties:
+      bind_port: 80
+      external_url: <%= external_url %>
+      basic_auth_username: concourse
+      basic_auth_password: <%= atc_password %>
+      publicly_viewable: true
+
+      postgresql_database: &atc_db atc
+
+  - name: tsa
+    release: concourse
+    properties: {}
+
+- name: db
+  instances: 1
+  vm_type: common
+  azs: [z1]
+  stemcell: trusty
+  persistent_disk_type: database
+  networks: [{name: public}]
+  jobs:
+  - name: postgresql
+    release: concourse
+    properties:
+      databases:
+      - name: *atc_db
+        role: admin
+        password: <%= common_password %>
+
+- name: worker
+  instances: 1
+  vm_type: worker
+  azs: [z1]
+  stemcell: trusty
+  networks: [{name: public}]
+  jobs:
+  - name: groundcrew
+    release: concourse
+    properties:
+      additional_resource_types:
+      - type: gcs-resource
+        image: docker:///frodenas/gcs-resource
+  - name: baggageclaim
+    release: concourse
+    properties: {}
+  - name: garden
+    release: garden-runc
+    properties:
+      garden:
+        listen_network: tcp
+        listen_address: 0.0.0.0:7777
+        network_mtu: 1432
+
+update:
+  canaries: 1
+  max_in_flight: 1
+  serial: false
+  canary_watch_time: 1000-60000
+  update_watch_time: 1000-60000
+
+stemcells:
+- alias: trusty
+  os: ubuntu-trusty
+  version: latest

data/tpl/gcp/env.example.erb

@@ -0,0 +1,7 @@
+export projectid=<%= @values['gcp']['project_id'] %>
+
+export region=<%= @values['gcp']['region'] %>
+export zone=<%=@values['gcp']['zone'] %>
+export service_account_email=terraform-bosh@<%= @values['gcp']['project_id'] %>.iam.gserviceaccount.com
+
+export bastion_vm_name=bosh-bastion

data/tpl/gcp/main.tf

@@ -0,0 +1,107 @@
+variable "projectid" {
+    type = "string"
+    default = "REPLACE-WITH-YOUR-GOOGLE-PROJECT-ID"
+}
+
+variable "region" {
+    type = "string"
+    default = "us-east1"
+}
+
+variable "zone-1" {
+    type = "string"
+    default = "us-east1-d"
+}
+
+variable "name" {
+    type = "string"
+    default = "bosh"
+}
+
+provider "google" {
+    project = "${var.projectid}"
+    region = "${var.region}"
+}
+
+resource "google_compute_network" "network" {
+  name       = "${var.name}"
+}
+
+// Subnet for the BOSH director
+resource "google_compute_subnetwork" "bosh-subnet-1" {
+  name          = "bosh-${var.region}"
+  ip_cidr_range = "10.0.0.0/24"
+  network       = "${google_compute_network.network.self_link}"
+}
+
+// Allow SSH to BOSH bastion
+resource "google_compute_firewall" "bosh-bastion" {
+  name    = "bosh-bastion"
+  network = "${google_compute_network.network.name}"
+
+  allow {
+    protocol = "icmp"
+  }
+
+  allow {
+    protocol = "tcp"
+    ports    = ["22"]
+  }
+
+  target_tags = ["bosh-bastion"]
+}
+
+// Allow open access between internal MVs
+resource "google_compute_firewall" "bosh-internal" {
+  name    = "bosh-internal-${var.name}"
+  network = "${google_compute_network.network.name}"
+
+  allow {
+    protocol = "icmp"
+  }
+
+  allow {
+    protocol = "tcp"
+  }
+
+  allow {
+    protocol = "udp"
+  }
+  target_tags = ["bosh-internal"]
+  source_tags = ["bosh-internal"]
+}
+
+// BOSH bastion host
+resource "google_compute_instance" "bosh-bastion" {
+  name         = "bosh-bastion"
+  machine_type = "n1-standard-1"
+  zone         = "${var.zone-1}"
+
+  tags = ["bosh-bastion", "bosh-internal"]
+
+  disk {
+    image = "ubuntu-1404-trusty-v20160627"
+  }
+
+  network_interface {
+    subnetwork = "${google_compute_subnetwork.bosh-subnet-1.name}"
+    access_config {
+      // Ephemeral IP
+    }
+  }
+
+  metadata_startup_script = <<EOT
+#!/bin/bash
+apt-get update -y
+apt-get install -y build-essential zlibc zlib1g-dev ruby ruby-dev openssl libxslt-dev libxml2-dev libssl-dev libreadline6 libreadline6-dev libyaml-dev libsqlite3-dev sqlite3
+gem install bosh_cli
+curl -o /tmp/cf.tgz https://s3.amazonaws.com/go-cli/releases/v6.20.0/cf-cli_6.20.0_linux_x86-64.tgz
+tar -zxvf /tmp/cf.tgz && mv cf /usr/bin/cf && chmod +x /usr/bin/cf
+curl -o /usr/bin/bosh-init https://s3.amazonaws.com/bosh-init-artifacts/bosh-init-0.0.96-linux-amd64
+chmod +x /usr/bin/bosh-init
+EOT
+
+  service_account {
+    scopes = ["cloud-platform"]
+  }
+}

data/tpl/gcp/manifest.yml.erb

@@ -0,0 +1,173 @@
+---
+<%
+['region', 'project_id', 'zone', 'ssh_key_path'].each do |val|
+  if @values['gcp'][val].to_s.empty?
+    raise "Missing value: #{val}"
+  end
+end
+
+region = @values['gcp']['region']
+project_id = @values['gcp']['project_id']
+zone = @values['gcp']['zone']
+ssh_key_path = @values['gcp']['ssh_key_path']
+%>
+name: bosh
+
+releases:
+  - name: bosh
+    url: https://bosh.io/d/github.com/cloudfoundry/bosh?v=260.1
+    sha1: 7fb8e99e28b67df6604e97ef061c5425460518d3
+  - name: bosh-google-cpi
+    url: https://bosh.io/d/github.com/cloudfoundry-incubator/bosh-google-cpi-release?v=25.6.2
+    sha1: b4865397d867655fdcc112bc5a7f9a5025cdf311
+
+resource_pools:
+  - name: vms
+    network: private
+    stemcell:
+      url: https://bosh.io/d/stemcells/bosh-google-kvm-ubuntu-trusty-go_agent?v=3312.12
+      sha1: 3a2c407be6c1b3d04bb292ceb5007159100c85d7
+    cloud_properties:
+      zone: <%=zone %>
+      machine_type: n1-standard-4
+      root_disk_size_gb: 40
+      root_disk_type: pd-standard
+      service_scopes:
+        - compute
+        - devstorage.full_control
+
+disk_pools:
+  - name: disks
+    disk_size: 32_768
+    cloud_properties:
+      type: pd-standard
+
+networks:
+  - name: vip
+    type: vip
+  - name: private
+    type: manual
+    subnets:
+    - range: 10.0.0.0/29
+      gateway: 10.0.0.1
+      static: [10.0.0.3-10.0.0.7]
+      cloud_properties:
+        network_name: bosh
+        subnetwork_name: bosh-<%=region %>
+        ephemeral_external_ip: true
+        tags:
+          - bosh-internal
+
+jobs:
+  - name: bosh
+    instances: 1
+
+    templates:
+      - name: nats
+        release: bosh
+      - name: postgres
+        release: bosh
+      - name: powerdns
+        release: bosh
+      - name: blobstore
+        release: bosh
+      - name: director
+        release: bosh
+      - name: health_monitor
+        release: bosh
+      - name: google_cpi
+        release: bosh-google-cpi
+
+    resource_pool: vms
+    persistent_disk_pool: disks
+
+    networks:
+      - name: private
+        static_ips: [10.0.0.6]
+        default:
+          - dns
+          - gateway
+
+    properties:
+      nats:
+        address: 127.0.0.1
+        user: nats
+        password: nats-password
+
+      postgres: &db
+        listen_address: 127.0.0.1
+        host: 127.0.0.1
+        user: postgres
+        password: postgres-password
+        database: bosh
+        adapter: postgres
+
+      dns:
+        address: 10.0.0.6
+        domain_name: microbosh
+        db: *db
+        recursor: 169.254.169.254
+
+      blobstore:
+        address: 10.0.0.6
+        port: 25250
+        provider: dav
+        director:
+          user: director
+          password: director-password
+        agent:
+          user: agent
+          password: agent-password
+
+      director:
+        address: 127.0.0.1
+        name: micro-google
+        db: *db
+        cpi_job: google_cpi
+        user_management:
+          provider: local
+          local:
+            users:
+              - name: admin
+                password: admin
+              - name: hm
+                password: hm-password
+      hm:
+        director_account:
+          user: hm
+          password: hm-password
+        resurrector_enabled: true
+
+      google: &google_properties
+        project: <%=project_id %>
+
+      agent:
+        mbus: nats://nats:nats-password@10.0.0.6:4222
+        ntp: *ntp
+        blobstore:
+           options:
+             endpoint: http://10.0.0.6:25250
+             user: agent
+             password: agent-password
+
+      ntp: &ntp
+        - 169.254.169.254
+
+cloud_provider:
+  template:
+    name: google_cpi
+    release: bosh-google-cpi
+
+  ssh_tunnel:
+    host: 10.0.0.6
+    port: 22
+    user: bosh
+    private_key: <%=ssh_key_path %>
+
+  mbus: https://mbus:mbus-password@10.0.0.6:6868
+
+  properties:
+    google: *google_properties
+    agent: {mbus: "https://mbus:mbus-password@0.0.0.0:6868"}
+    blobstore: {provider: local, path: /var/vcap/micro_bosh/data/cache}
+    ntp: *ntp