├── .envrc ├── .github └── dependabot.yml ├── .gitignore ├── .overcommit.yml ├── ISSUE_TEMPLATE.md ├── LICENSE ├── NOTICE ├── PULL_REQUEST_TEMPLATE.md ├── README.md ├── cf-deployment.yml ├── ci ├── configure ├── input │ └── inputs.yml ├── pipelines │ ├── cf-deployment.md │ ├── cf-deployment.yml │ ├── ipv6-dual-stack-validation.md │ ├── ipv6-dual-stack-validation.yml │ ├── noble-stemcell.md │ ├── noble-stemcell.yml │ ├── pull-requests.yml │ ├── update-releases.md │ └── update-releases.yml └── template │ ├── lib │ ├── bbl-down.lib.yml │ ├── bbl-up.lib.yml │ ├── delete-deployment.lib.yml │ ├── manage-gcp-dns.lib.yml │ └── update-release.lib.yml │ └── update-releases.yml ├── iaas-support ├── README.md ├── alicloud │ ├── README.md │ ├── cloud-config-vars.yml │ ├── cloud-config.yml │ ├── download-releases.sh │ ├── stemcells.yml │ └── upload-releases.sh ├── bosh-lite │ ├── README.md │ └── cloud-config.yml ├── cf-testing-for-new-iaas.md ├── openstack │ ├── README.md │ ├── cloud-config-vars.yml │ ├── cloud-config.yml │ └── flavors.yml ├── softlayer │ ├── README.md │ └── add-system-domain-dns-alias.yml └── vsphere │ ├── README.md │ ├── cloud-config-vars.yml │ └── cloud-config.yml ├── operations ├── README.md ├── add-persistent-isolation-segment-diego-cell.yml ├── add-persistent-isolation-segment-router.yml ├── addons │ ├── README.md │ ├── add-system-metrics-agent-windows2019.yml │ ├── add-system-metrics-agent.yml │ ├── component-syslog-custom-ca.yml │ ├── enable-component-syslog.yml │ └── example-vars-files │ │ └── vars-enable-component-syslog.yml ├── aws.yml ├── azure.yml ├── backup-and-restore │ ├── README.md │ ├── enable-backup-restore-azure.yml │ ├── enable-backup-restore-gcs.yml │ ├── enable-backup-restore-s3-unversioned.yml │ ├── enable-backup-restore-s3-versioned.yml │ ├── enable-backup-restore.yml │ ├── enable-restore-azure-clone.yml │ ├── enable-restore-nfs-broker.yml │ ├── enable-restore-smb-broker.yml │ ├── example-vars-files │ │ ├── vars-enable-backup-restore-gcs.yml │ │ ├── vars-enable-backup-restore-s3-unversioned.yml │ │ └── vars-enable-restore-azure-clone.yml │ ├── skip-backup-restore-droplets-and-packages.yml │ └── skip-backup-restore-droplets.yml ├── bosh-lite.yml ├── community │ ├── README.md │ ├── add-blobstore-internal-network-allow-rule.yml │ ├── change-metron-agent-deployment.yml │ └── use-haproxy.yml ├── configure-default-router-group.yml ├── disable-dynamic-asgs.yml ├── disable-http2.yml ├── disable-router-tls-termination.yml ├── disable-tls-tcp-routing-isolation-segment-stage-1-unproxied-ports.yml ├── disable-tls-tcp-routing-isolation-segment-stage-2-route-emitter.yml ├── disable-tls-tcp-routing-stage-1-unproxied-ports.yml ├── disable-tls-tcp-routing-stage-2-tcp-router-and-route-emitter.yml ├── enable-cc-rate-limiting.yml ├── enable-cc-v2-rate-limiting.yml ├── enable-cc-worker-metrics.yml ├── enable-cpu-throttling.yml ├── enable-nfs-ldap.yml ├── enable-nfs-volume-service.yml ├── enable-privileged-container-support.yml ├── enable-service-discovery.yml ├── enable-smb-volume-service.yml ├── enable-tls-on-file-server.yml ├── enable-v2-api.yml ├── example-vars-files │ ├── vars-enable-nfs-ldap.yml │ ├── vars-override-app-domains.yml │ ├── vars-rename-deployment.yml │ ├── vars-rename-network.yml │ ├── vars-use-alicloud-oss-blobstore-to-multi-bucket.yml │ ├── vars-use-alicloud-oss-blobstore.yml │ ├── vars-use-azure-storage-blobstore.yml │ ├── vars-use-blobstore-cdn.yml │ ├── vars-use-external-blobstore.yml │ ├── vars-use-external-dbs.yml │ ├── vars-use-gcs-blobstore-access-key.yml │ ├── vars-use-gcs-blobstore-service-account.yml │ ├── vars-use-operator-provided-router-tls-certificates.yml │ ├── vars-use-s3-blobstore.yml │ ├── vars-use-swift-blobstore.yml │ └── vars-use-trusted-ca-cert-for-apps.yml ├── experimental │ ├── README.md │ ├── add-cflinuxfs4.yml │ ├── add-metric-store.yml │ ├── add-otel-collector-windows.yml │ ├── add-otel-collector.yml │ ├── add-system-metrics-agent-windows2019.yml │ ├── add-system-metrics-agent.yml │ ├── colocate-smoke-tests-on-cc-worker.yml │ ├── disable-cf-credhub.yml │ ├── disable-interpolate-service-bindings.yml │ ├── disable-logs-in-firehose-windows2019.yml │ ├── disable-logs-in-firehose.yml │ ├── disable-tls-tcp-routing-windows-stage-1-unproxied-ports.yml │ ├── disable-tls-tcp-routing-windows-stage-2-route-emitter.yml │ ├── disable-v2-api.yml │ ├── enable-app-log-rate-limiting-windows2019.yml │ ├── enable-app-log-rate-limiting.yml │ ├── enable-bpm-garden.yml │ ├── enable-containerd-for-processes.yml │ ├── enable-cpu-throttling.yml │ ├── enable-direct-io-grootfs.yml │ ├── enable-iptables-logger.yml │ ├── enable-nginx-routing-integrity-windows2019.yml │ ├── enable-oci-phase-1.yml │ ├── enable-shadow-user-creation-by-org-managers.yml │ ├── enable-tls-cloud-controller-postgres.yml │ ├── enable-traffic-to-internal-networks.yml │ ├── example-vars-files │ │ └── vars-override-otel-collector-exporters.yml │ ├── fast-deploy-with-downtime-and-danger.yml │ ├── infrastructure-metrics.yml │ ├── rootless-containers.yml │ ├── set-cflinuxfs4-default-stack.yml │ ├── set-cpu-weight-windows2019.yml │ ├── set-cpu-weight.yml │ ├── use-compiled-releases-windows.yml │ ├── use-create-swap-delete-vm-strategy.yml │ ├── use-mysql-version-8.0.yml │ ├── use-native-garden-runc-runner.yml │ ├── use-noble-stemcell.yml │ └── use-trusted-ca-cert-for-apps-cflinuxfs4.yml ├── openstack.yml ├── override-app-domains.yml ├── rename-network-and-deployment.yml ├── scale-database-cluster.yml ├── scale-to-one-az.yml ├── set-bbs-active-key.yml ├── set-cpu-weight.yml ├── set-router-static-ips.yml ├── stop-skipping-tls-validation.yml ├── test │ ├── README.md │ ├── add-datadog-firehose-nozzle.yml │ ├── add-oidc-provider.yml │ ├── alter-ssh-proxy-redirect-uri.yml │ ├── enable-nfs-test-ldapserver.yml │ ├── enable-nfs-test-server.yml │ ├── enable-smb-test-server.yml │ ├── fips-stemcell.yml │ ├── scale-to-one-az-addon-parallel-cats.yml │ ├── set-smoke-test-timeout-scale.yml │ ├── speed-up-dynamic-asgs.yml │ └── use-cflinuxfs4-compat-isolation-segment-diego-cell.yml ├── use-absolute-cpu-entitlement-persistent-isolation-segment.yml ├── use-absolute-cpu-entitlement-windows2019.yml ├── use-absolute-cpu-entitlement.yml ├── use-alicloud-oss-blobstore-to-multi-bucket.yml ├── use-alicloud-oss-blobstore.yml ├── use-azure-storage-blobstore.yml ├── use-blobstore-cdn.yml ├── use-cflinuxfs4-compat.yml ├── use-compiled-releases.yml ├── use-external-blobstore.yml ├── use-external-dbs.yml ├── use-gcs-blobstore-access-key.yml ├── use-gcs-blobstore-service-account.yml ├── use-haproxy-public-network.yml ├── use-haproxy.yml ├── use-internal-lookup-for-route-services.yml ├── use-latest-stemcell.yml ├── use-latest-windows2019-stemcell.yml ├── use-metric-store.yml ├── use-offline-windows2019fs.yml ├── use-online-windows2019fs.yml ├── use-operator-provided-router-tls-certificates.yml ├── use-postgres.yml ├── use-s3-blobstore.yml ├── use-swift-blobstore.yml ├── use-trusted-ca-cert-for-apps.yml └── windows2019-cell.yml ├── ops-file-promotion-workflow.md ├── scripts ├── fixtures │ └── unit-test-vars-store.yml ├── test └── test-backup-and-restore.sh ├── texts ├── deployment-guide.md ├── issues-and-features-for-bosh.md ├── on-cloud-configs.md ├── on-release-spec-files.md ├── style-guide.md └── versioning.md └── units ├── README.md ├── go.mod ├── go.sum ├── helpers ├── check_interpolation.go ├── path.go ├── release_version.go ├── release_version_test.go └── suite.go ├── test ├── tests ├── addons_test │ ├── operations.yml │ └── operations_test.go ├── backup_and_restore_test │ ├── operations.yml │ └── operations_test.go ├── experimental_test │ ├── operations.yml │ └── operations_test.go ├── iaas_test │ ├── operations.yml │ └── operations_test.go ├── inline_test │ └── bits_service_webdav_inline_test.go ├── semantic_test │ └── semantic_test.go ├── standard_test │ ├── operations.yml │ └── operations_test.go └── test_test │ ├── operations.yml │ └── operations_test.go └── vendor ├── github.com ├── davecgh │ └── go-spew │ │ ├── LICENSE │ │ └── spew │ │ ├── bypass.go │ │ ├── bypasssafe.go │ │ ├── common.go │ │ ├── config.go │ │ ├── doc.go │ │ ├── dump.go │ │ ├── format.go │ │ └── spew.go ├── pmezard │ └── go-difflib │ │ ├── LICENSE │ │ └── difflib │ │ └── difflib.go ├── sergi │ └── go-diff │ │ ├── AUTHORS │ │ ├── CONTRIBUTORS │ │ ├── LICENSE │ │ └── diffmatchpatch │ │ ├── diff.go │ │ ├── diffmatchpatch.go │ │ ├── match.go │ │ ├── mathutil.go │ │ ├── operation_string.go │ │ ├── patch.go │ │ └── stringutil.go └── stretchr │ └── testify │ ├── LICENSE │ └── assert │ ├── assertion_compare.go │ ├── assertion_format.go │ ├── assertion_format.go.tmpl │ ├── assertion_forward.go │ ├── assertion_forward.go.tmpl │ ├── assertion_order.go │ ├── assertions.go │ ├── doc.go │ ├── errors.go │ ├── forward_assertions.go │ ├── http_assertions.go │ └── yaml │ ├── yaml_custom.go │ ├── yaml_default.go │ └── yaml_fail.go ├── gopkg.in └── yaml.v3 │ ├── LICENSE │ ├── NOTICE │ ├── README.md │ ├── apic.go │ ├── decode.go │ ├── emitterc.go │ ├── encode.go │ ├── parserc.go │ ├── readerc.go │ ├── resolve.go │ ├── scannerc.go │ ├── sorter.go │ ├── writerc.go │ ├── yaml.go │ ├── yamlh.go │ └── yamlprivateh.go └── modules.txt /.envrc: -------------------------------------------------------------------------------- 1 | export PROJECT_DIR=$PWD 2 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "gomod" 4 | directory: "/units" 5 | schedule: 6 | interval: "weekly" 7 | target-branch: "develop" 8 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | deployment-vars.yml 2 | tmp 3 | *hidden* 4 | .idea 5 | 6 | /* vars-store for unit tests */ 7 | units/test-vars-store.yml 8 | -------------------------------------------------------------------------------- /.overcommit.yml: -------------------------------------------------------------------------------- 1 | # Use this file to configure the Overcommit hooks you wish to use. This will 2 | # extend the default configuration defined in: 3 | # https://github.com/brigade/overcommit/blob/master/config/default.yml 4 | # 5 | # At the topmost level of this YAML file is a key representing type of hook 6 | # being run (e.g. pre-commit, commit-msg, etc.). Within each type you can 7 | # customize each hook, such as whether to only run it on certain files (via 8 | # `include`), whether to only display output if it fails (via `quiet`), etc. 9 | # 10 | # For a complete list of hooks, see: 11 | # https://github.com/brigade/overcommit/tree/master/lib/overcommit/hook 12 | # 13 | # For a complete list of options that you can use to customize hooks, see: 14 | # https://github.com/brigade/overcommit#configuration 15 | # 16 | # Uncomment the following lines to make the configuration take effect. 17 | --- 18 | verify_signatures: false 19 | 20 | CommitMsg: 21 | # SpellCheck: 22 | # enabled: true 23 | # description: 'Check for misspelled words' 24 | # required_executable: 'aspell' 25 | # flags: ['-a'] 26 | 27 | CapitalizedSubject: 28 | enabled: false 29 | 30 | EmptyMessage: 31 | enabled: false 32 | 33 | TrailingPeriod: 34 | enabled: false 35 | 36 | TextWidth: 37 | enabled: false 38 | 39 | SingleLineSubject: 40 | enabled: false 41 | 42 | PreCommit: 43 | ForbiddenBranches: 44 | enabled: true 45 | branch_patterns: ['master'] 46 | -------------------------------------------------------------------------------- /ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ### What is this issue about? 2 | 3 | _In your own words, describe the issue._ 4 | _What steps/actions led to the issue?_ 5 | 6 | 7 | ### What version of [cf-deployment](https://github.com/cloudfoundry/cf-deployment/releases) are you using? 8 | 9 | [cf-deployment vX.Y.Z here] 10 | 11 | 12 | ### Please include the `bosh deploy...` command, including all the operations files (plus any experimental operation files you're using): 13 | 14 | [bosh deploy command here] 15 | 16 | ### Please provide output that helps describe the issue: 17 | 18 | _It's helpful to include snippets of the error response or logs output_ 19 | 20 | 21 | ### What IaaS is this issue occurring on? 22 | 23 | [IaaS name(s) here] 24 | 25 | ### Is there anything else unique or special about your setup? 26 | 27 | [Description here] 28 | 29 | ### Tag your pair, your PM, and/or team! 30 | _It's helpful to tag a few other folks on your team or your team alias in case we need to follow up later._ 31 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | cf-deployment 2 | 3 | Copyright (c) 2016-Present CloudFoundry.org Foundation, Inc. All Rights Reserved. 4 | 5 | Licensed under the Apache License, Version 2.0 (the "License"); 6 | you may not use this file except in compliance with the License. 7 | You may obtain a copy of the License at 8 | 9 | http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | Unless required by applicable law or agreed to in writing, software 12 | distributed under the License is distributed on an "AS IS" BASIS, 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | See the License for the specific language governing permissions and 15 | limitations under the License. 16 | -------------------------------------------------------------------------------- /ci/configure: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -euo pipefail 4 | 5 | main() { 6 | local CF_D_PIPELINES=(cf-deployment update-releases pull-requests stemcell-bump) 7 | local PIPELINE=${1?"Valid input ${CF_D_PIPELINES[@]}"} 8 | 9 | if [[ -r "${PROJECT_DIR}/ci/template/${PIPELINE}.yml" ]]; then 10 | cat > "${PROJECT_DIR}/ci/pipelines/${PIPELINE}.yml" <> "${PROJECT_DIR}/ci/pipelines/${PIPELINE}.yml" 22 | fi 23 | 24 | set -x 25 | fly -t ard sp -p "${PIPELINE}" -c "${PROJECT_DIR}/ci/pipelines/${PIPELINE}.yml" 26 | } 27 | 28 | main "$@" 29 | -------------------------------------------------------------------------------- /ci/pipelines/ipv6-dual-stack-validation.md: -------------------------------------------------------------------------------- 1 | # noble-stemcell 2 | 3 | Test cf-d for IPV6 dual stack. 4 | 5 | ## Triggers 6 | 7 | This pipeline is automatically triggered for a develop branch. 8 | 9 | ## Cleanup 10 | 11 | If the pipeline succeeds, then it will clean up the CF BOSH deployment after itself. 12 | 13 | ## Pipeline Management 14 | 15 | This pipeline is managed directly by the `ci/pipelines/ipv6-dual-stack-validation.yml` file and the `ci/configure` script. To update the pipeline, run `ci/configure ipv6-dual-stack-validation`. -------------------------------------------------------------------------------- /ci/pipelines/noble-stemcell.md: -------------------------------------------------------------------------------- 1 | # noble-stemcell 2 | 3 | Test cf-d on the Ubuntu Noble stemcell. 4 | 5 | ## Triggers 6 | 7 | This pipeline is automatically triggered when new Noble stemcells are published to https://bosh.io/stemcells/#ubuntu-noble repository, or when a cf-d commit passes through the cf-deployment CI to be promoted to the `release-candidate` branch. 8 | 9 | ## Cleanup 10 | 11 | If the pipeline succeeds, then it will clean up the CF BOSH deployment after itself. 12 | 13 | ## Pipeline Management 14 | 15 | This pipeline is managed directly by the `ci/pipelines/noble-stemcell.yml` file and the `ci/configure` script. To update the pipeline, run `ci/configure noble-stemcell`. -------------------------------------------------------------------------------- /ci/pipelines/update-releases.md: -------------------------------------------------------------------------------- 1 | # update-releases 2 | 3 | Notes on the design of this pipeline are [here](https://miro.com/app/board/o9J_kxEuPlE=/) and [here](https://miro.com/app/board/o9J_kyXYXXo=/). 4 | 5 | ## Groups 6 | 7 | All groups pull from the same "pre-dev" pool of 4 environents. "pre-dev" stands for "pre-develop"; i.e. these pipelines are verifying changes are safe to merge into develop. 8 | 9 | _Given these environments are pooled when you need to re-run a job then the acquire lock jobs is the correct point of entry, not the failed job._ 10 | 11 | * update-linux-stemcell; note that major and minor stemcell bumps are handled differently. Major stemcell bumps; e.g. a kernel bump, recompile all bosh releases. Minors do not. Deploys and run cf-d smoke tests. 12 | 13 | * update-base-release; tests new releases of any bosh component that is in the base cf-deployment.yml. Deploys and runs cf-d smoke tests. 14 | 15 | * update-ops-release; tests new releases of any bosh component that is in any ops file. Deploys and runs cf-d smoke tests. 16 | 17 | * update-windows-stemcells-and-releases; bump the stemcell or component on develop. 18 | 19 | * debug; by default component bumps that fail will throw away their pooled environment. It is possible to put a component in debug mode so that the environment is kept on failure and if done the pipeline will be shown here. A component can be put in debug mode by specifying `debug: true` in [this file](https://github.com/cloudfoundry/cf-deployment/blob/develop/ci/input/inputs.yml) 20 | 21 | * cleanup; when a component bump fails the changes are placed onto a branch. This group cleans up these branches when they get old. 22 | 23 | * infrastructure; update-linux-stemcell pipeline uses a long-lived bbl environment managed by this infrastructure pipeline 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /ci/template/lib/bbl-down.lib.yml: -------------------------------------------------------------------------------- 1 | #@ def bbl_down(env): 2 | task: bbl-down 3 | file: cf-deployment-concourse-tasks/bbl-destroy/task.yml 4 | input_mapping: 5 | bbl-state: relint-envs 6 | pool-lock: pre-dev-pool 7 | params: 8 | BBL_JSON_CONFIG: pool-lock/metadata 9 | on_failure: 10 | do: 11 | - task: bbl-cleanup-leftovers 12 | file: runtime-ci/tasks/bbl-cleanup-leftovers/task.yml 13 | input_mapping: 14 | bbl-state: updated-bbl-state 15 | pool-lock: pre-dev-pool 16 | output_mapping: 17 | updated-bbl-state: clean-bbl-state 18 | params: 19 | BBL_JSON_CONFIG: pool-lock/metadata 20 | ensure: 21 | put: relint-envs 22 | params: 23 | repository: clean-bbl-state 24 | rebase: true 25 | on_success: 26 | put: relint-envs 27 | params: 28 | repository: updated-bbl-state 29 | rebase: true 30 | #@ end 31 | -------------------------------------------------------------------------------- /ci/template/lib/bbl-up.lib.yml: -------------------------------------------------------------------------------- 1 | #@ def bbl_up(env): 2 | task: bbl-up 3 | file: cf-deployment-concourse-tasks/bbl-up/task.yml 4 | params: 5 | BBL_JSON_CONFIG: pool-lock/metadata 6 | input_mapping: 7 | bbl-state: relint-envs 8 | bbl-config: relint-envs 9 | pool-lock: pre-dev-pool 10 | on_failure: 11 | do: 12 | - task: bbl-cleanup-leftovers 13 | file: runtime-ci/tasks/bbl-cleanup-leftovers/task.yml 14 | input_mapping: 15 | bbl-state: updated-bbl-state 16 | pool-lock: pre-dev-pool 17 | output_mapping: 18 | updated-bbl-state: clean-bbl-state 19 | params: 20 | BBL_JSON_CONFIG: pool-lock/metadata 21 | ensure: 22 | put: relint-envs 23 | params: 24 | repository: clean-bbl-state 25 | rebase: true 26 | on_success: 27 | put: relint-envs 28 | params: 29 | repository: updated-bbl-state 30 | rebase: true 31 | #@ end 32 | -------------------------------------------------------------------------------- /ci/template/lib/delete-deployment.lib.yml: -------------------------------------------------------------------------------- 1 | #@ def delete_deployment(env): 2 | task: delete-deployment 3 | file: cf-deployment-concourse-tasks/bosh-delete-deployment/task.yml 4 | input_mapping: 5 | bbl-state: relint-envs 6 | pool-lock: pre-dev-pool 7 | params: 8 | BBL_JSON_CONFIG: pool-lock/metadata 9 | IGNORE_ERRORS: true 10 | attempts: 3 11 | #@ end 12 | -------------------------------------------------------------------------------- /ci/template/lib/manage-gcp-dns.lib.yml: -------------------------------------------------------------------------------- 1 | #@ def manage_gcp_dns(action, env): 2 | task: #@ action + "-gcp-dns" 3 | file: runtime-ci/tasks/manage-gcp-dns/task.yml 4 | input_mapping: 5 | bbl-state: relint-envs 6 | pool-lock: pre-dev-pool 7 | params: 8 | BBL_JSON_CONFIG: pool-lock/metadata 9 | GCP_DNS_SERVICE_ACCOUNT_KEY: ((ci_dns_admin_gcp_service_account_json)) 10 | GCP_DNS_ZONE_NAME: wg-ard 11 | ACTION: #@ action 12 | #@ end 13 | -------------------------------------------------------------------------------- /ci/template/lib/update-release.lib.yml: -------------------------------------------------------------------------------- 1 | #@ def update_release(release, type, branch, use_updated_cf_d = False): 2 | #@ if type == "manifest": 3 | #@ task_name = "update-release-{}-{}".format(release.name, branch) 4 | #@ else: 5 | #@ task_name = "update-additional-ops-files-{}-{}".format(release.name, branch) 6 | #@ end 7 | #@ if use_updated_cf_d: 8 | #@ cf_deployment_input = "updated-cf-deployment-{}-{}".format(release.name, branch) 9 | #@ else: 10 | #@ cf_deployment_input = "cf-deployment-{}".format(branch) 11 | #@ end 12 | task: #@ task_name 13 | file: #@ "runtime-ci/tasks/update-single-{}-release/task.yml".format(type) 14 | input_mapping: 15 | #@ if type == "manifest": 16 | cf-deployment: #@ cf_deployment_input 17 | #@ else: 18 | original-ops-file: #@ cf_deployment_input 19 | #@ end 20 | release: #@ release.name + "-release" 21 | output_mapping: 22 | #@ if type == "manifest": 23 | updated-cf-deployment: #@ "updated-cf-deployment-{}-{}".format(release.name, branch) 24 | #@ else: 25 | updated-ops-file: #@ "updated-cf-deployment-{}-{}".format(release.name, branch) 26 | #@ end 27 | params: 28 | RELEASE_NAME: #@ release.name 29 | #@ end 30 | -------------------------------------------------------------------------------- /iaas-support/README.md: -------------------------------------------------------------------------------- 1 | # IaaS Support 2 | 3 | **Note:** The Release Integration team does not maintain nor validate deployments to IaaSes other than GCP and AWS. 4 | Deployers to other IaaS such as those listed below (with the exception of BOSH Lite) will need to rely on the general CF community for support on IaaS-related issues. 5 | 6 | The examples in this directory 7 | are **not** under continuous test, 8 | and may not be up to date. 9 | 10 | They are intended to be a useful starting place. 11 | For more information about 12 | cf-deployment's use of cloud configs, 13 | please see [On Cloud Configs](../texts/on-cloud-configs.md). 14 | 15 | The examples are variablized. 16 | You may be able to use them unmodified 17 | (beyond filling in the appropriate vars) 18 | with `bosh update-cloud-config /cloud-config.yml -l /cloud-config-vars.yml`. 19 | 20 | ## IaaS Details 21 | 22 | See the READMEs for each IaaS: 23 | 24 | - [bosh-lite](bosh-lite/README.md) 25 | - [openstack](openstack/README.md) 26 | - [vsphere](vsphere/README.md) 27 | - [softlayer](softlayer/README.md) 28 | - [alicloud](alicloud/README.md) 29 | -------------------------------------------------------------------------------- /iaas-support/alicloud/cloud-config-vars.yml: -------------------------------------------------------------------------------- 1 | az1_zone: 2 | az1_vswitch_range: 3 | az1_vswitch_gateway: 4 | az1_vswitch_id: 5 | 6 | az2_zone: 7 | az2_vswitch_range: 8 | az2_vswitch_gateway: 9 | az2_vswitch_id: 10 | 11 | az3_zone: 12 | az3_vswitch_range: 13 | az3_vswitch_gateway: 14 | az3_vswitch_id: 15 | 16 | security_group_id_1: 17 | security_group_id_2: 18 | security_group_id_3: 19 | 20 | http_slb_id_array: [] 21 | tcp_slb_id_array: [] 22 | -------------------------------------------------------------------------------- /iaas-support/alicloud/cloud-config.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | cloud_properties: 4 | availability_zone: ((az1_zone)) 5 | - name: z2 6 | cloud_properties: 7 | availability_zone: ((az2_zone)) 8 | - name: z3 9 | cloud_properties: 10 | availability_zone: ((az3_zone)) 11 | 12 | vm_types: 13 | - name: minimal 14 | cloud_properties: 15 | instance_type: ecs.mn4.small 16 | ephemeral_disk: {size: "51_200"} 17 | - name: small 18 | cloud_properties: 19 | instance_type: ecs.sn2.medium 20 | ephemeral_disk: {size: "51_200"} 21 | - name: default 22 | cloud_properties: 23 | instance_type: ecs.sn2.medium 24 | ephemeral_disk: {size: "51_200"} 25 | - name: small-highmem 26 | cloud_properties: 27 | instance_type: ecs.sn2ne.xlarge 28 | ephemeral_disk: {size: "51_200"} 29 | - name: medium 30 | cloud_properties: 31 | instance_type: ecs.sn1ne.2xlarge 32 | ephemeral_disk: {size: "51_200"} 33 | - name: compiler 34 | cloud_properties: 35 | instance_type: ecs.sn1.large 36 | ephemeral_disk: {size: "51_200"} 37 | 38 | disk_types: 39 | - name: 5GB 40 | disk_size: 20_480 41 | - name: 10GB 42 | disk_size: 20_480 43 | - name: 100GB 44 | disk_size: 102_400 45 | 46 | vm_extensions: 47 | - name: 5GB_ephemeral_disk 48 | cloud_properties: 49 | ephemeral_disk: {size: "20_480"} 50 | - name: 10GB_ephemeral_disk 51 | cloud_properties: 52 | ephemeral_disk: {size: "20_480"} 53 | - name: 50GB_ephemeral_disk 54 | cloud_properties: 55 | ephemeral_disk: {size: "50_120"} 56 | - name: 100GB_ephemeral_disk 57 | cloud_properties: 58 | ephemeral_disk: {size: "102_400"} 59 | - name: 500GB_ephemeral_disk 60 | cloud_properties: 61 | ephemeral_disk: {size: "512_000"} 62 | - name: 1TB_ephemeral_disk 63 | cloud_properties: 64 | ephemeral_disk: {size: "1024_000"} 65 | - name: cf-router-network-properties 66 | cloud_properties: 67 | slbs: ((http_slb_id_array)) 68 | - name: cf-tcp-router-network-properties 69 | cloud_properties: 70 | slbs: ((tcp_slb_id_array)) 71 | - name: diego-ssh-proxy-network-properties 72 | 73 | networks: 74 | - name: default 75 | type: manual 76 | subnets: 77 | - range: ((az1_vswitch_range)) 78 | gateway: ((az1_vswitch_gateway)) 79 | az: z1 80 | dns: [8.8.8.8] 81 | cloud_properties: 82 | vswitch_id: ((az1_vswitch_id)) 83 | security_group_ids: 84 | - ((security_group_id_1)) 85 | - ((security_group_id_2)) 86 | - range: ((az2_vswitch_range)) 87 | gateway: ((az2_vswitch_gateway)) 88 | az: z2 89 | dns: [8.8.8.8] 90 | cloud_properties: 91 | vswitch_id: ((az2_vswitch_id)) 92 | security_group_ids: 93 | - ((security_group_id_1)) 94 | - ((security_group_id_2)) 95 | - range: ((az3_vswitch_range)) 96 | gateway: ((az3_vswitch_gateway)) 97 | az: z3 98 | dns: [8.8.8.8] 99 | cloud_properties: 100 | vswitch_id: ((az3_vswitch_id)) 101 | security_group_ids: [((security_group_id_3))] 102 | - name: vip 103 | type: vip 104 | 105 | compilation: 106 | workers: 5 107 | reuse_compilation_vms: true 108 | az: z1 109 | vm_type: compiler 110 | network: default 111 | -------------------------------------------------------------------------------- /iaas-support/alicloud/download-releases.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | #========= 4 | # $1 cf deployment manifest name. Default to cf-deployment/cf-deployment.yml 5 | # $2 local downloading releases directory. Default to "$(pwd)/cf-deployment-releases". 6 | #========= 7 | 8 | RELEASES_ON_LOCAL=$2 9 | if [[ $RELEASES_ON_LOCAL == "" ]]; then 10 | RELEASES_ON_LOCAL=$(pwd)/releases 11 | elif [[ $RELEASES_ON_LOCAL == */ ]]; then 12 | tmp = $RELEASES_ON_LOCAL 13 | RELEASES_ON_LOCAL= ${tmp%?} 14 | fi 15 | 16 | if [[ ! -d "$RELEASES_ON_LOCAL" ]]; then 17 | mkdir "$RELEASES_ON_LOCAL" 18 | fi 19 | 20 | CF_DEPLOYMENT=$1 21 | if [[ $CF_DEPLOYMENT == "" ]]; then 22 | CF_DEPLOYMENT = cf-deployment/cf-deployment.yml 23 | fi 24 | 25 | CF_DEPLOYMENT_LOCAL=${RELEASES_ON_LOCAL}/cf-deployment-local.yml 26 | echo "" > ${CF_DEPLOYMENT_LOCAL} 27 | 28 | OLD_IFS="$IFS" 29 | RELEASES=false 30 | RELEASE_NAME="" 31 | cat $CF_DEPLOYMENT | while read LINE 32 | do 33 | if [[ $LINE == releases: ]]; then 34 | echo $LINE 35 | RELEASES=true 36 | fi 37 | 38 | if [[ $LINE == stemcells: && $RELEASES == true ]]; then 39 | echo $LINE 40 | RELEASES=false 41 | fi 42 | 43 | if [[ ${RELEASES} == true ]]; then 44 | echo $LINE 45 | if [[ $LINE == *name:* ]]; then 46 | IFS="$OLD_IFS" 47 | read -r -a Words <<< $LINE 48 | RELEASE_NAME=${Words[2]} 49 | fi 50 | 51 | if [[ $LINE == *url:* ]]; then 52 | IFS="$OLD_IFS" 53 | read -r -a Words <<< $LINE 54 | wget -c -p -np -nd ${Words[1]} -O ${RELEASES_ON_LOCAL}/${RELEASE_NAME}-release.tgz 55 | continue 56 | fi 57 | 58 | if [[ $LINE == *version:* ]]; then 59 | echo " $LINE" | sed 's/version: .*/version: latest/g' >> $CF_DEPLOYMENT_LOCAL 60 | continue 61 | fi 62 | 63 | if [[ $LINE == *sha1:* ]]; then 64 | continue 65 | fi 66 | fi 67 | IFS= 68 | OIFS=$IFS 69 | echo $LINE >> $CF_DEPLOYMENT_LOCAL 70 | done 71 | -------------------------------------------------------------------------------- /iaas-support/alicloud/stemcells.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Light Stemcells 3 | - type: replace 4 | path: /stemcells/alias=default/version? 5 | value: 1018 6 | -------------------------------------------------------------------------------- /iaas-support/alicloud/upload-releases.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | #========= 4 | # $1 release local directory. Default to $(pwd) 5 | # $2 bosh director name 6 | #========= 7 | 8 | # upload cf release 9 | RELEASES_ON_LOCAL=$1 10 | if [[ $RELEASES_ON_LOCAL == "" ]]; then 11 | RELEASES_ON_LOCAL=$(pwd) 12 | elif [[ $RELEASES_ON_LOCAL == */ ]]; then 13 | tmp = $RELEASES_ON_LOCAL 14 | RELEASES_ON_LOCAL= ${tmp%?} 15 | fi 16 | 17 | for file_r in ${RELEASES_ON_LOCAL}/*; do 18 | temp_file=`basename $file_r` 19 | if [[ $temp_file == *.tgz ]]; then 20 | if [[ $2 == "" ]]; then 21 | bosh upload-release ${RELEASES_ON_LOCAL}/$temp_file 22 | else 23 | bosh -e $2 upload-release ${RELEASES_ON_LOCAL}/$temp_file 24 | fi 25 | fi 26 | done 27 | -------------------------------------------------------------------------------- /iaas-support/bosh-lite/README.md: -------------------------------------------------------------------------------- 1 | # Deploying Cloud Foundry against bosh-lite using bosh-bootloader (aka bbl) 2 | 3 | ## Prerequisites 4 | 5 | - You are using `GCP` or `AWS` - `bbl` only supports these 6 | - `bbl` is installed 7 | - You have set the required environment variables for your IaaS environment as documented in `bbl up --help` and also the [README](https://github.com/cloudfoundry/bosh-bootloader/blob/main/README.md) of bosh-bootloader 8 | - You have both `cf-deployment` and `bosh-deployment` repos handy 9 | 10 | ## 1. Obtain the plan patch and bbl up 11 | 12 | `bbl` allows you to modify 13 | the IaaS resources it creates 14 | and the ops files it uses 15 | by passing it a `plan-patch.` 16 | 17 | To deploy BOSH lite to GCP 18 | you will need the [`bosh-lite-gcp`](https://github.com/cloudfoundry/bosh-bootloader/tree/main/plan-patches/bosh-lite-gcp) plan patch. 19 | More information about [plan-patches](https://github.com/cloudfoundry/bosh-bootloader/tree/main/plan-patches) 20 | can be found in the [BOSH Bootloader](https://github.com/cloudfoundry/bosh-bootloader) repository. 21 | 22 | You will need to run `bbl plan` 23 | before you modify it with the plan patch. 24 | `git clone` the bosh-bootloader repository 25 | to a local directory 26 | and then run the following commands. 27 | 28 | ``` 29 | mkdir -p my-env/bbl-state && cd my-env/bbl-state 30 | bbl plan --name my-env 31 | cp -r /path/to/patch-dir/. . 32 | bbl up 33 | ``` 34 | 35 | The path to the plan patch should be something like 36 | `~/workspace/bosh-bootloader/plan-patches/bosh-lite-gcp/` 37 | 38 | ## 2. Set up DNS 39 | To make sure your system and app domains resolve, you will need to set up DNS to 40 | point at your BOSH Director. For this, you will need to 41 | 1. Find the value of `director__external_ip` by running `bbl outputs` 42 | 1. Create a wildcard `A` record `*.` and point it 43 | at the external IP of the BOSH director from step 1 44 | 45 | ## 3. Targeting 46 | 47 | There a several ways to target a bosh director. 48 | This doc will use environment variables. 49 | 50 | ``` 51 | eval "$(bbl print-env)" 52 | ``` 53 | 54 | ## 4. Upload a `runtime-config` 55 | 56 | `cf-deployment` requires that you have uploaded a [runtime-config](https://bosh.io/docs/runtime-config/) for [BOSH DNS](https://bosh.io/docs/dns/). 57 | 58 | We recommended that you use the one provided by the [bosh-deployment](https://github.com/cloudfoundry/bosh-deployment/blob/master/runtime-configs/dns.yml) repo: 59 | 60 | ``` 61 | bosh update-runtime-config bosh-deployment/runtime-configs/dns.yml --name dns 62 | ``` 63 | 64 | ## 5. Upload a stemcell 65 | 66 | With your bosh director targeted: 67 | ``` 68 | STEMCELL_VERSION=$(bosh interpolate cf-deployment/cf-deployment.yml --path /stemcells/alias=default/version) 69 | 70 | bosh \ 71 | upload-stemcell \ 72 | https://bosh.io/d/stemcells/bosh-warden-boshlite-ubuntu-jammy-go_agent?v=${STEMCELL_VERSION} 73 | ``` 74 | 75 | 76 | ## 6. Deploy CF 77 | 78 | With your bosh director targeted: 79 | ``` 80 | bosh \ 81 | -d cf \ 82 | deploy \ 83 | cf-deployment/cf-deployment.yml \ 84 | -o cf-deployment/operations/bosh-lite.yml \ 85 | -v system_domain= 86 | ``` 87 | -------------------------------------------------------------------------------- /iaas-support/bosh-lite/cloud-config.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | - name: z2 4 | - name: z3 5 | compilation: 6 | az: z1 7 | network: default 8 | reuse_compilation_vms: true 9 | vm_type: minimal 10 | workers: 6 11 | disk_types: 12 | - disk_size: 1024 13 | name: 1GB 14 | - disk_size: 5120 15 | name: 5GB 16 | - disk_size: 10240 17 | name: 10GB 18 | - disk_size: 100240 19 | name: 100GB 20 | # Note: the "default" disk type is not used in cf-deployment. 21 | # it is included for compatibility with the bosh-deployment 22 | # cloud-config. 23 | - disk_size: 1024 24 | name: default 25 | networks: 26 | - name: default 27 | subnets: 28 | - azs: [z1, z2, z3] 29 | cloud_properties: 30 | name: random 31 | gateway: 10.244.0.1 32 | range: 10.244.0.0/20 33 | reserved: 34 | - 10.244.0.1 35 | static: 36 | - 10.244.0.2 - 10.244.0.127 37 | - 10.244.1.0 - 10.244.1.127 38 | - 10.244.2.0 - 10.244.2.127 39 | - 10.244.3.0 - 10.244.3.127 40 | vm_extensions: 41 | - name: 5GB_ephemeral_disk 42 | - name: 10GB_ephemeral_disk 43 | - name: 50GB_ephemeral_disk 44 | - name: 100GB_ephemeral_disk 45 | - name: 500GB_ephemeral_disk 46 | - name: 1TB_ephemeral_disk 47 | - name: ssh-proxy-and-router-lb 48 | cloud_properties: 49 | ports: 50 | - host: 80 51 | - host: 443 52 | - host: 2222 53 | - name: cf-tcp-router-network-properties 54 | cloud_properties: 55 | ports: 56 | - host: 1024-1123 57 | vm_types: 58 | - name: minimal 59 | - name: small 60 | - name: small-highmem 61 | - name: medium 62 | # Note: the "default" vm type is not used in cf-deployment. 63 | # it is included for compatibility with the bosh-deployment 64 | # cloud-config. 65 | - name: default 66 | -------------------------------------------------------------------------------- /iaas-support/cf-testing-for-new-iaas.md: -------------------------------------------------------------------------------- 1 | ## CF testing for New IaaS 2 | The intended audience for this document are potential IaaS partners that want to enable the deployment of Cloud Foundry on their IaaS. 3 | Fulfilling the requirements outlined below will provide visibility into the maturity and stability of a prospective IaaS with regards to the deployment of BOSH and a Cloud Foundry foundation. 4 | 5 | 1. The partner must maintain two publicly accessible CI pipelines 6 | - One pipeline should deploy BOSH fresh via bosh-deployment, deploy a foundation fresh via [cf-deployment](https://github.com/cloudfoundry/cf-deployment) [1], run a subset of [`cf-acceptance-tests` (CATs)](https://github.com/cloudfoundry/cf-acceptance-tests) [2], and then tear down CF and BOSH via BOSH commands 7 | - The other pipeline should execute the initial deploy or upgrade BOSH idempotently via bosh-deployment, deploy or upgrade CFAR idempotently via cf-deployment [1], and run the same subset of CATs [2] 8 | 1. Any update to upstream bosh-deployment repo, cf-deployment repo, partner CPI, stemcell, or CATs repo should trigger new runs of both pipelines 9 | 1. Additionally, the pipelines should both be triggered every day even if none of the pipeline inputs has changed, to ensure sufficient data to assess platform stability 10 | 1. Stability will be determined by a success rate greater than or equal to 86% of all BOSH deployment, CF deployment, and CATs runs over the trailing 1 month 11 | 12 | **[1]** cf-deployment should be deployed with no modifications or ops-files, aside from IaaS-specific modifications such as using the IaaS’s blobstore or RDBMS service; the ops-files used for the above modifications must be publicly available for review by core CFF development teams. 13 | 14 | **[2]** A config file controls which CATs tests are run. The [example config](https://github.com/cloudfoundry/cf-acceptance-tests/blob/main/example-cats-config.json) in the CATs GitHub repo will configure CATs to run the subset of tests required here. 15 | In addition to using the example configuration provided, CATs must be run via ginkgo with no flake attempts. 16 | -------------------------------------------------------------------------------- /iaas-support/openstack/cloud-config-vars.yml: -------------------------------------------------------------------------------- 1 | availability_zone1: 2 | availability_zone2: 3 | availability_zone3: 4 | 5 | network_id1: 6 | network_id2: 7 | network_id3: -------------------------------------------------------------------------------- /iaas-support/openstack/cloud-config.yml: -------------------------------------------------------------------------------- 1 | vm_types: 2 | - name: minimal 3 | cloud_properties: 4 | instance_type: minimal 5 | - name: small 6 | cloud_properties: 7 | instance_type: small 8 | - name: small-highmem 9 | cloud_properties: 10 | instance_type: small-highmem 11 | - name: small-50GB-ephemeral-disk 12 | cloud_properties: 13 | instance_type: small-50GB-ephemeral-disk 14 | - name: small-highmem-100GB-ephemeral-disk 15 | cloud_properties: 16 | instance_type: small-highmem-100GB-ephemeral-disk 17 | - name: medium 18 | cloud_properties: 19 | instance_type: medium 20 | 21 | disk_types: 22 | - name: 5GB 23 | disk_size: 5000 24 | - name: 10GB 25 | disk_size: 10000 26 | - name: 100GB 27 | disk_size: 100000 28 | 29 | vm_extensions: 30 | - name: cf-router-network-properties 31 | cloud_properties: 32 | security_groups: [cf, cf-lb-https-router] 33 | loadbalancer_pools: 34 | - name: cf-https-pool 35 | port: 443 36 | - name: diego-ssh-proxy-network-properties 37 | cloud_properties: 38 | security_groups: [cf, cf-lb-ssh-diego-brain] 39 | loadbalancer_pools: 40 | - name: cf-ssh-pool 41 | port: 2222 42 | - name: cf-tcp-router-network-properties 43 | cloud_properties: 44 | security_groups: [cf, cf-lb-tcp-router] 45 | loadbalancer_pools: 46 | - name: cf-tcp-pool-1024 47 | port: 1024 48 | - name: cf-tcp-pool-1025 49 | port: 1025 50 | - name: cf-tcp-pool-1026 51 | port: 1026 52 | - name: cf-tcp-pool-1027 53 | port: 1027 54 | - name: cf-tcp-pool-1028 55 | port: 1028 56 | - name: cf-tcp-pool-1029 57 | port: 1029 58 | - name: cf-tcp-pool-1030 59 | port: 1030 60 | - name: cf-tcp-pool-1031 61 | port: 1031 62 | - name: cf-tcp-pool-1032 63 | port: 1032 64 | - name: cf-tcp-pool-1033 65 | port: 1033 66 | 67 | azs: 68 | - name: z1 69 | cloud_properties: 70 | availability_zone: ((availability_zone1)) 71 | - name: z2 72 | cloud_properties: 73 | availability_zone: ((availability_zone2)) 74 | - name: z3 75 | cloud_properties: 76 | availability_zone: ((availability_zone3)) 77 | 78 | networks: 79 | - name: default 80 | type: manual 81 | subnets: 82 | - az: z1 83 | range: 10.0.16.0/20 84 | reserved: [10.0.16.2-10.0.16.50] 85 | gateway: 10.0.16.1 86 | cloud_properties: 87 | net_id: ((network_id1)) 88 | security_groups: [cf] 89 | - az: z2 90 | range: 10.0.32.0/20 91 | reserved: [10.0.32.2-10.0.32.50] 92 | gateway: 10.0.32.1 93 | cloud_properties: 94 | net_id: ((network_id2)) 95 | security_groups: [cf] 96 | - az: z3 97 | range: 10.0.48.0/20 98 | reserved: [10.0.48.2-10.0.48.50] 99 | gateway: 10.0.48.1 100 | cloud_properties: 101 | net_id: ((network_id3)) 102 | security_groups: [cf] 103 | 104 | compilation: 105 | workers: 5 106 | reuse_compilation_vms: true 107 | vm_type: minimal 108 | network: default 109 | az: z1 110 | -------------------------------------------------------------------------------- /iaas-support/openstack/flavors.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: minimal 3 | ram: 3840 4 | vcpus: 1 5 | ephemeral: 10 6 | - name: small 7 | ram: 7680 8 | vcpus: 2 9 | ephemeral: 14 10 | - name: small-highmem 11 | ram: 31232 12 | vcpus: 4 13 | ephemeral: 10 14 | - name: small-50GB-ephemeral-disk 15 | ram: 7680 16 | vcpus: 2 17 | ephemeral: 50 18 | - name: small-highmem-100GB-ephemeral-disk 19 | ram: 31232 20 | vcpus: 4 21 | ephemeral: 100 22 | - name: medium 23 | ram: 16384 24 | vcpus: 8 25 | ephemeral: 50 26 | -------------------------------------------------------------------------------- /iaas-support/softlayer/README.md: -------------------------------------------------------------------------------- 1 | # Deploy Cloud Foundry on a Softlayer Bosh-Lite Director 2 | **Note about support:** The Release Integration team does not maintain nor validate Softlayer deployments and Softlayer deployers must rely on the general CF community for support. 3 | 4 | To deploy Cloud Foundry on a Softlayer VM with a Bosh-Lite director, 5 | you will need to follow 6 | the default Bosh-Lite instructions 7 | with one addition. 8 | Because the director is public, 9 | the `system_domain` property 10 | cannot be `bosh-lite.com`. 11 | You will need to replace 12 | the `system_domain` 13 | with your own 14 | static or dynamic DNS domain 15 | (which should point to the director VM). 16 | In order to resolve the custom domain, it is required 17 | to add the Bosh DNS alias for your `system_domain`. 18 | 19 | The updated `deploy` command is the following: 20 | 21 | ``` 22 | bosh -e deploy -d cf cf-deployment/cf-deployment.yml \ 23 | -o cf-deployment/operations/bosh-lite.yml \ 24 | -o cf-deployment/iaas-support/softlayer/add-system-domain-dns-alias.yml \ 25 | -v system_domain= 26 | ``` 27 | -------------------------------------------------------------------------------- /iaas-support/softlayer/add-system-domain-dns-alias.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /addons/name=bosh-dns-aliases/jobs/name=bosh-dns-aliases/properties/aliases/domain=_.((system_domain))?/targets/- 3 | value: 4 | query: 10.244.0.34 5 | -------------------------------------------------------------------------------- /iaas-support/vsphere/README.md: -------------------------------------------------------------------------------- 1 | # Deploying Cloud Foundry on Vsphere 2 | **Note about support:** The Release Integration team does not maintain nor validate Vsphere deployments and Vsphere deployers must rely on the general CF community for support. 3 | 4 | In this directory, we provide an example `cloud-config.yml` for Vsphere. 5 | 6 | For more information, see the [BOSH documentation](https://bosh.io/docs/init-vsphere.html). 7 | -------------------------------------------------------------------------------- /iaas-support/vsphere/cloud-config-vars.yml: -------------------------------------------------------------------------------- 1 | z1_cluster: 2 | z1_resource_pool: 3 | z1_datacenter_name: 4 | z1_network_name: 5 | z1_network_gateway: 6 | z1_network_dns_array: [] 7 | z1_network_range: 8 | z1_network_reserved_array: [] 9 | 10 | z2_cluster: 11 | z2_resource_pool: 12 | z2_datacenter_name: 13 | z2_network_name: 14 | z2_network_gateway: 15 | z2_network_dns_array: [] 16 | z2_network_range: 17 | z2_network_reserved_array: [] 18 | 19 | z3_cluster: 20 | z3_resource_pool: 21 | z3_datacenter_name: 22 | z3_network_name: 23 | z3_network_gateway: 24 | z3_network_dns_array: [] 25 | z3_network_range: 26 | z3_network_reserved_array: [] -------------------------------------------------------------------------------- /iaas-support/vsphere/cloud-config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | azs: 3 | - name: z1 4 | cloud_properties: 5 | datacenters: 6 | - clusters: 7 | - ((z1_cluster)): 8 | resource_pool: ((z1_resource_pool)) 9 | name: ((z1_datacenter_name)) 10 | - name: z2 11 | cloud_properties: 12 | datacenters: 13 | - clusters: 14 | - ((z2_cluster)): 15 | resource_pool: ((z2_resource_pool)) 16 | name: ((z2_datacenter_name)) 17 | - name: z3 18 | cloud_properties: 19 | datacenters: 20 | - clusters: 21 | - ((z3_cluster)): 22 | resource_pool: ((z3_resource_pool)) 23 | name: ((z3_datacenter_name)) 24 | 25 | networks: 26 | - name: default 27 | subnets: 28 | - az: z1 29 | gateway: ((z1_network_gateway)) 30 | dns: ((z1_network_dns_array)) 31 | range: ((z1_network_range)) 32 | reserved: ((z1_network_reserved_array)) 33 | cloud_properties: 34 | name: ((z1_network_name)) 35 | - az: z2 36 | gateway: ((z2_network_gateway)) 37 | dns: ((z2_network_dns_array)) 38 | range: ((z2_network_range)) 39 | reserved: ((z2_network_reserved_array)) 40 | cloud_properties: 41 | name: ((z2_network_name)) 42 | - az: z3 43 | gateway: ((z3_network_gateway)) 44 | dns: ((z3_network_dns_array)) 45 | range: ((z3_network_range)) 46 | reserved: ((z3_network_reserved_array)) 47 | cloud_properties: 48 | name: ((z3_network_name)) 49 | 50 | vm_types: 51 | - name: minimal 52 | cloud_properties: 53 | cpu: 1 54 | ram: 4096 55 | disk: 10240 56 | - name: small 57 | cloud_properties: 58 | cpu: 2 59 | ram: 8192 60 | disk: 10240 61 | - name: small-highmem 62 | cloud_properties: 63 | cpu: 4 64 | ram: 32768 65 | disk: 10240 66 | - name: medium 67 | cloud_properties: 68 | cpu: 8 69 | ram: 16384 70 | disk: 10240 71 | 72 | disk_types: 73 | - disk_size: 5120 74 | name: 5GB 75 | - disk_size: 10240 76 | name: 10GB 77 | - disk_size: 100240 78 | name: 100GB 79 | 80 | vm_extensions: 81 | - name: cf-router-network-properties 82 | - name: cf-tcp-router-network-properties 83 | - name: diego-ssh-proxy-network-properties 84 | - name: 50GB_ephemeral_disk 85 | cloud_properties: 86 | disk: 51200 87 | - name: 100GB_ephemeral_disk 88 | cloud_properties: 89 | disk: 102400 90 | 91 | compilation: 92 | workers: 5 93 | reuse_compilation_vms: true 94 | az: z1 95 | vm_type: small-highmem 96 | network: default -------------------------------------------------------------------------------- /operations/add-persistent-isolation-segment-router.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # --- enable iso-seg smoke tests --- 3 | - type: replace 4 | path: /instance_groups/name=smoke-tests/jobs/name=smoke_tests/properties/smoke_tests/enable_isolation_segment_tests? 5 | value: true 6 | 7 | - type: replace 8 | path: /instance_groups/name=smoke-tests/jobs/name=smoke_tests/properties/smoke_tests/isolation_segment_name? 9 | value: persistent_isolation_segment 10 | 11 | - type: replace 12 | path: /instance_groups/name=smoke-tests/jobs/name=smoke_tests/properties/smoke_tests/isolation_segment_domain? 13 | value: "iso-seg.((system_domain))" 14 | 15 | - type: replace 16 | path: /instance_groups/- 17 | value: 18 | name: iso-seg-router 19 | azs: 20 | - z1 21 | instances: 1 22 | vm_type: minimal 23 | vm_extensions: 24 | - iso-seg-cf-router-network-properties 25 | stemcell: default 26 | update: 27 | serial: true 28 | networks: 29 | - name: default 30 | jobs: 31 | - name: gorouter 32 | release: routing 33 | properties: 34 | nats: 35 | tls_enabled: true 36 | cert_chain: "((nats_client_cert.certificate))" 37 | private_key: "((nats_client_cert.private_key))" 38 | router: 39 | isolation_segments: 40 | - persistent_isolation_segment 41 | routing_table_sharding_mode: segments 42 | ssl_skip_validation: true 43 | enable_ssl: true 44 | ca_certs: 45 | - ((diego_instance_identity_ca.ca)) 46 | - ((cc_tls.ca)) 47 | - ((uaa_ssl.ca)) 48 | backends: 49 | cert_chain: ((gorouter_backend_tls.certificate)) 50 | private_key: ((gorouter_backend_tls.private_key)) 51 | tls_pem: 52 | - cert_chain: "((router_ssl.certificate))" 53 | private_key: "((router_ssl.private_key))" 54 | status: 55 | password: "((router_status_password))" 56 | user: router-status 57 | tls: 58 | port: 8443 59 | certificate: ((gorouter_lb_health_tls.certificate)) 60 | key: ((gorouter_lb_health_tls.private_key)) 61 | route_services_secret: "((router_route_services_secret))" 62 | tracing: 63 | enable_zipkin: true 64 | routing_api: 65 | enabled: true 66 | uaa: 67 | clients: 68 | gorouter: 69 | secret: "((uaa_clients_gorouter_secret))" 70 | ca_cert: "((uaa_ssl.ca))" 71 | ssl: 72 | port: 8443 73 | 74 | - type: replace 75 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/routing_table_sharding_mode? 76 | value: shared-and-segments 77 | 78 | - type: replace 79 | path: /instance_groups/name=router/jobs/name=gorouter/provides?/gorouter/as 80 | value: router_primary 81 | 82 | - type: replace 83 | path: /instance_groups/name=api/jobs/name=routing-api/consumes?/gorouter/from 84 | value: router_primary 85 | 86 | - type: replace 87 | path: /instance_groups/name=uaa/jobs/name=uaa/consumes?/router/from 88 | value: router_primary 89 | 90 | - type: replace 91 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/app_domains/- 92 | value: "iso-seg.((system_domain))" 93 | -------------------------------------------------------------------------------- /operations/addons/README.md: -------------------------------------------------------------------------------- 1 | # cf-deployment Addons Ops-files 2 | The opsfiles in this directory 3 | can be applied to both 4 | [runtime configs][runtime-config-docs] and 5 | manifests. 6 | 7 | - For General Ops-files, check out the [Ops-file README](../README.md). 8 | - For Backup and Restore Ops-files (for configuring your deployment for use with [BBR](https://github.com/cloudfoundry-incubator/bosh-backup-and-restore)), checkout the [Backup and Restore Ops-files README](../backup-and-restore/README.md). 9 | - For Community Ops-files, check out the [Community Ops-file README](../community/README.md). 10 | - For Experimental Ops-files, check out the [Experimental Ops-file README](../experimental/README.md). 11 | 12 | We recommend the use 13 | of runtime configs 14 | for cross-cutting concerns 15 | related to multiple deployments. 16 | 17 | Some deployers may prefer 18 | to apply these opsfiles 19 | to their manifests 20 | for automation or CI. 21 | 22 | ## Addons 23 | BOSH allows operators to add jobs 24 | to VMs via the use of [addons][addons-docs]. 25 | 26 | | Name | Purpose | Notes | 27 | |:--- |:--- |:--- | 28 | | [`add-system-metrics-agent.yml`](add-system-metrics-agent.yml) | Adds an agent to all vms with the purpose of egressing system metrics. | | 29 | | [`add-system-metrics-agent-windows2019.yml`](add-system-metrics-agent-windows2019.yml) | Adds an agent to all windows2019 Diego cells for the purpose of egressing system metrics. | Must be used in conjunction with `add-system-metrics-agent.yml`. | 30 | | [`component-syslog-custom-ca.yml`](component-syslog-custom-ca.yml) | The syslog_forwarder job will only trust certs signed by the provided cert chain. | Requires `enable-component-syslog.yml`. Not necessary if syslog target has a cert signed by a public CA. | 31 | | [`enable-component-syslog.yml`](enable-component-syslog.yml) | This collocates a job from [syslog release][syslog-release-repo] to forward local syslog events in RFC5424 format to a remote syslog endpoint. | Uses rsyslog, which is available on the stemcell. Further documentation of the `custom_rule` property can be found [here][syslog-custom-rule-examples]. For the windows equivalent, see `operations/experimental/windows-enable-component-syslog.yml`. Requires that target have a valid cert. To configure a custom CA, use `component-syslog-custom-ca.yml`. | 32 | 33 | ## Adding a Runtime Config 34 | To add a runtime config to a director for the first time, 35 | use `bosh update-runtime-config`. 36 | This allows the use of the `-v` flag 37 | to provide values, 38 | or the `-l` flag to load values from a file. 39 | 40 | See the runtime configs themselves 41 | to determine which values you need to provide. 42 | 43 | You will need to `bosh deploy` 44 | in order for changes to affect VMs 45 | whenever the runtime config is updated. 46 | 47 | ## Managing Runtime Configuration 48 | At the moment, 49 | a BOSH Director has only one runtime config. 50 | This means that if you wish to add 51 | to an existing runtime config, 52 | you need to download it with `bosh runtime-config`, 53 | extend it manually, 54 | and then use `bosh update-runtime-config` 55 | to set your extended config on the director. 56 | 57 | If you just set the runtime config directly, 58 | please be aware that it will overwrite any existing runtime config. 59 | 60 | Similarly, to remove a runtime config, 61 | you must "update" the director 62 | with an empty runtime config. 63 | 64 | [runtime-config-docs]: https://bosh.io/docs/runtime-config.html 65 | [syslog-custom-rule-examples]: https://github.com/cloudfoundry/syslog-release/blob/develop/examples/example-custom-rules.md 66 | [syslog-release-repo]: https://github.com/cloudfoundry/syslog-release 67 | [addons-docs]: http://bosh.io/docs/runtime-config.html#addons 68 | -------------------------------------------------------------------------------- /operations/addons/add-system-metrics-agent-windows2019.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /addons?/name=loggr-system-metrics-agent-windows2019 3 | value: 4 | name: loggr-system-metrics-agent-windows2019 5 | include: 6 | stemcell: 7 | - os: windows2019 8 | jobs: 9 | - name: loggr-system-metrics-agent-windows 10 | release: system-metrics 11 | properties: 12 | metrics_port: 53035 13 | system_metrics: 14 | tls: 15 | ca_cert: "((system_metrics.ca))" 16 | cert: "((system_metrics.certificate))" 17 | key: "((system_metrics.private_key))" 18 | -------------------------------------------------------------------------------- /operations/addons/component-syslog-custom-ca.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /addons/name=syslog_forwarder/jobs/name=syslog_forwarder/properties/syslog/ca_cert? 4 | value: ((syslog_ca_cert)) 5 | -------------------------------------------------------------------------------- /operations/addons/enable-component-syslog.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /addons?/- 3 | value: 4 | include: 5 | stemcell: 6 | - os: ubuntu-bionic 7 | - os: ubuntu-jammy 8 | jobs: 9 | - name: syslog_forwarder 10 | properties: 11 | syslog: 12 | address: ((syslog_address)) 13 | custom_rule: | 14 | ((syslog_custom_rule)) 15 | if ($programname startswith "vcap.") then stop 16 | fallback_servers: ((syslog_fallback_servers)) 17 | permitted_peer: ((syslog_permitted_peer)) 18 | port: ((syslog_port)) 19 | tls_enabled: true 20 | transport: tcp 21 | release: syslog 22 | name: syslog_forwarder 23 | - type: replace 24 | path: /releases/- 25 | value: 26 | name: syslog 27 | sha1: 9ba8e91b1895fcf96ebfb9dbcb55c3a35ca3f919 28 | url: https://bosh.io/d/github.com/cloudfoundry/syslog-release?v=12.3.9 29 | version: 12.3.9 30 | -------------------------------------------------------------------------------- /operations/addons/example-vars-files/vars-enable-component-syslog.yml: -------------------------------------------------------------------------------- 1 | --- 2 | syslog_address: logN.papertrailapp.com 3 | syslog_port: 5473 4 | syslog_fallback_servers: [] 5 | syslog_permitted_peer: '*.papertrailapp.com' 6 | syslog_custom_rule: '' 7 | # Note: single quotes work well for a simple single-line rule. 8 | # However, the yaml `|` multi-line syntax works better 9 | # for multiple rules, or rules with multiple lines. 10 | 11 | # This property only necessary/used 12 | # if using the component-syslog-custom-ca ops file. 13 | syslog_ca_cert: | 14 | -------------------------------------------------------------------------------- /operations/aws.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # --- changing default ports --- 3 | - type: replace 4 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/doppler?/port 5 | value: 4443 6 | 7 | # set load balancer's healthy threshold to 60sec (bbl's default) 8 | - type: replace 9 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/load_balancer_healthy_threshold? 10 | value: 60 11 | -------------------------------------------------------------------------------- /operations/azure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # --- change router frontend timeout --- 3 | - type: replace 4 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/frontend_idle_timeout? 5 | value: 180 6 | -------------------------------------------------------------------------------- /operations/backup-and-restore/enable-backup-restore-azure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=backup-restore/jobs/- 4 | value: 5 | name: azure-blobstore-backup-restorer 6 | release: backup-and-restore-sdk 7 | properties: 8 | enabled: true 9 | containers: 10 | droplets: 11 | name: "((droplet_directory_key))" 12 | azure_storage_account: "((blobstore_storage_account_name))" 13 | azure_storage_key: "((blobstore_storage_access_key))" 14 | packages: 15 | name: "((app_package_directory_key))" 16 | azure_storage_account: "((blobstore_storage_account_name))" 17 | azure_storage_key: "((blobstore_storage_access_key))" 18 | buildpacks: 19 | name: "((buildpack_directory_key))" 20 | azure_storage_account: "((blobstore_storage_account_name))" 21 | azure_storage_key: "((blobstore_storage_access_key))" 22 | -------------------------------------------------------------------------------- /operations/backup-and-restore/enable-backup-restore-gcs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=backup-restore/jobs/- 4 | value: 5 | name: gcs-blobstore-backup-restorer 6 | release: backup-and-restore-sdk 7 | properties: 8 | enabled: true 9 | gcp_service_account_key: ((gcs_service_account_json_key)) 10 | buckets: 11 | droplets: 12 | bucket_name: ((droplet_directory_key)) 13 | backup_bucket_name: ((droplet_backup_directory_key)) 14 | buildpacks: 15 | bucket_name: ((buildpack_directory_key)) 16 | backup_bucket_name: ((buildpack_backup_directory_key)) 17 | packages: 18 | bucket_name: ((app_package_directory_key)) 19 | backup_bucket_name: ((app_package_backup_directory_key)) 20 | -------------------------------------------------------------------------------- /operations/backup-and-restore/enable-backup-restore-s3-unversioned.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=backup-restore/jobs/- 4 | value: 5 | name: s3-unversioned-blobstore-backup-restorer 6 | release: backup-and-restore-sdk 7 | properties: 8 | enabled: true 9 | buckets: 10 | droplets: 11 | name: "((droplet_directory_key))" 12 | region: "((aws_region))" 13 | aws_access_key_id: "((blobstore_access_key_id))" 14 | aws_secret_access_key: "((blobstore_secret_access_key))" 15 | backup: 16 | name: "((droplet_backup_directory_key))" 17 | region: "((aws_backup_region))" 18 | packages: 19 | name: "((app_package_directory_key))" 20 | region: "((aws_region))" 21 | aws_access_key_id: "((blobstore_access_key_id))" 22 | aws_secret_access_key: "((blobstore_secret_access_key))" 23 | backup: 24 | name: "((app_package_backup_directory_key))" 25 | region: "((aws_backup_region))" 26 | buildpacks: 27 | name: "((buildpack_directory_key))" 28 | region: "((aws_region))" 29 | aws_access_key_id: "((blobstore_access_key_id))" 30 | aws_secret_access_key: "((blobstore_secret_access_key))" 31 | backup: 32 | name: "((buildpack_backup_directory_key))" 33 | region: "((aws_backup_region))" 34 | -------------------------------------------------------------------------------- /operations/backup-and-restore/enable-backup-restore-s3-versioned.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=backup-restore/jobs/- 4 | value: 5 | name: s3-versioned-blobstore-backup-restorer 6 | release: backup-and-restore-sdk 7 | properties: 8 | enabled: true 9 | buckets: 10 | droplets: 11 | name: "((droplet_directory_key))" 12 | region: "((aws_region))" 13 | aws_access_key_id: "((blobstore_access_key_id))" 14 | aws_secret_access_key: "((blobstore_secret_access_key))" 15 | packages: 16 | name: "((app_package_directory_key))" 17 | region: "((aws_region))" 18 | aws_access_key_id: "((blobstore_access_key_id))" 19 | aws_secret_access_key: "((blobstore_secret_access_key))" 20 | buildpacks: 21 | name: "((buildpack_directory_key))" 22 | region: "((aws_region))" 23 | aws_access_key_id: "((blobstore_access_key_id))" 24 | aws_secret_access_key: "((blobstore_secret_access_key))" 25 | -------------------------------------------------------------------------------- /operations/backup-and-restore/enable-backup-restore.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/- 3 | value: 4 | name: backup-and-restore-sdk 5 | sha1: af0c1cd711cde2125854737bc4f6ab20fb6f203c 6 | url: https://bosh.io/d/github.com/cloudfoundry-incubator/backup-and-restore-sdk-release?v=1.19.45 7 | version: 1.19.45 8 | - type: replace 9 | path: /instance_groups/- 10 | value: 11 | azs: 12 | - z1 13 | instances: 1 14 | jobs: 15 | - name: database-backup-restorer 16 | release: backup-and-restore-sdk 17 | - name: bbr-cfnetworkingdb 18 | properties: 19 | release_level_backup: true 20 | release: cf-networking 21 | - name: bbr-cloudcontrollerdb 22 | release: capi 23 | - name: bbr-routingdb 24 | release: routing 25 | - name: bbr-uaadb 26 | properties: 27 | release_level_backup: true 28 | release: uaa 29 | - name: bbr-credhubdb 30 | properties: 31 | release_level_backup: true 32 | release: credhub 33 | - name: cf-cli-8-linux 34 | release: cf-cli 35 | name: backup-restore 36 | networks: 37 | - name: default 38 | persistent_disk_type: 10GB 39 | stemcell: default 40 | vm_type: minimal 41 | - type: replace 42 | path: /instance_groups/name=api/jobs/name=routing-api/properties/release_level_backup? 43 | value: true 44 | -------------------------------------------------------------------------------- /operations/backup-and-restore/enable-restore-azure-clone.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=backup-restore/jobs/- 4 | value: 5 | name: azure-blobstore-backup-restorer 6 | release: backup-and-restore-sdk 7 | properties: 8 | enabled: true 9 | containers: 10 | droplets: 11 | name: "((droplet_directory_key))" 12 | azure_storage_account: "((blobstore_storage_account_name))" 13 | azure_storage_key: "((blobstore_storage_access_key))" 14 | restore_from: 15 | azure_storage_account: "((restore_from_blobstore_storage_account_name))" 16 | azure_storage_key: "((restore_from_blobstore_storage_access_key))" 17 | packages: 18 | name: "((app_package_directory_key))" 19 | azure_storage_account: "((blobstore_storage_account_name))" 20 | azure_storage_key: "((blobstore_storage_access_key))" 21 | restore_from: 22 | azure_storage_account: "((restore_from_blobstore_storage_account_name))" 23 | azure_storage_key: "((restore_from_blobstore_storage_access_key))" 24 | buildpacks: 25 | name: "((buildpack_directory_key))" 26 | azure_storage_account: "((blobstore_storage_account_name))" 27 | azure_storage_key: "((blobstore_storage_access_key))" 28 | restore_from: 29 | azure_storage_account: "((restore_from_blobstore_storage_account_name))" 30 | azure_storage_key: "((restore_from_blobstore_storage_access_key))" 31 | -------------------------------------------------------------------------------- /operations/backup-and-restore/enable-restore-nfs-broker.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=backup-restore/jobs/- 3 | value: 4 | name: nfsbrokerpush 5 | provides: 6 | nfsbrokerpush: {as: colocated-nfsbrokerpush} 7 | properties: 8 | nfsbrokerpush: 9 | app_domain: ((system_domain)) 10 | app_name: nfs-broker 11 | cf: 12 | client_id: nfs-broker-push-client 13 | client_secret: ((nfs-broker-push-uaa-client-secret)) 14 | create_credhub_security_group: true 15 | create_sql_security_group: false 16 | credhub: 17 | uaa_ca_cert: ((uaa_ssl.ca)) 18 | uaa_client_id: nfs-broker-credhub-client 19 | uaa_client_secret: ((nfs-broker-credhub-uaa-client-secret)) 20 | domain: ((system_domain)) 21 | organization: system 22 | password: ((nfs-broker-password)) 23 | skip_cert_verify: true 24 | space: nfs-broker-space 25 | store_id: nfsbroker 26 | syslog_url: "" 27 | username: nfs-broker 28 | release: nfs-volume 29 | - type: replace 30 | path: /instance_groups/name=backup-restore/jobs/- 31 | value: 32 | name: nfsbroker-bbr-lock 33 | release: nfs-volume 34 | consumes: 35 | nfsbrokerpush: {from: colocated-nfsbrokerpush} 36 | -------------------------------------------------------------------------------- /operations/backup-and-restore/enable-restore-smb-broker.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=backup-restore/jobs/- 3 | value: 4 | name: smbbrokerpush 5 | provides: 6 | smbbrokerpush: {as: smbbrokerpush-co-located} 7 | properties: 8 | app_domain: ((system_domain)) 9 | cf: 10 | client_id: smb-broker-client 11 | client_secret: ((smb-broker-uaa-client-secret)) 12 | credhub: 13 | store_id: smbbroker 14 | uaa_client_id: smb-broker-credhub-client 15 | uaa_client_secret: ((smb-broker-credhub-uaa-client-secret)) 16 | url: https://credhub.service.cf.internal:8844 17 | domain: ((system_domain)) 18 | organization: system 19 | password: ((smb-broker-password)) 20 | skip_cert_verify: true 21 | space: smb-broker-space 22 | syslog_url: "" 23 | username: smb-broker 24 | release: smb-volume 25 | - type: replace 26 | path: /instance_groups/name=backup-restore/jobs/- 27 | value: 28 | name: bbr-smbbroker 29 | release: smb-volume 30 | consumes: 31 | smbbrokerpush: {from: smbbrokerpush-co-located} 32 | 33 | -------------------------------------------------------------------------------- /operations/backup-and-restore/example-vars-files/vars-enable-backup-restore-gcs.yml: -------------------------------------------------------------------------------- 1 | droplet_backup_directory_key: # Name of the backup bucket for droplets 2 | app_package_backup_directory_key: # Name of the backup bucket for app packages 3 | buildpack_backup_directory_key: # Name of the backup bucket for buildpacks 4 | -------------------------------------------------------------------------------- /operations/backup-and-restore/example-vars-files/vars-enable-backup-restore-s3-unversioned.yml: -------------------------------------------------------------------------------- 1 | droplet_backup_directory_key: # Name of the backup bucket for droplets 2 | app_package_backup_directory_key: # Name of the backup bucket for app packages 3 | buildpack_backup_directory_key: # Name of the backup bucket for buildpacks 4 | aws_backup_region: # Region containing the backup buckets -------------------------------------------------------------------------------- /operations/backup-and-restore/example-vars-files/vars-enable-restore-azure-clone.yml: -------------------------------------------------------------------------------- 1 | restore_from_blobstore_storage_account_name: name # account name for azure storage account to restore from 2 | restore_from_blobstore_storage_access_key: key # access key for azure storage account to restore from 3 | -------------------------------------------------------------------------------- /operations/backup-and-restore/skip-backup-restore-droplets-and-packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=backup-restore/jobs/name=azure-blobstore-backup-restorer?/properties/containers/droplets 4 | 5 | - type: remove 6 | path: /instance_groups/name=backup-restore/jobs/name=gcs-blobstore-backup-restorer?/properties/buckets/droplets 7 | 8 | - type: remove 9 | path: /instance_groups/name=backup-restore/jobs/name=s3-unversioned-blobstore-backup-restorer?/properties/buckets/droplets 10 | 11 | - type: remove 12 | path: /instance_groups/name=backup-restore/jobs/name=s3-versioned-blobstore-backup-restorer?/properties/buckets/droplets 13 | 14 | - type: remove 15 | path: /instance_groups/name=backup-restore/jobs/name=azure-blobstore-backup-restorer?/properties/containers/packages 16 | 17 | - type: remove 18 | path: /instance_groups/name=backup-restore/jobs/name=gcs-blobstore-backup-restorer?/properties/buckets/packages 19 | 20 | - type: remove 21 | path: /instance_groups/name=backup-restore/jobs/name=s3-unversioned-blobstore-backup-restorer?/properties/buckets/packages 22 | 23 | - type: remove 24 | path: /instance_groups/name=backup-restore/jobs/name=s3-versioned-blobstore-backup-restorer?/properties/buckets/packages 25 | 26 | - type: remove 27 | path: /instance_groups/name=singleton-blobstore?/jobs/name=blobstore/properties/select_directories_to_backup/2 28 | 29 | - type: remove 30 | path: /instance_groups/name=singleton-blobstore?/jobs/name=blobstore/properties/select_directories_to_backup/1 31 | -------------------------------------------------------------------------------- /operations/backup-and-restore/skip-backup-restore-droplets.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=backup-restore/jobs/name=azure-blobstore-backup-restorer?/properties/containers/droplets 4 | 5 | - type: remove 6 | path: /instance_groups/name=backup-restore/jobs/name=gcs-blobstore-backup-restorer?/properties/buckets/droplets 7 | 8 | - type: remove 9 | path: /instance_groups/name=backup-restore/jobs/name=s3-unversioned-blobstore-backup-restorer?/properties/buckets/droplets 10 | 11 | - type: remove 12 | path: /instance_groups/name=backup-restore/jobs/name=s3-versioned-blobstore-backup-restorer?/properties/buckets/droplets 13 | 14 | - type: remove 15 | path: /instance_groups/name=singleton-blobstore?/jobs/name=blobstore/properties/select_directories_to_backup/2 16 | -------------------------------------------------------------------------------- /operations/community/README.md: -------------------------------------------------------------------------------- 1 | # Community-supported ops-files 2 | 3 | This is the README for Community Ops-files. To learn more about `cf-deployment`, go to the main [README](../../README.md). 4 | 5 | - For General Ops-files, check out the [Ops-file README](../README.md). 6 | - For Addons Ops-files that can be applied to manifests or runtime configs, check out the [Addons Ops-file README](../addons/README.md). 7 | - For Backup and Restore Ops-files (for configuring your deployment for use with [BBR](https://github.com/cloudfoundry-incubator/bosh-backup-and-restore)), checkout the [Backup and Restore Ops-files README](../backup-and-restore/README.md). 8 | - For Experimental Ops-files, check out the [Experimental Ops-file README](../experimental/README.md). 9 | 10 | Included in this directory is a collection of ops files submitted by the CF community. They are **not** supported or tested in any way by the Release Integration team. If you encounter an issue with any of these files, please contact the maintainer listed below. 11 | 12 | ## Ops-Files 13 | 14 | | File | Maintainer | Purpose | 15 | | --- | --- | --- | 16 | | [`add-blobstore-internal-network-allow-rule.yml`](add-blobstore-internal-network-allow-rule.yml) | [A2Geek](https://github.com/a2geek) | Allows an additonal internal network to the blobstore allow rules. | 17 | | [`change-metron-agent-deployment.yml`](change-metron-agent-deployment.yml) | [SAP SE](https://www.sap.com/) - submitted by [jsievers](https://github.com/jsievers) | Adds an ops file for changing the metron agent deployment property in all jobs | 18 | | [`use-haproxy.yml`](use-haproxy.yml) | [Stark & Wayne](https://www.starkandwayne.com/) - submitted by [rkoster](https://github.com/rkoster) | Adds https://github.com/cloudfoundry-incubator/haproxy-boshrelease as a load balancer for environments without IaaS provided load blancers. | 19 | -------------------------------------------------------------------------------- /operations/community/add-blobstore-internal-network-allow-rule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=singleton-blobstore/jobs/name=blobstore/properties/blobstore/internal_access_rules? 4 | value: 5 | - "allow 10.0.0.0/8;" 6 | - "allow 172.16.0.0/12;" 7 | - "allow 192.168.0.0/16;" 8 | - "allow ((blobstore_internal_access_network));" 9 | -------------------------------------------------------------------------------- /operations/community/change-metron-agent-deployment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # cf-deployment uses system_domain as metron agent deployment. 3 | # Use this to override metron agent deployment name in the loggregator_agent addon 4 | - type: replace 5 | path: /addons/name=loggregator_agent/jobs/name=loggregator_agent/properties/deployment? 6 | value: ((loggregator_agent_deployment)) 7 | - type: replace 8 | path: /addons/name=loggregator_agent/jobs/name=loggregator_agent/properties/tags?/deployment 9 | value: ((loggregator_agent_deployment)) 10 | - type: replace 11 | path: /addons/name=forwarder_agent/jobs/name=loggr-forwarder-agent/properties/deployment? 12 | value: ((loggregator_agent_deployment)) 13 | - type: replace 14 | path: /addons/name=forwarder_agent/jobs/name=loggr-forwarder-agent/properties/tags?/deployment 15 | value: ((loggregator_agent_deployment)) 16 | -------------------------------------------------------------------------------- /operations/community/use-haproxy.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/- 3 | value: 4 | name: haproxy 5 | sha1: e81d8f77be379f115691fcf882589c8052b18157 6 | url: https://bosh.io/d/github.com/cloudfoundry-incubator/haproxy-boshrelease?v=15.2.0%2B2.8.15 7 | version: 15.2.0+2.8.15 8 | - type: replace 9 | path: /instance_groups/name=smoke-tests 10 | value: 11 | azs: 12 | - z1 13 | - z2 14 | instances: 2 15 | jobs: 16 | - name: keepalived 17 | properties: 18 | keepalived: 19 | vip: ((haproxy_static_vip)) 20 | release: haproxy 21 | - name: haproxy 22 | properties: 23 | ha_proxy: 24 | ssl_pem: ((router_ssl.certificate))((router_ssl.private_key)) 25 | tcp_link_port: 2222 26 | release: haproxy 27 | name: haproxy 28 | networks: 29 | - name: default 30 | stemcell: default 31 | vm_type: minimal 32 | - type: replace 33 | path: /instance_groups/- 34 | value: 35 | azs: 36 | - z1 37 | instances: 1 38 | jobs: 39 | - name: smoke_tests 40 | properties: 41 | smoke_tests: 42 | api: https://api.((system_domain)) 43 | apps_domain: ((system_domain)) 44 | cf_dial_timeout_in_seconds: 300 45 | org: cf_smoke_tests_org 46 | password: ((cf_admin_password)) 47 | skip_ssl_validation: true 48 | space: cf_smoke_tests_space 49 | user: admin 50 | release: cf-smoke-tests 51 | lifecycle: errand 52 | name: smoke-tests 53 | networks: 54 | - name: default 55 | stemcell: default 56 | update: 57 | serial: true 58 | vm_type: minimal 59 | -------------------------------------------------------------------------------- /operations/configure-default-router-group.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=api/jobs/name=routing-api/properties/routing_api/router_groups/name=default-tcp/reservable_ports 3 | value: ((default_router_group_reservable_ports)) 4 | -------------------------------------------------------------------------------- /operations/disable-dynamic-asgs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=policy-server-asg-syncer/properties/disable? 4 | value: true 5 | 6 | - type: replace 7 | path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/properties/enable_asg_syncing? 8 | value: false 9 | -------------------------------------------------------------------------------- /operations/disable-http2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/enable_http2? 4 | value: false 5 | -------------------------------------------------------------------------------- /operations/disable-router-tls-termination.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/enable_ssl 4 | - type: remove 5 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/tls_pem 6 | - type: remove 7 | path: /variables/name=router_ssl 8 | - type: remove 9 | path: /variables/name=router_ca 10 | -------------------------------------------------------------------------------- /operations/disable-tls-tcp-routing-isolation-segment-stage-1-unproxied-ports.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=isolated-diego-cell/jobs/name=rep/properties/containers/proxy/enable_unproxied_port_mappings? 4 | value: true 5 | -------------------------------------------------------------------------------- /operations/disable-tls-tcp-routing-isolation-segment-stage-2-route-emitter.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=isolated-diego-cell/jobs/name=route_emitter/properties/tcp/enable_tls? 4 | value: false 5 | -------------------------------------------------------------------------------- /operations/disable-tls-tcp-routing-stage-1-unproxied-ports.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/proxy/enable_unproxied_port_mappings? 4 | value: true 5 | -------------------------------------------------------------------------------- /operations/disable-tls-tcp-routing-stage-2-tcp-router-and-route-emitter.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=tcp-router/jobs/name=tcp_router/properties/tcp_router/backend_tls?/enabled 4 | value: false 5 | 6 | - type: replace 7 | path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/tcp/enable_tls? 8 | value: false 9 | -------------------------------------------------------------------------------- /operations/enable-cc-rate-limiting.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/rate_limiter? 4 | value: 5 | enabled: true 6 | general_limit: "((cc_rate_limiter_general_limit))" 7 | unauthenticated_limit: "((cc_rate_limiter_unauthenticated_limit))" 8 | -------------------------------------------------------------------------------- /operations/enable-cc-v2-rate-limiting.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/rate_limiter_v2_api? 4 | value: 5 | enabled: true 6 | general_limit: "((cc_v2_rate_limiter_general_limit))" 7 | admin_limit: "((cc_v2_rate_limiter_admin_limit))" 8 | reset_interval_in_minutes: "((cc_v2_rate_limiter_reset_interval_in_minutes))" 9 | - type: replace 10 | path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/cf/scopes/- 11 | value: "cloud_controller.v2_api_rate_limit_exempt" -------------------------------------------------------------------------------- /operations/enable-cc-worker-metrics.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/publish_metrics? 4 | value: true 5 | 6 | - type: replace 7 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/prom_scraper_tls? 8 | value: 9 | ca_cert: ((cc_worker_prom_scraper_scrape_tls.ca)) 10 | private_key: ((cc_worker_prom_scraper_scrape_tls.private_key)) 11 | public_cert: ((cc_worker_prom_scraper_scrape_tls.certificate)) 12 | 13 | - type: replace 14 | path: /variables/- 15 | value: 16 | name: cc_worker_prom_scraper_scrape_tls 17 | options: 18 | alternative_names: 19 | - cc_worker_metrics 20 | ca: metric_scraper_ca 21 | common_name: cc_worker_metrics 22 | extended_key_usage: 23 | - client_auth 24 | - server_auth 25 | type: certificate 26 | update_mode: converge -------------------------------------------------------------------------------- /operations/enable-cpu-throttling.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Enabling this feature only makes sense if `set-cpu-weight` is enabled as well 3 | - type: replace 4 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/cpu_throttling? 5 | value: true 6 | -------------------------------------------------------------------------------- /operations/enable-nfs-ldap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_svc_user? 4 | value: ((nfs-ldap-service-user)) 5 | - type: replace 6 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_svc_password? 7 | value: ((nfs-ldap-service-password)) 8 | - type: replace 9 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_host? 10 | value: ((nfs-ldap-host)) 11 | - type: replace 12 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_port? 13 | value: ((nfs-ldap-port)) 14 | - type: replace 15 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_proto? 16 | value: ((nfs-ldap-proto)) 17 | - type: replace 18 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_user_fqdn? 19 | value: ((nfs-ldap-fqdn)) 20 | - type: replace 21 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/allowed-in-source? 22 | value: "" 23 | - type: replace 24 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_ca_cert? 25 | value: ((ldap_server_ssl.ca)) 26 | - type: replace 27 | path: /instance_groups/name=nfs-broker-push/jobs/name=nfsbrokerpush/properties/nfsbrokerpush/ldap_enabled? 28 | value: true 29 | -------------------------------------------------------------------------------- /operations/enable-privileged-container-support.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/diego?/use_privileged_containers_for_running 4 | value: true 5 | 6 | - type: replace 7 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/diego?/use_privileged_containers_for_running 8 | value: true 9 | 10 | - type: replace 11 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/diego?/use_privileged_containers_for_running 12 | value: true 13 | -------------------------------------------------------------------------------- /operations/enable-service-discovery.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #this feature is enabled by default now 3 | -------------------------------------------------------------------------------- /operations/enable-tls-on-file-server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=file_server/properties/https_server_enabled? 4 | value: true 5 | - type: replace 6 | path: /instance_groups/name=api/jobs/name=file_server/properties/tls? 7 | value: 8 | cert: ((file_server_cert.certificate)) 9 | key: ((file_server_cert.private_key)) 10 | - type: replace 11 | path: /variables/- 12 | value: 13 | name: file_server_cert 14 | type: certificate 15 | update_mode: converge 16 | options: 17 | ca: service_cf_internal_ca 18 | common_name: file-server.service.cf.internal 19 | alternative_names: 20 | - file-server.service.cf.internal 21 | extended_key_usage: 22 | - server_auth 23 | -------------------------------------------------------------------------------- /operations/enable-v2-api.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/temporary_enable_v2? 4 | value: true 5 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-enable-nfs-ldap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | nfs-ldap-service-user: user 3 | nfs-ldap-service-password: password 4 | nfs-ldap-host: host 5 | nfs-ldap-port: port 6 | nfs-ldap-proto: proto 7 | nfs-ldap-fqdn: fqdn 8 | ldap_server_ssl: 9 | ca: | 10 | -----BEGIN CERTIFICATE----- 11 | meow 12 | -----END CERTIFICATE----- 13 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-override-app-domains.yml: -------------------------------------------------------------------------------- 1 | --- 2 | app_domains: 3 | - name: example.com 4 | - name: tcp-apps.example.com 5 | smoke_test_app_domain: example.com 6 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-rename-deployment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | deployment_name: new-deployment-name 3 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-rename-network.yml: -------------------------------------------------------------------------------- 1 | --- 2 | network_name: new-network-name 3 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-use-alicloud-oss-blobstore-to-multi-bucket.yml: -------------------------------------------------------------------------------- 1 | blobstore_region: cn-hangzhou 2 | blobstore_endpoint: oss-cn-hangzhou.aliyuncs.com 3 | blobstore_access_key_id: example-access-key-id 4 | blobstore_secret_access_key: example-secret-access-key 5 | app_package_directory_key: example-app-package-directory-key 6 | buildpack_directory_key: example-buildpack-directory-key 7 | droplet_directory_key: example-droplet-directory-key 8 | resource_directory_key: example-resource-directory-key 9 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-use-alicloud-oss-blobstore.yml: -------------------------------------------------------------------------------- 1 | blobstore_region: cn-hangzhou 2 | blobstore_endpoint: oss-cn-hangzhou.aliyuncs.com 3 | blobstore_access_key_id: example-access-key-id 4 | blobstore_secret_access_key: example-secret-access-key 5 | blobstore_bucket_name: example-oss-bucket-name 6 | app_package_directory_key: example-app-package-directory-key 7 | buildpack_directory_key: example-buildpack-directory-key 8 | droplet_directory_key: example-droplet-directory-key 9 | resource_directory_key: example-resource-directory-key 10 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-use-azure-storage-blobstore.yml: -------------------------------------------------------------------------------- 1 | environment: planet_earth 2 | blobstore_storage_account_name: blobaccount1 3 | blobstore_storage_access_key: blobkey1 4 | app_package_directory_key: example-apps-dir 5 | buildpack_directory_key: example-buildpacks-dir 6 | droplet_directory_key: example-droplets-dir 7 | resource_directory_key: example-resources-dir -------------------------------------------------------------------------------- /operations/example-vars-files/vars-use-blobstore-cdn.yml: -------------------------------------------------------------------------------- 1 | cdn_key_pair_id: amz-123-xyz 2 | cdn_private_key: lkjlkjlkjkljlkjkl 3 | resource_pool_cdn_uri: https://www.example.com/ 4 | droplets_cdn_uri: https://www.example.com/ 5 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-use-external-blobstore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | fog_connection: 3 | provider: Google 4 | google_storage_access_key_id: fun-time-access-key 5 | google_storage_secret_access_key: fun-time-sekret-access-key 6 | 7 | app_package_directory_key: fun-time-packages 8 | buildpack_directory_key: fun-time-buildpacks 9 | droplet_directory_key: fun-time-droplets 10 | resource_directory_key: fun-time-resources 11 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-use-external-dbs.yml: -------------------------------------------------------------------------------- 1 | external_database_type: mysql 2 | external_database_port: 3036 3 | external_cc_database_name: example-cc-db-name 4 | external_cc_database_address: cc-db.example.com 5 | external_cc_database_username: example-cc-db-username 6 | external_cc_database_password: example-cc-db-password 7 | external_uaa_database_name: example-uaa-db-name 8 | external_uaa_database_address: uaa-db.example.com 9 | external_uaa_database_username: example-uaa-db-username 10 | external_uaa_database_password: example-uaa-db-password 11 | external_bbs_database_name: example-bbs-db-name 12 | external_bbs_database_address: bbs_db.example.com 13 | external_bbs_database_username: example-bbs-db-username 14 | external_bbs_database_password: example-bbs-db-password 15 | external_routing_api_database_name: example-routing-api-db-name 16 | external_routing_api_database_address: routing-api-db.example.com 17 | external_routing_api_database_username: example-routing-api-db-username 18 | external_routing_api_database_password: example-routing-api-db-password 19 | external_policy_server_database_address: server-db.example.com 20 | external_policy_server_database_name: server-example-database-name 21 | external_policy_server_database_password: server-example-password 22 | external_policy_server_database_username: server-example-username 23 | external_silk_controller_database_address: controller-db.example.com 24 | external_silk_controller_database_name: controller-example-database-name 25 | external_silk_controller_database_password: controller-example-password 26 | external_silk_controller_database_username: controller-example-username 27 | external_locket_database_password: locket_pass 28 | external_locket_database_address: 127.0.0.1 29 | external_locket_database_name: locket 30 | external_locket_database_username: locket_user 31 | external_credhub_database_address: example-credhub-db-address 32 | external_credhub_database_name: example-credhub-db-name 33 | external_credhub_database_password: example-credhub-db-password 34 | external_credhub_database_username: example-credhub-db-username 35 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-use-gcs-blobstore-access-key.yml: -------------------------------------------------------------------------------- 1 | --- 2 | blobstore_access_key_id: example-gcs-access-key-id 3 | blobstore_secret_access_key: example-gcs-secret-access-key 4 | 5 | app_package_directory_key: example-apps-dir 6 | buildpack_directory_key: example-buildpacks-dir 7 | droplet_directory_key: example-droplets-dir 8 | resource_directory_key: example-resources-dir 9 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-use-gcs-blobstore-service-account.yml: -------------------------------------------------------------------------------- 1 | --- 2 | app_package_directory_key: example-apps-dir 3 | buildpack_directory_key: example-buildpacks-dir 4 | droplet_directory_key: example-droplets-dir 5 | resource_directory_key: example-resources-dir 6 | gcs_project: gcs-project-id 7 | gcs_service_account_email: gcs-service-account@gcs-project-id.iam.gserviceaccount.com 8 | gcs_service_account_json_key: > 9 | { 10 | "service": "account", 11 | "json": "blob" 12 | } 13 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-use-operator-provided-router-tls-certificates.yml: -------------------------------------------------------------------------------- 1 | router_tls_pem: 2 | - cert_chain: | 3 | -----BEGIN CERTIFICATE----- 4 | meow 5 | -----END CERTIFICATE----- 6 | -----BEGIN CERTIFICATE----- 7 | chain meow 8 | -----END CERTIFICATE----- 9 | private_key: | 10 | -----BEGIN PRIVATE KEY----- 11 | meow 12 | -----END PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-use-s3-blobstore.yml: -------------------------------------------------------------------------------- 1 | aws_region: us-east-1 2 | blobstore_access_key_id: example-access-key-id 3 | blobstore_secret_access_key: example-secret-access-key 4 | app_package_directory_key: example-app-package-directory-key 5 | buildpack_directory_key: example-buildpack-directory-key 6 | droplet_directory_key: example-droplet-directory-key 7 | resource_directory_key: example-resource-directory-key -------------------------------------------------------------------------------- /operations/example-vars-files/vars-use-swift-blobstore.yml: -------------------------------------------------------------------------------- 1 | openstack_password: openstack_password 2 | auth_url: https://auth.url 3 | openstack_domain: openstack_domain 4 | openstack_domain_id: openstack_domain_id 5 | openstack_project: openstack_project 6 | openstack_region: openstack_region 7 | openstack_temp_url_key: openstack_temp_url_key 8 | openstack_username: openstack_username 9 | 10 | buildpack_directory_key: buildpacks 11 | droplet_directory_key: droplets 12 | app_package_directory_key: apppackages 13 | resource_directory_key: resources 14 | -------------------------------------------------------------------------------- /operations/example-vars-files/vars-use-trusted-ca-cert-for-apps.yml: -------------------------------------------------------------------------------- 1 | --- 2 | trusted_cert_for_apps: 3 | ca: | 4 | -----BEGIN CERTIFICATE----- 5 | meow 6 | -----END CERTIFICATE----- 7 | 8 | -------------------------------------------------------------------------------- /operations/experimental/add-cflinuxfs4.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ### 3 | # Deprecated as we integrate cflinuxfs4 directly into cf-deployment.yml 4 | ### 5 | -------------------------------------------------------------------------------- /operations/experimental/add-metric-store.yml: -------------------------------------------------------------------------------- 1 | ../use-metric-store.yml -------------------------------------------------------------------------------- /operations/experimental/add-otel-collector-windows.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /addons?/name=otel-collector-windows2019 3 | value: 4 | name: otel-collector-windows2019 5 | include: 6 | stemcell: 7 | - os: windows2019 8 | jobs: 9 | - name: otel-collector-windows 10 | release: otel-collector 11 | properties: 12 | # https://opentelemetry.io/docs/collector/configuration/ 13 | config: ((otel_collector_config)) 14 | ingress: 15 | grpc: 16 | tls: 17 | ca_cert: ((otel_collector_tls.ca)) 18 | cert: ((otel_collector_tls.certificate)) 19 | key: ((otel_collector_tls.private_key)) 20 | -------------------------------------------------------------------------------- /operations/experimental/add-otel-collector.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /addons?/name=otel-collector 3 | value: 4 | exclude: 5 | jobs: 6 | - name: smoke_tests 7 | release: cf-smoke-tests 8 | include: 9 | stemcell: 10 | - os: ubuntu-jammy 11 | jobs: 12 | - name: otel-collector 13 | properties: 14 | config: ((otel_collector_config)) 15 | ingress: 16 | grpc: 17 | tls: 18 | ca_cert: ((otel_collector_tls.ca)) 19 | cert: ((otel_collector_tls.certificate)) 20 | key: ((otel_collector_tls.private_key)) 21 | release: otel-collector 22 | name: otel-collector 23 | - type: replace 24 | path: /variables/name=otel_collector_tls? 25 | value: 26 | name: otel_collector_tls 27 | options: 28 | alternative_names: 29 | - otel-collector 30 | ca: loggregator_ca 31 | common_name: otel-collector 32 | extended_key_usage: 33 | - client_auth 34 | - server_auth 35 | type: certificate 36 | update_mode: converge 37 | - type: replace 38 | path: /releases/name=otel-collector? 39 | value: 40 | name: otel-collector 41 | sha1: 0bbf396808f9bbc9e27b78d8f775cbd2485edb0a 42 | url: https://bosh.io/d/github.com/cloudfoundry/otel-collector-release?v=0.11.4 43 | version: 0.11.4 44 | -------------------------------------------------------------------------------- /operations/experimental/add-system-metrics-agent-windows2019.yml: -------------------------------------------------------------------------------- 1 | ../addons/add-system-metrics-agent-windows2019.yml -------------------------------------------------------------------------------- /operations/experimental/add-system-metrics-agent.yml: -------------------------------------------------------------------------------- 1 | ../addons/add-system-metrics-agent.yml -------------------------------------------------------------------------------- /operations/experimental/colocate-smoke-tests-on-cc-worker.yml: -------------------------------------------------------------------------------- 1 | - type: remove 2 | path: /addons/name=loggregator_agent/exclude/jobs/name=smoke_tests 3 | - type: remove 4 | path: /addons/name=prom_scraper/exclude/jobs/name=smoke_tests 5 | - type: remove 6 | path: /instance_groups/name=smoke-tests 7 | - type: replace 8 | path: /instance_groups/name=cc-worker/jobs/- 9 | value: 10 | name: smoke_tests 11 | release: cf-smoke-tests 12 | properties: 13 | bpm: 14 | enabled: true 15 | smoke_tests: 16 | api: "https://api.((system_domain))" 17 | apps_domain: "((system_domain))" 18 | client: cf_smoke_tests 19 | client_secret: "((uaa_clients_cf_smoke_tests_secret))" 20 | org: cf_smoke_tests_org 21 | space: cf_smoke_tests_space 22 | cf_dial_timeout_in_seconds: 300 23 | skip_ssl_validation: true 24 | - type: replace 25 | path: /instance_groups/name=cc-worker/jobs/- 26 | value: 27 | name: cf-cli-8-linux 28 | release: cf-cli 29 | -------------------------------------------------------------------------------- /operations/experimental/disable-cf-credhub.yml: -------------------------------------------------------------------------------- 1 | # Instance Group 2 | - type: remove 3 | path: /instance_groups/name=credhub 4 | 5 | # Release 6 | - type: remove 7 | path: /releases/name=credhub 8 | 9 | # UAA clients 10 | - type: remove 11 | path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/cc_service_key_client? 12 | - type: remove 13 | path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/credhub_admin_client 14 | - type: replace 15 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/uaa/clients/cc_service_key_client/secret 16 | value: x 17 | 18 | # Properties 19 | - type: remove 20 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/credhub_api 21 | - type: remove 22 | path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs/1 23 | - type: remove 24 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates/1 25 | 26 | # Vars 27 | - type: remove 28 | path: /variables/name=credhub_encryption_password 29 | - type: remove 30 | path: /variables/name=credhub_admin_client_secret 31 | - type: remove 32 | path: /variables/name=credhub_ca 33 | - type: remove 34 | path: /variables/name=credhub_tls 35 | - type: remove 36 | path: /variables/name=uaa_clients_cc_service_key_client_secret -------------------------------------------------------------------------------- /operations/experimental/disable-interpolate-service-bindings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/credential_references?/interpolate_service_bindings 4 | value: false 5 | 6 | - type: replace 7 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/credential_references?/interpolate_service_bindings 8 | value: false 9 | -------------------------------------------------------------------------------- /operations/experimental/disable-logs-in-firehose-windows2019.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/jobs/name=loggregator_agent_windows/properties/disable_logs? 4 | value: true 5 | -------------------------------------------------------------------------------- /operations/experimental/disable-logs-in-firehose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /addons/name=loggregator_agent/jobs/name=loggregator_agent/properties/disable_logs? 4 | value: true 5 | -------------------------------------------------------------------------------- /operations/experimental/disable-tls-tcp-routing-windows-stage-1-unproxied-ports.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers/proxy/enable_unproxied_port_mappings? 4 | value: true 5 | -------------------------------------------------------------------------------- /operations/experimental/disable-tls-tcp-routing-windows-stage-2-route-emitter.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/jobs/name=route_emitter_windows/properties/tcp/enable_tls? 4 | value: false 5 | -------------------------------------------------------------------------------- /operations/experimental/disable-v2-api.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ### 3 | # API v2 is disabled by default. It can be re-enabled by operators using enable-v2-api.yml 4 | ### -------------------------------------------------------------------------------- /operations/experimental/enable-app-log-rate-limiting-windows2019.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/diego/executor/max_log_lines_per_second? 4 | value: ((app_log_rate_limit)) 5 | -------------------------------------------------------------------------------- /operations/experimental/enable-app-log-rate-limiting.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/diego/executor/max_log_lines_per_second? 4 | value: ((app_log_rate_limit)) 5 | -------------------------------------------------------------------------------- /operations/experimental/enable-bpm-garden.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # No-op, BPM enablement for garden is an implementation detail of rootless 3 | # containers support. See rootless-containers.yml 4 | -------------------------------------------------------------------------------- /operations/experimental/enable-containerd-for-processes.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/experimental_use_containerd_mode_for_processes? 3 | value: true 4 | -------------------------------------------------------------------------------- /operations/experimental/enable-cpu-throttling.yml: -------------------------------------------------------------------------------- 1 | ../enable-cpu-throttling.yml -------------------------------------------------------------------------------- /operations/experimental/enable-direct-io-grootfs.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties?/grootfs/experimental_direct_io 3 | value: true 4 | 5 | -------------------------------------------------------------------------------- /operations/experimental/enable-iptables-logger.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Enable iptables logging for ASGs 3 | - type: replace 4 | path: /instance_groups/name=diego-cell/jobs/name=silk-cni/properties?/iptables_logging 5 | value: true 6 | 7 | # Enable iptables logging for c2c 8 | - type: replace 9 | path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/properties?/iptables_logging 10 | value: true 11 | 12 | # Turn on iptables-logger job 13 | # This job forwards iptables kernel logs to /var/vcap/sys/log/iptables-logger 14 | - type: replace 15 | path: /instance_groups/name=diego-cell/jobs/- 16 | value: 17 | name: iptables-logger 18 | release: silk 19 | -------------------------------------------------------------------------------- /operations/experimental/enable-nginx-routing-integrity-windows2019.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/enabled 3 | value: true 4 | - type: replace 5 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/enable_unproxied_port_mappings 6 | value: false 7 | - type: replace 8 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/require_and_verify_client_certificates 9 | value: true 10 | - type: replace 11 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/trusted_ca_certificates 12 | value: 13 | - ((gorouter_backend_tls.ca)) 14 | - ((ssh_proxy_backends_tls.ca)) ((tcp_router_backend_tls.ca)) 15 | - type: replace 16 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/verify_subject_alt_name 17 | value: 18 | - gorouter.service.cf.internal 19 | - ssh-proxy.service.cf.internal 20 | - tcp-router.service.cf.internal 21 | - type: replace 22 | path: /instance_groups/name=windows2019-cell/jobs/name=route_emitter_windows/properties/tcp?/enable_tls 23 | value: true 24 | - type: replace 25 | path: /instance_groups/name=windows2019-cell/jobs/- 26 | value: 27 | name: envoy_windows 28 | release: envoy-nginx 29 | - type: replace 30 | path: /releases/name=envoy-nginx? 31 | value: 32 | name: envoy-nginx 33 | sha1: 82df9d9bc9adb89c428755f121914c628136f750 34 | url: https://bosh.io/d/github.com/cloudfoundry-incubator/envoy-nginx-release?v=0.44.0 35 | version: 0.44.0 36 | -------------------------------------------------------------------------------- /operations/experimental/enable-oci-phase-1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/diego?/enable_declarative_asset_downloads 4 | value: true 5 | 6 | - type: replace 7 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/diego?/enable_declarative_asset_downloads 8 | value: true 9 | 10 | - type: replace 11 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/diego?/enable_declarative_asset_downloads 12 | value: true 13 | 14 | - type: replace 15 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/layering_mode? 16 | value: "two-layer" 17 | 18 | - type: replace 19 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/grootfs?/tls 20 | value: 21 | cert: ((grootfs_remote_layer_tls.certificate)) 22 | key: ((grootfs_remote_layer_tls.private_key)) 23 | ca_cert: ((grootfs_remote_layer_tls.ca)) 24 | 25 | - type: replace 26 | path: /variables/- 27 | value: 28 | name: grootfs_remote_layer_tls 29 | type: certificate 30 | update_mode: converge 31 | options: 32 | ca: service_cf_internal_ca 33 | common_name: cell.service.cf.internal 34 | alternative_names: 35 | - cell.service.cf.internal 36 | - "*.cell.service.cf.internal" 37 | extended_key_usage: 38 | - client_auth 39 | - server_auth 40 | -------------------------------------------------------------------------------- /operations/experimental/enable-shadow-user-creation-by-org-managers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/allow_user_creation_by_org_manager? 4 | value: true 5 | 6 | - type: replace 7 | path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/cloud_controller_shadow_user_creation? 8 | value: 9 | authorities: scim.create 10 | authorized-grant-types: client_credentials 11 | override: true 12 | scope: uaa.none 13 | secret: "((uaa_clients_cloud_controller_shadow_user_creation_secret))" 14 | 15 | - type: replace 16 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/uaa/clients/cloud_controller_shadow_user_creation? 17 | value: 18 | secret: "((uaa_clients_cloud_controller_shadow_user_creation_secret))" 19 | 20 | - type: replace 21 | path: /variables/- 22 | value: 23 | name: uaa_clients_cloud_controller_shadow_user_creation_secret 24 | type: password -------------------------------------------------------------------------------- /operations/experimental/enable-tls-cloud-controller-postgres.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=database/jobs/name=postgres/properties/databases/tls? 4 | value: 5 | ca: "((postgres_tls.ca))" 6 | certificate: "((postgres_tls.certificate))" 7 | private_key: "((postgres_tls.private_key))" 8 | 9 | - type: replace 10 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/ccdb/address? 11 | value: sql-db.service.cf.internal 12 | 13 | - type: replace 14 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/ccdb/ca_cert? 15 | value: "((postgres_tls.ca))" 16 | 17 | - type: replace 18 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/ccdb/address? 19 | value: sql-db.service.cf.internal 20 | 21 | - type: replace 22 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/ccdb/ca_cert? 23 | value: "((postgres_tls.ca))" 24 | 25 | - type: replace 26 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/ccdb/address? 27 | value: sql-db.service.cf.internal 28 | 29 | - type: replace 30 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/ccdb/ca_cert? 31 | value: "((postgres_tls.ca))" 32 | 33 | - type: replace 34 | path: /instance_groups/name=scheduler/jobs/name=cc_deployment_updater/properties/ccdb/address? 35 | value: sql-db.service.cf.internal 36 | 37 | - type: replace 38 | path: /instance_groups/name=scheduler/jobs/name=cc_deployment_updater/properties/ccdb/ca_cert? 39 | value: "((postgres_tls.ca))" 40 | 41 | - type: replace 42 | path: /variables/name=postgres_ca? 43 | value: 44 | name: postgres_ca 45 | type: certificate 46 | options: 47 | common_name: postgres_ca 48 | is_ca: true 49 | 50 | - type: replace 51 | path: /variables/name=postgres_tls? 52 | value: 53 | name: postgres_tls 54 | type: certificate 55 | update_mode: converge 56 | options: 57 | ca: postgres_ca 58 | common_name: sql-db.service.cf.internal 59 | alternative_names: 60 | - sql-db.service.cf.internal 61 | extended_key_usage: 62 | - server_auth 63 | -------------------------------------------------------------------------------- /operations/experimental/enable-traffic-to-internal-networks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/default_running_security_groups/- 4 | value: internal 5 | 6 | - type: replace 7 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/security_group_definitions/- 8 | value: 9 | name: internal 10 | rules: 11 | - destination: 10.0.0.0-10.254.255.255 12 | protocol: all 13 | -------------------------------------------------------------------------------- /operations/experimental/example-vars-files/vars-override-otel-collector-exporters.yml: -------------------------------------------------------------------------------- 1 | --- 2 | otel_collector_config: 3 | receivers: 4 | otlp/placeholder: # no need to change, receivers are filled in automatically by the release 5 | 6 | processors: 7 | batch: 8 | 9 | exporters: 10 | file/traces: 11 | path: /tmp/otel-collector-traces.log 12 | file/metrics: 13 | path: /tmp/otel-collector-metrics.log 14 | file/logs: 15 | path: /tmp/otel-collector-logs.log 16 | # otlp/test: 17 | # endpoint: otelcol:4317 18 | 19 | service: 20 | pipelines: 21 | traces: 22 | receivers: [otlp/placeholder] # no need to change, receivers are filled in automatically by the release 23 | processors: [batch] 24 | exporters: 25 | - file/traces 26 | # - otlp/test 27 | metrics: 28 | receivers: [otlp/placeholder] # no need to change, receivers are filled in automatically by the release 29 | processors: [batch] 30 | exporters: 31 | - file/metrics 32 | # - otlp/test 33 | logs: 34 | receivers: [otlp/placeholder] # no need to change, receivers are filled in automatically by the release 35 | processors: [batch] 36 | exporters: 37 | - file/logs 38 | # - otlp/test 39 | -------------------------------------------------------------------------------- /operations/experimental/fast-deploy-with-downtime-and-danger.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /update/canaries 4 | value: 0 5 | 6 | - type: replace 7 | path: /update/max_in_flight 8 | value: 100% 9 | 10 | - type: replace 11 | path: /instance_groups/name=database/update/serial 12 | value: true 13 | - type: replace 14 | path: /instance_groups/name=singleton-blobstore/update/serial 15 | value: false 16 | - type: replace 17 | path: /instance_groups/name=router/update/serial 18 | value: false 19 | -------------------------------------------------------------------------------- /operations/experimental/infrastructure-metrics.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/- 3 | value: 4 | name: node-exporter 5 | sha1: 9ebf878679f3d0877a1a492bdb6ec6937fdf1f0f 6 | url: https://bosh.io/d/github.com/cloudfoundry-community/node-exporter-boshrelease?v=5.5.0 7 | version: 5.5.0 8 | - type: replace 9 | path: /addons/- 10 | value: 11 | exclude: 12 | jobs: 13 | - name: smoke_tests 14 | release: cf-smoke-tests 15 | include: 16 | stemcell: 17 | - os: ubuntu-bionic 18 | - os: ubuntu-jammy 19 | jobs: 20 | - name: node_exporter 21 | properties: 22 | node_exporter: 23 | collector: 24 | arp: 25 | enabled: false 26 | bcache: 27 | enabled: false 28 | bonding: 29 | enabled: false 30 | conntrack: 31 | enabled: false 32 | edac: 33 | enabled: false 34 | entropy: 35 | enabled: false 36 | filefd: 37 | enabled: false 38 | filesystem: 39 | enabled: false 40 | hwmon: 41 | enabled: false 42 | infiniband: 43 | enabled: false 44 | ipvs: 45 | enabled: false 46 | loadavg: 47 | enabled: false 48 | mdadm: 49 | enabled: false 50 | netdev: 51 | enabled: false 52 | nfs: 53 | enabled: false 54 | nfsd: 55 | enabled: false 56 | sockstat: 57 | enabled: false 58 | stat: 59 | enabled: false 60 | textfile: 61 | enabled: false 62 | time: 63 | enabled: false 64 | timex: 65 | enabled: false 66 | uname: 67 | enabled: false 68 | vmstat: 69 | enabled: false 70 | wifi: 71 | enabled: false 72 | xfs: 73 | enabled: false 74 | zfs: 75 | enabled: false 76 | release: node-exporter 77 | name: node_exporter 78 | -------------------------------------------------------------------------------- /operations/experimental/rootless-containers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Rootless configuration 3 | # Requires grootfs 0.27.0 or later, and garden-runc 1.9.5 or later. 4 | - type: replace 5 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/bpm?/enabled 6 | value: true 7 | 8 | - type: replace 9 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/diego/executor/garden?/address 10 | value: /var/vcap/data/garden/sockets/garden.sock 11 | 12 | - type: replace 13 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/listen_address? 14 | value: /var/vcap/data/garden/sockets/garden.sock 15 | 16 | - type: replace 17 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/network_plugin 18 | value: /var/vcap/packages/netplugin-shim/bin/garden-plugin 19 | 20 | - type: replace 21 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/network_plugin_extra_args 22 | value: 23 | - "--socket" 24 | - "/var/vcap/data/netplugin-server/sockets/network-shim.sock" 25 | 26 | - type: replace 27 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/additional_bpm_volumes? 28 | value: 29 | - "/var/vcap/data/rep/shared/garden" 30 | - "/var/vcap/data/netplugin-server/sockets" 31 | 32 | - type: replace 33 | path: /instance_groups/name=diego-cell/jobs/name=netplugin-server? 34 | value: 35 | name: netplugin-server 36 | release: garden-runc 37 | properties: 38 | netplugin-server: 39 | plugin_path: "/var/vcap/packages/runc-cni/bin/garden-external-networker" 40 | plugin_extra_args: 41 | - "--configFile" 42 | - "/var/vcap/jobs/garden-cni/config/adapter.json" 43 | 44 | - type: replace 45 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/experimental_rootless_mode? 46 | value: true 47 | 48 | - type: replace 49 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties?/grootfs/skip_mount 50 | value: true 51 | 52 | # Disable containerd 53 | - type: remove 54 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/containerd_mode? 55 | -------------------------------------------------------------------------------- /operations/experimental/set-cflinuxfs4-default-stack.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ### 3 | # Deprecated as we integrate cflinuxfs4 directly into cf-deployment.yml 4 | ### 5 | -------------------------------------------------------------------------------- /operations/experimental/set-cpu-weight-windows2019.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers/set_cpu_weight? 4 | value: true 5 | -------------------------------------------------------------------------------- /operations/experimental/set-cpu-weight.yml: -------------------------------------------------------------------------------- 1 | ../set-cpu-weight.yml -------------------------------------------------------------------------------- /operations/experimental/use-compiled-releases-windows.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/name=diego 3 | value: 4 | name: diego 5 | sha1: 2363fce2b345163b772cdd7f9db90be08d2f5831 6 | url: https://bosh.io/d/github.com/cloudfoundry/diego-release?v=2.117.0 7 | version: 2.117.0 8 | - type: replace 9 | path: /releases/name=garden-runc 10 | value: 11 | name: garden-runc 12 | sha1: f8a6aa5d71ff61d2e3b20a2e58b42bf9a7c7f404 13 | url: https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.72.0 14 | version: 1.72.0 15 | - type: replace 16 | path: /releases/name=loggregator-agent 17 | value: 18 | name: loggregator-agent 19 | sha1: c0871307d993aa1766982b04f312affa83bce926 20 | url: https://bosh.io/d/github.com/cloudfoundry/loggregator-agent-release?v=8.3.8 21 | version: 8.3.8 22 | -------------------------------------------------------------------------------- /operations/experimental/use-create-swap-delete-vm-strategy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /update/vm_strategy? 4 | value: "create-swap-delete" 5 | 6 | - type: replace 7 | path: /features?/use_dns_addresses 8 | value: true 9 | -------------------------------------------------------------------------------- /operations/experimental/use-mysql-version-8.0.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ### 3 | # Deprecated as we now use MySQL version 8.0 by default. 4 | ### 5 | -------------------------------------------------------------------------------- /operations/experimental/use-native-garden-runc-runner.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - type: remove 4 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/containerd_mode? 5 | -------------------------------------------------------------------------------- /operations/experimental/use-noble-stemcell.yml: -------------------------------------------------------------------------------- 1 | - path: /stemcells/alias=default 2 | type: replace 3 | value: 4 | alias: default 5 | os: ubuntu-noble 6 | version: latest 7 | - path: /addons/name=loggregator_agent/include/stemcell/- 8 | type: replace 9 | value: 10 | os: ubuntu-noble 11 | - path: /addons/name=forwarder_agent/include/stemcell/- 12 | type: replace 13 | value: 14 | os: ubuntu-noble 15 | - path: /addons/name=loggr-syslog-agent/include/stemcell/- 16 | type: replace 17 | value: 18 | os: ubuntu-noble 19 | - path: /addons/name=prom_scraper/include/stemcell/- 20 | type: replace 21 | value: 22 | os: ubuntu-noble 23 | - path: /addons/name=bpm/include/stemcell/- 24 | type: replace 25 | value: 26 | os: ubuntu-noble 27 | - path: /instance_groups/name=diego-cell/jobs/name=silk-cni/properties/dns_servers/0 28 | type: replace 29 | value: 169.254.0.53 30 | 31 | -------------------------------------------------------------------------------- /operations/experimental/use-trusted-ca-cert-for-apps-cflinuxfs4.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ### 3 | # Deprecated as we integrate cflinuxfs4 directly into cf-deployment.yml 4 | ### 5 | -------------------------------------------------------------------------------- /operations/openstack.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=diego-cell/vm_extensions? 4 | 5 | - type: remove 6 | path: /instance_groups/name=api/vm_extensions? 7 | 8 | - type: replace 9 | path: /instance_groups/name=diego-cell/vm_type? 10 | value: small-highmem-100GB-ephemeral-disk 11 | 12 | - type: replace 13 | path: /instance_groups/name=api/vm_type? 14 | value: small-50GB-ephemeral-disk 15 | -------------------------------------------------------------------------------- /operations/override-app-domains.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/app_domains 4 | value: ((app_domains)) 5 | - type: replace 6 | path: /instance_groups/name=smoke-tests/jobs/name=smoke_tests/properties/smoke_tests/apps_domain 7 | value: ((smoke_test_app_domain)) 8 | -------------------------------------------------------------------------------- /operations/scale-database-cluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=database/instances 4 | value: 3 5 | - type: replace 6 | path: /instance_groups/name=database/azs 7 | value: [z1, z2, z3] 8 | 9 | - type: replace 10 | path: /instance_groups/name=database/jobs/name=proxy/properties/shutdown_delay? 11 | value: 30 12 | -------------------------------------------------------------------------------- /operations/scale-to-one-az.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Use this override to only deploy single instance of each job, 3 | # in a single Availability Zone. This configuration is unlikely to 4 | # pass CATS with much parallelism. If you plan to run CATS, 5 | # consider deploying with the additional addon (scale-to-one-az-addon-parallel-cats.yml) 6 | # to scale CF to the minimum size required to pass CATS with 12 parallel threads. 7 | - type: replace 8 | path: /instance_groups/name=nats/instances 9 | value: 1 10 | - type: replace 11 | path: /instance_groups/name=diego-api/instances 12 | value: 1 13 | - type: replace 14 | path: /instance_groups/name=uaa/instances 15 | value: 1 16 | - type: replace 17 | path: /instance_groups/name=scheduler/instances 18 | value: 1 19 | - type: replace 20 | path: /instance_groups/name=diego-cell/instances 21 | value: 1 22 | - type: replace 23 | path: /instance_groups/name=router/instances 24 | value: 1 25 | - type: replace 26 | path: /instance_groups/name=api/instances 27 | value: 1 28 | - type: replace 29 | path: /instance_groups/name=cc-worker/instances 30 | value: 1 31 | - type: replace 32 | path: /instance_groups/name=doppler/instances 33 | value: 1 34 | - type: replace 35 | path: /instance_groups/name=log-api/instances 36 | value: 1 37 | - type: replace 38 | path: /instance_groups/name=tcp-router/instances 39 | value: 1 40 | - type: replace 41 | path: /instance_groups/name=credhub/instances 42 | value: 1 43 | 44 | - type: replace 45 | path: /instance_groups/name=nats/azs 46 | value: [ z1 ] 47 | - type: replace 48 | path: /instance_groups/name=diego-api/azs 49 | value: [ z1 ] 50 | - type: replace 51 | path: /instance_groups/name=uaa/azs 52 | value: [ z1 ] 53 | - type: replace 54 | path: /instance_groups/name=scheduler/azs 55 | value: [ z1 ] 56 | - type: replace 57 | path: /instance_groups/name=diego-cell/azs 58 | value: [ z1 ] 59 | - type: replace 60 | path: /instance_groups/name=router/azs 61 | value: [ z1 ] 62 | - type: replace 63 | path: /instance_groups/name=api/azs 64 | value: [ z1 ] 65 | - type: replace 66 | path: /instance_groups/name=cc-worker/azs 67 | value: [ z1 ] 68 | - type: replace 69 | path: /instance_groups/name=doppler/azs 70 | value: [ z1 ] 71 | - type: replace 72 | path: /instance_groups/name=log-cache/azs 73 | value: [ z1 ] 74 | - type: replace 75 | path: /instance_groups/name=log-api/azs 76 | value: [ z1 ] 77 | - type: replace 78 | path: /instance_groups/name=tcp-router/azs 79 | value: [ z1 ] 80 | - type: replace 81 | path: /instance_groups/name=credhub/azs 82 | value: [ z1 ] 83 | -------------------------------------------------------------------------------- /operations/set-bbs-active-key.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-api/jobs/name=bbs/properties/diego/bbs/active_key_label 4 | value: "((diego_bbs_active_key_label))" 5 | - type: replace 6 | path: /instance_groups/name=diego-api/jobs/name=bbs/properties/diego/bbs/encryption_keys/0/label 7 | value: "((diego_bbs_active_key_label))" 8 | -------------------------------------------------------------------------------- /operations/set-cpu-weight.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/set_cpu_weight? 4 | value: true 5 | -------------------------------------------------------------------------------- /operations/set-router-static-ips.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=router/networks 4 | value: 5 | - name: default 6 | static_ips: ((router_static_ips)) 7 | 8 | -------------------------------------------------------------------------------- /operations/stop-skipping-tls-validation.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=smoke-tests/jobs/name=smoke_tests/properties/smoke_tests/skip_ssl_validation 4 | 5 | - type: remove 6 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/ssl/skip_cert_verify 7 | 8 | - type: remove 9 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/ssl/skip_cert_verify 10 | 11 | - type: remove 12 | path: /instance_groups/name=log-api/jobs/name=loggregator_trafficcontroller/properties/ssl/skip_cert_verify -------------------------------------------------------------------------------- /operations/test/README.md: -------------------------------------------------------------------------------- 1 | # cf-deployment Test Ops-files 2 | 3 | This is the README for Test Ops-files. To learn more about `cf-deployment`, go to the main [README](../../README.md). 4 | 5 | The opsfile in this directory are meant for testing and are **not meant for production environments**. 6 | 7 | They may change without notice. 8 | 9 | - For General Ops-files, check out the [Ops-file README](../README.md). 10 | - For Addons Ops-files that can be applied to manifests or runtime configs, check out the [Addons Ops-file README](../addons/README.md). 11 | - For Backup and Restore Ops-files (for configuring your deployment for use with [BBR](https://github.com/cloudfoundry-incubator/bosh-backup-and-restore)), checkout the [Backup and Restore Ops-files README](../backup-and-restore/README.md). 12 | - For Community Ops-files, check out the [Community Ops-file README](../community/README.md). 13 | - For Experimental Ops-files, check out the [Experimental Ops-file README](../experimental/README.md). 14 | 15 | | Name | Purpose | Notes | 16 | |:--- |:--- |:--- | 17 | | [`add-oidc-provider.yml `](add-oidc-provider.yml) | Allows testing of UAA with users authenticated via an OIDC provider | Creates a second UAA instance group that acts as the OIDC provider | 18 | | [`enable-nfs-test-server.yml`](enable-nfs-test-server.yml) | adds an NFS server to the deployment | nfstestserver can be reached at nfstestserver.service.cf.internal for acceptance testing purposes | 19 | | [`enable-nfs-test-ldapserver.yml`](enable-nfs-test-ldapserver.yml) | Adds an LDAP server to the deployment to allow testing of NFS volume services configured with LDAP authentication | Requires enable-nfs-volume-service.yml and enable-nfs-test-server.yml. nfstestldapserver can be reached at nfstestldapserver.service.cf.internal | 20 | | [`enable-smb-test-server.yml`](enable-smb-test-server.yml) | adds an SMB server to the deployment | smbtestserver can be reached at smbtestserver.service.cf.internal for acceptance testing purposes | 21 | | [`fips-stemcell.yml`](fips-stemcell.yml) | Contains the validated version of the FIPS-compliant stemcell | 22 | | [`speed-up-dynamic-asgs.yml`](speed-up-dynamic-asgs.yml) | decreases the polling time for policy-server-asg-syncer and vxlan-policy-agent to speed up cf-acceptance-tests | Not suitable for production envs | 23 | | [`set-smoke-test-timeout-scale.yml`](set-smoke-test-timeout-scale.yml) | set the timeout scale to 5 | used when retrieving logs in the smoke tests timeout. usualy happens with gcp enviorments that do not have a ephemeral ips | -------------------------------------------------------------------------------- /operations/test/add-datadog-firehose-nozzle.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/datadog-firehose-nozzle? 3 | value: 4 | access-token-validity: 1209600 5 | authorities: oauth.login,doppler.firehose 6 | authorized-grant-types: client_credentials,refresh_token 7 | override: true 8 | scopes: 9 | - openid 10 | - oauth.approvals 11 | - doppler.firehose 12 | secret: ((uaa_clients_datadog-firehose-nozzle_secret)) 13 | - type: replace 14 | path: /instance_groups/- 15 | value: 16 | azs: 17 | - z1 18 | instances: 1 19 | jobs: 20 | - name: datadog-firehose-nozzle 21 | properties: 22 | datadog: 23 | api_key: ((datadog_api_key)) 24 | flush_duration_seconds: 15 25 | metric_prefix: ((datadog_metric_prefix)) 26 | loggregator: 27 | traffic_controller_url: wss://doppler.((system_domain)):((traffic_controller_external_port)) 28 | nozzle: 29 | deployment: cf 30 | insecure_ssl_skip_verify: true 31 | subscription_id: datadog-nozzle 32 | uaa: 33 | client: datadog-firehose-nozzle 34 | client_secret: ((uaa_clients_datadog-firehose-nozzle_secret)) 35 | url: https://uaa.((system_domain)) 36 | release: datadog-firehose-nozzle 37 | name: nozzle 38 | networks: 39 | - name: default 40 | persistent_disk_type: 5GB 41 | stemcell: default 42 | vm_type: minimal 43 | - type: replace 44 | path: /variables/- 45 | value: 46 | name: uaa_clients_datadog-firehose-nozzle_secret 47 | type: password 48 | - type: replace 49 | path: /releases/- 50 | value: 51 | name: datadog-firehose-nozzle 52 | sha1: 3bc3b7ccb718f35efdf693fc1d4f47e34a8142c3 53 | url: https://bosh.io/d/github.com/DataDog/datadog-firehose-nozzle-release?v=87 54 | version: "87" 55 | -------------------------------------------------------------------------------- /operations/test/alter-ssh-proxy-redirect-uri.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/ssh-proxy/redirect-uri 4 | value: http://localhost/ 5 | -------------------------------------------------------------------------------- /operations/test/enable-nfs-test-ldapserver.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=nfstestserver/jobs/- 3 | value: 4 | name: nfstestldapserver 5 | release: nfs-volume 6 | properties: 7 | ldap: 8 | ssl: 9 | active: true 10 | ca_cert: ((ldap_server_ssl.ca)) 11 | server_cert: ((ldap_server_ssl.certificate)) 12 | server_key: ((ldap_server_ssl.private_key)) 13 | 14 | - type: replace 15 | path: /addons/name=bosh-dns-aliases/jobs/name=bosh-dns-aliases/properties/aliases/domain=nfstestldapserver.service.cf.internal? 16 | value: 17 | domain: nfstestldapserver.service.cf.internal 18 | targets: 19 | - query: '*' 20 | instance_group: nfstestserver 21 | deployment: cf 22 | network: default 23 | domain: bosh 24 | 25 | - type: replace 26 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_ca_cert? 27 | value: ((ldap_server_ssl.ca)) 28 | 29 | - type: replace 30 | path: /variables/- 31 | value: 32 | name: ldap_test_server_ca 33 | type: certificate 34 | options: 35 | common_name: ldap_test_server_ca 36 | is_ca: true 37 | 38 | - type: replace 39 | path: /variables/- 40 | value: 41 | name: ldap_server_ssl 42 | type: certificate 43 | update_mode: converge 44 | options: 45 | ca: ldap_test_server_ca 46 | common_name: nfstestldapserver.service.cf.internal 47 | alternative_names: 48 | - nfstestldapserver.service.cf.internal 49 | -------------------------------------------------------------------------------- /operations/test/enable-nfs-test-server.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/- 3 | value: 4 | name: nfstestserver 5 | azs: [z1] 6 | instances: 1 7 | stemcell: default 8 | vm_type: medium 9 | networks: [ name: default ] 10 | jobs: 11 | - name: nfstestserver 12 | release: nfs-volume 13 | properties: 14 | nfstestserver: {} 15 | 16 | - type: replace 17 | path: /addons/name=bosh-dns-aliases/jobs/name=bosh-dns-aliases/properties/aliases/domain=nfstestserver.service.cf.internal? 18 | value: 19 | domain: nfstestserver.service.cf.internal 20 | targets: 21 | - query: '*' 22 | instance_group: nfstestserver 23 | deployment: cf 24 | network: default 25 | domain: bosh 26 | -------------------------------------------------------------------------------- /operations/test/enable-smb-test-server.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/- 3 | value: 4 | name: smbtestserver 5 | azs: [z1] 6 | instances: 1 7 | stemcell: default 8 | vm_type: medium 9 | persistent_disk_type: 10GB 10 | networks: [ name: default ] 11 | jobs: 12 | - name: smbtestserver 13 | release: smb-volume 14 | properties: 15 | username: ((smb-username)) 16 | password: ((smb-password)) 17 | 18 | - type: replace 19 | path: /addons/name=bosh-dns-aliases/jobs/name=bosh-dns-aliases/properties/aliases/domain=smbtestserver.service.cf.internal? 20 | value: 21 | domain: smbtestserver.service.cf.internal 22 | targets: 23 | - query: '*' 24 | instance_group: smbtestserver 25 | deployment: cf 26 | network: default 27 | domain: bosh 28 | -------------------------------------------------------------------------------- /operations/test/fips-stemcell.yml: -------------------------------------------------------------------------------- 1 | - path: /stemcells/- 2 | type: replace 3 | value: 4 | alias: default 5 | os: ubuntu-jammy 6 | version: "1.829" 7 | -------------------------------------------------------------------------------- /operations/test/scale-to-one-az-addon-parallel-cats.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Use this after the scale-to-one-az ops file to scale up to minimal size 3 | # in order to run CATS quickly without flakes and 12 threads 4 | - type: replace 5 | path: /instance_groups/name=diego-cell/instances 6 | value: 2 7 | - type: replace 8 | path: /instance_groups/name=diego-cell/vm_type 9 | value: medium 10 | - type: replace 11 | path: /instance_groups/name=api/instances 12 | value: 2 13 | 14 | -------------------------------------------------------------------------------- /operations/test/set-smoke-test-timeout-scale.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=smoke-tests/jobs/name=smoke_tests/properties/smoke_tests/timeout_scale? 4 | value: 5 5 | -------------------------------------------------------------------------------- /operations/test/speed-up-dynamic-asgs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=policy-server-asg-syncer/properties/asg_poll_interval_seconds? 4 | value: 1 5 | - type: replace 6 | path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/properties/asg_poll_interval_seconds? 7 | value: 1 8 | -------------------------------------------------------------------------------- /operations/test/use-cflinuxfs4-compat-isolation-segment-diego-cell.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=isolated-diego-cell/jobs/name=cflinuxfs4-rootfs-setup? 3 | value: 4 | name: cflinuxfs4-rootfs-setup 5 | properties: 6 | cflinuxfs4-rootfs: 7 | trusted_certs: 8 | - ((diego_instance_identity_ca.ca)) 9 | - ((credhub_tls.ca)) 10 | - ((uaa_ssl.ca)) 11 | release: cflinuxfs4-compat 12 | -------------------------------------------------------------------------------- /operations/use-absolute-cpu-entitlement-persistent-isolation-segment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=isolated-diego-cell/jobs/name=rep/properties/loggregator/app_metric_exclusion_filter? 4 | value: 5 | - cpu_entitlement 6 | -------------------------------------------------------------------------------- /operations/use-absolute-cpu-entitlement-windows2019.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/loggregator/app_metric_exclusion_filter? 4 | value: 5 | - cpu_entitlement 6 | -------------------------------------------------------------------------------- /operations/use-absolute-cpu-entitlement.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/loggregator/app_metric_exclusion_filter? 4 | value: 5 | - cpu_entitlement 6 | -------------------------------------------------------------------------------- /operations/use-alicloud-oss-blobstore-to-multi-bucket.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Note: Capi release version 1.61.0 or more is required to use Alibaba Cloud OSS as CF blobstore. 3 | 4 | - type: replace 5 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/buildpacks/fog_connection 6 | error: "Please apply 'use-external-blobstore.yml' before applying 'use-alicloud-oss-blobstore-to-multi-bucket.yml'." 7 | value: &buildpacks-blobstore-properties 8 | provider: aliyun 9 | aliyun_accesskey_id: ((blobstore_access_key_id)) 10 | aliyun_accesskey_secret: ((blobstore_secret_access_key)) 11 | aliyun_region_id: ((blobstore_region)) 12 | aliyun_oss_bucket: ((buildpack_directory_key)) 13 | 14 | - type: replace 15 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/droplets/fog_connection 16 | value: &droplets-blobstore-properties 17 | provider: aliyun 18 | aliyun_accesskey_id: ((blobstore_access_key_id)) 19 | aliyun_accesskey_secret: ((blobstore_secret_access_key)) 20 | aliyun_region_id: ((blobstore_region)) 21 | aliyun_oss_bucket: ((droplet_directory_key)) 22 | 23 | - type: replace 24 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/packages/fog_connection 25 | value: &packages-blobstore-properties 26 | provider: aliyun 27 | aliyun_accesskey_id: ((blobstore_access_key_id)) 28 | aliyun_accesskey_secret: ((blobstore_secret_access_key)) 29 | aliyun_region_id: ((blobstore_region)) 30 | aliyun_oss_bucket: ((app_package_directory_key)) 31 | 32 | - type: replace 33 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/resource_pool/fog_connection 34 | value: &resources-blobstore-properties 35 | provider: aliyun 36 | aliyun_accesskey_id: ((blobstore_access_key_id)) 37 | aliyun_accesskey_secret: ((blobstore_secret_access_key)) 38 | aliyun_region_id: ((blobstore_region)) 39 | aliyun_oss_bucket: ((resource_directory_key)) 40 | 41 | - type: replace 42 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/buildpacks/fog_connection 43 | value: *buildpacks-blobstore-properties 44 | 45 | - type: replace 46 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/droplets/fog_connection 47 | value: *droplets-blobstore-properties 48 | 49 | - type: replace 50 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/packages/fog_connection 51 | value: *packages-blobstore-properties 52 | 53 | - type: replace 54 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/resource_pool/fog_connection 55 | value: *resources-blobstore-properties 56 | 57 | - type: replace 58 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/buildpacks/fog_connection 59 | value: *buildpacks-blobstore-properties 60 | 61 | - type: replace 62 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/droplets/fog_connection 63 | value: *droplets-blobstore-properties 64 | 65 | - type: replace 66 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/packages/fog_connection 67 | value: *packages-blobstore-properties 68 | 69 | - type: replace 70 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/resource_pool/fog_connection 71 | value: *resources-blobstore-properties -------------------------------------------------------------------------------- /operations/use-alicloud-oss-blobstore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Note: Capi release version 1.61.0 or more is required to use Alibaba Cloud OSS as CF blobstore. 3 | 4 | - type: replace 5 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/buildpacks/fog_connection 6 | error: "Please apply 'use-external-blobstore.yml' before applying 'use-alicloud-oss-blobstore.yml'." 7 | value: &blobstore-properties 8 | provider: aliyun 9 | aliyun_accesskey_id: ((blobstore_access_key_id)) 10 | aliyun_accesskey_secret: ((blobstore_secret_access_key)) 11 | aliyun_region_id: ((blobstore_region)) 12 | aliyun_oss_bucket: ((blobstore_bucket_name)) 13 | 14 | - type: replace 15 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/droplets/fog_connection 16 | value: *blobstore-properties 17 | 18 | - type: replace 19 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/packages/fog_connection 20 | value: *blobstore-properties 21 | 22 | - type: replace 23 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/resource_pool/fog_connection 24 | value: *blobstore-properties 25 | 26 | - type: replace 27 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/buildpacks/fog_connection 28 | value: *blobstore-properties 29 | 30 | - type: replace 31 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/droplets/fog_connection 32 | value: *blobstore-properties 33 | 34 | - type: replace 35 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/packages/fog_connection 36 | value: *blobstore-properties 37 | 38 | - type: replace 39 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/resource_pool/fog_connection 40 | value: *blobstore-properties 41 | 42 | - type: replace 43 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/buildpacks/fog_connection 44 | value: *blobstore-properties 45 | 46 | - type: replace 47 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/droplets/fog_connection 48 | value: *blobstore-properties 49 | 50 | - type: replace 51 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/packages/fog_connection 52 | value: *blobstore-properties 53 | 54 | - type: replace 55 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/resource_pool/fog_connection 56 | value: *blobstore-properties 57 | -------------------------------------------------------------------------------- /operations/use-azure-storage-blobstore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/buildpacks/fog_connection 4 | error: "Please apply 'use-external-blobstore.yml' before applying 'use-azure-storage-blobstore.yml'." 5 | value: &blobstore-properties 6 | provider: AzureRM 7 | environment: ((environment)) 8 | azure_storage_account_name: ((blobstore_storage_account_name)) 9 | azure_storage_access_key: ((blobstore_storage_access_key)) 10 | 11 | - type: replace 12 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/droplets/fog_connection 13 | value: *blobstore-properties 14 | 15 | - type: replace 16 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/packages/fog_connection 17 | value: *blobstore-properties 18 | 19 | - type: replace 20 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/resource_pool/fog_connection 21 | value: *blobstore-properties 22 | 23 | - type: replace 24 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/buildpacks/fog_connection 25 | value: *blobstore-properties 26 | 27 | - type: replace 28 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/droplets/fog_connection 29 | value: *blobstore-properties 30 | 31 | - type: replace 32 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/packages/fog_connection 33 | value: *blobstore-properties 34 | 35 | - type: replace 36 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/resource_pool/fog_connection 37 | value: *blobstore-properties 38 | 39 | - type: replace 40 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/buildpacks/fog_connection 41 | value: *blobstore-properties 42 | 43 | - type: replace 44 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/droplets/fog_connection 45 | value: *blobstore-properties 46 | 47 | - type: replace 48 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/packages/fog_connection 49 | value: *blobstore-properties 50 | 51 | - type: replace 52 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/resource_pool/fog_connection 53 | value: *blobstore-properties 54 | -------------------------------------------------------------------------------- /operations/use-blobstore-cdn.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/droplets/cdn?/uri 4 | value: ((droplets_cdn_uri)) 5 | - type: replace 6 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/droplets/cdn?/key_pair_id 7 | value: ((cdn_key_pair_id)) 8 | - type: replace 9 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/droplets/cdn?/private_key 10 | value: ((cdn_private_key)) 11 | 12 | - type: replace 13 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/droplets/cdn?/uri 14 | value: ((droplets_cdn_uri)) 15 | - type: replace 16 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/droplets/cdn?/key_pair_id 17 | value: ((cdn_key_pair_id)) 18 | - type: replace 19 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/droplets/cdn?/private_key 20 | value: ((cdn_private_key)) 21 | 22 | - type: replace 23 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/droplets/cdn?/uri 24 | value: ((droplets_cdn_uri)) 25 | - type: replace 26 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/droplets/cdn?/key_pair_id 27 | value: ((cdn_key_pair_id)) 28 | - type: replace 29 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/droplets/cdn?/private_key 30 | value: ((cdn_private_key)) 31 | 32 | - type: replace 33 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/resource_pool/cdn?/uri 34 | value: ((resource_pool_cdn_uri)) 35 | - type: replace 36 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/resource_pool/cdn?/key_pair_id 37 | value: ((cdn_key_pair_id)) 38 | - type: replace 39 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/resource_pool/cdn?/private_key 40 | value: ((cdn_private_key)) 41 | 42 | - type: replace 43 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/resource_pool/cdn?/uri 44 | value: ((resource_pool_cdn_uri)) 45 | - type: replace 46 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/resource_pool/cdn?/key_pair_id 47 | value: ((cdn_key_pair_id)) 48 | - type: replace 49 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/resource_pool/cdn?/private_key 50 | value: ((cdn_private_key)) 51 | 52 | - type: replace 53 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/resource_pool/cdn?/uri 54 | value: ((resource_pool_cdn_uri)) 55 | - type: replace 56 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/resource_pool/cdn?/key_pair_id 57 | value: ((cdn_key_pair_id)) 58 | - type: replace 59 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/resource_pool/cdn?/private_key 60 | value: ((cdn_private_key)) 61 | -------------------------------------------------------------------------------- /operations/use-cflinuxfs4-compat.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup? 3 | value: 4 | name: cflinuxfs4-rootfs-setup 5 | properties: 6 | cflinuxfs4-rootfs: 7 | trusted_certs: 8 | - ((diego_instance_identity_ca.ca)) 9 | - ((credhub_tls.ca)) 10 | - ((uaa_ssl.ca)) 11 | release: cflinuxfs4-compat 12 | - type: replace 13 | path: /releases/name=cflinuxfs4 14 | value: 15 | name: cflinuxfs4-compat 16 | sha1: b1a1a95d0dd2cdeacfeb0498ca72f8b000549c72 17 | url: https://bosh.io/d/github.com/cloudfoundry/cflinuxfs4-compat-release?v=1.267.0 18 | version: 1.267.0 19 | -------------------------------------------------------------------------------- /operations/use-gcs-blobstore-access-key.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/buildpacks/fog_connection 4 | error: "Please apply 'use-external-blobstore.yml' before applying 'use-gcs-blobstore-access-key.yml'." 5 | value: &blobstore-properties 6 | provider: Google 7 | google_storage_access_key_id: ((blobstore_access_key_id)) 8 | google_storage_secret_access_key: ((blobstore_secret_access_key)) 9 | 10 | - type: replace 11 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/droplets/fog_connection 12 | value: *blobstore-properties 13 | 14 | - type: replace 15 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/packages/fog_connection 16 | value: *blobstore-properties 17 | 18 | - type: replace 19 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/resource_pool/fog_connection 20 | value: *blobstore-properties 21 | 22 | - type: replace 23 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/buildpacks/fog_connection 24 | value: *blobstore-properties 25 | 26 | - type: replace 27 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/droplets/fog_connection 28 | value: *blobstore-properties 29 | 30 | - type: replace 31 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/packages/fog_connection 32 | value: *blobstore-properties 33 | 34 | - type: replace 35 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/resource_pool/fog_connection 36 | value: *blobstore-properties 37 | 38 | - type: replace 39 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/buildpacks/fog_connection 40 | value: *blobstore-properties 41 | 42 | - type: replace 43 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/droplets/fog_connection 44 | value: *blobstore-properties 45 | 46 | - type: replace 47 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/packages/fog_connection 48 | value: *blobstore-properties 49 | 50 | - type: replace 51 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/resource_pool/fog_connection 52 | value: *blobstore-properties 53 | -------------------------------------------------------------------------------- /operations/use-gcs-blobstore-service-account.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/buildpacks/fog_connection 4 | error: "Please apply 'use-external-blobstore.yml' before applying 'use-gcs-blobstore-service-account.yml'." 5 | value: &blobstore-properties 6 | provider: Google 7 | google_project: ((gcs_project)) 8 | google_client_email: ((gcs_service_account_email)) 9 | google_json_key_string: ((gcs_service_account_json_key)) 10 | 11 | - type: replace 12 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/droplets/fog_connection 13 | value: *blobstore-properties 14 | 15 | - type: replace 16 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/packages/fog_connection 17 | value: *blobstore-properties 18 | 19 | - type: replace 20 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/resource_pool/fog_connection 21 | value: *blobstore-properties 22 | 23 | 24 | - type: replace 25 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/buildpacks/fog_connection 26 | value: *blobstore-properties 27 | 28 | - type: replace 29 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/droplets/fog_connection 30 | value: *blobstore-properties 31 | 32 | - type: replace 33 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/packages/fog_connection 34 | value: *blobstore-properties 35 | 36 | - type: replace 37 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/resource_pool/fog_connection 38 | value: *blobstore-properties 39 | 40 | 41 | - type: replace 42 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/buildpacks/fog_connection 43 | value: *blobstore-properties 44 | 45 | - type: replace 46 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/droplets/fog_connection 47 | value: *blobstore-properties 48 | 49 | - type: replace 50 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/packages/fog_connection 51 | value: *blobstore-properties 52 | 53 | - type: replace 54 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/resource_pool/fog_connection 55 | value: *blobstore-properties 56 | -------------------------------------------------------------------------------- /operations/use-haproxy-public-network.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=haproxy/networks/name=default/static_ips 4 | 5 | - type: replace 6 | path: /instance_groups/name=haproxy/networks/name=default/default? 7 | value: [dns, gateway] 8 | 9 | - type: replace 10 | path: /instance_groups/name=haproxy/networks/- 11 | value: 12 | name: ((haproxy_public_network_name)) 13 | static_ips: [((haproxy_public_ip))] 14 | 15 | - type: replace 16 | path: /instance_groups/name=haproxy/vm_extensions?/- 17 | value: cf-haproxy-network-properties 18 | -------------------------------------------------------------------------------- /operations/use-haproxy.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/- 3 | value: 4 | name: haproxy 5 | sha1: e81d8f77be379f115691fcf882589c8052b18157 6 | url: https://bosh.io/d/github.com/cloudfoundry-incubator/haproxy-boshrelease?v=15.2.0%2B2.8.15 7 | version: 15.2.0+2.8.15 8 | - type: remove 9 | path: /instance_groups/name=router/vm_extensions 10 | - type: remove 11 | path: /instance_groups/name=tcp-router/vm_extensions 12 | - type: remove 13 | path: /instance_groups/name=scheduler/vm_extensions 14 | - type: replace 15 | path: /instance_groups/name=smoke-tests:before 16 | value: 17 | azs: 18 | - z1 19 | instances: 1 20 | jobs: 21 | - name: haproxy 22 | properties: 23 | ha_proxy: 24 | backend_ca_file: ((router_ssl.ca)) 25 | backend_port: 443 26 | backend_ssl: verify 27 | ssl_pem: ((haproxy_ssl.certificate))((haproxy_ssl.private_key)) 28 | tcp_link_port: 2222 29 | release: haproxy 30 | name: haproxy 31 | networks: 32 | - name: default 33 | static_ips: 34 | - ((haproxy_private_ip)) 35 | stemcell: default 36 | vm_type: minimal 37 | - type: replace 38 | path: /variables/- 39 | value: 40 | name: haproxy_ca 41 | options: 42 | common_name: haproxyCA 43 | is_ca: true 44 | type: certificate 45 | - type: replace 46 | path: /variables/- 47 | value: 48 | name: haproxy_ssl 49 | options: 50 | alternative_names: 51 | - ((system_domain)) 52 | - '*.((system_domain))' 53 | ca: haproxy_ca 54 | common_name: haproxySSL 55 | type: certificate 56 | -------------------------------------------------------------------------------- /operations/use-internal-lookup-for-route-services.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/route_services_internal_lookup? 4 | value: true 5 | -------------------------------------------------------------------------------- /operations/use-latest-stemcell.yml: -------------------------------------------------------------------------------- 1 | - path: /stemcells/alias=default/version 2 | type: replace 3 | value: latest 4 | -------------------------------------------------------------------------------- /operations/use-latest-windows2019-stemcell.yml: -------------------------------------------------------------------------------- 1 | - path: /stemcells/alias=windows2019/version 2 | type: replace 3 | value: latest 4 | -------------------------------------------------------------------------------- /operations/use-offline-windows2019fs.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=windows2019-cell/jobs/name=windows2019fs? 3 | value: 4 | name: windows2019fs 5 | properties: 6 | windows-rootfs: 7 | trusted_certs: | 8 | ((diego_instance_identity_ca.ca)) 9 | ((credhub_tls.ca)) 10 | ((uaa_ssl.ca)) 11 | release: windows2019fs 12 | - type: replace 13 | path: /releases/name=windows2019fs? 14 | value: 15 | name: windows2019fs 16 | version: 2.83.0 17 | -------------------------------------------------------------------------------- /operations/use-online-windows2019fs.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=windows2019-cell/jobs/name=windows2019fs? 3 | value: 4 | name: windows2019fs 5 | properties: 6 | windows-rootfs: 7 | trusted_certs: | 8 | ((diego_instance_identity_ca.ca)) 9 | ((credhub_tls.ca)) 10 | ((uaa_ssl.ca)) 11 | release: windowsfs 12 | - type: replace 13 | path: /releases/name=windowsfs? 14 | value: 15 | name: windowsfs 16 | sha1: 1feac75150ece1ce088f909a12c3c08d7407d50f 17 | url: https://bosh.io/d/github.com/cloudfoundry/windowsfs-online-release?v=2.83.0 18 | version: 2.83.0 19 | -------------------------------------------------------------------------------- /operations/use-operator-provided-router-tls-certificates.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/tls_pem 4 | value: ((router_tls_pem)) 5 | - type: remove 6 | path: /variables/name=router_ssl 7 | - type: remove 8 | path: /variables/name=router_ca 9 | -------------------------------------------------------------------------------- /operations/use-s3-blobstore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/buildpacks/fog_connection 4 | error: "Please apply 'use-external-blobstore.yml' before applying 'use-s3-blobstore.yml'." 5 | value: &blobstore-properties 6 | provider: AWS 7 | aws_access_key_id: ((blobstore_access_key_id)) 8 | aws_secret_access_key: ((blobstore_secret_access_key)) 9 | region: ((aws_region)) 10 | 11 | - type: replace 12 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/droplets/fog_connection 13 | value: *blobstore-properties 14 | 15 | - type: replace 16 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/packages/fog_connection 17 | value: *blobstore-properties 18 | 19 | - type: replace 20 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/resource_pool/fog_connection 21 | value: *blobstore-properties 22 | 23 | - type: replace 24 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/buildpacks/fog_connection 25 | value: *blobstore-properties 26 | 27 | - type: replace 28 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/droplets/fog_connection 29 | value: *blobstore-properties 30 | 31 | - type: replace 32 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/packages/fog_connection 33 | value: *blobstore-properties 34 | 35 | - type: replace 36 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/resource_pool/fog_connection 37 | value: *blobstore-properties 38 | 39 | - type: replace 40 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/buildpacks/fog_connection 41 | value: *blobstore-properties 42 | 43 | - type: replace 44 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/droplets/fog_connection 45 | value: *blobstore-properties 46 | 47 | - type: replace 48 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/packages/fog_connection 49 | value: *blobstore-properties 50 | 51 | - type: replace 52 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/resource_pool/fog_connection 53 | value: *blobstore-properties 54 | -------------------------------------------------------------------------------- /operations/use-swift-blobstore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/buildpacks/fog_connection 4 | error: "Please apply 'use-external-blobstore.yml' before applying 'use-swift-blobstore.yml'." 5 | value: &blobstore-properties 6 | provider: OpenStack 7 | openstack_api_key: ((openstack_password)) 8 | openstack_auth_url: ((auth_url)) 9 | openstack_domain_name: ((openstack_domain)) 10 | openstack_project_name: ((openstack_project)) 11 | openstack_temp_url_key: ((openstack_temp_url_key)) 12 | openstack_username: ((openstack_username)) 13 | 14 | - type: replace 15 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/droplets/fog_connection 16 | value: *blobstore-properties 17 | 18 | - type: replace 19 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/packages/fog_connection 20 | value: *blobstore-properties 21 | 22 | - type: replace 23 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/resource_pool/fog_connection 24 | value: *blobstore-properties 25 | 26 | - type: replace 27 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/buildpacks/fog_connection 28 | value: *blobstore-properties 29 | 30 | - type: replace 31 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/droplets/fog_connection 32 | value: *blobstore-properties 33 | 34 | - type: replace 35 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/packages/fog_connection 36 | value: *blobstore-properties 37 | 38 | - type: replace 39 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/resource_pool/fog_connection 40 | value: *blobstore-properties 41 | 42 | - type: replace 43 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/buildpacks/fog_connection 44 | value: *blobstore-properties 45 | 46 | - type: replace 47 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/droplets/fog_connection 48 | value: *blobstore-properties 49 | 50 | - type: replace 51 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/packages/fog_connection 52 | value: *blobstore-properties 53 | 54 | - type: replace 55 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/resource_pool/fog_connection 56 | value: *blobstore-properties 57 | -------------------------------------------------------------------------------- /operations/use-trusted-ca-cert-for-apps.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs/- 4 | value: ((trusted_cert_for_apps.ca)) 5 | 6 | - type: replace 7 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates/- 8 | value: ((trusted_cert_for_apps.ca)) 9 | -------------------------------------------------------------------------------- /scripts/test: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -ue 4 | 5 | exit_code=0 6 | GREEN='\033[0;32m' 7 | LIGHT_GREEN='\033[0;92m' 8 | RED='\033[0;31m' 9 | LIGHT_RED='\033[1;31m' 10 | YELLOW='\033[0;93m' 11 | NOCOLOR='\033[0m' 12 | 13 | script_home="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 14 | home="$( cd "${script_home}/.." && pwd )" 15 | 16 | # suite_name should be defined by each of our test suite functions 17 | suite_name="UNDEFINED" 18 | 19 | # Grab each of our test suites, exercised by test_opsfile_interpolation() 20 | for script in `ls ${script_home}/*.sh`; do 21 | source $script 22 | done 23 | 24 | # If we get killed, kill backgrounded processes 25 | trap 'kill $(jobs -p) > /dev/null 2>&1' SIGTERM SIGINT 26 | 27 | fail() { 28 | echo -e "${RED} FAIL - ${LIGHT_RED} $suite_name ${RED} - ${NOCOLOR} $1" 29 | exit_code=1 30 | } 31 | 32 | pass() { 33 | echo -e "${GREEN} PASS - ${YELLOW} $suite_name ${GREEN} - ${NOCOLOR} $1" 34 | } 35 | 36 | interpolate() { 37 | if [[ ${1} == output:* ]]; then 38 | interpolation_output=$1 39 | empty_string="" 40 | interpolation_output="${interpolation_output/output: /$empty_string}"; shift 41 | else 42 | interpolation_output=/dev/null 43 | fi 44 | 45 | local vars_store=$(mktemp) 46 | cp ${home}/scripts/fixtures/unit-test-vars-store.yml $vars_store 47 | 48 | bosh interpolate --vars-store $vars_store --var-errs -v system_domain=foo.bar.com ${home}/cf-deployment.yml $@ > $interpolation_output 49 | local exit_code=$? 50 | 51 | rm $vars_store 52 | return $exit_code 53 | } 54 | 55 | test_opsfile_interpolation() { 56 | test_backup_and_restore_ops & 57 | 58 | for job in $(jobs -p); do 59 | wait $job || exit_code=1 60 | done 61 | } 62 | main() { 63 | local ops_directories 64 | local ops_directories_without_test 65 | local ops_directories_without_community 66 | 67 | ops_directories=$(find operations \ 68 | -type d \ 69 | -not -name 'example-vars-files') 70 | ops_directories_without_test="$(echo "${ops_directories}" | grep -v -e test)" 71 | ops_directories_without_community="$(echo "${ops_directories}" | grep -v -e community)" 72 | 73 | echo 74 | echo -e "${LIGHT_GREEN} ***** Begin interpolation operations tests ***** ${NOCOLOR}" 75 | test_opsfile_interpolation 76 | 77 | echo 78 | if [ "$exit_code" == "0" ]; then 79 | echo -e "${LIGHT_GREEN}All tests passed. ${NOCOLOR}" 80 | else 81 | echo -e "${RED}At least one test failed. ${NOCOLOR}" 82 | fi 83 | 84 | exit $exit_code 85 | } 86 | 87 | time main 88 | -------------------------------------------------------------------------------- /scripts/test-backup-and-restore.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | test_backup_and_restore_ops() { 4 | # Padded for pretty output 5 | suite_name="BACKUP AND RESTORE" 6 | 7 | pushd ${home} > /dev/null 8 | pushd operations/backup-and-restore > /dev/null 9 | ensure_singleton_blobstore_not_templated "skip-backup-restore-droplets.yml" 10 | ensure_singleton_blobstore_not_templated "skip-backup-restore-droplets-and-packages.yml" 11 | ensure_properties_are_in_sync "nfs" "nfsbrokerpush" 12 | ensure_properties_are_in_sync "smb" "smbbrokerpush" 13 | popd > /dev/null 14 | popd > /dev/null 15 | exit $exit_code 16 | } 17 | 18 | ensure_properties_are_in_sync() { 19 | local component=$1 20 | local jobname=$2 21 | local manifest="$(mktemp)" 22 | local operations="${home}/operations" 23 | 24 | set +e 25 | interpolate "output: ${manifest}" "-o ${operations}/enable-${component}-volume-service.yml" "-o ${operations}/backup-and-restore/enable-backup-restore.yml" "-o ${home}/operations/backup-and-restore/enable-restore-${component}-broker.yml" 26 | 27 | diff <(bosh int $manifest --path /instance_groups/name=${component}-broker-push/jobs/name=${jobname}/properties) <(bosh int $manifest --path /instance_groups/name=backup-restore/jobs/name=${jobname}/properties) 28 | exit_code=$? 29 | set -e 30 | 31 | if [ "${exit_code}" == "0" ]; then 32 | pass "${jobname} properties in enable ops file and backup-restore ops file are in sync" 33 | else 34 | fail "${jobname} properties in enable ops file and backup-restore ops file have diverged" 35 | fi 36 | 37 | rm $manifest 38 | return $exit_code 39 | } 40 | 41 | check_internal_blobstore_properties() { 42 | local expected="$1" 43 | local selective_opsfile="$2" 44 | local output; output="$(mktemp)" 45 | 46 | interpolate "output: ${output}" "-o ${home}/operations/backup-and-restore/enable-backup-restore.yml" "${selective_opsfile}" 47 | 48 | set +e 49 | directories_to_backup="$(bosh int "$output" --path /instance_groups/name=singleton-blobstore/jobs/name=blobstore/properties/select_directories_to_backup)" 50 | exit_code=$? 51 | set -e 52 | 53 | local selective_opsfile="${2:-full blobstore}" 54 | if [ "${exit_code}" == "0" ] && [ "$directories_to_backup" == "$expected" ]; then 55 | pass "${selective_opsfile#'-o '}" 56 | else 57 | fail "${selective_opsfile#'-o '}" 58 | fi 59 | rm "$output" 60 | } 61 | 62 | ensure_singleton_blobstore_not_templated() { 63 | local selective_opsfile="$1" 64 | local output; output=$(mktemp) 65 | local operations="${home}/operations" 66 | 67 | interpolate "output: ${output}" \ 68 | "-o ${operations}/use-external-blobstore.yml" \ 69 | "-o ${operations}/backup-and-restore/enable-backup-restore.yml" \ 70 | "-o ${operations}/use-s3-blobstore.yml" \ 71 | "-o ${operations}/backup-and-restore/enable-backup-restore-s3-versioned.yml" \ 72 | "-l ${operations}/example-vars-files/vars-use-s3-blobstore.yml" \ 73 | "-o ${operations}/backup-and-restore/${selective_opsfile}" 74 | 75 | set +e 76 | bosh int "$output" --path /instance_groups/name=singleton-blobstore &> /dev/null 77 | code=$? 78 | set -e 79 | 80 | if [ "${code}" != "0" ]; then 81 | exit_code=0 82 | pass "${selective_opsfile} does not render 'singleton-blobstore' instance_group" 83 | else 84 | fail "${selective_opsfile} does render 'singleton-blobstore' instance_group" 85 | fi 86 | rm "$output" 87 | } 88 | -------------------------------------------------------------------------------- /texts/on-cloud-configs.md: -------------------------------------------------------------------------------- 1 | # On Cloud Configs 2 | `cf-deployment` is developed against `bbl`. 3 | This allows us to delegate the particulars 4 | of the director's [Cloud Config][bosh-docs-cloud-config]. 5 | However, `cf-deployment` does not _require_ `bbl`. 6 | 7 | This document discusses what `cf-deployment` requires 8 | of any Cloud Config intended to work with it. 9 | The discussion here is not exhaustive, 10 | and is not under test. 11 | Nonetheless, we intend it to support 12 | those wishing to use `cf-deployment` without `bbl`. 13 | 14 | ## General Resources 15 | The [BOSH docs for Cloud Config][bosh-docs-cloud-config] 16 | are a great starting-place. 17 | You may find the CPI-specific `cloud_properties` references 18 | linked throughout to be useful. 19 | 20 | `bbl` has [fixtures][cloud-config-fixtures] 21 | for each `bbl`-supported IaaS. 22 | These can be useful examples. 23 | Anything `cf-deployment` draws from the Cloud Config 24 | will be present among these fixtures. 25 | 26 | If you're having trouble with a specific question, 27 | please feel free to join the Cloud Foundry Slack, 28 | and ask us in the `#cf-deployment` channel. 29 | 30 | We have some [example cloud configs](/iaas-support/README.md) 31 | in this repository 32 | that may be useful as a starting point. 33 | 34 | ## VM Types 35 | `cf-deployment` uses three VM types. 36 | Here are their names 37 | and approximate resources: 38 | 39 | - minimal: this is sufficient for most things. 40 | 1 vCPU and ~4 GB RAM 41 | - small: our API instances can benefit from some additional resources. 42 | 2 vCPUs and ~8 GB RAM. 43 | - small-highmem: diego cells need the memory to run apps. 44 | 4 vCPUs and ~32 GB RAM. 45 | 46 | It is important to note that all of these 47 | have a 10 GB Ephemeral disk associated by default. 48 | `cf-deployment` has encountered issues in the past 49 | when attempting to use ephemeral disks 50 | smaller than that. 51 | 52 | ## VM Extensions 53 | We use VM Extensions to manage 54 | non-default ephemeral disk sizes 55 | and `cloud_properties` related to load balancing. 56 | 57 | In particular, we generally require: 58 | - `50GB_ephemeral_disk` 59 | - `100GB_ephemeral_disk` 60 | - `cf-router-network-properties` 61 | - `cf-tcp-router-network-properties` 62 | - `diego-ssh-proxy-network-properties` 63 | 64 | While the disk extensions are straightforward, 65 | load balancing is one of the details 66 | that varies most between IaaSs, 67 | so this may be one of the trickier parts 68 | of writing your own Cloud Config. 69 | 70 | On vSphere, which lacks load balancing, 71 | you can include the LB vm extension names 72 | without any cloud properties. 73 | You'll still have to solve load balancing, 74 | but this satisfies the manifest's need 75 | for these VM extensions. 76 | 77 | ## Disk Types 78 | `cf-deployment` requires the following disk types: 79 | 80 | ``` 81 | disk_types: 82 | - disk_size: 5120 83 | name: 5GB 84 | - disk_size: 10240 85 | name: 10GB 86 | - disk_size: 102400 87 | name: 100GB 88 | ``` 89 | 90 | ## Networks 91 | The network name `default` 92 | is used throughout `cf-deployment`. 93 | VMs on this network should be able to reach one another. 94 | If Cloud Foundry is expected to be able to reach the internet, 95 | this network will need some kind of NAT solution. 96 | For example: 97 | - On GCP, we assign an ephemeral external IP 98 | to each instance. 99 | - On AWS, we have a NAT box 100 | and a corresponding routing rule 101 | which sends internet-bound traffic to it. 102 | 103 | [bosh-docs-cloud-config]: https://bosh.io/docs/cloud-config.html 104 | [cloud-config-fixtures]: https://github.com/cloudfoundry/bosh-bootloader/tree/main/cloudconfig/fixtures 105 | -------------------------------------------------------------------------------- /texts/on-release-spec-files.md: -------------------------------------------------------------------------------- 1 | # On Bosh Job Specs 2 | 3 | 4 | The goal of this document is to articulate expectations 5 | -- as well as the ideas and heuristics from which we derive them -- 6 | for job specifications 7 | in the BOSH releases 8 | included in cf-deployment. 9 | 10 | Opinions about BOSH releases have been influenced by tools like BOSH and spiff, 11 | as well as by our ideals about deployment and software development. 12 | We often enforce these ideas by using opinionated tools, 13 | but we also enforce these goals by explicitly coordinating between CF teams. 14 | When new tooling -- with different opinions -- comes along, 15 | and teams grow to the point where coordination becomes difficult, 16 | teams lose alignment on what constitutes a best practice. 17 | We hope that a document like this 18 | will help to realign release authors. 19 | 20 | A lot of our existing standards were derived in a time 21 | when a single team maintained a single release 22 | that also contained tools for manifest generation. 23 | Now that we have many teams contributing to several BOSH releases, 24 | and manifest generation has been separated into this repo, 25 | it's time to update our standards, 26 | keeping in mind updates to tooling like the new BOSH CLI. 27 | 28 | - For example, the standard that **Defaults should live in the Spec** has existed for some time. 29 | We continue to maintain this expectation, with a caveat: 30 | releases that may be deployed independently of CF 31 | should have defaults in their spec 32 | that make sense for their standalone deployment. 33 | In these cases, cf-deployment should override those defaults 34 | in favor of CF-friendly values. 35 | 36 | ## Expectations 37 | This is an initial list of headings, 38 | intended to be filled in with examples 39 | and explanations 40 | as they occur to us 41 | or become necessary. 42 | 43 | ### About Defaults 44 | #### Specs Contain Appropriate Defaults for Standalone Operation 45 | #### Specs Do Not Specify Defaults for Any Credentials 46 | ### About Descriptions 47 | #### Spec Property Descriptions Include Constraints on the Value of the Property 48 | ### About Names and Paths 49 | #### New Properties Are Not Namespaced To Their Job 50 | #### New TLS Propeties Match The Credhub Data Structure For Certs 51 | ### About the Relationship of Specs to Other Things 52 | #### Job Specs Constitute Some or All of the API of a BOSH Release for Versioning Purposes 53 | -------------------------------------------------------------------------------- /texts/style-guide.md: -------------------------------------------------------------------------------- 1 | ### Editorial Style Guide 2 | Please observe the following conventions when contributing to `cf-deployment`. 3 | We are likely to revert/reject commits and PRs which don't. 4 | In general, every line of `cf-deployment.yml` should be clear, 5 | necessary for a correctly functioning default deployment, 6 | and explicable. 7 | Maximizing the legibility and minimizing the size of `cf-deployment.yml` are high priorities. 8 | Features under development and optional extensions should be added/enabled via ops files. 9 | 10 | 1. Don't use global properties. 11 | 1. To maximize the readability of properties that must be set on many jobs, 12 | create a clearly named YAML anchor at the first occurrence of the duplicate properties, 13 | then reference that anchor as necessary. 14 | 1. Duplication and the use of YAML anchors indicate properties which _should_ be provided/consumed by Releases using BOSH links, but aren't yet. 15 | 1. Don't include any property in `cf-deployment.yml` 16 | which is not necessary for every user of the default configuration. 17 | 1. Don't include any property in `cf-deployment.yml` 18 | for which a usable default exists in the spec of the job's release. 19 | 1. Don't include properties in `cf-deployment.yml` 20 | as targets for ops files. 21 | Ops files can be used to add needed properties. 22 | 1. Any nominally variable property value 23 | which can be safely hardcoded in `cf-deployment.yml` should be. 24 | Usernames, for example. 25 | 1. Any property value 26 | which isn't necessary for every user of the default configuration to specify 27 | should be exposed via ops-files, not vars. 28 | 1. Properties which must be set to reflect IaaS-sensitive contextual conditions, 29 | such as the relationship between networks and AZs, 30 | should assume GCP and be set appropriately for other IaaSs in an ops file. 31 | 1. Ops files included in the `cf-deployment` repo should not overlap. 32 | That is, they should be order-independent, and not address the same properties. 33 | If this is not possible, their order must be documented. 34 | 1. All credentials should be bosh-generatable. 35 | When adding new passwords, secrets, certs, CAs, and keys, add them to the `variables` section of the manifest. 36 | Use the existing variables as a guide for the details necessary to allow bosh to perform credential generation. 37 | When testing new credential properties, test with bosh-generated values. 38 | -------------------------------------------------------------------------------- /units/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/cf-deployment/units 2 | 3 | go 1.21 4 | 5 | require ( 6 | github.com/sergi/go-diff v1.3.1 7 | github.com/stretchr/testify v1.10.0 8 | gopkg.in/yaml.v3 v3.0.1 9 | ) 10 | 11 | require ( 12 | github.com/davecgh/go-spew v1.1.1 // indirect 13 | github.com/pmezard/go-difflib v1.0.0 // indirect 14 | ) 15 | -------------------------------------------------------------------------------- /units/go.sum: -------------------------------------------------------------------------------- 1 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 2 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 3 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 4 | github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= 5 | github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= 6 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= 7 | github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= 8 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= 9 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 10 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 11 | github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= 12 | github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= 13 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 14 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= 15 | github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= 16 | github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= 17 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 18 | gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= 19 | gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 20 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 21 | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= 22 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= 23 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 24 | -------------------------------------------------------------------------------- /units/helpers/path.go: -------------------------------------------------------------------------------- 1 | package helpers 2 | 3 | import ( 4 | "os" 5 | "path/filepath" 6 | ) 7 | 8 | func SetPath() (string, error) { 9 | wd, err := os.Getwd() 10 | if err != nil { 11 | return "", err 12 | } 13 | 14 | return filepath.Abs(filepath.Join(wd, "..", "..", "..")) 15 | } 16 | 17 | func findFiles(cfDeploymentHome, operationsSubDir string) ([]string, error) { 18 | searchPath := filepath.Join(cfDeploymentHome, operationsSubDir, "*.yml") 19 | filePaths, err := filepath.Glob(searchPath) 20 | if err != nil { 21 | return nil, err 22 | } 23 | 24 | var fileNames []string 25 | for _, filePath := range filePaths { 26 | fileNames = append(fileNames, filepath.Base(filePath)) 27 | } 28 | 29 | return fileNames, nil 30 | } 31 | -------------------------------------------------------------------------------- /units/test: -------------------------------------------------------------------------------- 1 | #!/bin/bash -eu 2 | 3 | function suites() { 4 | local suites 5 | suites=" 6 | ./tests/addons_test 7 | ./tests/backup_and_restore_test 8 | ./tests/experimental_test 9 | ./tests/iaas_test 10 | ./tests/inline_test 11 | ./tests/standard_test 12 | ./tests/test_test 13 | ./tests/semantic_test 14 | " 15 | 16 | echo "${suites}" 17 | } 18 | 19 | pushd "$(dirname "$0")" > /dev/null 20 | if [ ! -f "test-vars-store.yml" ]; then 21 | echo "Generating vars-store..." 22 | bosh interpolate ../cf-deployment.yml --vars-store test-vars-store.yml > /dev/null 23 | fi 24 | 25 | echo "Starting unit tests..." 26 | go test "$@" $(suites) 27 | popd > /dev/null 28 | -------------------------------------------------------------------------------- /units/tests/addons_test/operations.yml: -------------------------------------------------------------------------------- 1 | --- 2 | add-system-metrics-agent.yml: {} 3 | add-system-metrics-agent-windows2019.yml: 4 | ops: 5 | - ../windows2019-cell.yml 6 | - add-system-metrics-agent.yml 7 | - add-system-metrics-agent-windows2019.yml 8 | component-syslog-custom-ca.yml: 9 | ops: 10 | - enable-component-syslog.yml 11 | - component-syslog-custom-ca.yml 12 | varsfiles: 13 | - example-vars-files/vars-enable-component-syslog.yml 14 | enable-component-syslog.yml: 15 | varsfiles: 16 | - example-vars-files/vars-enable-component-syslog.yml 17 | -------------------------------------------------------------------------------- /units/tests/addons_test/operations_test.go: -------------------------------------------------------------------------------- 1 | package addons_test 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/cf-deployment/units/helpers" 7 | ) 8 | 9 | const testDirectory = "operations/addons" 10 | 11 | func TestAddons(t *testing.T) { 12 | cfDeploymentHome, err := helpers.SetPath() 13 | if err != nil { 14 | t.Fatalf("setup: %v", err) 15 | } 16 | 17 | suite := helpers.NewSuiteTest(cfDeploymentHome, testDirectory) 18 | suite.LoadTestOperationsYaml(t) 19 | suite.EnsureTestCoverage(t) 20 | suite.ReadmeTest(t) 21 | suite.InterpolateTest(t) 22 | } 23 | -------------------------------------------------------------------------------- /units/tests/backup_and_restore_test/operations_test.go: -------------------------------------------------------------------------------- 1 | package backupandrestore_test 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/cf-deployment/units/helpers" 7 | ) 8 | 9 | const testDirectory = "operations/backup-and-restore" 10 | 11 | func TestBackupAndRestore(t *testing.T) { 12 | cfDeploymentHome, err := helpers.SetPath() 13 | if err != nil { 14 | t.Fatalf("setup: %v", err) 15 | } 16 | 17 | suite := helpers.NewSuiteTest(cfDeploymentHome, testDirectory) 18 | suite.LoadTestOperationsYaml(t) 19 | suite.EnsureTestCoverage(t) 20 | suite.ReadmeTest(t) 21 | suite.InterpolateTest(t) 22 | } 23 | -------------------------------------------------------------------------------- /units/tests/experimental_test/operations.yml: -------------------------------------------------------------------------------- 1 | --- 2 | add-cflinuxfs4.yml: {} 3 | add-metric-store.yml: {} 4 | add-otel-collector-windows.yml: 5 | ops: 6 | - ../windows2019-cell.yml 7 | - add-otel-collector.yml 8 | varsfiles: 9 | - example-vars-files/vars-override-otel-collector-exporters.yml 10 | add-otel-collector.yml: 11 | varsfiles: 12 | - example-vars-files/vars-override-otel-collector-exporters.yml 13 | add-system-metrics-agent-windows2019.yml: 14 | ops: 15 | - ../windows2019-cell.yml 16 | - add-system-metrics-agent.yml 17 | - add-system-metrics-agent-windows2019.yml 18 | add-system-metrics-agent.yml: {} 19 | colocate-smoke-tests-on-cc-worker.yml: {} 20 | disable-cf-credhub.yml: {} 21 | disable-interpolate-service-bindings.yml: {} 22 | disable-logs-in-firehose.yml: {} 23 | disable-logs-in-firehose-windows2019.yml: 24 | ops: 25 | - ../windows2019-cell.yml 26 | disable-v2-api.yml: {} 27 | enable-app-log-rate-limiting.yml: 28 | vars: 29 | - app_log_rate_limit=100 30 | enable-app-log-rate-limiting-windows2019.yml: 31 | ops: 32 | - ../windows2019-cell.yml 33 | vars: 34 | - app_log_rate_limit=100 35 | enable-bpm-garden.yml: {} 36 | enable-containerd-for-processes.yml: {} 37 | enable-cpu-throttling.yml: {} 38 | enable-direct-io-grootfs.yml: {} 39 | enable-iptables-logger.yml: {} 40 | enable-nginx-routing-integrity-windows2019.yml: 41 | ops: 42 | - ../windows2019-cell.yml 43 | - enable-nginx-routing-integrity-windows2019.yml 44 | enable-oci-phase-1.yml: {} 45 | enable-shadow-user-creation-by-org-managers.yml: {} 46 | enable-tls-cloud-controller-postgres.yml: 47 | ops: 48 | - ../use-postgres.yml 49 | - enable-tls-cloud-controller-postgres.yml 50 | enable-traffic-to-internal-networks.yml: {} 51 | fast-deploy-with-downtime-and-danger.yml: {} 52 | infrastructure-metrics.yml: {} 53 | rootless-containers.yml: {} 54 | set-cflinuxfs4-default-stack.yml: 55 | ops: 56 | - ./add-cflinuxfs4.yml 57 | set-cpu-weight-windows2019.yml: 58 | ops: 59 | - ../windows2019-cell.yml 60 | set-cpu-weight.yml: {} 61 | use-compiled-releases-windows.yml: 62 | ops: 63 | - ../use-compiled-releases.yml 64 | - ../windows2019-cell.yml 65 | - use-compiled-releases-windows.yml 66 | use-create-swap-delete-vm-strategy.yml: {} 67 | use-native-garden-runc-runner.yml: {} 68 | use-trusted-ca-cert-for-apps-cflinuxfs4.yml: 69 | ops: 70 | - add-cflinuxfs4.yml 71 | varsfiles: 72 | - ../example-vars-files/vars-use-trusted-ca-cert-for-apps.yml 73 | use-mysql-version-8.0.yml: 74 | pathvalidator: 75 | path: /instance_groups/name=database/jobs/name=pxc-mysql/properties/mysql_version? 76 | expectedvalue: "8.0" 77 | disable-tls-tcp-routing-windows-stage-1-unproxied-ports.yml: 78 | ops: 79 | - ../windows2019-cell.yml 80 | - enable-nginx-routing-integrity-windows2019.yml 81 | disable-tls-tcp-routing-windows-stage-2-route-emitter.yml: 82 | ops: 83 | - ../windows2019-cell.yml 84 | - enable-nginx-routing-integrity-windows2019.yml 85 | - disable-tls-tcp-routing-windows-stage-1-unproxied-ports.yml 86 | use-noble-stemcell.yml: {} -------------------------------------------------------------------------------- /units/tests/experimental_test/operations_test.go: -------------------------------------------------------------------------------- 1 | package experimental_test 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/cf-deployment/units/helpers" 7 | ) 8 | 9 | const testDirectory = "operations/experimental" 10 | 11 | func TestExperimental(t *testing.T) { 12 | cfDeploymentHome, err := helpers.SetPath() 13 | if err != nil { 14 | t.Fatalf("setup: %v", err) 15 | } 16 | 17 | suite := helpers.NewSuiteTest(cfDeploymentHome, testDirectory) 18 | suite.LoadTestOperationsYaml(t) 19 | suite.EnsureTestCoverage(t) 20 | suite.ReadmeTest(t) 21 | suite.InterpolateTest(t) 22 | } 23 | -------------------------------------------------------------------------------- /units/tests/iaas_test/operations.yml: -------------------------------------------------------------------------------- 1 | --- 2 | add-system-domain-dns-alias.yml: 3 | vars: 4 | - system_domain=my.domain 5 | -------------------------------------------------------------------------------- /units/tests/iaas_test/operations_test.go: -------------------------------------------------------------------------------- 1 | package iaas_test 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/cf-deployment/units/helpers" 7 | ) 8 | 9 | const testDirectory = "iaas-support/softlayer" 10 | 11 | func TestIAAS(t *testing.T) { 12 | cfDeploymentHome, err := helpers.SetPath() 13 | if err != nil { 14 | t.Fatalf("setup: %v", err) 15 | } 16 | 17 | suite := helpers.NewSuiteTest(cfDeploymentHome, testDirectory) 18 | suite.LoadTestOperationsYaml(t) 19 | suite.EnsureTestCoverage(t) 20 | suite.InterpolateTest(t) 21 | } 22 | -------------------------------------------------------------------------------- /units/tests/inline_test/bits_service_webdav_inline_test.go: -------------------------------------------------------------------------------- 1 | package inline_test 2 | 3 | import ( 4 | "fmt" 5 | "io/ioutil" 6 | "os" 7 | "os/exec" 8 | "path/filepath" 9 | "strings" 10 | "testing" 11 | 12 | "github.com/sergi/go-diff/diffmatchpatch" 13 | ) 14 | 15 | func TestInline(t *testing.T) { 16 | t.Skip("Skipping until generalized") 17 | 18 | wd, err := os.Getwd() 19 | if err != nil { 20 | t.Error("get working dir:", err) 21 | } 22 | 23 | cfDeploymentHome, err := filepath.Abs(filepath.Join(wd, "..", "..")) 24 | if err != nil { 25 | t.Error("cf-deployment home setup:", err) 26 | } 27 | 28 | beforeDir, err := ioutil.TempDir("", "cf-deployment-") 29 | if err != nil { 30 | t.Error("setup: temp dir:", err) 31 | } 32 | defer os.Remove(beforeDir) 33 | 34 | err = gitSetup(beforeDir) 35 | if err != nil { 36 | t.Error("git setup:", err) 37 | } 38 | 39 | cfDeploymentManifestPath := filepath.Join(cfDeploymentHome, "cf-deployment.yml") 40 | 41 | // before inline 42 | beforeManifest, err := boshInterpolate(beforeDir, cfDeploymentManifestPath) 43 | if err != nil { 44 | t.Error("before inline manifest interpolation failed:", err) 45 | } 46 | 47 | // after inline 48 | afterManifest, err := boshInterpolate(cfDeploymentHome, cfDeploymentManifestPath) 49 | if err != nil { 50 | t.Error("after inline manifest interpolation failed:", err) 51 | } 52 | 53 | // assert that files are the same 54 | dmp := diffmatchpatch.New() 55 | beforeDiff, afterDiff, lines := dmp.DiffLinesToChars(beforeManifest, afterManifest) 56 | diffs := dmp.DiffMain(beforeDiff, afterDiff, true) 57 | lineDiffs := dmp.DiffCharsToLines(diffs, lines) 58 | 59 | var realDiffs []diffmatchpatch.Diff 60 | for _, diff := range lineDiffs { 61 | if diff.Type == diffmatchpatch.DiffEqual { 62 | continue 63 | } 64 | 65 | realDiffs = append(realDiffs, diff) 66 | } 67 | 68 | if len(realDiffs) > 0 { 69 | t.Errorf("diff mismatch: before..after\n%s", dmp.DiffPrettyText(realDiffs)) 70 | } 71 | } 72 | 73 | func gitSetup(tempDir string) error { 74 | err := runCommandInDirectory(tempDir, "git", "init") 75 | if err != nil { 76 | return err 77 | } 78 | 79 | err = runCommandInDirectory(tempDir, "git", "remote", "add", "origin", "https://github.com/cloudfoundry/cf-deployment") 80 | if err != nil { 81 | return err 82 | } 83 | 84 | err = runCommandInDirectory(tempDir, "git", "fetch", "origin", "main") 85 | if err != nil { 86 | return err 87 | } 88 | 89 | err = runCommandInDirectory(tempDir, "git", "checkout", "FETCH_HEAD", "--", "cf-deployment.yml") 90 | if err != nil { 91 | return err 92 | } 93 | 94 | return nil 95 | } 96 | 97 | func runCommandInDirectory(dir string, name string, args ...string) error { 98 | cmd := exec.Command(name, args...) 99 | cmd.Dir = dir 100 | 101 | out, err := cmd.CombinedOutput() 102 | if err != nil { 103 | return fmt.Errorf("%s failed: %s", strings.Join(cmd.Args, " "), string(out)) 104 | } 105 | 106 | return nil 107 | } 108 | 109 | func boshInterpolate(dir string, cfDeploymentManifestPath string, opsFiles ...string) (string, error) { 110 | interpolateArgs := []string{"int", cfDeploymentManifestPath} 111 | for _, ops := range opsFiles { 112 | interpolateArgs = append(interpolateArgs, "-o", filepath.Join(dir, ops)) 113 | } 114 | 115 | cmd := exec.Command("bosh", interpolateArgs...) 116 | 117 | out, err := cmd.CombinedOutput() 118 | if err != nil { 119 | return "", fmt.Errorf("bosh interpolate failed: %s", string(out)) 120 | } 121 | 122 | return string(out), nil 123 | } 124 | -------------------------------------------------------------------------------- /units/tests/standard_test/operations_test.go: -------------------------------------------------------------------------------- 1 | package standard_test 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/cf-deployment/units/helpers" 7 | ) 8 | 9 | const testDirectory = "operations" 10 | 11 | func TestStandard(t *testing.T) { 12 | cfDeploymentHome, err := helpers.SetPath() 13 | if err != nil { 14 | t.Fatalf("setup: %v", err) 15 | } 16 | 17 | suite := helpers.NewSuiteTest(cfDeploymentHome, testDirectory) 18 | suite.LoadTestOperationsYaml(t) 19 | suite.EnsureTestCoverage(t) 20 | suite.ReadmeTest(t) 21 | suite.InterpolateTest(t) 22 | } 23 | -------------------------------------------------------------------------------- /units/tests/test_test/operations.yml: -------------------------------------------------------------------------------- 1 | --- 2 | add-datadog-firehose-nozzle.yml: 3 | vars: 4 | - datadog_api_key=XYZ 5 | - datadog_metric_prefix=foo.bar 6 | - traffic_controller_external_port=8443 7 | add-oidc-provider.yml: {} 8 | use-cflinuxfs4-compat-isolation-segment-diego-cell.yml: 9 | ops: 10 | - ../add-persistent-isolation-segment-diego-cell.yml 11 | alter-ssh-proxy-redirect-uri.yml: {} 12 | enable-nfs-test-ldapserver.yml: 13 | ops: 14 | - ../enable-nfs-volume-service.yml 15 | - enable-nfs-test-server.yml 16 | - enable-nfs-test-ldapserver.yml 17 | enable-nfs-test-server.yml: {} 18 | enable-smb-test-server.yml: 19 | vars: 20 | - smb-password=FOO.PASS 21 | - smb-username=BAR.USER 22 | fips-stemcell.yml: {} 23 | scale-to-one-az-addon-parallel-cats.yml: 24 | ops: 25 | - ../scale-to-one-az.yml 26 | - scale-to-one-az-addon-parallel-cats.yml 27 | speed-up-dynamic-asgs.yml: {} 28 | set-smoke-test-timeout-scale.yml: {} 29 | -------------------------------------------------------------------------------- /units/tests/test_test/operations_test.go: -------------------------------------------------------------------------------- 1 | package test_test 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/cf-deployment/units/helpers" 7 | ) 8 | 9 | const testDirectory = "operations/test" 10 | 11 | func TestTest(t *testing.T) { 12 | cfDeploymentHome, err := helpers.SetPath() 13 | if err != nil { 14 | t.Fatalf("setup: %v", err) 15 | } 16 | 17 | suite := helpers.NewSuiteTest(cfDeploymentHome, testDirectory) 18 | suite.LoadTestOperationsYaml(t) 19 | suite.EnsureTestCoverage(t) 20 | suite.InterpolateTest(t) 21 | } 22 | -------------------------------------------------------------------------------- /units/vendor/github.com/davecgh/go-spew/LICENSE: -------------------------------------------------------------------------------- 1 | ISC License 2 | 3 | Copyright (c) 2012-2016 Dave Collins 4 | 5 | Permission to use, copy, modify, and/or distribute this software for any 6 | purpose with or without fee is hereby granted, provided that the above 7 | copyright notice and this permission notice appear in all copies. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | -------------------------------------------------------------------------------- /units/vendor/github.com/davecgh/go-spew/spew/bypasssafe.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015-2016 Dave Collins 2 | // 3 | // Permission to use, copy, modify, and distribute this software for any 4 | // purpose with or without fee is hereby granted, provided that the above 5 | // copyright notice and this permission notice appear in all copies. 6 | // 7 | // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | 15 | // NOTE: Due to the following build constraints, this file will only be compiled 16 | // when the code is running on Google App Engine, compiled by GopherJS, or 17 | // "-tags safe" is added to the go build command line. The "disableunsafe" 18 | // tag is deprecated and thus should not be used. 19 | // +build js appengine safe disableunsafe !go1.4 20 | 21 | package spew 22 | 23 | import "reflect" 24 | 25 | const ( 26 | // UnsafeDisabled is a build-time constant which specifies whether or 27 | // not access to the unsafe package is available. 28 | UnsafeDisabled = true 29 | ) 30 | 31 | // unsafeReflectValue typically converts the passed reflect.Value into a one 32 | // that bypasses the typical safety restrictions preventing access to 33 | // unaddressable and unexported data. However, doing this relies on access to 34 | // the unsafe package. This is a stub version which simply returns the passed 35 | // reflect.Value when the unsafe package is not available. 36 | func unsafeReflectValue(v reflect.Value) reflect.Value { 37 | return v 38 | } 39 | -------------------------------------------------------------------------------- /units/vendor/github.com/pmezard/go-difflib/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013, Patrick Mezard 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are 6 | met: 7 | 8 | Redistributions of source code must retain the above copyright 9 | notice, this list of conditions and the following disclaimer. 10 | Redistributions in binary form must reproduce the above copyright 11 | notice, this list of conditions and the following disclaimer in the 12 | documentation and/or other materials provided with the distribution. 13 | The names of its contributors may not be used to endorse or promote 14 | products derived from this software without specific prior written 15 | permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 18 | IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 | TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 20 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 23 | TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 24 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 25 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 26 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /units/vendor/github.com/sergi/go-diff/AUTHORS: -------------------------------------------------------------------------------- 1 | # This is the official list of go-diff authors for copyright purposes. 2 | # This file is distinct from the CONTRIBUTORS files. 3 | # See the latter for an explanation. 4 | 5 | # Names should be added to this file as 6 | # Name or Organization 7 | # The email address is not required for organizations. 8 | 9 | # Please keep the list sorted. 10 | 11 | Danny Yoo 12 | James Kolb 13 | Jonathan Amsterdam 14 | Markus Zimmermann 15 | Matt Kovars 16 | Örjan Persson 17 | Osman Masood 18 | Robert Carlsen 19 | Rory Flynn 20 | Sergi Mansilla 21 | Shatrugna Sadhu 22 | Shawn Smith 23 | Stas Maksimov 24 | Tor Arvid Lund 25 | Zac Bergquist 26 | -------------------------------------------------------------------------------- /units/vendor/github.com/sergi/go-diff/CONTRIBUTORS: -------------------------------------------------------------------------------- 1 | # This is the official list of people who can contribute 2 | # (and typically have contributed) code to the go-diff 3 | # repository. 4 | # 5 | # The AUTHORS file lists the copyright holders; this file 6 | # lists people. For example, ACME Inc. employees would be listed here 7 | # but not in AUTHORS, because ACME Inc. would hold the copyright. 8 | # 9 | # When adding J Random Contributor's name to this file, 10 | # either J's name or J's organization's name should be 11 | # added to the AUTHORS file. 12 | # 13 | # Names should be added to this file like so: 14 | # Name 15 | # 16 | # Please keep the list sorted. 17 | 18 | Danny Yoo 19 | James Kolb 20 | Jonathan Amsterdam 21 | Markus Zimmermann 22 | Matt Kovars 23 | Örjan Persson 24 | Osman Masood 25 | Robert Carlsen 26 | Rory Flynn 27 | Sergi Mansilla 28 | Shatrugna Sadhu 29 | Shawn Smith 30 | Stas Maksimov 31 | Tor Arvid Lund 32 | Zac Bergquist 33 | -------------------------------------------------------------------------------- /units/vendor/github.com/sergi/go-diff/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2012-2016 The go-diff Authors. All rights reserved. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a 4 | copy of this software and associated documentation files (the "Software"), 5 | to deal in the Software without restriction, including without limitation 6 | the rights to use, copy, modify, merge, publish, distribute, sublicense, 7 | and/or sell copies of the Software, and to permit persons to whom the 8 | Software is furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included 11 | in all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 14 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 18 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 19 | DEALINGS IN THE SOFTWARE. 20 | 21 | -------------------------------------------------------------------------------- /units/vendor/github.com/sergi/go-diff/diffmatchpatch/diffmatchpatch.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2012-2016 The go-diff authors. All rights reserved. 2 | // https://github.com/sergi/go-diff 3 | // See the included LICENSE file for license details. 4 | // 5 | // go-diff is a Go implementation of Google's Diff, Match, and Patch library 6 | // Original library is Copyright (c) 2006 Google Inc. 7 | // http://code.google.com/p/google-diff-match-patch/ 8 | 9 | // Package diffmatchpatch offers robust algorithms to perform the operations required for synchronizing plain text. 10 | package diffmatchpatch 11 | 12 | import ( 13 | "time" 14 | ) 15 | 16 | // DiffMatchPatch holds the configuration for diff-match-patch operations. 17 | type DiffMatchPatch struct { 18 | // Number of seconds to map a diff before giving up (0 for infinity). 19 | DiffTimeout time.Duration 20 | // Cost of an empty edit operation in terms of edit characters. 21 | DiffEditCost int 22 | // How far to search for a match (0 = exact location, 1000+ = broad match). A match this many characters away from the expected location will add 1.0 to the score (0.0 is a perfect match). 23 | MatchDistance int 24 | // When deleting a large block of text (over ~64 characters), how close do the contents have to be to match the expected contents. (0.0 = perfection, 1.0 = very loose). Note that MatchThreshold controls how closely the end points of a delete need to match. 25 | PatchDeleteThreshold float64 26 | // Chunk size for context length. 27 | PatchMargin int 28 | // The number of bits in an int. 29 | MatchMaxBits int 30 | // At what point is no match declared (0.0 = perfection, 1.0 = very loose). 31 | MatchThreshold float64 32 | } 33 | 34 | // New creates a new DiffMatchPatch object with default parameters. 35 | func New() *DiffMatchPatch { 36 | // Defaults. 37 | return &DiffMatchPatch{ 38 | DiffTimeout: time.Second, 39 | DiffEditCost: 4, 40 | MatchThreshold: 0.5, 41 | MatchDistance: 1000, 42 | PatchDeleteThreshold: 0.5, 43 | PatchMargin: 4, 44 | MatchMaxBits: 32, 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /units/vendor/github.com/sergi/go-diff/diffmatchpatch/mathutil.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2012-2016 The go-diff authors. All rights reserved. 2 | // https://github.com/sergi/go-diff 3 | // See the included LICENSE file for license details. 4 | // 5 | // go-diff is a Go implementation of Google's Diff, Match, and Patch library 6 | // Original library is Copyright (c) 2006 Google Inc. 7 | // http://code.google.com/p/google-diff-match-patch/ 8 | 9 | package diffmatchpatch 10 | 11 | func min(x, y int) int { 12 | if x < y { 13 | return x 14 | } 15 | return y 16 | } 17 | 18 | func max(x, y int) int { 19 | if x > y { 20 | return x 21 | } 22 | return y 23 | } 24 | -------------------------------------------------------------------------------- /units/vendor/github.com/sergi/go-diff/diffmatchpatch/operation_string.go: -------------------------------------------------------------------------------- 1 | // Code generated by "stringer -type=Operation -trimprefix=Diff"; DO NOT EDIT. 2 | 3 | package diffmatchpatch 4 | 5 | import "fmt" 6 | 7 | const _Operation_name = "DeleteEqualInsert" 8 | 9 | var _Operation_index = [...]uint8{0, 6, 11, 17} 10 | 11 | func (i Operation) String() string { 12 | i -= -1 13 | if i < 0 || i >= Operation(len(_Operation_index)-1) { 14 | return fmt.Sprintf("Operation(%d)", i+-1) 15 | } 16 | return _Operation_name[_Operation_index[i]:_Operation_index[i+1]] 17 | } 18 | -------------------------------------------------------------------------------- /units/vendor/github.com/sergi/go-diff/diffmatchpatch/stringutil.go: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2012-2016 The go-diff authors. All rights reserved. 2 | // https://github.com/sergi/go-diff 3 | // See the included LICENSE file for license details. 4 | // 5 | // go-diff is a Go implementation of Google's Diff, Match, and Patch library 6 | // Original library is Copyright (c) 2006 Google Inc. 7 | // http://code.google.com/p/google-diff-match-patch/ 8 | 9 | package diffmatchpatch 10 | 11 | import ( 12 | "strconv" 13 | "strings" 14 | "unicode/utf8" 15 | ) 16 | 17 | // unescaper unescapes selected chars for compatibility with JavaScript's encodeURI. 18 | // In speed critical applications this could be dropped since the receiving application will certainly decode these fine. Note that this function is case-sensitive. Thus "%3F" would not be unescaped. But this is ok because it is only called with the output of HttpUtility.UrlEncode which returns lowercase hex. Example: "%3f" -> "?", "%24" -> "$", etc. 19 | var unescaper = strings.NewReplacer( 20 | "%21", "!", "%7E", "~", "%27", "'", 21 | "%28", "(", "%29", ")", "%3B", ";", 22 | "%2F", "/", "%3F", "?", "%3A", ":", 23 | "%40", "@", "%26", "&", "%3D", "=", 24 | "%2B", "+", "%24", "$", "%2C", ",", "%23", "#", "%2A", "*") 25 | 26 | // indexOf returns the first index of pattern in str, starting at str[i]. 27 | func indexOf(str string, pattern string, i int) int { 28 | if i > len(str)-1 { 29 | return -1 30 | } 31 | if i <= 0 { 32 | return strings.Index(str, pattern) 33 | } 34 | ind := strings.Index(str[i:], pattern) 35 | if ind == -1 { 36 | return -1 37 | } 38 | return ind + i 39 | } 40 | 41 | // lastIndexOf returns the last index of pattern in str, starting at str[i]. 42 | func lastIndexOf(str string, pattern string, i int) int { 43 | if i < 0 { 44 | return -1 45 | } 46 | if i >= len(str) { 47 | return strings.LastIndex(str, pattern) 48 | } 49 | _, size := utf8.DecodeRuneInString(str[i:]) 50 | return strings.LastIndex(str[:i+size], pattern) 51 | } 52 | 53 | // runesIndexOf returns the index of pattern in target, starting at target[i]. 54 | func runesIndexOf(target, pattern []rune, i int) int { 55 | if i > len(target)-1 { 56 | return -1 57 | } 58 | if i <= 0 { 59 | return runesIndex(target, pattern) 60 | } 61 | ind := runesIndex(target[i:], pattern) 62 | if ind == -1 { 63 | return -1 64 | } 65 | return ind + i 66 | } 67 | 68 | func runesEqual(r1, r2 []rune) bool { 69 | if len(r1) != len(r2) { 70 | return false 71 | } 72 | for i, c := range r1 { 73 | if c != r2[i] { 74 | return false 75 | } 76 | } 77 | return true 78 | } 79 | 80 | // runesIndex is the equivalent of strings.Index for rune slices. 81 | func runesIndex(r1, r2 []rune) int { 82 | last := len(r1) - len(r2) 83 | for i := 0; i <= last; i++ { 84 | if runesEqual(r1[i:i+len(r2)], r2) { 85 | return i 86 | } 87 | } 88 | return -1 89 | } 90 | 91 | func intArrayToString(ns []uint32) string { 92 | if len(ns) == 0 { 93 | return "" 94 | } 95 | 96 | indexSeparator := IndexSeparator[0] 97 | 98 | // Appr. 3 chars per num plus the comma. 99 | b := []byte{} 100 | for _, n := range ns { 101 | b = strconv.AppendInt(b, int64(n), 10) 102 | b = append(b, indexSeparator) 103 | } 104 | b = b[:len(b)-1] 105 | return string(b) 106 | } 107 | -------------------------------------------------------------------------------- /units/vendor/github.com/stretchr/testify/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2012-2020 Mat Ryer, Tyler Bunnell and contributors. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /units/vendor/github.com/stretchr/testify/assert/assertion_format.go.tmpl: -------------------------------------------------------------------------------- 1 | {{.CommentFormat}} 2 | func {{.DocInfo.Name}}f(t TestingT, {{.ParamsFormat}}) bool { 3 | if h, ok := t.(tHelper); ok { h.Helper() } 4 | return {{.DocInfo.Name}}(t, {{.ForwardedParamsFormat}}) 5 | } 6 | -------------------------------------------------------------------------------- /units/vendor/github.com/stretchr/testify/assert/assertion_forward.go.tmpl: -------------------------------------------------------------------------------- 1 | {{.CommentWithoutT "a"}} 2 | func (a *Assertions) {{.DocInfo.Name}}({{.Params}}) bool { 3 | if h, ok := a.t.(tHelper); ok { h.Helper() } 4 | return {{.DocInfo.Name}}(a.t, {{.ForwardedParams}}) 5 | } 6 | -------------------------------------------------------------------------------- /units/vendor/github.com/stretchr/testify/assert/assertion_order.go: -------------------------------------------------------------------------------- 1 | package assert 2 | 3 | import ( 4 | "fmt" 5 | "reflect" 6 | ) 7 | 8 | // isOrdered checks that collection contains orderable elements. 9 | func isOrdered(t TestingT, object interface{}, allowedComparesResults []compareResult, failMessage string, msgAndArgs ...interface{}) bool { 10 | objKind := reflect.TypeOf(object).Kind() 11 | if objKind != reflect.Slice && objKind != reflect.Array { 12 | return false 13 | } 14 | 15 | objValue := reflect.ValueOf(object) 16 | objLen := objValue.Len() 17 | 18 | if objLen <= 1 { 19 | return true 20 | } 21 | 22 | value := objValue.Index(0) 23 | valueInterface := value.Interface() 24 | firstValueKind := value.Kind() 25 | 26 | for i := 1; i < objLen; i++ { 27 | prevValue := value 28 | prevValueInterface := valueInterface 29 | 30 | value = objValue.Index(i) 31 | valueInterface = value.Interface() 32 | 33 | compareResult, isComparable := compare(prevValueInterface, valueInterface, firstValueKind) 34 | 35 | if !isComparable { 36 | return Fail(t, fmt.Sprintf("Can not compare type \"%s\" and \"%s\"", reflect.TypeOf(value), reflect.TypeOf(prevValue)), msgAndArgs...) 37 | } 38 | 39 | if !containsValue(allowedComparesResults, compareResult) { 40 | return Fail(t, fmt.Sprintf(failMessage, prevValue, value), msgAndArgs...) 41 | } 42 | } 43 | 44 | return true 45 | } 46 | 47 | // IsIncreasing asserts that the collection is increasing 48 | // 49 | // assert.IsIncreasing(t, []int{1, 2, 3}) 50 | // assert.IsIncreasing(t, []float{1, 2}) 51 | // assert.IsIncreasing(t, []string{"a", "b"}) 52 | func IsIncreasing(t TestingT, object interface{}, msgAndArgs ...interface{}) bool { 53 | return isOrdered(t, object, []compareResult{compareLess}, "\"%v\" is not less than \"%v\"", msgAndArgs...) 54 | } 55 | 56 | // IsNonIncreasing asserts that the collection is not increasing 57 | // 58 | // assert.IsNonIncreasing(t, []int{2, 1, 1}) 59 | // assert.IsNonIncreasing(t, []float{2, 1}) 60 | // assert.IsNonIncreasing(t, []string{"b", "a"}) 61 | func IsNonIncreasing(t TestingT, object interface{}, msgAndArgs ...interface{}) bool { 62 | return isOrdered(t, object, []compareResult{compareEqual, compareGreater}, "\"%v\" is not greater than or equal to \"%v\"", msgAndArgs...) 63 | } 64 | 65 | // IsDecreasing asserts that the collection is decreasing 66 | // 67 | // assert.IsDecreasing(t, []int{2, 1, 0}) 68 | // assert.IsDecreasing(t, []float{2, 1}) 69 | // assert.IsDecreasing(t, []string{"b", "a"}) 70 | func IsDecreasing(t TestingT, object interface{}, msgAndArgs ...interface{}) bool { 71 | return isOrdered(t, object, []compareResult{compareGreater}, "\"%v\" is not greater than \"%v\"", msgAndArgs...) 72 | } 73 | 74 | // IsNonDecreasing asserts that the collection is not decreasing 75 | // 76 | // assert.IsNonDecreasing(t, []int{1, 1, 2}) 77 | // assert.IsNonDecreasing(t, []float{1, 2}) 78 | // assert.IsNonDecreasing(t, []string{"a", "b"}) 79 | func IsNonDecreasing(t TestingT, object interface{}, msgAndArgs ...interface{}) bool { 80 | return isOrdered(t, object, []compareResult{compareLess, compareEqual}, "\"%v\" is not less than or equal to \"%v\"", msgAndArgs...) 81 | } 82 | -------------------------------------------------------------------------------- /units/vendor/github.com/stretchr/testify/assert/doc.go: -------------------------------------------------------------------------------- 1 | // Package assert provides a set of comprehensive testing tools for use with the normal Go testing system. 2 | // 3 | // # Example Usage 4 | // 5 | // The following is a complete example using assert in a standard test function: 6 | // 7 | // import ( 8 | // "testing" 9 | // "github.com/stretchr/testify/assert" 10 | // ) 11 | // 12 | // func TestSomething(t *testing.T) { 13 | // 14 | // var a string = "Hello" 15 | // var b string = "Hello" 16 | // 17 | // assert.Equal(t, a, b, "The two words should be the same.") 18 | // 19 | // } 20 | // 21 | // if you assert many times, use the format below: 22 | // 23 | // import ( 24 | // "testing" 25 | // "github.com/stretchr/testify/assert" 26 | // ) 27 | // 28 | // func TestSomething(t *testing.T) { 29 | // assert := assert.New(t) 30 | // 31 | // var a string = "Hello" 32 | // var b string = "Hello" 33 | // 34 | // assert.Equal(a, b, "The two words should be the same.") 35 | // } 36 | // 37 | // # Assertions 38 | // 39 | // Assertions allow you to easily write test code, and are global funcs in the `assert` package. 40 | // All assertion functions take, as the first argument, the `*testing.T` object provided by the 41 | // testing framework. This allows the assertion funcs to write the failings and other details to 42 | // the correct place. 43 | // 44 | // Every assertion function also takes an optional string message as the final argument, 45 | // allowing custom error messages to be appended to the message the assertion method outputs. 46 | package assert 47 | -------------------------------------------------------------------------------- /units/vendor/github.com/stretchr/testify/assert/errors.go: -------------------------------------------------------------------------------- 1 | package assert 2 | 3 | import ( 4 | "errors" 5 | ) 6 | 7 | // AnError is an error instance useful for testing. If the code does not care 8 | // about error specifics, and only needs to return the error for example, this 9 | // error should be used to make the test code more readable. 10 | var AnError = errors.New("assert.AnError general error for testing") 11 | -------------------------------------------------------------------------------- /units/vendor/github.com/stretchr/testify/assert/forward_assertions.go: -------------------------------------------------------------------------------- 1 | package assert 2 | 3 | // Assertions provides assertion methods around the 4 | // TestingT interface. 5 | type Assertions struct { 6 | t TestingT 7 | } 8 | 9 | // New makes a new Assertions object for the specified TestingT. 10 | func New(t TestingT) *Assertions { 11 | return &Assertions{ 12 | t: t, 13 | } 14 | } 15 | 16 | //go:generate sh -c "cd ../_codegen && go build && cd - && ../_codegen/_codegen -output-package=assert -template=assertion_forward.go.tmpl -include-format-funcs" 17 | -------------------------------------------------------------------------------- /units/vendor/github.com/stretchr/testify/assert/yaml/yaml_custom.go: -------------------------------------------------------------------------------- 1 | //go:build testify_yaml_custom && !testify_yaml_fail && !testify_yaml_default 2 | // +build testify_yaml_custom,!testify_yaml_fail,!testify_yaml_default 3 | 4 | // Package yaml is an implementation of YAML functions that calls a pluggable implementation. 5 | // 6 | // This implementation is selected with the testify_yaml_custom build tag. 7 | // 8 | // go test -tags testify_yaml_custom 9 | // 10 | // This implementation can be used at build time to replace the default implementation 11 | // to avoid linking with [gopkg.in/yaml.v3]. 12 | // 13 | // In your test package: 14 | // 15 | // import assertYaml "github.com/stretchr/testify/assert/yaml" 16 | // 17 | // func init() { 18 | // assertYaml.Unmarshal = func (in []byte, out interface{}) error { 19 | // // ... 20 | // return nil 21 | // } 22 | // } 23 | package yaml 24 | 25 | var Unmarshal func(in []byte, out interface{}) error 26 | -------------------------------------------------------------------------------- /units/vendor/github.com/stretchr/testify/assert/yaml/yaml_default.go: -------------------------------------------------------------------------------- 1 | //go:build !testify_yaml_fail && !testify_yaml_custom 2 | // +build !testify_yaml_fail,!testify_yaml_custom 3 | 4 | // Package yaml is just an indirection to handle YAML deserialization. 5 | // 6 | // This package is just an indirection that allows the builder to override the 7 | // indirection with an alternative implementation of this package that uses 8 | // another implementation of YAML deserialization. This allows to not either not 9 | // use YAML deserialization at all, or to use another implementation than 10 | // [gopkg.in/yaml.v3] (for example for license compatibility reasons, see [PR #1120]). 11 | // 12 | // Alternative implementations are selected using build tags: 13 | // 14 | // - testify_yaml_fail: [Unmarshal] always fails with an error 15 | // - testify_yaml_custom: [Unmarshal] is a variable. Caller must initialize it 16 | // before calling any of [github.com/stretchr/testify/assert.YAMLEq] or 17 | // [github.com/stretchr/testify/assert.YAMLEqf]. 18 | // 19 | // Usage: 20 | // 21 | // go test -tags testify_yaml_fail 22 | // 23 | // You can check with "go list" which implementation is linked: 24 | // 25 | // go list -f '{{.Imports}}' github.com/stretchr/testify/assert/yaml 26 | // go list -tags testify_yaml_fail -f '{{.Imports}}' github.com/stretchr/testify/assert/yaml 27 | // go list -tags testify_yaml_custom -f '{{.Imports}}' github.com/stretchr/testify/assert/yaml 28 | // 29 | // [PR #1120]: https://github.com/stretchr/testify/pull/1120 30 | package yaml 31 | 32 | import goyaml "gopkg.in/yaml.v3" 33 | 34 | // Unmarshal is just a wrapper of [gopkg.in/yaml.v3.Unmarshal]. 35 | func Unmarshal(in []byte, out interface{}) error { 36 | return goyaml.Unmarshal(in, out) 37 | } 38 | -------------------------------------------------------------------------------- /units/vendor/github.com/stretchr/testify/assert/yaml/yaml_fail.go: -------------------------------------------------------------------------------- 1 | //go:build testify_yaml_fail && !testify_yaml_custom && !testify_yaml_default 2 | // +build testify_yaml_fail,!testify_yaml_custom,!testify_yaml_default 3 | 4 | // Package yaml is an implementation of YAML functions that always fail. 5 | // 6 | // This implementation can be used at build time to replace the default implementation 7 | // to avoid linking with [gopkg.in/yaml.v3]: 8 | // 9 | // go test -tags testify_yaml_fail 10 | package yaml 11 | 12 | import "errors" 13 | 14 | var errNotImplemented = errors.New("YAML functions are not available (see https://pkg.go.dev/github.com/stretchr/testify/assert/yaml)") 15 | 16 | func Unmarshal([]byte, interface{}) error { 17 | return errNotImplemented 18 | } 19 | -------------------------------------------------------------------------------- /units/vendor/gopkg.in/yaml.v3/LICENSE: -------------------------------------------------------------------------------- 1 | 2 | This project is covered by two different licenses: MIT and Apache. 3 | 4 | #### MIT License #### 5 | 6 | The following files were ported to Go from C files of libyaml, and thus 7 | are still covered by their original MIT license, with the additional 8 | copyright staring in 2011 when the project was ported over: 9 | 10 | apic.go emitterc.go parserc.go readerc.go scannerc.go 11 | writerc.go yamlh.go yamlprivateh.go 12 | 13 | Copyright (c) 2006-2010 Kirill Simonov 14 | Copyright (c) 2006-2011 Kirill Simonov 15 | 16 | Permission is hereby granted, free of charge, to any person obtaining a copy of 17 | this software and associated documentation files (the "Software"), to deal in 18 | the Software without restriction, including without limitation the rights to 19 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 20 | of the Software, and to permit persons to whom the Software is furnished to do 21 | so, subject to the following conditions: 22 | 23 | The above copyright notice and this permission notice shall be included in all 24 | copies or substantial portions of the Software. 25 | 26 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 27 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 28 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 29 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 30 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 31 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 32 | SOFTWARE. 33 | 34 | ### Apache License ### 35 | 36 | All the remaining project files are covered by the Apache license: 37 | 38 | Copyright (c) 2011-2019 Canonical Ltd 39 | 40 | Licensed under the Apache License, Version 2.0 (the "License"); 41 | you may not use this file except in compliance with the License. 42 | You may obtain a copy of the License at 43 | 44 | http://www.apache.org/licenses/LICENSE-2.0 45 | 46 | Unless required by applicable law or agreed to in writing, software 47 | distributed under the License is distributed on an "AS IS" BASIS, 48 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 49 | See the License for the specific language governing permissions and 50 | limitations under the License. 51 | -------------------------------------------------------------------------------- /units/vendor/gopkg.in/yaml.v3/NOTICE: -------------------------------------------------------------------------------- 1 | Copyright 2011-2016 Canonical Ltd. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /units/vendor/gopkg.in/yaml.v3/writerc.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (c) 2011-2019 Canonical Ltd 3 | // Copyright (c) 2006-2010 Kirill Simonov 4 | // 5 | // Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | // this software and associated documentation files (the "Software"), to deal in 7 | // the Software without restriction, including without limitation the rights to 8 | // use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 9 | // of the Software, and to permit persons to whom the Software is furnished to do 10 | // so, subject to the following conditions: 11 | // 12 | // The above copyright notice and this permission notice shall be included in all 13 | // copies or substantial portions of the Software. 14 | // 15 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | // SOFTWARE. 22 | 23 | package yaml 24 | 25 | // Set the writer error and return false. 26 | func yaml_emitter_set_writer_error(emitter *yaml_emitter_t, problem string) bool { 27 | emitter.error = yaml_WRITER_ERROR 28 | emitter.problem = problem 29 | return false 30 | } 31 | 32 | // Flush the output buffer. 33 | func yaml_emitter_flush(emitter *yaml_emitter_t) bool { 34 | if emitter.write_handler == nil { 35 | panic("write handler not set") 36 | } 37 | 38 | // Check if the buffer is empty. 39 | if emitter.buffer_pos == 0 { 40 | return true 41 | } 42 | 43 | if err := emitter.write_handler(emitter, emitter.buffer[:emitter.buffer_pos]); err != nil { 44 | return yaml_emitter_set_writer_error(emitter, "write error: "+err.Error()) 45 | } 46 | emitter.buffer_pos = 0 47 | return true 48 | } 49 | -------------------------------------------------------------------------------- /units/vendor/modules.txt: -------------------------------------------------------------------------------- 1 | # github.com/davecgh/go-spew v1.1.1 2 | ## explicit 3 | github.com/davecgh/go-spew/spew 4 | # github.com/pmezard/go-difflib v1.0.0 5 | ## explicit 6 | github.com/pmezard/go-difflib/difflib 7 | # github.com/sergi/go-diff v1.3.1 8 | ## explicit; go 1.12 9 | github.com/sergi/go-diff/diffmatchpatch 10 | # github.com/stretchr/testify v1.10.0 11 | ## explicit; go 1.17 12 | github.com/stretchr/testify/assert 13 | github.com/stretchr/testify/assert/yaml 14 | # gopkg.in/yaml.v3 v3.0.1 15 | ## explicit 16 | gopkg.in/yaml.v3 17 | --------------------------------------------------------------------------------