├── .github └── pull_request_template.md ├── .gitignore ├── LICENSE ├── NOTICE ├── README.md ├── alicloud ├── cloud-config.yml ├── cpi.yml ├── oss-blobstore.yml ├── releases-in-china.yml └── use-bionic.yml ├── aws ├── cli-assume-role-credentials.yml ├── cli-iam-instance-profile.yml ├── cloud-config.yml ├── cpi-assume-role-credentials.yml ├── cpi.yml ├── encrypted-disk.yml ├── iam-instance-profile.yml ├── s3-bbr.yml ├── s3-blobstore-instance-profile.yml ├── s3-blobstore.yml └── use-bionic.yml ├── azure ├── cloud-config.yml ├── cpi-secondary.yml ├── cpi.yml ├── custom-environment.yml ├── use-bionic.yml ├── use-managed-disks.yml ├── use-managed-identity-for-bosh-managed-vms.yml └── use-managed-identity.yml ├── bbr.yml ├── bosh-lite-docker.yml ├── bosh-lite-grootfs.yml ├── bosh-lite-runc.yml ├── bosh-lite.yml ├── bosh.yml ├── ci ├── assets │ ├── bosh-lite-gcp │ │ └── create-director.sh │ └── zookeeper.yml ├── configure.sh ├── pipeline.yml └── tasks │ ├── bbl-down-bosh-lite-gcp.sh │ ├── bbl-down-bosh-lite-gcp.yml │ ├── bbl-up-bosh-lite-gcp.sh │ ├── bbl-up-bosh-lite-gcp.yml │ ├── echo-skip-upload-message.yml │ ├── is-there-new-asset.yml │ ├── shared │ └── bosh-agent-compile.yml │ ├── test-bosh-lite-gcp.sh │ ├── test-bosh-lite-gcp.yml │ ├── test-main-bosh-lite.sh │ ├── test-main-bosh-lite.yml │ ├── test-smoke.sh │ ├── test-smoke.yml │ ├── update-cpi.sh │ ├── update-cpi.yml │ ├── update-release.sh │ ├── update-release.yml │ ├── update-stemcell.sh │ ├── update-stemcell.yml │ └── utils.sh ├── cloudstack ├── auto-anti-affinity.yml └── cpi.yml ├── credhub.yml ├── docker ├── cloud-config.yml ├── cpi-secondary.yml ├── cpi.yml ├── ipv6 │ └── cpi.yml ├── unix-sock.yml └── use-bionic.yml ├── docs ├── bosh-lite-on-vbox.md └── jumpbox-user.md ├── enable-signed-urls.yml ├── experimental ├── blobstore-https-bosh-lite.yml ├── blobstore-https.yml ├── bpm.yml ├── db-enable-mutual-tls.yml ├── db-enable-tls.yml ├── db-gcp-postgres-connection-options.yml ├── db-mysql-connection-options.yml ├── db-postgres-connection-options.yml ├── dns-addon-with-api-certificates.yml ├── enable-metrics.yml ├── local-bosh-release-tarball.yml ├── ntp-agent-env.yml ├── postgres-10.yml └── registry-db-enable-tls.yml ├── external-ip-not-recommended-uaa.yml ├── external-ip-not-recommended.yml ├── external-ip-with-registry-not-recommended.yml ├── gcp ├── bosh-lite-vm-type.yml ├── cloud-config.yml ├── cpi.yml ├── gcs-bbr.yml ├── gcs-blobstore.yml ├── service-account.yml └── use-bionic.yml ├── hm ├── datadog.yml ├── disable.yml └── graphite.yml ├── jumpbox-user.yml ├── local-bosh-release-tarball.yml ├── local-bosh-release.yml ├── local-dns.yml ├── misc ├── blobstore-disable-tls.yml ├── blobstore-signed-urls.yml ├── blobstore-tls.yml ├── bosh-dev.yml ├── certificate-duration │ ├── bosh.yml │ ├── credhub.yml │ └── uaa.yml ├── config-server.yml ├── cpi-resize-disk.yml ├── dns-addon-enable-external-monitoring.yml ├── dns-addon-enable-local-monitoring.yml ├── dns-addon.yml ├── dns.yml ├── external-db-credhub.yml ├── external-db-uaa.yml ├── external-db.yml ├── external-ip-not-recommended │ └── mbus-only.yml ├── ipv6 │ ├── bosh.yml │ ├── credhub.yml │ └── uaa.yml ├── nats-strict-tls.yml ├── no-internet-access │ ├── bpm.yml │ ├── credhub.yml │ ├── os-conf.yml │ ├── stemcell.yml │ ├── syslog.yml │ ├── uaa.yml │ └── vsphere-cpi.yml ├── ntp.yml ├── proxy.yml ├── second-network.yml ├── source-releases │ ├── bbr.yml │ ├── bosh.yml │ ├── credhub.yml │ └── uaa.yml └── trusted-certs.yml ├── openstack ├── auto-anti-affinity.yml ├── boot-from-volume.yml ├── cloud-config.yml ├── cpi-secondary.yml ├── cpi.yml ├── custom-ca.yml ├── disable-readable-vm-names.yml ├── keystone-v2.yml ├── nova-networking.yml ├── trusted-certs.yml ├── use-bionic.yml └── use-openstack-raw-stemcell.yml ├── runtime-configs ├── bpm.yml ├── dns.yml └── syslog.yml ├── softlayer ├── cloud-config-legacy.yml ├── cloud-config.yml ├── cpi-dynamic.yml ├── cpi-legacy-dynamic.yml ├── cpi-legacy.yml └── cpi.yml ├── syslog.yml ├── tests ├── .gitignore ├── cred-test.yml ├── run-checks.sh └── run.sh ├── turbulence.yml ├── uaa.yml ├── vcloud ├── cpi.yml └── use-bionic.yml ├── virtualbox ├── cloud-config.yml ├── cpi.yml ├── create-env.sh ├── delete-env.sh ├── internal-network.yml ├── ipv6 │ ├── cpi.yml │ └── remote.yml ├── outbound-network.yml ├── remote.yml ├── remove-ntp.yml ├── ssh.sh └── use-bionic.yml ├── vsphere ├── cloud-config.yml ├── cpi-secondary.yml ├── cpi.yml ├── custom-ca.yml ├── resource-pool.yml ├── second-network.yml └── use-bionic.yml └── warden ├── cloud-config.yml ├── cpi.yml └── use-bionic.yml /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | Note: Please create PR's against the develop branch -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.json 2 | creds.yml 3 | tmp 4 | .idea 5 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016-Present CloudFoundry.org Foundation, Inc. All Rights Reserved. 2 | 3 | This project is licensed to you under the Apache License, Version 2.0 (the "License"). 4 | You may not use this project except in compliance with the License. 5 | 6 | This project may include a number of subcomponents with separate copyright notices 7 | and license terms. Your use of these subcomponents is subject to the terms and 8 | conditions of the subcomponent's license, as noted in the LICENSE file. 9 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # bosh-deployment 2 | 3 | This repository is intended to serve as a reference and starting point for developer-friendly configuration of the Bosh Director. Consume the `master` branch. Any changes should be made against the `develop` branch (it will be automatically promoted once it passes tests). 4 | 5 | ## Important notice for users of bosh-deployment and Bosh DNS versions older than 1.28 6 | 7 | As of Bosh DNS version 1.28, Bosh DNS is now built with Go 1.15. This version of Go demands that TLS certificates be created with a SAN field, in addition to the usual CN field. 8 | 9 | The following certificates are affected by this change and will need to be regenerated: 10 | 11 | * `/dns_healthcheck_server_tls` 12 | * `/dns_healthcheck_client_tls` 13 | * `/dns_api_server_tls` 14 | * `/dns_api_client_tls` 15 | 16 | If you're using Credhub or another external variable store, then you will need to use `update_mode: converge` as documented here: .
17 | If you are not using Credhub or another external variable store, then you will need to follow the usual procedure for regenerating your certificates. 18 | 19 | ## Jammy stemcells 20 | 21 | We deploy using Jammy stemcells; however, if you would prefer to use the Bionic stemcells, append the ops files `[IAAS]/use-bionic.yml` and `misc/source-releases/bosh.yml` after the ops file `[IAAS]/cpi.yml`. 22 | 23 | ## How is bosh-deployment updated? 24 | An automatic process updates Bosh, and other releases within bosh-deployment 25 | 26 | 1. A new release of [bosh](https://github.com/cloudfoundry/bosh) is created. 27 | 1. A CI pipeline updates bosh-deployment on `develop` with a compiled bosh release. 28 | 1. Smoke tests are performed to ensure `create-env` works with this potential collection of resources and the new release. 29 | 1. A commit to `master` is made. 30 | 31 | Other releases such as [UAA](https://github.com/cloudfoundry/uaa-release), [CredHub](https://github.com/pivotal-cf/credhub-release), and various CPIs are also updated automatically. 32 | 33 | ## Using bosh-deployment 34 | 35 | * [Create an environment](https://bosh.io/docs/init.html) 36 | * [On Local machine (BOSH Lite)](https://bosh.io/docs/bosh-lite.html) 37 | * [On Alibaba Cloud](https://bosh.io/docs/init-alicloud.html) 38 | * [On AWS](https://bosh.io/docs/init-aws.html) 39 | * [On Azure](https://bosh.io/docs/init-azure.html) 40 | * [On OpenStack](https://bosh.io/docs/init-openstack.html) 41 | * [On vSphere](https://bosh.io/docs/init-vsphere.html) 42 | * [On vCloud](https://bosh.io/docs/init-vcloud.html) 43 | * [On SoftLayer](https://bosh.io/docs/init-softlayer.html) 44 | * [On Google Compute Platform](https://bosh.io/docs/init-google.html) 45 | 46 | * Access your BOSH director 47 | * Through a VPN 48 | * [`bosh create-env`, OpenVPN option](https://github.com/dpb587/openvpn-bosh-release) 49 | * Through a jumpbox 50 | * [`bosh create-env` option](https://github.com/cppforlife/jumpbox-deployment) 51 | * [Expose Director on a Public IP](https://bosh.io/docs/init-external-ip.html) (not recommended) 52 | 53 | * [CLI v2](https://bosh.io/docs/cli-v2.html) 54 | * [`create-env` Dependencies](https://bosh.io/docs/cli-v2-install/#additional-dependencies) 55 | * [Differences between CLI v2 vs v1](https://bosh.io/docs/cli-v2-diff.html) 56 | * [Global Flags](https://bosh.io/docs/cli-global-flags.html) 57 | * [Environments](https://bosh.io/docs/cli-envs.html) 58 | * [Operations files](https://bosh.io/docs/cli-ops-files.html) 59 | * [Variable Interpolation](https://bosh.io/docs/cli-int.html) 60 | * [Tunneling](https://bosh.io/docs/cli-tunnel.html) 61 | 62 | ### Ops files 63 | 64 | - `bosh.yml`: Base manifest that is meant to be used with different CPI configurations 65 | - `[alicloud|aws|azure|docker|gcp|openstack|softlayer|vcloud|vsphere|virtualbox]/cpi.yml`: CPI configuration 66 | - `[alicloud|aws|azure|docker|gcp|openstack|softlayer|vcloud|vsphere|virtualbox]/cloud-config.yml`: Simple cloud configs 67 | - `[alicloud|aws|azure|docker|gcp|openstack|vcloud|virtualbox|vsphere|warden]/use-bionic.yml`: use Bionic stemcell instead of Jammy stemcell 68 | - `jumpbox-user.yml`: Adds user `jumpbox` for SSH-ing into the Director (see [Jumpbox User](docs/jumpbox-user.md)) 69 | - `uaa.yml`: Deploys UAA and enables UAA user management in the Director 70 | - `credhub.yml`: Deploys CredHub and enables CredHub integration in the Director 71 | - `bosh-lite.yml`: Configures Director to use Garden CPI within the Director VM (see [BOSH Lite](docs/bosh-lite-on-vbox.md)) 72 | - `syslog.yml`: Configures syslog to forward logs to some destination 73 | - `local-dns.yml`: Enables Director DNS beta functionality 74 | - `misc/config-server.yml`: Deploys config-server (see `credhub.yml`) 75 | - `misc/proxy.yml`: Configure HTTP proxy for Director and CPI 76 | - `misc/dns.yml`: Configure your upstream DNS (NOTE: by default bosh-deployment uses Google DNS: 8.8.8.8) 77 | - `misc/ntp.yml`: Configure your NTP Servers (NOTE: by default bosh-deployment uses Google NTP servers: time{1-4}.google.com 78 | - `runtime-configs/syslog.yml`: Runtime config to enable syslog forwarding 79 | 80 | See [tests/run-checks.sh](tests/run-checks.sh) for example usage of different ops files. 81 | 82 | ### Runtime Config Files 83 | 84 | The director can optionally add configuration to all VMs in all deployments. The YAML defines an IaaS agnostic configuration that applies to all deployments. (See [Director Runtime Config](https://bosh.io/docs/runtime-config/).) 85 | 86 | - `dns.yml`: Install bosh defined dns release in every deployed VM. This allows bosh VMs to use the VM name as a FQDN. *It is extremely common for deployments require this addon*. (eg concourse-ci with UAA). For more information see [Native DNS Support](https://bosh.io/docs/dns/). 87 | - `bpm.yml`: Install bosh process manager on every VM (see [BPM-Release](https://github.com/cloudfoundry/bpm-release)) 88 | - `syslog.yml`: Install a syslog forwarder agent in every VM. 89 | 90 | Runtime config files are applied after bosh director has been deployed: 91 | ``` 92 | bosh -n -e bosh-1 update-runtime-config bosh-deployment/runtime-configs/dns.yml 93 | ``` 94 | 95 | See [runtime-configs/](runtime-configs/) for examples of different runtime configs. 96 | Other uses include installation of prometheus exporters, os-conf (to modify os level configurations), virus scanning, compliance agents. 97 | 98 | ### Security Groups 99 | 100 | Please ensure you have security groups setup correctly. i.e: 101 | 102 | ``` 103 | Type Protocol Port Range Source Purpose 104 | Custom TCP Rule TCP 6868 Agent for bootstrapping 105 | Custom TCP Rule TCP 25555 Director API 106 | Custom TCP Rule TCP 8443 UAA API (if UAA is used) 107 | Custom TCP Rule TCP 8844 CredHub API (if CredHub is used) 108 | SSH TCP 22 <((internal_cidr))> BOSH SSH (optional) 109 | Custom TCP Rule TCP 4222 <((internal_cidr))> NATS 110 | Custom TCP Rule TCP 25250 <((internal_cidr))> Blobstore 111 | ``` 112 | -------------------------------------------------------------------------------- /alicloud/cloud-config.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | cloud_properties: 4 | availability_zone: ((zone)) 5 | - name: z2 6 | cloud_properties: 7 | availability_zone: ((zone)) 8 | - name: z3 9 | cloud_properties: 10 | availability_zone: ((zone)) 11 | 12 | vm_types: 13 | - name: default 14 | cloud_properties: 15 | instance_type: ecs.sn1ne.large 16 | ephemeral_disk: {size: 30_720} 17 | - name: large 18 | cloud_properties: 19 | instance_type: ecs.sn1ne.xlarge 20 | ephemeral_disk: {size: 51_200} 21 | 22 | 23 | disk_types: 24 | - name: default 25 | disk_size: 20_480 26 | - name: large 27 | disk_size: 51_200 28 | 29 | networks: 30 | - name: default 31 | type: manual 32 | subnets: 33 | - range: ((internal_cidr)) 34 | gateway: ((internal_gw)) 35 | azs: [z1, z2, z3] 36 | dns: [8.8.8.8] 37 | reserved: [((internal_gw))/30] 38 | cloud_properties: 39 | vswitch_id: ((vswitch_id)) 40 | security_group_ids: 41 | - ((security_group_id)) 42 | - name: vip 43 | type: vip 44 | 45 | compilation: 46 | workers: 5 47 | reuse_compilation_vms: true 48 | az: z1 49 | vm_type: default 50 | network: default 51 | -------------------------------------------------------------------------------- /alicloud/cpi.yml: -------------------------------------------------------------------------------- 1 | - name: cpi 2 | path: /releases/- 3 | type: replace 4 | value: 5 | name: bosh-alicloud-cpi 6 | sha1: d2c05c5f351b4bf9f001c40bfdefa4d9cc25549e 7 | url: https://github.com/cloudfoundry/bosh-alicloud-cpi-release/releases/download/v53.0.0/bosh-alicloud-cpi-release-53.0.0.tgz 8 | version: 53.0.0 9 | - name: stemcell 10 | path: /resource_pools/name=vms/stemcell? 11 | type: replace 12 | value: 13 | sha1: b4e6503c6e4db11f854a52fb73b071a474b7d560 14 | url: https://bosh-alicloud-light-stemcells-cn.oss-cn-hangzhou.aliyuncs.com/light-bosh-stemcell-1.829-alicloud-kvm-ubuntu-jammy-go_agent.tgz 15 | - path: /resource_pools/name=vms/cloud_properties? 16 | type: replace 17 | value: 18 | availability_zone: ((zone)) 19 | ephemeral_disk: 20 | category: cloud_efficiency 21 | size: "51_200" 22 | instance_name: bosh-director 23 | instance_type: ecs.mn4.small 24 | key_pair_name: ((key_pair_name)) 25 | system_disk: 26 | category: cloud_efficiency 27 | size: "51_200" 28 | - path: /disk_pools/name=disks/cloud_properties? 29 | type: replace 30 | value: 31 | instance_role: director 32 | type: cloud_efficiency 33 | - path: /networks/name=default/subnets/0/cloud_properties? 34 | type: replace 35 | value: 36 | internet_charge_type: PayByTraffic 37 | security_group_ids: 38 | - ((security_group_id)) 39 | vswitch_id: ((vswitch_id)) 40 | - path: /instance_groups/name=bosh/jobs/- 41 | type: replace 42 | value: 43 | name: alicloud_cpi 44 | release: bosh-alicloud-cpi 45 | - path: /instance_groups/name=bosh/properties/director/cpi_job? 46 | type: replace 47 | value: alicloud_cpi 48 | - path: /cloud_provider/template? 49 | type: replace 50 | value: 51 | name: alicloud_cpi 52 | release: bosh-alicloud-cpi 53 | - path: /instance_groups/name=bosh/properties/alicloud? 54 | type: replace 55 | value: 56 | access_key_id: ((access_key_id)) 57 | access_key_secret: ((access_key_secret)) 58 | availability_zone: ((zone)) 59 | region: ((region)) 60 | - path: /cloud_provider/properties/alicloud? 61 | type: replace 62 | value: 63 | access_key_id: ((access_key_id)) 64 | access_key_secret: ((access_key_secret)) 65 | availability_zone: ((zone)) 66 | region: ((region)) 67 | - path: /instance_groups/name=bosh/properties/agent/env/bosh/ntp? 68 | type: replace 69 | value: 70 | - server 0.cn.pool.ntp.org 71 | - server 1.cn.pool.ntp.org 72 | - server 2.cn.pool.ntp.org 73 | - server 3.cn.pool.ntp.org 74 | - path: /resource_pools/0/env/bosh/ntp? 75 | type: replace 76 | value: 77 | - server 0.cn.pool.ntp.org 78 | - server 1.cn.pool.ntp.org 79 | - server 2.cn.pool.ntp.org 80 | - server 3.cn.pool.ntp.org 81 | -------------------------------------------------------------------------------- /alicloud/oss-blobstore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Using Alibaba Cloud OSS Service as Bosh blobstore 4 | 5 | # Note: If you want to apply the current oss bucket for other blobstores, 6 | # you can specify 'bucket_name' to oss bucket and its one directory, like "((bucket_name))/bosh-blobs", and then the directory "bosh-blobs" will store all of bosh blobs. 7 | # 8 | # 'host' is oss bucket endpoint, and its format is 'oss-.aliyuncs.com', like oss-cn-hangzhou.aliyuncs.com. 9 | 10 | - type: remove 11 | path: /instance_groups/name=bosh/jobs/name=blobstore 12 | 13 | - type: replace 14 | path: /instance_groups/name=bosh/properties/blobstore? 15 | value: 16 | provider: s3 17 | bucket_name: ((oss-bucket-name)) 18 | host: ((oss-host)) 19 | access_key_id: ((oss-access-key-id)) 20 | secret_access_key: ((oss-access-key-secret)) 21 | 22 | - type: remove 23 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores 24 | 25 | - type: replace 26 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores?/- 27 | value: 28 | provider: s3 29 | options: 30 | bucket_name: ((oss-bucket-name)) 31 | host: ((oss-host)) 32 | access_key_id: ((oss-access-key-id)) 33 | secret_access_key: ((oss-access-key-secret)) 34 | 35 | - type: remove 36 | path: /variables/name=blobstore_ca? 37 | 38 | - type: remove 39 | path: /variables/name=blobstore_server_tls? 40 | -------------------------------------------------------------------------------- /alicloud/releases-in-china.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # CPI 4 | - type: replace 5 | path: /releases/name=bosh-alicloud-cpi/url? 6 | value: https://bosh.oss-cn-hangzhou.aliyuncs.com/bosh-alicloud-cpi-release-24.0.0.tgz 7 | -------------------------------------------------------------------------------- /alicloud/use-bionic.yml: -------------------------------------------------------------------------------- 1 | - name: stemcell 2 | path: /resource_pools/name=vms/stemcell? 3 | type: replace 4 | value: 5 | sha1: c41220696304f84c2de13853def8c516f3b6bbec 6 | url: https://bosh-alicloud-light-stemcells-cn.oss-cn-hangzhou.aliyuncs.com/light-bosh-stemcell-1.204-alicloud-kvm-ubuntu-bionic-go_agent.tgz 7 | -------------------------------------------------------------------------------- /aws/cli-assume-role-credentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/aws/role_arn? 4 | value: ((role_arn)) 5 | 6 | -------------------------------------------------------------------------------- /aws/cli-iam-instance-profile.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /cloud_provider/properties/aws/credentials_source? 4 | value: env_or_profile 5 | 6 | - type: remove 7 | path: /cloud_provider/properties/aws/access_key_id 8 | 9 | - type: remove 10 | path: /cloud_provider/properties/aws/secret_access_key 11 | -------------------------------------------------------------------------------- /aws/cloud-config.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | cloud_properties: 4 | availability_zone: ((az)) 5 | - name: z2 6 | cloud_properties: 7 | availability_zone: ((az)) 8 | - name: z3 9 | cloud_properties: 10 | availability_zone: ((az)) 11 | 12 | vm_types: 13 | - name: default 14 | cloud_properties: 15 | instance_type: m5.large 16 | ephemeral_disk: {size: 25_000} 17 | - name: large 18 | cloud_properties: 19 | instance_type: m5.xlarge 20 | ephemeral_disk: {size: 50_000} 21 | 22 | disk_types: 23 | - name: default 24 | disk_size: 3000 25 | - name: large 26 | disk_size: 50_000 27 | 28 | networks: 29 | - name: default 30 | type: manual 31 | subnets: 32 | - range: ((internal_cidr)) 33 | gateway: ((internal_gw)) 34 | azs: [z1, z2, z3] 35 | dns: [8.8.8.8] 36 | reserved: [((internal_gw))/30] 37 | cloud_properties: 38 | subnet: ((subnet_id)) 39 | - name: vip 40 | type: vip 41 | 42 | compilation: 43 | workers: 5 44 | reuse_compilation_vms: true 45 | az: z1 46 | vm_type: default 47 | network: default 48 | -------------------------------------------------------------------------------- /aws/cpi-assume-role-credentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/aws/role_arn? 4 | value: ((role_arn)) 5 | 6 | - type: replace 7 | path: /cloud_provider/properties/aws/role_arn? 8 | value: ((role_arn)) 9 | -------------------------------------------------------------------------------- /aws/cpi.yml: -------------------------------------------------------------------------------- 1 | - name: cpi 2 | path: /releases/- 3 | type: replace 4 | value: 5 | name: bosh-aws-cpi 6 | sha1: 409dded9df01e04a2354b4e80c3ce4b1b0767add 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-aws-cpi-release?v=106.0.3 8 | version: 106.0.3 9 | - name: stemcell 10 | path: /resource_pools/name=vms/stemcell? 11 | type: replace 12 | value: 13 | sha1: f771a15528f2e701bbd465ce486609f44e3a83bf 14 | url: https://storage.googleapis.com/bosh-aws-light-stemcells/1.829/light-bosh-stemcell-1.829-aws-xen-hvm-ubuntu-jammy-go_agent.tgz 15 | - path: /resource_pools/name=vms/cloud_properties? 16 | type: replace 17 | value: 18 | availability_zone: ((az)) 19 | ephemeral_disk: 20 | size: 25000 21 | type: gp3 22 | instance_type: t3.medium 23 | - path: /disk_pools/name=disks/cloud_properties? 24 | type: replace 25 | value: 26 | type: gp3 27 | - path: /networks/name=default/subnets/0/cloud_properties? 28 | type: replace 29 | value: 30 | subnet: ((subnet_id)) 31 | - path: /instance_groups/name=bosh/jobs/- 32 | type: replace 33 | value: 34 | name: aws_cpi 35 | release: bosh-aws-cpi 36 | - path: /instance_groups/name=bosh/properties/director/cpi_job? 37 | type: replace 38 | value: aws_cpi 39 | - path: /cloud_provider/template? 40 | type: replace 41 | value: 42 | name: aws_cpi 43 | release: bosh-aws-cpi 44 | - path: /instance_groups/name=bosh/properties/aws? 45 | type: replace 46 | value: 47 | access_key_id: ((access_key_id)) 48 | default_key_name: ((default_key_name)) 49 | default_security_groups: ((default_security_groups)) 50 | region: ((region)) 51 | secret_access_key: ((secret_access_key)) 52 | - path: /cloud_provider/properties/aws? 53 | type: replace 54 | value: 55 | access_key_id: ((access_key_id)) 56 | default_key_name: ((default_key_name)) 57 | default_security_groups: ((default_security_groups)) 58 | region: ((region)) 59 | secret_access_key: ((secret_access_key)) 60 | -------------------------------------------------------------------------------- /aws/encrypted-disk.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /cloud_provider/properties/aws/kms_key_arn? 3 | value: ((kms_key_arn)) 4 | 5 | - type: replace 6 | path: /cloud_provider/properties/aws/encrypted? 7 | value: true 8 | 9 | - type: replace 10 | path: /instance_groups/name=bosh/properties/aws/kms_key_arn? 11 | value: ((kms_key_arn)) 12 | 13 | - type: replace 14 | path: /instance_groups/name=bosh/properties/aws/encrypted? 15 | value: true 16 | -------------------------------------------------------------------------------- /aws/iam-instance-profile.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /resource_pools/name=vms/cloud_properties/iam_instance_profile? 4 | value: ((iam_instance_profile)) 5 | 6 | - type: remove 7 | path: /instance_groups/name=bosh/properties/aws/access_key_id 8 | 9 | - type: remove 10 | path: /instance_groups/name=bosh/properties/aws/secret_access_key 11 | 12 | - type: replace 13 | path: /instance_groups/name=bosh/properties/aws/credentials_source? 14 | value: env_or_profile 15 | -------------------------------------------------------------------------------- /aws/s3-bbr.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/jobs/- 3 | value: 4 | name: s3-unversioned-blobstore-backup-restorer 5 | release: backup-and-restore-sdk 6 | properties: 7 | enabled: true 8 | buckets: 9 | director_blobs: 10 | name: "((s3-bucket-name))" 11 | region: "((s3-region))" 12 | aws_access_key_id: "((s3-access-key-id))" 13 | aws_secret_access_key: "((s3-secret-access-key))" 14 | backup: 15 | name: "((s3-backup-bucket-name))" 16 | region: "((s3-backup-region))" 17 | -------------------------------------------------------------------------------- /aws/s3-blobstore-instance-profile.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=bosh/jobs/name=blobstore 4 | 5 | - type: replace 6 | path: /instance_groups/name=bosh/properties/blobstore? 7 | value: 8 | provider: s3 9 | bucket_name: ((s3-bucket-name)) 10 | s3_region: ((s3-region)) 11 | credentials_source: env_or_profile 12 | 13 | - type: remove 14 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores 15 | 16 | - type: replace 17 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores?/- 18 | value: 19 | provider: s3 20 | options: 21 | bucket_name: ((s3-bucket-name)) 22 | region: ((s3-region)) 23 | credentials_source: env_or_profile 24 | 25 | - type: remove 26 | path: /variables/name=blobstore_ca? 27 | 28 | - type: remove 29 | path: /variables/name=blobstore_server_tls? 30 | -------------------------------------------------------------------------------- /aws/s3-blobstore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=bosh/jobs/name=blobstore 4 | 5 | - type: replace 6 | path: /instance_groups/name=bosh/properties/blobstore? 7 | value: 8 | provider: s3 9 | bucket_name: ((s3-bucket-name)) 10 | access_key_id: ((s3-access-key-id)) 11 | secret_access_key: ((s3-secret-access-key)) 12 | s3_region: ((s3-region)) 13 | 14 | - type: remove 15 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores 16 | 17 | - type: replace 18 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores?/- 19 | value: 20 | provider: s3 21 | options: 22 | bucket_name: ((s3-bucket-name)) 23 | access_key_id: ((s3-access-key-id)) 24 | secret_access_key: ((s3-secret-access-key)) 25 | region: ((s3-region)) 26 | 27 | - type: remove 28 | path: /variables/name=blobstore_ca? 29 | 30 | - type: remove 31 | path: /variables/name=blobstore_server_tls? 32 | -------------------------------------------------------------------------------- /aws/use-bionic.yml: -------------------------------------------------------------------------------- 1 | - name: stemcell 2 | path: /resource_pools/name=vms/stemcell? 3 | type: replace 4 | value: 5 | sha1: eb867a7831e7ab0c51d675f804ea60be0312ab31 6 | url: https://storage.googleapis.com/bosh-aws-light-stemcells/1.204/light-bosh-stemcell-1.204-aws-xen-hvm-ubuntu-bionic-go_agent.tgz 7 | -------------------------------------------------------------------------------- /azure/cloud-config.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | - name: z2 4 | - name: z3 5 | 6 | vm_types: 7 | - name: default 8 | cloud_properties: 9 | instance_type: Standard_D1_v2 10 | - name: large 11 | cloud_properties: 12 | instance_type: Standard_D3_v2 13 | 14 | disk_types: 15 | - name: default 16 | disk_size: 3000 17 | - name: large 18 | disk_size: 50_000 19 | 20 | networks: 21 | - name: default 22 | type: manual 23 | subnets: 24 | - range: ((internal_cidr)) 25 | gateway: ((internal_gw)) 26 | azs: [z1, z2, z3] 27 | dns: [168.63.129.16] 28 | reserved: [((internal_gw))/30] 29 | cloud_properties: 30 | virtual_network_name: ((vnet_name)) 31 | subnet_name: ((subnet_name)) 32 | security_group: ((security_group)) 33 | - name: vip 34 | type: vip 35 | 36 | compilation: 37 | workers: 5 38 | reuse_compilation_vms: true 39 | az: z1 40 | vm_type: default 41 | network: default 42 | -------------------------------------------------------------------------------- /azure/cpi-secondary.yml: -------------------------------------------------------------------------------- 1 | - name: cpi 2 | path: /releases/- 3 | type: replace 4 | value: 5 | name: bosh-azure-cpi 6 | sha1: faebe370c143554fe471c3f6aafb523ab48c43ea 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-azure-cpi-release?v=35.5.0 8 | version: 35.5.0 9 | - path: /instance_groups/name=bosh/jobs/- 10 | type: replace 11 | value: 12 | name: azure_cpi 13 | release: bosh-azure-cpi 14 | - path: /instance_groups/name=bosh/properties/azure? 15 | type: replace 16 | value: 17 | client_id: unused 18 | client_secret: unused 19 | default_security_group: unused 20 | environment: unused 21 | resource_group_name: unused 22 | ssh_public_key: unused 23 | ssh_user: unused 24 | storage_account_name: unused 25 | subscription_id: unused 26 | tenant_id: unused 27 | -------------------------------------------------------------------------------- /azure/cpi.yml: -------------------------------------------------------------------------------- 1 | - name: cpi 2 | path: /releases/- 3 | type: replace 4 | value: 5 | name: bosh-azure-cpi 6 | sha1: fa763578ca0f211d8112f290cd6b6d0f5901b3a8 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-azure-cpi-release?v=52.1.0 8 | version: 52.1.0 9 | - name: stemcell 10 | path: /resource_pools/name=vms/stemcell? 11 | type: replace 12 | value: 13 | sha1: 66d2083d6a71edad50dbada1bd0d396495ead861 14 | url: https://storage.googleapis.com/bosh-core-stemcells/1.829/bosh-stemcell-1.829-azure-hyperv-ubuntu-jammy-go_agent.tgz 15 | - path: /resource_pools/name=vms/cloud_properties? 16 | type: replace 17 | value: 18 | instance_type: Standard_B2s 19 | - path: /networks/name=default/subnets/0/cloud_properties? 20 | type: replace 21 | value: 22 | subnet_name: ((subnet_name)) 23 | virtual_network_name: ((vnet_name)) 24 | - path: /instance_groups/name=bosh/jobs/- 25 | type: replace 26 | value: 27 | name: azure_cpi 28 | release: bosh-azure-cpi 29 | - path: /instance_groups/name=bosh/properties/director/cpi_job? 30 | type: replace 31 | value: azure_cpi 32 | - path: /cloud_provider/template? 33 | type: replace 34 | value: 35 | name: azure_cpi 36 | release: bosh-azure-cpi 37 | - path: /instance_groups/name=bosh/properties/azure? 38 | type: replace 39 | value: 40 | client_id: ((client_id)) 41 | client_secret: ((client_secret)) 42 | default_security_group: ((default_security_group)) 43 | environment: AzureCloud 44 | resource_group_name: ((resource_group_name)) 45 | ssh_public_key: ((ssh.public_key)) 46 | ssh_user: vcap 47 | storage_account_name: ((storage_account_name)) 48 | subscription_id: ((subscription_id)) 49 | tenant_id: ((tenant_id)) 50 | - path: /cloud_provider/properties/azure? 51 | type: replace 52 | value: 53 | client_id: ((client_id)) 54 | client_secret: ((client_secret)) 55 | default_security_group: ((default_security_group)) 56 | environment: AzureCloud 57 | resource_group_name: ((resource_group_name)) 58 | ssh_public_key: ((ssh.public_key)) 59 | ssh_user: vcap 60 | storage_account_name: ((storage_account_name)) 61 | subscription_id: ((subscription_id)) 62 | tenant_id: ((tenant_id)) 63 | - path: /variables/- 64 | type: replace 65 | value: 66 | name: ssh 67 | type: ssh 68 | -------------------------------------------------------------------------------- /azure/custom-environment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/azure/environment 4 | value: ((environment)) 5 | 6 | - type: replace 7 | path: /cloud_provider/properties/azure/environment 8 | value: ((environment)) 9 | -------------------------------------------------------------------------------- /azure/use-bionic.yml: -------------------------------------------------------------------------------- 1 | - name: stemcell 2 | path: /resource_pools/name=vms/stemcell? 3 | type: replace 4 | value: 5 | sha1: 62f88628fd9e1061dfa69ac99fbe0363ab0cc5c8 6 | url: https://storage.googleapis.com/bosh-core-stemcells/1.204/bosh-stemcell-1.204-azure-hyperv-ubuntu-bionic-go_agent.tgz 7 | -------------------------------------------------------------------------------- /azure/use-managed-disks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/azure/use_managed_disks? 4 | value: true 5 | 6 | - type: remove 7 | path: /instance_groups/name=bosh/properties/azure/storage_account_name 8 | 9 | - type: replace 10 | path: /cloud_provider/properties/azure/use_managed_disks? 11 | value: true 12 | 13 | - type: remove 14 | path: /cloud_provider/properties/azure/storage_account_name 15 | -------------------------------------------------------------------------------- /azure/use-managed-identity-for-bosh-managed-vms.yml: -------------------------------------------------------------------------------- 1 | # If you also want the bosh-managed VMs to have this managed identity (can be dangerous for diego cells, since untrusted code can run there), then add these as well: 2 | # 3 | # If you use this operator, you also have to use the azure/cpi.yml and azure/use-managed-identity operator. 4 | - path: /instance_groups/name=bosh/properties/azure/default_managed_identity?/type? 5 | type: replace 6 | value: UserAssigned 7 | - path: /instance_groups/name=bosh/properties/azure/default_managed_identity?/user_assigned_identity_name? 8 | type: replace 9 | value: ((azure-managed-identity)) 10 | -------------------------------------------------------------------------------- /azure/use-managed-identity.yml: -------------------------------------------------------------------------------- 1 | # If you don't want to use the Azure client_id/client_secret, but Azure Managed Identities instead (https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vm). 2 | # The BOSH director VM will get a Managed Identity assigned, and with that (and the proper roles/permissions for that identity) it can do all Azure control plane actions. 3 | # 4 | # If you use this operator, you also have to use the azure/cpi.yml operator. 5 | - path: /cloud_provider/properties/azure/credentials_source? 6 | type: replace 7 | value: managed_identity 8 | - path: /cloud_provider/properties/azure/default_managed_identity?/type? 9 | type: replace 10 | value: UserAssigned 11 | - path: /cloud_provider/properties/azure/default_managed_identity?/user_assigned_identity_name? 12 | type: replace 13 | value: ((azure-managed-identity)) 14 | - path: /cloud_provider/properties/azure?/client_id? 15 | type: remove 16 | - path: /cloud_provider/properties/azure?/client_secret? 17 | type: remove 18 | - path: /cloud_provider/properties/azure?/tenant_id? 19 | type: remove 20 | - path: /instance_groups/name=bosh/properties/azure/credentials_source? 21 | type: replace 22 | value: managed_identity 23 | - path: /instance_groups/name=bosh/properties/azure?/client_id? 24 | type: remove 25 | - path: /instance_groups/name=bosh/properties/azure?/client_secret? 26 | type: remove 27 | - path: /instance_groups/name=bosh/properties/azure?/tenant_id? 28 | type: remove 29 | -------------------------------------------------------------------------------- /bbr.yml: -------------------------------------------------------------------------------- 1 | - path: /releases/- 2 | release: backup-and-restore-sdk 3 | type: replace 4 | value: 5 | name: backup-and-restore-sdk 6 | sha1: d46e75f0e416abd54e26a9310bab70cd506db210 7 | url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/backup-and-restore-sdk-1.19.45-ubuntu-jammy-1.829.tgz 8 | version: 1.19.45 9 | - path: /instance_groups/name=bosh/jobs/- 10 | type: replace 11 | value: 12 | name: database-backup-restorer 13 | properties: {} 14 | release: backup-and-restore-sdk 15 | -------------------------------------------------------------------------------- /bosh-lite-docker.yml: -------------------------------------------------------------------------------- 1 | - path: /releases/- 2 | release: bosh-docker-cpi 3 | type: replace 4 | value: 5 | name: bosh-docker-cpi 6 | sha1: a71b24b59d1e9c778803f7c41d2ecbbe1bd8d448 7 | url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bosh-docker-cpi-0.0.25-ubuntu-jammy-1.829.tgz 8 | version: 0.0.25 9 | - path: /releases/- 10 | type: replace 11 | value: 12 | name: docker 13 | sha1: dc08a8ed5e4865fd7846c4d40649a6e9fe43a6b9 14 | url: https://bosh.io/d/github.com/cppforlife/docker-release?v=0.0.2 15 | version: 0.0.2 16 | - path: /releases/name=os-conf? 17 | type: replace 18 | value: 19 | name: os-conf 20 | sha1: 78d79f08ff5001cc2a24f572837c7a9c59a0e796 21 | url: https://bosh.io/d/github.com/cloudfoundry/os-conf-release?v=18 22 | version: 18 23 | - path: /instance_groups/name=bosh/jobs/- 24 | type: replace 25 | value: 26 | name: docker_cpi 27 | properties: 28 | docker_cpi: 29 | agent: 30 | blobstore: null 31 | mbus: nats://nats:((nats_password))@10.254.50.4:4222 32 | docker: 33 | host: tcp://127.0.0.1:4243 34 | tls: ((docker_client_tls)) 35 | host_ip: 10.254.50.4 36 | release: bosh-docker-cpi 37 | - path: /instance_groups/name=bosh/jobs/- 38 | type: replace 39 | value: 40 | name: docker 41 | properties: 42 | listen_address: 127.0.0.1 43 | tls: ((docker_server_tls)) 44 | release: docker 45 | - path: /instance_groups/name=bosh/jobs/- 46 | type: replace 47 | value: 48 | name: disable_agent 49 | release: os-conf 50 | - path: /instance_groups/name=bosh/properties/director/cpi_job? 51 | type: replace 52 | value: docker_cpi 53 | - path: /variables/- 54 | type: replace 55 | value: 56 | name: docker_ca 57 | options: 58 | common_name: docker_ca 59 | is_ca: true 60 | type: certificate 61 | - path: /variables/- 62 | type: replace 63 | value: 64 | name: docker_server_tls 65 | options: 66 | alternative_names: 67 | - 127.0.0.1 68 | ca: docker_ca 69 | common_name: 127.0.0.1 70 | extended_key_usage: 71 | - server_auth 72 | type: certificate 73 | - path: /variables/- 74 | type: replace 75 | value: 76 | name: docker_client_tls 77 | options: 78 | ca: docker_ca 79 | common_name: client 80 | extended_key_usage: 81 | - client_auth 82 | type: certificate 83 | - path: /variables/name=nats_server_tls/options/alternative_names?/- 84 | type: replace 85 | value: 10.254.50.4 86 | - path: /variables/name=blobstore_server_tls/options/alternative_names/- 87 | type: replace 88 | value: 10.254.50.4 89 | -------------------------------------------------------------------------------- /bosh-lite-grootfs.yml: -------------------------------------------------------------------------------- 1 | # Now default in bosh-lite.yml. 2 | # This ops-file is temporarily here for backwards compatibility 3 | --- 4 | -------------------------------------------------------------------------------- /bosh-lite-runc.yml: -------------------------------------------------------------------------------- 1 | # Now default in bosh-lite.yml. 2 | # This ops-file is temporarily here for backwards compatibility 3 | --- 4 | -------------------------------------------------------------------------------- /bosh-lite.yml: -------------------------------------------------------------------------------- 1 | - path: /releases/- 2 | release: garden-runc 3 | type: replace 4 | value: 5 | name: garden-runc 6 | sha1: a9ea48389ecbebcf207067602a2b7a725c688ecc 7 | url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/garden-runc-1.72.0-ubuntu-jammy-1.829.tgz 8 | version: 1.72.0 9 | - path: /releases/- 10 | release: bosh-warden-cpi 11 | type: replace 12 | value: 13 | name: bosh-warden-cpi 14 | sha1: b1a5f0f07328126dfc925365481abffa58dfca52 15 | url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bosh-warden-cpi-45.0.7-ubuntu-jammy-1.829.tgz 16 | version: 45.0.7 17 | - path: /instance_groups/name=bosh/jobs/- 18 | type: replace 19 | value: 20 | name: garden 21 | release: garden-runc 22 | - path: /instance_groups/name=bosh/jobs/name=garden/properties?/garden 23 | type: replace 24 | value: 25 | allow_host_access: true 26 | containerd_mode: false 27 | debug_listen_address: 127.0.0.1:17013 28 | default_container_grace_time: 0 29 | destroy_containers_on_start: true 30 | graph_cleanup_threshold_in_mb: 0 31 | listen_address: 127.0.0.1:7777 32 | listen_network: tcp 33 | - path: /instance_groups/name=bosh/jobs/- 34 | type: replace 35 | value: 36 | name: warden_cpi 37 | release: bosh-warden-cpi 38 | - path: /instance_groups/name=bosh/properties/director/cpi_job? 39 | type: replace 40 | value: warden_cpi 41 | - path: /instance_groups/name=bosh/properties/warden_cpi? 42 | type: replace 43 | value: 44 | actions: 45 | expand_stemcell_tarball: false 46 | agent: 47 | blobstore: null 48 | mbus: nats://10.254.50.4:4222 49 | host_ip: 10.254.50.4 50 | warden: 51 | connect_address: 127.0.0.1:7777 52 | connect_network: tcp 53 | - path: /releases/name=os-conf? 54 | type: replace 55 | value: 56 | name: os-conf 57 | sha1: 78d79f08ff5001cc2a24f572837c7a9c59a0e796 58 | url: https://bosh.io/d/github.com/cloudfoundry/os-conf-release?v=18 59 | version: 18 60 | - path: /instance_groups/name=bosh/jobs/- 61 | type: replace 62 | value: 63 | name: disable_agent 64 | release: os-conf 65 | - path: /instance_groups/name=bosh/properties/director/ignore_missing_gateway? 66 | type: replace 67 | value: true 68 | - path: /instance_groups/name=bosh/properties/compiled_package_cache? 69 | type: replace 70 | value: 71 | options: 72 | blobstore_path: /var/vcap/store/director/compiled_package_cache 73 | provider: local 74 | - path: /variables/name=nats_server_tls/options/alternative_names?/- 75 | type: replace 76 | value: 10.254.50.4 77 | - path: /variables/name=blobstore_server_tls/options/alternative_names/- 78 | type: replace 79 | value: 10.254.50.4 80 | - path: /instance_groups/name=bosh/jobs/name=virtualbox_cpi? 81 | type: remove 82 | -------------------------------------------------------------------------------- /bosh.yml: -------------------------------------------------------------------------------- 1 | cloud_provider: 2 | cert: ((mbus_bootstrap_ssl)) 3 | mbus: https://mbus:((mbus_bootstrap_password))@((internal_ip)):6868 4 | properties: 5 | agent: 6 | mbus: https://mbus:((mbus_bootstrap_password))@0.0.0.0:6868 7 | disk_pools: 8 | - disk_size: 65536 9 | name: disks 10 | instance_groups: 11 | - instances: 1 12 | jobs: 13 | - name: bpm 14 | release: bpm 15 | - name: nats 16 | release: bosh 17 | - name: postgres 18 | release: bosh 19 | - name: blobstore 20 | release: bosh 21 | - name: director 22 | release: bosh 23 | - name: health_monitor 24 | release: bosh 25 | name: bosh 26 | networks: 27 | - name: default 28 | static_ips: 29 | - ((internal_ip)) 30 | persistent_disk_pool: disks 31 | properties: 32 | agent: 33 | env: 34 | bosh: 35 | blobstores: 36 | - options: 37 | endpoint: https://((internal_ip)):25250 38 | password: ((blobstore_agent_password)) 39 | tls: 40 | cert: 41 | ca: ((blobstore_server_tls.ca)) 42 | user: agent 43 | provider: dav 44 | ntp: 45 | - time1.google.com 46 | - time2.google.com 47 | - time3.google.com 48 | - time4.google.com 49 | mbus: nats://((internal_ip)):4222 50 | blobstore: 51 | address: ((internal_ip)) 52 | agent: 53 | password: ((blobstore_agent_password)) 54 | user: agent 55 | director: 56 | password: ((blobstore_director_password)) 57 | user: director 58 | port: 25250 59 | provider: dav 60 | tls: 61 | cert: 62 | ca: ((blobstore_server_tls.ca)) 63 | certificate: ((blobstore_server_tls.certificate)) 64 | private_key: ((blobstore_server_tls.private_key)) 65 | director: 66 | address: 127.0.0.1 67 | db: 68 | adapter: postgres 69 | database: bosh 70 | host: 127.0.0.1 71 | password: ((postgres_password)) 72 | user: postgres 73 | enable_dedicated_status_worker: true 74 | enable_nats_delivered_templates: true 75 | enable_post_deploy: true 76 | events: 77 | record_events: true 78 | flush_arp: true 79 | generate_vm_passwords: true 80 | local_dns: 81 | enabled: true 82 | use_dns_addresses: true 83 | name: ((director_name)) 84 | ssl: 85 | cert: ((director_ssl.certificate)) 86 | key: ((director_ssl.private_key)) 87 | user_management: 88 | local: 89 | users: 90 | - name: admin 91 | password: ((admin_password)) 92 | - name: hm 93 | password: ((hm_password)) 94 | - name: nats 95 | password: ((nats_sync_password)) 96 | provider: local 97 | workers: 4 98 | hm: 99 | director_account: 100 | ca_cert: ((director_ssl.ca)) 101 | password: ((hm_password)) 102 | user: hm 103 | resurrector_enabled: true 104 | nats: 105 | address: ((internal_ip)) 106 | director_account: 107 | ca_cert: ((director_ssl.ca)) 108 | password: ((nats_sync_password)) 109 | user: nats 110 | password: ((nats_password)) 111 | tls: 112 | ca: ((nats_server_tls.ca)) 113 | client_ca: 114 | certificate: ((nats_ca.certificate)) 115 | private_key: ((nats_ca.private_key)) 116 | director: 117 | certificate: ((nats_clients_director_tls.certificate)) 118 | private_key: ((nats_clients_director_tls.private_key)) 119 | health_monitor: 120 | certificate: ((nats_clients_health_monitor_tls.certificate)) 121 | private_key: ((nats_clients_health_monitor_tls.private_key)) 122 | server: 123 | certificate: ((nats_server_tls.certificate)) 124 | private_key: ((nats_server_tls.private_key)) 125 | user: nats 126 | postgres: 127 | adapter: postgres 128 | database: bosh 129 | host: 127.0.0.1 130 | listen_address: 127.0.0.1 131 | password: ((postgres_password)) 132 | user: postgres 133 | resource_pool: vms 134 | name: bosh 135 | networks: 136 | - name: default 137 | subnets: 138 | - dns: 139 | - 8.8.8.8 140 | gateway: ((internal_gw)) 141 | range: ((internal_cidr)) 142 | static: 143 | - ((internal_ip)) 144 | type: manual 145 | releases: 146 | - name: bosh 147 | sha1: a0e880fe48f3d9940f0e140e05751746b420040b 148 | url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bosh-282.0.4-ubuntu-jammy-1.829.tgz 149 | version: 282.0.4 150 | - name: bpm 151 | sha1: ffbca55bbb3703f86d25a219a069644730a90586 152 | url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bpm-1.4.20-ubuntu-jammy-1.829.tgz 153 | version: 1.4.20 154 | resource_pools: 155 | - env: 156 | bosh: 157 | blobstores: 158 | - options: 159 | blobstore_path: /var/vcap/micro_bosh/data/cache 160 | provider: local 161 | mbus: 162 | cert: ((mbus_bootstrap_ssl)) 163 | ntp: 164 | - time1.google.com 165 | - time2.google.com 166 | - time3.google.com 167 | - time4.google.com 168 | password: '*' 169 | name: vms 170 | network: default 171 | variables: 172 | - name: admin_password 173 | type: password 174 | - name: blobstore_director_password 175 | type: password 176 | - name: blobstore_agent_password 177 | type: password 178 | - name: hm_password 179 | type: password 180 | - name: mbus_bootstrap_password 181 | type: password 182 | - name: nats_password 183 | type: password 184 | - name: nats_sync_password 185 | type: password 186 | - name: postgres_password 187 | type: password 188 | - name: default_ca 189 | options: 190 | common_name: ca 191 | is_ca: true 192 | type: certificate 193 | - name: mbus_bootstrap_ssl 194 | options: 195 | alternative_names: 196 | - ((internal_ip)) 197 | ca: default_ca 198 | common_name: ((internal_ip)) 199 | type: certificate 200 | - name: director_ssl 201 | options: 202 | alternative_names: 203 | - ((internal_ip)) 204 | ca: default_ca 205 | common_name: ((internal_ip)) 206 | type: certificate 207 | - name: nats_ca 208 | options: 209 | common_name: default.nats-ca.bosh-internal 210 | is_ca: true 211 | type: certificate 212 | - name: nats_server_tls 213 | options: 214 | alternative_names: 215 | - ((internal_ip)) 216 | ca: nats_ca 217 | common_name: default.nats.bosh-internal 218 | extended_key_usage: 219 | - server_auth 220 | type: certificate 221 | - name: nats_clients_director_tls 222 | options: 223 | ca: nats_ca 224 | common_name: default.director.bosh-internal 225 | extended_key_usage: 226 | - client_auth 227 | type: certificate 228 | - name: nats_clients_health_monitor_tls 229 | options: 230 | ca: nats_ca 231 | common_name: default.hm.bosh-internal 232 | extended_key_usage: 233 | - client_auth 234 | type: certificate 235 | - name: blobstore_ca 236 | options: 237 | common_name: default.blobstore-ca.bosh-internal 238 | is_ca: true 239 | type: certificate 240 | - name: blobstore_server_tls 241 | options: 242 | alternative_names: 243 | - ((internal_ip)) 244 | ca: blobstore_ca 245 | common_name: ((internal_ip)) 246 | type: certificate 247 | -------------------------------------------------------------------------------- /ci/assets/bosh-lite-gcp/create-director.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | bosh create-env \ 3 | ${BBL_STATE_DIR}/bosh-deployment/bosh.yml \ 4 | --state ${BBL_STATE_DIR}/vars/bosh-state.json \ 5 | --vars-store ${BBL_STATE_DIR}/vars/director-vars-store.yml \ 6 | --vars-file ${BBL_STATE_DIR}/vars/director-vars-file.yml \ 7 | -o ${BBL_STATE_DIR}/bosh-deployment/gcp/cpi.yml \ 8 | -o ${BBL_STATE_DIR}/bosh-deployment/bosh-lite.yml \ 9 | -o ${BBL_STATE_DIR}/bosh-deployment/bosh-lite-runc.yml \ 10 | -o ${BBL_STATE_DIR}/bosh-deployment/jumpbox-user.yml \ 11 | -o ${BBL_STATE_DIR}/bosh-deployment/uaa.yml \ 12 | -o ${BBL_STATE_DIR}/bosh-deployment/credhub.yml \ 13 | -o ${BBL_STATE_DIR}/bbl-ops-files/gcp/bosh-director-ephemeral-ip-ops.yml \ 14 | --var-file gcp_credentials_json="${BBL_GCP_SERVICE_ACCOUNT_KEY_PATH}" \ 15 | -v project_id="${BBL_GCP_PROJECT_ID}" \ 16 | -v zone="${BBL_GCP_ZONE}" 17 | -------------------------------------------------------------------------------- /ci/assets/zookeeper.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: zookeeper 3 | 4 | releases: 5 | - name: zookeeper 6 | version: 0.0.10 7 | url: git+https://github.com/cppforlife/zookeeper-release 8 | 9 | stemcells: 10 | - alias: default 11 | os: ubuntu-jammy 12 | version: latest 13 | 14 | update: 15 | canaries: 2 16 | max_in_flight: 1 17 | canary_watch_time: 5000-60000 18 | update_watch_time: 5000-60000 19 | 20 | instance_groups: 21 | - name: zookeeper 22 | azs: [z1, z2, z3] 23 | instances: 5 24 | jobs: 25 | - name: zookeeper 26 | release: zookeeper 27 | provides: 28 | conn: {shared: true} 29 | consumes: 30 | peers: {ip_addresses: true} 31 | properties: {} 32 | - name: status 33 | release: zookeeper 34 | properties: {} 35 | vm_type: default 36 | stemcell: default 37 | persistent_disk: 10240 38 | networks: 39 | - name: default 40 | 41 | - name: smoke-tests 42 | azs: [z1] 43 | lifecycle: errand 44 | instances: 1 45 | jobs: 46 | - name: smoke-tests 47 | release: zookeeper 48 | properties: {} 49 | vm_type: default 50 | stemcell: default 51 | networks: 52 | - name: default 53 | -------------------------------------------------------------------------------- /ci/configure.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -eu 4 | 5 | fly -t bosh set-pipeline -p bosh-deployment \ 6 | -c ci/pipeline.yml 7 | -------------------------------------------------------------------------------- /ci/tasks/bbl-down-bosh-lite-gcp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | bbl_down() { 4 | bbl --debug down --no-confirm 5 | } 6 | 7 | pushd "${PWD}/bbl-state" 8 | bbl_down 9 | popd 10 | -------------------------------------------------------------------------------- /ci/tasks/bbl-down-bosh-lite-gcp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: cloudfoundry/cf-deployment-concourse-tasks 8 | 9 | inputs: 10 | - name: bosh-deployment 11 | - name: bbl-state 12 | 13 | params: 14 | BBL_GCP_SERVICE_ACCOUNT_KEY: replace-me 15 | BBL_IAAS: gcp 16 | BBL_GCP_REGION: replace-me 17 | 18 | run: 19 | path: bosh-deployment/ci/tasks/bbl-down-bosh-lite-gcp.sh 20 | -------------------------------------------------------------------------------- /ci/tasks/bbl-up-bosh-lite-gcp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | bbl_up() { 4 | bbl plan 5 | rm -rf bosh-deployment 6 | cp -rfp "${bosh_deployment}" . 7 | cp "${bosh_deployment}/ci/assets/bosh-lite-gcp/create-director.sh" ./create-director.sh 8 | 9 | rm cloud-config/* 10 | cp "${bosh_deployment}/warden/cloud-config.yml" cloud-config/cloud-config.yml 11 | touch cloud-config/ops.yml 12 | bbl --debug up 13 | } 14 | 15 | bosh_deployment="$PWD/bosh-deployment" 16 | 17 | pushd "${PWD}/bbl-state" 18 | bbl_up 19 | popd 20 | -------------------------------------------------------------------------------- /ci/tasks/bbl-up-bosh-lite-gcp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: cloudfoundry/cf-deployment-concourse-tasks 8 | 9 | inputs: 10 | - name: bosh-deployment 11 | 12 | outputs: 13 | - name: bbl-state 14 | 15 | params: 16 | BBL_GCP_SERVICE_ACCOUNT_KEY: replace-me 17 | BBL_IAAS: gcp 18 | BBL_GCP_REGION: replace-me 19 | 20 | run: 21 | path: bosh-deployment/ci/tasks/bbl-up-bosh-lite-gcp.sh 22 | -------------------------------------------------------------------------------- /ci/tasks/echo-skip-upload-message.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: bosh/docker-cpi 8 | 9 | run: 10 | path: /bin/bash 11 | args: 12 | - -exc 13 | - | 14 | echo "No new asset was detected. Skipping commit so we avoid checksum mismatches." 15 | -------------------------------------------------------------------------------- /ci/tasks/is-there-new-asset.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: bosh/docker-cpi 8 | 9 | inputs: 10 | - name: bosh-deployment 11 | 12 | 13 | run: 14 | path: /bin/bash 15 | args: 16 | - -exc 17 | - | 18 | cd ./bosh-deployment 19 | git show > /tmp/git-show.patch 20 | cat /tmp/git-show.patch 21 | grep "^+[[:space:]]*url:" /tmp/git-show.patch 22 | exit $? 23 | -------------------------------------------------------------------------------- /ci/tasks/shared/bosh-agent-compile.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: registry-image 6 | source: 7 | repository: ghcr.io/cloudfoundry/ubuntu-jammy-stemcell 8 | 9 | inputs: 10 | - name: release 11 | 12 | outputs: 13 | - name: compiled-release 14 | 15 | run: 16 | path: /bin/bash 17 | args: 18 | - -exc 19 | - | 20 | /var/vcap/bosh/bin/bosh-agent compile --output-directory compiled-release release/*.tgz -------------------------------------------------------------------------------- /ci/tasks/test-bosh-lite-gcp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 4 | URL=$(cat stemcell/url) 5 | SHA1=$(cat stemcell/sha1) 6 | 7 | pushd "${PWD}/bbl-state" 8 | set +x 9 | eval "$(bbl print-env)" 10 | set -x 11 | 12 | bosh upload-stemcell --sha1 "$SHA1" "$URL" 13 | 14 | echo "-----> `date`: Deploy" 15 | bosh -n -d zookeeper deploy "${script_dir}/../assets/zookeeper.yml" \ 16 | -o bosh-deployment/tests/cred-test.yml 17 | 18 | echo "-----> `date`: Exercise deployment" 19 | bosh -n -d zookeeper run-errand smoke-tests 20 | 21 | echo "-----> `date`: Exercise deployment" 22 | bosh -n -d zookeeper recreate 23 | 24 | echo "-----> `date`: Clean up disks, etc." 25 | bosh -n -d zookeeper clean-up --all 26 | popd 27 | -------------------------------------------------------------------------------- /ci/tasks/test-bosh-lite-gcp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: cloudfoundry/cf-deployment-concourse-tasks 8 | 9 | inputs: 10 | - name: bosh-deployment 11 | - name: bbl-state 12 | - name: stemcell 13 | 14 | run: 15 | path: bosh-deployment/ci/tasks/test-bosh-lite-gcp.sh 16 | -------------------------------------------------------------------------------- /ci/tasks/test-main-bosh-lite.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 6 | bosh_deployment="${PWD}/bosh-deployment" 7 | rm -rf "/usr/local/bosh-deployment" 8 | cp -r "${PWD}/bosh-deployment" "/usr/local/bosh-deployment" 9 | 10 | export USE_LOCAL_RELEASES=false 11 | . start-bosh 12 | . /tmp/local-bosh/director/env 13 | 14 | URL=$(cat stemcell/url) 15 | SHA1=$(cat stemcell/sha1) 16 | 17 | bosh upload-stemcell --sha1 "$SHA1" "$URL" 18 | 19 | bosh -n update-runtime-config "${bosh_deployment}/runtime-configs/dns.yml" 20 | 21 | echo "-----> `date`: Deploy" 22 | bosh -n -d zookeeper deploy "${script_dir}/../assets/zookeeper.yml" 23 | 24 | echo "-----> `date`: Exercise deployment" 25 | bosh -n -d zookeeper run-errand smoke-tests 26 | 27 | echo "-----> `date`: Exercise deployment" 28 | bosh -n -d zookeeper recreate 29 | 30 | echo "-----> `date`: Clean up disks, etc." 31 | bosh -n -d zookeeper clean-up --all 32 | -------------------------------------------------------------------------------- /ci/tasks/test-main-bosh-lite.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: bosh/warden-cpi 8 | 9 | inputs: 10 | - name: bosh-deployment 11 | - name: stemcell 12 | 13 | run: 14 | path: bosh-deployment/ci/tasks/test-main-bosh-lite.sh 15 | -------------------------------------------------------------------------------- /ci/tasks/test-smoke.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -eux 2 | 3 | pushd bosh-deployment/tests 4 | ./run-checks.sh 5 | popd 6 | -------------------------------------------------------------------------------- /ci/tasks/test-smoke.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: bosh/docker-cpi 8 | 9 | inputs: 10 | - name: bosh-deployment 11 | 12 | run: 13 | path: bosh-deployment/ci/tasks/test-smoke.sh 14 | -------------------------------------------------------------------------------- /ci/tasks/update-cpi.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euxo pipefail 4 | 5 | . $(dirname $0)/utils.sh 6 | 7 | if [[ "${GITHUB_RELEASE}" == "true" ]]; then 8 | cpi_file=$(cd cpi; ls *.tgz) 9 | 10 | URL="$(cat cpi/url | sed -e 's/tag/download/g')/${cpi_file}" 11 | SHA=$(shasum cpi/${cpi_file} | cut -d' ' -f1) 12 | VERSION=$(cat cpi/version | sed 's/v//g') 13 | else 14 | URL=$(cat cpi/url) 15 | SHA=$(cat cpi/sha1) 16 | VERSION=$(cat cpi/version) 17 | fi 18 | 19 | git clone bosh-deployment bosh-deployment-output 20 | 21 | UPDATE_CPI_OPS_FILE=$(make_cpi_opsfile $CPI_NAME $VERSION $URL $SHA) 22 | 23 | bosh int bosh-deployment/${CPI_OPS_FILE} -o $UPDATE_CPI_OPS_FILE > bosh-deployment-output/${CPI_OPS_FILE} 24 | 25 | pushd $PWD/bosh-deployment-output 26 | git_commit "Bumping CPI $CPI_NAME to version $VERSION" 27 | popd 28 | -------------------------------------------------------------------------------- /ci/tasks/update-cpi.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: bosh/docker-cpi 8 | 9 | inputs: 10 | - name: bosh-deployment 11 | - name: cpi 12 | 13 | params: 14 | CPI_OPS_FILE: ~ 15 | CPI_NAME: ~ 16 | GITHUB_RELEASE: false 17 | 18 | outputs: 19 | - name: bosh-deployment 20 | path: bosh-deployment-output 21 | 22 | run: 23 | path: bosh-deployment/ci/tasks/update-cpi.sh 24 | -------------------------------------------------------------------------------- /ci/tasks/update-release.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -eux 2 | 3 | . $(dirname $0)/utils.sh 4 | 5 | tar -xzf release/*.tgz $(tar -tzf release/*.tgz | grep 'release.MF') 6 | RELEASE_NAME="$(bosh int release.MF --path /name)" 7 | VERSION="$(bosh int release.MF --path /version)" 8 | SHA="$(sha1sum release/*.tgz | cut -d' ' -f1)" 9 | 10 | git clone bosh-deployment bosh-deployment-output 11 | 12 | if [[ `grep compiled_packages release.MF` ]]; then 13 | TARBALL_NAME="$(basename release/*.tgz)" 14 | URL="https://s3.amazonaws.com/bosh-compiled-release-tarballs/${TARBALL_NAME}" 15 | else 16 | URL="https://bosh.io/d/github.com/${BOSH_IO_RELEASE}?v=${VERSION}" 17 | test_bosh_io_release_exists $URL 18 | fi 19 | 20 | if [[ $UPDATING_BASE_MANIFEST == "true" ]]; then 21 | UPDATE_RELEASE_OPSFILE=$(make_base_manifest_release_opsfile $RELEASE_NAME $VERSION $URL $SHA) 22 | else 23 | UPDATE_RELEASE_OPSFILE=$(make_release_opsfile $RELEASE_NAME $VERSION $URL $SHA) 24 | fi 25 | 26 | bosh int bosh-deployment/${FILE_TO_UPDATE} -o $UPDATE_RELEASE_OPSFILE > bosh-deployment-output/${FILE_TO_UPDATE} 27 | 28 | pushd $PWD/bosh-deployment-output 29 | git_commit "Bumping $RELEASE_NAME to version $VERSION" 30 | popd 31 | -------------------------------------------------------------------------------- /ci/tasks/update-release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: bosh/docker-cpi 8 | 9 | params: 10 | UPDATING_BASE_MANIFEST: false 11 | FILE_TO_UPDATE: ~ 12 | BOSH_IO_RELEASE: ~ 13 | 14 | inputs: 15 | - name: bosh-deployment 16 | - name: release 17 | 18 | outputs: 19 | - name: bosh-deployment 20 | path: bosh-deployment-output 21 | 22 | run: 23 | path: bosh-deployment/ci/tasks/update-release.sh 24 | -------------------------------------------------------------------------------- /ci/tasks/update-stemcell.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euxo pipefail 4 | 5 | . $(dirname $0)/utils.sh 6 | 7 | URL=$(cat stemcell/url) 8 | SHA=$(cat stemcell/sha1) 9 | VERSION=$(cat stemcell/version) 10 | 11 | git clone bosh-deployment bosh-deployment-output 12 | 13 | UPDATE_STEMCELL_OPSFILE=$(make_stemcell_opsfile $URL $SHA) 14 | 15 | bosh int bosh-deployment/${CPI_OPS_FILE} -o $UPDATE_STEMCELL_OPSFILE > bosh-deployment-output/${CPI_OPS_FILE} 16 | 17 | pushd $PWD/bosh-deployment-output 18 | git_commit "Bumping Stemcell $STEMCELL_NAME to version $VERSION" 19 | popd 20 | -------------------------------------------------------------------------------- /ci/tasks/update-stemcell.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: bosh/docker-cpi 8 | 9 | inputs: 10 | - name: bosh-deployment 11 | - name: stemcell 12 | 13 | params: 14 | CPI_OPS_FILE: ~ 15 | STEMCELL_NAME: ~ 16 | 17 | outputs: 18 | - name: bosh-deployment 19 | path: bosh-deployment-output 20 | 21 | run: 22 | path: bosh-deployment/ci/tasks/update-stemcell.sh 23 | -------------------------------------------------------------------------------- /ci/tasks/utils.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -eux 2 | 3 | test_bosh_io_release_exists() { 4 | BOSH_IO_URL=$1 5 | echo "Testing source release url: ${BOSH_IO_URL}" 6 | if ! curl --output /dev/null --silent --head --fail "$BOSH_IO_URL"; then exit 1; fi 7 | } 8 | 9 | git_commit() { 10 | MESSAGE=$1 11 | 12 | git diff | cat 13 | git add -A 14 | git config --global user.email "ci@localhost" 15 | git config --global user.name "CI Bot" 16 | git diff-index --quiet HEAD || git commit -m "$MESSAGE" 17 | } 18 | 19 | make_update_patch() { 20 | NAME=$1 21 | VERSION=$2 22 | URL=$3 23 | SHA=$4 24 | PATCH_PATH=$5 25 | 26 | cat << EOF 27 | --- 28 | - type: replace 29 | path: ${PATCH_PATH} 30 | value: 31 | name: ${NAME} 32 | sha1: ${SHA} 33 | url: ${URL} 34 | version: ${VERSION} 35 | EOF 36 | } 37 | 38 | make_cpi_opsfile() { 39 | make_update_patch "$@" "/name=cpi/value" > update-cpi-ops.yml 40 | echo update-cpi-ops.yml 41 | } 42 | 43 | make_release_opsfile() { 44 | NAME=$1 45 | make_update_patch "$@" "/release=${NAME}/value" > update-release-ops.yml 46 | echo update-release-ops.yml 47 | } 48 | 49 | make_base_manifest_release_opsfile() { 50 | NAME=$1 51 | make_update_patch "$@" "/releases/name=${NAME}" > update-base-release-ops.yml 52 | echo update-base-release-ops.yml 53 | } 54 | 55 | make_stemcell_opsfile() { 56 | URL=$1 57 | SHA=$2 58 | 59 | cat << EOF > update_stemcell_ops.yml 60 | --- 61 | - type: replace 62 | path: /name=stemcell/value 63 | value: 64 | sha1: ${SHA} 65 | url: ${URL} 66 | EOF 67 | 68 | echo update_stemcell_ops.yml 69 | } 70 | -------------------------------------------------------------------------------- /cloudstack/auto-anti-affinity.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/cloudstack/enable_auto_anti_affinity? 4 | value: true 5 | -------------------------------------------------------------------------------- /cloudstack/cpi.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: cpi 4 | path: /releases/- 5 | type: replace 6 | value: 7 | name: bosh-go-cpi-cloudstack 8 | sha1: cdfb6b605b05024895358ec5a9f36b45f0e2a70f 9 | url: https://github.com/orange-cloudfoundry/bosh-go-cpi-cloudstack/releases/download/v2.3.0/bosh-go-cpi-cloudstack-2.3.0.tgz 10 | version: 2.3.0 11 | 12 | - name: stemcell 13 | path: /resource_pools/name=vms/stemcell? 14 | type: replace 15 | value: 16 | # currently the stemcells are not released to bosh.io and you need to build them yourself 17 | # you are welcome to submit a request (or make yourself known in https://github.com/cloudfoundry/bosh-linux-stemcell-builder/pull/175) 18 | url: ((stemcell_url)) 19 | sha1: ((stemcell_sha1)) 20 | 21 | # Configure sizes 22 | - type: replace 23 | path: /resource_pools/name=vms/cloud_properties? 24 | value: 25 | disk: 20_000 26 | 27 | - type: replace 28 | path: /networks/name=default/subnets/0/cloud_properties? 29 | value: 30 | name: ((network_name)) 31 | 32 | # Add CPI job 33 | - path: /instance_groups/name=bosh/jobs/- 34 | type: replace 35 | value: &cpi_job 36 | name: cloudstack_cpi 37 | release: bosh-go-cpi-cloudstack 38 | 39 | # Configure sizes 40 | - type: replace 41 | path: /resource_pools/name=vms/cloud_properties? 42 | value: 43 | compute_offering: ((cloudstack_compute_offering)) 44 | disk: 25_000 45 | ephemeral_disk_offering: shared.custom 46 | root_disk_size: 15_000 47 | 48 | - type: replace 49 | path: /disk_pools/name=disks/cloud_properties? 50 | value: 51 | disk_offering: shared.custom 52 | 53 | - type: replace 54 | path: /instance_groups/name=bosh/properties/director/cpi_job? 55 | value: cloudstack_cpi 56 | 57 | - type: replace 58 | path: /cloud_provider/template? 59 | value: *cpi_job 60 | 61 | - type: replace 62 | path: /instance_groups/name=bosh/properties/cloudstack? 63 | value: &cloudstack 64 | endpoint: ((cloudstack_endpoint)) 65 | api_key: ((cloudstack_api_key)) 66 | secret_access_key: ((cloudstack_secret_access_key)) 67 | default_key_name: ((cloudstack_default_key_name)) 68 | default_zone: ((cloudstack_zone)) 69 | 70 | - type: replace 71 | path: /instance_groups/name=bosh/properties/agent/blobstore? 72 | value: 73 | provider: dav 74 | options: 75 | endpoint: http://((internal_ip)):25250 76 | user: agent 77 | password: ((blobstore_agent_password)) 78 | tls: 79 | cert: 80 | ca: ((blobstore_ca.certificate)) 81 | 82 | - type: replace 83 | path: /cloud_provider/properties/agent/blobstore? 84 | value: 85 | provider: local 86 | options: 87 | blobstore_path: /var/vcap/micro_bosh/data/cache 88 | 89 | - path: /cloud_provider/properties/cloudstack? 90 | type: replace 91 | value: *cloudstack 92 | -------------------------------------------------------------------------------- /credhub.yml: -------------------------------------------------------------------------------- 1 | - path: /releases/- 2 | release: credhub 3 | type: replace 4 | value: 5 | name: credhub 6 | sha1: 3009b6d92eff55a267fb506576919836f81c1003 7 | url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/credhub-2.14.2-ubuntu-jammy-1.829.tgz 8 | version: 2.14.2 9 | - path: /instance_groups/name=bosh/jobs/- 10 | type: replace 11 | value: 12 | name: credhub 13 | properties: 14 | credhub: 15 | authentication: 16 | uaa: 17 | ca_certs: 18 | - ((uaa_ssl.ca)) 19 | url: https://((internal_ip)):8443 20 | verification_key: ((uaa_jwt_signing_key.public_key)) 21 | authorization: 22 | acls: 23 | enabled: false 24 | certificates: 25 | concatenate_cas: true 26 | data_storage: 27 | database: credhub 28 | host: 127.0.0.1 29 | password: ((postgres_password)) 30 | port: 5432 31 | require_tls: false 32 | type: postgres 33 | username: postgres 34 | encryption: 35 | keys: 36 | - active: true 37 | key_properties: 38 | encryption_password: ((credhub_encryption_password)) 39 | provider_name: internal 40 | providers: 41 | - name: internal 42 | type: internal 43 | tls: ((credhub_tls)) 44 | release: credhub 45 | - path: /instance_groups/name=bosh/properties/postgres/additional_databases?/- 46 | type: replace 47 | value: credhub 48 | - path: /instance_groups/name=bosh/properties/director/config_server? 49 | type: replace 50 | value: 51 | ca_cert: ((credhub_tls.ca)) 52 | enabled: true 53 | uaa: 54 | ca_cert: ((uaa_ssl.ca)) 55 | client_id: director_to_credhub 56 | client_secret: ((uaa_clients_director_to_credhub)) 57 | url: https://((internal_ip)):8443 58 | url: https://((internal_ip)):8844/api/ 59 | - path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/clients/director_to_credhub? 60 | type: replace 61 | value: 62 | access-token-validity: 3600 63 | authorities: credhub.read,credhub.write 64 | authorized-grant-types: client_credentials 65 | override: true 66 | scope: "" 67 | secret: ((uaa_clients_director_to_credhub)) 68 | - path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/clients/credhub_cli? 69 | type: replace 70 | value: 71 | access-token-validity: 60 72 | authorities: "" 73 | authorized-grant-types: password,refresh_token 74 | override: true 75 | refresh-token-validity: 1800 76 | scope: credhub.read,credhub.write 77 | secret: "" 78 | - path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/clients/credhub-admin? 79 | type: replace 80 | value: 81 | access-token-validity: 3600 82 | authorities: credhub.read,credhub.write 83 | authorized-grant-types: client_credentials 84 | override: true 85 | scope: "" 86 | secret: ((credhub_admin_client_secret)) 87 | - path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/scim/users/name=credhub_cli_user?/password 88 | type: replace 89 | value: ((credhub_cli_user_password)) 90 | - path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/scim/users/name=credhub_cli_user?/groups 91 | type: replace 92 | value: 93 | - credhub.read 94 | - credhub.write 95 | - path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/jwt/revocable? 96 | type: replace 97 | value: true 98 | - path: /instance_groups/name=bosh/jobs/- 99 | type: replace 100 | value: 101 | name: bbr-credhubdb 102 | properties: 103 | credhub: 104 | data_storage: 105 | database: credhub 106 | host: 127.0.0.1 107 | password: ((postgres_password)) 108 | port: 5432 109 | require_tls: false 110 | type: postgres 111 | username: postgres 112 | release_level_backup: true 113 | release: credhub 114 | - path: /variables/- 115 | type: replace 116 | value: 117 | name: credhub_cli_user_password 118 | type: password 119 | - path: /variables/- 120 | type: replace 121 | value: 122 | name: credhub_ca 123 | options: 124 | common_name: CredHub CA 125 | is_ca: true 126 | type: certificate 127 | - path: /variables/- 128 | type: replace 129 | value: 130 | name: credhub_tls 131 | options: 132 | alternative_names: 133 | - ((internal_ip)) 134 | ca: credhub_ca 135 | common_name: ((internal_ip)) 136 | type: certificate 137 | - path: /variables/- 138 | type: replace 139 | value: 140 | name: credhub_encryption_password 141 | type: password 142 | - path: /variables/- 143 | type: replace 144 | value: 145 | name: uaa_clients_director_to_credhub 146 | type: password 147 | - path: /variables/- 148 | type: replace 149 | value: 150 | name: credhub_admin_client_secret 151 | type: password 152 | -------------------------------------------------------------------------------- /docker/cloud-config.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | - name: z2 4 | - name: z3 5 | 6 | vm_types: 7 | - name: default 8 | 9 | disk_types: 10 | - name: default 11 | disk_size: 1024 12 | 13 | networks: 14 | - name: default 15 | type: manual 16 | subnets: 17 | - azs: [z1, z2, z3] 18 | range: 10.245.0.0/16 19 | dns: [8.8.8.8] 20 | # IPs that will not be used for anything 21 | reserved: [10.245.0.2-10.245.0.10] 22 | gateway: 10.245.0.1 23 | static: [10.245.0.34] 24 | cloud_properties: 25 | name: ((network)) 26 | 27 | vm_extensions: 28 | - name: all_ports 29 | cloud_properties: 30 | ports: 31 | - 22/tcp 32 | 33 | compilation: 34 | workers: 5 35 | az: z1 36 | reuse_compilation_vms: true 37 | vm_type: default 38 | network: default 39 | -------------------------------------------------------------------------------- /docker/cpi-secondary.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /releases/- 4 | value: 5 | name: bosh-docker-cpi 6 | version: "0.0.5" 7 | url: https://bosh.io/d/github.com/cppforlife/bosh-docker-cpi-release?v=0.0.5 8 | sha1: 075bc0264d2548173da55a40127757ae962a25b1 9 | 10 | - type: replace 11 | path: /instance_groups/name=bosh/jobs/- 12 | value: 13 | name: docker_cpi 14 | release: bosh-docker-cpi 15 | 16 | # unused values should be overwritten via Director's cpi config 17 | - type: replace 18 | path: /instance_groups/name=bosh/properties/docker_cpi? 19 | value: 20 | docker: 21 | host: unused 22 | tls: 23 | ca: unused 24 | certificate: unused 25 | private_key: unused 26 | agent: 27 | mbus: nats://((internal_ip)):4222 28 | blobstore: null 29 | -------------------------------------------------------------------------------- /docker/cpi.yml: -------------------------------------------------------------------------------- 1 | - name: cpi 2 | path: /releases/- 3 | type: replace 4 | value: 5 | name: bosh-docker-cpi 6 | sha1: 0cdb5b4d26125ac240dfd85ca2d0c1aa7fb1ea56 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-docker-cpi-release?v=0.0.25 8 | version: 0.0.25 9 | - name: stemcell 10 | path: /resource_pools/name=vms/stemcell? 11 | type: replace 12 | value: 13 | sha1: a3236a15beb8d518283366e9904b0e29d330c36f 14 | url: https://storage.googleapis.com/bosh-core-stemcells/1.829/bosh-stemcell-1.829-warden-boshlite-ubuntu-jammy-go_agent.tgz 15 | - path: /networks/name=default/subnets/0/cloud_properties? 16 | type: replace 17 | value: 18 | name: ((network)) 19 | - path: /resource_pools/name=vms/cloud_properties? 20 | type: replace 21 | value: 22 | ports: 23 | - 22/tcp 24 | - 6868/tcp 25 | - 25555/tcp 26 | - 4222/tcp 27 | - 25250/tcp 28 | - 8443/tcp 29 | - 8080/tcp 30 | - path: /instance_groups/name=bosh/jobs/- 31 | type: replace 32 | value: 33 | name: docker_cpi 34 | release: bosh-docker-cpi 35 | - path: /instance_groups/name=bosh/properties/director/cpi_job? 36 | type: replace 37 | value: docker_cpi 38 | - path: /cloud_provider/template? 39 | type: replace 40 | value: 41 | name: docker_cpi 42 | release: bosh-docker-cpi 43 | - path: /instance_groups/name=bosh/properties/docker_cpi? 44 | type: replace 45 | value: 46 | agent: 47 | blobstore: null 48 | mbus: nats://((internal_ip)):4222 49 | docker: 50 | host: ((docker_host)) 51 | tls: ((docker_tls)) 52 | - path: /cloud_provider/properties/docker_cpi? 53 | type: replace 54 | value: 55 | agent: 56 | mbus: https://mbus:((mbus_bootstrap_password))@0.0.0.0:6868 57 | docker: 58 | host: ((docker_host)) 59 | tls: ((docker_tls)) 60 | -------------------------------------------------------------------------------- /docker/ipv6/cpi.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/properties/docker_cpi/agent/mbus 3 | value: "nats://[((internal_ip))]:4222" 4 | -------------------------------------------------------------------------------- /docker/unix-sock.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /resource_pools/name=vms/cloud_properties/mounts?/- 3 | value: 4 | type: bind 5 | source: ((docker_host)) 6 | target: /var/run/docker.sock # Place into location that's not bosh managed 7 | 8 | - type: replace 9 | path: /instance_groups/name=bosh/properties/docker_cpi/docker/host 10 | value: unix:///var/run/docker.sock 11 | 12 | - type: remove 13 | path: /instance_groups/name=bosh/properties/docker_cpi/docker/tls 14 | 15 | - type: remove 16 | path: /cloud_provider/properties/docker_cpi/docker/tls 17 | -------------------------------------------------------------------------------- /docker/use-bionic.yml: -------------------------------------------------------------------------------- 1 | - name: stemcell 2 | path: /resource_pools/name=vms/stemcell? 3 | type: replace 4 | value: 5 | sha1: 22a3efed13dbd16f8949c5a03a1e628e1fb1c16d 6 | url: https://storage.googleapis.com/bosh-core-stemcells/1.204/bosh-stemcell-1.204-warden-boshlite-ubuntu-bionic-go_agent.tgz 7 | -------------------------------------------------------------------------------- /docs/bosh-lite-on-vbox.md: -------------------------------------------------------------------------------- 1 | ## BOSH Lite on VirtualBox 2 | 3 | Instructions moved to . 4 | -------------------------------------------------------------------------------- /docs/jumpbox-user.md: -------------------------------------------------------------------------------- 1 | ## Jumpbox User 2 | 3 | Instructions moved to . 4 | -------------------------------------------------------------------------------- /enable-signed-urls.yml: -------------------------------------------------------------------------------- 1 | misc/blobstore-signed-urls.yml -------------------------------------------------------------------------------- /experimental/blobstore-https-bosh-lite.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudfoundry/bosh-deployment/768a9f39ea6d7284ca3a77df2cd988f67a9d82d5/experimental/blobstore-https-bosh-lite.yml -------------------------------------------------------------------------------- /experimental/blobstore-https.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudfoundry/bosh-deployment/768a9f39ea6d7284ca3a77df2cd988f67a9d82d5/experimental/blobstore-https.yml -------------------------------------------------------------------------------- /experimental/bpm.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudfoundry/bosh-deployment/768a9f39ea6d7284ca3a77df2cd988f67a9d82d5/experimental/bpm.yml -------------------------------------------------------------------------------- /experimental/db-enable-mutual-tls.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # To use this OPS file, you need to specify experimental/db-enable-tls.yml first; 3 | # it will enable TLS, a prerequisite for Mutual TLS 4 | 5 | - type: replace 6 | path: /instance_groups/name=bosh/properties/director/db/tls/cert/certificate? 7 | value: ((db_client_certificate)) 8 | 9 | - type: replace 10 | path: /instance_groups/name=bosh/properties/director/db/tls/cert/private_key? 11 | value: ((db_client_private_key)) 12 | -------------------------------------------------------------------------------- /experimental/db-enable-tls.yml: -------------------------------------------------------------------------------- 1 | 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/director/db/tls? 4 | value: 5 | enabled: true 6 | cert: 7 | ca: ((db_ca)) 8 | -------------------------------------------------------------------------------- /experimental/db-gcp-postgres-connection-options.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # We need to set sslmode to verify-ca because cloudsql does NOT provide 3 | # the FQDN in the DB server certificate; thus cannot do hostname verification. 4 | # 5 | # pool_timeout, statement_timeout, connect_timeout are in seconds. 6 | 7 | - type: replace 8 | path: /instance_groups/name=bosh/properties/director/db/connection_options? 9 | value: 10 | sslmode: verify-ca 11 | pool_timeout: ((postgres_db_pool_timeout)) 12 | statement_timeout: ((postgres_db_statement_timeout)) 13 | connect_timeout: ((postgres_db_connect_timeout)) 14 | -------------------------------------------------------------------------------- /experimental/db-mysql-connection-options.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an optional ops-file. 3 | # read_timeout, write_timeout, connect_timeout are in seconds 4 | 5 | - type: replace 6 | path: /instance_groups/name=bosh/properties/director/db/connection_options? 7 | value: 8 | read_timeout: ((mysql_db_read_timeout)) 9 | write_timeout: ((mysql_db_write_timeout)) 10 | connect_timeout: ((mysql_db_connect_timeout)) 11 | -------------------------------------------------------------------------------- /experimental/db-postgres-connection-options.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an optional ops-file. 3 | # pool_timeout, statement_timeout, connect_timeout are in seconds 4 | 5 | - type: replace 6 | path: /instance_groups/name=bosh/properties/director/db/connection_options? 7 | value: 8 | pool_timeout: ((postgres_db_pool_timeout)) 9 | statement_timeout: ((postgres_db_statement_timeout)) 10 | connect_timeout: ((postgres_db_connect_timeout)) 11 | -------------------------------------------------------------------------------- /experimental/dns-addon-with-api-certificates.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /experimental/enable-metrics.yml: -------------------------------------------------------------------------------- 1 | - path: /instance_groups/name=bosh/properties/director/metrics_server?/enabled 2 | type: replace 3 | value: true 4 | - path: /instance_groups/name=bosh/properties/director/metrics_server?/tls/ca 5 | type: replace 6 | value: ((metrics_server_tls.ca)) 7 | - path: /instance_groups/name=bosh/properties/director/metrics_server?/tls/certificate 8 | type: replace 9 | value: ((metrics_server_tls.certificate)) 10 | - path: /instance_groups/name=bosh/properties/director/metrics_server?/tls/private_key 11 | type: replace 12 | value: ((metrics_server_tls.private_key)) 13 | 14 | # metrics_server ca 15 | - path: /variables/name=metrics_server_ca? 16 | type: replace 17 | value: 18 | name: metrics_server_ca 19 | type: certificate 20 | options: 21 | common_name: bosh-metrics-server 22 | is_ca: true 23 | 24 | # metrics_server server certs 25 | - path: /variables/name=metrics_server_tls? 26 | type: replace 27 | value: 28 | name: metrics_server_tls 29 | type: certificate 30 | options: 31 | alternative_names: 32 | - ((internal_ip)) 33 | ca: metrics_server_ca 34 | extended_key_usage: 35 | - server_auth 36 | 37 | # metrics_server client certs 38 | - path: /variables/name=metrics_server_client_tls? 39 | type: replace 40 | value: 41 | name: metrics_server_client_tls 42 | type: certificate 43 | options: 44 | ca: metrics_server_ca 45 | extended_key_usage: 46 | - client_auth 47 | -------------------------------------------------------------------------------- /experimental/local-bosh-release-tarball.yml: -------------------------------------------------------------------------------- 1 | # Use local bosh release tarball -- useful for testing 2 | 3 | - type: replace 4 | path: /releases/name=bosh? 5 | value: 6 | name: bosh 7 | url: file://((local_bosh_release_tarball)) 8 | -------------------------------------------------------------------------------- /experimental/ntp-agent-env.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/properties/agent/env?/bosh/ntp 3 | value: 4 | - time1.google.com 5 | - time2.google.com 6 | - time3.google.com 7 | - time4.google.com -------------------------------------------------------------------------------- /experimental/postgres-10.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/jobs/name=postgres? 4 | value: 5 | name: postgres-10 6 | release: bosh 7 | -------------------------------------------------------------------------------- /experimental/registry-db-enable-tls.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudfoundry/bosh-deployment/768a9f39ea6d7284ca3a77df2cd988f67a9d82d5/experimental/registry-db-enable-tls.yml -------------------------------------------------------------------------------- /external-ip-not-recommended-uaa.yml: -------------------------------------------------------------------------------- 1 | # WARNING: We do not recommend to expose UAA and any other services over public addresses. 2 | 3 | - type: replace 4 | path: /variables/name=uaa_ssl/options/alternative_names/- 5 | value: ((external_ip)) 6 | 7 | - type: replace 8 | path: /variables/name=uaa_service_provider_ssl/options/alternative_names/- 9 | value: ((external_ip)) 10 | 11 | - type: replace 12 | path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/url 13 | value: "https://((external_ip)):8443" 14 | 15 | - type: replace 16 | path: /instance_groups/name=bosh/properties/director/user_management/uaa/url 17 | value: "https://((external_ip)):8443" 18 | -------------------------------------------------------------------------------- /external-ip-not-recommended.yml: -------------------------------------------------------------------------------- 1 | # WARNING: We do not recommend to expose Director and any other services over public addresses. 2 | 3 | - type: replace 4 | path: /networks/- 5 | value: 6 | name: public 7 | type: vip 8 | 9 | - type: replace 10 | path: /instance_groups/name=bosh/networks/0/default? 11 | value: [dns, gateway] 12 | 13 | - type: replace 14 | path: /instance_groups/name=bosh/networks/- 15 | value: 16 | name: public 17 | static_ips: [((external_ip))] 18 | 19 | - type: replace 20 | path: /instance_groups/name=bosh/properties/director/default_ssh_options?/gateway_host 21 | value: ((external_ip)) 22 | 23 | # todo should not access non-defined vars 24 | - type: replace 25 | path: /cloud_provider/mbus 26 | value: https://mbus:((mbus_bootstrap_password))@((external_ip)):6868 27 | 28 | - type: replace 29 | path: /variables/name=mbus_bootstrap_ssl/options/alternative_names/- 30 | value: ((external_ip)) 31 | 32 | - type: replace 33 | path: /variables/name=director_ssl/options/alternative_names/- 34 | value: ((external_ip)) 35 | -------------------------------------------------------------------------------- /external-ip-with-registry-not-recommended.yml: -------------------------------------------------------------------------------- 1 | # WARNING: We do not recommend to expose Director and any other services over public addresses. 2 | 3 | - type: replace 4 | path: /networks/- 5 | value: 6 | name: public 7 | type: vip 8 | 9 | - type: replace 10 | path: /instance_groups/name=bosh/networks/0/default? 11 | value: [dns, gateway] 12 | 13 | - type: replace 14 | path: /instance_groups/name=bosh/networks/- 15 | value: 16 | name: public 17 | static_ips: [((external_ip))] 18 | 19 | - type: replace 20 | path: /instance_groups/name=bosh/properties/director/default_ssh_options?/gateway_host 21 | value: ((external_ip)) 22 | 23 | # todo should not access non-defined vars 24 | - type: replace 25 | path: /cloud_provider/mbus 26 | value: https://mbus:((mbus_bootstrap_password))@((external_ip)):6868 27 | 28 | - type: replace 29 | path: /variables/name=mbus_bootstrap_ssl/options/alternative_names/- 30 | value: ((external_ip)) 31 | 32 | - type: replace 33 | path: /variables/name=director_ssl/options/alternative_names/- 34 | value: ((external_ip)) 35 | -------------------------------------------------------------------------------- /gcp/bosh-lite-vm-type.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Configure sizes for bosh-lite on gcp 3 | - type: replace 4 | path: /resource_pools/name=vms/cloud_properties/machine_type 5 | value: e2-standard-8 6 | -------------------------------------------------------------------------------- /gcp/cloud-config.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | cloud_properties: 4 | zone: ((zone)) 5 | - name: z2 6 | cloud_properties: 7 | zone: ((zone)) 8 | - name: z3 9 | cloud_properties: 10 | zone: ((zone)) 11 | 12 | vm_types: 13 | - name: default 14 | cloud_properties: 15 | machine_type: n1-standard-2 16 | root_disk_size_gb: 20 17 | root_disk_type: pd-ssd 18 | - name: large 19 | cloud_properties: 20 | machine_type: n1-standard-2 21 | root_disk_size_gb: 50 22 | root_disk_type: pd-ssd 23 | 24 | disk_types: 25 | - name: default 26 | disk_size: 3000 27 | - name: large 28 | disk_size: 50_000 29 | 30 | networks: 31 | - name: default 32 | type: manual 33 | subnets: 34 | - range: ((internal_cidr)) 35 | gateway: ((internal_gw)) 36 | azs: [z1, z2, z3] 37 | dns: [8.8.8.8] 38 | cloud_properties: 39 | network_name: ((network)) 40 | subnetwork_name: ((subnetwork)) 41 | ephemeral_external_ip: false 42 | tags: ((tags)) 43 | - name: vip 44 | type: vip 45 | 46 | compilation: 47 | workers: 5 48 | reuse_compilation_vms: true 49 | az: z1 50 | vm_type: default 51 | network: default 52 | -------------------------------------------------------------------------------- /gcp/cpi.yml: -------------------------------------------------------------------------------- 1 | - name: cpi 2 | path: /releases/- 3 | type: replace 4 | value: 5 | name: bosh-google-cpi 6 | sha1: aa4ca9a3d4648e2f24b571b752b28c5f48bd1076 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-google-cpi-release?v=50.0.16 8 | version: 50.0.16 9 | - name: stemcell 10 | path: /resource_pools/name=vms/stemcell? 11 | type: replace 12 | value: 13 | sha1: 043fb46328e1b36ea45810d5a90cda960fdb7b4e 14 | url: https://storage.googleapis.com/bosh-gce-light-stemcells/1.829/light-bosh-stemcell-1.829-google-kvm-ubuntu-jammy-go_agent.tgz 15 | - path: /resource_pools/name=vms/cloud_properties? 16 | type: replace 17 | value: 18 | machine_type: e2-medium 19 | root_disk_size_gb: 40 20 | root_disk_type: pd-standard 21 | zone: ((zone)) 22 | - path: /disk_pools/name=disks/cloud_properties? 23 | type: replace 24 | value: 25 | type: pd-standard 26 | - path: /networks/name=default/subnets/0/cloud_properties? 27 | type: replace 28 | value: 29 | ephemeral_external_ip: false 30 | network_name: ((network)) 31 | subnetwork_name: ((subnetwork)) 32 | tags: ((tags)) 33 | - path: /instance_groups/name=bosh/jobs/- 34 | type: replace 35 | value: 36 | name: google_cpi 37 | release: bosh-google-cpi 38 | - path: /instance_groups/name=bosh/properties/director/cpi_job? 39 | type: replace 40 | value: google_cpi 41 | - path: /cloud_provider/template? 42 | type: replace 43 | value: 44 | name: google_cpi 45 | release: bosh-google-cpi 46 | - path: /instance_groups/name=bosh/properties/google? 47 | type: replace 48 | value: 49 | json_key: ((gcp_credentials_json)) 50 | project: ((project_id)) 51 | - path: /cloud_provider/properties/google? 52 | type: replace 53 | value: 54 | json_key: ((gcp_credentials_json)) 55 | project: ((project_id)) 56 | - path: /resource_pools/0/env/bosh/ntp? 57 | type: replace 58 | value: 59 | - 169.254.169.254 60 | - path: /instance_groups/name=bosh/properties/agent/env/bosh/ntp? 61 | type: replace 62 | value: 63 | - 169.254.169.254 64 | -------------------------------------------------------------------------------- /gcp/gcs-bbr.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/jobs/- 3 | value: 4 | name: gcs-blobstore-backup-restorer 5 | release: backup-and-restore-sdk 6 | properties: 7 | enabled: true 8 | buckets: 9 | director_blobs: 10 | name: ((bucket_name)) 11 | gcp_service_account_key: "((director_gcs_credentials_json))" 12 | -------------------------------------------------------------------------------- /gcp/gcs-blobstore.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/properties/blobstore? 3 | value: 4 | provider: gcs 5 | credentials_source: static 6 | bucket_name: ((bucket_name)) 7 | json_key: ((director_gcs_credentials_json)) 8 | 9 | - type: remove 10 | path: /instance_groups/name=bosh/jobs/name=blobstore 11 | 12 | - type: remove 13 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores 14 | 15 | - type: replace 16 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores?/- 17 | value: 18 | provider: gcs 19 | options: 20 | provider: gcs 21 | credentials_source: static 22 | bucket_name: ((bucket_name)) 23 | json_key: ((agent_gcs_credentials_json)) 24 | 25 | - type: remove 26 | path: /variables/name=blobstore_ca? 27 | 28 | - type: remove 29 | path: /variables/name=blobstore_server_tls? 30 | -------------------------------------------------------------------------------- /gcp/service-account.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /resource_pools/name=vms/cloud_properties/service_account? 3 | value: ((service_account)) 4 | 5 | - type: remove 6 | path: /instance_groups/name=bosh/properties/google/json_key 7 | 8 | - type: remove 9 | path: /cloud_provider/properties/google/json_key 10 | -------------------------------------------------------------------------------- /gcp/use-bionic.yml: -------------------------------------------------------------------------------- 1 | - name: stemcell 2 | path: /resource_pools/name=vms/stemcell? 3 | type: replace 4 | value: 5 | sha1: 5595181c38ba48773f0ed84f4114579d7fb92345 6 | url: https://storage.googleapis.com/bosh-gce-light-stemcells/1.204/light-bosh-stemcell-1.204-google-kvm-ubuntu-bionic-go_agent.tgz 7 | -------------------------------------------------------------------------------- /hm/datadog.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/hm/datadog? 4 | value: 5 | api_key: ((datadog_api_key)) 6 | application_key: ((datadog_application_key)) 7 | custom_tags: 8 | director: ((director_name)) 9 | 10 | - type: replace 11 | path: /instance_groups/name=bosh/properties/hm/datadog_enabled? 12 | value: true 13 | -------------------------------------------------------------------------------- /hm/disable.yml: -------------------------------------------------------------------------------- 1 | - type: remove 2 | path: /instance_groups/name=bosh/jobs/name=health_monitor 3 | 4 | - type: remove 5 | path: /instance_groups/name=bosh/properties/hm 6 | -------------------------------------------------------------------------------- /hm/graphite.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/hm/graphite? 4 | value: 5 | address: ((graphite_address)) 6 | port: ((graphite_port)) 7 | prefix: ((graphite_prefix)) 8 | 9 | - type: replace 10 | path: /instance_groups/name=bosh/properties/hm/graphite_enabled? 11 | value: true 12 | -------------------------------------------------------------------------------- /jumpbox-user.yml: -------------------------------------------------------------------------------- 1 | - path: /releases/name=os-conf? 2 | release: os-conf 3 | type: replace 4 | value: 5 | name: os-conf 6 | sha1: d20772d8ce6e781ceb13cac7df5950bfa4330ba1 7 | url: https://bosh.io/d/github.com/cloudfoundry/os-conf-release?v=23.0.0 8 | version: 23.0.0 9 | - path: /instance_groups/0/properties/director/default_ssh_options?/gateway_user 10 | type: replace 11 | value: jumpbox 12 | - path: /instance_groups/0/jobs/- 13 | type: replace 14 | value: 15 | name: user_add 16 | properties: 17 | users: 18 | - name: jumpbox 19 | public_key: ((jumpbox_ssh.public_key)) 20 | release: os-conf 21 | - path: /variables/- 22 | type: replace 23 | value: 24 | name: jumpbox_ssh 25 | type: ssh 26 | -------------------------------------------------------------------------------- /local-bosh-release-tarball.yml: -------------------------------------------------------------------------------- 1 | # Use local bosh release -- useful for testing 2 | 3 | - type: replace 4 | path: /releases/name=bosh/url 5 | value: file://((local_bosh_release)) 6 | 7 | - type: remove 8 | path: /releases/name=bosh/sha1 9 | 10 | - type: replace 11 | path: /releases/name=bosh/version 12 | value: latest 13 | -------------------------------------------------------------------------------- /local-bosh-release.yml: -------------------------------------------------------------------------------- 1 | # Use local bosh release -- useful for testing 2 | 3 | - type: replace 4 | path: /releases/name=bosh/url 5 | value: file://((local_bosh_release)) 6 | 7 | - type: remove 8 | path: /releases/name=bosh/sha1 9 | 10 | - type: replace 11 | path: /releases/name=bosh/version 12 | value: create 13 | -------------------------------------------------------------------------------- /local-dns.yml: -------------------------------------------------------------------------------- 1 | # This file was used to enable the local_dns feature of bosh. 2 | # bosh dns is now the default in bosh.yml. 3 | # 4 | # This ops-file is temporarily here for backwards compatibility to ensure no pipelines are broken. 5 | # 6 | # To configure your upstream DNS provider please use the misc/dns.yml ops file to override the default (Google DNS). 7 | --- 8 | -------------------------------------------------------------------------------- /misc/blobstore-disable-tls.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores/provider=dav/options/endpoint 3 | value: http://((internal_ip)):25250 4 | -------------------------------------------------------------------------------- /misc/blobstore-signed-urls.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - type: replace 4 | path: /instance_groups/name=bosh/properties/blobstore/agent/user 5 | value: not_used_but_required_by_some_cpis 6 | 7 | - type: replace 8 | path: /instance_groups/name=bosh/properties/blobstore/agent/password 9 | value: not_used_but_required_by_some_cpis 10 | 11 | - type: replace 12 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores/0/options/password 13 | value: not_used_but_required_by_some_cpis 14 | 15 | - type: replace 16 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores/0/options/user 17 | value: not_used_but_required_by_some_cpis 18 | 19 | 20 | 21 | - type: replace 22 | path: /instance_groups/name=bosh/properties/blobstore/enable_signed_urls? 23 | value: true 24 | 25 | - type: replace 26 | path: /instance_groups/name=bosh/properties/blobstore/secret? 27 | value: ((blobstore_secret)) 28 | 29 | - type: replace 30 | path: /variables/- 31 | value: 32 | name: blobstore_secret 33 | type: password 34 | -------------------------------------------------------------------------------- /misc/blobstore-tls.yml: -------------------------------------------------------------------------------- 1 | # Blobstore TLS is now enabled by default 2 | # Keeping this ops-file for backwards compatibility 3 | --- 4 | -------------------------------------------------------------------------------- /misc/bosh-dev.yml: -------------------------------------------------------------------------------- 1 | # Use Director to deploy other Director for development 2 | 3 | # Networks are defined in cloud-config 4 | - type: remove 5 | path: /networks 6 | 7 | # Use disk type instead of disk_pools 8 | - type: remove 9 | path: /disk_pools 10 | 11 | - type: remove 12 | path: /instance_groups/name=bosh/persistent_disk_pool 13 | 14 | - type: replace 15 | path: /instance_groups/name=bosh/persistent_disk_type? 16 | value: default 17 | 18 | # Use VM type / stemcell instead of resource_pools 19 | - type: remove 20 | path: /resource_pools 21 | 22 | - type: remove 23 | path: /instance_groups/name=bosh/resource_pool 24 | 25 | - type: replace 26 | path: /instance_groups/name=bosh/vm_type? 27 | value: default 28 | 29 | - type: replace 30 | path: /stemcells?/- 31 | value: 32 | alias: default 33 | os: ubuntu-jammy 34 | version: latest 35 | 36 | - type: replace 37 | path: /instance_groups/name=bosh/stemcell? 38 | value: default 39 | 40 | - type: replace 41 | path: /instance_groups/name=bosh/azs? 42 | value: [z1] 43 | 44 | - type: replace 45 | path: /update? 46 | value: 47 | canaries: 0 48 | max_in_flight: 1 49 | canary_watch_time: 30000-180000 50 | update_watch_time: 30000-180000 51 | 52 | # remove create-env specifics 53 | - type: remove 54 | path: /cloud_provider 55 | 56 | - type: remove 57 | path: /variables/name=mbus_bootstrap_password 58 | -------------------------------------------------------------------------------- /misc/certificate-duration/bosh.yml: -------------------------------------------------------------------------------- 1 | - path: /variables/name=default_ca/options/duration? 2 | type: replace 3 | value: ((certificate_duration)) 4 | - path: /variables/name=mbus_bootstrap_ssl/options/duration? 5 | type: replace 6 | value: ((certificate_duration)) 7 | - path: /variables/name=director_ssl/options/duration? 8 | type: replace 9 | value: ((certificate_duration)) 10 | - path: /variables/name=nats_ca/options/duration? 11 | type: replace 12 | value: ((certificate_duration)) 13 | - path: /variables/name=nats_server_tls/options/duration? 14 | type: replace 15 | value: ((certificate_duration)) 16 | - path: /variables/name=nats_clients_director_tls/options/duration? 17 | type: replace 18 | value: ((certificate_duration)) 19 | - path: /variables/name=nats_clients_health_monitor_tls/options/duration? 20 | type: replace 21 | value: ((certificate_duration)) 22 | - path: /variables/name=blobstore_ca/options/duration? 23 | type: replace 24 | value: ((certificate_duration)) 25 | - path: /variables/name=blobstore_server_tls/options/duration? 26 | type: replace 27 | value: ((certificate_duration)) 28 | -------------------------------------------------------------------------------- /misc/certificate-duration/credhub.yml: -------------------------------------------------------------------------------- 1 | - path: /variables/name=credhub_ca/options/duration? 2 | type: replace 3 | value: ((certificate_duration)) 4 | - path: /variables/name=credhub_tls/options/duration? 5 | type: replace 6 | value: ((certificate_duration)) 7 | -------------------------------------------------------------------------------- /misc/certificate-duration/uaa.yml: -------------------------------------------------------------------------------- 1 | - path: /variables/name=uaa_ssl/options/duration? 2 | type: replace 3 | value: ((certificate_duration)) 4 | - path: /variables/name=uaa_service_provider_ssl/options/duration? 5 | type: replace 6 | value: ((certificate_duration)) 7 | -------------------------------------------------------------------------------- /misc/config-server.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/- 3 | value: 4 | name: config-server 5 | version: 0.1.20 6 | url: https://bosh.io/d/github.com/cloudfoundry/config-server-release?v=0.1.20 7 | sha1: 00efb69c6771dae651546ff54eac188cf6e4f943 8 | 9 | - type: replace 10 | path: /instance_groups/name=bosh/jobs/- 11 | value: 12 | name: config_server 13 | release: config-server 14 | properties: 15 | port: 8081 16 | store: database 17 | jwt: 18 | verification_key: ((uaa_jwt_signing_key.public_key)) 19 | ca: ((config_server_root_ca)) 20 | ssl: ((config_server_ssl)) 21 | db: 22 | user: postgres 23 | password: ((postgres_password)) 24 | 25 | - type: replace 26 | path: /instance_groups/name=bosh/properties/postgres/additional_databases?/- 27 | value: config_server 28 | 29 | # Configure Director 30 | - type: replace 31 | path: /instance_groups/name=bosh/properties/director/config_server? 32 | value: 33 | enabled: true 34 | url: "https://((internal_ip)):8081" 35 | ca_cert: ((config_server_ssl.ca)) 36 | uaa: 37 | url: "https://((internal_ip)):8443" 38 | ca_cert: ((uaa_ssl.ca)) 39 | client_id: director_config_server 40 | client_secret: ((director_config_server_client_secret)) 41 | 42 | # Configure UAA 43 | - type: replace 44 | path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/clients/director_config_server? 45 | value: 46 | override: true 47 | authorized-grant-types: client_credentials 48 | scope: "" 49 | authorities: config_server.admin 50 | secret: ((director_config_server_client_secret)) 51 | 52 | # Variables 53 | - type: replace 54 | path: /variables/- 55 | value: 56 | name: config_server_ssl 57 | type: certificate 58 | options: 59 | ca: default_ca 60 | common_name: ((internal_ip)) 61 | alternative_names: [((internal_ip))] 62 | 63 | - type: replace 64 | path: /variables/- 65 | value: 66 | name: config_server_root_ca 67 | type: certificate 68 | options: 69 | is_ca: true 70 | common_name: config_server_ca 71 | 72 | - type: replace 73 | path: /variables/- 74 | value: 75 | name: director_config_server_client_secret 76 | type: password 77 | -------------------------------------------------------------------------------- /misc/cpi-resize-disk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/director/enable_cpi_resize_disk? 4 | value: true 5 | -------------------------------------------------------------------------------- /misc/dns-addon-enable-external-monitoring.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /addons/name=bosh-dns/jobs/name=bosh-dns/properties?/metrics?/enabled 3 | value: true 4 | 5 | - type: replace 6 | path: /addons/name=bosh-dns/jobs/name=bosh-dns/properties?/metrics?/address 7 | value: ((address-to-bind-dns-metrics)) 8 | 9 | - type: replace 10 | path: /addons/name=bosh-dns/jobs/name=bosh-dns/properties?/metrics?/port 11 | value: ((port-to-bind-dns-metrics)) -------------------------------------------------------------------------------- /misc/dns-addon-enable-local-monitoring.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /addons/name=bosh-dns/jobs/name=bosh-dns/properties?/metrics?/enabled 3 | value: true -------------------------------------------------------------------------------- /misc/dns-addon.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /addons?/name=bosh-dns 4 | value: 5 | name: bosh-dns 6 | jobs: 7 | - name: bosh-dns 8 | release: bosh-dns 9 | properties: 10 | api: 11 | server: 12 | tls: ((dns_api_server_tls)) 13 | client: 14 | tls: ((dns_api_client_tls)) 15 | 16 | - type: replace 17 | path: /variables?/name=dns_api_tls_ca 18 | value: 19 | name: dns_api_tls_ca 20 | type: certificate 21 | options: 22 | is_ca: true 23 | common_name: dns-api-tls-ca 24 | 25 | - type: replace 26 | path: /variables?/name=dns_api_server_tls 27 | value: 28 | name: dns_api_server_tls 29 | type: certificate 30 | options: 31 | ca: dns_api_tls_ca 32 | common_name: api.bosh-dns 33 | alternative_names: [api.bosh-dns] 34 | extended_key_usage: 35 | - server_auth 36 | 37 | - type: replace 38 | path: /variables?/name=dns_api_client_tls 39 | value: 40 | name: dns_api_client_tls 41 | type: certificate 42 | options: 43 | ca: dns_api_tls_ca 44 | common_name: api.bosh-dns 45 | alternative_names: [api.bosh-dns] 46 | extended_key_usage: 47 | - client_auth 48 | -------------------------------------------------------------------------------- /misc/dns.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /networks/name=default/subnets/0/dns 3 | value: ((internal_dns)) 4 | -------------------------------------------------------------------------------- /misc/external-db-credhub.yml: -------------------------------------------------------------------------------- 1 | #This ops file requires that you applied the credhub.yml ops file first 2 | --- 3 | - type: replace 4 | path: /instance_groups/name=bosh/jobs/name=credhub/properties/credhub/data_storage 5 | value: 6 | host: ((external_db_host_credhub)) 7 | port: ((external_db_port_credhub)) 8 | database: ((external_db_name_credhub)) 9 | username: ((external_db_user_credhub)) 10 | password: ((external_db_password_credhub)) 11 | require_tls: ((external_db_require_tls_credhub)) 12 | type: ((external_db_adapter_credhub)) -------------------------------------------------------------------------------- /misc/external-db-uaa.yml: -------------------------------------------------------------------------------- 1 | #This ops file requires that you used the uaa.yml ops file first 2 | --- 3 | - type: replace 4 | path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaadb 5 | value: 6 | address: ((external_db_host_uaa)) 7 | port: ((external_db_port_uaa)) 8 | databases: 9 | - name: ((external_db_name_uaa)) 10 | tag: uaa 11 | roles: 12 | - name: ((external_db_user_uaa)) 13 | password: ((external_db_password_uaa)) 14 | tag: admin 15 | db_scheme: ((external_db_scheme_uaa)) -------------------------------------------------------------------------------- /misc/external-db.yml: -------------------------------------------------------------------------------- 1 | - type: remove 2 | path: /instance_groups/name=bosh/jobs/name=postgres-10? 3 | 4 | - type: remove 5 | path: /instance_groups/name=bosh/jobs/name=postgres-9.4? 6 | 7 | - type: remove 8 | path: /instance_groups/name=bosh/jobs/name=postgres? 9 | 10 | - type: remove 11 | path: /instance_groups/name=bosh/properties/postgres 12 | 13 | - type: replace 14 | path: /instance_groups/name=bosh/properties/director/db 15 | value: 16 | host: ((external_db_host)) 17 | port: ((external_db_port)) 18 | user: ((external_db_user)) 19 | password: ((external_db_password)) 20 | adapter: ((external_db_adapter)) 21 | database: ((external_db_name)) 22 | -------------------------------------------------------------------------------- /misc/external-ip-not-recommended/mbus-only.yml: -------------------------------------------------------------------------------- 1 | # WARNING: We do not recommend to expose Director and any other services over public addresses. 2 | 3 | - type: replace 4 | path: /cloud_provider/mbus 5 | value: https://mbus:((mbus_bootstrap_password))@((external_ip)):6868 6 | 7 | - type: replace 8 | path: /variables/name=mbus_bootstrap_ssl/options/alternative_names/- 9 | value: ((external_ip)) 10 | 11 | - type: replace 12 | path: /variables/name=director_ssl/options/alternative_names/- 13 | value: ((external_ip)) 14 | -------------------------------------------------------------------------------- /misc/ipv6/bosh.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /networks/name=default/subnets/0/dns 3 | value: 4 | - "2001:4860:4860:0000:0000:0000:0000:8888" 5 | - "2001:4860:4860:0000:0000:0000:0000:8844" 6 | 7 | - type: replace 8 | path: /instance_groups/name=bosh/properties/director/ipv6_listen? 9 | value: true 10 | 11 | - type: replace 12 | path: /instance_groups/name=bosh/properties/blobstore/ipv6_listen? 13 | value: true 14 | 15 | - type: replace 16 | path: /instance_groups/name=bosh/properties/nats/listen_address? 17 | value: "::" 18 | 19 | - type: replace 20 | path: /cloud_provider/mbus 21 | value: "https://mbus:((mbus_bootstrap_password))@[((internal_ip))]:6868" 22 | 23 | - type: replace 24 | path: /instance_groups/name=bosh/properties/agent/mbus 25 | value: "nats://[((internal_ip))]:4222" 26 | 27 | - type: replace 28 | path: /instance_groups/name=bosh/properties/blobstore/address 29 | value: "[((internal_ip))]" 30 | 31 | - type: replace 32 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores/0/options/endpoint 33 | value: "http://[((internal_ip))]:25250" 34 | 35 | - type: replace 36 | path: /instance_groups/name=bosh/properties/nats/address 37 | value: "[((internal_ip))]" 38 | 39 | - type: replace 40 | path: /resource_pools/name=vms/env/bosh/ipv6?/enable? 41 | value: true 42 | -------------------------------------------------------------------------------- /misc/ipv6/credhub.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/jobs/name=credhub/properties/credhub/authentication/uaa/url 3 | value: "https://[((internal_ip))]:8443" 4 | 5 | - type: replace 6 | path: /instance_groups/name=bosh/properties/director/config_server/url 7 | value: "https://[((internal_ip))]:8844/api/" 8 | 9 | - type: replace 10 | path: /instance_groups/name=bosh/properties/director/config_server/uaa/url 11 | value: "https://[((internal_ip))]:8443" 12 | -------------------------------------------------------------------------------- /misc/ipv6/uaa.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/properties/director/user_management/uaa?/url 3 | value: "https://[((internal_ip))]:8443" 4 | 5 | - type: replace 6 | path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/url 7 | value: "https://[((internal_ip))]:8443" 8 | -------------------------------------------------------------------------------- /misc/nats-strict-tls.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/properties/nats/allow_legacy_agents? 3 | value: false 4 | -------------------------------------------------------------------------------- /misc/no-internet-access/bpm.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/name=bpm/url 3 | value: file://((local_bpm_release)) 4 | 5 | - type: remove 6 | path: /releases/name=bpm/sha1 7 | 8 | - type: replace 9 | path: /releases/name=bpm/version 10 | value: latest 11 | -------------------------------------------------------------------------------- /misc/no-internet-access/credhub.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/name=credhub/url 3 | value: file://((local_credhub_release)) 4 | 5 | - type: remove 6 | path: /releases/name=credhub/sha1 7 | 8 | - type: replace 9 | path: /releases/name=credhub/version 10 | value: latest -------------------------------------------------------------------------------- /misc/no-internet-access/os-conf.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/name=os-conf/url 3 | value: file://((local_os_conf_release)) 4 | 5 | - type: remove 6 | path: /releases/name=os-conf/sha1 7 | 8 | - type: replace 9 | path: /releases/name=os-conf/version 10 | value: latest 11 | -------------------------------------------------------------------------------- /misc/no-internet-access/stemcell.yml: -------------------------------------------------------------------------------- 1 | # Use local stemcell 2 | 3 | - type: replace 4 | path: /resource_pools/name=vms/stemcell/url 5 | value: file://((local_stemcell)) 6 | 7 | - type: remove 8 | path: /resource_pools/name=vms/stemcell/sha1 9 | -------------------------------------------------------------------------------- /misc/no-internet-access/syslog.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/name=syslog/url 3 | value: file://((local_syslog_release)) 4 | 5 | - type: remove 6 | path: /releases/name=syslog/sha1 7 | 8 | - type: replace 9 | path: /releases/name=syslog/version 10 | value: latest 11 | -------------------------------------------------------------------------------- /misc/no-internet-access/uaa.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/name=uaa/url 3 | value: file://((local_uaa_release)) 4 | 5 | - type: remove 6 | path: /releases/name=uaa/sha1 7 | 8 | - type: replace 9 | path: /releases/name=uaa/version 10 | value: latest 11 | -------------------------------------------------------------------------------- /misc/no-internet-access/vsphere-cpi.yml: -------------------------------------------------------------------------------- 1 | # Use local vSphere CPI 2 | 3 | - type: replace 4 | path: /releases/name=bosh-vsphere-cpi/url 5 | value: file://((local_vsphere_cpi)) 6 | 7 | - type: remove 8 | path: /releases/name=bosh-vsphere-cpi/sha1 9 | 10 | - type: replace 11 | path: /releases/name=bosh-vsphere-cpi/version 12 | value: latest 13 | -------------------------------------------------------------------------------- /misc/ntp.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/properties/agent/env/bosh/ntp? 3 | value: ((internal_ntp)) 4 | - type: replace 5 | path: /resource_pools/0/env/bosh/ntp? 6 | value: ((internal_ntp)) 7 | -------------------------------------------------------------------------------- /misc/proxy.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/properties/env? 3 | value: &env 4 | http_proxy: ((http_proxy)) 5 | https_proxy: ((https_proxy)) 6 | no_proxy: ((no_proxy)) 7 | 8 | - type: replace 9 | path: /cloud_provider/properties/env? 10 | value: *env 11 | -------------------------------------------------------------------------------- /misc/second-network.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /networks/- 3 | value: 4 | name: second 5 | type: manual 6 | subnets: 7 | - range: ((second_internal_cidr)) 8 | gateway: ((second_internal_gw)) 9 | static: [((second_internal_ip))] 10 | 11 | - type: replace 12 | path: /instance_groups/name=bosh/networks/- 13 | value: 14 | name: second 15 | static_ips: [((second_internal_ip))] 16 | 17 | - type: replace 18 | path: /instance_groups/name=bosh/networks/0/default? 19 | value: [dns, gateway] 20 | -------------------------------------------------------------------------------- /misc/source-releases/bbr.yml: -------------------------------------------------------------------------------- 1 | - path: /releases/name=backup-and-restore-sdk 2 | release: backup-and-restore-sdk 3 | type: replace 4 | value: 5 | name: backup-and-restore-sdk 6 | sha1: af0c1cd711cde2125854737bc4f6ab20fb6f203c 7 | url: https://bosh.io/d/github.com/cloudfoundry-incubator/backup-and-restore-sdk-release?v=1.19.45 8 | version: 1.19.45 9 | -------------------------------------------------------------------------------- /misc/source-releases/bosh.yml: -------------------------------------------------------------------------------- 1 | - path: /releases/name=bosh? 2 | release: bosh 3 | type: replace 4 | value: 5 | name: bosh 6 | sha1: 5d26077e7a9c1cb8820ffd5ab554ea1eac420f09 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh?v=282.0.4 8 | version: 282.0.4 9 | - path: /releases/name=bpm? 10 | release: bpm 11 | type: replace 12 | value: 13 | name: bpm 14 | sha1: 00223345c70d5629d35008e88c42bf4482bdf766 15 | url: https://bosh.io/d/github.com/cloudfoundry/bpm-release?v=1.4.20 16 | version: 1.4.20 17 | -------------------------------------------------------------------------------- /misc/source-releases/credhub.yml: -------------------------------------------------------------------------------- 1 | - path: /releases/name=credhub? 2 | release: credhub 3 | type: replace 4 | value: 5 | name: credhub 6 | sha1: a11e05db682b3bd9e60dfa2e60baa1feef2b536e 7 | url: https://bosh.io/d/github.com/pivotal-cf/credhub-release?v=2.14.2 8 | version: 2.14.2 9 | -------------------------------------------------------------------------------- /misc/source-releases/uaa.yml: -------------------------------------------------------------------------------- 1 | - path: /releases/name=uaa? 2 | release: uaa 3 | type: replace 4 | value: 5 | name: uaa 6 | sha1: 4f6a2cc08b279ae31ceceae5f8bdcfe0dce7f88f 7 | url: https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=77.34.0 8 | version: 77.34.0 9 | -------------------------------------------------------------------------------- /misc/trusted-certs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/director/trusted_certs? 4 | value: ((trusted_ca_cert)) 5 | -------------------------------------------------------------------------------- /openstack/auto-anti-affinity.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/openstack/enable_auto_anti_affinity? 4 | value: true 5 | -------------------------------------------------------------------------------- /openstack/boot-from-volume.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/openstack/boot_from_volume? 4 | value: true 5 | -------------------------------------------------------------------------------- /openstack/cloud-config.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | cloud_properties: 4 | availability_zone: ((az)) 5 | - name: z2 6 | cloud_properties: 7 | availability_zone: ((az)) 8 | - name: z3 9 | cloud_properties: 10 | availability_zone: ((az)) 11 | 12 | vm_types: 13 | - name: default 14 | cloud_properties: 15 | instance_type: m1.small 16 | - name: large 17 | cloud_properties: 18 | instance_type: m1.xlarge 19 | 20 | disk_types: 21 | - name: default 22 | disk_size: 3000 23 | - name: large 24 | disk_size: 50_000 25 | 26 | networks: 27 | - name: default 28 | type: manual 29 | subnets: 30 | - range: ((internal_cidr)) 31 | gateway: ((internal_gw)) 32 | azs: [z1, z2, z3] 33 | dns: [8.8.8.8] 34 | reserved: [] 35 | cloud_properties: 36 | net_id: ((net_id)) 37 | - name: vip 38 | type: vip 39 | 40 | compilation: 41 | workers: 5 42 | reuse_compilation_vms: true 43 | az: z1 44 | vm_type: default 45 | network: default 46 | -------------------------------------------------------------------------------- /openstack/cpi-secondary.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /releases/- 4 | value: 5 | name: bosh-openstack-cpi 6 | version: "39" 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-openstack-cpi-release?v=39 8 | sha1: 34d07e203a4442c81a2f2391262fbadf5bc6eaea 9 | 10 | - type: replace 11 | path: /instance_groups/name=bosh/jobs/- 12 | value: 13 | name: openstack_cpi 14 | release: bosh-openstack-cpi 15 | 16 | # unused values should be overwritten via Director's cpi config 17 | - type: replace 18 | path: /instance_groups/name=bosh/properties/openstack? 19 | value: 20 | # todo eventually cpi does not take defaults (takes config only via cpi configs) 21 | auth_url: unused 22 | username: unused 23 | api_key: unused 24 | domain: unused 25 | project: unused 26 | region: unused 27 | default_key_name: unused 28 | default_security_groups: unused 29 | human_readable_vm_names: true 30 | -------------------------------------------------------------------------------- /openstack/cpi.yml: -------------------------------------------------------------------------------- 1 | - name: cpi 2 | path: /releases/- 3 | type: replace 4 | value: 5 | name: bosh-openstack-cpi 6 | sha1: c2a443b2a581fa9b2216584b75f927f753ea2013 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-openstack-cpi-release?v=55.0.4 8 | version: 55.0.4 9 | - name: stemcell 10 | path: /resource_pools/name=vms/stemcell? 11 | type: replace 12 | value: 13 | sha1: f49d3dd24cfe29dc9fe53115b456a51ea2ef6be4 14 | url: https://storage.googleapis.com/bosh-core-stemcells/1.829/bosh-stemcell-1.829-openstack-kvm-ubuntu-jammy-go_agent.tgz 15 | - path: /resource_pools/name=vms/cloud_properties? 16 | type: replace 17 | value: 18 | availability_zone: ((az)) 19 | instance_type: m1.xlarge 20 | - path: /networks/name=default/subnets/0/cloud_properties? 21 | type: replace 22 | value: 23 | net_id: ((net_id)) 24 | - path: /instance_groups/name=bosh/jobs/- 25 | type: replace 26 | value: 27 | name: openstack_cpi 28 | release: bosh-openstack-cpi 29 | - path: /instance_groups/name=bosh/properties/director/cpi_job? 30 | type: replace 31 | value: openstack_cpi 32 | - path: /cloud_provider/template? 33 | type: replace 34 | value: 35 | name: openstack_cpi 36 | release: bosh-openstack-cpi 37 | - path: /instance_groups/name=bosh/properties/openstack? 38 | type: replace 39 | value: 40 | api_key: ((openstack_password)) 41 | auth_url: ((auth_url)) 42 | default_key_name: ((default_key_name)) 43 | default_security_groups: ((default_security_groups)) 44 | domain: ((openstack_domain)) 45 | human_readable_vm_names: true 46 | project: ((openstack_project)) 47 | region: ((region)) 48 | username: ((openstack_username)) 49 | - path: /cloud_provider/properties/openstack? 50 | type: replace 51 | value: 52 | api_key: ((openstack_password)) 53 | auth_url: ((auth_url)) 54 | default_key_name: ((default_key_name)) 55 | default_security_groups: ((default_security_groups)) 56 | domain: ((openstack_domain)) 57 | human_readable_vm_names: true 58 | project: ((openstack_project)) 59 | region: ((region)) 60 | username: ((openstack_username)) 61 | -------------------------------------------------------------------------------- /openstack/custom-ca.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/openstack/connection_options? 4 | value: 5 | ca_cert: ((openstack_ca_cert)) 6 | 7 | - type: replace 8 | path: /cloud_provider/properties/openstack/connection_options? 9 | value: 10 | ca_cert: ((openstack_ca_cert)) 11 | -------------------------------------------------------------------------------- /openstack/disable-readable-vm-names.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/properties/openstack/human_readable_vm_names 3 | value: false 4 | - type: replace 5 | path: /cloud_provider/properties/openstack/human_readable_vm_names 6 | value: false 7 | -------------------------------------------------------------------------------- /openstack/keystone-v2.yml: -------------------------------------------------------------------------------- 1 | # Assumes use of openstack/cpi.yml 2 | - type: remove 3 | path: /instance_groups/name=bosh/properties/openstack/project 4 | 5 | - type: remove 6 | path: /instance_groups/name=bosh/properties/openstack/domain 7 | 8 | - type: replace 9 | path: /instance_groups/name=bosh/properties/openstack/tenant? 10 | value: ((openstack_tenant)) 11 | 12 | # Inside cloud_provider 13 | - type: remove 14 | path: /cloud_provider/properties/openstack/project 15 | 16 | - type: remove 17 | path: /cloud_provider/properties/openstack/domain 18 | 19 | - type: replace 20 | path: /cloud_provider/properties/openstack/tenant? 21 | value: ((openstack_tenant)) 22 | -------------------------------------------------------------------------------- /openstack/nova-networking.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/openstack/use_nova_networking? 4 | value: true 5 | -------------------------------------------------------------------------------- /openstack/trusted-certs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/director/trusted_certs? 4 | value: ((openstack_ca_cert)) 5 | -------------------------------------------------------------------------------- /openstack/use-bionic.yml: -------------------------------------------------------------------------------- 1 | - name: stemcell 2 | path: /resource_pools/name=vms/stemcell? 3 | type: replace 4 | value: 5 | sha1: 4ac36358a6de034f8deee3d5ca972658f785355f 6 | url: https://storage.googleapis.com/bosh-core-stemcells/1.204/bosh-stemcell-1.204-openstack-kvm-ubuntu-bionic-go_agent.tgz 7 | -------------------------------------------------------------------------------- /openstack/use-openstack-raw-stemcell.yml: -------------------------------------------------------------------------------- 1 | - name: stemcell 2 | path: /resource_pools/name=vms/stemcell? 3 | type: replace 4 | value: 5 | sha1: 5ef9941e822df8e0a17ffed9ef3165a0232b7fe7 6 | url: https://storage.googleapis.com/bosh-core-stemcells/1.829/bosh-stemcell-1.829-openstack-kvm-ubuntu-jammy-go_agent-raw.tgz 7 | -------------------------------------------------------------------------------- /runtime-configs/bpm.yml: -------------------------------------------------------------------------------- 1 | releases: 2 | - name: bpm 3 | version: "0.8.0" 4 | url: "https://bosh.io/d/github.com/cloudfoundry-incubator/bpm-release?v=0.8.0" 5 | sha1: "0cf53162bb246de6afb4c1eaf14becdb7865a217" 6 | 7 | addons: 8 | - name: bpm 9 | jobs: 10 | - name: bpm 11 | release: bpm 12 | properties: {} 13 | -------------------------------------------------------------------------------- /runtime-configs/dns.yml: -------------------------------------------------------------------------------- 1 | addons: 2 | - include: 3 | stemcell: 4 | - os: ubuntu-trusty 5 | - os: ubuntu-xenial 6 | - os: ubuntu-bionic 7 | - os: ubuntu-jammy 8 | jobs: 9 | - name: bosh-dns 10 | properties: 11 | api: 12 | client: 13 | tls: ((/dns_api_client_tls)) 14 | server: 15 | tls: ((/dns_api_server_tls)) 16 | cache: 17 | enabled: true 18 | health: 19 | client: 20 | tls: ((/dns_healthcheck_client_tls)) 21 | enabled: true 22 | server: 23 | tls: ((/dns_healthcheck_server_tls)) 24 | release: bosh-dns 25 | name: bosh-dns 26 | - include: 27 | stemcell: 28 | - os: ubuntu-noble 29 | jobs: 30 | - name: bosh-dns 31 | properties: 32 | api: 33 | client: 34 | tls: ((/dns_api_client_tls)) 35 | server: 36 | tls: ((/dns_api_server_tls)) 37 | cache: 38 | enabled: true 39 | configure_systemd_resolved: true 40 | disable_recursors: true 41 | health: 42 | client: 43 | tls: ((/dns_healthcheck_client_tls)) 44 | enabled: true 45 | server: 46 | tls: ((/dns_healthcheck_server_tls)) 47 | override_nameserver: false 48 | release: bosh-dns 49 | name: bosh-dns-systemd 50 | - include: 51 | stemcell: 52 | - os: windows2012R2 53 | - os: windows2016 54 | - os: windows1803 55 | - os: windows2019 56 | jobs: 57 | - name: bosh-dns-windows 58 | properties: 59 | api: 60 | client: 61 | tls: ((/dns_api_client_tls)) 62 | server: 63 | tls: ((/dns_api_server_tls)) 64 | cache: 65 | enabled: true 66 | health: 67 | client: 68 | tls: ((/dns_healthcheck_client_tls)) 69 | enabled: true 70 | server: 71 | tls: ((/dns_healthcheck_server_tls)) 72 | release: bosh-dns 73 | name: bosh-dns-windows 74 | releases: 75 | - name: bosh-dns 76 | sha1: 1b8e58166bd98b15b1bd3efac7c62d021018cc3b 77 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-dns-release?v=1.39.11 78 | version: 1.39.11 79 | variables: 80 | - name: /dns_healthcheck_tls_ca 81 | options: 82 | common_name: dns-healthcheck-tls-ca 83 | is_ca: true 84 | type: certificate 85 | - name: /dns_healthcheck_server_tls 86 | options: 87 | alternative_names: 88 | - health.bosh-dns 89 | ca: /dns_healthcheck_tls_ca 90 | common_name: health.bosh-dns 91 | extended_key_usage: 92 | - server_auth 93 | type: certificate 94 | - name: /dns_healthcheck_client_tls 95 | options: 96 | alternative_names: 97 | - health.bosh-dns 98 | ca: /dns_healthcheck_tls_ca 99 | common_name: health.bosh-dns 100 | extended_key_usage: 101 | - client_auth 102 | type: certificate 103 | - name: /dns_api_tls_ca 104 | options: 105 | common_name: dns-api-tls-ca 106 | is_ca: true 107 | type: certificate 108 | - name: /dns_api_server_tls 109 | options: 110 | alternative_names: 111 | - api.bosh-dns 112 | ca: /dns_api_tls_ca 113 | common_name: api.bosh-dns 114 | extended_key_usage: 115 | - server_auth 116 | type: certificate 117 | - name: /dns_api_client_tls 118 | options: 119 | alternative_names: 120 | - api.bosh-dns 121 | ca: /dns_api_tls_ca 122 | common_name: api.bosh-dns 123 | extended_key_usage: 124 | - client_auth 125 | type: certificate 126 | -------------------------------------------------------------------------------- /runtime-configs/syslog.yml: -------------------------------------------------------------------------------- 1 | releases: 2 | - name: syslog 3 | version: "11.3.2" 4 | url: "https://bosh.io/d/github.com/cloudfoundry/syslog-release?v=11.3.2" 5 | sha1: 64cf40d44746b50edffa78cb0e0dd6f072fee695 6 | 7 | addons: 8 | - name: syslog 9 | jobs: 10 | - name: syslog_forwarder 11 | release: syslog 12 | properties: 13 | syslog: 14 | address: ((syslog_address)) 15 | port: ((syslog_port)) 16 | transport: ((syslog_transport)) 17 | -------------------------------------------------------------------------------- /softlayer/cloud-config-legacy.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | cloud_properties: 4 | datacenter: { name: ((sl_datacenter)) } 5 | - name: z2 6 | cloud_properties: 7 | datacenter: { name: ((sl_datacenter)) } 8 | - name: z3 9 | cloud_properties: 10 | datacenter: { name: ((sl_datacenter)) } 11 | 12 | vm_types: 13 | - name: default 14 | cloud_properties: 15 | bosh_ip: ((internal_ip)) 16 | startCpus: 4 17 | maxMemory: 8192 18 | ephemeralDiskSize: 100 19 | hourlyBillingFlag: true 20 | vmNamePrefix: ((sl_vm_name_prefix)) 21 | domain: ((sl_vm_domain)) 22 | 23 | disk_types: 24 | - name: default 25 | disk_size: 100_000 26 | - name: small 27 | disk_size: 20_000 28 | - name: large 29 | disk_size: 250_000 30 | 31 | networks: 32 | - name: default 33 | type: manual 34 | subnets: 35 | - range: ((internal_cidr)) 36 | gateway: ((internal_gw)) 37 | azs: [z1, z2, z3] 38 | dns: [((internal_ip)), 8.8.8.8, 10.0.80.11, 10.0.80.12] 39 | static: ((internal_static_ips)) 40 | reserved: ((internal_reserved_ips)) 41 | 42 | - name: dynamic 43 | type: dynamic 44 | subnets: 45 | - dns: [((internal_ip)), 8.8.8.8, 10.0.80.11, 10.0.80.12] 46 | azs: [z1, z2, z3] 47 | cloud_properties: 48 | PrimaryNetworkComponent: 49 | NetworkVlan: 50 | Id: ((sl_vlan_public)) 51 | PrimaryBackendNetworkComponent: 52 | NetworkVlan: 53 | Id: ((sl_vlan_private)) 54 | 55 | compilation: 56 | workers: 5 57 | reuse_compilation_vms: true 58 | vm_type: default 59 | network: dynamic 60 | az: z1 61 | -------------------------------------------------------------------------------- /softlayer/cloud-config.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | cloud_properties: 4 | datacenter: ((sl_datacenter)) 5 | - name: z2 6 | cloud_properties: 7 | datacenter: ((sl_datacenter)) 8 | - name: z3 9 | cloud_properties: 10 | datacenter: ((sl_datacenter)) 11 | 12 | vm_types: 13 | - name: default 14 | cloud_properties: 15 | cpu: 4 16 | memory: 8192 17 | ephemeral_disk_size: 100 18 | hourly_billing_flag: true 19 | local_disk_flag: false 20 | max_network_speed: 100 21 | hostname_prefix: ((sl_vm_name_prefix)) 22 | domain: ((sl_vm_domain)) 23 | 24 | disk_types: 25 | - name: default 26 | disk_size: 100_000 27 | - name: small 28 | disk_size: 20_000 29 | - name: large 30 | disk_size: 250_000 31 | 32 | networks: 33 | - name: default 34 | type: manual 35 | subnets: 36 | - range: ((internal_cidr)) 37 | gateway: ((internal_gw)) 38 | azs: [z1, z2, z3] 39 | dns: [((internal_ip)), 8.8.8.8, 10.0.80.11, 10.0.80.12] 40 | static: ((internal_static_ips)) 41 | reserved: ((internal_reserved_ips)) 42 | cloud_properties: 43 | vlan_ids: 44 | - ((sl_vlan_public)) 45 | - ((sl_vlan_private)) 46 | 47 | - name: dynamic 48 | type: dynamic 49 | subnets: 50 | - dns: [((internal_ip)), 8.8.8.8, 10.0.80.11, 10.0.80.12] 51 | azs: [z1, z2, z3] 52 | cloud_properties: 53 | vlan_ids: 54 | - ((sl_vlan_public)) 55 | - ((sl_vlan_private)) 56 | 57 | compilation: 58 | workers: 5 59 | reuse_compilation_vms: true 60 | vm_type: default 61 | network: dynamic 62 | az: z1 63 | -------------------------------------------------------------------------------- /softlayer/cpi-dynamic.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /releases/- 4 | value: 5 | name: bosh-softlayer-cpi 6 | version: "33" 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-softlayer-cpi-release?v=33 8 | sha1: 2532b01b44595377d498749c69716e169e295113 9 | 10 | - type: replace 11 | path: /resource_pools/name=vms/stemcell? 12 | value: 13 | url: https://s3.amazonaws.com/bosh-softlayer-cpi-stemcells/light-bosh-stemcell-97.15-softlayer-xen-ubuntu-xenial-go_agent.tgz 14 | sha1: 67c7ce1adab587d578d151ab50bc2ba1d5a1a79f 15 | 16 | - type: replace 17 | path: /resource_pools/name=vms/env/bosh/keep_root_password? 18 | value: true 19 | 20 | # Configure sizes 21 | - type: replace 22 | path: /resource_pools/name=vms/cloud_properties? 23 | value: 24 | domain: ((sl_vm_domain)) 25 | hostname_prefix: ((sl_vm_name_prefix)) 26 | ephemeral_disk_size: 100 27 | cpu: 4 28 | memory: 8192 29 | deployed_by_boshcli: true 30 | datacenter: ((sl_datacenter)) 31 | hourly_billing_flag: true 32 | local_disk_flag: false 33 | max_network_speed: 100 34 | 35 | - type: replace 36 | path: /networks/name=default/subnets/0/dns? 37 | value: [8.8.8.8, 10.0.80.11, 10.0.80.12] 38 | 39 | - type: replace 40 | path: /networks?/- 41 | value: 42 | name: dynamic 43 | type: dynamic 44 | dns: [8.8.8.8, 10.0.80.11, 10.0.80.12] 45 | cloud_properties: 46 | vlan_ids: 47 | - ((sl_vlan_public)) 48 | - ((sl_vlan_private)) 49 | 50 | - type: remove 51 | path: /networks/name=default 52 | 53 | - type: replace 54 | path: /resource_pools/name=vms/network 55 | value: dynamic 56 | 57 | # Add CPI job 58 | - type: replace 59 | path: /instance_groups/name=bosh/jobs/- 60 | value: &cpi_job 61 | name: softlayer_cpi 62 | release: bosh-softlayer-cpi 63 | 64 | - type: replace 65 | path: /instance_groups/name=bosh/networks?/- 66 | value: 67 | name: dynamic 68 | default: [gateway, dns] 69 | 70 | - type: remove 71 | path: /instance_groups/name=bosh/networks/name=default 72 | 73 | - type: replace 74 | path: /instance_groups/name=bosh/properties/director/cpi_job? 75 | value: softlayer_cpi 76 | 77 | - type: replace 78 | path: /instance_groups/name=bosh/properties/director/enable_virtual_delete_vms? 79 | value: true 80 | 81 | - type: replace 82 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores/provider=dav/options/endpoint? 83 | value: http://((internal_ip)):25250 84 | 85 | - type: replace 86 | path: /cloud_provider/template? 87 | value: *cpi_job 88 | 89 | - type: replace 90 | path: /instance_groups/name=bosh/properties/softlayer? 91 | value: 92 | username: ((sl_username)) 93 | api_key: ((sl_api_key)) 94 | 95 | - type: replace 96 | path: /cloud_provider/ssh_tunnel? 97 | value: 98 | host: ((internal_ip)) 99 | port: 22 100 | private_key: ((sl_sshkey.private_key)) 101 | user: root 102 | 103 | - type: replace 104 | path: /cloud_provider/properties/softlayer? 105 | value: 106 | username: ((sl_username)) 107 | api_key: ((sl_api_key)) 108 | ssh_public_key: ((sl_sshkey.public_key)) 109 | ssh_public_key_fingerprint: ((sl_sshkey.public_key_fingerprint)) 110 | 111 | - type: replace 112 | path: /instance_groups/name=bosh/properties/blobstore/address? 113 | value: 127.0.0.1 114 | 115 | - type: replace 116 | path: /instance_groups/name=bosh/properties/nats/address? 117 | value: 127.0.0.1 118 | 119 | - type: replace 120 | path: /variables/name=nats_server_tls/options/alternative_names?/- 121 | value: "127.0.0.1" 122 | 123 | - type: replace 124 | path: /variables/name=blobstore_server_tls/options/alternative_names?/- 125 | value: "127.0.0.1" 126 | 127 | - type: replace 128 | path: /variables/- 129 | value: 130 | name: sl_sshkey 131 | type: ssh 132 | -------------------------------------------------------------------------------- /softlayer/cpi-legacy-dynamic.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /releases/- 4 | value: 5 | name: bosh-softlayer-cpi 6 | version: "23" 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-softlayer-cpi-release?v=23 8 | sha1: 960f6068c7823bc3822c5e7ec6c855060c5582d0 9 | 10 | - type: replace 11 | path: /resource_pools/name=vms/stemcell? 12 | value: 13 | url: https://bosh.io/d/stemcells/bosh-softlayer-xen-ubuntu-trusty-go_agent?v=3468.20 14 | sha1: 3e0945585eecc49183a8f4fcd8c6a97e3809040c 15 | 16 | - type: replace 17 | path: /resource_pools/name=vms/env/bosh/keep_root_password? 18 | value: true 19 | 20 | # Configure sizes 21 | - type: replace 22 | path: /resource_pools/name=vms/cloud_properties? 23 | value: 24 | domain: ((sl_vm_domain)) 25 | vmNamePrefix: ((sl_vm_name_prefix)) 26 | ephemeralDiskSize: 100 27 | startCpus: 4 28 | maxMemory: 8192 29 | deployedByBoshcli: true 30 | datacenter: 31 | name: ((sl_datacenter)) 32 | hourlyBillingFlag: true 33 | networkComponents: 34 | - maxSpeed: 100 35 | 36 | - type: replace 37 | path: /networks/name=default/subnets/0/dns 38 | value: [8.8.8.8, 10.0.80.11, 10.0.80.12] 39 | 40 | - type: replace 41 | path: /networks/- 42 | value: 43 | name: dynamic 44 | type: dynamic 45 | dns: [8.8.8.8, 10.0.80.11, 10.0.80.12] 46 | cloud_properties: 47 | PrimaryNetworkComponent: 48 | NetworkVlan: 49 | Id: ((sl_vlan_public)) 50 | PrimaryBackendNetworkComponent: 51 | NetworkVlan: 52 | Id: ((sl_vlan_private)) 53 | 54 | - type: remove 55 | path: /networks/name=default 56 | 57 | - type: replace 58 | path: /resource_pools/name=vms/network 59 | value: dynamic 60 | 61 | # Add CPI job 62 | - type: replace 63 | path: /instance_groups/name=bosh/jobs/- 64 | value: &cpi_job 65 | name: softlayer_cpi 66 | release: bosh-softlayer-cpi 67 | 68 | - type: replace 69 | path: /instance_groups/name=bosh/networks/- 70 | value: 71 | name: dynamic 72 | default: [gateway, dns] 73 | 74 | - type: remove 75 | path: /instance_groups/name=bosh/networks/name=default 76 | 77 | - type: replace 78 | path: /instance_groups/name=bosh/properties/director/cpi_job? 79 | value: softlayer_cpi 80 | 81 | - type: replace 82 | path: /instance_groups/name=bosh/properties/director/enable_virtual_delete_vms? 83 | value: true 84 | 85 | - type: replace 86 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores/provider=dav/options/endpoint? 87 | value: http://((director_ip)):25250 88 | 89 | - type: replace 90 | path: /cloud_provider/template? 91 | value: *cpi_job 92 | 93 | - type: replace 94 | path: /instance_groups/name=bosh/properties/softlayer? 95 | value: &softlayer 96 | username: ((sl_username)) 97 | apiKey: ((sl_api_key)) 98 | 99 | - type: replace 100 | path: /cloud_provider/properties/softlayer? 101 | value: *softlayer 102 | 103 | - type: replace 104 | path: /instance_groups/name=bosh/properties/blobstore/address? 105 | value: 127.0.0.1 106 | 107 | - type: replace 108 | path: /instance_groups/name=bosh/properties/nats/address? 109 | value: 127.0.0.1 110 | 111 | - type: replace 112 | path: /variables/name=nats_server_tls/options/alternative_names?/- 113 | value: "127.0.0.1" 114 | 115 | - type: replace 116 | path: /variables/name=blobstore_server_tls/options/alternative_names/- 117 | value: "127.0.0.1" 118 | 119 | - type: replace 120 | path: /variables/name=nats_server_tls/options/alternative_names?/- 121 | value: ((director_ip)) -------------------------------------------------------------------------------- /softlayer/cpi-legacy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /releases/- 4 | value: 5 | name: bosh-softlayer-cpi 6 | version: "23" 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-softlayer-cpi-release?v=23 8 | sha1: 960f6068c7823bc3822c5e7ec6c855060c5582d0 9 | 10 | - type: replace 11 | path: /resource_pools/name=vms/stemcell? 12 | value: 13 | url: https://bosh.io/d/stemcells/bosh-softlayer-xen-ubuntu-trusty-go_agent?v=3468.20 14 | sha1: 3e0945585eecc49183a8f4fcd8c6a97e3809040c 15 | 16 | - type: replace 17 | path: /resource_pools/name=vms/env/bosh/keep_root_password? 18 | value: true 19 | 20 | # Configure sizes 21 | - type: replace 22 | path: /resource_pools/name=vms/cloud_properties? 23 | value: 24 | domain: ((sl_vm_domain)) 25 | vmNamePrefix: ((sl_vm_name_prefix)) 26 | ephemeralDiskSize: 100 27 | startCpus: 4 28 | maxMemory: 8192 29 | deployedByBoshcli: true 30 | datacenter: 31 | name: ((sl_datacenter)) 32 | hourlyBillingFlag: true 33 | networkComponents: 34 | - maxSpeed: 100 35 | 36 | - type: replace 37 | path: /networks/name=default/subnets/0/dns 38 | value: [8.8.8.8, 10.0.80.11, 10.0.80.12] 39 | 40 | - type: replace 41 | path: /networks/- 42 | value: 43 | name: dynamic 44 | type: dynamic 45 | dns: [8.8.8.8, 10.0.80.11, 10.0.80.12] 46 | cloud_properties: 47 | PrimaryNetworkComponent: 48 | NetworkVlan: 49 | Id: ((sl_vlan_public)) 50 | PrimaryBackendNetworkComponent: 51 | NetworkVlan: 52 | Id: ((sl_vlan_private)) 53 | 54 | # Add CPI job 55 | - type: replace 56 | path: /instance_groups/name=bosh/jobs/- 57 | value: &cpi_job 58 | name: softlayer_cpi 59 | release: bosh-softlayer-cpi 60 | 61 | - type: replace 62 | path: /instance_groups/name=bosh/networks/- 63 | value: 64 | name: dynamic 65 | default: [gateway, dns] 66 | 67 | - type: replace 68 | path: /instance_groups/name=bosh/properties/director/cpi_job? 69 | value: softlayer_cpi 70 | 71 | - type: replace 72 | path: /instance_groups/name=bosh/properties/director/enable_virtual_delete_vms? 73 | value: true 74 | 75 | - type: replace 76 | path: /cloud_provider/template? 77 | value: *cpi_job 78 | 79 | - type: replace 80 | path: /instance_groups/name=bosh/properties/softlayer? 81 | value: &softlayer 82 | username: ((sl_username)) 83 | apiKey: ((sl_api_key)) 84 | 85 | - type: replace 86 | path: /cloud_provider/properties/softlayer? 87 | value: *softlayer 88 | -------------------------------------------------------------------------------- /softlayer/cpi.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /releases/- 4 | value: 5 | name: bosh-softlayer-cpi 6 | version: "33" 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-softlayer-cpi-release?v=33 8 | sha1: 2532b01b44595377d498749c69716e169e295113 9 | 10 | - type: replace 11 | path: /resource_pools/name=vms/stemcell? 12 | value: 13 | url: https://s3.amazonaws.com/bosh-softlayer-cpi-stemcells/light-bosh-stemcell-97.15-softlayer-xen-ubuntu-xenial-go_agent.tgz 14 | sha1: 67c7ce1adab587d578d151ab50bc2ba1d5a1a79f 15 | 16 | - type: replace 17 | path: /resource_pools/name=vms/env/bosh/keep_root_password? 18 | value: true 19 | 20 | # Configure sizes 21 | - type: replace 22 | path: /resource_pools/name=vms/cloud_properties? 23 | value: 24 | domain: ((sl_vm_domain)) 25 | hostname_prefix: ((sl_vm_name_prefix)) 26 | ephemeral_disk_size: 100 27 | cpu: 4 28 | memory: 8192 29 | deployed_by_boshcli: true 30 | datacenter: ((sl_datacenter)) 31 | hourly_billing_flag: true 32 | local_disk_flag: false 33 | max_network_speed: 100 34 | 35 | - type: replace 36 | path: /networks/name=default/subnets/0/dns 37 | value: [8.8.8.8, 10.0.80.11, 10.0.80.12] 38 | 39 | - type: replace 40 | path: /networks/name=default/subnets/0/cloud_properties? 41 | value: 42 | vlan_ids: 43 | - ((sl_vlan_public)) 44 | - ((sl_vlan_private)) 45 | 46 | - type: replace 47 | path: /networks/- 48 | value: 49 | name: dynamic 50 | type: dynamic 51 | dns: [8.8.8.8, 10.0.80.11, 10.0.80.12] 52 | cloud_properties: 53 | vlan_ids: 54 | - ((sl_vlan_public)) 55 | - ((sl_vlan_private)) 56 | 57 | # Add CPI job 58 | - type: replace 59 | path: /instance_groups/name=bosh/jobs/- 60 | value: &cpi_job 61 | name: softlayer_cpi 62 | release: bosh-softlayer-cpi 63 | 64 | - type: replace 65 | path: /instance_groups/name=bosh/networks/- 66 | value: 67 | name: dynamic 68 | default: [gateway, dns] 69 | 70 | - type: replace 71 | path: /instance_groups/name=bosh/properties/director/cpi_job? 72 | value: softlayer_cpi 73 | 74 | - type: replace 75 | path: /instance_groups/name=bosh/properties/director/enable_virtual_delete_vms? 76 | value: true 77 | 78 | - type: replace 79 | path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores/provider=dav/options/endpoint? 80 | value: http://((internal_ip)):25250 81 | 82 | - type: replace 83 | path: /cloud_provider/template? 84 | value: *cpi_job 85 | 86 | - type: replace 87 | path: /instance_groups/name=bosh/properties/softlayer? 88 | value: 89 | username: ((sl_username)) 90 | api_key: ((sl_api_key)) 91 | 92 | - type: replace 93 | path: /cloud_provider/ssh_tunnel? 94 | value: 95 | host: ((sl_vm_name_prefix)).((sl_vm_domain)) 96 | port: 22 97 | private_key: ((sl_sshkey.private_key)) 98 | user: root 99 | 100 | - type: replace 101 | path: /cloud_provider/properties/softlayer? 102 | value: 103 | username: ((sl_username)) 104 | api_key: ((sl_api_key)) 105 | ssh_public_key: ((sl_sshkey.public_key)) 106 | ssh_public_key_fingerprint: ((sl_sshkey.public_key_fingerprint)) 107 | 108 | - type: replace 109 | path: /instance_groups/name=bosh/properties/blobstore/address? 110 | value: 127.0.0.1 111 | 112 | - type: replace 113 | path: /instance_groups/name=bosh/properties/nats/address? 114 | value: 127.0.0.1 115 | 116 | - type: replace 117 | path: /variables/name=nats_server_tls/options/alternative_names?/- 118 | value: "127.0.0.1" 119 | 120 | - type: replace 121 | path: /variables/name=blobstore_server_tls/options/alternative_names/- 122 | value: "127.0.0.1" 123 | 124 | - type: replace 125 | path: /variables/- 126 | value: 127 | name: sl_sshkey 128 | type: ssh 129 | -------------------------------------------------------------------------------- /syslog.yml: -------------------------------------------------------------------------------- 1 | - path: /releases/- 2 | release: syslog 3 | type: replace 4 | value: 5 | name: syslog 6 | sha1: 9ba8e91b1895fcf96ebfb9dbcb55c3a35ca3f919 7 | url: https://bosh.io/d/github.com/cloudfoundry/syslog-release?v=12.3.9 8 | version: 12.3.9 9 | - path: /instance_groups/name=bosh/jobs/- 10 | type: replace 11 | value: 12 | name: syslog_forwarder 13 | properties: 14 | syslog: 15 | address: ((syslog_address)) 16 | port: ((syslog_port)) 17 | transport: ((syslog_transport)) 18 | release: syslog 19 | -------------------------------------------------------------------------------- /tests/.gitignore: -------------------------------------------------------------------------------- 1 | state.json 2 | creds.yml 3 | -------------------------------------------------------------------------------- /tests/cred-test.yml: -------------------------------------------------------------------------------- 1 | # Tests UAA/Credhub integration with BOSH 2 | 3 | - type: replace 4 | path: /variables?/- 5 | value: 6 | name: useless_cred 7 | type: password 8 | -------------------------------------------------------------------------------- /tests/run-checks.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P) 6 | cd "${script_dir}/.." 7 | 8 | tmp_file="/tmp/bosh-deployment-test" 9 | touch "${tmp_file}" 10 | 11 | function clean_tmp() { 12 | rm -f "${tmp_file}" 13 | rm -f "${tmp_file}."* 14 | } 15 | 16 | trap clean_tmp EXIT 17 | 18 | # Only used for tests below. Ignore it. 19 | function bosh() { 20 | shift 1 21 | command bosh int --var-errs --var-errs-unused ${@//--state=*/} > /dev/null 22 | } 23 | 24 | echo -e "\nCheck YAML syntax\n" 25 | find . -type "f" -name "*.yml" -print | tee /dev/stderr | xargs -n1 bosh interpolate > /dev/null 26 | 27 | echo -e "\nUsed compiled releases\n" 28 | grep -r -i s3.amazonaws.com/bosh-compiled-release-tarballs . | grep -v grep | grep -v ./.git 29 | 30 | echo -e "\nUsed stemcells\n" 31 | grep -r -i d/stemcells . | grep -v grep | grep -v ./.git 32 | 33 | echo -e "\nExamples\n" 34 | 35 | echo "- AWS" 36 | bosh create-env bosh.yml \ 37 | -o aws/cpi.yml \ 38 | --state=$tmp_file \ 39 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 40 | -v director_name=test \ 41 | -v internal_cidr=test \ 42 | -v internal_gw=test \ 43 | -v internal_ip=test \ 44 | -v access_key_id=test \ 45 | -v secret_access_key=test \ 46 | -v az=test \ 47 | -v region=test \ 48 | -v default_key_name=test \ 49 | -v default_security_groups=[test] \ 50 | -v subnet_id=test 51 | 52 | echo "- AWS with signed URLs" 53 | bosh create-env bosh.yml \ 54 | -o aws/cpi.yml \ 55 | -o misc/blobstore-signed-urls.yml \ 56 | --state=$tmp_file \ 57 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 58 | -v director_name=test \ 59 | -v internal_cidr=test \ 60 | -v internal_gw=test \ 61 | -v internal_ip=test \ 62 | -v access_key_id=test \ 63 | -v secret_access_key=test \ 64 | -v az=test \ 65 | -v region=test \ 66 | -v default_key_name=test \ 67 | -v default_security_groups=[test] \ 68 | -v subnet_id=test 69 | 70 | echo "- AWS with UAA" 71 | bosh create-env bosh.yml \ 72 | -o aws/cpi.yml \ 73 | -o uaa.yml \ 74 | --state=$tmp_file \ 75 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 76 | -v director_name=test \ 77 | -v internal_cidr=test \ 78 | -v internal_gw=test \ 79 | -v internal_ip=test \ 80 | -v access_key_id=test \ 81 | -v secret_access_key=test \ 82 | -v az=test \ 83 | -v region=test \ 84 | -v default_key_name=test \ 85 | -v default_security_groups=[test] \ 86 | -v subnet_id=test 87 | 88 | echo "- AWS with UAA + config-server" 89 | bosh create-env bosh.yml \ 90 | -o aws/cpi.yml \ 91 | -o uaa.yml \ 92 | -o misc/config-server.yml \ 93 | --state=$tmp_file \ 94 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 95 | -v director_name=test \ 96 | -v internal_cidr=test \ 97 | -v internal_gw=test \ 98 | -v internal_ip=test \ 99 | -v access_key_id=test \ 100 | -v secret_access_key=test \ 101 | -v az=test \ 102 | -v region=test \ 103 | -v default_key_name=test \ 104 | -v default_security_groups=[test] \ 105 | -v subnet_id=test 106 | 107 | echo "- AWS with UAA + CredHub + Turbulence" 108 | bosh create-env bosh.yml \ 109 | -o aws/cpi.yml \ 110 | -o uaa.yml \ 111 | -o credhub.yml \ 112 | -o turbulence.yml \ 113 | --state=$tmp_file \ 114 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 115 | -v director_name=test \ 116 | -v internal_cidr=test \ 117 | -v internal_gw=test \ 118 | -v internal_ip=test \ 119 | -v access_key_id=test \ 120 | -v secret_access_key=test \ 121 | -v az=test \ 122 | -v region=test \ 123 | -v default_key_name=test \ 124 | -v default_security_groups=[test] \ 125 | -v subnet_id=test \ 126 | -v credhub_encryption_password=test 127 | 128 | echo "- AWS with UAA + CredHub + Turbulence + configurable certificate duration" 129 | bosh create-env bosh.yml \ 130 | -o misc/certificate-duration/bosh.yml \ 131 | -o aws/cpi.yml \ 132 | -o uaa.yml \ 133 | -o credhub.yml \ 134 | -o misc/certificate-duration/uaa.yml \ 135 | -o misc/certificate-duration/credhub.yml \ 136 | -o turbulence.yml \ 137 | --state=$tmp_file \ 138 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 139 | -v director_name=test \ 140 | -v internal_cidr=test \ 141 | -v internal_gw=test \ 142 | -v internal_ip=test \ 143 | -v access_key_id=test \ 144 | -v secret_access_key=test \ 145 | -v az=test \ 146 | -v region=test \ 147 | -v default_key_name=test \ 148 | -v default_security_groups=[test] \ 149 | -v subnet_id=test \ 150 | -v credhub_encryption_password=test \ 151 | -v certificate_duration=3650 152 | 153 | echo "- AWS with UAA for BOSH development" 154 | bosh deploy bosh.yml \ 155 | -o aws/cpi.yml \ 156 | -o uaa.yml \ 157 | -o misc/bosh-dev.yml \ 158 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 159 | -v director_name=test \ 160 | -v internal_ip=test \ 161 | -v access_key_id=test \ 162 | -v secret_access_key=test \ 163 | -v region=test \ 164 | -v default_key_name=test \ 165 | -v default_security_groups=[test] 166 | 167 | echo "- AWS with external db and dns" 168 | bosh create-env bosh.yml \ 169 | -o aws/cpi.yml \ 170 | -o misc/external-db.yml \ 171 | -o misc/dns.yml \ 172 | --state=$tmp_file \ 173 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 174 | -v director_name=test \ 175 | -v internal_cidr=test \ 176 | -v internal_gw=test \ 177 | -v internal_ip=test \ 178 | -v internal_dns=[8.8.8.8] \ 179 | -v access_key_id=test \ 180 | -v secret_access_key=test \ 181 | -v az=test \ 182 | -v region=test \ 183 | -v default_key_name=test \ 184 | -v default_security_groups=[test] \ 185 | -v subnet_id=test \ 186 | -v external_db_host=test \ 187 | -v external_db_port=test \ 188 | -v external_db_user=test \ 189 | -v external_db_password=test \ 190 | -v external_db_adapter=test \ 191 | -v external_db_name=test 192 | 193 | echo "- AWS with UAA + CredHub + External dbs for all" 194 | bosh create-env bosh.yml \ 195 | -o aws/cpi.yml \ 196 | -o uaa.yml \ 197 | -o credhub.yml \ 198 | -o misc/external-db.yml \ 199 | -o misc/external-db-uaa.yml \ 200 | -o misc/external-db-credhub.yml \ 201 | --state=$tmp_file \ 202 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 203 | -v director_name=test \ 204 | -v internal_cidr=test \ 205 | -v internal_gw=test \ 206 | -v internal_ip=test \ 207 | -v access_key_id=test \ 208 | -v secret_access_key=test \ 209 | -v az=test \ 210 | -v region=test \ 211 | -v default_key_name=test \ 212 | -v default_security_groups=[test] \ 213 | -v subnet_id=test \ 214 | -v credhub_encryption_password=test \ 215 | -v external_db_host=test \ 216 | -v external_db_port=test \ 217 | -v external_db_user=test \ 218 | -v external_db_password=test \ 219 | -v external_db_adapter=test \ 220 | -v external_db_name=test \ 221 | -v external_db_host_credhub=test \ 222 | -v external_db_port_credhub=test \ 223 | -v external_db_name_credhub=test \ 224 | -v external_db_user_credhub=test \ 225 | -v external_db_password_credhub=test \ 226 | -v external_db_require_tls_credhub=test \ 227 | -v external_db_adapter_credhub=test \ 228 | -v external_db_host_uaa=test \ 229 | -v external_db_port_uaa=test \ 230 | -v external_db_user_uaa=test \ 231 | -v external_db_name_uaa=test \ 232 | -v external_db_password_uaa=test \ 233 | -v external_db_scheme_uaa=test 234 | 235 | echo "- AWS (cloud-config)" 236 | bosh update-cloud-config aws/cloud-config.yml \ 237 | -v internal_cidr=test \ 238 | -v internal_gw=test \ 239 | -v az=test \ 240 | -v subnet_id=test 241 | 242 | echo "- GCP" 243 | bosh create-env bosh.yml \ 244 | -o gcp/cpi.yml \ 245 | --state=$tmp_file \ 246 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 247 | -v director_name=test \ 248 | -v internal_cidr=test \ 249 | -v internal_gw=test \ 250 | -v internal_ip=test \ 251 | -v gcp_credentials_json=test \ 252 | -v project_id=test \ 253 | -v zone=test \ 254 | -v tags=[internal,no-ip] \ 255 | -v network=test \ 256 | -v subnetwork=test 257 | 258 | echo "- GCP with UAA" 259 | bosh create-env bosh.yml \ 260 | -o gcp/cpi.yml \ 261 | -o uaa.yml \ 262 | --state=$tmp_file \ 263 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 264 | -v director_name=test \ 265 | -v internal_cidr=test \ 266 | -v internal_gw=test \ 267 | -v internal_ip=test \ 268 | -v gcp_credentials_json=test \ 269 | -v project_id=test \ 270 | -v zone=test \ 271 | -v tags=[internal,no-ip] \ 272 | -v network=test \ 273 | -v subnetwork=test 274 | 275 | echo "- GCP with UAA on external IP" 276 | bosh create-env bosh.yml \ 277 | -o gcp/cpi.yml \ 278 | -o uaa.yml \ 279 | -o external-ip-not-recommended.yml \ 280 | -o external-ip-not-recommended-uaa.yml \ 281 | --state=$tmp_file \ 282 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 283 | -v director_name=test \ 284 | -v internal_cidr=test \ 285 | -v internal_gw=test \ 286 | -v internal_ip=test \ 287 | -v gcp_credentials_json=test \ 288 | -v project_id=test \ 289 | -v zone=test \ 290 | -v tags=[internal,no-ip] \ 291 | -v network=test \ 292 | -v subnetwork=test \ 293 | -v external_ip=test 294 | 295 | echo "- GCP with BOSH Lite" 296 | bosh create-env bosh.yml \ 297 | -o gcp/cpi.yml \ 298 | -o bosh-lite.yml \ 299 | --state=$tmp_file \ 300 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 301 | -v director_name=test \ 302 | -v internal_cidr=test \ 303 | -v internal_gw=test \ 304 | -v internal_ip=test \ 305 | -v gcp_credentials_json=test \ 306 | -v project_id=test \ 307 | -v zone=test \ 308 | -v tags=[internal,no-ip] \ 309 | -v network=test \ 310 | -v subnetwork=test 311 | 312 | echo "- GCP with BOSH Lite on Docker" 313 | bosh create-env bosh.yml \ 314 | -o gcp/cpi.yml \ 315 | -o bosh-lite-docker.yml \ 316 | --state=$tmp_file \ 317 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 318 | -v director_name=test \ 319 | -v internal_cidr=test \ 320 | -v internal_gw=test \ 321 | -v internal_ip=test \ 322 | -v gcp_credentials_json=test \ 323 | -v project_id=test \ 324 | -v zone=test \ 325 | -v tags=[internal,no-ip] \ 326 | -v network=test \ 327 | -v subnetwork=test 328 | 329 | echo "- GCP with external db" 330 | bosh create-env bosh.yml \ 331 | -o gcp/cpi.yml \ 332 | -o misc/external-db.yml \ 333 | --state=$tmp_file \ 334 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 335 | -v director_name=test \ 336 | -v internal_cidr=test \ 337 | -v internal_gw=test \ 338 | -v internal_ip=test \ 339 | -v gcp_credentials_json=test \ 340 | -v project_id=test \ 341 | -v zone=test \ 342 | -v tags=[internal,no-ip] \ 343 | -v network=test \ 344 | -v subnetwork=test \ 345 | -v external_db_host=test \ 346 | -v external_db_port=test \ 347 | -v external_db_user=test \ 348 | -v external_db_password=test \ 349 | -v external_db_adapter=test \ 350 | -v external_db_name=test 351 | 352 | echo "- GCP (cloud-config)" 353 | bosh update-cloud-config gcp/cloud-config.yml \ 354 | -v internal_cidr=test \ 355 | -v internal_gw=test \ 356 | -v zone=test \ 357 | -v network=test \ 358 | -v subnetwork=test \ 359 | -v tags=[tag] 360 | 361 | echo "- Openstack" 362 | bosh create-env bosh.yml \ 363 | -o openstack/cpi.yml \ 364 | --state=$tmp_file \ 365 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 366 | -v director_name=test \ 367 | -v internal_cidr=test \ 368 | -v internal_gw=test \ 369 | -v internal_ip=test \ 370 | -v auth_url=test \ 371 | -v az=test \ 372 | -v default_key_name=test \ 373 | -v default_security_groups=test \ 374 | -v net_id=test \ 375 | -v openstack_password=test \ 376 | -v openstack_username=test \ 377 | -v openstack_domain=test \ 378 | -v openstack_project=test \ 379 | -v region=test 380 | 381 | echo "- Openstack (cloud-config)" 382 | bosh update-cloud-config openstack/cloud-config.yml \ 383 | -v internal_cidr=test \ 384 | -v internal_gw=test \ 385 | -v az=test \ 386 | -v net_id=test 387 | 388 | echo "- vSphere" 389 | bosh create-env bosh.yml \ 390 | -o vsphere/cpi.yml \ 391 | --state=$tmp_file \ 392 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 393 | -v director_name=test \ 394 | -v internal_cidr=test \ 395 | -v internal_gw=test \ 396 | -v internal_ip=test \ 397 | -v network_name=test \ 398 | -v vcenter_dc=test \ 399 | -v vcenter_ds=test \ 400 | -v vcenter_ip=test \ 401 | -v vcenter_user=test \ 402 | -v vcenter_password=test \ 403 | -v vcenter_templates=test \ 404 | -v vcenter_vms=test \ 405 | -v vcenter_disks=test \ 406 | -v vcenter_cluster=test 407 | 408 | echo "- vCloud" 409 | bosh create-env bosh.yml \ 410 | -o vcloud/cpi.yml \ 411 | --state=$tmp_file \ 412 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 413 | -v director_name=test \ 414 | -v internal_cidr=test \ 415 | -v internal_gw=test \ 416 | -v internal_ip=test \ 417 | -v network_name=test \ 418 | -v vcloud_url=test \ 419 | -v vcloud_user=test \ 420 | -v vcloud_password=test \ 421 | -v vcd_org=test \ 422 | -v vcd_name=test 423 | 424 | echo "- vSphere (cloud-config)" 425 | bosh update-cloud-config vsphere/cloud-config.yml \ 426 | -v internal_cidr=test \ 427 | -v internal_gw=test \ 428 | -v network_name=test \ 429 | -v vcenter_cluster=test 430 | 431 | echo "- Azure" 432 | bosh create-env bosh.yml \ 433 | -o azure/cpi.yml \ 434 | --state=$tmp_file \ 435 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 436 | -v director_name=test \ 437 | -v internal_cidr=10.0.0.0/24 \ 438 | -v internal_gw=10.0.0.1 \ 439 | -v internal_ip=10.0.0.4 \ 440 | -v vnet_name=boshvnet-crp \ 441 | -v subnet_name=Bosh \ 442 | -v subscription_id=test \ 443 | -v tenant_id=test \ 444 | -v client_id=test \ 445 | -v client_secret=test \ 446 | -v resource_group_name=test \ 447 | -v storage_account_name=test \ 448 | -v default_security_group=nsg-bosh 449 | 450 | echo "- Azure (custom-environment)" 451 | bosh create-env bosh.yml \ 452 | -o azure/cpi.yml \ 453 | -o azure/custom-environment.yml \ 454 | --state=$tmp_file \ 455 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 456 | -v director_name=test \ 457 | -v internal_cidr=10.0.0.0/24 \ 458 | -v internal_gw=10.0.0.1 \ 459 | -v internal_ip=10.0.0.4 \ 460 | -v vnet_name=boshvnet-crp \ 461 | -v subnet_name=Bosh \ 462 | -v environment=AzureChinaCloud \ 463 | -v subscription_id=test \ 464 | -v tenant_id=test \ 465 | -v client_id=test \ 466 | -v client_secret=test \ 467 | -v resource_group_name=test \ 468 | -v storage_account_name=test \ 469 | -v default_security_group=nsg-bosh 470 | 471 | echo "- Azure (managed-identity)" 472 | bosh create-env bosh.yml \ 473 | -o azure/cpi.yml \ 474 | -o azure/use-managed-identity.yml \ 475 | --state=$tmp_file \ 476 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 477 | -v director_name=test \ 478 | -v internal_cidr=10.0.0.0/24 \ 479 | -v internal_gw=10.0.0.1 \ 480 | -v internal_ip=10.0.0.4 \ 481 | -v vnet_name=boshvnet-crp \ 482 | -v subnet_name=Bosh \ 483 | -v subscription_id=test \ 484 | -v azure-managed-identity=test \ 485 | -v resource_group_name=test \ 486 | -v storage_account_name=test \ 487 | -v default_security_group=nsg-bosh 488 | 489 | echo "- Azure (managed-identity-for-bosh-managed-vms)" 490 | bosh create-env bosh.yml \ 491 | -o azure/cpi.yml \ 492 | -o azure/use-managed-identity.yml \ 493 | -o azure/use-managed-identity-for-bosh-managed-vms.yml \ 494 | --state=$tmp_file \ 495 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 496 | -v director_name=test \ 497 | -v internal_cidr=10.0.0.0/24 \ 498 | -v internal_gw=10.0.0.1 \ 499 | -v internal_ip=10.0.0.4 \ 500 | -v vnet_name=boshvnet-crp \ 501 | -v subnet_name=Bosh \ 502 | -v subscription_id=test \ 503 | -v azure-managed-identity=test \ 504 | -v resource_group_name=test \ 505 | -v storage_account_name=test \ 506 | -v default_security_group=nsg-bosh 507 | 508 | echo "- Azure (cloud-config)" 509 | bosh update-cloud-config azure/cloud-config.yml \ 510 | -v internal_cidr=10.0.16.0/24 \ 511 | -v internal_gw=10.0.16.1 \ 512 | -v vnet_name=boshvnet-crp \ 513 | -v subnet_name=CloudFoundry \ 514 | -v security_group=nsg-cf 515 | 516 | echo "- VirtualBox with BOSH Lite" 517 | bosh create-env bosh.yml \ 518 | -o virtualbox/cpi.yml \ 519 | -o bosh-lite.yml \ 520 | --state=$tmp_file \ 521 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 522 | -v director_name=vbox \ 523 | -v internal_ip=192.168.56.6 \ 524 | -v internal_gw=192.168.56.1 \ 525 | -v internal_cidr=192.168.56.0/24 526 | 527 | echo "- VirtualBox with IPv6 (remote)" 528 | bosh create-env bosh.yml \ 529 | --state=$tmp_file \ 530 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 531 | -o virtualbox/cpi.yml \ 532 | -o virtualbox/outbound-network.yml \ 533 | -o jumpbox-user.yml \ 534 | -o uaa.yml \ 535 | -o credhub.yml \ 536 | -o misc/ipv6/bosh.yml \ 537 | -o misc/ipv6/uaa.yml \ 538 | -o misc/ipv6/credhub.yml \ 539 | -o virtualbox/remote.yml \ 540 | -o virtualbox/ipv6/cpi.yml \ 541 | -o virtualbox/ipv6/remote.yml \ 542 | -v director_name=vbox \ 543 | -v internal_cidr=fd7a:eeed:e696:969f:0000:0000:0000:0000/64 \ 544 | -v internal_gw=fd7a:eeed:e696:969f:0000:0000:0000:0001 \ 545 | -v internal_ip=fd7a:eeed:e696:969f:0000:0000:0000:0004 \ 546 | -v outbound_network_name=NatNetwork \ 547 | -v vbox_host=fd7a:eeed:e696:969f:0000:0000:0000:0001 \ 548 | -v vbox_username=test 549 | 550 | echo "- VirtualBox with BOSH Lite with garden-runc" 551 | bosh create-env bosh.yml \ 552 | -o virtualbox/cpi.yml \ 553 | -o bosh-lite.yml \ 554 | -o bosh-lite-runc.yml \ 555 | -o jumpbox-user.yml \ 556 | --state=$tmp_file \ 557 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 558 | -v director_name=vbox \ 559 | -v internal_ip=192.168.56.6 \ 560 | -v internal_gw=192.168.56.1 \ 561 | -v internal_cidr=192.168.56.0/24 562 | 563 | echo "- Warden (cloud-config)" 564 | bosh update-cloud-config warden/cloud-config.yml 565 | 566 | echo "- Docker" 567 | bosh create-env bosh.yml \ 568 | -o docker/cpi.yml \ 569 | -o jumpbox-user.yml \ 570 | --state=$tmp_file \ 571 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 572 | -v director_name=docker \ 573 | -v internal_cidr=10.245.0.0/16 \ 574 | -v internal_gw=10.245.0.1 \ 575 | -v internal_ip=10.245.0.10 \ 576 | -v docker_host=tcp://192.168.56.8:4243 \ 577 | --var-file docker_tls.ca=$tmp_file \ 578 | --var-file docker_tls.certificate=$tmp_file \ 579 | --var-file docker_tls.private_key=$tmp_file \ 580 | -v network=net3 581 | 582 | echo "- Docker via UNIX sock" 583 | bosh create-env bosh.yml \ 584 | -o docker/cpi.yml \ 585 | -o docker/unix-sock.yml \ 586 | -o jumpbox-user.yml \ 587 | --state=$tmp_file \ 588 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 589 | -v director_name=docker \ 590 | -v internal_cidr=10.245.0.0/16 \ 591 | -v internal_gw=10.245.0.1 \ 592 | -v internal_ip=10.245.0.10 \ 593 | -v docker_host=unix:///var/run/docker.sock \ 594 | -v network=net3 595 | 596 | echo "- Docker (cloud-config)" 597 | bosh update-cloud-config docker/cloud-config.yml -v network=net3 598 | 599 | echo "- Secondary CPIs" 600 | bosh create-env bosh.yml \ 601 | -o aws/cpi.yml \ 602 | -o docker/cpi-secondary.yml \ 603 | -o azure/cpi-secondary.yml \ 604 | -o vsphere/cpi-secondary.yml \ 605 | -o openstack/cpi-secondary.yml \ 606 | --state=$tmp_file \ 607 | --vars-store $(mktemp ${tmp_file}.XXXXXX) \ 608 | -v director_name=test \ 609 | -v internal_cidr=test \ 610 | -v internal_gw=test \ 611 | -v internal_ip=test \ 612 | -v access_key_id=test \ 613 | -v secret_access_key=test \ 614 | -v az=test \ 615 | -v region=test \ 616 | -v default_key_name=test \ 617 | -v default_security_groups=[test] \ 618 | -v subnet_id=test 619 | -------------------------------------------------------------------------------- /tests/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e # -x 4 | 5 | tests_dir=$PWD 6 | 7 | cd .. 8 | 9 | rm -f $tests_dir/creds.yml 10 | 11 | echo "-----> `date`: Create env" 12 | bosh create-env bosh.yml \ 13 | --state $tests_dir/state.json \ 14 | -o virtualbox/cpi.yml \ 15 | -o virtualbox/outbound-network.yml \ 16 | -o bosh-lite.yml \ 17 | -o bosh-lite-runc.yml \ 18 | -o uaa.yml \ 19 | -o credhub.yml \ 20 | -o jumpbox-user.yml \ 21 | -o misc/blobstore-tls.yml \ 22 | -o misc/nats-strict-tls.yml \ 23 | --vars-store $tests_dir/creds.yml \ 24 | -v director_name=bosh-lite \ 25 | -v internal_ip=192.168.56.10 \ 26 | -v internal_gw=192.168.56.1 \ 27 | -v internal_cidr=192.168.56.0/24 \ 28 | -v outbound_network_name=NatNetwork 29 | 30 | export BOSH_ENVIRONMENT=192.168.56.10 31 | export BOSH_CA_CERT="$(bosh int $tests_dir/creds.yml --path /director_ssl/ca)" 32 | export BOSH_CLIENT=admin 33 | export BOSH_CLIENT_SECRET="$(bosh int $tests_dir/creds.yml --path /admin_password)" 34 | 35 | echo "-----> `date`: Update cloud config" 36 | bosh -n update-cloud-config warden/cloud-config.yml 37 | 38 | echo "-----> `date`: Upload stemcell" 39 | bosh upload-stemcell --sha1 69163bcf21ae6d5ffeb92f099644d295b289b63e \ 40 | "https://bosh.io/d/stemcells/bosh-warden-boshlite-ubuntu-trusty-go_agent?v=3586.36" 41 | 42 | echo "-----> `date`: Deploy" 43 | bosh -n -d zookeeper deploy <(wget -O- https://raw.githubusercontent.com/cppforlife/zookeeper-release/master/manifests/zookeeper.yml) \ 44 | -o tests/cred-test.yml 45 | 46 | echo "-----> `date`: Exercise deployment" 47 | bosh -n -d zookeeper run-errand smoke-tests 48 | 49 | echo "-----> `date`: Exercise deployment" 50 | bosh -n -d zookeeper recreate 51 | 52 | echo "-----> `date`: Clean up disks, etc." 53 | bosh -n -d zookeeper clean-up --all 54 | 55 | echo "-----> `date`: Deleting env" 56 | bosh delete-env bosh.yml \ 57 | --state $tests_dir/state.json \ 58 | -o virtualbox/cpi.yml \ 59 | -o virtualbox/outbound-network.yml \ 60 | -o bosh-lite.yml \ 61 | -o jumpbox-user.yml \ 62 | --vars-store $tests_dir/creds.yml \ 63 | -v director_name=bosh-lite \ 64 | -v internal_ip=192.168.56.10 \ 65 | -v internal_gw=192.168.56.1 \ 66 | -v internal_cidr=192.168.56.0/24 \ 67 | -v outbound_network_name=NatNetwork 68 | 69 | echo "-----> `date`: Done" 70 | -------------------------------------------------------------------------------- /turbulence.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/- 3 | value: 4 | name: turbulence 5 | version: 0.8 6 | url: https://bosh.io/d/github.com/cppforlife/turbulence-release?v=0.8 7 | sha1: f9e20d7cc421bf5e71c74e397a690b1e660e15c5 8 | 9 | - type: replace 10 | path: /instance_groups/name=bosh/jobs/- 11 | value: 12 | name: turbulence_api 13 | release: turbulence 14 | properties: 15 | password: ((turbulence_api_password)) 16 | cert: ((turbulence_api_ssl)) 17 | director: 18 | host: ((internal_ip)) 19 | cert: ((director_ssl)) 20 | client: director_turbulence_api 21 | client_secret: ((director_turbulence_api_client_secret)) 22 | 23 | # Configure UAA 24 | - type: replace 25 | path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/clients/director_turbulence_api? 26 | value: 27 | override: true 28 | authorized-grant-types: client_credentials 29 | scope: "" 30 | authorities: bosh.admin 31 | secret: ((director_turbulence_api_client_secret)) 32 | 33 | # Variables 34 | - type: replace 35 | path: /variables/- 36 | value: 37 | name: turbulence_api_password 38 | type: password 39 | 40 | - type: replace 41 | path: /variables/- 42 | value: 43 | name: turbulence_api_ca 44 | type: certificate 45 | options: 46 | is_ca: true 47 | common_name: turbulence_api_ca 48 | 49 | - type: replace 50 | path: /variables/- 51 | value: 52 | name: turbulence_api_ssl 53 | type: certificate 54 | options: 55 | ca: turbulence_api_ca 56 | common_name: ((internal_ip)) 57 | alternative_names: [((internal_ip))] 58 | 59 | - type: replace 60 | path: /variables/- 61 | value: 62 | name: director_turbulence_api_client_secret 63 | type: password 64 | -------------------------------------------------------------------------------- /uaa.yml: -------------------------------------------------------------------------------- 1 | - path: /releases/- 2 | release: uaa 3 | type: replace 4 | value: 5 | name: uaa 6 | sha1: 98171dae1a59835e12d6b6526b50e8e4258a53ec 7 | url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/uaa-77.34.0-ubuntu-jammy-1.829.tgz 8 | version: 77.34.0 9 | - path: /instance_groups/name=bosh/properties/director/user_management/provider 10 | type: replace 11 | value: uaa 12 | - path: /instance_groups/name=bosh/properties/director/user_management/local 13 | type: remove 14 | - path: /instance_groups/name=bosh/properties/director/user_management/uaa?/url 15 | type: replace 16 | value: https://((internal_ip)):8443 17 | - path: /instance_groups/name=bosh/properties/director/user_management/uaa/public_key? 18 | type: replace 19 | value: ((uaa_jwt_signing_key.public_key)) 20 | - path: /instance_groups/name=bosh/jobs/- 21 | type: replace 22 | value: 23 | name: uaa 24 | properties: 25 | encryption: 26 | active_key_label: uaa-encryption-key-1 27 | encryption_keys: 28 | - label: uaa-encryption-key-1 29 | passphrase: ((uaa_encryption_key_1)) 30 | login: 31 | saml: 32 | activeKeyId: uaa-saml-key-1 33 | keys: 34 | uaa-saml-key-1: 35 | certificate: ((uaa_service_provider_ssl.certificate)) 36 | key: ((uaa_service_provider_ssl.private_key)) 37 | passphrase: "" 38 | uaa: 39 | clients: 40 | admin: 41 | authorities: bosh.admin 42 | authorized-grant-types: client_credentials 43 | override: true 44 | scope: "" 45 | secret: ((admin_password)) 46 | bosh_cli: 47 | access-token-validity: 120 48 | authorities: uaa.none 49 | authorized-grant-types: password,refresh_token 50 | override: true 51 | refresh-token-validity: 86400 52 | scope: openid,bosh.admin,bosh.read,bosh.*.admin,bosh.*.read,bosh.teams.*.admin,bosh.teams.*.read 53 | secret: "" 54 | hm: 55 | authorities: bosh.admin 56 | authorized-grant-types: client_credentials 57 | override: true 58 | scope: "" 59 | secret: ((hm_password)) 60 | nats: 61 | authorities: bosh.admin 62 | authorized-grant-types: client_credentials 63 | override: true 64 | scope: "" 65 | secret: ((nats_sync_password)) 66 | uaa_admin: 67 | authorities: uaa.admin 68 | authorized-grant-types: client_credentials 69 | override: true 70 | scope: "" 71 | secret: ((uaa_admin_client_secret)) 72 | jwt: 73 | policy: 74 | active_key_id: uaa-jwt-key-1 75 | keys: 76 | uaa-jwt-key-1: 77 | signingKey: ((uaa_jwt_signing_key.private_key)) 78 | scim: 79 | groups: 80 | bosh.admin: User has admin access on any Director 81 | bosh.read: User has read access on any Director 82 | bosh.releases.upload: User can upload new releases 83 | bosh.stemcells.upload: User can upload new stemcells 84 | users: 85 | - groups: 86 | - bosh.admin 87 | name: admin 88 | password: ((admin_password)) 89 | sslCertificate: ((uaa_ssl.certificate)) 90 | sslPrivateKey: ((uaa_ssl.private_key)) 91 | url: https://((internal_ip)):8443 92 | zones: 93 | internal: 94 | hostnames: 95 | - ((internal_ip)) 96 | uaadb: 97 | address: 127.0.0.1 98 | databases: 99 | - name: uaa 100 | tag: uaa 101 | db_scheme: postgresql 102 | port: 5432 103 | roles: 104 | - name: postgres 105 | password: ((postgres_password)) 106 | tag: admin 107 | tls: disabled 108 | release: uaa 109 | - path: /instance_groups/name=bosh/jobs/- 110 | type: replace 111 | value: 112 | name: bbr-uaadb 113 | properties: 114 | release_level_backup: true 115 | uaadb: 116 | address: 127.0.0.1 117 | databases: 118 | - name: uaa 119 | tag: uaa 120 | db_scheme: postgresql 121 | port: 5432 122 | roles: 123 | - name: postgres 124 | password: ((postgres_password)) 125 | tag: admin 126 | release: uaa 127 | - path: /instance_groups/name=bosh/properties/postgres/additional_databases?/- 128 | type: replace 129 | value: uaa 130 | - path: /instance_groups/name=bosh/properties/hm/director_account/client_id? 131 | type: replace 132 | value: hm 133 | - path: /instance_groups/name=bosh/properties/hm/director_account/client_secret? 134 | type: replace 135 | value: ((hm_password)) 136 | - path: /instance_groups/name=bosh/properties/nats/director_account/client_id? 137 | type: replace 138 | value: nats 139 | - path: /instance_groups/name=bosh/properties/nats/director_account/client_secret? 140 | type: replace 141 | value: ((nats_sync_password)) 142 | - path: /variables/- 143 | type: replace 144 | value: 145 | name: uaa_jwt_signing_key 146 | type: rsa 147 | - path: /variables/- 148 | type: replace 149 | value: 150 | name: uaa_admin_client_secret 151 | type: password 152 | - path: /variables/- 153 | type: replace 154 | value: 155 | name: uaa_encryption_key_1 156 | type: password 157 | - path: /variables/- 158 | type: replace 159 | value: 160 | name: uaa_ssl 161 | options: 162 | alternative_names: 163 | - ((internal_ip)) 164 | ca: default_ca 165 | common_name: ((internal_ip)) 166 | type: certificate 167 | - path: /variables/- 168 | type: replace 169 | value: 170 | name: uaa_service_provider_ssl 171 | options: 172 | alternative_names: 173 | - ((internal_ip)) 174 | ca: default_ca 175 | common_name: ((internal_ip)) 176 | type: certificate 177 | -------------------------------------------------------------------------------- /vcloud/cpi.yml: -------------------------------------------------------------------------------- 1 | - name: cpi 2 | path: /releases/- 3 | type: replace 4 | value: 5 | name: bosh-vcloud-cpi 6 | sha1: 6b223f73f3818363b6af15a7326d3894ea0c56c6 7 | url: https://bosh.io/d/github.com/cloudfoundry-incubator/bosh-vcloud-cpi-release?v=24 8 | version: "24" 9 | - name: stemcell 10 | path: /resource_pools/name=vms/stemcell? 11 | type: replace 12 | value: 13 | sha1: f49d3dd24cfe29dc9fe53115b456a51ea2ef6be4 14 | url: https://storage.googleapis.com/bosh-core-stemcells/1.829/bosh-stemcell-1.829-openstack-kvm-ubuntu-jammy-go_agent.tgz 15 | - path: /resource_pools/name=vms/cloud_properties? 16 | type: replace 17 | value: 18 | cpu: 2 19 | disk: 20000 20 | ram: 4096 21 | - path: /networks/name=default/subnets/0/cloud_properties? 22 | type: replace 23 | value: 24 | name: ((network_name)) 25 | - path: /instance_groups/name=bosh/jobs/- 26 | type: replace 27 | value: 28 | name: vcloud_cpi 29 | release: bosh-vcloud-cpi 30 | - path: /instance_groups/name=bosh/properties/director/cpi_job? 31 | type: replace 32 | value: vcloud_cpi 33 | - path: /cloud_provider/template? 34 | type: replace 35 | value: 36 | name: vcloud_cpi 37 | release: bosh-vcloud-cpi 38 | - path: /instance_groups/name=bosh/properties/vcd? 39 | type: replace 40 | value: 41 | control: 42 | wait_max: 900 43 | entities: 44 | media_catalog: bosh-catalog 45 | media_storage_profile: '*' 46 | organization: ((vcd_org)) 47 | vapp_catalog: bosh-catalog 48 | virtual_datacenter: ((vcd_name)) 49 | vm_metadata_key: bosh-meta 50 | password: ((vcloud_password)) 51 | url: ((vcloud_url)) 52 | user: ((vcloud_user)) 53 | - path: /cloud_provider/properties/vcd? 54 | type: replace 55 | value: 56 | control: 57 | wait_max: 900 58 | entities: 59 | media_catalog: bosh-catalog 60 | media_storage_profile: '*' 61 | organization: ((vcd_org)) 62 | vapp_catalog: bosh-catalog 63 | virtual_datacenter: ((vcd_name)) 64 | vm_metadata_key: bosh-meta 65 | password: ((vcloud_password)) 66 | url: ((vcloud_url)) 67 | user: ((vcloud_user)) 68 | -------------------------------------------------------------------------------- /vcloud/use-bionic.yml: -------------------------------------------------------------------------------- 1 | - name: stemcell 2 | path: /resource_pools/name=vms/stemcell? 3 | type: replace 4 | value: 5 | sha1: 4ac36358a6de034f8deee3d5ca972658f785355f 6 | url: https://storage.googleapis.com/bosh-core-stemcells/1.204/bosh-stemcell-1.204-openstack-kvm-ubuntu-bionic-go_agent.tgz 7 | -------------------------------------------------------------------------------- /virtualbox/cloud-config.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | - name: z2 4 | - name: z3 5 | 6 | vm_types: 7 | - name: default 8 | cloud_properties: 9 | cpu: 2 10 | ram: 1024 11 | disk: 3240 12 | - name: large 13 | cloud_properties: 14 | cpu: 2 15 | ram: 4096 16 | disk: 30_240 17 | 18 | disk_types: 19 | - name: default 20 | disk_size: 3000 21 | - name: large 22 | disk_size: 50_000 23 | 24 | networks: 25 | - name: default 26 | type: manual 27 | subnets: 28 | - range: ((internal_cidr)) 29 | gateway: ((internal_gw)) 30 | azs: [z1, z2, z3] 31 | dns: [8.8.8.8] 32 | reserved: [] 33 | cloud_properties: 34 | name: ((network_name)) 35 | 36 | compilation: 37 | workers: 2 38 | reuse_compilation_vms: true 39 | az: z1 40 | vm_type: default 41 | network: default 42 | -------------------------------------------------------------------------------- /virtualbox/cpi.yml: -------------------------------------------------------------------------------- 1 | - name: cpi 2 | path: /releases/- 3 | type: replace 4 | value: 5 | name: bosh-virtualbox-cpi 6 | sha1: a3a25e590d7bc456d60bba38c6c081437041658d 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-virtualbox-cpi-release?v=0.5.0 8 | version: 0.5.0 9 | - name: stemcell 10 | path: /resource_pools/name=vms/stemcell? 11 | type: replace 12 | value: 13 | sha1: 9db639192410c3d432f3d335a700951f7e8f6c8c 14 | url: https://storage.googleapis.com/bosh-core-stemcells/1.829/bosh-stemcell-1.829-vsphere-esxi-ubuntu-jammy-go_agent.tgz 15 | - path: /resource_pools/name=vms/cloud_properties? 16 | type: replace 17 | value: 18 | cpus: 4 19 | ephemeral_disk: 16384 20 | memory: 6144 21 | - path: /instance_groups/name=bosh/jobs/- 22 | type: replace 23 | value: 24 | name: virtualbox_cpi 25 | properties: 26 | agent: 27 | mbus: nats://((internal_ip)):4222 28 | blobstore: null 29 | release: bosh-virtualbox-cpi 30 | - path: /instance_groups/name=bosh/properties/director/cpi_job? 31 | type: replace 32 | value: virtualbox_cpi 33 | - path: /cloud_provider/template? 34 | type: replace 35 | value: 36 | name: virtualbox_cpi 37 | release: bosh-virtualbox-cpi 38 | - path: /instance_groups/name=bosh/properties/agent/env/bosh/ntp? 39 | type: replace 40 | value: 41 | - 0.pool.ntp.org 42 | - 1.pool.ntp.org 43 | - path: /resource_pools/0/env/bosh/ntp? 44 | type: replace 45 | value: 46 | - 0.pool.ntp.org 47 | - 1.pool.ntp.org 48 | -------------------------------------------------------------------------------- /virtualbox/create-env.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu -o pipefail 4 | 5 | STEP() { echo ; echo ; echo "==\\" ; echo "===>" "$@" ; echo "==/" ; echo ; } 6 | 7 | bosh_deployment="$(cd "$(dirname "${BASH_SOURCE[0]}")"; cd ..; pwd)" 8 | bosh_deployment_sha="$(cd "${bosh_deployment}"; git rev-parse --short HEAD)" 9 | 10 | if [ "${PWD##${bosh_deployment}}" != "${PWD}" ] || [ -e virtualbox/create-env.sh ] || [ -e ../virtualbox/create-env.sh ]; then 11 | echo "It looks like you are running this within the ${bosh_deployment} repository." 12 | echo "To avoid secrets ending up in this repo, run this from another directory." 13 | echo 14 | 15 | exit 1 16 | fi 17 | 18 | #### 19 | STEP "Creating BOSH Director" 20 | #### 21 | 22 | bosh create-env "${bosh_deployment}/bosh.yml" \ 23 | --state "${PWD}/state.json" \ 24 | --ops-file "${bosh_deployment}/virtualbox/cpi.yml" \ 25 | --ops-file "${bosh_deployment}/virtualbox/outbound-network.yml" \ 26 | --ops-file "${bosh_deployment}/bosh-lite.yml" \ 27 | --ops-file "${bosh_deployment}/uaa.yml" \ 28 | --ops-file "${bosh_deployment}/credhub.yml" \ 29 | --ops-file "${bosh_deployment}/jumpbox-user.yml" \ 30 | --vars-store "${PWD}/creds.yml" \ 31 | --var director_name=bosh-lite \ 32 | --var internal_ip=192.168.56.6 \ 33 | --var internal_gw=192.168.56.1 \ 34 | --var internal_cidr=192.168.56.0/24 \ 35 | --var outbound_network_name=NatNetwork "$@" 36 | 37 | 38 | #### 39 | STEP "Adding Network Routes (sudo is required)" 40 | #### 41 | 42 | if [ "$(uname)" = "Darwin" ]; then 43 | sudo route add -net 10.244.0.0/16 192.168.56.6 44 | elif [ "$(uname)" = "Linux" ]; then 45 | if type ip > /dev/null 2>&1; then 46 | sudo ip route add 10.244.0.0/16 via 192.168.56.6 47 | elif type route > /dev/null 2>&1; then 48 | sudo route add -net 10.244.0.0/16 gw 192.168.56.6 49 | else 50 | echo "ERROR adding route" 51 | exit 1 52 | fi 53 | fi 54 | 55 | #### 56 | STEP "Generating .envrc" 57 | #### 58 | 59 | cat > .envrc <> .envrc 73 | 74 | 75 | source .envrc 76 | 77 | echo Succeeded 78 | 79 | 80 | #### 81 | STEP "Configuring Environment Alias" 82 | #### 83 | 84 | bosh \ 85 | --environment 192.168.56.6 \ 86 | --ca-cert <( bosh interpolate "${PWD}/creds.yml" --path /director_ssl/ca ) \ 87 | alias-env vbox 88 | 89 | 90 | #### 91 | STEP "Updating Cloud Config" 92 | #### 93 | 94 | bosh -n update-cloud-config "${bosh_deployment}/warden/cloud-config.yml" \ 95 | > /dev/null 96 | 97 | echo Succeeded 98 | 99 | #### 100 | STEP "Updating Runtime Config" 101 | #### 102 | 103 | bosh -n update-runtime-config "${bosh_deployment}/runtime-configs/dns.yml" \ 104 | > /dev/null 105 | 106 | echo Succeeded 107 | 108 | #### 109 | STEP "Completed" 110 | #### 111 | 112 | echo "Credentials for your environment have been generated and stored in creds.yml." 113 | echo "Details about the state of your VM have been stored in state.json." 114 | echo "You should keep these files for future updates and to destroy your environment." 115 | echo 116 | echo "BOSH Director is now running. You may need to run the following before using bosh commands:" 117 | echo 118 | echo " source .envrc" 119 | echo 120 | -------------------------------------------------------------------------------- /virtualbox/delete-env.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | STEP() { 6 | echo 7 | echo 8 | echo "==\\" 9 | echo "===>" "$@" 10 | echo "==/" 11 | echo 12 | } 13 | 14 | bosh_deployment="$( 15 | cd "$(dirname "${BASH_SOURCE[0]}")" 16 | cd .. 17 | pwd 18 | )" 19 | 20 | echo "This will destroy BOSH from VirtualBox." 21 | echo 22 | 23 | read -p "Continue? [yN] " 24 | [[ $REPLY =~ ^[Yy]$ ]] || exit 1 25 | 26 | #### 27 | STEP "Deleting BOSH Director" 28 | #### 29 | 30 | bosh delete-env "${bosh_deployment}"/bosh.yml \ 31 | --state state.json \ 32 | --ops-file "${bosh_deployment}"/virtualbox/cpi.yml \ 33 | --ops-file "${bosh_deployment}"/virtualbox/outbound-network.yml \ 34 | --ops-file "${bosh_deployment}"/bosh-lite.yml \ 35 | --ops-file "${bosh_deployment}"/bosh-lite-runc.yml \ 36 | --ops-file "${bosh_deployment}"/jumpbox-user.yml \ 37 | --vars-store creds.yml \ 38 | --var director_name=bosh-lite \ 39 | --var internal_ip=192.168.56.6 \ 40 | --var internal_gw=192.168.56.1 \ 41 | --var internal_cidr=192.168.56.0/24 \ 42 | --var outbound_network_name=NatNetwork 43 | 44 | #### 45 | STEP "Delete Network Routes" 46 | #### 47 | if [ "$(uname)" = "Darwin" ]; then 48 | sudo route -n delete -net 10.244.0.0/16 192.168.56.6 49 | elif [ "$(uname)" = "Linux" ]; then 50 | if type ip >/dev/null 2>&1; then 51 | sudo ip route del 10.244.0.0/16 via 192.168.56.6 52 | elif type route >/dev/null 2>&1; then 53 | sudo route del -net 10.244.0.0/16 gw 192.168.56.6 54 | else 55 | echo "ERROR deleting route" 56 | exit 1 57 | fi 58 | fi 59 | -------------------------------------------------------------------------------- /virtualbox/internal-network.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /networks/name=default/subnets/0/cloud_properties? 3 | value: 4 | name: ((network_name)) 5 | -------------------------------------------------------------------------------- /virtualbox/ipv6/cpi.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/jobs/name=virtualbox_cpi/properties/agent/mbus 3 | value: "nats://[((internal_ip))]:4222" 4 | -------------------------------------------------------------------------------- /virtualbox/ipv6/remote.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/jobs/name=virtualbox_cpi/properties/host 4 | value: "[((vbox_host))]" 5 | 6 | - type: replace 7 | path: /cloud_provider/properties/host 8 | value: "[((vbox_host))]" 9 | -------------------------------------------------------------------------------- /virtualbox/outbound-network.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /networks/- 3 | value: 4 | name: outbound 5 | type: dynamic 6 | cloud_properties: 7 | type: natnetwork 8 | name: ((outbound_network_name)) 9 | 10 | - type: replace 11 | path: /instance_groups/name=bosh/networks/- 12 | value: 13 | name: outbound 14 | default: 15 | - dns 16 | - gateway 17 | -------------------------------------------------------------------------------- /virtualbox/remote.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/jobs/name=virtualbox_cpi/properties/host? 4 | value: ((vbox_host)) 5 | 6 | - type: replace 7 | path: /instance_groups/name=bosh/jobs/name=virtualbox_cpi/properties/username? 8 | value: ((vbox_username)) 9 | 10 | - type: replace 11 | path: /instance_groups/name=bosh/jobs/name=virtualbox_cpi/properties/private_key? 12 | value: ((vbox_ssh.private_key)) 13 | 14 | - type: replace 15 | path: /cloud_provider/properties/host? 16 | value: ((vbox_host)) 17 | 18 | - type: replace 19 | path: /cloud_provider/properties/username? 20 | value: ((vbox_username)) 21 | 22 | - type: replace 23 | path: /cloud_provider/properties/private_key? 24 | value: ((vbox_ssh.private_key)) 25 | 26 | - type: replace 27 | path: /variables/- 28 | value: 29 | name: vbox_ssh 30 | type: ssh 31 | -------------------------------------------------------------------------------- /virtualbox/remove-ntp.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=bosh/properties/agent/env/bosh/ntp? 3 | value: [] 4 | 5 | - type: replace 6 | path: /resource_pools/0/env/bosh/ntp? 7 | value: [] 8 | -------------------------------------------------------------------------------- /virtualbox/ssh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu -o pipefail 4 | 5 | if [ ! -f "${PWD}/creds.yml" ]; then 6 | echo "Couldn't find 'creds.yml'." 7 | echo "You are not running this within the bosh-lite deployment folder or you didn't deploy bosh-lite yet." 8 | echo 9 | 10 | exit 1 11 | fi 12 | 13 | bosh int "${PWD}/creds.yml" --path /jumpbox_ssh/private_key > "${PWD}/ssh_key" 14 | chmod 600 "${PWD}/ssh_key" 15 | ssh -i "${PWD}/ssh_key" jumpbox@192.168.56.6 16 | -------------------------------------------------------------------------------- /virtualbox/use-bionic.yml: -------------------------------------------------------------------------------- 1 | - name: stemcell 2 | path: /resource_pools/name=vms/stemcell? 3 | type: replace 4 | value: 5 | sha1: 32807908feca7324bd313789ec3eb251996d5d72 6 | url: https://storage.googleapis.com/bosh-core-stemcells/1.204/bosh-stemcell-1.204-vsphere-esxi-ubuntu-bionic-go_agent.tgz 7 | -------------------------------------------------------------------------------- /vsphere/cloud-config.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | cloud_properties: 4 | datacenters: 5 | - clusters: [((vcenter_cluster)): {}] 6 | - name: z2 7 | cloud_properties: 8 | datacenters: 9 | - clusters: [((vcenter_cluster)): {}] 10 | - name: z3 11 | cloud_properties: 12 | datacenters: 13 | - clusters: [((vcenter_cluster)): {}] 14 | 15 | vm_types: 16 | - name: default 17 | cloud_properties: 18 | cpu: 2 19 | ram: 1024 20 | disk: 30_000 21 | - name: large 22 | cloud_properties: 23 | cpu: 2 24 | ram: 4096 25 | disk: 30_240 26 | 27 | disk_types: 28 | - name: default 29 | disk_size: 3000 30 | - name: large 31 | disk_size: 50_000 32 | 33 | networks: 34 | - name: default 35 | type: manual 36 | subnets: 37 | - range: ((internal_cidr)) 38 | gateway: ((internal_gw)) 39 | azs: [z1, z2, z3] 40 | dns: [8.8.8.8] 41 | reserved: [] 42 | cloud_properties: 43 | name: ((network_name)) 44 | 45 | compilation: 46 | workers: 5 47 | reuse_compilation_vms: true 48 | az: z1 49 | vm_type: default 50 | network: default 51 | -------------------------------------------------------------------------------- /vsphere/cpi-secondary.yml: -------------------------------------------------------------------------------- 1 | - name: cpi 2 | path: /releases/- 3 | type: replace 4 | value: 5 | name: bosh-vsphere-cpi 6 | sha1: 00df4f70db8277e58fbedc5c222ebab796fdb810 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-vsphere-cpi-release?v=97.0.20 8 | version: 97.0.20 9 | - path: /instance_groups/name=bosh/properties/vcenter? 10 | type: replace 11 | value: 12 | address: unused 13 | datacenters: 14 | - clusters: 15 | - unused: {} 16 | datastore_pattern: unused 17 | disk_path: unused 18 | name: unused 19 | persistent_datastore_pattern: unused 20 | template_folder: unused 21 | vm_folder: unused 22 | password: unused 23 | user: unused 24 | -------------------------------------------------------------------------------- /vsphere/cpi.yml: -------------------------------------------------------------------------------- 1 | - name: cpi 2 | path: /releases/- 3 | type: replace 4 | value: 5 | name: bosh-vsphere-cpi 6 | sha1: 00df4f70db8277e58fbedc5c222ebab796fdb810 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-vsphere-cpi-release?v=97.0.20 8 | version: 97.0.20 9 | - name: stemcell 10 | path: /resource_pools/name=vms/stemcell? 11 | type: replace 12 | value: 13 | sha1: 9db639192410c3d432f3d335a700951f7e8f6c8c 14 | url: https://storage.googleapis.com/bosh-core-stemcells/1.829/bosh-stemcell-1.829-vsphere-esxi-ubuntu-jammy-go_agent.tgz 15 | - path: /resource_pools/name=vms/cloud_properties? 16 | type: replace 17 | value: 18 | cpu: 2 19 | disk: 40000 20 | ram: 4096 21 | - path: /networks/name=default/subnets/0/cloud_properties? 22 | type: replace 23 | value: 24 | name: ((network_name)) 25 | - path: /instance_groups/name=bosh/jobs/- 26 | type: replace 27 | value: 28 | name: vsphere_cpi 29 | release: bosh-vsphere-cpi 30 | - path: /instance_groups/name=bosh/properties/director/cpi_job? 31 | type: replace 32 | value: vsphere_cpi 33 | - path: /cloud_provider/template? 34 | type: replace 35 | value: 36 | name: vsphere_cpi 37 | release: bosh-vsphere-cpi 38 | - path: /instance_groups/name=bosh/properties/vcenter? 39 | type: replace 40 | value: 41 | address: ((vcenter_ip)) 42 | datacenters: 43 | - clusters: 44 | - ((vcenter_cluster)): {} 45 | datastore_pattern: ((vcenter_ds)) 46 | disk_path: ((vcenter_disks)) 47 | name: ((vcenter_dc)) 48 | persistent_datastore_pattern: ((vcenter_ds)) 49 | template_folder: ((vcenter_templates)) 50 | vm_folder: ((vcenter_vms)) 51 | enable_human_readable_name: true 52 | password: ((vcenter_password)) 53 | user: ((vcenter_user)) 54 | - path: /cloud_provider/properties/vcenter? 55 | type: replace 56 | value: 57 | address: ((vcenter_ip)) 58 | datacenters: 59 | - clusters: 60 | - ((vcenter_cluster)): {} 61 | datastore_pattern: ((vcenter_ds)) 62 | disk_path: ((vcenter_disks)) 63 | name: ((vcenter_dc)) 64 | persistent_datastore_pattern: ((vcenter_ds)) 65 | template_folder: ((vcenter_templates)) 66 | vm_folder: ((vcenter_vms)) 67 | password: ((vcenter_password)) 68 | user: ((vcenter_user)) 69 | -------------------------------------------------------------------------------- /vsphere/custom-ca.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/vcenter/connection_options? 4 | value: 5 | ca_cert: ((vcenter_ca_cert)) 6 | 7 | - type: replace 8 | path: /cloud_provider/properties/vcenter/connection_options? 9 | value: 10 | ca_cert: ((vcenter_ca_cert)) 11 | -------------------------------------------------------------------------------- /vsphere/resource-pool.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=bosh/properties/vcenter/datacenters/name=((vcenter_dc))/clusters/0/((vcenter_cluster))/resource_pool? 4 | value: ((vcenter_rp)) 5 | 6 | - type: replace 7 | path: /cloud_provider/properties/vcenter/datacenters/name=((vcenter_dc))/clusters/0/((vcenter_cluster))/resource_pool? 8 | value: ((vcenter_rp)) 9 | -------------------------------------------------------------------------------- /vsphere/second-network.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /networks/name=second/subnets/0/cloud_properties? 3 | value: 4 | name: ((second_network_name)) 5 | -------------------------------------------------------------------------------- /vsphere/use-bionic.yml: -------------------------------------------------------------------------------- 1 | - name: stemcell 2 | path: /resource_pools/name=vms/stemcell? 3 | type: replace 4 | value: 5 | sha1: 32807908feca7324bd313789ec3eb251996d5d72 6 | url: https://storage.googleapis.com/bosh-core-stemcells/1.204/bosh-stemcell-1.204-vsphere-esxi-ubuntu-bionic-go_agent.tgz 7 | -------------------------------------------------------------------------------- /warden/cloud-config.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | - name: z2 4 | - name: z3 5 | 6 | vm_types: 7 | - name: default 8 | 9 | disk_types: 10 | - name: default 11 | disk_size: 1024 12 | 13 | networks: 14 | - name: default 15 | type: manual 16 | subnets: 17 | - azs: [z1, z2, z3] 18 | dns: [8.8.8.8] 19 | range: 10.244.0.0/24 20 | gateway: 10.244.0.1 21 | static: [10.244.0.34] 22 | reserved: [] 23 | 24 | compilation: 25 | workers: 5 26 | az: z1 27 | reuse_compilation_vms: true 28 | vm_type: default 29 | network: default 30 | -------------------------------------------------------------------------------- /warden/cpi.yml: -------------------------------------------------------------------------------- 1 | - name: cpi 2 | path: /releases/name=bosh-warden-cpi? 3 | type: replace 4 | value: 5 | name: bosh-warden-cpi 6 | sha1: a2c2f9dc4f577686eda1c47a83996a752a864ee7 7 | url: https://bosh.io/d/github.com/cloudfoundry/bosh-warden-cpi-release?v=45.0.7 8 | version: 45.0.7 9 | - name: stemcell 10 | path: /resource_pools/name=vms/stemcell? 11 | type: replace 12 | value: 13 | sha1: a3236a15beb8d518283366e9904b0e29d330c36f 14 | url: https://storage.googleapis.com/bosh-core-stemcells/1.829/bosh-stemcell-1.829-warden-boshlite-ubuntu-jammy-go_agent.tgz 15 | - path: /resource_pools/name=vms/cloud_properties? 16 | type: replace 17 | value: 18 | ports: 19 | - host: 22 20 | - host: 6868 21 | - host: 25555 22 | - host: 4222 23 | - host: 25250 24 | - host: 8443 25 | - host: 8080 26 | - path: /cloud_provider/template? 27 | type: replace 28 | value: 29 | name: warden_cpi 30 | release: bosh-warden-cpi 31 | - path: /cloud_provider/properties/warden_cpi? 32 | type: replace 33 | value: 34 | actions: 35 | expand_stemcell_tarball: false 36 | agent: 37 | blobstore: 38 | options: 39 | blobstore_path: /var/vcap/micro_bosh/data/cache 40 | provider: local 41 | mbus: https://mbus:((mbus_bootstrap_password))@0.0.0.0:6868 42 | warden: 43 | connect_address: ((garden_host)):7777 44 | connect_network: tcp 45 | -------------------------------------------------------------------------------- /warden/use-bionic.yml: -------------------------------------------------------------------------------- 1 | - name: stemcell 2 | path: /resource_pools/name=vms/stemcell? 3 | type: replace 4 | value: 5 | sha1: 22a3efed13dbd16f8949c5a03a1e628e1fb1c16d 6 | url: https://storage.googleapis.com/bosh-core-stemcells/1.204/bosh-stemcell-1.204-warden-boshlite-ubuntu-bionic-go_agent.tgz 7 | --------------------------------------------------------------------------------