├── .DS_Store ├── .env.example ├── .env.testing.example ├── .gitignore ├── README.md ├── azuredeploy.json ├── azuredeploy.parameters.example.json ├── bosh.md ├── docs ├── ad_fs.ps1 ├── additional_VM_TYPES.md ├── advanced.md ├── apps_man_saml_aad.md ├── cloudshell.md ├── opsman_uaac_aad.md ├── patched_terraform.md └── todo.md ├── env ├── apm │ └── 1.6.0 │ │ └── apm.env ├── kubernetes-service-manager │ └── 0.4.34 │ │ └── kubernetes-service-manager.env ├── masb │ └── 1.11.0 │ │ └── masb.env ├── p-compliance-scanner │ └── 1.0.0-beta.7 │ │ └── p-compliance-scanner.env ├── p-healthwatch │ ├── 1.4.5 │ │ └── healthwatch.env │ └── 1.5.2 │ │ └── p-healthwatch.env ├── p-isolation-segment │ └── 2.5.2 │ │ └── p-isolation-segment.env ├── p-rabbitmq │ ├── 1.15.3 │ │ └── rabbit.env │ ├── 1.15.4 │ │ └── p-rabbitmq.env │ ├── 1.15.7 │ │ └── p-rabbitmq.env │ └── 1.16.3 │ │ └── p-rabbitmq.env ├── p-spring-services │ ├── 2.0.5 │ │ └── spring.env │ ├── 2.0.6 │ │ └── spring.env │ ├── 2.0.7 │ │ └── p-spring-services.env │ ├── 2.0.8 │ │ └── p-spring-services.env │ └── 2.0.9 │ │ └── p-spring-services.env ├── pas-windows │ ├── 2.4.3 │ │ └── pas-windows.env │ ├── 2.4.4 │ │ └── pas-windows.env │ ├── 2.5.0 │ │ └── pas-windows.env │ ├── 2.5.1 │ │ └── pas-windows.env │ └── 2.5.2 │ │ └── pas-windows.env ├── pas │ ├── 2.4.0 │ │ └── pas.env │ ├── 2.4.1 │ │ └── pas.env │ ├── 2.4.2 │ │ └── pas.env │ ├── 2.4.3 │ │ └── pas.env │ ├── 2.4.4 │ │ └── pas.env │ ├── 2.5.0 │ │ └── pas.env │ ├── 2.5.1 │ │ └── pas.env │ ├── 2.5.2 │ │ └── pas.env │ ├── 2.5.3 │ │ └── pas.env │ ├── 2.5.4 │ │ └── pas.env │ └── 2.5.5 │ │ └── pas.env ├── pivotal-mysql │ ├── 2.5.3 │ │ └── pivotal-mysql.env │ └── 2.5.4 │ │ └── pivotal-mysql.env ├── pivotal_single_sign-on_service │ └── 1.8.3 │ │ └── pivotal_single_sign-on_service.env └── updates.txt ├── generate-customdata.json ├── patches ├── modules │ └── pas │ │ ├── dns.tf │ │ ├── istiolb.tf │ │ └── outputs.tf └── outputs.tf ├── root_ca_certificate ├── scripts ├── cf_startstop.sh ├── connect_om.sh ├── create_certs.sh ├── create_self_certs.sh ├── deploy_base.sh ├── deploy_masb.sh ├── deploy_p-compliance-scanner.sh ├── deploy_pas.sh ├── deploy_tile.sh ├── old │ ├── deploy_mysql.sh │ ├── deploy_osba.sh │ ├── deploy_rabbit.sh │ └── deploy_spring.sh ├── om_init.sh ├── skeleton.sh ├── stemcell_loader.sh ├── update.sh ├── update_bosh_director.sh └── updates.txt ├── sendgrid.md ├── templates ├── apm │ └── 1.6.0 │ │ └── apm.yaml ├── director_config.yaml ├── kubernetes-service-manager │ └── 0.4.34 │ │ └── kubernetes-service-manager.yaml ├── masb │ └── 1.11.0 │ │ └── masb.yaml ├── old │ ├── network_pas.yaml │ ├── network_pas_services.yaml │ ├── network_pas_services_zones.yaml │ ├── network_pas_zones.yaml │ ├── pas-cf.yaml │ ├── pas-srt.yaml │ └── spring.yaml ├── p-compliance-scanner │ └── 1.0.0-beta.7 │ │ └── p-compliance-scanner.yaml ├── p-healthwatch │ ├── 1.4.5 │ │ └── p-healthwatch.yaml │ └── 1.5.2 │ │ └── p-healthwatch.yaml ├── p-isolation-segment │ └── 2.5.2 │ │ └── p-isolation-segment.yaml ├── p-rabbitmq │ ├── 1.15.4 │ │ └── p-rabbitmq.yaml │ ├── 1.15.7 │ │ └── p-rabbitmq.yaml │ └── 1.16.3 │ │ └── p-rabbitmq.yaml ├── p-spring-services │ ├── 2.0.7 │ │ └── p-spring-services.yaml │ ├── 2.0.8 │ │ └── p-spring-services.yaml │ └── 2.0.9 │ │ └── p-spring-services.yaml ├── pas-windows │ ├── 2.4.3 │ │ └── pas-windows.yaml │ ├── 2.4.4 │ │ └── pas-windows.yaml │ ├── 2.5.0 │ │ └── pas-windows.yaml │ ├── 2.5.1 │ │ └── pas-windows.yaml │ └── 2.5.2 │ │ └── pas-windows.yaml ├── pas │ ├── 2.5.0 │ │ ├── pas-cf.yaml │ │ └── pas-srt.yaml │ ├── 2.5.1 │ │ ├── pas-cf.yaml │ │ └── pas-srt.yaml │ ├── 2.5.2 │ │ ├── pas-cf.yaml │ │ └── pas-srt.yaml │ ├── 2.5.3 │ │ ├── pas-cf.yaml │ │ └── pas-srt.yaml │ ├── 2.5.4 │ │ ├── pas-cf.yaml │ │ └── pas-srt.yaml │ └── 2.5.5 │ │ ├── pas-cf.yaml │ │ └── pas-srt.yaml ├── pivotal-mysql │ ├── 2.5.3 │ │ └── pivotal-mysql.yaml │ └── 2.5.4 │ │ └── pivotal-mysql.yaml ├── pivotal_single_sign-on_service │ └── 1.8.3 │ │ └── pivotal_single_sign-on_service.yaml └── updates.txt └── testing.md /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bottkars/pcf-jump-azure/c816617af26d5076a0faf86a8ca66a0ec3483a00/.DS_Store -------------------------------------------------------------------------------- /.env.example: -------------------------------------------------------------------------------- 1 | IAAS=azure 2 | JUMPBOX_RG=RG_JUMPBOX 3 | JUMPBOX_NAME=your_jumpbox_hostname 4 | ADMIN_USERNAME=ubuntu 5 | AZURE_CLIENT_ID=fake your azure client id 6 | AZURE_CLIENT_SECRET=fake your azure client secret 7 | AZURE_REGION=westeurope 8 | AZURE_SUBSCRIPTION_ID=fake your azure subscription id 9 | AZURE_TENANT_ID=fake your azure tenant 10 | PIVNET_UAA_TOKEN=fave your pivnet refresh token 11 | ENV_NAME=yourenv 12 | ENV_SHORT_NAME=yourenvshort 13 | OPS_MANAGER_IMAGE="2.5.1-build.169" 14 | PCF_DOMAIN_NAME=yourdomain.com 15 | PCF_SUBDOMAIN_NAME=yourpcf 16 | PCF_PAS_VERSION=2.5.0 17 | PCF_OPSMAN_USERNAME=opsman 18 | PCF_NOTIFICATIONS_EMAIL="example@example.io" 19 | PAS_AUTOPILOT="TRUE" 20 | NET_16_BIT_MASK="10.10" 21 | SMTP_ADDRESS="" 22 | SMTP_IDENTITY="" 23 | SMTP_PASSWORD="" 24 | SMTP_FROM="" 25 | SMTP_PORT="" 26 | SMTP_STARTTLS="false" 27 | USE_SELF_CERTS="TRUE" 28 | BRANCH=master 29 | ARTIFACTS_LOCATION="https://raw.githubusercontent.com/bottkars/pcf-jump-azure/${BRANCH}" 30 | VMSIZE="Standard_DS2_v2" 31 | PAS_EDITION="srt" 32 | OPS_MANAGER_IMAGE_REGION="westeurope" 33 | -------------------------------------------------------------------------------- /.env.testing.example: -------------------------------------------------------------------------------- 1 | IAAS=azure 2 | JUMPBOX_RG=testPCFJUMPBOX 3 | JUMPBOX_NAME=testpcfjumpbox 4 | ADMIN_USERNAME=ubuntu 5 | AZURE_CLIENT_ID=redacted 6 | AZURE_CLIENT_SECRET=redacted 7 | AZURE_REGION=westeurope 8 | AZURE_SUBSCRIPTION_ID=redacted 9 | AZURE_TENANT_ID=redacted 10 | PIVNET_UAA_TOKEN=redacted 11 | ENV_NAME=testpcf 12 | ENV_SHORT_NAME=testpcfname 13 | OPS_MANAGER_IMAGE="ops-manager-2.4-build.142.vhd" 14 | PCF_DOMAIN_NAME="xxx.com" 15 | PCF_SUBDOMAIN_NAME="pcfazuretest" 16 | PCF_PAS_VERSION=2.4.1 17 | PCF_OPSMAN_USERNAME=opsman 18 | PCF_NOTIFICATIONS_EMAIL="xxx@example.com" 19 | PAS_AUTOPILOT="FALSE" 20 | NET_16_BIT_MASK="10.20" 21 | SMTP_ADDRESS="" 22 | SMTP_IDENTITY="" 23 | SMTP_PASSWORD="" 24 | SMTP_FROM="" 25 | SMTP_PORT="" 26 | SMTP_STARTTLS="" 27 | USE_SELF_CERTS="TRUE" 28 | BRANCH=master 29 | ARTIFACTS_LOCATION="https://raw.githubusercontent.com/bottkars/pcf-jump-azure/${BRANCH}" 30 | VMSIZE="Standard_DS2_v2" 31 | PAS_EDITION="srt" 32 | OPS_MANAGER_IMAGE_REGION="westeurope" -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.tfvars 2 | om_init.1.sh 3 | .env 4 | scratch.sh 5 | .env.dev 6 | .env.testing 7 | .env.* 8 | azuredeploy.parameters.json 9 | .DS_Store 10 | 11 | cer 12 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # pcf-jump-azure 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | ## Overview 15 | 16 | pcf-jump-azure creates an ubuntu based jumpbox to deploy Pivotal PAS (2.4 and above) on azure 17 | It will pave the infrastructure using Pivotal [terraforming-azure](https://github.com/pivotal-cf/terraforming-azure). 18 | PCF Operations Manager will be installed and configured using Pivotal [om cli](https://github.com/pivotal-cf/om). 19 | Optionally, PAS will be deployed using [om cli](https://github.com/pivotal-cf/om). 20 | 21 | 22 | ## features 23 | 24 | - automated opsman deployment and configuration 25 | - pas infrastructure paving 26 | - :new: autopilot for starting pas, mysql, p-rabbitmq and p-spring-services deployment (will take several hours ) 27 | - certificate generation using selfsigned or let´s encrypt [certificates](#certificates) 28 | - :new: [sendgrid](/sendgrid.md) integration for notifications and user sign up 29 | - :new: dns configuration and check 30 | - :new: cert checking and logging 31 | - :new: manual options improved 32 | - :new: added pcf small runtime (srt) vs. cf 33 | - :new: automated bosh tasks / setup 34 | - :new: specify download location for ops manager 35 | 36 | ### Initial supported Pivotal Cloudfoundry Tiles and Versions 37 | - Pivotal Application Service 2.5.x 38 | - MySQL 2.6.x 39 | - RabbitMQ 1.15.4 40 | - Spring Cloud Services 2.0.x, 3.x.x 41 | - Microsoft Azure Service Broker 1.11.0 ( MASB ) 42 | - additional, post install tiles 43 | 44 | ![image](https://user-images.githubusercontent.com/8255007/53223791-cc1af080-3672-11e9-85ba-c8a78c550101.png) 45 | 46 | 47 | ## Changes 48 | 49 | ###2019.04 50 | - reworked installatzion process, implemented "tile deployer" as a unified deployment service 51 | - added PAS 2.5 including support for Availability Zones 52 | - Istio Mesh Support 53 | 54 | 2019.01 55 | 56 | 57 | ## usage 58 | 59 | there are are multiple ways to deploy the ARM template. we will describe Azure Portal Template based and az cli based Method 60 | 61 | ## create a ssh keypair for the admin user ( if not already done ) 62 | 63 | both methods require an SSH Keypair 64 | 65 | ```bash 66 | ssh-keygen -t rsa -f ~/${JUMPBOX_NAME} -C ${ADMIN_USERNAME} 67 | ``` 68 | 69 | ### installation using New Template Deployment 70 | 71 | 1. In the Azure Portal, click on Create Resource and enter Template Deployment 72 | ![image](https://user-images.githubusercontent.com/8255007/53224228-4bf58a80-3674-11e9-8bf1-090677009b7c.png) 73 | 2. Select the template Deployment and click on *create*. 74 | 3. Select *Build your own Template in the Editor* 75 | ![image](https://user-images.githubusercontent.com/8255007/53224314-9aa32480-3674-11e9-9997-7c430c0b31c8.png) 76 | 4. Replace the Content in the Editor Window with the Content of azuredeploy.json file 77 | ![image](https://user-images.githubusercontent.com/8255007/53224406-e2c24700-3674-11e9-9dee-5fc9b1d4aeda.png) 78 | 5. click *save*. 79 | 6. fill in all required Parameters ( marked with a red Star ) 80 | ![image](https://user-images.githubusercontent.com/8255007/53224565-80b61180-3675-11e9-861e-71a08552743b.png) 81 | 7. when done, click *Purchase*. 82 | 83 | ### Installation using az cli 84 | 85 | for az cli install, we put all required Parameters into an env file 86 | 87 | 1. create env file 88 | 89 | create an .env file using the [.env.example](/.env.example) 90 | Parameter Explanation in this [table](#env-variables) 91 | if you need a full parameter set or a minimum depends on your customizations (e.g. [sendgrid](/sendgrid.md) and others ) 92 | 93 | source the env file 94 | 95 | ```bash 96 | source .env 97 | ``` 98 | 99 | 2. check availability of storage account 100 | 101 | ```bash 102 | az storage account check-name --name ${ENV_SHORT_NAME}director 103 | ``` 104 | 105 | you are now good to go to deploy 106 | [with minimum parameters](#deployment-with-minimum-param-set) 107 | [with full parameters](#deployment-with-full-param-set) 108 | [with parameter file](#deployment-using-parameter-file) 109 | also, note that AUTOPILOT is disabled by default now. 110 | you can set the Environment for PAS_AUTOPILOT or use -pasAutopilot=TRUE during deployment. 111 | if not using autopilot, see [Post Deployment Steps](#post-deploy) for more Details 112 | 113 | 3. deployment with default parameter set 114 | 115 | the default parameter set uses defaults where possible, it is the most convenient way to get started 116 | 117 | ### validate default 118 | 119 | ```bash 120 | source ~/.env 121 | az group create --name ${JUMPBOX_RG} --location ${AZURE_REGION} 122 | az group deployment validate --resource-group ${JUMPBOX_RG} \ 123 | --template-uri https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH/azuredeploy.json \ 124 | --parameters \ 125 | adminUsername=${ADMIN_USERNAME} \ 126 | sshKeyData="$(cat ~/${JUMPBOX_NAME}.pub)" \ 127 | JumphostDNSLabelPrefix=${JUMPBOX_NAME} \ 128 | clientSecret=${AZURE_CLIENT_SECRET} \ 129 | clientID=${AZURE_CLIENT_ID} \ 130 | tenantID=${AZURE_TENANT_ID} \ 131 | subscriptionID=${AZURE_SUBSCRIPTION_ID} \ 132 | pivnetToken=${PIVNET_UAA_TOKEN} \ 133 | envName=${ENV_NAME} \ 134 | envShortName=${ENV_SHORT_NAME} \ 135 | PCFDomainName=${PCF_DOMAIN_NAME} \ 136 | PCFSubdomainName=${PCF_SUBDOMAIN_NAME} \ 137 | _artifactsLocation="https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH" 138 | ``` 139 | 140 | 4. deploy default 141 | 142 | :zap: **do not forget to create ssh key for every environment !** 143 | 144 | ```bash 145 | source ~/.env 146 | ssh-keygen -t rsa -f ~/${JUMPBOX_NAME} -C ${ADMIN_USERNAME} 147 | ``` 148 | 149 | ```bash 150 | az group create --name ${JUMPBOX_RG} --location ${AZURE_REGION} 151 | az group deployment create --resource-group ${JUMPBOX_RG} \ 152 | --template-uri "https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH/azuredeploy.json" \ 153 | --parameters \ 154 | adminUsername=${ADMIN_USERNAME} \ 155 | sshKeyData="$(cat ~/${JUMPBOX_NAME}.pub)" \ 156 | JumphostDNSLabelPrefix=${JUMPBOX_NAME} \ 157 | clientSecret=${AZURE_CLIENT_SECRET} \ 158 | clientID=${AZURE_CLIENT_ID} \ 159 | tenantID=${AZURE_TENANT_ID} \ 160 | subscriptionID=${AZURE_SUBSCRIPTION_ID} \ 161 | pivnetToken=${PIVNET_UAA_TOKEN} \ 162 | envName=${ENV_NAME} \ 163 | envShortName=${ENV_SHORT_NAME} \ 164 | PCFDomainName=${PCF_DOMAIN_NAME} \ 165 | PCFSubdomainName=${PCF_SUBDOMAIN_NAME} \ 166 | _artifactsLocation="https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH" 167 | ``` 168 | 169 | 5. deployment with full param set 170 | 171 | the full parameter set´s optional Values like smtp config 172 | example parameter file for testing branch is [here](/.env.testing.example) 173 | example parameter file for master branch is [here](/.env.example). 174 | 6. validate full 175 | 176 | ```bash 177 | source ~/.env 178 | az group create --name ${JUMPBOX_RG} --location ${AZURE_REGION} 179 | az group deployment validate --resource-group ${JUMPBOX_RG} \ 180 | --template-uri "https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH/azuredeploy.json" \ 181 | --parameters \ 182 | sshKeyData="$(cat ~/${JUMPBOX_NAME}.pub)" \ 183 | adminUsername=${ADMIN_USERNAME} \ 184 | JumphostDNSLabelPrefix=${JUMPBOX_NAME} \ 185 | clientSecret=${AZURE_CLIENT_SECRET} \ 186 | clientID=${AZURE_CLIENT_ID} \ 187 | tenantID=${AZURE_TENANT_ID} \ 188 | subscriptionID=${AZURE_SUBSCRIPTION_ID} \ 189 | pivnetToken=${PIVNET_UAA_TOKEN} \ 190 | envName=${ENV_NAME} \ 191 | envShortName=${ENV_SHORT_NAME} \ 192 | opsmanImage=${OPS_MANAGER_IMAGE} \ 193 | opsmanImageRegion=${OPS_MANAGER_IMAGE_REGION} \ 194 | PCFDomainName=${PCF_DOMAIN_NAME} \ 195 | PCFSubdomainName=${PCF_SUBDOMAIN_NAME} \ 196 | opsmanUsername=${PCF_OPSMAN_USERNAME} \ 197 | notificationsEmail=${PCF_NOTIFICATIONS_EMAIL} \ 198 | net16bitmask=${NET_16_BIT_MASK} \ 199 | pasAutopilot=${PAS_AUTOPILOT} \ 200 | pasVersion=${PCF_PAS_VERSION} \ 201 | smtpAddress=${SMTP_ADDRESS} \ 202 | smtpIdentity=${SMTP_IDENTITY} \ 203 | smtpPassword=${SMTP_PASSWORD} \ 204 | smtpFrom=${SMTP_FROM} \ 205 | smtpPort=${SMTP_PORT} \ 206 | smtpStarttls=${SMTP_STARTTLS} \ 207 | useSelfCerts=${USE_SELF_CERTS} \ 208 | _artifactsLocation=${ARTIFACTS_LOCATION} \ 209 | vmSize=${VMSIZE} \ 210 | pasEdition=${PAS_EDITION} 211 | ``` 212 | 213 | 7. deploy full 214 | 215 | :zap: **do not forget to create ssh key for every environment !** 216 | 217 | ```bash 218 | source ~/.env 219 | ssh-keygen -t rsa -f ~/${JUMPBOX_NAME} -C ${ADMIN_USERNAME} 220 | ``` 221 | 222 | ```bash 223 | az group create --name ${JUMPBOX_RG} --location ${AZURE_REGION} 224 | az group deployment create --resource-group ${JUMPBOX_RG} \ 225 | --template-uri "https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH/azuredeploy.json" \ 226 | --parameters \ 227 | availabilityMode=${AVAILABILITY_MODE} \ 228 | sshKeyData="$(cat ~/${JUMPBOX_NAME}.pub)" \ 229 | adminUsername=${ADMIN_USERNAME} \ 230 | JumphostDNSLabelPrefix=${JUMPBOX_NAME} \ 231 | clientSecret=${AZURE_CLIENT_SECRET} \ 232 | clientID=${AZURE_CLIENT_ID} \ 233 | tenantID=${AZURE_TENANT_ID} \ 234 | subscriptionID=${AZURE_SUBSCRIPTION_ID} \ 235 | pivnetToken=${PIVNET_UAA_TOKEN} \ 236 | envName=${ENV_NAME} \ 237 | envShortName=${ENV_SHORT_NAME} \ 238 | opsmanImage=${OPS_MANAGER_IMAGE} \ 239 | opsmanImageRegion=${OPS_MANAGER_IMAGE_REGION} \ 240 | PCFDomainName=${PCF_DOMAIN_NAME} \ 241 | PCFSubdomainName=${PCF_SUBDOMAIN_NAME} \ 242 | opsmanUsername=${PCF_OPSMAN_USERNAME} \ 243 | notificationsEmail=${PCF_NOTIFICATIONS_EMAIL} \ 244 | net16bitmask=${NET_16_BIT_MASK} \ 245 | pasAutopilot=FALSE \ 246 | PCFPasVersion=${PCF_PAS_VERSION} \ 247 | smtpAddress=${SMTP_ADDRESS} \ 248 | smtpIdentity=${SMTP_IDENTITY} \ 249 | smtpPassword=${SMTP_PASSWORD} \ 250 | smtpFrom=${SMTP_FROM} \ 251 | smtpPort=${SMTP_PORT} \ 252 | smtpStarttls=${SMTP_STARTTLS} \ 253 | useSelfCerts=${USE_SELF_CERTS} \ 254 | _artifactsLocation=${ARTIFACTS_LOCATION} \ 255 | vmSize=${VMSIZE} \ 256 | pasEdition=${PAS_EDITION} 257 | ``` 258 | 259 | ### deployment using parameter file 260 | 261 | you also might want to deploy the template using an parameter file. 262 | simply create a local azuredeploy.parameter.json file from the [example](./azuredeploy.parameters.example.json) 263 | 264 | then run 265 | 266 | ```bash 267 | az group create --name --location 268 | az group deployment create --resource-group \ 269 | --template-uri https://raw.githubusercontent.com/bottkars/pcf-jump-azure/${BRANCH}/azuredeploy.json \ 270 | --parameters @azuredeploy.parameters.json 271 | 272 | ``` 273 | 274 | ## debugging/ monitoring 275 | 276 | it is recommended to check the deployment logs. the azure rm command might timeout as the pas deployment takes time. that will not have an impact on the deployment. 277 | watching the JUMPHost resource group creation 278 | 279 | ```bash 280 | watch az resource list --output table --resource-group ${JUMPBOX_RG} 281 | ``` 282 | 283 | watching the pcf resource group creation 284 | 285 | ```bash 286 | watch az resource list --output table --resource-group ${ENV_NAME} 287 | ``` 288 | 289 | ssh into the Jumpbox 290 | 291 | ```bash 292 | ssh -i ~/${JUMPBOX_NAME} ${ADMIN_USERNAME}@${JUMPBOX_NAME}.${AZURE_REGION}.cloudapp.azure.com 293 | ``` 294 | 295 | tail the installation log 296 | 297 | ```bash 298 | tail -f ~/install.log 299 | ``` 300 | ## post deploy 301 | finde some 'shortcuts' in [advanced](/docs/advanced.md) 302 | 303 | if you do not autodeploy ( default behaviour ), you can kickstart the deployment of all components from the jumphost: 304 | 305 | ### pas 306 | 307 | using selfsigned [certificates](#certificates) 308 | 309 | ```bash 310 | ./create_self_certs.sh 311 | ./deploy_pas.sh 312 | ``` 313 | 314 | or using Let´s encrypt 315 | 316 | ```bash 317 | ./create_certs.sh 318 | ./deploy_pas.sh 319 | ``` 320 | 321 | ### mysql 322 | 323 | requires pas deployed 324 | 325 | ```bash 326 | ./deploy_mysql.sh 327 | ``` 328 | 329 | ### p-rabbitmq 330 | 331 | requires pas deployed 332 | 333 | ```bash 334 | ./deploy_rabbit.sh 335 | ``` 336 | 337 | ### p-spring-services service 338 | 339 | requires pas, p-rabbitmq and mysql deployed 340 | 341 | ```bash 342 | ./deploy_spring.sh 343 | ``` 344 | 345 | ## cleanup 346 | 347 | ```bash 348 | az group delete --name ${JUMPBOX_RG} --yes 349 | az group delete --name ${ENV_NAME} --yes 350 | ssh-keygen -R "${JUMPBOX_NAME}.${AZURE_REGION}.cloudapp.azure.com" 351 | ``` 352 | 353 | ## certificates 354 | 355 | the deployment uses self-signed certificates by default. to uses automated generation of Let´s encrypt Certificates, set 356 | 357 | ```bash 358 | USE_SELF_CERTS="FALSE" 359 | ``` 360 | 361 | and use the [Full Deployment Method](#deploy-full) 362 | 363 | ## env variables 364 | 365 | variable | azure rm parameter | default value | mandatory | description 366 | ----------------------------|--------------------|-------------------|-------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------- 367 | **JUMPBOX_RG** | | | yes | the name of the ressource group for the JumpBox 368 | **JUMPBOX_NAME** | JumphostDNSLabelPrefix | - | yes | the JumpBox hostname , must be unique for the region ! 369 | **ADMIN_USERNAME** | adminUsername | ubuntu | no | the jumpbox os username 370 | **AZURE_CLIENT_ID** | clientID | | yes | *Azure Service Principal* 371 | **AZURE_CLIENT_SECRET** | clientSecret | | yes | *Service Principal client secret* 372 | **AZURE_REGION** | | | yes | used from az resource group command, no default 373 | **AZURE_SUBSCRIPTION_ID** | subscriptionID | | yes | Your Azure Subscription ID, 374 | **AZURE_TENANT_ID** | tenantID | | yes | Your AZURE tenant 375 | **PIVNET_UAA_TOKEN** | pivnetToken | | yes | Your Token from Pivotal Network 376 | **PCF_DOMAIN_NAME** | PCFDomainName | | yes | the domain your PCF subdomain will be hosted in 377 | **PCF_SUBDOMAIN_NAME** | PCFSubdomainName | | yes | the subdomain name that will be created in your resource group 378 | **ENV_SHORT_NAME** | envShortName | | yes | *yourshortname* will be used as prefix for storage accounts and other azure resources. make sure you check storage account availability, see further down below 379 | **ENV_NAME** | envName | pcf | no, using default | *pcf* this name will be prefix for azure resources and you opsman hostname 380 | **OPS_MANAGER_IMAGE_URI** | opsmanImageUri | [opsurl](https://opsmanagerwesteurope.blob.core.windows.net/images/ops-manager-2.4-build.131.vhd) | no | a 2.4 opsman image url 381 | **PCF_NOTIFICATIONS_EMAIL** | notificationsEmail | user@example.com" | no | wher to sent PCF Notifications 382 | **PCF_OPSMAN_USERNAME** | opsmanUsername | opsman | no | *opsman* 383 | **NET_16_BIT_MASK** | net16bitmask | 10.10 | no | *16 bit networkdefault 10.10 384 | **PAS_AUTOPILOT** | pasAutopilot | FALSE | | Autoinstall PAS, RABBIT, MYSQL, Spring Service when set to true 385 | **PCF_PAS_VERSION** | pasVersion | 2.4.1 | no | the version of PAS, must be 2.4.0 or greater 386 | **SMTP_ADDRESS** | smtpAddress | null | no | "mysmtp.example.com" 387 | **SMTP_IDENTITY** | smtpIdentity | null | no | "mysmtpuser" 388 | **SMTP_PASSWORD** | smtpPassword | null | no | "mysmtppass" 389 | **SMTP_FROM** | smtpFrom | null | no | "from@example.com" 390 | **SMTP_PORT** | smtpPort | null | no | "587" 391 | **SMTP_STARTTLS** | smtpStarttls | false | no | true or false 392 | **USE_SELF_CERTS** | useSelfcerts | true | no | true or false 393 | **PAS_EDITION** | pasEdition|cf|no|cf or srt deployment 394 | **OPS_MANAGER_IMAGE_REGION**|opsmanImageRegion|westeurope|yes|the region where to download opsman from. Values are westeurope, westus, eastus, southeastasia 395 | -|PCFspringVersion|2.0.6 |no|2.0.5,2.0.6 396 | -|PCFpasVersion|2.4.3|no|2.4.1,2.4.2,2.4.3 397 | -|PCFmysqlVersion|2.5.3|no|2.5.3 398 | -|PCFrabbitVersion|1.15.4|no|1.15.3,1.15.4 399 | -|PCFmasbVersion|1.11.0|no|1.11.0 400 | 401 | ### required nameserver delegation 402 | 403 | make sure that your domain has a ns resource record to your pcf domain. 404 | the following list ALL nameserver entries for Azure, 4 will be picked from the Creation of the DNS Zone 405 | 406 | 407 | ```bash 408 | ns1-07.azure-dns.com. 409 | ns2-07.azure-dns.net. 410 | ns3-07.azure-dns.org. 411 | ns4-07.azure-dns.info. 412 | ns1-03.azure-dns.com. 413 | ns2-03.azure-dns.net. 414 | ns3-03.azure-dns.org. 415 | ns4-03.azure-dns.info. 416 | ns1-09.azure-dns.com. 417 | ns2-09.azure-dns.net. 418 | ns3-09.azure-dns.org. 419 | ns4-09.azure-dns.info. 420 | ns4-01.azure-dns.info. 421 | ns4-02.azure-dns.info. 422 | ns4-04.azure-dns.info. 423 | ns4-05.azure-dns.info. 424 | ns4-06.azure-dns.info. 425 | ns4-08.azure-dns.info. 426 | ns4-10.azure-dns.info. 427 | ns1-01.azure-dns.com. 428 | ns1-02.azure-dns.com. 429 | ns1-04.azure-dns.com. 430 | ns1-05.azure-dns.com. 431 | ns1-06.azure-dns.com. 432 | ns1-08.azure-dns.com. 433 | ns1-10.azure-dns.com. 434 | ns2-01.azure-dns.net. 435 | ns2-02.azure-dns.net. 436 | ns2-04.azure-dns.net. 437 | ns2-06.azure-dns.net. 438 | ns2-05.azure-dns.net. 439 | ns2-08.azure-dns.net. 440 | ns2-10.azure-dns.net. 441 | ns3-01.azure-dns.org. 442 | ns3-02.azure-dns.org. 443 | ns3-04.azure-dns.org. 444 | ns3-05.azure-dns.org. 445 | ns3-06.azure-dns.org. 446 | ns3-08.azure-dns.org. 447 | ns3-10.azure-dns.org. 448 | ``` 449 | -------------------------------------------------------------------------------- /azuredeploy.parameters.example.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "adminUsername": { 6 | "value": "ubuntu" 7 | }, 8 | "sshKeyData": { 9 | "value": "" 10 | }, 11 | "clientID": { 12 | "value": "" 13 | }, 14 | "tenantID": { 15 | "value": "" 16 | }, 17 | "subscriptionID": { 18 | "value": "" 19 | }, 20 | "clientSecret": { 21 | "value": "" 22 | }, 23 | "pivnetToken": { 24 | "value": "" 25 | }, 26 | "envShortName": { 27 | "value": "" 28 | }, 29 | "pcfDomainName": { 30 | "value": "" 31 | }, 32 | "pcfSubdomainName": { 33 | "value": "" 34 | }, 35 | "jumphostDNSLabelPrefix": { 36 | "value": "" 37 | }, 38 | "envName": { 39 | "value": "" 40 | }, 41 | "pcfSpringVersion": { 42 | "value": "2.0.6" 43 | }, 44 | "pcfMysqlVersion": { 45 | "value": "2.5.3" 46 | }, 47 | "pcfRabbitVersion": { 48 | "value": "1.15.4" 49 | }, 50 | "pcfPasVersion": { 51 | "value": "2.4.4" 52 | }, 53 | "pcfMasbVersion": { 54 | "value": "1.11.0" 55 | }, 56 | "pcfApmVersion": { 57 | "value": "1.6.0" 58 | }, 59 | "pcfHealthwatchVersion": { 60 | "value": "1.4.5" 61 | }, 62 | "opsmanImage": { 63 | "value": "ops-manager-2.4-build.152.vhd" 64 | }, 65 | "net16bitmask": { 66 | "value": "10.20" 67 | }, 68 | "notificationsEmail": { 69 | "value": "user@examle.com" 70 | }, 71 | "smtpAddress": { 72 | "value": "" 73 | }, 74 | "smtpIdentity": { 75 | "value": "" 76 | }, 77 | "smtpPassword": { 78 | "value": "" 79 | }, 80 | "smtpFrom": { 81 | "value": "" 82 | }, 83 | "smtpPort": { 84 | "value": "" 85 | }, 86 | "smtpStarttls": { 87 | "value": "true" 88 | }, 89 | "opsmanUsername": { 90 | "value": "opsman" 91 | }, 92 | "pasEdition": { 93 | "value": "srt" 94 | }, 95 | "pasAutopilot": { 96 | "value": "TRUE" 97 | }, 98 | "useSelfCerts": { 99 | "value": "TRUE" 100 | }, 101 | "ubuntuOSVersion": { 102 | "value": "18.04-LTS" 103 | }, 104 | "vmSize": { 105 | "value": "Standard_DS2_v2" 106 | }, 107 | "location": { 108 | "value": "westeurope" 109 | }, 110 | "opsmanImageRegion": { 111 | "value": "westeurope" 112 | } 113 | } 114 | } -------------------------------------------------------------------------------- /bosh.md: -------------------------------------------------------------------------------- 1 | # bosh tasks 2 | 3 | credits to [Alan McGinlay](https://github.com/amcginlay/bosh-topics) 4 | 5 | ```bash 6 | source .env.sh 7 | export OM_TARGET=${PCF_OPSMAN_FQDN} 8 | export OM_USERNAME=${PCF_OPSMAN_USERNAME} 9 | export OM_PASSWORD="${PIVNET_UAA_TOKEN}" 10 | export $( \ 11 | om \ 12 | --skip-ssl-validation \ 13 | curl \ 14 | --silent \ 15 | --path /api/v0/deployed/director/credentials/bosh_commandline_credentials | \ 16 | jq --raw-output '.credential' \ 17 | ) 18 | 19 | sudo mkdir -p /var/tempest/workspaces/default 20 | 21 | sudo sh -c \ 22 | "om \ 23 | --skip-ssl-validation \ 24 | --target ${PCF_OPSMAN_FQDN} \ 25 | --username opsman \ 26 | --password ${PIVNET_UAA_TOKEN} \ 27 | curl \ 28 | --silent \ 29 | --path "/api/v0/security/root_ca_certificate" | 30 | jq --raw-output '.root_ca_certificate_pem' \ 31 | > /var/tempest/workspaces/default/root_ca_certificate" 32 | ``` 33 | -------------------------------------------------------------------------------- /docs/ad_fs.ps1: -------------------------------------------------------------------------------- 1 | # Credential for accessing the ERCS PrivilegedEndpoint, typically domain\cloudadmin 2 | $Creds = Get-Credential 3 | 4 | # Creating a PSSession to the ERCS PrivilegedEndpoint 5 | $Session = New-PSSession -ComputerName AzS-ERCS01 -ConfigurationName PrivilegedEndpoint -Credential $Creds 6 | 7 | # If you have a managed certificate use the Get-Item command to retrieve your certificate from your certificate location. 8 | # If you don't want to use a managed certificate, you can produce a self signed cert for testing purposes: 9 | # 10 | $Cert = New-SelfSignedCertificate -CertStoreLocation "cert:\CurrentUser\My" -Subject "CN=PCF_BoSH" -KeySpec KeyExchange 11 | #$Cert = Get-Item "" 12 | 13 | $ServicePrincipal = Invoke-Command -Session $Session -ScriptBlock {New-GraphApplication -Name 'PCF_BoSH' -ClientCertificates $using:cert} 14 | $AzureStackInfo = Invoke-Command -Session $Session -ScriptBlock {Get-AzureStackStampInformation} 15 | $Session | Remove-PSSession 16 | 17 | # For Azure Stack development kit, this value is set to https://management.local.azurestack.external. This is read from the AzureStackStampInformation output of the ERCS VM. 18 | $ArmEndpoint = $AzureStackInfo.TenantExternalEndpoints.TenantResourceManager 19 | 20 | # For Azure Stack development kit, this value is set to https://graph.local.azurestack.external/. This is read from the AzureStackStampInformation output of the ERCS VM. 21 | $GraphAudience = "https://graph." + $AzureStackInfo.ExternalDomainFQDN + "/" 22 | 23 | # TenantID for the stamp. This is read from the AzureStackStampInformation output of the ERCS VM. 24 | $TenantID = $AzureStackInfo.AADTenantID 25 | 26 | # Register an AzureRM environment that targets your Azure Stack instance 27 | Add-AzureRMEnvironment ` 28 | -Name "AzureStackUser" ` 29 | -ArmEndpoint $ArmEndpoint 30 | 31 | # Set the GraphEndpointResourceId value 32 | Set-AzureRmEnvironment ` 33 | -Name "AzureStackUser" ` 34 | -GraphAudience $GraphAudience ` 35 | -EnableAdfsAuthentication:$true 36 | 37 | Add-AzureRmAccount -EnvironmentName "AzureStackUser" ` 38 | -ServicePrincipal ` 39 | -CertificateThumbprint $ServicePrincipal.Thumbprint ` 40 | -ApplicationId $ServicePrincipal.ClientId ` 41 | -TenantId $TenantID 42 | 43 | # Output the SPN details 44 | $ServicePrincipal 45 | 46 | 47 | 48 | 49 | #### 50 | 51 | # clientid 52 | 53 | -------------------------------------------------------------------------------- /docs/additional_VM_TYPES.md: -------------------------------------------------------------------------------- 1 | # Adding Custom VM Types 2 | 3 | ## Create a OM Env file : 4 | $HOME/om_pcf.env reflects your env file for opsman in format: 5 | 6 | ```yaml 7 | target: https://opsmanfqdn 8 | connect-timeout: 30 # default 5 9 | request-timeout: 1800 # default 1800 10 | skip-ssl-validation: true # default false 11 | # client-id: myclient # use client/secret or username/password 12 | # client-secret: Password123! 13 | username: opsman 14 | password: Password123! 15 | # decryption-passphrase: 16 | ``` 17 | 18 | ## Create VM Lists from your Azure region 19 | 20 | create a list of vm types to be used using az vm list-sizes with query (JMESpath does not allow a multi filter expression, so pultiple calls and piped filters ) 21 | Make sure to target your Region 22 | 23 | ```bash 24 | F_TYPES=$(az vm list-sizes --location westus2 --query "[?contains(name,'Standard_F')]" | jq .[]) 25 | DSV2_TYPES=$(az vm list-sizes --location westus2 --query "[?contains(name,'Standard_DS')] | [?contains(name,'_v2')]" | jq .[]) 26 | DSV3_TYPES=$(az vm list-sizes --location westus2 --query "[?contains(name,'Standard_D')] | [?contains(name,'s_v3')]" | jq .[]) 27 | ``` 28 | ## get and store existing vm types from OPSMAN 29 | get current vm Types: 30 | 31 | ``` 32 | EXISTING_TYPES=$(om --env $HOME/om_pcf.env \ 33 | curl --path /api/v0/vm_types \ 34 | --request GET | jq .vm_types[]) 35 | ``` 36 | 37 | 38 | ## delete previous custom types from opsman 39 | 40 | ```bash 41 | om \ 42 | --env $HOME/om_pcf.env \ 43 | curl --path /api/v0/vm_types \ 44 | --request DELETE 45 | ``` 46 | 47 | ## insert new custom vm types 48 | ... and eventuallay add EXISTING_TYPES if needed 49 | 50 | ```bash 51 | om \ 52 | --env $HOME/om_pcf.env \ 53 | curl --path /api/v0/vm_types \ 54 | --request PUT \ 55 | --data $(echo $DSV2_TYPES $DSV3_TYPES $F_TYPES | \ 56 | jq -sc '{"vm_types": [.[] | {"name": .name, "ram": .memoryInMb, "ephemeral_disk": .resourceDiskSizeInMb, "cpu": .numberOfCores}]}') 57 | 58 | ``` 59 | 60 | ## view the new types: 61 | 62 | ```bash 63 | om --env $HOME/om_pcf.env curl --path /api/v0/vm_types --request GET 64 | ``` 65 | ## Notes: 66 | You may want to use Isolation Segements / Tile Replication to create new instances of Availability Sets with NEW vm Types 67 | 68 | ### Example: replicate pas win: 69 | ``` 70 | ./replicator-linux --name "PASWin2" --path injectded --output injected-1 71 | om --env om_pcf.env upload-product --product ./injected-1 72 | ``` 73 | configure the new tile to use new vm Types 74 | -------------------------------------------------------------------------------- /docs/advanced.md: -------------------------------------------------------------------------------- 1 | # Advanced tasks 2 | 3 | ## connect to bosh 4 | 5 | to connect to bosh from the Jumpbox 6 | 7 | ```bash 8 | source ~/.env.sh 9 | 10 | export OM_TARGET=pcf.${PCF_SUBDOMAIN_NAME}.${PCF_DOMAIN_NAME} 11 | export OM_USERNAME=${PCF_OPSMAN_USERNAME} 12 | export OM_PASSWORD=${PIVNET_UAA_TOKEN} 13 | 14 | sudo mkdir -p /var/tempest/workspaces/default 15 | 16 | sudo sh -c \ 17 | "om \ 18 | --skip-ssl-validation \ 19 | --target ${PCF_OPSMAN_FQDN} \ 20 | --username ${PCF_OPSMAN_USERNAME} \ 21 | --password ${PIVNET_UAA_TOKEN} \ 22 | curl \ 23 | --silent \ 24 | --path "/api/v0/security/root_ca_certificate" | 25 | jq --raw-output '.root_ca_certificate_pem' \ 26 | > /var/tempest/workspaces/default/root_ca_certificate" 27 | 28 | export $( \ 29 | om \ 30 | --skip-ssl-validation \ 31 | curl \ 32 | --silent \ 33 | --path /api/v0/deployed/director/credentials/bosh_commandline_credentials | \ 34 | jq --raw-output '.credential' \ 35 | ) 36 | 37 | 38 | ``` 39 | 40 | ## ssh into the opsmanager 41 | 42 | from the jumpbox, you can 43 | 44 | ```bash 45 | source .env.sh 46 | ssh -i opsman ${ADMIN_USERNAME}@${PCF_OPSMAN_FQDN} 47 | ``` 48 | 49 | 50 | ## om from jump 51 | 52 | ``` 53 | source ~/.env.sh 54 | PIVNET_UAA_TOKEN=$PIVNET_UAA_TOKEN 55 | 56 | export OM_TARGET=${PCF_OPSMAN_FQDN} 57 | export OM_USERNAME=${PCF_OPSMAN_USERNAME} 58 | export OM_PASSWORD="${PIVNET_UAA_TOKEN}" 59 | ``` 60 | 61 | ```bash 62 | ADD_USER=user@pivotal.io 63 | uaac user add ${ADD_USER} -p ChangeMe --emails ${ADD_USER} 64 | uaac member add cloud_controller.admin ${ADD_USER} 65 | uaac member add uaa.admin ${ADD_USER} 66 | uaac member add scim.read ${ADD_USER} 67 | uaac member add scim.write ${ADD_USER} 68 | ``` 69 | 70 | ``` 71 | uaac group map --name scim.read "admin" --origin labbuildrad 72 | uaac group map --name scim.write "admin" --origin labbuildrad 73 | uaac group map --name cloud_controller.admin "admin" --origin labbuildrad 74 | ``` 75 | 76 | -------------------------------------------------------------------------------- /docs/apps_man_saml_aad.md: -------------------------------------------------------------------------------- 1 | # Integrate Pivotal Apps Manager with SAML AA SSO 2 | 3 | ## create enterprise app 4 | 5 | ## configure pcf 6 | 7 | ## assign users 8 | 9 | ## assign admins 10 | 11 | ### login uaac 12 | 13 | 14 | 15 | ``` 16 | GROUP_ID=fd570d0b-ae8b-45f8-871e-7e40ef426dd8 17 | uaac group map --name scim.read ${GROUP_ID} --origin labbuildr 18 | uaac group map --name scim.write ${GROUP_ID} --origin labbuildr 19 | uaac group map --name cloud_controller.admin ${GROUP_ID} --origin labbuildr 20 | ``` 21 | 22 | 23 | -------------------------------------------------------------------------------- /docs/cloudshell.md: -------------------------------------------------------------------------------- 1 | ```bash 2 | gcloud dns --project=pa-kbott record-sets transaction start --zone=labbuildr 3 | 4 | gcloud dns --project=pa-kbott record-sets transaction add \ 5 | ns1-07.azure-dns.com. \ 6 | ns2-07.azure-dns.net. \ 7 | ns3-07.azure-dns.org. \ 8 | ns4-07.azure-dns.info. \ 9 | ns1-03.azure-dns.com. \ 10 | ns2-03.azure-dns.net. \ 11 | ns3-03.azure-dns.org. \ 12 | ns4-03.azure-dns.info. \ 13 | ns1-09.azure-dns.com. \ 14 | ns2-09.azure-dns.net. \ 15 | ns3-09.azure-dns.org. \ 16 | ns4-09.azure-dns.info. \ 17 | ns4-01.azure-dns.info. \ 18 | ns4-02.azure-dns.info. \ 19 | ns4-04.azure-dns.info. \ 20 | ns4-05.azure-dns.info. \ 21 | ns4-06.azure-dns.info. \ 22 | ns4-08.azure-dns.info. \ 23 | ns4-10.azure-dns.info. \ 24 | ns1-01.azure-dns.com. \ 25 | ns1-02.azure-dns.com. \ 26 | ns1-04.azure-dns.com. \ 27 | ns1-05.azure-dns.com. \ 28 | ns1-06.azure-dns.com. \ 29 | ns1-08.azure-dns.com. \ 30 | ns1-10.azure-dns.com. \ 31 | ns2-01.azure-dns.net. \ 32 | ns2-02.azure-dns.net. \ 33 | ns2-04.azure-dns.net. \ 34 | ns2-06.azure-dns.net. \ 35 | ns2-05.azure-dns.net. \ 36 | ns2-08.azure-dns.net. \ 37 | ns2-10.azure-dns.net. \ 38 | ns3-01.azure-dns.org. \ 39 | ns3-02.azure-dns.org. \ 40 | ns3-04.azure-dns.org. \ 41 | ns3-05.azure-dns.org. \ 42 | ns3-06.azure-dns.org. \ 43 | ns3-08.azure-dns.org. \ 44 | ns3-10.azure-dns.org. \ 45 | --name=pcfgitazure.labbuildr.com. --ttl=300 --type=NS --zone=labbuildr 46 | 47 | gcloud dns --project=pa-kbott record-sets transaction execute --zone=labbuildr 48 | ``` 49 | -------------------------------------------------------------------------------- /docs/opsman_uaac_aad.md: -------------------------------------------------------------------------------- 1 | ## Pivotal OPS Manager SAML integration with Azure Active Directory 2 | 3 | this guide should assist when integrating OPSMAN with Azure Active Directory 4 | 5 | ## Prerequisites 6 | 7 | - AzureAD Admin Access 8 | - Running Operations Manager 9 | ## Azure Config 10 | 11 | ### Create and AzureAD Application 12 | 13 | From Azure Portal, go to ActiveDirectory --> Enterprise Applications 14 | 15 | Enterprise Applications 16 | 17 | click on 'new application' and select the Tile non-gallery application 18 | New Application 19 | 20 | Assign a meaningful name for the Application ( Note: An (Identity Provider ) Application can only can map to *ONE* Assertion Consumer. 21 | 22 | New Application Name 23 | 24 | From the Manage Tab, select *Single Sign On* 25 | SSO 26 | 27 | From SSO, select the SAML Tile: 28 | saml 29 | 30 | ### Complete Step (1)the basic SAML configuration: 31 | 32 | The Reply Address is *https://<*your-ops-manager*>:443/uaa/saml/SSO/alias/<*your-ops-manager*>* . I *Highly Recommend* using the same for the Identifier (Entity ID) , as this helps you to stay unique with the Identifier 33 | 34 | saml 35 | 36 | I also recommend switch to the *old* userinterface and upload the Metadata File from https://ops-man-fqdn/uaa/saml/metadata 37 | Click SAVE. 38 | 39 | Now an important step: 40 | 41 | ### Step (2) User Attributes & Claims 42 | 43 | Click on the Edit Button 44 | 45 | group_claims 46 | 47 | By default, no Group Claims are returned from , as shown above 48 | Click on the edit button in 'Groups returned in claim' 49 | This will allow you to customize nthe rerturned claim 50 | make sure you 51 | - select Security Groups 52 | - Source Attribute: Group IDS 53 | - Customize the name of the group claim: user.groups ( <-- Iportant Step here ! ) 54 | 55 | USER_CLAIM 56 | 57 | ### Assign Users 58 | 59 | From Manage, select *Users and Groups* 60 | 61 | USER_CLAIM 62 | 63 | Click *Add Users* 64 | 65 | Add User 66 | 67 | Assign Users 68 | 69 | assign User 70 | 71 | search for the group with OpsmanAdmin Users and click add Click Select 72 | 73 | Select User 74 | 75 | finish by clicking on the Assign Button 76 | 77 | Group Link 78 | 79 | Click on the Group Name Link to get Details of the Group 80 | 81 | Highlighted Group 82 | 83 | note id 84 | 85 | Group ID 86 | 87 | ## Opsman Config 88 | 89 | There are two ways to configure OpsMan with SAML. 90 | With all method´s, all pre-created Clients are removed from UAA and User Authentication is only vi OPSMAN UI or opsman Client using SSO 91 | 92 | However, when using the API, we can create a pre-configured client for automation 93 | 94 | ### Configure Authentication using the API 95 | 96 | When you first-time setup the Operations Manager ( from 2.5 ) by using the key *precreated_client_secret* : 97 | 98 | ```bash 99 | curl "https://example.com/api/v0/setup" \ 100 | -X POST \ 101 | -H "Content-Type: application/json" \ 102 | -d '{ "setup": { 103 | "identity_provider": "saml", 104 | "decryption_passphrase": "example-passphrase", 105 | "decryption_passphrase_confirmation":"example-passphrase", 106 | "idp_metadata": "https://saml.example.com:8080", 107 | "bosh_idp_metadata": "https://bosh-saml.example.com:8080", 108 | "eula_accepted": "true", 109 | "http_proxy": "http://proxy.myenterprise.com", 110 | "https_proxy": "https://proxy.myenterprise.com", 111 | "no_proxy": "127.0.0.1", 112 | "rbac_saml_admin_group": "opsman.full_control", 113 | "rbac_saml_groups_attribute": "myenterprise", 114 | "precreated_client_secret": "my-secret" 115 | } }' 116 | ``` 117 | 118 | this will also create an initial client id 'precreated-client' with the configured secret to be used for all automation tasks 119 | 120 | ### Configure Saml using Operation Manager Homepage 121 | 122 | From Opsman, dropdown opsman settings on the right top menu 123 | 124 | USER_CLAIM 125 | 126 | Click on SAML Integration to the left 127 | 128 | USER_CLAIM 129 | 130 | Now fill in the Values: 131 | 132 | - Current Decryption Passphrase *your current opsman decryption passphrase* 133 | 134 | - SAML IDP Metadata: The *App Federation Metadata Url* gathered from the SSO Tab IN Azure Active Directory 135 | 136 | Federation Metadata 137 | 138 | - SAML Admin Group: The Group ID from Azure AD Application Assignements Group 139 | 140 | Group ID 141 | 142 | - Groups Attribute: The Group claim we created earlier in AzureAD, *user.groups* 143 | 144 | - check *Provision an Admin Client in the BOSH UAA* 145 | 146 | apply changes will log you out of opsman ! 147 | from here , only validated AAD users can Log-In, so doublecheck you entries above ! 148 | 149 | Group ID 150 | 151 | the tempest webserver will now restart the authentication System. this wil take a few seconds : 152 | 153 | Tempest restart 154 | 155 | you can now login with your AAD credentials 156 | 157 | *HINT* if you are currently logged in into aad as a user *without* opsman access, the login might fail without aking for credentials 158 | 159 | Changes 160 | 161 | We now have to apply changes to the OpsmanDirector. 162 | go to the selective deployment from "review pending changes" 163 | 164 | Make sure, only Bosh Director is selected for Changes: 165 | 166 | relogin 167 | 168 | you might also want to look at the changes in detail ( from opsman 2.4 ) 169 | 170 | relogin 171 | 172 | ## Post Tasks 173 | 174 | If you used Opsman UI to configure SAML Authentication 175 | - Using UAAC ( if OM already Configured ) 176 | 177 | target you opsman uaa endpoint, login with opsman client and sso: 178 | ``` 179 | uaac target https://pcfopsmangreen.pcfdemo.westus.stackpoc.com/uaa/ 180 | uaac token sso get #t his will allow you to login using sso 181 | uaac client add myclient --authorized_grant_types client_credentials --authorities "opsman.admin scim.read scim.write zone.uaa uaa.admin" --secret mysecret 182 | ``` 183 | 184 | ### OM Using an env file the new created Client 185 | 186 | create / modify an env.yml with similar content 187 | 188 | ```yaml 189 | target: https://pcfopsmangreen.pcfdemo.westus.stackpoc.com 190 | connect-timeout: 30 # default 5 191 | request-timeout: 1800 # default 1800 192 | skip-ssl-validation: true # default false 193 | client-id: myclient 194 | client-secret: mypassword 195 | # username: opsman 196 | # password: mypassword 197 | ``` 198 | 199 | test with 200 | 201 | ```bash 202 | om --env env.yml deployed-products 203 | ``` 204 | 205 | relogin 206 | 207 | ## Troubleshooting 208 | 209 | 210 | 211 | [How to create a uaa client used for concourse pipelines in Operations Manager when SAML Authentication is enabled](https://community.pivotal.io/s/article/How-to-create-a-uaa-client-used-for-concourse-pipelines-in-Operations-Manager-when-SAML-Authentication-is-enabled) 212 | 213 | [Required UAA Scopes for Pipeline Automation](https://github.com/pivotal-cf/pcf-pipelines/blob/ae434bea5b4e3fa2b70051aa70c885dc2fa12218/upgrade-ops-manager/README.md#saml-for-authn-on-ops-manager) 214 | 215 | [OpsMan rescue Mode](https://community.pivotal.io/s/article/How-to-put-Ops-Manager-into-Rescue-Mode) 216 | 217 | 218 | -------------------------------------------------------------------------------- /docs/patched_terraform.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | cd ./pivotal-cf-terraforming-azure-*/ 4 | cd terraforming-pas 5 | 6 | 7 | PATCH_SERVER="https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/patches/" 8 | wget -q ${PATCH_SERVER}modules/pas/dns.tf -O ../modules/pas/dns.tf 9 | wget -q ${PATCH_SERVER}modules/pas/istiolb.tf -O ../modules/pas/istiolb.tf 10 | wget -q ${PATCH_SERVER}modules/pas/outputs.tf -O ../modules/pas/outputs.tf 11 | wget -q ${PATCH_SERVER}outputs.tf -O outputs.tf 12 | 13 | terraform apply -target=module.pas.azurerm_lb_rule.istio-health-rule --auto-approve 14 | terraform apply -target=module.pas.azurerm_lb_rule.istio-http-rule --auto-approve 15 | terraform apply -target=module.pas.azurerm_lb_rule.istio-https-rule --auto-approve 16 | terraform apply -target=module.pas.azurerm_dns_a_record.istio --auto-approve 17 | 18 | 19 | -------------------------------------------------------------------------------- /docs/todo.md: -------------------------------------------------------------------------------- 1 | #droplets 2 | 3 | cf_storage_account_name = "${var.cf_storage_account_name}" 4 | cf_buildpacks_storage_container_name = "${var.cf_buildpacks_storage_container_name}" 5 | cf_droplets_storage_container_name = "${var.cf_droplets_storage_container_name}" 6 | cf_packages_storage_container_name = "${var.cf_packages_storage_container_name}" 7 | cf_resources_storage_container_name = "${var.cf_resources_storage_container_name}" 8 | 9 | 10 | 11 | 12 | 13 | 14 | dump 15 | 16 | { 17 | "credential": { 18 | "type": "simple_credentials", 19 | "value": { 20 | "identity": "login", 21 | "password": "YepnFoxwr7fhE3elSgEXISN_raeSYtiA" 22 | } 23 | } 24 | } 25 | { 26 | "credential": { 27 | "type": "simple_credentials", 28 | "value": { 29 | "identity": "login", 30 | "password": "YepnFoxwr7fhE3elSgEXISN_raeSYtiA" 31 | } 32 | } 33 | } 34 | 35 | 36 | _credentials 37 | 38 | { 39 | "credential": { 40 | "type": "simple_credentials", 41 | "value": { 42 | "identity": "login", 43 | "password": "YepnFoxwr7fhE3elSgEXISN_raeSYtiA" 44 | } 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /env/apm/1.6.0/apm.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="1.6.0" 3 | RELEASE_ID="258338" 4 | PRODUCT_SLUG="apm" -------------------------------------------------------------------------------- /env/kubernetes-service-manager/0.4.34/kubernetes-service-manager.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="0.4.34" 3 | RELEASE_ID="318278" 4 | PRODUCT_SLUG="kubernetes-service-manager" -------------------------------------------------------------------------------- /env/masb/1.11.0/masb.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_OSBA_VERSION="1.11.0" 3 | RELEASE_ID="282392" 4 | PRODUCT_SLUG="azure-service-broker" -------------------------------------------------------------------------------- /env/p-compliance-scanner/1.0.0-beta.7/p-compliance-scanner.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="1.0.0-beta.7" 3 | RELEASE_ID="258167" 4 | PRODUCT_SLUG="p-compliance-scanner" -------------------------------------------------------------------------------- /env/p-healthwatch/1.4.5/healthwatch.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="1.4.5" 3 | RELEASE_ID="295426" 4 | PRODUCT_SLUG="p-healthwatch" -------------------------------------------------------------------------------- /env/p-healthwatch/1.5.2/p-healthwatch.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="1.5.2" 3 | RELEASE_ID="333641" 4 | PRODUCT_SLUG="p-healthwatch" -------------------------------------------------------------------------------- /env/p-isolation-segment/2.5.2/p-isolation-segment.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="2.5.2" 3 | RELEASE_ID="344819" 4 | PRODUCT_SLUG="p-isolation-segment" 5 | -------------------------------------------------------------------------------- /env/p-rabbitmq/1.15.3/rabbit.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_RABBIT_VERSION="1.15.3" 3 | RELEASE_ID="265855" 4 | PRODUCT_SLUG="p-rabbitmq" -------------------------------------------------------------------------------- /env/p-rabbitmq/1.15.4/p-rabbitmq.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="1.15.4" 3 | RELEASE_ID="301765" 4 | PRODUCT_SLUG="p-rabbitmq" -------------------------------------------------------------------------------- /env/p-rabbitmq/1.15.7/p-rabbitmq.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="1.15.7" 3 | RELEASE_ID="333454" 4 | PRODUCT_SLUG="p-rabbitmq" -------------------------------------------------------------------------------- /env/p-rabbitmq/1.16.3/p-rabbitmq.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="1.16.3" 3 | RELEASE_ID="371338" 4 | PRODUCT_SLUG="p-rabbitmq" -------------------------------------------------------------------------------- /env/p-spring-services/2.0.5/spring.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_SPRING_VERSION="2.0.5" 3 | RELEASE_ID="260995" 4 | PRODUCT_SLUG="p-spring-cloud-services" -------------------------------------------------------------------------------- /env/p-spring-services/2.0.6/spring.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_SPRING_VERSION="2.0.6" 3 | RELEASE_ID="297181" 4 | PRODUCT_SLUG="p-spring-cloud-services" -------------------------------------------------------------------------------- /env/p-spring-services/2.0.7/p-spring-services.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="2.0.7" 3 | RELEASE_ID="313492" 4 | PRODUCT_SLUG="p-spring-cloud-services" -------------------------------------------------------------------------------- /env/p-spring-services/2.0.8/p-spring-services.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="2.0.8" 3 | RELEASE_ID="364201" 4 | PRODUCT_SLUG="p-spring-cloud-services" -------------------------------------------------------------------------------- /env/p-spring-services/2.0.9/p-spring-services.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="2.0.9" 3 | RELEASE_ID="374551" 4 | PRODUCT_SLUG="p-spring-cloud-services" -------------------------------------------------------------------------------- /env/pas-windows/2.4.3/pas-windows.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="2.4.3" 3 | RELEASE_ID="311531" 4 | PRODUCT_SLUG="pas-windows" -------------------------------------------------------------------------------- /env/pas-windows/2.4.4/pas-windows.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="2.4.4" 3 | RELEASE_ID="323871" 4 | PRODUCT_SLUG="pas-windows" -------------------------------------------------------------------------------- /env/pas-windows/2.5.0/pas-windows.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="2.5.0" 3 | RELEASE_ID="326896" 4 | PRODUCT_SLUG="pas-windows" -------------------------------------------------------------------------------- /env/pas-windows/2.5.1/pas-windows.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="2.5.1" 3 | RELEASE_ID="360652" 4 | PRODUCT_SLUG="pas-windows" -------------------------------------------------------------------------------- /env/pas-windows/2.5.2/pas-windows.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="2.5.2" 3 | RELEASE_ID="373821" 4 | PRODUCT_SLUG="pas-windows" -------------------------------------------------------------------------------- /env/pas/2.4.0/pas.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_PAS_VERSION="2.4.0" 3 | RELEASE_ID="246998" 4 | PRODUCT_SLUG="elastic-runtime" 5 | -------------------------------------------------------------------------------- /env/pas/2.4.1/pas.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_PAS_VERSION="2.4.1" 3 | RELEASE_ID="259105" 4 | PRODUCT_SLUG="elastic-runtime" -------------------------------------------------------------------------------- /env/pas/2.4.2/pas.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_PAS_VERSION="2.4.2" 3 | RELEASE_ID="281703" 4 | PRODUCT_SLUG="elastic-runtime" -------------------------------------------------------------------------------- /env/pas/2.4.3/pas.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_PAS_VERSION="2.4.3" 3 | RELEASE_ID="297394" 4 | PRODUCT_SLUG="elastic-runtime" -------------------------------------------------------------------------------- /env/pas/2.4.4/pas.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_PAS_VERSION="2.4.4" 3 | RELEASE_ID="309043" 4 | PRODUCT_SLUG="elastic-runtime" -------------------------------------------------------------------------------- /env/pas/2.5.0/pas.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_PAS_VERSION="2.5.0" 3 | RELEASE_ID="327873" 4 | PRODUCT_SLUG="elastic-runtime" -------------------------------------------------------------------------------- /env/pas/2.5.1/pas.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_PAS_VERSION="2.5.1" 3 | RELEASE_ID="339101" 4 | PRODUCT_SLUG="elastic-runtime" -------------------------------------------------------------------------------- /env/pas/2.5.2/pas.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_PAS_VERSION="2.5.2" 3 | RELEASE_ID="347828" 4 | PRODUCT_SLUG="elastic-runtime" -------------------------------------------------------------------------------- /env/pas/2.5.3/pas.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_PAS_VERSION="2.5.3" 3 | RELEASE_ID="363705" 4 | PRODUCT_SLUG="elastic-runtime" -------------------------------------------------------------------------------- /env/pas/2.5.4/pas.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_PAS_VERSION="2.5.4" 3 | RELEASE_ID="366062" 4 | PRODUCT_SLUG="elastic-runtime" -------------------------------------------------------------------------------- /env/pas/2.5.5/pas.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_PAS_VERSION="2.5.5" 3 | RELEASE_ID="390763" 4 | PRODUCT_SLUG="elastic-runtime" -------------------------------------------------------------------------------- /env/pivotal-mysql/2.5.3/pivotal-mysql.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="2.5.3" 3 | RELEASE_ID="276445" 4 | PRODUCT_SLUG="pivotal-mysql" -------------------------------------------------------------------------------- /env/pivotal-mysql/2.5.4/pivotal-mysql.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="2.5.4" 3 | RELEASE_ID="348862" 4 | PRODUCT_SLUG="pivotal-mysql" -------------------------------------------------------------------------------- /env/pivotal_single_sign-on_service/1.8.3/pivotal_single_sign-on_service.env: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PCF_VERSION="1.8.3" 3 | RELEASE_ID="347051" 4 | PRODUCT_SLUG="pivotal_single_sign-on_service" -------------------------------------------------------------------------------- /env/updates.txt: -------------------------------------------------------------------------------- 1 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/env/apm/1.6.0/apm.env 2 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/env/p-compliance-scanner/1.0.0-beta.7/p-compliance-scanner.env 3 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/env/masb/1.11.0/masb.env 4 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/env/pivotal-mysql/2.5.4/pivotal-mysql.env 5 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/env/p-rabbitmq/1.15.7/p-rabbitmq.env 6 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/env/pas/2.5.5/pas.env 7 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/env/pas-windows/2.5.1/pas-windows.env 8 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/env/p-spring-services/2.0.7/p-spring-services.env 9 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/env/kubernetes-service-manager/0.4.34/kubernetes-service-manager.env 10 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/env/p-healthwatch/1.5.2/p-healthwatch.env 11 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/env/pivotal_single_sign-on_service/1.8.3/pivotal_single_sign-on_service.env 12 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/env/p-isolation-segment/2.5.2/p-isolation-segment.env -------------------------------------------------------------------------------- /generate-customdata.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "customData": { 6 | "type": "object", 7 | "metadata": { 8 | "Description": "Custom Data Object" 9 | } 10 | } 11 | }, 12 | "variables": {}, 13 | "resources": [], 14 | "outputs": { 15 | "customData": { 16 | "type": "string", 17 | "value": "[base64(string(parameters('customData')))]" 18 | } 19 | } 20 | } -------------------------------------------------------------------------------- /patches/modules/pas/dns.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_dns_a_record" "apps" { 2 | name = "*.apps" 3 | zone_name = "${var.dns_zone_name}" 4 | resource_group_name = "${var.resource_group_name}" 5 | ttl = "60" 6 | records = ["${azurerm_public_ip.web-lb-public-ip.ip_address}"] 7 | } 8 | resource "azurerm_dns_a_record" "istio" { 9 | name = "*.mesh.apps" 10 | zone_name = "${var.dns_zone_name}" 11 | resource_group_name = "${var.resource_group_name}" 12 | ttl = "60" 13 | records = ["${azurerm_public_ip.istio-lb-public-ip.ip_address}"] 14 | } 15 | 16 | resource "azurerm_dns_a_record" "sys" { 17 | name = "*.sys" 18 | zone_name = "${var.dns_zone_name}" 19 | resource_group_name = "${var.resource_group_name}" 20 | ttl = "60" 21 | records = ["${azurerm_public_ip.web-lb-public-ip.ip_address}"] 22 | } 23 | 24 | resource "azurerm_dns_a_record" "ssh" { 25 | name = "ssh.sys" 26 | zone_name = "${var.dns_zone_name}" 27 | resource_group_name = "${var.resource_group_name}" 28 | ttl = "60" 29 | records = ["${azurerm_public_ip.diego-ssh-lb-public-ip.ip_address}"] 30 | } 31 | 32 | resource "azurerm_dns_a_record" "mysql" { 33 | name = "mysql" 34 | zone_name = "${var.dns_zone_name}" 35 | resource_group_name = "${var.resource_group_name}" 36 | ttl = "60" 37 | records = ["${azurerm_lb.mysql.frontend_ip_configuration.0.private_ip_address}"] 38 | } 39 | 40 | resource "azurerm_dns_a_record" "tcp" { 41 | name = "tcp" 42 | zone_name = "${var.dns_zone_name}" 43 | resource_group_name = "${var.resource_group_name}" 44 | ttl = "60" 45 | records = ["${azurerm_public_ip.tcp-lb-public-ip.ip_address}"] 46 | } 47 | -------------------------------------------------------------------------------- /patches/modules/pas/istiolb.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_public_ip" "istio-lb-public-ip" { 2 | name = "istio-lb-public-ip" 3 | location = "${var.location}" 4 | resource_group_name = "${var.resource_group_name}" 5 | allocation_method = "Static" 6 | sku = "Standard" 7 | idle_timeout_in_minutes = 30 8 | } 9 | 10 | resource "azurerm_lb" "istio" { 11 | name = "${var.env_name}-istio-lb" 12 | location = "${var.location}" 13 | resource_group_name = "${var.resource_group_name}" 14 | sku = "Standard" 15 | 16 | frontend_ip_configuration = { 17 | name = "frontendip" 18 | public_ip_address_id = "${azurerm_public_ip.istio-lb-public-ip.id}" 19 | } 20 | } 21 | 22 | resource "azurerm_lb_backend_address_pool" "istio-backend-pool" { 23 | name = "istio-backend-pool" 24 | resource_group_name = "${var.resource_group_name}" 25 | loadbalancer_id = "${azurerm_lb.istio.id}" 26 | } 27 | 28 | 29 | resource "azurerm_lb_rule" "istio-https-rule" { 30 | name = "istio-https-rule" 31 | resource_group_name = "${var.resource_group_name}" 32 | loadbalancer_id = "${azurerm_lb.istio.id}" 33 | 34 | frontend_ip_configuration_name = "frontendip" 35 | protocol = "TCP" 36 | frontend_port = 443 37 | backend_port = 443 38 | idle_timeout_in_minutes = 30 39 | 40 | backend_address_pool_id = "${azurerm_lb_backend_address_pool.istio-backend-pool.id}" 41 | probe_id = "${azurerm_lb_probe.istio-http-probe.id}" 42 | } 43 | 44 | resource "azurerm_lb_probe" "istio-http-probe" { 45 | name = "istio-http-probe" 46 | resource_group_name = "${var.resource_group_name}" 47 | loadbalancer_id = "${azurerm_lb.istio.id}" 48 | protocol = "http" 49 | port = 8002 50 | request_path = "/healthcheck" 51 | } 52 | 53 | resource "azurerm_lb_rule" "istio-http-rule" { 54 | name = "istio-http-rule" 55 | resource_group_name = "${var.resource_group_name}" 56 | loadbalancer_id = "${azurerm_lb.istio.id}" 57 | 58 | frontend_ip_configuration_name = "frontendip" 59 | protocol = "TCP" 60 | frontend_port = 80 61 | backend_port = 80 62 | idle_timeout_in_minutes = 30 63 | 64 | backend_address_pool_id = "${azurerm_lb_backend_address_pool.istio-backend-pool.id}" 65 | probe_id = "${azurerm_lb_probe.istio-http-probe.id}" 66 | } 67 | 68 | resource "azurerm_lb_rule" "istio-health-rule" { 69 | name = "istio-health-rule" 70 | resource_group_name = "${var.resource_group_name}" 71 | loadbalancer_id = "${azurerm_lb.istio.id}" 72 | 73 | frontend_ip_configuration_name = "frontendip" 74 | protocol = "TCP" 75 | frontend_port = "8002" 76 | backend_port = "8002" 77 | 78 | backend_address_pool_id = "${azurerm_lb_backend_address_pool.istio-backend-pool.id}" 79 | probe_id = "${azurerm_lb_probe.istio-http-probe.id}" 80 | } 81 | -------------------------------------------------------------------------------- /patches/modules/pas/outputs.tf: -------------------------------------------------------------------------------- 1 | output "mysql_dns" { 2 | value = "mysql.${azurerm_dns_a_record.mysql.zone_name}" 3 | } 4 | 5 | output "tcp_domain" { 6 | value = "tcp.${azurerm_dns_a_record.tcp.zone_name}" 7 | } 8 | 9 | output "sys_domain" { 10 | value = "sys.${azurerm_dns_a_record.sys.zone_name}" 11 | } 12 | 13 | output "apps_domain" { 14 | value = "apps.${azurerm_dns_a_record.apps.zone_name}" 15 | } 16 | 17 | output "mesh_domain" { 18 | value = "mesh.apps.${azurerm_dns_a_record.istio.zone_name}" 19 | } 20 | 21 | output "web_lb_name" { 22 | value = "${azurerm_lb.web.name}" 23 | } 24 | 25 | output "istio_lb_name" { 26 | value = "${azurerm_lb.istio.name}" 27 | } 28 | output "diego_ssh_lb_name" { 29 | value = "${azurerm_lb.diego-ssh.name}" 30 | } 31 | 32 | output "mysql_lb_name" { 33 | value = "${azurerm_lb.mysql.name}" 34 | } 35 | 36 | output "tcp_lb_name" { 37 | value = "${azurerm_lb.tcp.name}" 38 | } 39 | 40 | # Subnets 41 | 42 | output "pas_subnet_name" { 43 | value = "${azurerm_subnet.pas_subnet.name}" 44 | } 45 | 46 | output "pas_subnet_cidr" { 47 | value = "${azurerm_subnet.pas_subnet.address_prefix}" 48 | } 49 | 50 | output "pas_subnet_gateway" { 51 | value = "${cidrhost(azurerm_subnet.pas_subnet.address_prefix, 1)}" 52 | } 53 | 54 | output "services_subnet_name" { 55 | value = "${azurerm_subnet.services_subnet.name}" 56 | } 57 | 58 | output "services_subnet_cidr" { 59 | value = "${azurerm_subnet.services_subnet.address_prefix}" 60 | } 61 | 62 | output "services_subnet_gateway" { 63 | value = "${cidrhost(azurerm_subnet.services_subnet.address_prefix, 1)}" 64 | } 65 | 66 | # Storage 67 | 68 | output "cf_storage_account_name" { 69 | value = "${azurerm_storage_account.cf_storage_account.name}" 70 | } 71 | 72 | output "cf_storage_account_access_key" { 73 | sensitive = true 74 | value = "${azurerm_storage_account.cf_storage_account.primary_access_key}" 75 | } 76 | 77 | output "cf_droplets_storage_container_name" { 78 | value = "${azurerm_storage_container.cf_droplets_storage_container.name}" 79 | } 80 | 81 | output "cf_packages_storage_container_name" { 82 | value = "${azurerm_storage_container.cf_packages_storage_container.name}" 83 | } 84 | 85 | output "cf_resources_storage_container_name" { 86 | value = "${azurerm_storage_container.cf_resources_storage_container.name}" 87 | } 88 | 89 | output "cf_buildpacks_storage_container_name" { 90 | value = "${azurerm_storage_container.cf_buildpacks_storage_container.name}" 91 | } 92 | 93 | # Deprecated 94 | 95 | output "pas_subnet_cidrs" { 96 | value = ["${azurerm_subnet.pas_subnet.address_prefix}"] 97 | } 98 | 99 | output "services_subnet_cidrs" { 100 | value = ["${azurerm_subnet.services_subnet.address_prefix}"] 101 | } 102 | -------------------------------------------------------------------------------- /patches/outputs.tf: -------------------------------------------------------------------------------- 1 | output "iaas" { 2 | value = "azure" 3 | } 4 | 5 | output "subscription_id" { 6 | sensitive = true 7 | value = "${var.subscription_id}" 8 | } 9 | 10 | output "tenant_id" { 11 | sensitive = true 12 | value = "${var.tenant_id}" 13 | } 14 | 15 | output "client_id" { 16 | sensitive = true 17 | value = "${var.client_id}" 18 | } 19 | 20 | output "client_secret" { 21 | sensitive = true 22 | value = "${var.client_secret}" 23 | } 24 | 25 | output "ops_manager_dns" { 26 | value = "${module.ops_manager.dns_name}" 27 | } 28 | 29 | output "optional_ops_manager_dns" { 30 | value = "${module.ops_manager.optional_dns_name}" 31 | } 32 | 33 | output "mysql_dns" { 34 | value = "${module.pas.mysql_dns}" 35 | } 36 | 37 | output "tcp_domain" { 38 | value = "${module.pas.tcp_domain}" 39 | } 40 | 41 | output "sys_domain" { 42 | value = "${module.pas.sys_domain}" 43 | } 44 | 45 | output "apps_domain" { 46 | value = "${module.pas.apps_domain}" 47 | } 48 | 49 | output "env_dns_zone_name_servers" { 50 | value = "${module.infra.dns_zone_name_servers}" 51 | } 52 | 53 | output "ssl_cert" { 54 | sensitive = true 55 | value = "${length(module.certs.ssl_cert) > 0 ? module.certs.ssl_cert : var.ssl_cert}" 56 | } 57 | 58 | output "ssl_private_key" { 59 | sensitive = true 60 | value = "${length(module.certs.ssl_private_key) > 0 ? module.certs.ssl_private_key : var.ssl_private_key}" 61 | } 62 | 63 | output "iso_seg_ssl_cert" { 64 | sensitive = true 65 | value = "${module.isolation_segment.ssl_cert}" 66 | } 67 | 68 | output "iso_seg_ssl_private_key" { 69 | sensitive = true 70 | value = "${module.isolation_segment.ssl_private_key}" 71 | } 72 | 73 | output "web_lb_name" { 74 | value = "${module.pas.web_lb_name}" 75 | } 76 | 77 | output "diego_ssh_lb_name" { 78 | value = "${module.pas.diego_ssh_lb_name}" 79 | } 80 | 81 | output "mysql_lb_name" { 82 | value = "${module.pas.mysql_lb_name}" 83 | } 84 | 85 | output "istio_lb_name" { 86 | value = "${module.pas.istio_lb_name}" 87 | } 88 | output "tcp_lb_name" { 89 | value = "${module.pas.tcp_lb_name}" 90 | } 91 | 92 | output "network_name" { 93 | value = "${module.infra.network_name}" 94 | } 95 | 96 | output "infrastructure_subnet_name" { 97 | value = "${module.infra.infrastructure_subnet_name}" 98 | } 99 | 100 | output "infrastructure_subnet_cidr" { 101 | value = "${module.infra.infrastructure_subnet_cidr}" 102 | } 103 | 104 | output "infrastructure_subnet_gateway" { 105 | value = "${module.infra.infrastructure_subnet_gateway}" 106 | } 107 | 108 | # TODO(cdutra): PAS 109 | 110 | output "pas_subnet_name" { 111 | value = "${module.pas.pas_subnet_name}" 112 | } 113 | 114 | output "pas_subnet_cidr" { 115 | value = "${module.pas.pas_subnet_cidr}" 116 | } 117 | 118 | output "pas_subnet_gateway" { 119 | value = "${module.pas.pas_subnet_gateway}" 120 | } 121 | 122 | output "services_subnet_name" { 123 | value = "${module.pas.services_subnet_name}" 124 | } 125 | 126 | output "services_subnet_cidr" { 127 | value = "${module.pas.services_subnet_cidr}" 128 | } 129 | 130 | output "services_subnet_gateway" { 131 | value = "${module.pas.services_subnet_gateway}" 132 | } 133 | 134 | output "pcf_resource_group_name" { 135 | value = "${module.infra.resource_group_name}" 136 | } 137 | 138 | output "ops_manager_security_group_name" { 139 | value = "${module.infra.security_group_name}" 140 | } 141 | 142 | output "bosh_deployed_vms_security_group_name" { 143 | value = "${module.infra.bosh_deployed_vms_security_group_name}" 144 | } 145 | 146 | output "bosh_root_storage_account" { 147 | value = "${module.infra.bosh_root_storage_account}" 148 | } 149 | 150 | output "ops_manager_storage_account" { 151 | value = "${module.ops_manager.ops_manager_storage_account}" 152 | } 153 | 154 | output "cf_storage_account_name" { 155 | value = "${module.pas.cf_storage_account_name}" 156 | } 157 | 158 | output "cf_storage_account_access_key" { 159 | sensitive = true 160 | value = "${module.pas.cf_storage_account_access_key}" 161 | } 162 | 163 | output "cf_droplets_storage_container" { 164 | value = "${module.pas.cf_droplets_storage_container_name}" 165 | } 166 | 167 | output "cf_packages_storage_container" { 168 | value = "${module.pas.cf_packages_storage_container_name}" 169 | } 170 | 171 | output "cf_resources_storage_container" { 172 | value = "${module.pas.cf_resources_storage_container_name}" 173 | } 174 | 175 | output "cf_buildpacks_storage_container" { 176 | value = "${module.pas.cf_buildpacks_storage_container_name}" 177 | } 178 | 179 | output "ops_manager_ssh_public_key" { 180 | sensitive = true 181 | value = "${module.ops_manager.ops_manager_ssh_public_key}" 182 | } 183 | 184 | output "ops_manager_ssh_private_key" { 185 | sensitive = true 186 | value = "${module.ops_manager.ops_manager_ssh_private_key}" 187 | } 188 | 189 | output "ops_manager_public_ip" { 190 | value = "${module.ops_manager.ops_manager_public_ip}" 191 | } 192 | 193 | output "ops_manager_ip" { 194 | value = "${module.ops_manager.ops_manager_public_ip}" 195 | } 196 | 197 | output "optional_ops_manager_public_ip" { 198 | value = "${module.ops_manager.optional_ops_manager_public_ip}" 199 | } 200 | 201 | output "ops_manager_private_ip" { 202 | value = "${module.ops_manager.ops_manager_private_ip}" 203 | } 204 | 205 | output "isolation_segment" { 206 | value = { 207 | "lb_name" = "${module.isolation_segment.lb_name}" 208 | } 209 | } 210 | 211 | # Deprecated properties 212 | 213 | output "management_subnet_name" { 214 | value = "${module.infra.infrastructure_subnet_name}" 215 | } 216 | 217 | output "management_subnets" { 218 | value = ["${module.infra.infrastructure_subnet_name}"] 219 | } 220 | 221 | output "management_subnet_cidrs" { 222 | value = ["${module.infra.infrastructure_subnet_cidrs}"] 223 | } 224 | 225 | output "management_subnet_gateway" { 226 | value = "${module.infra.infrastructure_subnet_gateway}" 227 | } 228 | 229 | output "infrastructure_subnet_cidrs" { 230 | value = "${module.infra.infrastructure_subnet_cidrs}" 231 | } 232 | 233 | output "pas_subnet_cidrs" { 234 | value = "${module.pas.pas_subnet_cidrs}" 235 | } 236 | 237 | output "services_subnet_cidrs" { 238 | value = "${module.pas.services_subnet_cidrs}" 239 | } 240 | 241 | output "services_subnets" { 242 | value = ["${module.pas.services_subnet_name}"] 243 | } 244 | 245 | output "infrastructure_subnets" { 246 | value = ["${module.infra.infrastructure_subnet_name}"] 247 | } 248 | 249 | output "pas_subnets" { 250 | value = ["${module.pas.pas_subnet_name}"] 251 | } 252 | -------------------------------------------------------------------------------- /root_ca_certificate: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDUTCCAjmgAwIBAgIVANUgGVufgLcDJJMNTLuub1lBh+MvMA0GCSqGSIb3DQEB 3 | CwUAMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdQaXZvdGFsMB4XDTE5MDQxMDEw 4 | MTgxNFoXDTIzMDQxMTEwMTgxM1owHzELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB1Bp 5 | dm90YWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE48PBPKQbu/P3 6 | KV2BNlBuaAlj3d20DG8wDQu4TX/mM0RRpuT1vT247y7Jumm7zVV3baERFDqpkp4x 7 | uZVE66fsucvoRc64GFNf/rEs7XMvsuUkLUVnPHtDuNAL1irDYP/IVOsZ7BSXVIp+ 8 | t3gHsK5K+MU4Yl25/AfPBj2xOaU+sXPhXs04Zh1B39QKIg/jqX9kxfuB/wXLayBP 9 | oJ44lxdHyNfVgrBVJ6exjpdLYdLOcnRY+VLrRgdInOpI22Roevuw3qq8G1i1T5EQ 10 | aEvkHQZU3kdrhXGixRQheEtV/DM88x8agLbuj/VXx3L2mSmLEz27gkGpOr82e2B2 11 | M12/iPttAgMBAAGjgYMwgYAwHQYDVR0OBBYEFPY6HyQKVImY5dkENrSst3+He58O 12 | MB8GA1UdIwQYMBaAFPY6HyQKVImY5dkENrSst3+He58OMB0GA1UdJQQWMBQGCCsG 13 | AQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB 14 | BjANBgkqhkiG9w0BAQsFAAOCAQEAheIVAf3hcCV9AgMwn0RupI5sSGd5/LWfQXWQ 15 | j/AR8ACo++39Q5BqQhGRzoDHeRI1UC9S7xBFIQQJmAIHa18OBoByzUxYXDgu9Ewe 16 | gqN/8oXwc7PnX+sfho/J00kGMJoXSHJVYJLrq7ygwsgV/V1PN50abqE8v0jsmUeH 17 | Cm4kHzhvitjRZGJMFpoaau3XWTEGgxbOfAWDjklVR1ZR6n4td3ApAdvoho4EQ2Kn 18 | cPeSUclCaXM7wiWXanbP8X3motOk0waIzJDuQ4Ts6fp4HBg8ERwGZxXmBdP5yl5c 19 | C6EPSKaWvXUWUYcaDxgzeA8cfFogFhhCmIsWSbUrZYrqeWcEuA== 20 | -----END CERTIFICATE----- 21 | 22 | -------------------------------------------------------------------------------- /scripts/cf_startstop.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | POSITIONAL=() 3 | while [[ $# -gt 0 ]] 4 | do 5 | key="$1" 6 | case $key in 7 | -start|--START_DEPLOYMENTS) 8 | cf_start=TRUE 9 | echo $cf_start 10 | # shift # past value 11 | ;; 12 | -stop|--STOP_DEPLOYMENTS) 13 | cf_stop=TRUE 14 | echo $cf_stop 15 | ## shift # past value 16 | ;; 17 | -silent|--DONT_ASK) 18 | silent="-n" 19 | echo $silent 20 | ## shift # past value 21 | ;; 22 | *) # unknown option 23 | POSITIONAL+=("$1") # save it in an array for later 24 | shift # past argument 25 | ;; 26 | esac 27 | shift 28 | done 29 | 30 | source .env.sh 31 | export OM_TARGET=${PCF_OPSMAN_FQDN} 32 | export OM_USERNAME=${PCF_OPSMAN_USERNAME} 33 | export OM_PASSWORD="${PIVNET_UAA_TOKEN}" 34 | export $( \ 35 | om \ 36 | --skip-ssl-validation \ 37 | curl \ 38 | --silent \ 39 | --path /api/v0/deployed/director/credentials/bosh_commandline_credentials | \ 40 | jq --raw-output '.credential' \ 41 | ) 42 | 43 | 44 | DEPLOYMENTS=$(bosh deployments --json | jq -r ".Tables[].Rows[].name") 45 | 46 | REVERSE_DEPLOYMEMTS=$(echo $DEPLOYMENTS|tr ' ' '\n'|tac|tr '\n' ' ') 47 | 48 | if [ "$cf_stop" = "TRUE" ]; then 49 | for DEPLOYMENT in $REVERSE_DEPLOYMEMTS; do 50 | echo "$DEPLOYMENT found. Now Stopping" 51 | bosh -d $DEPLOYMENT vms 52 | bosh -d $DEPLOYMENT stop --hard $silent 53 | bosh -d $DEPLOYMENT vms 54 | done 55 | fi 56 | 57 | if [ "$cf_start" = "TRUE" ]; then 58 | for DEPLOYMENT in $DEPLOYMENTS; do 59 | echo "$DEPLOYMENT found. Now Starting" 60 | bosh -d $DEPLOYMENT vms 61 | bosh -d $DEPLOYMENT start $silent 62 | bosh -d $DEPLOYMENT vms 63 | done 64 | fi 65 | 66 | -------------------------------------------------------------------------------- /scripts/connect_om.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | source .env.sh 3 | export OM_TARGET=${PCF_OPSMAN_FQDN} 4 | export OM_USERNAME=${PCF_OPSMAN_USERNAME} 5 | export OM_PASSWORD="${PIVNET_UAA_TOKEN}" 6 | export $( \ 7 | om \ 8 | --env ${HOME}/om_${ENV_NAME}.env \ 9 | curl \ 10 | --silent \ 11 | --path /api/v0/deployed/director/credentials/bosh_commandline_credentials | \ 12 | jq --raw-output '.credential' \ 13 | ) 14 | 15 | sudo mkdir -p /var/tempest/workspaces/default 16 | 17 | sudo sh -c \ 18 | "om \ 19 | --env ${HOME}/om_${ENV_NAME}.env \ 20 | --target ${PCF_OPSMAN_FQDN} \ 21 | --username ${PCF_OPSMAN_USERNAME} \ 22 | --password ${PIVNET_UAA_TOKEN} \ 23 | curl \ 24 | --silent \ 25 | --path "/api/v0/security/root_ca_certificate" | 26 | jq --raw-output '.root_ca_certificate_pem' \ 27 | > /var/tempest/workspaces/default/root_ca_certificate" 28 | 29 | -------------------------------------------------------------------------------- /scripts/create_certs.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | source ~/.env.sh 3 | cd ${HOME_DIR} 4 | MYSELF=$(basename $0) 5 | mkdir -p ${LOG_DIR} 6 | exec &> >(tee -a "${LOG_DIR}/${MYSELF}.$(date '+%Y-%m-%d-%H').log") 7 | exec 2>&1 8 | 9 | git clone https://github.com/Neilpang/acme.sh.git ./acme.sh 10 | 11 | export AZUREDNS_SUBSCRIPTIONID=${AZURE_SUBSCRIPTION_ID} 12 | export AZUREDNS_TENANTID=${AZURE_TENANT_ID} 13 | export AZUREDNS_APPID=${AZURE_CLIENT_ID} 14 | export AZUREDNS_CLIENTSECRET=${AZURE_CLIENT_SECRET} 15 | DOMAIN="${PCF_SUBDOMAIN_NAME}.${PCF_DOMAIN_NAME}" 16 | ./acme.sh/acme.sh --issue \ 17 | --dns dns_azure \ 18 | --dnssleep 10 \ 19 | --force \ 20 | --debug \ 21 | -d ${DOMAIN} \ 22 | -d pcf.${DOMAIN} \ 23 | -d harbor.${DOMAIN} \ 24 | -d *.sys.${DOMAIN} \ 25 | -d *.apps.${DOMAIN} \ 26 | -d *.mesh.apps.${DOMAIN} \ 27 | -d *.login.sys.${DOMAIN} \ 28 | -d *.uaa.sys.${DOMAIN} \ 29 | -d *.pks.${DOMAIN} 30 | 31 | cp ${HOME_DIR}/.acme.sh/${DOMAIN}/${DOMAIN}.key ${HOME_DIR} 32 | cp ${HOME_DIR}/.acme.sh/${DOMAIN}/fullchain.cer ${HOME_DIR} 33 | cp ${HOME_DIR}/.acme.sh/${DOMAIN}/ca.cer ${HOME_DIR}/${DOMAIN}.ca.crt -------------------------------------------------------------------------------- /scripts/create_self_certs.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | source ~/.env.sh 3 | cd ${HOME_DIR} 4 | MYSELF=$(basename $0) 5 | mkdir -p ${LOG_DIR} 6 | exec &> >(tee -a "${LOG_DIR}/${MYSELF}.$(date '+%Y-%m-%d-%H').log") 7 | exec 2>&1 8 | DOMAIN="${PCF_SUBDOMAIN_NAME}.${PCF_DOMAIN_NAME}" 9 | 10 | : ${DOMAIN:?must be set the DNS domain root (ex: example.cf-app.com)} 11 | : ${KEY_BITS:=2048} 12 | : ${DAYS:=365} 13 | 14 | openssl req -new -x509 -nodes -sha256 -newkey rsa:${KEY_BITS} -days ${DAYS} -keyout ${DOMAIN}.ca.key.pkcs8 -out ${DOMAIN}.ca.crt -config <( cat << EOF 15 | [ req ] 16 | prompt = no 17 | distinguished_name = dn 18 | [ dn ] 19 | C = US 20 | O = Pivotal 21 | CN = Toolsmiths autogenerated CA 22 | EOF 23 | ) 24 | 25 | openssl rsa -in ${DOMAIN}.ca.key.pkcs8 -out ${DOMAIN}.ca.key 26 | 27 | openssl req -nodes -sha256 -newkey rsa:${KEY_BITS} -days ${DAYS} -keyout ${DOMAIN}.key -out ${DOMAIN}.csr -config <( cat << EOF 28 | [ req ] 29 | prompt = no 30 | distinguished_name = dn 31 | req_extensions = v3_req 32 | [ dn ] 33 | C = US 34 | O = Pivotal 35 | CN = *.${DOMAIN} 36 | [ v3_req ] 37 | subjectAltName = DNS:*.${DOMAIN}, DNS:*.apps.${DOMAIN}, DNS:*.sys.${DOMAIN}, DNS:*.login.sys.${DOMAIN}, DNS:*.uaa.sys.${DOMAIN}, DNS:*.pks.${DOMAIN} 38 | EOF 39 | ) 40 | 41 | openssl x509 -req -in ${DOMAIN}.csr -CA ${DOMAIN}.ca.crt -CAkey ${DOMAIN}.ca.key.pkcs8 -CAcreateserial -out ${DOMAIN}.host.crt -days ${DAYS} -sha256 -extfile <( cat << EOF 42 | basicConstraints = CA:FALSE 43 | subjectAltName = DNS:*.${DOMAIN}, DNS:*.apps.${DOMAIN}, DNS:*.sys.${DOMAIN}, DNS:*.login.sys.${DOMAIN}, DNS:*.uaa.sys.${DOMAIN}, DNS:*.pks.${DOMAIN} 44 | subjectKeyIdentifier = hash 45 | EOF 46 | ) 47 | 48 | cat ${DOMAIN}.host.crt ${DOMAIN}.ca.crt > fullchain.cer -------------------------------------------------------------------------------- /scripts/deploy_base.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | function retryop() 3 | { 4 | retry=0 5 | max_retries=$2 6 | interval=$3 7 | while [ ${retry} -lt ${max_retries} ]; do 8 | echo "Operation: $1, Retry #${retry}" 9 | eval $1 10 | if [ $? -eq 0 ]; then 11 | echo "Successful" 12 | break 13 | else 14 | let retry=retry+1 15 | echo "Sleep $interval seconds, then retry..." 16 | sleep $interval 17 | fi 18 | done 19 | if [ ${retry} -eq ${max_retries} ]; then 20 | echo "Operation failed: $1" 21 | exit 1 22 | fi 23 | } 24 | 25 | START_BASE_DEPLOY_TIME=$(date) 26 | echo ${START_BASE_DEPLOY_TIME} starting base deployment 27 | echo "Installing jq" 28 | retryop "apt-get update && apt-get install -y jq" 10 30 29 | 30 | function get_setting() { 31 | key=$1 32 | local value=$(echo $settings | jq ".$key" -r) 33 | echo $value 34 | } 35 | 36 | custom_data_file="/var/lib/cloud/instance/user-data.txt" 37 | settings=$(cat ${custom_data_file}) 38 | ADMIN_USERNAME=$(get_setting ADMIN_USERNAME) 39 | AZURE_CLIENT_ID=$(get_setting AZURE_CLIENT_ID) 40 | AZURE_CLIENT_SECRET=$(get_setting AZURE_CLIENT_SECRET) 41 | AZURE_SUBSCRIPTION_ID=$(get_setting AZURE_SUBSCRIPTION_ID) 42 | AZURE_TENANT_ID=$(get_setting AZURE_TENANT_ID) 43 | PIVNET_UAA_TOKEN=$(get_setting PIVNET_UAA_TOKEN) 44 | ENV_NAME=$(get_setting ENV_NAME) 45 | ENV_SHORT_NAME=$(get_setting ENV_SHORT_NAME) 46 | OPS_MANAGER_IMAGE_URI=$(get_setting OPS_MANAGER_IMAGE_URI) 47 | LOCATION=$(get_setting LOCATION) 48 | PCF_DOMAIN_NAME=$(get_setting PCF_DOMAIN_NAME) 49 | PCF_SUBDOMAIN_NAME=$(get_setting PCF_SUBDOMAIN_NAME) 50 | PCF_OPSMAN_USERNAME=$(get_setting PCF_OPSMAN_USERNAME) 51 | PCF_NOTIFICATIONS_EMAIL=$(get_setting PCF_NOTIFICATIONS_EMAIL) 52 | PAS_AUTOPILOT=$(get_setting PAS_AUTOPILOT) 53 | PCF_PAS_VERSION=$(get_setting PCF_PAS_VERSION) 54 | NET_16_BIT_MASK=$(get_setting NET_16_BIT_MASK) 55 | DOWNLOAD_DIR="/datadisks/disk1" 56 | SMTP_ADDRESS=$(get_setting SMTP_ADDRESS) 57 | SMTP_IDENTITY=$(get_setting SMTP_IDENTITY) 58 | SMTP_PASSWORD=$(get_setting SMTP_PASSWORD) 59 | SMTP_FROM=$(get_setting SMTP_FROM) 60 | SMTP_PORT=$(get_setting SMTP_PORT) 61 | SMTP_STARTTLS=$(get_setting SMTP_STARTTLS) 62 | USE_SELF_CERTS=$(get_setting USE_SELF_CERTS) 63 | JUMP_RG=$(get_setting JUMP_RG) 64 | JUMP_VNET=$(get_setting JUMP_VNET) 65 | PAS_EDITION=$(get_setting PAS_EDITION) 66 | AVAILABILITY_MODE=$(get_setting AVAILABILITY_MODE) 67 | 68 | 69 | HOME_DIR="/home/${ADMIN_USERNAME}" 70 | LOG_DIR="${HOME_DIR}/conductor/logs" 71 | SCRIPT_DIR="${HOME_DIR}/conductor/scripts" 72 | LOG_DIR="${HOME_DIR}/conductor/logs" 73 | ENV_DIR="${HOME_DIR}/conductor/env" 74 | TEMPLATE_DIR="${HOME_DIR}/conductor/templates" 75 | 76 | 77 | sudo -S -u ${ADMIN_USERNAME} mkdir -p ${TEMPLATE_DIR} 78 | sudo -S -u ${ADMIN_USERNAME} mkdir -p ${SCRIPT_DIR} 79 | sudo -S -u ${ADMIN_USERNAME} mkdir -p ${ENV_DIR} 80 | sudo -S -u ${ADMIN_USERNAME} mkdir -p ${LOG_DIR} 81 | 82 | 83 | 84 | cp *.sh ${SCRIPT_DIR} 85 | chown ${ADMIN_USERNAME}.${ADMIN_USERNAME} ${SCRIPT_DIR}/*.sh 86 | chmod 755 ${SCRIPT_DIR}/*.sh 87 | chmod +X ${SCRIPT_DIR}/*.sh 88 | 89 | cp *.yaml ${TEMPLATE_DIR} 90 | chown ${ADMIN_USERNAME}.${ADMIN_USERNAME} ${TEMPLATE_DIR}/*.yaml 91 | chmod 755 ${TEMPLATE_DIR}/*.yaml 92 | 93 | cp *.env ${ENV_DIR} 94 | chown ${ADMIN_USERNAME}.${ADMIN_USERNAME} ${ENV_DIR}/*.env 95 | chmod 755 ${ENV_DIR}/*.env 96 | 97 | ${SCRIPT_DIR}/vm-disk-utils-0.1.sh 98 | 99 | chown ${ADMIN_USERNAME}.${ADMIN_USERNAME} ${DOWNLOAD_DIR} 100 | chmod -R 755 ${DOWNLOAD_DIR} 101 | 102 | if [[ "${PCF_PAS_VERSION}" > "2.4.99" ]] && [[ "${AVAILABILITY_MODE}" == "availability_zones" ]] 103 | then 104 | echo "Applying Availability Zones Based Config" 105 | ZONES_LIST="['zone-1', 'zone-2', 'zone-3']" 106 | ZONES_MAP="[name: 'zone-1', name: 'zone-2', name: 'zone-3']" 107 | SINGLETON_ZONE="zone-1" 108 | AVAILABILITY_MODE=availability_zones 109 | 110 | elif [[ "${PCF_PAS_VERSION}" > "2.4.99" ]] && [[ "${AVAILABILITY_MODE}" == "availability_sets" ]] 111 | then 112 | ZONES_LIST="Availability Sets" 113 | SINGLETON_ZONE="Availability Sets" 114 | AVAILABILITY_MODE=availability_sets 115 | else 116 | echo "Applying Availability Sets Based Config" 117 | ZONES="'null'" 118 | SINGLETON_ZONE="'null'" 119 | AVAILABILITY_MODE=availability_sets 120 | fi 121 | 122 | $(cat <<-EOF > ${HOME_DIR}/.env.sh 123 | #!/usr/bin/env bash 124 | ADMIN_USERNAME="${ADMIN_USERNAME}" 125 | AZURE_CLIENT_SECRET="${AZURE_CLIENT_SECRET}" 126 | AZURE_CLIENT_ID="${AZURE_CLIENT_ID}" 127 | AZURE_TENANT_ID="${AZURE_TENANT_ID}" 128 | AZURE_SUBSCRIPTION_ID="${AZURE_SUBSCRIPTION_ID}" 129 | PIVNET_UAA_TOKEN="${PIVNET_UAA_TOKEN}" 130 | ENV_NAME="${ENV_NAME}" 131 | ENV_SHORT_NAME="${ENV_SHORT_NAME}" 132 | OPS_MANAGER_IMAGE_URI="${OPS_MANAGER_IMAGE_URI}" 133 | LOCATION="${LOCATION}" 134 | PCF_DOMAIN_NAME="${PCF_DOMAIN_NAME}" 135 | PCF_SUBDOMAIN_NAME="${PCF_SUBDOMAIN_NAME}" 136 | HOME_DIR="${HOME_DIR}" 137 | PCF_OPSMAN_USERNAME="${PCF_OPSMAN_USERNAME}" 138 | PCF_NOTIFICATIONS_EMAIL="${PCF_NOTIFICATIONS_EMAIL}" 139 | PAS_AUTOPILOT="${PAS_AUTOPILOT}" 140 | PCF_PAS_VERSION="${PCF_PAS_VERSION}" 141 | NET_16_BIT_MASK="${NET_16_BIT_MASK}" 142 | DOWNLOAD_DIR="${DOWNLOAD_DIR}" 143 | SMTP_ADDRESS="${SMTP_ADDRESS}" 144 | SMTP_IDENTITY="${SMTP_IDENTITY}" 145 | SMTP_PASSWORD="${SMTP_PASSWORD}" 146 | SMTP_FROM="${SMTP_FROM}" 147 | SMTP_PORT="${SMTP_PORT}" 148 | SMTP_STARTTLS="${SMTP_STARTTLS}" 149 | PAS_EDITION="${PAS_EDITION}" 150 | USE_SELF_CERTS="${USE_SELF_CERTS}" 151 | LOG_DIR=${LOG_DIR} 152 | ENV_DIR=${ENV_DIR} 153 | SCRIPT_DIR=${SCRIPT_DIR} 154 | TEMPLATE_DIR=${TEMPLATE_DIR} 155 | JUMP_RG=${JUMP_RG} 156 | JUMP_VNET=${JUMP_VNET} 157 | ZONES_LIST="${ZONES_LIST}" 158 | ZONES_MAP="${ZONES_MAP}" 159 | SINGLETON_ZONE=${SINGLETON_ZONE} 160 | AVAILABILITY_MODE=${AVAILABILITY_MODE} 161 | EOF 162 | ) 163 | chmod 600 ${HOME_DIR}/.env.sh 164 | chown ${ADMIN_USERNAME}.${ADMIN_USERNAME} ${HOME_DIR}/.env.sh 165 | 166 | sudo apt-get install apt-transport-https lsb-release software-properties-common -y 167 | AZ_REPO=$(lsb_release -cs) 168 | echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | \ 169 | sudo tee /etc/apt/sources.list.d/azure-cli.list 170 | 171 | sudo apt-key --keyring /etc/apt/trusted.gpg.d/Microsoft.gpg adv \ 172 | --keyserver packages.microsoft.com \ 173 | --recv-keys BC528686B50D79E339D3721CEB3E94ADBE1229CF 174 | 175 | sudo apt install software-properties-common 176 | sudo add-apt-repository ppa:tmate.io/archive --yes 177 | sudo apt update 178 | 179 | retryop "sudo apt -y install azure-cli unzip tmate" 10 30 180 | 181 | 182 | retryop "sudo apt -y install ruby ruby-dev gcc build-essential g++" 10 30 183 | sudo gem install cf-uaac 184 | 185 | wget -O terraform.zip https://releases.hashicorp.com/terraform/0.11.13/terraform_0.11.13_linux_amd64.zip && \ 186 | unzip terraform.zip && \ 187 | sudo mv terraform /usr/local/bin 188 | 189 | wget -O om https://github.com/pivotal-cf/om/releases/download/1.1.0/om-linux && \ 190 | chmod +x om && \ 191 | sudo mv om /usr/local/bin/ 192 | 193 | wget -O bosh https://s3.amazonaws.com/bosh-cli-artifacts/bosh-cli-5.5.0-linux-amd64 && \ 194 | chmod +x bosh && \ 195 | sudo mv bosh /usr/local/bin/ 196 | 197 | wget -O /tmp/bbr https://github.com/cloudfoundry-incubator/bosh-backup-and-restore/releases/download/v1.4.0/bbr-1.4.0-linux-amd64 && \ 198 | chmod +x /tmp/bbr && \ 199 | sudo mv /tmp/bbr /usr/local/bin/ 200 | # get pivnet UAA TOKEN 201 | 202 | cd ${HOME_DIR} 203 | source ${ENV_DIR}/pas.env 204 | AUTHENTICATION_RESPONSE=$(curl \ 205 | --fail \ 206 | --data "{\"refresh_token\": \"${PIVNET_UAA_TOKEN}\"}" \ 207 | https://network.pivotal.io/api/v2/authentication/access_tokens) 208 | 209 | PIVNET_ACCESS_TOKEN=$(echo ${AUTHENTICATION_RESPONSE} | jq -r '.access_token') 210 | # Get the release JSON for the PAS version you want to install: 211 | 212 | RELEASE_JSON=$(curl \ 213 | --fail \ 214 | "https://network.pivotal.io/api/v2/products/${PRODUCT_SLUG}/releases/${RELEASE_ID}") 215 | 216 | # ACCEPTING EULA 217 | 218 | EULA_ACCEPTANCE_URL=$(echo ${RELEASE_JSON} |\ 219 | jq -r '._links.eula_acceptance.href') 220 | 221 | curl \ 222 | --fail \ 223 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 224 | --request POST \ 225 | ${EULA_ACCEPTANCE_URL} 226 | 227 | # GET TERRAFORM FOR PCF AZURE 228 | 229 | DOWNLOAD_ELEMENT=$(echo ${RELEASE_JSON} |\ 230 | jq -r '.product_files[] | select(.aws_object_key | contains("terraforming-azure"))') 231 | 232 | FILENAME=$(echo ${DOWNLOAD_ELEMENT} |\ 233 | jq -r '.aws_object_key | split("/") | last') 234 | 235 | URL=$(echo ${DOWNLOAD_ELEMENT} |\ 236 | jq -r '._links.download.href') 237 | 238 | # download terraform 239 | 240 | curl \ 241 | --fail \ 242 | --location \ 243 | --output ${FILENAME} \ 244 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 245 | ${URL} 246 | sudo -S -u ${ADMIN_USERNAME} unzip ${FILENAME} 247 | cd ./pivotal-cf-terraforming-azure-*/ 248 | cd terraforming-pas 249 | 250 | PATCH_SERVER="https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/patches/" 251 | wget -q ${PATCH_SERVER}modules/pas/dns.tf -O ../modules/pas/dns.tf 252 | wget -q ${PATCH_SERVER}modules/pas/istiolb.tf -O ../modules/pas/istiolb.tf 253 | wget -q ${PATCH_SERVER}modules/pas/outputs.tf -O ../modules/pas/outputs.tf 254 | wget -q ${PATCH_SERVER}outputs.tf -O outputs.tf 255 | 256 | # preparation work for terraform 257 | cat << EOF > terraform.tfvars 258 | client_id = "${AZURE_CLIENT_ID}" 259 | client_secret = "${AZURE_CLIENT_SECRET}" 260 | subscription_id = "${AZURE_SUBSCRIPTION_ID}" 261 | tenant_id = "${AZURE_TENANT_ID}" 262 | env_name = "${ENV_NAME}" 263 | env_short_name = "${ENV_SHORT_NAME}" 264 | ops_manager_image_uri = "${OPS_MANAGER_IMAGE_URI}" 265 | location = "${LOCATION}" 266 | dns_suffix = "${PCF_DOMAIN_NAME}" 267 | dns_subdomain = "${PCF_SUBDOMAIN_NAME}" 268 | ops_manager_private_ip = "${NET_16_BIT_MASK}.8.4" 269 | pcf_infrastructure_subnet = "${NET_16_BIT_MASK}.8.0/26" 270 | pcf_pas_subnet = "${NET_16_BIT_MASK}.0.0/22" 271 | pcf_services_subnet = "${NET_16_BIT_MASK}.4.0/22" 272 | pcf_virtual_network_address_space = ["${NET_16_BIT_MASK}.0.0/16"] 273 | EOF 274 | chmod 755 terraform.tfvars 275 | chown ${ADMIN_USERNAME}.${ADMIN_USERNAME} terraform.tfvars 276 | sudo -S -u ${ADMIN_USERNAME} terraform init 277 | sudo -S -u ${ADMIN_USERNAME} terraform plan -out=plan 278 | retryop "sudo -S -u ${ADMIN_USERNAME} terraform apply -auto-approve" 3 10 279 | 280 | sudo -S -u ${ADMIN_USERNAME} terraform output ops_manager_ssh_private_key > ${HOME_DIR}/opsman 281 | # sudo -S -u ${ADMIN_USERNAME} chmod 600 ${HOME_DIR}/opsman 282 | 283 | # PCF_NETWORK=$(terraform output network_name) 284 | 285 | ## create network peerings 286 | 287 | 288 | END_BASE_DEPLOY_TIME=$(date) 289 | echo ${END_BASE_DEPLOY_TIME} end base deployment 290 | $(cat <<-EOF >> ${HOME_DIR}/.env.sh 291 | EOF 292 | ) 293 | echo "Base install finished, now initializing opsman, see logfiles in ${LOG_DIR}" 294 | su ${ADMIN_USERNAME} -c "nohup ${SCRIPT_DIR}/om_init.sh ${HOME_DIR} >/dev/null 2>&1 &" 295 | -------------------------------------------------------------------------------- /scripts/deploy_masb.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | source ~/.env.sh 3 | cd ${HOME_DIR} 4 | MYSELF=$(basename $0) 5 | mkdir -p ${LOG_DIR} 6 | exec &> >(tee -a "${LOG_DIR}/${MYSELF}.$(date '+%Y-%m-%d-%H').log") 7 | exec 2>&1 8 | POSITIONAL=() 9 | while [[ $# -gt 0 ]] 10 | do 11 | key="$1" 12 | case $key in 13 | -n|--NO_DOWNLOAD) 14 | NO_DOWNLOAD=TRUE 15 | echo "No download is ${NO_DOWNLOAD}" 16 | # shift # past value if arg value 17 | ;; 18 | -d|--DO_NOT_APPLY_CHANGES) 19 | NO_APPLY=TRUE 20 | echo "No APPLY is ${NO_APPLY}" 21 | # shift # past value ia arg value 22 | ;; 23 | -a|--APPLY_ALL) 24 | APPLY_ALL=TRUE 25 | echo "APPLY ALL is ${NO_APPLY}" 26 | # shift # past value ia arg value 27 | ;; 28 | -nodb|--DO_NOT_CREATE_SQLDB_INSTANCE) 29 | NO_SQLDB=TRUE 30 | echo "No SQL DB CREATION is ${NO_SQLDB}" 31 | # shift # past value ia arg value 32 | ;; 33 | *) # unknown option 34 | POSITIONAL+=("$1") # save it in an array for later 35 | shift # past argument 36 | ;; 37 | esac 38 | shift 39 | done 40 | set -- "${POSITIONAL[@]}" # restore positional parameters 41 | 42 | 43 | export OM_TARGET=${PCF_OPSMAN_FQDN} 44 | export OM_USERNAME=${PCF_OPSMAN_USERNAME} 45 | export OM_PASSWORD="${PIVNET_UAA_TOKEN}" 46 | START_OSBA_DEPLOY_TIME=$(date) 47 | $(cat <<-EOF >> ${HOME_DIR}/.env.sh 48 | EOF 49 | ) 50 | 51 | source ${ENV_DIR}/masb.env 52 | 53 | PIVNET_ACCESS_TOKEN=$(curl \ 54 | --fail \ 55 | --header "Content-Type: application/json" \ 56 | --data "{\"refresh_token\": \"${PIVNET_UAA_TOKEN}\"}" \ 57 | https://network.pivotal.io/api/v2/authentication/access_tokens |\ 58 | jq -r '.access_token') 59 | 60 | RELEASE_JSON=$(curl \ 61 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 62 | --fail \ 63 | "https://network.pivotal.io/api/v2/products/${PRODUCT_SLUG}/releases/${RELEASE_ID}") 64 | # eula acceptance link 65 | EULA_ACCEPTANCE_URL=$(echo ${RELEASE_JSON} |\ 66 | jq -r '._links.eula_acceptance.href') 67 | 68 | DOWNLOAD_DIR_FULL=${DOWNLOAD_DIR}/${PRODUCT_SLUG}/${PCF_OSBA_VERSION} 69 | mkdir -p ${DOWNLOAD_DIR_FULL} 70 | 71 | curl \ 72 | --fail \ 73 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 74 | --request POST \ 75 | ${EULA_ACCEPTANCE_URL} 76 | 77 | 78 | # download product using om cli 79 | if [ -z ${NO_DOWNLOAD} ] ; then 80 | echo "$(date) start downloading ${PRODUCT_SLUG}" 81 | 82 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 83 | download-product \ 84 | --pivnet-api-token ${PIVNET_UAA_TOKEN} \ 85 | --pivnet-file-glob "*.pivotal" \ 86 | --pivnet-product-slug ${PRODUCT_SLUG} \ 87 | --product-version ${PCF_OSBA_VERSION} \ 88 | --output-directory ${DOWNLOAD_DIR_FULL} 89 | echo "$(date) end downloading ${PRODUCT_SLUG}" 90 | else 91 | echo "ignoring download by user " 92 | fi 93 | 94 | TARGET_FILENAME=$(cat ${DOWNLOAD_DIR_FULL}/download-file.json | jq -r '.product_path') 95 | # Import the tile to Ops Manager. 96 | echo "$(date) start uploading ${PRODUCT_SLUG}" 97 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 98 | --request-timeout 3600 \ 99 | upload-product \ 100 | --product ${TARGET_FILENAME} 101 | 102 | echo "$(date) end uploading ${PRODUCT_SLUG}" 103 | 104 | # 1. Find the version of the product that was imported. 105 | PRODUCTS=$(om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 106 | available-products \ 107 | --format json) 108 | 109 | VERSION=$(echo ${PRODUCTS} |\ 110 | jq --arg product_name ${PRODUCT_SLUG} -r 'map(select(.name==$product_name)) | first | .version') 111 | 112 | 113 | # 2. Stage using om cli 114 | echo "$(date) start staging ${PRODUCT_SLUG}" 115 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 116 | stage-product \ 117 | --product-name ${PRODUCT_SLUG} \ 118 | --product-version ${VERSION} 119 | echo "$(date) end staging ${PRODUCT_SLUG}" 120 | 121 | 122 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 123 | assign-stemcell \ 124 | --product ${PRODUCT_SLUG} \ 125 | --stemcell latest 126 | 127 | echo "$(date) start creating ${ENV_SHORT_NAME}sql" 128 | 129 | az login --service-principal \ 130 | --username ${AZURE_CLIENT_ID} \ 131 | --password ${AZURE_CLIENT_SECRET} \ 132 | --tenant ${AZURE_TENANT_ID} 133 | 134 | if [ -z ${NO_SQLDB} ] ; then 135 | MY_SQLDB_SERVER=$(az sql server create \ 136 | --admin-password $PIVNET_UAA_TOKEN \ 137 | --admin-user sqladmin \ 138 | --location ${LOCATION} \ 139 | --name ${ENV_SHORT_NAME}sql \ 140 | --resource-group ${ENV_NAME}) 141 | 142 | 143 | while [[ $(az sql server show \ 144 | --name ${ENV_SHORT_NAME}sql \ 145 | --resource-group ${ENV_NAME} \ 146 | --out tsv \ 147 | --query state) != 'Ready' ]]; do 148 | echo "SQL still not finished provisioning. Trying again in 20 seconds." 149 | sleep 20 150 | if [[ $(az sql server show \ 151 | --name ${ENV_SHORT_NAME}sql \ 152 | --resource-group ${ENV_NAME} \ 153 | --out tsv \ 154 | --query provisioningState) == 'failed' ]]; then 155 | echo "SQL Provisioning failed." 156 | exit 1 157 | fi 158 | done 159 | echo "sql provisioned." 160 | echo "$(date) end creating ${ENV_SHORT_NAME}sql" 161 | echo "$(date) creating Dadabase masb${ENV_SHORT_NAME}sql" 162 | az sql db create \ 163 | --resource-group ${ENV_NAME} \ 164 | --server ${ENV_SHORT_NAME}sql \ 165 | --resource-group ${ENV_NAME} \ 166 | --name masb${ENV_SHORT_NAME}sql 167 | echo "$(date) end creating Dadabase masb${ENV_SHORT_NAME}sql" 168 | else 169 | MY_SQLDB_SERVER=$(az sql server show \ 170 | --name ${ENV_SHORT_NAME}sql \ 171 | --resource-group ${ENV_NAME}) 172 | fi 173 | 174 | 175 | cat << EOF > ${TEMPLATE_DIR}/masb_vars.yaml 176 | product_name: ${PRODUCT_SLUG} 177 | pcf_pas_network: pcf-pas-subnet 178 | azure_subscription_id: ${AZURE_SUBSCRIPTION_ID} 179 | azure_tenant_id: ${AZURE_TENANT_ID} 180 | azure_client_id: ${AZURE_CLIENT_ID} 181 | azure_client_secret: ${AZURE_CLIENT_SECRET} 182 | azure_broker_database_server: ${ENV_SHORT_NAME}sql.database.windows.net 183 | azure_broker_database_name: masb${ENV_SHORT_NAME}sql 184 | azure_broker_database_password: ${PIVNET_UAA_TOKEN} 185 | azure_broker_database_encryption_key: $(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) 186 | EOF 187 | 188 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 189 | configure-product \ 190 | -c ${TEMPLATE_DIR}/masb.yaml -l ${TEMPLATE_DIR}/masb_vars.yaml 191 | 192 | echo "$(date) start apply ${PRODUCT_SLUG}" 193 | 194 | if [ ! -z ${NO_APPLY} ] ; then 195 | echo "No Product Apply" 196 | elif [ ! -z ${APPLY_ALL} ] ; then 197 | echo "APPLY_ALL" 198 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 199 | apply-changes 200 | else 201 | echo "APPLY Product" 202 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 203 | apply-changes \ 204 | --product-name ${PRODUCT_SLUG} 205 | fi 206 | echo "$(date) end apply ${PRODUCT_SLUG}" -------------------------------------------------------------------------------- /scripts/deploy_p-compliance-scanner.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | source ~/.env.sh 3 | cd ${HOME_DIR} 4 | MYSELF=$(basename $0) 5 | IFS='_' read -r TASK PRODUCT_SLUG <<< "${MYSELF}" 6 | PRODUCT_SLUG=$(echo "${PRODUCT_SLUG}" | cut -f 1 -d '.') 7 | echo "We got ${PRODUCT_SLUG}" 8 | 9 | mkdir -p ${LOG_DIR} 10 | exec &> >(tee -a "${LOG_DIR}/${MYSELF}.$(date '+%Y-%m-%d-%H').log") 11 | exec 2>&1 12 | POSITIONAL=() 13 | while [[ $# -gt 0 ]] 14 | do 15 | key="$1" 16 | 17 | case $key in 18 | -n|--NO_DOWNLOAD) 19 | NO_DOWNLOAD=TRUE 20 | echo "No download is ${NO_DOWNLOAD}" 21 | # shift # past value if arg value 22 | ;; 23 | -d|--DO_NOT_APPLY_CHANGES) 24 | NO_APPLY=TRUE 25 | echo "No APPLY is ${NO_APPLY}" 26 | # shift # past value ia arg value 27 | ;; 28 | -a|--APPLY_ALL) 29 | APPLY_ALL=TRUE 30 | echo "APPLY ALL is ${NO_APPLY}" 31 | # shift # past value ia arg value 32 | ;; 33 | *) # unknown option 34 | POSITIONAL+=("$1") # save it in an array for later 35 | shift # past argument 36 | ;; 37 | esac 38 | shift 39 | done 40 | set -- "${POSITIONAL[@]}" # restore positional parameters 41 | 42 | cat << EOF > ${TEMPLATE_DIR}/${PRODUCT_SLUG}_vars.yaml 43 | product_name: scanner 44 | pcf_pas_network: pcf-pas-subnet 45 | pcf_service_network: pcf-services-subnet 46 | EOF 47 | 48 | echo "Caller evaluation" 49 | 50 | if [ ! -z "$NO_APPLY" ] ; then 51 | echo "calling tile Installer with No Product Apply" 52 | ${SCRIPT_DIR}/deploy_tile.sh -t ${PRODUCT_SLUG} -d 53 | 54 | elif [ ! -z ${APPLY_ALL} ] ; then 55 | echo "calling tile Installer with apply All for ${PRODUCT_SLUG}" 56 | ${SCRIPT_DIR}/deploy_tile.sh -t ${PRODUCT_SLUG} 57 | else 58 | echo "calling tile Installer with Product Apply" 59 | ${SCRIPT_DIR}/deploy_tile.sh -t ${PRODUCT_SLUG} -a 60 | fi 61 | echo "$(date) end deploy ${PRODUCT_SLUG}" -------------------------------------------------------------------------------- /scripts/deploy_pas.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | source ~/.env.sh 3 | cd ${HOME_DIR} 4 | MYSELF=$(basename $0) 5 | mkdir -p ${LOG_DIR} 6 | exec &> >(tee -a "${LOG_DIR}/${MYSELF}.$(date '+%Y-%m-%d-%H').log") 7 | exec 2>&1 8 | POSITIONAL=() 9 | while [[ $# -gt 0 ]] 10 | do 11 | key="$1" 12 | 13 | case $key in 14 | -n|--NO_DOWNLOAD) 15 | NO_DOWNLOAD=TRUE 16 | echo "No download is ${NO_DOWNLOAD}" 17 | # shift # past value if arg value 18 | ;; 19 | -i|--INSTANCES) 20 | INSTANCES="$2" 21 | echo "instances is ${INSTANCES}" 22 | shift # past value if arg value 23 | ;; 24 | -d|--DO_NOT_APPLY_CHANGES) 25 | NO_APPLY=TRUE 26 | echo "No APPLY is ${NO_APPLY}" 27 | # shift # past value ia arg value 28 | ;; 29 | -a|--APPLY_ALL) 30 | APPLY_ALL=TRUE 31 | echo "APPLY ALL is ${NO_APPLY}" 32 | # shift # past value ia arg value 33 | ;; 34 | *) # unknown option 35 | POSITIONAL+=("$1") # save it in an array for later 36 | shift # past argument 37 | ;; 38 | esac 39 | shift 40 | done 41 | set -- "${POSITIONAL[@]}" # restore positional parameters 42 | if [ -z ${INSTANCES} ] ; then 43 | INSTANCES=3 44 | fi 45 | 46 | declare -a FILES=("${HOME_DIR}/${PCF_SUBDOMAIN_NAME}.${PCF_DOMAIN_NAME}.key" \ 47 | "${HOME_DIR}/fullchain.cer") 48 | for FILE in "${FILES[@]}"; do 49 | if [ ! -f $FILE ]; then 50 | echo "$FILE not found. running Create Self Certs " 51 | ${SCRIPT_DIR}/create_self_certs.sh 52 | fi 53 | done 54 | 55 | if [[ "${PCF_PAS_VERSION}" > "2.4.99" ]] && [[ "${AVAILABILITY_MODE}" == "availability_zones" ]] 56 | then 57 | echo "Applying Availability Zones Based Config" 58 | ZONES_LIST="['zone-1', 'zone-2', 'zone-3']" 59 | ZONES_MAP="[name: 'zone-1', name: 'zone-2', name: 'zone-3']" 60 | SINGLETON_ZONE="zone-1" 61 | AVAILABILITY_MODE=availability_zones 62 | 63 | elif [[ "${PCF_PAS_VERSION}" > "2.4.99" ]] && [[ "${AVAILABILITY_MODE}" == "availability_sets" ]] 64 | then 65 | echo "Applying Availability Sets Based NULL Config" 66 | ZONES_LIST="Availability Sets" 67 | SINGLETON_ZONE="Availability Sets" 68 | AVAILABILITY_MODE=availability_sets 69 | else 70 | echo "Applying Availability Sets Based NULL Config" 71 | ZONES_LIST="'null'" 72 | SINGLETON_ZONE="'null'" 73 | AVAILABILITY_MODE=availability_sets 74 | fi 75 | 76 | START_PAS_DEPLOY_TIME=$(date) 77 | 78 | source ${ENV_DIR}/pas.env 79 | PCF_OPSMAN_ADMIN_PASSWD=${PIVNET_UAA_TOKEN} 80 | PCF_KEY_PEM=$(cat ${HOME_DIR}/${PCF_SUBDOMAIN_NAME}.${PCF_DOMAIN_NAME}.key | awk '{printf "%s\\r\\n", $0}') 81 | PCF_CERT_PEM=$(cat ${HOME_DIR}/fullchain.cer | awk '{printf "%s\\r\\n", $0}') 82 | PCF_CREDHUB_KEY="01234567890123456789" 83 | PRODUCT_NAME=cf 84 | PCF_APPS_DOMAIN="apps.${PCF_SUBDOMAIN_NAME}.${PCF_DOMAIN_NAME}" 85 | PCF_SYSTEM_DOMAIN="sys.${PCF_SUBDOMAIN_NAME}.${PCF_DOMAIN_NAME}" 86 | PCF_WEB_LB="${ENV_NAME}-web-lb" 87 | PCF_DIEGO_SSH_LB="${ENV_NAME}-diego-ssh-lb" 88 | PCF_MYSQL_LB="${ENV_NAME}-mysql-lb" 89 | PCF_ISTIO_LB="${ENV_NAME}-istio-lb" 90 | 91 | #Authenticate pivnet 92 | 93 | PIVNET_ACCESS_TOKEN=$(curl \ 94 | --fail \ 95 | --header "Content-Type: application/json" \ 96 | --data "{\"refresh_token\": \"${PIVNET_UAA_TOKEN}\"}" \ 97 | https://network.pivotal.io/api/v2/authentication/access_tokens |\ 98 | jq -r '.access_token') 99 | 100 | # release by slug 101 | RELEASE_JSON=$(curl \ 102 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 103 | --fail \ 104 | "https://network.pivotal.io/api/v2/products/${PRODUCT_SLUG}/releases/${RELEASE_ID}") 105 | # eula acceptance link 106 | EULA_ACCEPTANCE_URL=$(echo ${RELEASE_JSON} |\ 107 | jq -r '._links.eula_acceptance.href') 108 | echo "Accepting EULA for ${PRODUCT_SLUG}" 109 | # eula acceptance 110 | curl \ 111 | --fail \ 112 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 113 | --request POST \ 114 | ${EULA_ACCEPTANCE_URL} 115 | 116 | 117 | DOWNLOAD_DIR_FULL=${DOWNLOAD_DIR}/$PRODUCT_SLUG/${PCF_PAS_VERSION}-${PAS_EDITION} 118 | mkdir -p ${DOWNLOAD_DIR_FULL} 119 | 120 | 121 | # download product using om cli 122 | if [ -z ${NO_DOWNLOAD} ] ; then 123 | echo $(date) start downloading ${PRODUCT_SLUG} 124 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 125 | download-product \ 126 | --pivnet-api-token ${PIVNET_UAA_TOKEN} \ 127 | --pivnet-file-glob "${PAS_EDITION}*.pivotal" \ 128 | --pivnet-product-slug ${PRODUCT_SLUG} \ 129 | --product-version ${PCF_PAS_VERSION} \ 130 | --output-directory ${DOWNLOAD_DIR_FULL} 131 | echo $(date) end downloading ${PRODUCT_SLUG} 132 | else 133 | echo ignoring download by user 134 | fi 135 | 136 | TARGET_FILENAME=$(cat ${DOWNLOAD_DIR_FULL}/download-file.json | jq -r '.product_path') 137 | # Import the tile to Ops Manager. 138 | echo $(date) start uploading ${PRODUCT_SLUG} 139 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 140 | --request-timeout 3600 \ 141 | upload-product \ 142 | --product ${TARGET_FILENAME} 143 | 144 | echo $(date) end uploading ${PRODUCT_SLUG} 145 | 146 | # 1. Find the version of the product that was imported. 147 | PRODUCTS=$(om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 148 | available-products \ 149 | --format json) 150 | 151 | VERSION=$(echo ${PRODUCTS} |\ 152 | jq --arg product_name ${PRODUCT_NAME} -r 'map(select(.name==$product_name)) | first | .version') 153 | 154 | # 2. Stage using om cli 155 | echo $(date) start staging ${PRODUCT_SLUG} 156 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 157 | stage-product \ 158 | --product-name ${PRODUCT_NAME} \ 159 | --product-version ${VERSION} 160 | echo $(date) end staging ${PRODUCT_SLUG} 161 | 162 | 163 | $SCRIPT_DIR/stemcell_loader.sh -s 250 164 | 165 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 166 | assign-stemcell \ 167 | --product ${PRODUCT_NAME} \ 168 | --stemcell latest 169 | 170 | echo $(date) start configure ${PRODUCT_NAME} 171 | cat << EOF > ${TEMPLATE_DIR}/pas_vars.yaml 172 | pcf_pas_network: pcf-pas-subnet 173 | pcf_system_domain: ${PCF_SYSTEM_DOMAIN} 174 | pcf_apps_domain: ${PCF_APPS_DOMAIN} 175 | pcf_notifications_email: ${PCF_NOTIFICATIONS_EMAIL} 176 | pcf_cert_pem: "${PCF_CERT_PEM}" 177 | pcf_key_pem: "${PCF_KEY_PEM}" 178 | pcf_credhub_key: "${PCF_CREDHUB_KEY}" 179 | pcf_diego_ssh_lb: ${PCF_DIEGO_SSH_LB} 180 | pcf_mysql_lb: ${PCF_MYSQL_LB} 181 | pcf_web_lb: ${PCF_WEB_LB} 182 | pcf_istio_lb: ${PCF_ISTIO_LB} 183 | smtp_address: "${SMTP_ADDRESS}" 184 | smtp_identity: "${SMTP_IDENTITY}" 185 | smtp_password: "${SMTP_PASSWORD}" 186 | smtp_from: "${SMTP_FROM}" 187 | smtp_port: "${SMTP_PORT}" 188 | smtp_enable_starttls_auto: "${SMTP_STARTTLS}" 189 | cloud_controller.encrypt_key: "${PIVNET_UAA_TOKEN}" 190 | compute_instances: ${INSTANCES} 191 | product_name: cf 192 | singleton_zone: ${SINGLETON_ZONE} 193 | zones_map: ${ZONES_MAP} 194 | zones_list: ${ZONES_LIST} 195 | EOF 196 | 197 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 198 | configure-product \ 199 | -c ${TEMPLATE_DIR}/pas-${PAS_EDITION}.yaml -l ${TEMPLATE_DIR}/pas_vars.yaml 200 | ### 201 | echo $(date) end configure ${PRODUCT_NAME} 202 | 203 | 204 | echo $(date) start apply ${PRODUCT_SLUG} 205 | 206 | if [ ! -z ${NO_APPLY} ] ; then 207 | echo "No Product Apply" 208 | elif [ ! -z ${APPLY_ALL} ] ; then 209 | echo "APPLY_ALL" 210 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 211 | apply-changes 212 | else 213 | echo "APPLY Product" 214 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 215 | apply-changes \ 216 | --product-name ${PRODUCT_SLUG} 217 | fi 218 | echo $(date) end apply ${PRODUCT_SLUG} 219 | 220 | END_PAS_DEPLOY_TIME=$(date) 221 | 222 | echo Started ${PRODUCT_SLUG} deployment at ${START_PAS_DEPLOY_TIME} 223 | echo Finished ${PRODUCT_SLUG} Deployment at ${END_PAS_DEPLOY_TIME} -------------------------------------------------------------------------------- /scripts/deploy_tile.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | source ~/.env.sh 3 | 4 | cd ${HOME_DIR} 5 | MYSELF=$(basename $0) 6 | POSITIONAL=() 7 | while [[ $# -gt 0 ]] 8 | do 9 | key="$1" 10 | 11 | case $key in 12 | -n|--NO_DOWNLOAD) 13 | NO_DOWNLOAD=TRUE 14 | echo "No download is ${NO_DOWNLOAD}" 15 | #shift # past value if arg value 16 | ;; 17 | -d|--DO_NOT_APPLY_CHANGES) 18 | NO_APPLY=TRUE 19 | echo "No APPLY is ${NO_APPLY}" 20 | #shift # past value ia arg value 21 | ;; 22 | -a|--APPLY_ALL) 23 | APPLY_ALL=TRUE 24 | echo "APPLY ALL is ${APPLY_ALL}" 25 | #shift # past value ia arg value 26 | ;; 27 | -t|--TILE) 28 | TILE="$2" 29 | echo "TILE IS ${TILE}" 30 | shift # past value ia arg value 31 | ;; 32 | -s|--LOAD_STEMCELL) 33 | LOAD_STEMCELL=TRUE 34 | echo "LOAD_STEMCELL IS ${LOAD_STEMCELL}" 35 | #shift # past value ia arg value 36 | ;; 37 | *) # unknown option 38 | POSITIONAL+=("$1") # save it in an array for later 39 | #shift # past argument 40 | ;; 41 | esac 42 | shift 43 | done 44 | set -- "${POSITIONAL[@]}" # restore positional parameters 45 | 46 | TILES="apm \ 47 | p-spring-services \ 48 | pivotal-mysql \ 49 | p-rabbitmq \ 50 | p-healthwatch \ 51 | kubernetes-service-manager \ 52 | pas-windows \ 53 | pivotal_single_sign-on_service \ 54 | p-isolation-segment \ 55 | " 56 | 57 | if [[ " ${TILES} " =~ " $TILE " ]] 58 | then 59 | echo "Starting deployment of ${TILE}" 60 | else 61 | echo "mandatory '-t | --TILE ' was not used or ${TILE} not one of '${TILES}'" 62 | exit 1 63 | fi 64 | 65 | mkdir -p ${LOG_DIR} 66 | exec &> >(tee -a "${LOG_DIR}/${TILE}.$(date '+%Y-%m-%d-%H-%M-%S').log") 67 | exec 2>&1 68 | 69 | 70 | echo $(date) start deploy ${TILE} 71 | 72 | source ${ENV_DIR}/${TILE}.env 73 | 74 | echo "retrieving pivnet access token from refresh token" 75 | 76 | PIVNET_ACCESS_TOKEN=$(curl \ 77 | --fail \ 78 | --header "Content-Type: application/json" \ 79 | --data "{\"refresh_token\": \"${PIVNET_UAA_TOKEN}\"}" \ 80 | https://network.pivotal.io/api/v2/authentication/access_tokens |\ 81 | jq -r '.access_token') 82 | 83 | echo "retrieving EULA Acceptance Link for ${PRODUCT_SLUG}" 84 | 85 | RELEASE_JSON=$(curl \ 86 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 87 | --fail \ 88 | "https://network.pivotal.io/api/v2/products/${PRODUCT_SLUG}/releases/${RELEASE_ID}") 89 | # eula acceptance link 90 | EULA_ACCEPTANCE_URL=$(echo ${RELEASE_JSON} |\ 91 | jq -r '._links.eula_acceptance.href') 92 | 93 | echo "accepting EULA Acceptance for ${PRODUCT_SLUG}" 94 | 95 | curl \ 96 | --fail \ 97 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 98 | --request POST \ 99 | ${EULA_ACCEPTANCE_URL} 100 | 101 | DOWNLOAD_DIR_FULL=${DOWNLOAD_DIR}/${PRODUCT_SLUG}/${PCF_VERSION} 102 | mkdir -p ${DOWNLOAD_DIR_FULL} 103 | 104 | ### start downloader 105 | if [ -z ${NO_DOWNLOAD} ] ; then 106 | echo $(date) start downloading ${PRODUCT_SLUG} 107 | 108 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 109 | download-product \ 110 | --pivnet-api-token ${PIVNET_UAA_TOKEN} \ 111 | --pivnet-file-glob "*.pivotal" \ 112 | --pivnet-product-slug ${PRODUCT_SLUG} \ 113 | --product-version ${PCF_VERSION} \ 114 | --output-directory ${DOWNLOAD_DIR_FULL} 115 | 116 | echo $(date) end downloading ${PRODUCT_SLUG} 117 | ### download specials 118 | case ${TILE} in 119 | kubernetes-service-manager) 120 | echo $(date) start downloading Bazaar CLI 121 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 122 | download-product \ 123 | --pivnet-api-token ${PIVNET_UAA_TOKEN} \ 124 | --pivnet-file-glob "bazaar*.linux" \ 125 | --pivnet-product-slug ${PRODUCT_SLUG} \ 126 | --product-version ${PCF_VERSION} \ 127 | --output-directory ${HOME_DIR} 128 | 129 | echo $(date) end downloading Bazaar CLI 130 | chmod +x ./bazaar-${PCF_VERSION}.linux 131 | chown ${ADMIN_USERNAME}.${ADMIN_USERNAME} ./bazaar-${PCF_VERSION}.linux 132 | sudo cp ./bazaar-${PCF_VERSION}.linux /usr/local/bin/bazaar 133 | ;; 134 | pks) 135 | echo $(date) start downloading PKS CLI 136 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 137 | download-product \ 138 | --pivnet-api-token ${PIVNET_UAA_TOKEN} \ 139 | --pivnet-file-glob "pks-linux-amd64*" \ 140 | --pivnet-product-slug ${PRODUCT_SLUG} \ 141 | --product-version ${PCF_VERSION} \ 142 | --output-directory ${HOME_DIR} 143 | 144 | echo $(date) end downloading PKS CLI 145 | chmod +x ./pivotal-container-service-*pks-linux-amd* 146 | chown ${ADMIN_USERNAME}.${ADMIN_USERNAME} ./pivotal-container-service-*pks-linux-amd* 147 | sudo cp ./pivotal-container-service-*pks-linux-amd* /usr/local/bin/pks 148 | 149 | echo $(date) start downloading kubectl 150 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 151 | download-product \ 152 | --pivnet-api-token ${PIVNET_UAA_TOKEN} \ 153 | --pivnet-file-glob "kubectl-linux-amd64*" \ 154 | --pivnet-product-slug ${PRODUCT_SLUG} \ 155 | --product-version ${PCF_VERSION} \ 156 | --output-directory ${HOME_DIR} 157 | 158 | chmod +x ./pivotal-container-service-*kubectl-linux-amd64* 159 | chown ${ADMIN_USERNAME}.${ADMIN_USERNAME} ./pivotal-container-service-*kubectl-linux-amd64* 160 | sudo cp ./pivotal-container-service-*kubectl-linux-amd64* /usr/local/bin/kubectl 161 | ;; 162 | pas-windows) 163 | echo $(date) start downloading win injector 164 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 165 | download-product \ 166 | --pivnet-api-token ${PIVNET_UAA_TOKEN} \ 167 | --pivnet-file-glob "winfs-injector*" \ 168 | --pivnet-product-slug ${PRODUCT_SLUG} \ 169 | --product-version ${PCF_VERSION} \ 170 | --output-directory ${HOME_DIR} 171 | 172 | unzip -o ${HOME}/*winfs-injector*.zip 173 | 174 | chmod +x ${HOME}/winfs-injector-linux 175 | 176 | echo $(date) start downloading tile replicator 177 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 178 | download-product \ 179 | --pivnet-api-token ${PIVNET_UAA_TOKEN} \ 180 | --pivnet-file-glob "replicator*" \ 181 | --pivnet-product-slug ${PRODUCT_SLUG} \ 182 | --product-version ${PCF_VERSION} \ 183 | --output-directory ${HOME_DIR} 184 | 185 | unzip -o ${HOME}/replicator*.zip 186 | 187 | chmod +x ${HOME}/replicator-linux 188 | 189 | TARGET_FILENAME=$(cat ${DOWNLOAD_DIR_FULL}/download-file.json | jq -r '.product_path') 190 | INJECTED_FILENAME=injectded 191 | ${HOME}/winfs-injector-linux --input-tile ${TARGET_FILENAME} \ 192 | --output-tile ${INJECTED_FILENAME} 193 | 194 | 195 | 196 | ;; 197 | esac 198 | else 199 | echo ignoring download by user 200 | fi 201 | ### end downloader 202 | case ${PRODUCT_SLUG} in 203 | p-compliance-scanner) 204 | PRODUCT=scanner 205 | ;; 206 | kubernetes-service-manager) 207 | PRODUCT=ksm 208 | ;; 209 | apm) 210 | PRODUCT=apmPostgres 211 | ;; 212 | *) 213 | PRODUCT=${PRODUCT_SLUG} 214 | ;; 215 | esac 216 | #### tile configuration starts here 217 | case ${TILE} in 218 | apm) 219 | if [ ! -z ${LOAD_STEMCELL} ] ; then 220 | echo "calling stemmcell_loader for LOADING Stemcells" 221 | $SCRIPT_DIR/stemcell_loader.sh -s 170 222 | fi 223 | cat << EOF > ${TEMPLATE_DIR}/${TILE}_vars.yaml 224 | product_name: ${PRODUCT} 225 | pcf_pas_network: pcf-pas-subnet 226 | singleton_zone: ${SINGLETON_ZONE} 227 | zones_map: ${ZONES_MAP} 228 | zones_list: ${ZONES_LIST} 229 | EOF 230 | ;; 231 | pas-windows) 232 | if [ ! -z ${LOAD_STEMCELL} ] ; then 233 | echo "calling stemmcell_loader for LOADING Stemcells" 234 | $SCRIPT_DIR/stemcell_loader.sh -i 151 -s 2019.2 235 | fi 236 | cat << EOF > ${TEMPLATE_DIR}/${TILE}_vars.yaml 237 | product_name: ${PRODUCT} 238 | pcf_pas_network: pcf-pas-subnet 239 | singleton_zone: ${SINGLETON_ZONE} 240 | zones_map: ${ZONES_MAP} 241 | zones_list: ${ZONES_LIST} 242 | EOF 243 | ;; 244 | p-isolation-segment) 245 | if [ ! -z ${LOAD_STEMCELL} ] ; then 246 | echo "calling stemmcell_loader for LOADING Stemcells" 247 | $SCRIPT_DIR/stemcell_loader.sh -s 250 248 | fi 249 | PCF_KEY_PEM=$(cat ${HOME_DIR}/${PCF_SUBDOMAIN_NAME}.${PCF_DOMAIN_NAME}.key | awk '{printf "%s\\r\\n", $0}') 250 | PCF_CERT_PEM=$(cat ${HOME_DIR}/fullchain.cer | awk '{printf "%s\\r\\n", $0}') 251 | cat << EOF > ${TEMPLATE_DIR}/${TILE}_vars.yaml 252 | product_name: ${PRODUCT} 253 | pcf_pas_network: pcf-pas-subnet 254 | singleton_zone: ${SINGLETON_ZONE} 255 | pcf_cert_pem: "${PCF_CERT_PEM}" 256 | pcf_key_pem: "${PCF_KEY_PEM}" 257 | zones_map: ${ZONES_MAP} 258 | zones_list: ${ZONES_LIST} 259 | EOF 260 | ;; 261 | pivotal-mysql) 262 | if [ ! -z ${LOAD_STEMCELL} ] ; then 263 | echo "calling stemmcell_loader for LOADING Stemcells" 264 | $SCRIPT_DIR/stemcell_loader.sh -s 170 265 | fi 266 | echo "creating storage account ${ENV_SHORT_NAME}mysqlbackup" 267 | 268 | az login --service-principal \ 269 | --username ${AZURE_CLIENT_ID} \ 270 | --password ${AZURE_CLIENT_SECRET} \ 271 | --tenant ${AZURE_TENANT_ID} 272 | 273 | az storage account create --name ${ENV_SHORT_NAME}mysqlbackup \ 274 | --resource-group ${ENV_NAME} \ 275 | --sku Standard_LRS \ 276 | --location $LOCATION 277 | 278 | MYSQL_STORAGE_KEY=$(az storage account keys list \ 279 | --account-name ${ENV_SHORT_NAME}mysqlbackup \ 280 | --resource-group ${ENV_NAME} \ 281 | --query "[0].{value:value}" \ 282 | --output tsv 283 | ) 284 | 285 | az storage container create --name backup \ 286 | --account-name ${ENV_SHORT_NAME}mysqlbackup \ 287 | --account-key ${MYSQL_STORAGE_KEY} 288 | 289 | cat << EOF > ${TEMPLATE_DIR}/${TILE}_vars.yaml 290 | product_name: ${PRODUCT_SLUG} 291 | pcf_pas_network: pcf-pas-subnet 292 | pcf_service_network: pcf-services-subnet 293 | azure_storage_access_key: ${MYSQL_STORAGE_KEY} 294 | azure_account: ${ENV_SHORT_NAME}mysqlbackup 295 | global_recipient_email: ${PCF_NOTIFICATIONS_EMAIL} 296 | blob_store_base_url: blob.core.windows.net 297 | singleton_zone: ${SINGLETON_ZONE} 298 | zones_map: ${ZONES_MAP} 299 | zones_list: ${ZONES_LIST} 300 | EOF 301 | ;; 302 | p-healthwatch) 303 | if [ ! -z ${LOAD_STEMCELL} ] ; then 304 | echo "calling stemmcell_loader for LOADING Stemcells" 305 | $SCRIPT_DIR/stemcell_loader.sh -s 170 306 | fi 307 | cat << EOF > ${TEMPLATE_DIR}/${TILE}_vars.yaml 308 | product_name: ${PRODUCT_SLUG} 309 | pcf_pas_network: pcf-pas-subnet 310 | pcf_service_network: pcf-services-subnet 311 | singleton_zone: ${SINGLETON_ZONE} 312 | zones_map: ${ZONES_MAP} 313 | zones_list: ${ZONES_LIST} 314 | opsman_enable_url: https://${PCF_OPSMAN_FQDN} 315 | EOF 316 | ;; 317 | p-spring-services) 318 | if [ ! -z ${LOAD_STEMCELL} ] ; then 319 | echo "calling stemmcell_loader for LOADING Stemcells" 320 | $SCRIPT_DIR/stemcell_loader.sh -s 97 321 | fi 322 | cat << EOF > ${TEMPLATE_DIR}/${TILE}_vars.yaml 323 | product_name: ${PRODUCT_SLUG} 324 | pcf_pas_network: pcf-pas-subnet 325 | singleton_zone: ${SINGLETON_ZONE} 326 | zones_map: ${ZONES_MAP} 327 | zones_list: ${ZONES_LIST} 328 | EOF 329 | ;; 330 | p-rabbitmq) 331 | if [ ! -z ${LOAD_STEMCELL} ] ; then 332 | echo "calling stemmcell_loader for LOADING Stemcells" 333 | $SCRIPT_DIR/stemcell_loader.sh -s 97 334 | fi 335 | cat << EOF > ${TEMPLATE_DIR}/${TILE}_vars.yaml 336 | product_name: ${PRODUCT_SLUG} 337 | pcf_pas_network: pcf-pas-subnet 338 | pcf_service_network: pcf-services-subnet 339 | server_admin_password: ${PIVNET_UAA_TOKEN} 340 | singleton_zone: ${SINGLETON_ZONE} 341 | zones_map: ${ZONES_MAP} 342 | zones_list: ${ZONES_LIST} 343 | EOF 344 | ;; 345 | pivotal_single_sign-on_service) 346 | if [ ! -z ${LOAD_STEMCELL} ] ; then 347 | echo "calling stemmcell_loader for LOADING Stemcells" 348 | $SCRIPT_DIR/stemcell_loader.sh -s 97 349 | fi 350 | PRODUCT=Pivotal_Single_Sign-On_Service 351 | cat << EOF > ${TEMPLATE_DIR}/${TILE}_vars.yaml 352 | product_name: ${PRODUCT} 353 | pcf_pas_network: pcf-pas-subnet 354 | pcf_service_network: pcf-services-subnet 355 | server_admin_password: ${PIVNET_UAA_TOKEN} 356 | singleton_zone: ${SINGLETON_ZONE} 357 | zones_map: ${ZONES_MAP} 358 | zones_list: ${ZONES_LIST} 359 | EOF 360 | ;; 361 | kubernetes-service-manager) 362 | cat << EOF > ${TEMPLATE_DIR}/${TILE}_vars.yaml 363 | product_name: ${PRODUCT} 364 | pcf_pas_network: pcf-pas-subnet 365 | pcf_service_network: pcf-services-subnet 366 | singleton_zone: ${SINGLETON_ZONE} 367 | zones_map: ${ZONES_MAP} 368 | zones_list: ${ZONES_LIST} 369 | EOF 370 | ;; 371 | esac 372 | 373 | if [ ! -z ${INJECTED_FILENAME} ] ; then 374 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 375 | --request-timeout 3600 \ 376 | upload-product \ 377 | --product ${INJECTED_FILENAME} 378 | else 379 | TARGET_FILENAME=$(cat ${DOWNLOAD_DIR_FULL}/download-file.json | jq -r '.product_path') 380 | # Import the tile to Ops Manager. 381 | echo $(date) start uploading ${PRODUCT_SLUG} 382 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 383 | --request-timeout 3600 \ 384 | upload-product \ 385 | --product ${TARGET_FILENAME} 386 | fi 387 | echo $(date) end uploading ${PRODUCT_SLUG} 388 | 389 | # 1. Find the version of the product that was imported. 390 | PRODUCTS=$(om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 391 | available-products \ 392 | --format json) 393 | 394 | 395 | 396 | VERSION=$(echo ${PRODUCTS} |\ 397 | jq --arg product_name ${PRODUCT} -r 'map(select(.name==$product_name)) | first | .version') 398 | if [[ -z "$VERSION" ]] || [[ "$VERSION" == "null" ]];then 399 | echo "EMPTY Product Version" 400 | exit 1 401 | fi 402 | 403 | PRODUCT_NAME=$(echo ${PRODUCTS} |\ 404 | jq --arg product_name ${PRODUCT} -r 'map(select(.name==$product_name)) | first | .name') 405 | 406 | if [[ -z "$PRODUCT_NAME" ]] || [[ "$PRODUCT_NAME" == "null" ]];then 407 | echo "EMPTY Product Name" 408 | exit 1 409 | fi 410 | 411 | # 2. Stage using om cli 412 | echo $(date) start staging ${PRODUCT_SLUG} 413 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 414 | stage-product \ 415 | --product-name ${PRODUCT_NAME} \ 416 | --product-version ${VERSION} 417 | echo $(date) end staging ${PRODUCT_SLUG} 418 | 419 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 420 | assign-stemcell \ 421 | --product ${PRODUCT_NAME} \ 422 | --stemcell latest 423 | 424 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 425 | configure-product \ 426 | -c ${TEMPLATE_DIR}/${TILE}.yaml -l ${TEMPLATE_DIR}/${TILE}_vars.yaml 427 | 428 | case ${TILE} in 429 | pks) 430 | if [ ! -z ${WAVEFRONT} ]; then 431 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 432 | configure-product \ 433 | -c ${TEMPLATE_DIR}/wavefront.yaml -l ${TEMPLATE_DIR}/${TILE}_vars.yaml 434 | fi 435 | esac 436 | 437 | 438 | echo $(date) start apply ${PRODUCT_SLUG} 439 | 440 | if [ ! -z ${NO_APPLY} ] ; then 441 | echo "No Product Apply" 442 | elif [ ! -z ${APPLY_ALL} ] ; then 443 | echo "APPLY_ALL" 444 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 445 | apply-changes \ 446 | --skip-unchanged-products 447 | else 448 | echo "APPLY Product ${PRODUCT_NAME}" 449 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 450 | apply-changes \ 451 | --product-name ${PRODUCT_NAME} 452 | fi 453 | 454 | echo "checking deployed products" 455 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 456 | deployed-products 457 | echo $(date) end apply ${PRODUCT_SLUG} -------------------------------------------------------------------------------- /scripts/old/deploy_mysql.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | source ~/.env.sh 3 | cd ${HOME_DIR} 4 | MYSELF=$(basename $0) 5 | mkdir -p ${LOG_DIR} 6 | exec &> >(tee -a "${LOG_DIR}/${MYSELF}.$(date '+%Y-%m-%d-%H').log") 7 | exec 2>&1 8 | POSITIONAL=() 9 | while [[ $# -gt 0 ]] 10 | do 11 | key="$1" 12 | case $key in 13 | -n|--NO_DOWNLOAD) 14 | NO_DOWNLOAD=TRUE 15 | echo "No download is ${NO_DOWNLOAD}" 16 | # shift # past value if arg value 17 | ;; 18 | -d|--DO_NOT_APPLY_CHANGES) 19 | NO_APPLY=TRUE 20 | echo "No APPLY is ${NO_APPLY}" 21 | # shift # past value ia arg value 22 | ;; 23 | -a|--APPLY_ALL) 24 | APPLY_ALL=TRUE 25 | echo "APPLY ALL is ${NO_APPLY}" 26 | # shift # past value ia arg value 27 | ;; 28 | *) # unknown option 29 | POSITIONAL+=("$1") # save it in an array for later 30 | shift # past argument 31 | ;; 32 | esac 33 | shift 34 | done 35 | set -- "${POSITIONAL[@]}" # restore positional parameters 36 | 37 | 38 | export OM_TARGET=${PCF_OPSMAN_FQDN} 39 | export OM_USERNAME=${PCF_OPSMAN_USERNAME} 40 | export OM_PASSWORD="${PIVNET_UAA_TOKEN}" 41 | START_MYSQL_DEPLOY_TIME=$(date) 42 | 43 | 44 | source ${ENV_DIR}/mysql.env 45 | 46 | PIVNET_ACCESS_TOKEN=$(curl \ 47 | --fail \ 48 | --header "Content-Type: application/json" \ 49 | --data "{\"refresh_token\": \"${PIVNET_UAA_TOKEN}\"}" \ 50 | https://network.pivotal.io/api/v2/authentication/access_tokens |\ 51 | jq -r '.access_token') 52 | 53 | RELEASE_JSON=$(curl \ 54 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 55 | --fail \ 56 | "https://network.pivotal.io/api/v2/products/${PRODUCT_SLUG}/releases/${RELEASE_ID}") 57 | # eula acceptance link 58 | EULA_ACCEPTANCE_URL=$(echo ${RELEASE_JSON} |\ 59 | jq -r '._links.eula_acceptance.href') 60 | 61 | DOWNLOAD_DIR_FULL=${DOWNLOAD_DIR}/${PRODUCT_SLUG}/${PCF_MYSQL_VERSION} 62 | mkdir -p ${DOWNLOAD_DIR_FULL} 63 | 64 | curl \ 65 | --fail \ 66 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 67 | --request POST \ 68 | ${EULA_ACCEPTANCE_URL} 69 | 70 | 71 | # download product using om cli 72 | if [ -z ${NO_DOWNLOAD} ] ; then 73 | echo $(date) start downloading ${PRODUCT_SLUG} 74 | 75 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 76 | download-product \ 77 | --pivnet-api-token ${PIVNET_UAA_TOKEN} \ 78 | --pivnet-file-glob "*.pivotal" \ 79 | --pivnet-product-slug ${PRODUCT_SLUG} \ 80 | --product-version ${PCF_MYSQL_VERSION} \ 81 | --output-directory ${DOWNLOAD_DIR_FULL} 82 | echo $(date) end downloading ${PRODUCT_SLUG} 83 | else 84 | echo ignoring download by user 85 | fi 86 | 87 | TARGET_FILENAME=$(cat ${DOWNLOAD_DIR_FULL}/download-file.json | jq -r '.product_path') 88 | # Import the tile to Ops Manager. 89 | echo $(date) start uploading ${PRODUCT_SLUG} 90 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 91 | --request-timeout 3600 \ 92 | upload-product \ 93 | --product ${TARGET_FILENAME} 94 | 95 | echo $(date) end uploading ${PRODUCT_SLUG} 96 | 97 | # 1. Find the version of the product that was imported. 98 | PRODUCTS=$(om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 99 | available-products \ 100 | --format json) 101 | 102 | VERSION=$(echo ${PRODUCTS} |\ 103 | jq --arg product_name ${PRODUCT_SLUG} -r 'map(select(.name==$product_name)) | first | .version') 104 | 105 | 106 | # 2. Stage using om cli 107 | echo $(date) start staging ${PRODUCT_SLUG} 108 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 109 | stage-product \ 110 | --product-name ${PRODUCT_SLUG} \ 111 | --product-version ${VERSION} 112 | echo $(date) end staging ${PRODUCT_SLUG} 113 | 114 | 115 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 116 | assign-stemcell \ 117 | --product ${PRODUCT_SLUG} \ 118 | --stemcell latest 119 | 120 | echo "creating storage account ${ENV_SHORT_NAME}mysqlbackup" 121 | 122 | az login --service-principal \ 123 | --username ${AZURE_CLIENT_ID} \ 124 | --password ${AZURE_CLIENT_SECRET} \ 125 | --tenant ${AZURE_TENANT_ID} 126 | 127 | az storage account create --name ${ENV_SHORT_NAME}mysqlbackup \ 128 | --resource-group ${ENV_NAME} \ 129 | --sku Standard_LRS \ 130 | --location $LOCATION 131 | 132 | MYSQL_STORAGE_KEY=$(az storage account keys list \ 133 | --account-name ${ENV_SHORT_NAME}mysqlbackup \ 134 | --resource-group ${ENV_NAME} \ 135 | --query "[0].{value:value}" \ 136 | --output tsv 137 | ) 138 | 139 | az storage container create --name backup \ 140 | --account-name ${ENV_SHORT_NAME}mysqlbackup \ 141 | --account-key ${MYSQL_STORAGE_KEY} 142 | 143 | cat << EOF > ${TEMPLATE_DIR}/mysql_vars.yaml 144 | product_name: ${PRODUCT_SLUG} 145 | pcf_pas_network: pcf-pas-subnet 146 | pcf_service_network: pcf-services-subnet 147 | azure_storage_access_key: ${MYSQL_STORAGE_KEY} 148 | azure_account: ${ENV_SHORT_NAME}mysqlbackup 149 | global_recipient_email: ${PCF_NOTIFICATIONS_EMAIL} 150 | blob_store_base_url: blob.core.windows.net 151 | EOF 152 | 153 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 154 | configure-product \ 155 | -c ${TEMPLATE_DIR}/mysql.yaml -l ${TEMPLATE_DIR}/mysql_vars.yaml 156 | 157 | 158 | echo $(date) start apply ${PRODUCT_SLUG} 159 | 160 | if [ ! -z ${NO_APPLY} ] ; then 161 | echo "No Product Apply" 162 | elif [ ! -z ${APPLY_ALL} ] ; then 163 | echo "APPLY_ALL" 164 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 165 | apply-changes 166 | else 167 | echo "APPLY Product" 168 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 169 | apply-changes \ 170 | --product-name ${PRODUCT_SLUG} 171 | fi 172 | echo $(date) end apply ${PRODUCT_SLUG} -------------------------------------------------------------------------------- /scripts/old/deploy_osba.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | source ~/.env.sh 3 | cd ${HOME_DIR} 4 | MYSELF=$(basename $0) 5 | mkdir -p ${LOG_DIR} 6 | exec &> >(tee -a "${LOG_DIR}/${MYSELF}.$(date '+%Y-%m-%d-%H').log") 7 | exec 2>&1 8 | POSITIONAL=() 9 | while [[ $# -gt 0 ]] 10 | do 11 | key="$1" 12 | case $key in 13 | -n|--NO_DOWNLOAD) 14 | NO_DOWNLOAD=TRUE 15 | echo "No download is ${NO_DOWNLOAD}" 16 | # shift # past value if arg value 17 | ;; 18 | -d|--DO_NOT_APPLY_CHANGES) 19 | NO_APPLY=TRUE 20 | echo "No APPLY is ${NO_APPLY}" 21 | # shift # past value ia arg value 22 | ;; 23 | -a|--APPLY_ALL) 24 | APPLY_ALL=TRUE 25 | echo "APPLY ALL is ${NO_APPLY}" 26 | # shift # past value ia arg value 27 | ;; 28 | -r|--DO_NOT_CREATE_REDIS_INSTANCE) 29 | NO_REDIS=TRUE 30 | echo "No APPLY is ${NO_APPLY}" 31 | # shift # past value ia arg value 32 | ;; 33 | *) # unknown option 34 | POSITIONAL+=("$1") # save it in an array for later 35 | shift # past argument 36 | ;; 37 | esac 38 | shift 39 | done 40 | set -- "${POSITIONAL[@]}" # restore positional parameters 41 | 42 | 43 | export OM_TARGET=${PCF_OPSMAN_FQDN} 44 | export OM_USERNAME=${PCF_OPSMAN_USERNAME} 45 | export OM_PASSWORD="${PIVNET_UAA_TOKEN}" 46 | START_OSBA_DEPLOY_TIME=$(date) 47 | 48 | source ${ENV_DIR}/osba.env 49 | 50 | PIVNET_ACCESS_TOKEN=$(curl \ 51 | --fail \ 52 | --header "Content-Type: application/json" \ 53 | --data "{\"refresh_token\": \"${PIVNET_UAA_TOKEN}\"}" \ 54 | https://network.pivotal.io/api/v2/authentication/access_tokens |\ 55 | jq -r '.access_token') 56 | 57 | RELEASE_JSON=$(curl \ 58 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 59 | --fail \ 60 | "https://network.pivotal.io/api/v2/products/${PRODUCT_SLUG}/releases/${RELEASE_ID}") 61 | # eula acceptance link 62 | EULA_ACCEPTANCE_URL=$(echo ${RELEASE_JSON} |\ 63 | jq -r '._links.eula_acceptance.href') 64 | 65 | DOWNLOAD_DIR_FULL=${DOWNLOAD_DIR}/${PRODUCT_SLUG}/${PCF_OSBA_VERSION} 66 | mkdir -p ${DOWNLOAD_DIR_FULL} 67 | 68 | curl \ 69 | --fail \ 70 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 71 | --request POST \ 72 | ${EULA_ACCEPTANCE_URL} 73 | 74 | 75 | # download product using om cli 76 | if [ -z ${NO_DOWNLOAD} ] ; then 77 | echo "$(date) start downloading ${PRODUCT_SLUG}" 78 | 79 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 80 | download-product \ 81 | --pivnet-api-token ${PIVNET_UAA_TOKEN} \ 82 | --pivnet-file-glob "*.pivotal" \ 83 | --pivnet-product-slug ${PRODUCT_SLUG} \ 84 | --product-version ${PCF_OSBA_VERSION} \ 85 | --output-directory ${DOWNLOAD_DIR_FULL} 86 | echo "$(date) end downloading ${PRODUCT_SLUG}" 87 | else 88 | echo "ignoring download by user " 89 | fi 90 | 91 | TARGET_FILENAME=$(cat ${DOWNLOAD_DIR_FULL}/download-file.json | jq -r '.product_path') 92 | # Import the tile to Ops Manager. 93 | echo "$(date) start uploading ${PRODUCT_SLUG}" 94 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 95 | --request-timeout 3600 \ 96 | upload-product \ 97 | --product ${TARGET_FILENAME} 98 | 99 | echo "$(date) end uploading ${PRODUCT_SLUG}" 100 | 101 | # 1. Find the version of the product that was imported. 102 | PRODUCTS=$(om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 103 | available-products \ 104 | --format json) 105 | 106 | VERSION=$(echo ${PRODUCTS} |\ 107 | jq --arg product_name ${PRODUCT_SLUG} -r 'map(select(.name==$product_name)) | first | .version') 108 | 109 | 110 | # 2. Stage using om cli 111 | echo "$(date) start staging ${PRODUCT_SLUG}" 112 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 113 | stage-product \ 114 | --product-name ${PRODUCT_SLUG} \ 115 | --product-version ${VERSION} 116 | echo "$(date) end staging ${PRODUCT_SLUG}" 117 | 118 | 119 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 120 | assign-stemcell \ 121 | --product ${PRODUCT_SLUG} \ 122 | --stemcell latest 123 | 124 | echo "$(date) start creating ${ENV_SHORT_NAME}redis" 125 | 126 | az login --service-principal \ 127 | --username ${AZURE_CLIENT_ID} \ 128 | --password ${AZURE_CLIENT_SECRET} \ 129 | --tenant ${AZURE_TENANT_ID} 130 | 131 | if [ -z ${NO_REDIS} ] ; then 132 | MY_REDIS=$(az redis create \ 133 | --name ${ENV_SHORT_NAME}redis \ 134 | --resource-group ${ENV_NAME} \ 135 | --location ${LOCATION} \ 136 | --sku Basic \ 137 | --vm-size C0) 138 | 139 | while [[ $(az redis show \ 140 | --name ${ENV_SHORT_NAME}redis \ 141 | --resource-group ${ENV_NAME} \ 142 | --out tsv \ 143 | --query provisioningState) != 'Succeeded' ]]; do 144 | echo "Redis still not finished provisioning. Trying again in 20 seconds." 145 | sleep 20 146 | if [[ $(az redis show \ 147 | --name ${ENV_SHORT_NAME}redis \ 148 | --resource-group ${ENV_NAME} \ 149 | --out tsv \ 150 | --query provisioningState) == 'failed' ]]; then 151 | echo "Redis Provisioning failed." 152 | exit 1 153 | fi 154 | done 155 | echo "redis provisioned." 156 | echo "$(date) end creating ${ENV_SHORT_NAME}redis" 157 | else 158 | MY_REDIS=$(az redis show \ 159 | --name ${ENV_SHORT_NAME}redis \ 160 | --resource-group ${ENV_NAME}) 161 | fi 162 | 163 | REDIS_KEY=$(az redis list-keys \ 164 | --name ${ENV_SHORT_NAME}redis \ 165 | --resource-group ${ENV_NAME} \ 166 | --query primaryKey --out tsv) 167 | 168 | cat << EOF > ${TEMPLATE_DIR}/osba_vars.yaml 169 | product_name: ${PRODUCT_SLUG} 170 | pcf_pas_network: pcf-pas-subnet 171 | pcf_service_network: pcf-services-subnet 172 | azure_subscription_id: ${AZURE_SUBSCRIPTION_ID} 173 | azure_tenant_id: ${AZURE_TENANT_ID} 174 | azure_client_id: ${AZURE_CLIENT_SECRET} 175 | azure_client_secret: ${AZURE_CLIENT_ID} 176 | storage_redis_host: $(echo $MY_REDIS | jq -r ".hostName") 177 | storage_redis_password: ${REDIS_KEY} 178 | crypto_aes256_key: $(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) 179 | async_redis_host: $(echo $MY_REDIS | jq -r ".hostName") 180 | async_redis_password: ${REDIS_KEY} 181 | 182 | EOF 183 | 184 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 185 | configure-product \ 186 | -c ${TEMPLATE_DIR}/osba.yaml -l ${TEMPLATE_DIR}/osba_vars.yaml 187 | 188 | 189 | 190 | echo "$(date) start apply ${PRODUCT_SLUG}" 191 | 192 | if [ ! -z ${NO_APPLY} ] ; then 193 | echo "No Product Apply" 194 | elif [ ! -z ${APPLY_ALL} ] ; then 195 | echo "APPLY_ALL" 196 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 197 | apply-changes 198 | else 199 | echo "APPLY Product" 200 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 201 | apply-changes \ 202 | --product-name ${PRODUCT_SLUG} 203 | fi 204 | echo "$(date) end apply ${PRODUCT_SLUG}" -------------------------------------------------------------------------------- /scripts/old/deploy_rabbit.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | source ~/.env.sh 3 | cd ${HOME_DIR} 4 | MYSELF=$(basename $0) 5 | mkdir -p ${LOG_DIR} 6 | exec &> >(tee -a "${LOG_DIR}/${MYSELF}.$(date '+%Y-%m-%d-%H').log") 7 | exec 2>&1 8 | POSITIONAL=() 9 | while [[ $# -gt 0 ]] 10 | do 11 | key="$1" 12 | 13 | case $key in 14 | -n|--NO_DOWNLOAD) 15 | NO_DOWNLOAD=TRUE 16 | echo "No download is ${NO_DOWNLOAD}" 17 | # shift # past value if arg value 18 | ;; 19 | -d|--DO_NOT_APPLY_CHANGES) 20 | NO_APPLY=TRUE 21 | echo "No APPLY is ${NO_APPLY}" 22 | # shift # past value ia arg value 23 | ;; 24 | -a|--APPLY_ALL) 25 | APPLY_ALL=TRUE 26 | echo "APPLY ALL is ${NO_APPLY}" 27 | # shift # past value ia arg value 28 | ;; 29 | *) # unknown option 30 | POSITIONAL+=("$1") # save it in an array for later 31 | shift # past argument 32 | ;; 33 | esac 34 | shift 35 | done 36 | set -- "${POSITIONAL[@]}" # restore positional parameters 37 | 38 | export OM_TARGET=${PCF_OPSMAN_FQDN} 39 | export OM_USERNAME=${PCF_OPSMAN_USERNAME} 40 | export OM_PASSWORD="${PIVNET_UAA_TOKEN}" 41 | START_RABBIT_DEPLOY_TIME=$(date) 42 | 43 | 44 | source ${ENV_DIR}/p-rabbitmq.env 45 | 46 | PIVNET_ACCESS_TOKEN=$(curl \ 47 | --fail \ 48 | --header "Content-Type: application/json" \ 49 | --data "{\"refresh_token\": \"${PIVNET_UAA_TOKEN}\"}" \ 50 | https://network.pivotal.io/api/v2/authentication/access_tokens |\ 51 | jq -r '.access_token') 52 | 53 | RELEASE_JSON=$(curl \ 54 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 55 | --fail \ 56 | "https://network.pivotal.io/api/v2/products/${PRODUCT_SLUG}/releases/${RELEASE_ID}") 57 | # eula acceptance link 58 | EULA_ACCEPTANCE_URL=$(echo ${RELEASE_JSON} |\ 59 | jq -r '._links.eula_acceptance.href') 60 | 61 | DOWNLOAD_DIR_FULL=${DOWNLOAD_DIR}/${PRODUCT_SLUG}/${PCF_RABBIT_VERSION} 62 | mkdir -p ${DOWNLOAD_DIR_FULL} 63 | 64 | curl \ 65 | --fail \ 66 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 67 | --request POST \ 68 | ${EULA_ACCEPTANCE_URL} 69 | 70 | # download product using om cli 71 | if [ -z ${NO_DOWNLOAD} ] ; then 72 | echo $(date) start downloading ${PRODUCT_SLUG} 73 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 74 | download-product \ 75 | --pivnet-api-token ${PIVNET_UAA_TOKEN} \ 76 | --pivnet-file-glob "*.pivotal" \ 77 | --pivnet-product-slug ${PRODUCT_SLUG} \ 78 | --product-version ${PCF_RABBIT_VERSION} \ 79 | --output-directory ${DOWNLOAD_DIR_FULL} 80 | 81 | echo $(date) end downloading ${PRODUCT_SLUG} 82 | else 83 | echo ignoring download by user 84 | fi 85 | 86 | TARGET_FILENAME=$(cat ${DOWNLOAD_DIR_FULL}/download-file.json | jq -r '.product_path') 87 | # Import the tile to Ops Manager. 88 | echo $(date) start uploading ${PRODUCT_SLUG} 89 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 90 | --request-timeout 3600 \ 91 | upload-product \ 92 | --product ${TARGET_FILENAME} 93 | 94 | echo $(date) end uploading ${PRODUCT_SLUG} 95 | 96 | # 1. Find the version of the product that was imported. 97 | PRODUCTS=$(om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 98 | available-products \ 99 | --format json) 100 | 101 | VERSION=$(echo ${PRODUCTS} |\ 102 | jq --arg product_name ${PRODUCT_SLUG} -r 'map(select(.name==$product_name)) | first | .version') 103 | 104 | 105 | # 2. Stage using om cli 106 | echo $(date) start staging ${PRODUCT_SLUG} 107 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 108 | stage-product \ 109 | --product-name ${PRODUCT_SLUG} \ 110 | --product-version ${VERSION} 111 | echo $(date) end staging ${PRODUCT_SLUG} 112 | 113 | 114 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 115 | assign-stemcell \ 116 | --product ${PRODUCT_SLUG} \ 117 | --stemcell latest 118 | 119 | 120 | cat << EOF > ${TEMPLATE_DIR}/rabbit_vars.yaml 121 | product_name: ${PRODUCT_SLUG} 122 | pcf_pas_network: pcf-pas-subnet 123 | pcf_service_network: pcf-services-subnet 124 | server_admin_password: ${PIVNET_UAA_TOKEN} 125 | EOF 126 | 127 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 128 | configure-product \ 129 | -c ${TEMPLATE_DIR}/p-rabbitmq.yaml -l ${TEMPLATE_DIR}/rabbit_vars.yaml 130 | 131 | 132 | echo $(date) start apply ${PRODUCT_SLUG} 133 | 134 | if [ ! -z ${NO_APPLY} ] ; then 135 | echo "No Product Apply" 136 | elif [ ! -z ${APPLY_ALL} ] ; then 137 | echo "APPLY_ALL" 138 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 139 | apply-changes 140 | else 141 | echo "APPLY Product" 142 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 143 | apply-changes \ 144 | --product-name ${PRODUCT_SLUG} 145 | fi 146 | echo $(date) end apply ${PRODUCT_SLUG} 147 | -------------------------------------------------------------------------------- /scripts/old/deploy_spring.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | source ~/.env.sh 3 | cd ${HOME_DIR} 4 | MYSELF=$(basename $0) 5 | mkdir -p ${LOG_DIR} 6 | exec &> >(tee -a "${LOG_DIR}/${MYSELF}.$(date '+%Y-%m-%d-%H').log") 7 | exec 2>&1 8 | POSITIONAL=() 9 | while [[ $# -gt 0 ]] 10 | do 11 | key="$1" 12 | 13 | case $key in 14 | -n|--NO_DOWNLOAD) 15 | NO_DOWNLOAD=TRUE 16 | echo "No download is ${NO_DOWNLOAD}" 17 | # shift # past value if arg value 18 | ;; 19 | -d|--DO_NOT_APPLY_CHANGES) 20 | NO_APPLY=TRUE 21 | echo "No APPLY is ${NO_APPLY}" 22 | # shift # past value ia arg value 23 | ;; 24 | -a|--APPLY_ALL) 25 | APPLY_ALL=TRUE 26 | echo "APPLY ALL is ${NO_APPLY}" 27 | # shift # past value ia arg value 28 | ;; 29 | *) # unknown option 30 | POSITIONAL+=("$1") # save it in an array for later 31 | shift # past argument 32 | ;; 33 | esac 34 | shift 35 | done 36 | set -- "${POSITIONAL[@]}" # restore positional parameters 37 | 38 | export OM_TARGET=${PCF_OPSMAN_FQDN} 39 | export OM_USERNAME=${PCF_OPSMAN_USERNAME} 40 | export OM_PASSWORD="${PIVNET_UAA_TOKEN}" 41 | START_SPRING_DEPLOY_TIME=$(date) 42 | 43 | 44 | source ${ENV_DIR}/p-spring-services.env 45 | 46 | PIVNET_ACCESS_TOKEN=$(curl \ 47 | --fail \ 48 | --header "Content-Type: application/json" \ 49 | --data "{\"refresh_token\": \"${PIVNET_UAA_TOKEN}\"}" \ 50 | https://network.pivotal.io/api/v2/authentication/access_tokens |\ 51 | jq -r '.access_token') 52 | 53 | RELEASE_JSON=$(curl \ 54 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 55 | --fail \ 56 | "https://network.pivotal.io/api/v2/products/${PRODUCT_SLUG}/releases/${RELEASE_ID}") 57 | # eula acceptance link 58 | EULA_ACCEPTANCE_URL=$(echo ${RELEASE_JSON} |\ 59 | jq -r '._links.eula_acceptance.href') 60 | 61 | DOWNLOAD_DIR_FULL=${DOWNLOAD_DIR}/${PRODUCT_SLUG}/${PCF_SPRING_VERSION} 62 | mkdir -p ${DOWNLOAD_DIR_FULL} 63 | 64 | curl \ 65 | --fail \ 66 | --header "Authorization: Bearer ${PIVNET_ACCESS_TOKEN}" \ 67 | --request POST \ 68 | ${EULA_ACCEPTANCE_URL} 69 | 70 | 71 | # download product using om cli 72 | if [ -z ${NO_DOWNLOAD} ] ; then 73 | echo $(date) start downloading ${PRODUCT_SLUG} 74 | 75 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 76 | download-product \ 77 | --pivnet-api-token ${PIVNET_UAA_TOKEN} \ 78 | --pivnet-file-glob "*.pivotal" \ 79 | --pivnet-product-slug ${PRODUCT_SLUG} \ 80 | --product-version ${PCF_SPRING_VERSION} \ 81 | --output-directory ${DOWNLOAD_DIR_FULL} 82 | 83 | echo $(date) end downloading ${PRODUCT_SLUG} 84 | else 85 | echo ignoring download by user 86 | fi 87 | 88 | TARGET_FILENAME=$(cat ${DOWNLOAD_DIR_FULL}/download-file.json | jq -r '.product_path') 89 | # Import the tile to Ops Manager. 90 | echo $(date) start uploading ${PRODUCT_SLUG} 91 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 92 | --request-timeout 3600 \ 93 | upload-product \ 94 | --product ${TARGET_FILENAME} 95 | 96 | echo $(date) end uploading ${PRODUCT_SLUG} 97 | 98 | # 1. Find the version of the product that was imported. 99 | PRODUCTS=$(om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 100 | available-products \ 101 | --format json) 102 | 103 | VERSION=$(echo ${PRODUCTS} |\ 104 | jq --arg product_name ${PRODUCT_SLUG} -r 'map(select(.name==$product_name)) | first | .version') 105 | 106 | 107 | # 2. Stage using om cli 108 | echo $(date) start staging ${PRODUCT_SLUG} 109 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 110 | stage-product \ 111 | --product-name ${PRODUCT_SLUG} \ 112 | --product-version ${VERSION} 113 | echo $(date) end staging ${PRODUCT_SLUG} 114 | 115 | 116 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 117 | assign-stemcell \ 118 | --product ${PRODUCT_SLUG} \ 119 | --stemcell latest 120 | 121 | cat << EOF > ${TEMPLATE_DIR}/spring_vars.yaml 122 | product_name: ${PRODUCT_SLUG} 123 | pcf_pas_network: pcf-pas-subnet 124 | EOF 125 | 126 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 127 | configure-product \ 128 | -c ${TEMPLATE_DIR}/p-spring-services.yaml -l ${TEMPLATE_DIR}/spring_vars.yaml 129 | 130 | 131 | echo $(date) start apply ${PRODUCT_SLUG} 132 | 133 | if [ ! -z ${NO_APPLY} ] ; then 134 | echo "No Product Apply" 135 | elif [ ! -z ${APPLY_ALL} ] ; then 136 | echo "APPLY_ALL" 137 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 138 | apply-changes 139 | else 140 | echo "APPLY Product" 141 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 142 | apply-changes \ 143 | --product-name ${PRODUCT_SLUG} 144 | fi 145 | 146 | echo $(date) end apply ${PRODUCT_SLUG} 147 | -------------------------------------------------------------------------------- /scripts/om_init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | cd $1 3 | source ${1}/.env.sh 4 | MYSELF=$(basename $0) 5 | mkdir -p ${LOG_DIR} 6 | exec &> >(tee -a "${LOG_DIR}/${MYSELF}.$(date '+%Y-%m-%d-%H').log") 7 | exec 2>&1 8 | function retryop() 9 | { 10 | retry=0 11 | max_retries=$2 12 | interval=$3 13 | while [ ${retry} -lt ${max_retries} ]; do 14 | echo "Operation: $1, Retry #${retry}" 15 | eval $1 16 | if [ $? -eq 0 ]; then 17 | echo "Successful" 18 | break 19 | else 20 | let retry=retry+1 21 | echo "Sleep $interval seconds, then retry..." 22 | sleep $interval 23 | fi 24 | done 25 | if [ ${retry} -eq ${max_retries} ]; then 26 | echo "Operation failed: $1" 27 | exit 1 28 | fi 29 | } 30 | START_OPSMAN_DEPLOY_TIME=$(date) 31 | echo ${START_OPSMAN_DEPLOY_TIME} start opsman deployment 32 | pushd ${HOME_DIR} 33 | 34 | cd ./pivotal-cf-terraforming-azure-*/ 35 | cd terraforming-pas 36 | 37 | 38 | PATCH_SERVER="https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/patches/" 39 | wget -q ${PATCH_SERVER}modules/pas/dns.tf -O ../modules/pas/dns.tf 40 | wget -q ${PATCH_SERVER}modules/pas/istiolb.tf -O ../modules/pas/istiolb.tf 41 | wget -q ${PATCH_SERVER}modules/pas/outputs.tf -O ../modules/pas/outputs.tf 42 | 43 | 44 | AZURE_NAMESERVERS=$(terraform output env_dns_zone_name_servers) 45 | SSH_PRIVATE_KEY="$(terraform output -json ops_manager_ssh_private_key | jq .value)" 46 | SSH_PUBLIC_KEY="$(terraform output ops_manager_ssh_public_key)" 47 | BOSH_DEPLOYED_VMS_SECURITY_GROUP_NAME="$(terraform output bosh_deployed_vms_security_group_name)" 48 | PCF_OPSMAN_FQDN="$(terraform output ops_manager_dns)" 49 | BOSH_STORAGE_ACCOUNT_NAME=$(terraform output bosh_root_storage_account) 50 | 51 | echo "checking opsman api ready using the new fqdn ${PCF_OPSMAN_FQDN}, 52 | if the . keeps showing, check if ns record for ${PCF_SUBDOMAIN_NAME}.${PCF_DOMAIN_NAME} has 53 | ${AZURE_NAMESERVERS} 54 | as server entries" 55 | until $(curl --output /dev/null --silent --head --fail -k -X GET "https://${PCF_OPSMAN_FQDN}/api/v0/info"); do 56 | printf '.' 57 | sleep 5 58 | done 59 | echo "done" 60 | 61 | 62 | OM_ENV_FILE="${HOME_DIR}/om_${ENV_NAME}.env" 63 | cat << EOF > ${OM_ENV_FILE} 64 | --- 65 | target: ${PCF_OPSMAN_FQDN} 66 | connect-timeout: 30 # default 5 67 | request-timeout: 3600 # default 1800 68 | skip-ssl-validation: true # default false 69 | username: ${PCF_OPSMAN_USERNAME} 70 | password: ${PIVNET_UAA_TOKEN} 71 | decryption-passphrase: ${PIVNET_UAA_TOKEN} 72 | EOF 73 | 74 | 75 | az login --service-principal \ 76 | --username ${AZURE_CLIENT_ID} \ 77 | --password ${AZURE_CLIENT_SECRET} \ 78 | --tenant ${AZURE_TENANT_ID} 79 | 80 | VNet1Id=$(az network vnet show \ 81 | --resource-group ${JUMP_RG} \ 82 | --name ${JUMP_VNET} \ 83 | --query id --out tsv) 84 | 85 | VNet2Id=$(az network vnet show \ 86 | --resource-group ${ENV_NAME} \ 87 | --name ${ENV_NAME}-virtual-network \ 88 | --query id --out tsv) 89 | 90 | az network vnet peering create --name PCF-Peer \ 91 | --remote-vnet-id ${VNet2Id} \ 92 | --resource-group ${JUMP_RG} \ 93 | --vnet-name ${JUMP_VNET} \ 94 | --allow-forwarded-traffic \ 95 | --allow-gateway-transit \ 96 | --allow-vnet-access 97 | 98 | az network vnet peering create --name JUMP-Peer \ 99 | --remote-vnet-id ${VNet1Id} \ 100 | --resource-group ${ENV_NAME} \ 101 | --vnet-name ${ENV_NAME}-virtual-network \ 102 | --allow-forwarded-traffic \ 103 | --allow-gateway-transit \ 104 | --allow-vnet-access 105 | 106 | 107 | 108 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 109 | configure-authentication \ 110 | --decryption-passphrase ${PIVNET_UAA_TOKEN} \ 111 | --username ${PCF_OPSMAN_USERNAME} \ 112 | --password ${PIVNET_UAA_TOKEN} 113 | 114 | echo checking deployed products 115 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 116 | deployed-products 117 | 118 | declare -a FILES=("${HOME_DIR}/${PCF_SUBDOMAIN_NAME}.${PCF_DOMAIN_NAME}.key" \ 119 | "${HOME_DIR}/fullchain.cer") 120 | # are we first time ?! 121 | 122 | for FILE in "${FILES[@]}"; do 123 | if [ ! -f $FILE ]; then 124 | if [ "${USE_SELF_CERTS}" = "TRUE" ]; then 125 | sudo -S -u ${ADMIN_USERNAME} ${SCRIPT_DIR}/create_self_certs.sh 126 | else 127 | sudo -S -u ${ADMIN_USERNAME} ${SCRIPT_DIR}/create_certs.sh 128 | fi 129 | fi 130 | done 131 | ## did let´sencrypt just not work ? 132 | for FILE in "${FILES[@]}"; do 133 | if [ ! -f $FILE ]; then 134 | echo "$FILE not found. running Create Self Certs " 135 | ${SCRIPT_DIR}/create_self_certs.sh 136 | fi 137 | done 138 | 139 | 140 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 141 | update-ssl-certificate \ 142 | --certificate-pem "$(cat ${HOME_DIR}/fullchain.cer)" \ 143 | --private-key-pem "$(cat ${HOME_DIR}/${PCF_SUBDOMAIN_NAME}.${PCF_DOMAIN_NAME}.key)" 144 | 145 | cd ${HOME_DIR} 146 | cat << EOF > ${TEMPLATE_DIR}/director_vars.yaml 147 | subscription_id: ${AZURE_SUBSCRIPTION_ID} 148 | tenant_id: ${AZURE_TENANT_ID} 149 | client_id: ${AZURE_CLIENT_ID} 150 | client_secret: ${AZURE_CLIENT_SECRET} 151 | resource_group_name: ${ENV_NAME} 152 | bosh_storage_account_name: ${BOSH_STORAGE_ACCOUNT_NAME} 153 | default_security_group: ${ENV_NAME}-bosh-deployed-vms-security-group 154 | ssh_public_key: ${SSH_PUBLIC_KEY} 155 | ssh_private_key: ${SSH_PRIVATE_KEY} 156 | ntp_servers_string: 'time.windows.com' 157 | infrastructure-subnet: "${ENV_NAME}-virtual-network/${ENV_NAME}-infrastructure-subnet" 158 | pas-subnet: "${ENV_NAME}-virtual-network/${ENV_NAME}-pas-subnet" 159 | services-subnet: "${ENV_NAME}-virtual-network/${ENV_NAME}-services-subnet" 160 | bosh_deployed_vms_security_group_name: ${BOSH_DEPLOYED_VMS_SECURITY_GROUP_NAME} 161 | infrastructure_cidr: "${NET_16_BIT_MASK}.8.0/26" 162 | infrastructure_range: "${NET_16_BIT_MASK}.8.1-${NET_16_BIT_MASK}.8.10" 163 | infrastructure_gateway: "${NET_16_BIT_MASK}.8.1" 164 | pas_cidr: "${NET_16_BIT_MASK}.0.0/22" 165 | pas_range: "${NET_16_BIT_MASK}.0.1-${NET_16_BIT_MASK}.0.4" 166 | pas_gateway: "${NET_16_BIT_MASK}.0.1" 167 | services_cidr: "${NET_16_BIT_MASK}.4.0/22" 168 | services_range: "${NET_16_BIT_MASK}.4.1-${NET_16_BIT_MASK}.4.4" 169 | services_gateway: "${NET_16_BIT_MASK}.4.1" 170 | fullchain: "$(cat ${HOME_DIR}/fullchain.cer | awk '{printf "%s\\r\\n", $0}')" 171 | availability_mode: ${AVAILABILITY_MODE} 172 | singleton_availability_zone: "${SINGLETON_ZONE}" 173 | EOF 174 | 175 | 176 | 177 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 178 | configure-director --config ${TEMPLATE_DIR}/director_config.yaml --vars-file ${TEMPLATE_DIR}/director_vars.yaml 179 | 180 | retryop "om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 181 | apply-changes" 2 10 182 | 183 | 184 | echo checking deployed products 185 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 186 | deployed-products 187 | 188 | popd 189 | END_OPSMAN_DEPLOY_TIME=$(date) 190 | echo ${END_OPSMAN_DEPLOY_TIME} finished opsman deployment 191 | $(cat <<-EOF >> ${HOME_DIR}/.env.sh 192 | PCF_OPSMAN_FQDN="${PCF_OPSMAN_FQDN}" 193 | EOF 194 | ) 195 | 196 | sudo mkdir -p /var/tempest/workspaces/default 197 | sudo sh -c \ 198 | "om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 199 | curl \ 200 | --silent \ 201 | --path "/api/v0/security/root_ca_certificate" | 202 | jq --raw-output '.root_ca_certificate_pem' \ 203 | > /var/tempest/workspaces/default/root_ca_certificate" 204 | 205 | 206 | 207 | echo Started BASE deployment at ${START_BASE_DEPLOY_TIME} 208 | echo Fimnished BASE deployment at ${END_BASE_DEPLOY_TIME} 209 | echo Started OPSMAN deployment at ${START_OPSMAN_DEPLOY_TIME} 210 | echo Finished OPSMAN Deployment at ${END_OPSMAN_DEPLOY_TIME} 211 | 212 | if [ "${PAS_AUTOPILOT}" = "TRUE" ]; then 213 | ${SCRIPT_DIR}/deploy_pas.sh --DO_NOT_APPLY_CHANGES -s 214 | ${SCRIPT_DIR}/deploy_tile.sh -t pivotal-mysql --DO_NOT_APPLY_CHANGES -s 215 | ${SCRIPT_DIR}/deploy_tile.sh -t p-rabbitmq --DO_NOT_APPLY_CHANGES -s 216 | ${SCRIPT_DIR}/deploy_tile.sh -t p-spring-services -s --APPLY_ALL 217 | fi -------------------------------------------------------------------------------- /scripts/skeleton.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | MYSELF=$(basename $0) 4 | mkdir -p ${LOG_DIR} 5 | exec &> >(tee -a "${LOG_DIR}/${MYSELF}.$(date '+%Y-%m-%d-%H').log") 6 | exec 2>&1 7 | POSITIONAL=() 8 | while [[ $# -gt 0 ]] 9 | do 10 | key="$1" 11 | 12 | case $key in 13 | -n|--NO_DOWNLOAD) 14 | NO_DOWNLOAD="$2" 15 | echo $NO_DOWNLOAD 16 | # shift # past value 17 | ;; 18 | -d|--DO_NOT_APPLY_CHANGES) 19 | NO_APPLY="$2" 20 | echo $NO_APPLY 21 | ## shift # past value 22 | ;; 23 | *) # unknown option 24 | POSITIONAL+=("$1") # save it in an array for later 25 | shift # past argument 26 | ;; 27 | esac 28 | shift 29 | done -------------------------------------------------------------------------------- /scripts/stemcell_loader.sh: -------------------------------------------------------------------------------- 1 | ##!/usr/bin/env bash 2 | source ~/.env.sh 3 | cd ${HOME_DIR} 4 | MYSELF=$(basename $0) 5 | mkdir -p ${LOG_DIR} 6 | exec &> >(tee -a "${LOG_DIR}/${MYSELF}.$(date '+%Y-%m-%d-%H').log") 7 | exec 2>&1 8 | while [[ $# -gt 0 ]] 9 | do 10 | key="$1" 11 | case $key in 12 | -s|--STEMCELL_VERSION) 13 | STEMCELL_VER=$2 14 | echo "Stemcell Version ${STEMCELL_VER}" 15 | shift # past value ia arg value 16 | ;; 17 | -i|--SLUG_ID) 18 | SLUG_ID=$2 19 | echo "Slug ID ${SLUG_ID}" 20 | shift # past value ia arg value 21 | ;; 22 | *) # unknown option 23 | POSITIONAL+=("$1") # save it in an array for later 24 | shift # past argument 25 | ;; 26 | esac 27 | shift 28 | done 29 | set -- "${POSITIONAL[@]}" # restore positional parameters 30 | if [ -z ${STEMCELL_VER} ] ; then 31 | STEMCELL_VER=170.45 32 | echo "Defaulting to Stemcell to ${STEMCELL_VER}" 33 | fi 34 | if [ -z ${SLUG_ID} ] ; then 35 | SLUG_ID=233 36 | echo "Defaulting to Stemcell to ${STEMCELL_VER}" 37 | fi 38 | SLUG_IDS="233 \ 39 | 151 \ 40 | 82 \ 41 | " 42 | 43 | if [[ " ${SLUG_IDS} " =~ " $SLUG_ID " ]] 44 | then 45 | echo "Downloading ${SLUG_ID}" 46 | else 47 | echo "mandatory '-i | --SLUG_ID ' was not used or /dev/null; then 12 | sudo apt install parallel -y 13 | fi 14 | 15 | wget -O om https://github.com/pivotal-cf/om/releases/download/1.1.0/om-linux && \ 16 | chmod +x om && \ 17 | sudo mv om /usr/local/bin/ 18 | 19 | echo "Preparing Updates" 20 | declare -a DIRECTORIES=("scripts" "env" "templates") 21 | 22 | # Read the array values with space 23 | for DIRECTORY in "${DIRECTORIES[@]}"; do 24 | UPDATE_LIST=${BASE_URI}${DIRECTORY}/updates.txt 25 | echo "updating ${DIRECTORY}" 26 | wget -N -P ${UPDATE_DIR} ${UPDATE_LIST} --show-progress 27 | parallel -a ${UPDATE_DIR}/updates.txt --no-notice "wget -N -P ${HOME_DIR}/conductor/${DIRECTORY} {} -q --show-progress" 28 | echo "\n" 29 | done 30 | 31 | rm -rf ${UPDATE_DIR}/updates.txt 32 | chmod +x ${HOME_DIR}/conductor/scripts/* 33 | echo "done" 34 | 35 | 36 | 37 | # wget -O - https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/update.sh | bash 38 | 39 | -------------------------------------------------------------------------------- /scripts/update_bosh_director.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | source ~/.env.sh 3 | cd ${HOME_DIR} 4 | MYSELF=$(basename $0) 5 | mkdir -p ${LOG_DIR} 6 | exec &> >(tee -a "${LOG_DIR}/${MYSELF}.$(date '+%Y-%m-%d-%H').log") 7 | exec 2>&1 8 | POSITIONAL=() 9 | while [[ $# -gt 0 ]] 10 | do 11 | key="$1" 12 | 13 | case $key in 14 | -n|--NO_DOWNLOAD) 15 | NO_DOWNLOAD="$2" 16 | echo $NO_DOWNLOAD 17 | # shift # past value 18 | ;; 19 | -d|--DO_NOT_APPLY_CHANGES) 20 | NO_APPLY="$2" 21 | echo $NO_APPLY 22 | ## shift # past value 23 | ;; 24 | *) # unknown option 25 | POSITIONAL+=("$1") # save it in an array for later 26 | shift # past argument 27 | ;; 28 | esac 29 | shift 30 | done 31 | 32 | export OM_TARGET=${PCF_OPSMAN_FQDN} 33 | export OM_USERNAME=${PCF_OPSMAN_USERNAME} 34 | export OM_PASSWORD="${PIVNET_UAA_TOKEN}" 35 | EXPORT_FILE=${HOME_DIR}/$(uuidgen) 36 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 37 | export-installation --output-file ${EXPORT_FILE} 38 | 39 | export AZURE_STORAGE_CONNECTION_STRING=$(az storage account show-connection-string \ 40 | --name ${ENV_SHORT_NAME}opsmanager --resource-group ${ENV_NAME}) 41 | export OPSMAN_IMAGE_VERSION=2.4-build.171 42 | 43 | export OPSMAN_IMAGE_URI=$(dirname ${OPS_MANAGER_IMAGE_URI})/ops-manager-${OPSMAN_IMAGE_VERSION}.vhd 44 | 45 | AZURE_STORAGE_ENDPOINT=$(az storage account show --name ${ENV_SHORT_NAME}opsmanager \ 46 | --resource-group ${ENV_NAME} \ 47 | --query '[primaryEndpoints.blob]' --output tsv) 48 | OPSMAN_LOCAL_IMAGE=${AZURE_STORAGE_ENDPOINT}opsmanagerimage/opsman-image-${OPSMAN_IMAGE_VERSION}.vhd 49 | 50 | az storage blob copy start --source-uri $OPSMAN_IMAGE_URI \ 51 | --destination-container opsmanagerimage \ 52 | --destination-blob opsman-image-${OPSMAN_IMAGE_VERSION}.vhd 53 | 54 | 55 | 56 | echo "Querying Blob Copy Status" 57 | while [ $(az storage blob show \ 58 | --name opsman-image-${OPSMAN_IMAGE_VERSION}.vhd\ 59 | --container-name opsmanagerimage \ 60 | --query '[properties.copy.status]' --output tsv) != "success" ] 61 | do 62 | printf '.' 63 | sleep 5 64 | done 65 | 66 | az vm delete --name ${ENV_NAME}-ops-manager-vm \ 67 | --resource-group ${ENV_NAME} -y 68 | 69 | az image create --resource-group ${ENV_NAME} \ 70 | --name ${OPSMAN_IMAGE_VERSION} \ 71 | --source ${OPSMAN_LOCAL_IMAGE} \ 72 | --location ${LOCATION} \ 73 | --os-type Linux 74 | 75 | 76 | az vm create --name ${ENV_NAME}-ops-manager-vm --resource-group ${ENV_NAME} \ 77 | --location ${LOCATION} \ 78 | --nics ${ENV_NAME}-ops-manager-nic \ 79 | --image ${OPSMAN_IMAGE_VERSION} \ 80 | --os-disk-name ${OPSMAN_IMAGE_VERSION}-osdisk \ 81 | --admin-username ubuntu \ 82 | --os-disk-size-gb 127 \ 83 | --size Standard_DS2_v2 \ 84 | --storage-sku StandardSSD_LRS \ 85 | --ssh-key-value ${HOME_DIR}/.ssh/authorized_keys 86 | 87 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 88 | --decryption-passphrase $PIVNET_UAA_TOKEN \ 89 | import-installation --installation $EXPORT_FILE 90 | 91 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 92 | update-ssl-certificate \ 93 | --certificate-pem "$(cat ${HOME_DIR}/fullchain.cer)" \ 94 | --private-key-pem "$(cat ${HOME_DIR}/${PCF_SUBDOMAIN_NAME}.${PCF_DOMAIN_NAME}.key)" 95 | 96 | 97 | om --env "${HOME_DIR}/om_${ENV_NAME}.env" \ 98 | apply-changes --skip-unchanged-products -------------------------------------------------------------------------------- /scripts/updates.txt: -------------------------------------------------------------------------------- 1 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/cf_startstop.sh 2 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/create_certs.sh 3 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/create_self_certs.sh 4 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/deploy_base.sh 5 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/deploy_masb.sh 6 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/deploy_mysql.sh 7 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/deploy_osba.sh 8 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/deploy_p-compliance-scanner.sh 9 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/deploy_pas.sh 10 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/deploy_rabbit.sh 11 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/deploy_spring.sh 12 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/deploy_tile.sh 13 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/om_init.sh 14 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/pcf-azure.tfvars 15 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/scratch.sh 16 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/skeleton.sh 17 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/stemcell_loader.sh 18 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/update.sh 19 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/connect_om.sh 20 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/scripts/update_bosh_director.sh -------------------------------------------------------------------------------- /sendgrid.md: -------------------------------------------------------------------------------- 1 | # integrating sendgrid with pas 2 | 3 | ## signup with sendgrid 4 | 5 | if you do not have a sendgrid account, signup fro a free one [here](https://signup.sendgrid.com/) 6 | 7 | ## create api key 8 | 9 | in sendgrid web ui, go to account --> api keys 10 | click on create API Key 11 | 12 | ![create api key](https://user-images.githubusercontent.com/8255007/51247514-a6247100-198d-11e9-82cf-06824d16bfa7.png) 13 | 14 | select restricted and enable mail send. 15 | 16 | once api key is created, copy the key to your env file 17 | the key is only show once !!! 18 | 19 | ![imapi key](https://user-images.githubusercontent.com/8255007/51247772-6b6f0880-198e-11e9-948f-0e805e4e05e4.png) 20 | 21 | 22 | 23 | ## populate the following env vars before deployment 24 | 25 | ```bash 26 | SMTP_ADDRESS="smtp.sendgrid.net" 27 | SMTP_IDENTITY="apikey" 28 | SMTP_PASSWORD="your api key" 29 | SMTP_FROM="your from address" 30 | SMTP_PORT="587" 31 | SMTP_STARTTLS="true" 32 | ``` -------------------------------------------------------------------------------- /templates/apm/1.6.0/apm.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) -------------------------------------------------------------------------------- /templates/director_config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | properties-configuration: 3 | security_configuration: 4 | trusted_certificates: ((fullchain)) 5 | opsmanager_root_ca_trusted_certs: true 6 | director_configuration: 7 | max_threads: 8 8 | ntp_servers_string: ((ntp_servers_string)) 9 | iaas_configuration: 10 | subscription_id: ((subscription_id)) 11 | tenant_id: ((tenant_id)) 12 | client_id: ((client_id)) 13 | client_secret: ((client_secret)) 14 | resource_group_name: ((resource_group_name)) 15 | bosh_storage_account_name: ((bosh_storage_account_name)) 16 | default_security_group: ((default_security_group)) 17 | ssh_public_key: ((ssh_public_key)) 18 | ssh_private_key: ((ssh_private_key)) 19 | availability_mode: ((availability_mode)) 20 | networks-configuration: 21 | icmp_checks_enabled: false 22 | networks: 23 | - name: pcf-infrastructure-subnet 24 | subnets: 25 | - iaas_identifier: ((infrastructure-subnet)) 26 | cidr: ((infrastructure_cidr)) 27 | reserved_ip_ranges: ((infrastructure_range)) 28 | dns: 168.63.129.16 29 | gateway: ((infrastructure_gateway)) 30 | - name: pcf-pas-subnet 31 | subnets: 32 | - iaas_identifier: ((pas-subnet)) 33 | cidr: ((pas_cidr)) 34 | reserved_ip_ranges: ((pas_range)) 35 | dns: 168.63.129.16 36 | gateway: ((pas_gateway)) 37 | - name: pcf-services-subnet 38 | service_network: true 39 | subnets: 40 | - iaas_identifier: ((services-subnet)) 41 | cidr: ((services_cidr)) 42 | reserved_ip_ranges: ((services_range)) 43 | dns: 168.63.129.16 44 | gateway: ((services_gateway)) 45 | network-assignment: 46 | network: 47 | name: pcf-infrastructure-subnet 48 | singleton_availability_zone: 49 | name: ((singleton_availability_zone)) -------------------------------------------------------------------------------- /templates/kubernetes-service-manager/0.4.34/kubernetes-service-manager.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) -------------------------------------------------------------------------------- /templates/masb/1.11.0/masb.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: 6 | - name: "null" 7 | singleton_availability_zone: 8 | name: "null" 9 | product-properties: 10 | .properties.environment: 11 | value: AzureCloud 12 | .properties.subscription_id: 13 | value: ((azure_subscription_id)) 14 | .properties.tenant_id: 15 | value: ((azure_tenant_id)) 16 | .properties.client_id: 17 | value: ((azure_client_id)) 18 | .properties.client_secret: 19 | value: 20 | secret: ((azure_client_secret)) 21 | .properties.azure_broker_database_provider: 22 | value: sqlserver 23 | .properties.azure_broker_database_server: 24 | value: ((azure_broker_database_server)) 25 | .properties.azure_broker_database_user: 26 | value: sqladmin 27 | .properties.azure_broker_database_name: 28 | value: ((azure_broker_database_name)) 29 | .properties.azure_broker_database_password: 30 | value: 31 | secret: ((azure_broker_database_password)) 32 | .properties.azure_broker_database_name: 33 | value: ((azure_broker_database_name)) 34 | .properties.azure_broker_database_encryption_key: 35 | value: 36 | secret: ((azure_broker_database_encryption_key)) 37 | 38 | -------------------------------------------------------------------------------- /templates/old/network_pas.yaml: -------------------------------------------------------------------------------- 1 | network-properties: 2 | network: 3 | name: ((pcf_pas_network)) 4 | other_availability_zones: 5 | - name: "null" -------------------------------------------------------------------------------- /templates/old/network_pas_services.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | service_network: 6 | name: ((pcf_service_network)) 7 | other_availability_zones: 8 | - name: "null" 9 | singleton_availability_zone: 10 | name: "null" -------------------------------------------------------------------------------- /templates/old/network_pas_services_zones.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | service_network: 6 | name: ((pcf_service_network)) 7 | singleton_availability_zone: 8 | name: zone-1 9 | other_availability_zones: 10 | - name: zone-1 11 | - name: zone-2 12 | - name: zone-3 -------------------------------------------------------------------------------- /templates/old/network_pas_zones.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | singleton_availability_zone: 4 | name: zone-1 5 | other_availability_zones: 6 | - name: zone-1 7 | - name: zone-2 8 | - name: zone-3 9 | network: 10 | name: ((pcf_pas_network)) -------------------------------------------------------------------------------- /templates/old/pas-cf.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: 6 | - name: "null" 7 | singleton_availability_zone: 8 | name: "null" 9 | product-properties: 10 | .cloud_controller.apps_domain: 11 | value: ((pcf_apps_domain)) 12 | .cloud_controller.system_domain: 13 | value: ((pcf_system_domain)) 14 | .properties.haproxy_forward_tls: 15 | value: disable 16 | .ha_proxy.skip_cert_verify: 17 | value: true 18 | .properties.routing_tls_termination: 19 | value: router 20 | .router.frontend_idle_timeout: 21 | value: 240 22 | .properties.security_acknowledgement: 23 | value: X 24 | .mysql_monitor.recipient_email: 25 | value: ((pcf_notifications_email)) 26 | .uaa.service_provider_key_credentials: 27 | value: 28 | private_key_pem: | 29 | ((pcf_key_pem)) 30 | cert_pem: | 31 | ((pcf_cert_pem)) 32 | .properties.networking_poe_ssl_certs: 33 | value: 34 | - name: default 35 | certificate: 36 | private_key_pem: | 37 | ((pcf_key_pem)) 38 | cert_pem: | 39 | ((pcf_cert_pem)) 40 | .properties.credhub_key_encryption_passwords: 41 | value: 42 | - name: default 43 | provider: internal 44 | key: 45 | secret: ((pcf_credhub_key)) 46 | primary: true 47 | .properties.smtp_address: 48 | value: ((smtp_address)) 49 | .properties.smtp_credentials: 50 | value: 51 | identity: ((smtp_identity)) 52 | password: ((smtp_password)) 53 | .properties.smtp_enable_starttls_auto: 54 | value: ((smtp_enable_starttls_auto)) 55 | .properties.smtp_auth_mechanism: 56 | value: plain 57 | .properties.smtp_from: 58 | value: ((smtp_from)) 59 | .properties.smtp_port: 60 | value: ((smtp_port)) 61 | resource-config: 62 | diego_cell: 63 | instances: 3 64 | diego_brain: 65 | elb_names: 66 | - ((pcf_diego_ssh_lb)) 67 | mysql_proxy: 68 | instances: 3 69 | mysql_proxy: 70 | elb_names: 71 | - ((pcf_mysql_lb)) 72 | router: 73 | instances: 3 74 | router: 75 | elb_names: 76 | - ((pcf_web_lb)) 77 | -------------------------------------------------------------------------------- /templates/old/pas-srt.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: 6 | - name: "null" 7 | singleton_availability_zone: 8 | name: "null" 9 | product-properties: 10 | .cloud_controller.apps_domain: 11 | value: ((pcf_apps_domain)) 12 | .cloud_controller.system_domain: 13 | value: ((pcf_system_domain)) 14 | .properties.haproxy_forward_tls: 15 | value: disable 16 | .ha_proxy.skip_cert_verify: 17 | value: true 18 | .properties.routing_tls_termination: 19 | value: router 20 | .router.frontend_idle_timeout: 21 | value: 240 22 | .properties.security_acknowledgement: 23 | value: X 24 | .mysql_monitor.recipient_email: 25 | value: ((pcf_notifications_email)) 26 | .uaa.service_provider_key_credentials: 27 | value: 28 | private_key_pem: | 29 | ((pcf_key_pem)) 30 | cert_pem: | 31 | ((pcf_cert_pem)) 32 | .properties.networking_poe_ssl_certs: 33 | value: 34 | - name: default 35 | certificate: 36 | private_key_pem: | 37 | ((pcf_key_pem)) 38 | cert_pem: | 39 | ((pcf_cert_pem)) 40 | .properties.credhub_key_encryption_passwords: 41 | value: 42 | - name: default 43 | provider: internal 44 | key: 45 | secret: ((pcf_credhub_key)) 46 | primary: true 47 | .properties.smtp_address: 48 | value: ((smtp_address)) 49 | .properties.smtp_credentials: 50 | value: 51 | identity: ((smtp_identity)) 52 | password: ((smtp_password)) 53 | .properties.smtp_enable_starttls_auto: 54 | value: ((smtp_enable_starttls_auto)) 55 | .properties.smtp_auth_mechanism: 56 | value: plain 57 | .properties.smtp_from: 58 | value: ((smtp_from)) 59 | .properties.smtp_port: 60 | value: ((smtp_port)) 61 | resource-config: 62 | router: 63 | elb_names: 64 | - ((pcf_web_lb)) 65 | -------------------------------------------------------------------------------- /templates/old/spring.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | product-properties: 3 | .deploy-service-broker.disable_cert_check: 4 | value: "false" 5 | .deploy-service-broker.instances_app_push_timeout: 6 | value: 60 -------------------------------------------------------------------------------- /templates/p-compliance-scanner/1.0.0-beta.7/p-compliance-scanner.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: 6 | - name: 'null' 7 | singleton_availability_zone: 8 | name: 'null' -------------------------------------------------------------------------------- /templates/p-healthwatch/1.4.5/p-healthwatch.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | service_network: 6 | name: ((pcf_service_network)) 7 | singleton_availability_zone: 8 | name: ((singleton_zone)) 9 | other_availability_zones: ((zones_map)) 10 | product-properties: 11 | .properties.opsman.enable.url: 12 | value: ((opsman_enable_url)) 13 | .properties.boshtasks: 14 | value: disable 15 | .healthwatch-forwarder.health_check_az: 16 | value: ((singleton_zone)) -------------------------------------------------------------------------------- /templates/p-healthwatch/1.5.2/p-healthwatch.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | service_network: 6 | name: ((pcf_service_network)) 7 | singleton_availability_zone: 8 | name: ((singleton_zone)) 9 | other_availability_zones: ((zones_map)) 10 | product-properties: 11 | .properties.opsman.enable.url: 12 | value: ((opsman_enable_url)) 13 | .properties.boshtasks: 14 | value: disable 15 | .healthwatch-forwarder.health_check_az: 16 | value: ((singleton_zone)) -------------------------------------------------------------------------------- /templates/p-isolation-segment/2.5.2/p-isolation-segment.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .properties.skip_cert_verify: 10 | value: true 11 | .properties.haproxy_forward_tls: 12 | value: disable 13 | .properties.routing_tls_termination: 14 | value: router 15 | .isolated_router.request_timeout_in_seconds: 16 | value: 240 17 | .isolated_diego_cell.placement_tag: 18 | value: Segment_1 19 | .properties.networking_poe_ssl_certs: 20 | value: 21 | - name: default 22 | certificate: 23 | private_key_pem: | 24 | ((pcf_key_pem)) 25 | cert_pem: | 26 | ((pcf_cert_pem)) 27 | resource-config: 28 | router: 29 | instances: 0 -------------------------------------------------------------------------------- /templates/p-rabbitmq/1.15.4/p-rabbitmq.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | service_network: 6 | name: ((pcf_service_network)) 7 | other_availability_zones: ((zones_map)) 8 | singleton_availability_zone: 9 | name: ((singleton_zone)) 10 | product-properties: 11 | .properties.syslog_selector: 12 | value: disabled 13 | .properties.on_demand_broker_plan_1_rabbitmq_az_placement: 14 | value: ((zones_list)) 15 | .properties.on_demand_broker_plan_1_disk_limit_acknowledgement: 16 | value: 17 | - acknowledge 18 | .properties.multitenant_support: 19 | value: enabled 20 | .properties.multitenant_support.enabled.server_admin_credentials: 21 | value: 22 | identity: rabbitadmin 23 | password: ((server_admin_password)) 24 | 25 | -------------------------------------------------------------------------------- /templates/p-rabbitmq/1.15.7/p-rabbitmq.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | service_network: 6 | name: ((pcf_service_network)) 7 | other_availability_zones: ((zones_map)) 8 | singleton_availability_zone: 9 | name: ((singleton_zone)) 10 | product-properties: 11 | .properties.syslog_selector: 12 | value: disabled 13 | .properties.on_demand_broker_plan_1_rabbitmq_az_placement: 14 | value: ((zones_list)) 15 | .properties.on_demand_broker_plan_1_disk_limit_acknowledgement: 16 | value: 17 | - acknowledge 18 | .properties.multitenant_support: 19 | value: enabled 20 | .properties.multitenant_support.enabled.server_admin_credentials: 21 | value: 22 | identity: rabbitadmin 23 | password: ((server_admin_password)) 24 | 25 | -------------------------------------------------------------------------------- /templates/p-rabbitmq/1.16.3/p-rabbitmq.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | service_network: 6 | name: ((pcf_service_network)) 7 | other_availability_zones: ((zones_map)) 8 | singleton_availability_zone: 9 | name: ((singleton_zone)) 10 | product-properties: 11 | .properties.syslog_selector: 12 | value: disabled 13 | .properties.on_demand_broker_plan_1_rabbitmq_az_placement: 14 | value: 15 | - ((zones_list)) 16 | .properties.on_demand_broker_plan_1_disk_limit_acknowledgement: 17 | value: 18 | - acknowledge 19 | .properties.multitenant_support: 20 | value: enabled 21 | .properties.multitenant_support.enabled.server_admin_credentials: 22 | value: 23 | identity: rabbitadmin 24 | password: ((server_admin_password)) 25 | 26 | -------------------------------------------------------------------------------- /templates/p-spring-services/2.0.7/p-spring-services.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .deploy-service-broker.disable_cert_check: 10 | value: "false" 11 | .deploy-service-broker.instances_app_push_timeout: 12 | value: 60 -------------------------------------------------------------------------------- /templates/p-spring-services/2.0.8/p-spring-services.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .deploy-service-broker.disable_cert_check: 10 | value: "false" 11 | .deploy-service-broker.instances_app_push_timeout: 12 | value: 60 -------------------------------------------------------------------------------- /templates/p-spring-services/2.0.9/p-spring-services.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .deploy-service-broker.disable_cert_check: 10 | value: "false" 11 | .deploy-service-broker.instances_app_push_timeout: 12 | value: 60 -------------------------------------------------------------------------------- /templates/pas-windows/2.4.3/pas-windows.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) -------------------------------------------------------------------------------- /templates/pas-windows/2.4.4/pas-windows.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) -------------------------------------------------------------------------------- /templates/pas-windows/2.5.0/pas-windows.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) -------------------------------------------------------------------------------- /templates/pas-windows/2.5.1/pas-windows.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) -------------------------------------------------------------------------------- /templates/pas-windows/2.5.2/pas-windows.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) -------------------------------------------------------------------------------- /templates/pas/2.5.0/pas-cf.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .cloud_controller.apps_domain: 10 | value: ((pcf_apps_domain)) 11 | .cloud_controller.system_domain: 12 | value: ((pcf_system_domain)) 13 | .properties.haproxy_forward_tls: 14 | value: disable 15 | .ha_proxy.skip_cert_verify: 16 | value: true 17 | .properties.routing_tls_termination: 18 | value: router 19 | .router.frontend_idle_timeout: 20 | value: 240 21 | .properties.security_acknowledgement: 22 | value: X 23 | .properties.stack_migration_acknowledgement: 24 | value: X 25 | .mysql_monitor.recipient_email: 26 | value: ((pcf_notifications_email)) 27 | .uaa.service_provider_key_credentials: 28 | value: 29 | private_key_pem: | 30 | ((pcf_key_pem)) 31 | cert_pem: | 32 | ((pcf_cert_pem)) 33 | .properties.networking_poe_ssl_certs: 34 | value: 35 | - name: default 36 | certificate: 37 | private_key_pem: | 38 | ((pcf_key_pem)) 39 | cert_pem: | 40 | ((pcf_cert_pem)) 41 | .properties.credhub_key_encryption_passwords: 42 | value: 43 | - name: default 44 | provider: internal 45 | key: 46 | secret: ((pcf_credhub_key)) 47 | primary: true 48 | .properties.smtp_address: 49 | value: ((smtp_address)) 50 | .properties.smtp_credentials: 51 | value: 52 | identity: ((smtp_identity)) 53 | password: ((smtp_password)) 54 | .properties.smtp_enable_starttls_auto: 55 | value: ((smtp_enable_starttls_auto)) 56 | .properties.smtp_auth_mechanism: 57 | value: plain 58 | .properties.smtp_from: 59 | value: ((smtp_from)) 60 | .properties.smtp_port: 61 | value: ((smtp_port)) 62 | .cloud_controller.encrypt_key: 63 | value: 64 | secret: ((cloud_controller.encrypt_key)) 65 | .properties.metric_registrar_enabled: 66 | value: true 67 | .properties.istio: 68 | value: enable 69 | resource-config: 70 | istio_router: 71 | elb_names: 72 | - ((pcf_istio_lb)) 73 | diego_cell: 74 | instances: ((compute_instances)) 75 | diego_brain: 76 | elb_names: 77 | - ((pcf_diego_ssh_lb)) 78 | router: 79 | instances: 3 80 | router: 81 | elb_names: 82 | - ((pcf_web_lb)) 83 | -------------------------------------------------------------------------------- /templates/pas/2.5.0/pas-srt.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .cloud_controller.apps_domain: 10 | value: ((pcf_apps_domain)) 11 | .cloud_controller.system_domain: 12 | value: ((pcf_system_domain)) 13 | .properties.haproxy_forward_tls: 14 | value: disable 15 | .ha_proxy.skip_cert_verify: 16 | value: true 17 | .properties.routing_tls_termination: 18 | value: router 19 | .router.frontend_idle_timeout: 20 | value: 240 21 | .properties.security_acknowledgement: 22 | value: X 23 | .properties.stack_migration_acknowledgement: 24 | value: X 25 | .mysql_monitor.recipient_email: 26 | value: ((pcf_notifications_email)) 27 | .uaa.service_provider_key_credentials: 28 | value: 29 | private_key_pem: | 30 | ((pcf_key_pem)) 31 | cert_pem: | 32 | ((pcf_cert_pem)) 33 | .properties.networking_poe_ssl_certs: 34 | value: 35 | - name: default 36 | certificate: 37 | private_key_pem: | 38 | ((pcf_key_pem)) 39 | cert_pem: | 40 | ((pcf_cert_pem)) 41 | .properties.credhub_key_encryption_passwords: 42 | value: 43 | - name: default 44 | provider: internal 45 | key: 46 | secret: ((pcf_credhub_key)) 47 | primary: true 48 | .properties.smtp_address: 49 | value: ((smtp_address)) 50 | .properties.smtp_credentials: 51 | value: 52 | identity: ((smtp_identity)) 53 | password: ((smtp_password)) 54 | .properties.smtp_enable_starttls_auto: 55 | value: ((smtp_enable_starttls_auto)) 56 | .properties.smtp_auth_mechanism: 57 | value: plain 58 | .properties.smtp_from: 59 | value: ((smtp_from)) 60 | .properties.smtp_port: 61 | value: ((smtp_port)) 62 | .cloud_controller.encrypt_key: 63 | value: 64 | secret: ((cloud_controller.encrypt_key)) 65 | .properties.metric_registrar_enabled: 66 | value: true 67 | .properties.istio: 68 | value: enable 69 | resource-config: 70 | router: 71 | elb_names: 72 | - ((pcf_web_lb)) 73 | istio_router: 74 | elb_names: 75 | - ((pcf_istio_lb)) 76 | compute: 77 | instances: ((compute_instances)) -------------------------------------------------------------------------------- /templates/pas/2.5.1/pas-cf.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .cloud_controller.apps_domain: 10 | value: ((pcf_apps_domain)) 11 | .cloud_controller.system_domain: 12 | value: ((pcf_system_domain)) 13 | .properties.haproxy_forward_tls: 14 | value: disable 15 | .ha_proxy.skip_cert_verify: 16 | value: true 17 | .properties.routing_tls_termination: 18 | value: router 19 | .router.frontend_idle_timeout: 20 | value: 240 21 | .properties.security_acknowledgement: 22 | value: X 23 | .properties.stack_migration_acknowledgement: 24 | value: X 25 | .mysql_monitor.recipient_email: 26 | value: ((pcf_notifications_email)) 27 | .uaa.service_provider_key_credentials: 28 | value: 29 | private_key_pem: | 30 | ((pcf_key_pem)) 31 | cert_pem: | 32 | ((pcf_cert_pem)) 33 | .properties.networking_poe_ssl_certs: 34 | value: 35 | - name: default 36 | certificate: 37 | private_key_pem: | 38 | ((pcf_key_pem)) 39 | cert_pem: | 40 | ((pcf_cert_pem)) 41 | .properties.credhub_key_encryption_passwords: 42 | value: 43 | - name: default 44 | provider: internal 45 | key: 46 | secret: ((pcf_credhub_key)) 47 | primary: true 48 | .properties.smtp_address: 49 | value: ((smtp_address)) 50 | .properties.smtp_credentials: 51 | value: 52 | identity: ((smtp_identity)) 53 | password: ((smtp_password)) 54 | .properties.smtp_enable_starttls_auto: 55 | value: ((smtp_enable_starttls_auto)) 56 | .properties.smtp_auth_mechanism: 57 | value: plain 58 | .properties.smtp_from: 59 | value: ((smtp_from)) 60 | .properties.smtp_port: 61 | value: ((smtp_port)) 62 | .cloud_controller.encrypt_key: 63 | value: 64 | secret: ((cloud_controller.encrypt_key)) 65 | .properties.metric_registrar_enabled: 66 | value: true 67 | .properties.istio: 68 | value: enable 69 | resource-config: 70 | istio_router: 71 | elb_names: 72 | - ((pcf_istio_lb)) 73 | diego_cell: 74 | instances: ((compute_instances)) 75 | diego_brain: 76 | elb_names: 77 | - ((pcf_diego_ssh_lb)) 78 | router: 79 | instances: 3 80 | router: 81 | elb_names: 82 | - ((pcf_web_lb)) 83 | -------------------------------------------------------------------------------- /templates/pas/2.5.1/pas-srt.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .cloud_controller.apps_domain: 10 | value: ((pcf_apps_domain)) 11 | .cloud_controller.system_domain: 12 | value: ((pcf_system_domain)) 13 | .properties.haproxy_forward_tls: 14 | value: disable 15 | .ha_proxy.skip_cert_verify: 16 | value: true 17 | .properties.routing_tls_termination: 18 | value: router 19 | .router.frontend_idle_timeout: 20 | value: 240 21 | .properties.security_acknowledgement: 22 | value: X 23 | .properties.stack_migration_acknowledgement: 24 | value: X 25 | .mysql_monitor.recipient_email: 26 | value: ((pcf_notifications_email)) 27 | .uaa.service_provider_key_credentials: 28 | value: 29 | private_key_pem: | 30 | ((pcf_key_pem)) 31 | cert_pem: | 32 | ((pcf_cert_pem)) 33 | .properties.networking_poe_ssl_certs: 34 | value: 35 | - name: default 36 | certificate: 37 | private_key_pem: | 38 | ((pcf_key_pem)) 39 | cert_pem: | 40 | ((pcf_cert_pem)) 41 | .properties.credhub_key_encryption_passwords: 42 | value: 43 | - name: default 44 | provider: internal 45 | key: 46 | secret: ((pcf_credhub_key)) 47 | primary: true 48 | .properties.smtp_address: 49 | value: ((smtp_address)) 50 | .properties.smtp_credentials: 51 | value: 52 | identity: ((smtp_identity)) 53 | password: ((smtp_password)) 54 | .properties.smtp_enable_starttls_auto: 55 | value: ((smtp_enable_starttls_auto)) 56 | .properties.smtp_auth_mechanism: 57 | value: plain 58 | .properties.smtp_from: 59 | value: ((smtp_from)) 60 | .properties.smtp_port: 61 | value: ((smtp_port)) 62 | .cloud_controller.encrypt_key: 63 | value: 64 | secret: ((cloud_controller.encrypt_key)) 65 | .properties.metric_registrar_enabled: 66 | value: true 67 | .properties.istio: 68 | value: enable 69 | resource-config: 70 | router: 71 | elb_names: 72 | - ((pcf_web_lb)) 73 | istio_router: 74 | elb_names: 75 | - ((pcf_istio_lb)) 76 | compute: 77 | instances: ((compute_instances)) -------------------------------------------------------------------------------- /templates/pas/2.5.2/pas-cf.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .cloud_controller.apps_domain: 10 | value: ((pcf_apps_domain)) 11 | .cloud_controller.system_domain: 12 | value: ((pcf_system_domain)) 13 | .properties.haproxy_forward_tls: 14 | value: disable 15 | .ha_proxy.skip_cert_verify: 16 | value: true 17 | .properties.routing_tls_termination: 18 | value: router 19 | .router.frontend_idle_timeout: 20 | value: 240 21 | .properties.security_acknowledgement: 22 | value: X 23 | .properties.stack_migration_acknowledgement: 24 | value: X 25 | .mysql_monitor.recipient_email: 26 | value: ((pcf_notifications_email)) 27 | .uaa.service_provider_key_credentials: 28 | value: 29 | private_key_pem: | 30 | ((pcf_key_pem)) 31 | cert_pem: | 32 | ((pcf_cert_pem)) 33 | .properties.networking_poe_ssl_certs: 34 | value: 35 | - name: default 36 | certificate: 37 | private_key_pem: | 38 | ((pcf_key_pem)) 39 | cert_pem: | 40 | ((pcf_cert_pem)) 41 | .properties.credhub_key_encryption_passwords: 42 | value: 43 | - name: default 44 | provider: internal 45 | key: 46 | secret: ((pcf_credhub_key)) 47 | primary: true 48 | .properties.smtp_address: 49 | value: ((smtp_address)) 50 | .properties.smtp_credentials: 51 | value: 52 | identity: ((smtp_identity)) 53 | password: ((smtp_password)) 54 | .properties.smtp_enable_starttls_auto: 55 | value: ((smtp_enable_starttls_auto)) 56 | .properties.smtp_auth_mechanism: 57 | value: plain 58 | .properties.smtp_from: 59 | value: ((smtp_from)) 60 | .properties.smtp_port: 61 | value: ((smtp_port)) 62 | .cloud_controller.encrypt_key: 63 | value: 64 | secret: ((cloud_controller.encrypt_key)) 65 | .properties.metric_registrar_enabled: 66 | value: true 67 | .properties.istio: 68 | value: enable 69 | resource-config: 70 | istio_router: 71 | elb_names: 72 | - ((pcf_istio_lb)) 73 | diego_cell: 74 | instances: ((compute_instances)) 75 | diego_brain: 76 | elb_names: 77 | - ((pcf_diego_ssh_lb)) 78 | mysql_proxy: 79 | instances: 3 80 | mysql_proxy: 81 | elb_names: 82 | - ((pcf_mysql_lb)) 83 | router: 84 | instances: 3 85 | router: 86 | elb_names: 87 | - ((pcf_web_lb)) 88 | -------------------------------------------------------------------------------- /templates/pas/2.5.2/pas-srt.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .cloud_controller.apps_domain: 10 | value: ((pcf_apps_domain)) 11 | .cloud_controller.system_domain: 12 | value: ((pcf_system_domain)) 13 | .properties.haproxy_forward_tls: 14 | value: disable 15 | .ha_proxy.skip_cert_verify: 16 | value: true 17 | .properties.routing_tls_termination: 18 | value: router 19 | .router.frontend_idle_timeout: 20 | value: 240 21 | .properties.security_acknowledgement: 22 | value: X 23 | .properties.stack_migration_acknowledgement: 24 | value: X 25 | .mysql_monitor.recipient_email: 26 | value: ((pcf_notifications_email)) 27 | .uaa.service_provider_key_credentials: 28 | value: 29 | private_key_pem: | 30 | ((pcf_key_pem)) 31 | cert_pem: | 32 | ((pcf_cert_pem)) 33 | .properties.networking_poe_ssl_certs: 34 | value: 35 | - name: default 36 | certificate: 37 | private_key_pem: | 38 | ((pcf_key_pem)) 39 | cert_pem: | 40 | ((pcf_cert_pem)) 41 | .properties.credhub_key_encryption_passwords: 42 | value: 43 | - name: default 44 | provider: internal 45 | key: 46 | secret: ((pcf_credhub_key)) 47 | primary: true 48 | .properties.smtp_address: 49 | value: ((smtp_address)) 50 | .properties.smtp_credentials: 51 | value: 52 | identity: ((smtp_identity)) 53 | password: ((smtp_password)) 54 | .properties.smtp_enable_starttls_auto: 55 | value: ((smtp_enable_starttls_auto)) 56 | .properties.smtp_auth_mechanism: 57 | value: plain 58 | .properties.smtp_from: 59 | value: ((smtp_from)) 60 | .properties.smtp_port: 61 | value: ((smtp_port)) 62 | .cloud_controller.encrypt_key: 63 | value: 64 | secret: ((cloud_controller.encrypt_key)) 65 | .properties.metric_registrar_enabled: 66 | value: true 67 | .properties.istio: 68 | value: enable 69 | resource-config: 70 | router: 71 | elb_names: 72 | - ((pcf_web_lb)) 73 | istio_router: 74 | elb_names: 75 | - ((pcf_istio_lb)) 76 | compute: 77 | instances: ((compute_instances)) -------------------------------------------------------------------------------- /templates/pas/2.5.3/pas-cf.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .cloud_controller.apps_domain: 10 | value: ((pcf_apps_domain)) 11 | .cloud_controller.system_domain: 12 | value: ((pcf_system_domain)) 13 | .properties.haproxy_forward_tls: 14 | value: disable 15 | .ha_proxy.skip_cert_verify: 16 | value: true 17 | .properties.routing_tls_termination: 18 | value: router 19 | .router.frontend_idle_timeout: 20 | value: 240 21 | .properties.security_acknowledgement: 22 | value: X 23 | .properties.stack_migration_acknowledgement: 24 | value: X 25 | .mysql_monitor.recipient_email: 26 | value: ((pcf_notifications_email)) 27 | .uaa.service_provider_key_credentials: 28 | value: 29 | private_key_pem: | 30 | ((pcf_key_pem)) 31 | cert_pem: | 32 | ((pcf_cert_pem)) 33 | .properties.networking_poe_ssl_certs: 34 | value: 35 | - name: default 36 | certificate: 37 | private_key_pem: | 38 | ((pcf_key_pem)) 39 | cert_pem: | 40 | ((pcf_cert_pem)) 41 | .properties.credhub_key_encryption_passwords: 42 | value: 43 | - name: default 44 | provider: internal 45 | key: 46 | secret: ((pcf_credhub_key)) 47 | primary: true 48 | .properties.smtp_address: 49 | value: ((smtp_address)) 50 | .properties.smtp_credentials: 51 | value: 52 | identity: ((smtp_identity)) 53 | password: ((smtp_password)) 54 | .properties.smtp_enable_starttls_auto: 55 | value: ((smtp_enable_starttls_auto)) 56 | .properties.smtp_auth_mechanism: 57 | value: plain 58 | .properties.smtp_from: 59 | value: ((smtp_from)) 60 | .properties.smtp_port: 61 | value: ((smtp_port)) 62 | .cloud_controller.encrypt_key: 63 | value: 64 | secret: ((cloud_controller.encrypt_key)) 65 | .properties.metric_registrar_enabled: 66 | value: true 67 | .properties.istio: 68 | value: enable 69 | resource-config: 70 | istio_router: 71 | elb_names: 72 | - ((pcf_istio_lb)) 73 | diego_cell: 74 | instances: ((compute_instances)) 75 | diego_brain: 76 | elb_names: 77 | - ((pcf_diego_ssh_lb)) 78 | mysql_proxy: 79 | instances: 3 80 | mysql_proxy: 81 | elb_names: 82 | - ((pcf_mysql_lb)) 83 | router: 84 | instances: 3 85 | router: 86 | elb_names: 87 | - ((pcf_web_lb)) 88 | -------------------------------------------------------------------------------- /templates/pas/2.5.3/pas-srt.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .cloud_controller.apps_domain: 10 | value: ((pcf_apps_domain)) 11 | .cloud_controller.system_domain: 12 | value: ((pcf_system_domain)) 13 | .properties.haproxy_forward_tls: 14 | value: disable 15 | .ha_proxy.skip_cert_verify: 16 | value: true 17 | .properties.routing_tls_termination: 18 | value: router 19 | .router.frontend_idle_timeout: 20 | value: 240 21 | .properties.security_acknowledgement: 22 | value: X 23 | .properties.stack_migration_acknowledgement: 24 | value: X 25 | .mysql_monitor.recipient_email: 26 | value: ((pcf_notifications_email)) 27 | .uaa.service_provider_key_credentials: 28 | value: 29 | private_key_pem: | 30 | ((pcf_key_pem)) 31 | cert_pem: | 32 | ((pcf_cert_pem)) 33 | .properties.networking_poe_ssl_certs: 34 | value: 35 | - name: default 36 | certificate: 37 | private_key_pem: | 38 | ((pcf_key_pem)) 39 | cert_pem: | 40 | ((pcf_cert_pem)) 41 | .properties.credhub_key_encryption_passwords: 42 | value: 43 | - name: default 44 | provider: internal 45 | key: 46 | secret: ((pcf_credhub_key)) 47 | primary: true 48 | .properties.smtp_address: 49 | value: ((smtp_address)) 50 | .properties.smtp_credentials: 51 | value: 52 | identity: ((smtp_identity)) 53 | password: ((smtp_password)) 54 | .properties.smtp_enable_starttls_auto: 55 | value: ((smtp_enable_starttls_auto)) 56 | .properties.smtp_auth_mechanism: 57 | value: plain 58 | .properties.smtp_from: 59 | value: ((smtp_from)) 60 | .properties.smtp_port: 61 | value: ((smtp_port)) 62 | .cloud_controller.encrypt_key: 63 | value: 64 | secret: ((cloud_controller.encrypt_key)) 65 | .properties.metric_registrar_enabled: 66 | value: true 67 | .properties.istio: 68 | value: enable 69 | resource-config: 70 | router: 71 | elb_names: 72 | - ((pcf_web_lb)) 73 | istio_router: 74 | elb_names: 75 | - ((pcf_istio_lb)) 76 | compute: 77 | instances: ((compute_instances)) -------------------------------------------------------------------------------- /templates/pas/2.5.4/pas-cf.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .cloud_controller.apps_domain: 10 | value: ((pcf_apps_domain)) 11 | .cloud_controller.system_domain: 12 | value: ((pcf_system_domain)) 13 | .properties.haproxy_forward_tls: 14 | value: disable 15 | .ha_proxy.skip_cert_verify: 16 | value: true 17 | .properties.routing_tls_termination: 18 | value: router 19 | .router.frontend_idle_timeout: 20 | value: 240 21 | .properties.security_acknowledgement: 22 | value: X 23 | .properties.stack_migration_acknowledgement: 24 | value: X 25 | .mysql_monitor.recipient_email: 26 | value: ((pcf_notifications_email)) 27 | .uaa.service_provider_key_credentials: 28 | value: 29 | private_key_pem: | 30 | ((pcf_key_pem)) 31 | cert_pem: | 32 | ((pcf_cert_pem)) 33 | .properties.networking_poe_ssl_certs: 34 | value: 35 | - name: default 36 | certificate: 37 | private_key_pem: | 38 | ((pcf_key_pem)) 39 | cert_pem: | 40 | ((pcf_cert_pem)) 41 | .properties.credhub_key_encryption_passwords: 42 | value: 43 | - name: default 44 | provider: internal 45 | key: 46 | secret: ((pcf_credhub_key)) 47 | primary: true 48 | .properties.smtp_address: 49 | value: ((smtp_address)) 50 | .properties.smtp_credentials: 51 | value: 52 | identity: ((smtp_identity)) 53 | password: ((smtp_password)) 54 | .properties.smtp_enable_starttls_auto: 55 | value: ((smtp_enable_starttls_auto)) 56 | .properties.smtp_auth_mechanism: 57 | value: plain 58 | .properties.smtp_from: 59 | value: ((smtp_from)) 60 | .properties.smtp_port: 61 | value: ((smtp_port)) 62 | .cloud_controller.encrypt_key: 63 | value: 64 | secret: ((cloud_controller.encrypt_key)) 65 | .properties.metric_registrar_enabled: 66 | value: true 67 | .properties.istio: 68 | value: enable 69 | resource-config: 70 | istio_router: 71 | elb_names: 72 | - ((pcf_istio_lb)) 73 | diego_cell: 74 | instances: ((compute_instances)) 75 | diego_brain: 76 | elb_names: 77 | - ((pcf_diego_ssh_lb)) 78 | mysql_proxy: 79 | instances: 3 80 | mysql_proxy: 81 | elb_names: 82 | - ((pcf_mysql_lb)) 83 | router: 84 | instances: 3 85 | router: 86 | elb_names: 87 | - ((pcf_web_lb)) 88 | -------------------------------------------------------------------------------- /templates/pas/2.5.4/pas-srt.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .cloud_controller.apps_domain: 10 | value: ((pcf_apps_domain)) 11 | .cloud_controller.system_domain: 12 | value: ((pcf_system_domain)) 13 | .properties.haproxy_forward_tls: 14 | value: disable 15 | .ha_proxy.skip_cert_verify: 16 | value: true 17 | .properties.routing_tls_termination: 18 | value: router 19 | .router.frontend_idle_timeout: 20 | value: 240 21 | .properties.security_acknowledgement: 22 | value: X 23 | .properties.stack_migration_acknowledgement: 24 | value: X 25 | .mysql_monitor.recipient_email: 26 | value: ((pcf_notifications_email)) 27 | .uaa.service_provider_key_credentials: 28 | value: 29 | private_key_pem: | 30 | ((pcf_key_pem)) 31 | cert_pem: | 32 | ((pcf_cert_pem)) 33 | .properties.networking_poe_ssl_certs: 34 | value: 35 | - name: default 36 | certificate: 37 | private_key_pem: | 38 | ((pcf_key_pem)) 39 | cert_pem: | 40 | ((pcf_cert_pem)) 41 | .properties.credhub_key_encryption_passwords: 42 | value: 43 | - name: default 44 | provider: internal 45 | key: 46 | secret: ((pcf_credhub_key)) 47 | primary: true 48 | .properties.smtp_address: 49 | value: ((smtp_address)) 50 | .properties.smtp_credentials: 51 | value: 52 | identity: ((smtp_identity)) 53 | password: ((smtp_password)) 54 | .properties.smtp_enable_starttls_auto: 55 | value: ((smtp_enable_starttls_auto)) 56 | .properties.smtp_auth_mechanism: 57 | value: plain 58 | .properties.smtp_from: 59 | value: ((smtp_from)) 60 | .properties.smtp_port: 61 | value: ((smtp_port)) 62 | .cloud_controller.encrypt_key: 63 | value: 64 | secret: ((cloud_controller.encrypt_key)) 65 | .properties.metric_registrar_enabled: 66 | value: true 67 | .properties.istio: 68 | value: enable 69 | resource-config: 70 | router: 71 | elb_names: 72 | - ((pcf_web_lb)) 73 | istio_router: 74 | elb_names: 75 | - ((pcf_istio_lb)) 76 | compute: 77 | instances: ((compute_instances)) -------------------------------------------------------------------------------- /templates/pas/2.5.5/pas-cf.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .cloud_controller.apps_domain: 10 | value: ((pcf_apps_domain)) 11 | .cloud_controller.system_domain: 12 | value: ((pcf_system_domain)) 13 | .properties.haproxy_forward_tls: 14 | value: disable 15 | .ha_proxy.skip_cert_verify: 16 | value: true 17 | .properties.routing_tls_termination: 18 | value: router 19 | .router.frontend_idle_timeout: 20 | value: 240 21 | .properties.security_acknowledgement: 22 | value: X 23 | .properties.stack_migration_acknowledgement: 24 | value: X 25 | .mysql_monitor.recipient_email: 26 | value: ((pcf_notifications_email)) 27 | .uaa.service_provider_key_credentials: 28 | value: 29 | private_key_pem: | 30 | ((pcf_key_pem)) 31 | cert_pem: | 32 | ((pcf_cert_pem)) 33 | .properties.networking_poe_ssl_certs: 34 | value: 35 | - name: default 36 | certificate: 37 | private_key_pem: | 38 | ((pcf_key_pem)) 39 | cert_pem: | 40 | ((pcf_cert_pem)) 41 | .properties.credhub_key_encryption_passwords: 42 | value: 43 | - name: default 44 | provider: internal 45 | key: 46 | secret: ((pcf_credhub_key)) 47 | primary: true 48 | .properties.smtp_address: 49 | value: ((smtp_address)) 50 | .properties.smtp_credentials: 51 | value: 52 | identity: ((smtp_identity)) 53 | password: ((smtp_password)) 54 | .properties.smtp_enable_starttls_auto: 55 | value: ((smtp_enable_starttls_auto)) 56 | .properties.smtp_auth_mechanism: 57 | value: plain 58 | .properties.smtp_from: 59 | value: ((smtp_from)) 60 | .properties.smtp_port: 61 | value: ((smtp_port)) 62 | .cloud_controller.encrypt_key: 63 | value: 64 | secret: ((cloud_controller.encrypt_key)) 65 | .properties.metric_registrar_enabled: 66 | value: true 67 | .properties.istio: 68 | value: enable 69 | resource-config: 70 | istio_router: 71 | elb_names: 72 | - ((pcf_istio_lb)) 73 | diego_cell: 74 | instances: ((compute_instances)) 75 | diego_brain: 76 | elb_names: 77 | - ((pcf_diego_ssh_lb)) 78 | mysql_proxy: 79 | instances: 3 80 | mysql_proxy: 81 | elb_names: 82 | - ((pcf_mysql_lb)) 83 | router: 84 | instances: 3 85 | router: 86 | elb_names: 87 | - ((pcf_web_lb)) 88 | -------------------------------------------------------------------------------- /templates/pas/2.5.5/pas-srt.yaml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) 8 | product-properties: 9 | .cloud_controller.apps_domain: 10 | value: ((pcf_apps_domain)) 11 | .cloud_controller.system_domain: 12 | value: ((pcf_system_domain)) 13 | .properties.haproxy_forward_tls: 14 | value: disable 15 | .ha_proxy.skip_cert_verify: 16 | value: true 17 | .properties.routing_tls_termination: 18 | value: router 19 | .router.frontend_idle_timeout: 20 | value: 240 21 | .properties.security_acknowledgement: 22 | value: X 23 | .properties.stack_migration_acknowledgement: 24 | value: X 25 | .mysql_monitor.recipient_email: 26 | value: ((pcf_notifications_email)) 27 | .uaa.service_provider_key_credentials: 28 | value: 29 | private_key_pem: | 30 | ((pcf_key_pem)) 31 | cert_pem: | 32 | ((pcf_cert_pem)) 33 | .properties.networking_poe_ssl_certs: 34 | value: 35 | - name: default 36 | certificate: 37 | private_key_pem: | 38 | ((pcf_key_pem)) 39 | cert_pem: | 40 | ((pcf_cert_pem)) 41 | .properties.credhub_key_encryption_passwords: 42 | value: 43 | - name: default 44 | provider: internal 45 | key: 46 | secret: ((pcf_credhub_key)) 47 | primary: true 48 | .properties.smtp_address: 49 | value: ((smtp_address)) 50 | .properties.smtp_credentials: 51 | value: 52 | identity: ((smtp_identity)) 53 | password: ((smtp_password)) 54 | .properties.smtp_enable_starttls_auto: 55 | value: ((smtp_enable_starttls_auto)) 56 | .properties.smtp_auth_mechanism: 57 | value: plain 58 | .properties.smtp_from: 59 | value: ((smtp_from)) 60 | .properties.smtp_port: 61 | value: ((smtp_port)) 62 | .cloud_controller.encrypt_key: 63 | value: 64 | secret: ((cloud_controller.encrypt_key)) 65 | .properties.metric_registrar_enabled: 66 | value: true 67 | .properties.istio: 68 | value: enable 69 | resource-config: 70 | router: 71 | elb_names: 72 | - ((pcf_web_lb)) 73 | istio_router: 74 | elb_names: 75 | - ((pcf_istio_lb)) 76 | compute: 77 | instances: ((compute_instances)) -------------------------------------------------------------------------------- /templates/pivotal-mysql/2.5.3/pivotal-mysql.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | service_network: 6 | name: ((pcf_service_network)) 7 | singleton_availability_zone: 8 | name: ((singleton_zone)) 9 | other_availability_zones: ((zones_map)) 10 | product-properties: 11 | .properties.plan1_selector.single_node.description: 12 | value: "This plan provides a small, single node, dedicated MySQL instance." 13 | .properties.plan1_selector.single_node.instance_limit: 14 | value: 15 15 | .properties.plan1_selector: 16 | value: single_node 17 | selected_option: single_node 18 | .properties.plan1_selector.single_node.az_multi_select: 19 | value: 20 | - ((singleton_zone)) 21 | .properties.plan1_selector.single_node.description: 22 | value: "This plan provides a medium, leader-follower MySQL instance." 23 | .properties.plan2_selector.leader_follower.instance_limit: 24 | value: 5 25 | .properties.plan2_selector: 26 | value: leader_follower 27 | selected_option: leader_follower 28 | .properties.plan2_selector.leader_follower.az_multi_select: 29 | value: ((zones_list)) 30 | .properties.plan3_selector: 31 | value: Inactive 32 | selected_option: inactive 33 | .properties.plan4_selector: 34 | value: Inactive 35 | selected_option: inactive 36 | .properties.plan5_selector: 37 | value: Inactive 38 | selected_option: inactive 39 | .properties.global_recipient_email: 40 | value: ((global_recipient_email)) 41 | .properties.backups_selector.azure.account: 42 | value: ((azure_account)) 43 | .properties.backups_selector.azure.storage_access_key: 44 | credential: true 45 | value: 46 | secret: ((azure_storage_access_key)) 47 | .properties.backups_selector.azure.path: 48 | value: dump 49 | .properties.backups_selector.azure.cron_schedule: 50 | value: 0 */8 * * * 51 | .properties.backups_selector.azure.container: 52 | value: backup 53 | .properties.backups_selector.azure.blob_store_base_url: 54 | value: ((blob_store_base_url)) 55 | .properties.backups_selector.azure.enable_email_alerts: 56 | value: true 57 | .properties.deprecated_bindings_string: 58 | value: X 59 | .properties.backups_selector: 60 | value: Azure Backups 61 | selected_option: azure -------------------------------------------------------------------------------- /templates/pivotal-mysql/2.5.4/pivotal-mysql.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | service_network: 6 | name: ((pcf_service_network)) 7 | singleton_availability_zone: 8 | name: ((singleton_zone)) 9 | other_availability_zones: ((zones_map)) 10 | product-properties: 11 | .properties.plan1_selector.single_node.description: 12 | value: "This plan provides a small, single node, dedicated MySQL instance." 13 | .properties.plan1_selector.single_node.instance_limit: 14 | value: 15 15 | .properties.plan1_selector: 16 | value: single_node 17 | selected_option: single_node 18 | .properties.plan1_selector.single_node.az_multi_select: 19 | value: 20 | - ((singleton_zone)) 21 | .properties.plan1_selector.single_node.description: 22 | value: "This plan provides a medium, leader-follower MySQL instance." 23 | .properties.plan2_selector.leader_follower.instance_limit: 24 | value: 5 25 | .properties.plan2_selector: 26 | value: leader_follower 27 | selected_option: leader_follower 28 | .properties.plan2_selector.leader_follower.az_multi_select: 29 | value: 30 | - ((zones_list)) 31 | .properties.plan3_selector: 32 | value: Inactive 33 | selected_option: inactive 34 | .properties.plan4_selector: 35 | value: Inactive 36 | selected_option: inactive 37 | .properties.plan5_selector: 38 | value: Inactive 39 | selected_option: inactive 40 | .properties.global_recipient_email: 41 | value: ((global_recipient_email)) 42 | .properties.backups_selector.azure.account: 43 | value: ((azure_account)) 44 | .properties.backups_selector.azure.storage_access_key: 45 | credential: true 46 | value: 47 | secret: ((azure_storage_access_key)) 48 | .properties.backups_selector.azure.path: 49 | value: dump 50 | .properties.backups_selector.azure.cron_schedule: 51 | value: 0 */8 * * * 52 | .properties.backups_selector.azure.container: 53 | value: backup 54 | .properties.backups_selector.azure.endpoint: 55 | value: ((blob_store_base_url)) 56 | .properties.backups_selector.azure.enable_email_alerts: 57 | value: true 58 | .properties.deprecated_bindings_string: 59 | value: X 60 | .properties.backups_selector: 61 | value: Azure Backups 62 | selected_option: azure -------------------------------------------------------------------------------- /templates/pivotal_single_sign-on_service/1.8.3/pivotal_single_sign-on_service.yaml: -------------------------------------------------------------------------------- 1 | product-name: ((product_name)) 2 | network-properties: 3 | network: 4 | name: ((pcf_pas_network)) 5 | other_availability_zones: ((zones_map)) 6 | singleton_availability_zone: 7 | name: ((singleton_zone)) -------------------------------------------------------------------------------- /templates/updates.txt: -------------------------------------------------------------------------------- 1 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/pas/2.5.5/pas-srt.yaml 2 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/pas/2.5.5/pas-cf.yaml 3 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/pas-windows/2.5.2/pas-windows.yaml 4 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/masb.yaml 5 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/pivotal-mysql/2.5.4/pivotal-mysql.yaml 6 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/healthwatch.yaml 7 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/p-spring-services/2.0.9/p-spring-services.yaml 8 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/p-compliance-scanner/1.0.0-beta.7/p-compliance-scanner.yaml 9 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/apm/1.6.0/apm.yaml 10 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/director_config.yaml 11 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/p-rabbitmq/1.16.3/p-rabbitmq.yaml 12 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/director_config.yaml 13 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/kubernetes-service-manager/0.4.34/kubernetes-service-manager.yaml 14 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/p-healthwatch/1.5.2/p-healthwatch.yaml 15 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/pivotal_single_sign-on_service/1.8.3/pivotal_single_sign-on_service.yaml 16 | https://raw.githubusercontent.com/bottkars/pcf-jump-azure/master/templates/p-isolation-segment/2.5.2/p-isolation-segment.yaml -------------------------------------------------------------------------------- /testing.md: -------------------------------------------------------------------------------- 1 | master 2 | --------------------------------------------------------------------------------