kite 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,62 @@
1
+ resource "google_compute_subnetwork" "concourse-public-subnet-1" {
2
+ name = "concourse-public-${var.region}-1"
3
+ ip_cidr_range = "10.150.0.0/16"
4
+ network = "${google_compute_network.network.self_link}"
5
+ }
6
+
7
+ resource "google_compute_firewall" "concourse-public" {
8
+ name = "concourse-public"
9
+ network = "${google_compute_network.network.name}"
10
+
11
+ allow {
12
+ protocol = "tcp"
13
+ ports = ["80", "8080", "443", "4443"]
14
+ }
15
+ source_ranges = ["0.0.0.0/0"]
16
+
17
+ target_tags = ["concourse-public"]
18
+ }
19
+
20
+ resource "google_compute_firewall" "concourse-internal" {
21
+ name = "concourse-internal"
22
+ network = "${google_compute_network.network.name}"
23
+
24
+ allow {
25
+ protocol = "icmp"
26
+ }
27
+
28
+ allow {
29
+ protocol = "tcp"
30
+ }
31
+
32
+ allow {
33
+ protocol = "udp"
34
+ }
35
+
36
+ target_tags = ["concourse-internal", "bosh-internal"]
37
+ source_tags = ["concourse-internal", "bosh-internal"]
38
+ }
39
+
40
+ resource "google_compute_address" "concourse" {
41
+ name = "concourse"
42
+ }
43
+
44
+ resource "google_compute_target_pool" "concourse-target-pool" {
45
+ name = "concourse-target-pool"
46
+ }
47
+
48
+ resource "google_compute_forwarding_rule" "concourse-http-forwarding-rule" {
49
+ name = "concourse-http-forwarding-rule"
50
+ target = "${google_compute_target_pool.concourse-target-pool.self_link}"
51
+ port_range = "80-80"
52
+ ip_protocol = "TCP"
53
+ ip_address = "${google_compute_address.concourse.address}"
54
+ }
55
+
56
+ resource "google_compute_forwarding_rule" "concourse-https-forwarding-rule" {
57
+ name = "concourse-https-forwarding-rule"
58
+ target = "${google_compute_target_pool.concourse-target-pool.self_link}"
59
+ port_range = "443-443"
60
+ ip_protocol = "TCP"
61
+ ip_address = "${google_compute_address.concourse.address}"
62
+ }
@@ -0,0 +1,101 @@
1
+ ---
2
+ <%
3
+ ['director_uuid', 'common_password', 'atc_password', 'external_ip'].each do |val|
4
+ if ENV[val].nil? || ENV[val].empty?
5
+ raise "Missing environment variable: #{val}"
6
+ end
7
+ end
8
+
9
+ director_uuid = ENV['director_uuid']
10
+ external_url = "http://#{ENV['external_ip']}"
11
+ common_password = ENV['common_password']
12
+ atc_password = ENV['atc_password']
13
+ deployment_name = "concourse"
14
+ %>
15
+ name: <%= deployment_name %>
16
+ director_uuid: <%= director_uuid %>
17
+
18
+ releases:
19
+ - name: concourse
20
+ version: 2.5.0
21
+ - name: garden-runc
22
+ version: 1.0.3
23
+
24
+ instance_groups:
25
+ - name: web
26
+ instances: 1
27
+ vm_type: common
28
+ azs: [z1]
29
+ vm_extensions: [concourse-lb]
30
+ stemcell: trusty
31
+ networks:
32
+ - name: public
33
+ default: [dns, gateway]
34
+
35
+ jobs:
36
+ - name: atc
37
+ release: concourse
38
+ properties:
39
+ bind_port: 80
40
+ external_url: <%= external_url %>
41
+ basic_auth_username: concourse
42
+ basic_auth_password: <%= atc_password %>
43
+ publicly_viewable: true
44
+
45
+ postgresql_database: &atc_db atc
46
+
47
+ - name: tsa
48
+ release: concourse
49
+ properties: {}
50
+
51
+ - name: db
52
+ instances: 1
53
+ vm_type: common
54
+ azs: [z1]
55
+ stemcell: trusty
56
+ persistent_disk_type: database
57
+ networks: [{name: public}]
58
+ jobs:
59
+ - name: postgresql
60
+ release: concourse
61
+ properties:
62
+ databases:
63
+ - name: *atc_db
64
+ role: admin
65
+ password: <%= common_password %>
66
+
67
+ - name: worker
68
+ instances: 1
69
+ vm_type: worker
70
+ azs: [z1]
71
+ stemcell: trusty
72
+ networks: [{name: public}]
73
+ jobs:
74
+ - name: groundcrew
75
+ release: concourse
76
+ properties:
77
+ additional_resource_types:
78
+ - type: gcs-resource
79
+ image: docker:///frodenas/gcs-resource
80
+ - name: baggageclaim
81
+ release: concourse
82
+ properties: {}
83
+ - name: garden
84
+ release: garden-runc
85
+ properties:
86
+ garden:
87
+ listen_network: tcp
88
+ listen_address: 0.0.0.0:7777
89
+ network_mtu: 1432
90
+
91
+ update:
92
+ canaries: 1
93
+ max_in_flight: 1
94
+ serial: false
95
+ canary_watch_time: 1000-60000
96
+ update_watch_time: 1000-60000
97
+
98
+ stemcells:
99
+ - alias: trusty
100
+ os: ubuntu-trusty
101
+ version: latest
@@ -0,0 +1,7 @@
1
+ export projectid=<%= @values['gcp']['project_id'] %>
2
+
3
+ export region=<%= @values['gcp']['region'] %>
4
+ export zone=<%=@values['gcp']['zone'] %>
5
+ export service_account_email=terraform-bosh@<%= @values['gcp']['project_id'] %>.iam.gserviceaccount.com
6
+
7
+ export bastion_vm_name=bosh-bastion
data/tpl/gcp/main.tf ADDED
@@ -0,0 +1,107 @@
1
+ variable "projectid" {
2
+ type = "string"
3
+ default = "REPLACE-WITH-YOUR-GOOGLE-PROJECT-ID"
4
+ }
5
+
6
+ variable "region" {
7
+ type = "string"
8
+ default = "us-east1"
9
+ }
10
+
11
+ variable "zone-1" {
12
+ type = "string"
13
+ default = "us-east1-d"
14
+ }
15
+
16
+ variable "name" {
17
+ type = "string"
18
+ default = "bosh"
19
+ }
20
+
21
+ provider "google" {
22
+ project = "${var.projectid}"
23
+ region = "${var.region}"
24
+ }
25
+
26
+ resource "google_compute_network" "network" {
27
+ name = "${var.name}"
28
+ }
29
+
30
+ // Subnet for the BOSH director
31
+ resource "google_compute_subnetwork" "bosh-subnet-1" {
32
+ name = "bosh-${var.region}"
33
+ ip_cidr_range = "10.0.0.0/24"
34
+ network = "${google_compute_network.network.self_link}"
35
+ }
36
+
37
+ // Allow SSH to BOSH bastion
38
+ resource "google_compute_firewall" "bosh-bastion" {
39
+ name = "bosh-bastion"
40
+ network = "${google_compute_network.network.name}"
41
+
42
+ allow {
43
+ protocol = "icmp"
44
+ }
45
+
46
+ allow {
47
+ protocol = "tcp"
48
+ ports = ["22"]
49
+ }
50
+
51
+ target_tags = ["bosh-bastion"]
52
+ }
53
+
54
+ // Allow open access between internal MVs
55
+ resource "google_compute_firewall" "bosh-internal" {
56
+ name = "bosh-internal-${var.name}"
57
+ network = "${google_compute_network.network.name}"
58
+
59
+ allow {
60
+ protocol = "icmp"
61
+ }
62
+
63
+ allow {
64
+ protocol = "tcp"
65
+ }
66
+
67
+ allow {
68
+ protocol = "udp"
69
+ }
70
+ target_tags = ["bosh-internal"]
71
+ source_tags = ["bosh-internal"]
72
+ }
73
+
74
+ // BOSH bastion host
75
+ resource "google_compute_instance" "bosh-bastion" {
76
+ name = "bosh-bastion"
77
+ machine_type = "n1-standard-1"
78
+ zone = "${var.zone-1}"
79
+
80
+ tags = ["bosh-bastion", "bosh-internal"]
81
+
82
+ disk {
83
+ image = "ubuntu-1404-trusty-v20160627"
84
+ }
85
+
86
+ network_interface {
87
+ subnetwork = "${google_compute_subnetwork.bosh-subnet-1.name}"
88
+ access_config {
89
+ // Ephemeral IP
90
+ }
91
+ }
92
+
93
+ metadata_startup_script = <<EOT
94
+ #!/bin/bash
95
+ apt-get update -y
96
+ apt-get install -y build-essential zlibc zlib1g-dev ruby ruby-dev openssl libxslt-dev libxml2-dev libssl-dev libreadline6 libreadline6-dev libyaml-dev libsqlite3-dev sqlite3
97
+ gem install bosh_cli
98
+ curl -o /tmp/cf.tgz https://s3.amazonaws.com/go-cli/releases/v6.20.0/cf-cli_6.20.0_linux_x86-64.tgz
99
+ tar -zxvf /tmp/cf.tgz && mv cf /usr/bin/cf && chmod +x /usr/bin/cf
100
+ curl -o /usr/bin/bosh-init https://s3.amazonaws.com/bosh-init-artifacts/bosh-init-0.0.96-linux-amd64
101
+ chmod +x /usr/bin/bosh-init
102
+ EOT
103
+
104
+ service_account {
105
+ scopes = ["cloud-platform"]
106
+ }
107
+ }
@@ -0,0 +1,173 @@
1
+ ---
2
+ <%
3
+ ['region', 'project_id', 'zone', 'ssh_key_path'].each do |val|
4
+ if @values['gcp'][val].to_s.empty?
5
+ raise "Missing value: #{val}"
6
+ end
7
+ end
8
+
9
+ region = @values['gcp']['region']
10
+ project_id = @values['gcp']['project_id']
11
+ zone = @values['gcp']['zone']
12
+ ssh_key_path = @values['gcp']['ssh_key_path']
13
+ %>
14
+ name: bosh
15
+
16
+ releases:
17
+ - name: bosh
18
+ url: https://bosh.io/d/github.com/cloudfoundry/bosh?v=260.1
19
+ sha1: 7fb8e99e28b67df6604e97ef061c5425460518d3
20
+ - name: bosh-google-cpi
21
+ url: https://bosh.io/d/github.com/cloudfoundry-incubator/bosh-google-cpi-release?v=25.6.2
22
+ sha1: b4865397d867655fdcc112bc5a7f9a5025cdf311
23
+
24
+ resource_pools:
25
+ - name: vms
26
+ network: private
27
+ stemcell:
28
+ url: https://bosh.io/d/stemcells/bosh-google-kvm-ubuntu-trusty-go_agent?v=3312.12
29
+ sha1: 3a2c407be6c1b3d04bb292ceb5007159100c85d7
30
+ cloud_properties:
31
+ zone: <%=zone %>
32
+ machine_type: n1-standard-4
33
+ root_disk_size_gb: 40
34
+ root_disk_type: pd-standard
35
+ service_scopes:
36
+ - compute
37
+ - devstorage.full_control
38
+
39
+ disk_pools:
40
+ - name: disks
41
+ disk_size: 32_768
42
+ cloud_properties:
43
+ type: pd-standard
44
+
45
+ networks:
46
+ - name: vip
47
+ type: vip
48
+ - name: private
49
+ type: manual
50
+ subnets:
51
+ - range: 10.0.0.0/29
52
+ gateway: 10.0.0.1
53
+ static: [10.0.0.3-10.0.0.7]
54
+ cloud_properties:
55
+ network_name: bosh
56
+ subnetwork_name: bosh-<%=region %>
57
+ ephemeral_external_ip: true
58
+ tags:
59
+ - bosh-internal
60
+
61
+ jobs:
62
+ - name: bosh
63
+ instances: 1
64
+
65
+ templates:
66
+ - name: nats
67
+ release: bosh
68
+ - name: postgres
69
+ release: bosh
70
+ - name: powerdns
71
+ release: bosh
72
+ - name: blobstore
73
+ release: bosh
74
+ - name: director
75
+ release: bosh
76
+ - name: health_monitor
77
+ release: bosh
78
+ - name: google_cpi
79
+ release: bosh-google-cpi
80
+
81
+ resource_pool: vms
82
+ persistent_disk_pool: disks
83
+
84
+ networks:
85
+ - name: private
86
+ static_ips: [10.0.0.6]
87
+ default:
88
+ - dns
89
+ - gateway
90
+
91
+ properties:
92
+ nats:
93
+ address: 127.0.0.1
94
+ user: nats
95
+ password: nats-password
96
+
97
+ postgres: &db
98
+ listen_address: 127.0.0.1
99
+ host: 127.0.0.1
100
+ user: postgres
101
+ password: postgres-password
102
+ database: bosh
103
+ adapter: postgres
104
+
105
+ dns:
106
+ address: 10.0.0.6
107
+ domain_name: microbosh
108
+ db: *db
109
+ recursor: 169.254.169.254
110
+
111
+ blobstore:
112
+ address: 10.0.0.6
113
+ port: 25250
114
+ provider: dav
115
+ director:
116
+ user: director
117
+ password: director-password
118
+ agent:
119
+ user: agent
120
+ password: agent-password
121
+
122
+ director:
123
+ address: 127.0.0.1
124
+ name: micro-google
125
+ db: *db
126
+ cpi_job: google_cpi
127
+ user_management:
128
+ provider: local
129
+ local:
130
+ users:
131
+ - name: admin
132
+ password: admin
133
+ - name: hm
134
+ password: hm-password
135
+ hm:
136
+ director_account:
137
+ user: hm
138
+ password: hm-password
139
+ resurrector_enabled: true
140
+
141
+ google: &google_properties
142
+ project: <%=project_id %>
143
+
144
+ agent:
145
+ mbus: nats://nats:nats-password@10.0.0.6:4222
146
+ ntp: *ntp
147
+ blobstore:
148
+ options:
149
+ endpoint: http://10.0.0.6:25250
150
+ user: agent
151
+ password: agent-password
152
+
153
+ ntp: &ntp
154
+ - 169.254.169.254
155
+
156
+ cloud_provider:
157
+ template:
158
+ name: google_cpi
159
+ release: bosh-google-cpi
160
+
161
+ ssh_tunnel:
162
+ host: 10.0.0.6
163
+ port: 22
164
+ user: bosh
165
+ private_key: <%=ssh_key_path %>
166
+
167
+ mbus: https://mbus:mbus-password@10.0.0.6:6868
168
+
169
+ properties:
170
+ google: *google_properties
171
+ agent: {mbus: "https://mbus:mbus-password@0.0.0.0:6868"}
172
+ blobstore: {provider: local, path: /var/vcap/micro_bosh/data/cache}
173
+ ntp: *ntp