├── .gitignore ├── CONDUCT.md ├── CONTRIBUTING.md ├── HISTORY ├── LICENSE ├── MANUAL.md ├── README.md ├── cf-deployment ├── LICENSE ├── README.md ├── cf-deployment.yml ├── iaas-support │ ├── README.md │ ├── alicloud │ │ ├── README.md │ │ ├── cloud-config-vars.yml │ │ ├── cloud-config.yml │ │ ├── download-releases.sh │ │ ├── stemcells.yml │ │ └── upload-releases.sh │ ├── bosh-lite │ │ ├── README.md │ │ └── cloud-config.yml │ ├── cf-testing-for-new-iaas.md │ ├── openstack │ │ ├── README.md │ │ ├── cloud-config-vars.yml │ │ ├── cloud-config.yml │ │ └── flavors.yml │ ├── softlayer │ │ ├── README.md │ │ └── add-system-domain-dns-alias.yml │ └── vsphere │ │ ├── README.md │ │ ├── cloud-config-vars.yml │ │ └── cloud-config.yml └── operations │ ├── README.md │ ├── add-persistent-isolation-segment-diego-cell.yml │ ├── add-persistent-isolation-segment-router.yml │ ├── addons │ ├── README.md │ ├── add-system-metrics-agent-windows2019.yml │ ├── add-system-metrics-agent.yml │ ├── component-syslog-custom-ca.yml │ ├── enable-component-syslog.yml │ └── example-vars-files │ │ └── vars-enable-component-syslog.yml │ ├── aws.yml │ ├── azure.yml │ ├── backup-and-restore │ ├── README.md │ ├── enable-backup-restore-azure.yml │ ├── enable-backup-restore-gcs.yml │ ├── enable-backup-restore-s3-unversioned.yml │ ├── enable-backup-restore-s3-versioned.yml │ ├── enable-backup-restore.yml │ ├── enable-restore-azure-clone.yml │ ├── enable-restore-nfs-broker.yml │ ├── enable-restore-smb-broker.yml │ ├── example-vars-files │ │ ├── vars-enable-backup-restore-gcs.yml │ │ ├── vars-enable-backup-restore-s3-unversioned.yml │ │ └── vars-enable-restore-azure-clone.yml │ ├── skip-backup-restore-droplets-and-packages.yml │ └── skip-backup-restore-droplets.yml │ ├── bosh-lite.yml │ ├── community │ ├── README.md │ ├── change-metron-agent-deployment.yml │ └── use-haproxy.yml │ ├── configure-default-router-group.yml │ ├── disable-dynamic-asgs.yml │ ├── disable-http2.yml │ ├── disable-router-tls-termination.yml │ ├── disable-tls-tcp-routing-isolation-segment-stage-1-unproxied-ports.yml │ ├── disable-tls-tcp-routing-isolation-segment-stage-2-route-emitter.yml │ ├── disable-tls-tcp-routing-stage-1-unproxied-ports.yml │ ├── disable-tls-tcp-routing-stage-2-tcp-router-and-route-emitter.yml │ ├── enable-cc-rate-limiting.yml │ ├── enable-cc-v2-rate-limiting.yml │ ├── enable-cpu-throttling.yml │ ├── enable-nfs-ldap.yml │ ├── enable-nfs-volume-service.yml │ ├── enable-privileged-container-support.yml │ ├── enable-service-discovery.yml │ ├── enable-smb-volume-service.yml │ ├── enable-tls-on-file-server.yml │ ├── example-vars-files │ ├── vars-enable-nfs-ldap.yml │ ├── vars-override-app-domains.yml │ ├── vars-rename-deployment.yml │ ├── vars-rename-network.yml │ ├── vars-use-alicloud-oss-blobstore-to-multi-bucket.yml │ ├── vars-use-alicloud-oss-blobstore.yml │ ├── vars-use-azure-storage-blobstore.yml │ ├── vars-use-blobstore-cdn.yml │ ├── vars-use-external-blobstore.yml │ ├── vars-use-external-dbs.yml │ ├── vars-use-gcs-blobstore-access-key.yml │ ├── vars-use-gcs-blobstore-service-account.yml │ ├── vars-use-operator-provided-router-tls-certificates.yml │ ├── vars-use-s3-blobstore.yml │ ├── vars-use-swift-blobstore.yml │ └── vars-use-trusted-ca-cert-for-apps.yml │ ├── experimental │ ├── README.md │ ├── add-cflinuxfs4.yml │ ├── add-metric-store.yml │ ├── add-otel-collector-windows.yml │ ├── add-otel-collector.yml │ ├── add-system-metrics-agent-windows2019.yml │ ├── add-system-metrics-agent.yml │ ├── colocate-smoke-tests-on-cc-worker.yml │ ├── disable-cf-credhub.yml │ ├── disable-interpolate-service-bindings.yml │ ├── disable-logs-in-firehose-windows2019.yml │ ├── disable-logs-in-firehose.yml │ ├── disable-tls-tcp-routing-windows-stage-1-unproxied-ports.yml │ ├── disable-tls-tcp-routing-windows-stage-2-route-emitter.yml │ ├── disable-v2-api.yml │ ├── enable-app-log-rate-limiting-windows2019.yml │ ├── enable-app-log-rate-limiting.yml │ ├── enable-bpm-garden.yml │ ├── enable-containerd-for-processes.yml │ ├── enable-cpu-throttling.yml │ ├── enable-direct-io-grootfs.yml │ ├── enable-iptables-logger.yml │ ├── enable-nginx-routing-integrity-windows2019.yml │ ├── enable-oci-phase-1.yml │ ├── enable-tls-cloud-controller-postgres.yml │ ├── enable-traffic-to-internal-networks.yml │ ├── example-vars-files │ │ └── vars-override-otel-collector-exporters.yml │ ├── fast-deploy-with-downtime-and-danger.yml │ ├── infrastructure-metrics.yml │ ├── rootless-containers.yml │ ├── set-cflinuxfs4-default-stack.yml │ ├── set-cpu-weight-windows2019.yml │ ├── set-cpu-weight.yml │ ├── use-compiled-releases-windows.yml │ ├── use-create-swap-delete-vm-strategy.yml │ ├── use-mysql-version-8.0.yml │ ├── use-native-garden-runc-runner.yml │ └── use-trusted-ca-cert-for-apps-cflinuxfs4.yml │ ├── openstack.yml │ ├── override-app-domains.yml │ ├── rename-network-and-deployment.yml │ ├── scale-database-cluster.yml │ ├── scale-to-one-az.yml │ ├── set-bbs-active-key.yml │ ├── set-cpu-weight.yml │ ├── set-router-static-ips.yml │ ├── stop-skipping-tls-validation.yml │ ├── test │ ├── README.md │ ├── add-datadog-firehose-nozzle.yml │ ├── add-oidc-provider.yml │ ├── alter-ssh-proxy-redirect-uri.yml │ ├── enable-nfs-test-ldapserver.yml │ ├── enable-nfs-test-server.yml │ ├── enable-smb-test-server.yml │ ├── fips-stemcell.yml │ ├── scale-to-one-az-addon-parallel-cats.yml │ ├── set-smoke-test-timeout-scale.yml │ ├── speed-up-dynamic-asgs.yml │ └── use-cflinuxfs4-compat-isolation-segment-diego-cell.yml │ ├── use-absolute-cpu-entitlement-persistent-isolation-segment.yml │ ├── use-absolute-cpu-entitlement-windows2019.yml │ ├── use-absolute-cpu-entitlement.yml │ ├── use-alicloud-oss-blobstore-to-multi-bucket.yml │ ├── use-alicloud-oss-blobstore.yml │ ├── use-azure-storage-blobstore.yml │ ├── use-blobstore-cdn.yml │ ├── use-cflinuxfs4-compat.yml │ ├── use-compiled-releases.yml │ ├── use-external-blobstore.yml │ ├── use-external-dbs.yml │ ├── use-gcs-blobstore-access-key.yml │ ├── use-gcs-blobstore-service-account.yml │ ├── use-haproxy-public-network.yml │ ├── use-haproxy.yml │ ├── use-internal-lookup-for-route-services.yml │ ├── use-latest-stemcell.yml │ ├── use-latest-windows2019-stemcell.yml │ ├── use-metric-store.yml │ ├── use-offline-windows2019fs.yml │ ├── use-online-windows2019fs.yml │ ├── use-operator-provided-router-tls-certificates.yml │ ├── use-postgres.yml │ ├── use-s3-blobstore.yml │ ├── use-swift-blobstore.yml │ ├── use-trusted-ca-cert-for-apps.yml │ └── windows2019-cell.yml ├── ci ├── README.md ├── cats.yml ├── envs │ ├── ci-gcp-baseline.yml │ ├── ci-gcp-cats.yml │ ├── ci-gcp-upgrade.yml │ ├── ci-gcp.yml │ ├── ci-vsphere-baseline.yml │ ├── ci-vsphere-cats.yml │ ├── ci-vsphere-upgrade.yml │ ├── ci-vsphere.yml │ └── ci.yml ├── pipeline │ ├── base.yml │ ├── custom-jobs │ │ └── acceptance-tests.yml │ ├── custom-resources │ │ └── cats.yml │ ├── jobs │ │ ├── build-kit.yml │ │ ├── prepare.yml │ │ ├── ship-prerelease.yml │ │ ├── ship-release.yml │ │ ├── spec-check.yml │ │ ├── version-major.yml │ │ ├── version-minor.yml │ │ └── version-patch.yml │ ├── optional-jobs │ │ └── spec-tests.yml │ ├── optional-resources │ │ └── upstream-manifest.yml │ └── resources │ │ ├── build.yml │ │ ├── git-ci.yml │ │ ├── git-latest-tag.yml │ │ ├── git-main.yml │ │ ├── git.yml │ │ ├── github-prerelease.yml │ │ ├── github.yml │ │ ├── notify.yml │ │ ├── release-cache.yml │ │ ├── release-notes.yml │ │ ├── spec-check.yml │ │ └── version.yml ├── release_notes.md ├── repipe ├── scripts │ ├── build-kit │ ├── build-test-jobs │ ├── build-upstream-jobs │ ├── cats │ ├── check-sha1s │ ├── compare-release-specs │ ├── deploy │ ├── generate-release-notes │ ├── get-latest-upstream-manifest │ ├── release │ ├── release-notes │ ├── smoketests │ ├── spec-check │ ├── test-addons │ ├── test-deployment │ └── update-release ├── settings.yml ├── tasks │ ├── build-kit.yml │ ├── cats.yml │ ├── deploy-stable.yml │ ├── deploy.yml │ ├── generate-release-notes.yml │ ├── get-latest-upstream-manifest.yml │ ├── prerelease.yml │ ├── release.yml │ ├── spec-check.yml │ ├── spec-tests.yml │ ├── update-release.yml │ └── upgrade.yml ├── upstream.yml └── upstreamrepo.yml ├── devtools └── pull-upstream ├── docs ├── features │ ├── isolation-segments.md │ ├── ocfp.md │ └── stacks.md ├── iaas │ └── stackit.md ├── index.md └── operations │ ├── troubleshooting.md │ └── upgrading.md ├── hooks ├── addon ├── addon-login~li.pm ├── addon-scs ├── addon-setup-cli~sc.pm ├── addon-smoketest~tst.pm ├── addon-springcloudservices~scs.pm ├── addon-stratos ├── addon-stratos~st.pm ├── blueprint ├── blueprint.pm ├── check ├── check.pm ├── cloud-config.pm ├── features ├── features.pm ├── info ├── info.pm ├── new ├── new.pm ├── post-deploy ├── post-deploy.pm ├── pre-deploy ├── pre-deploy.pm └── support │ └── vault-credhub-mapping.yml ├── kit.yml ├── ocfp ├── aws │ ├── azs.yml │ ├── blobstore.yml │ ├── ocf.yml │ └── windows.yml ├── azure │ ├── azs.yml │ ├── ocf.yml │ └── windows.yml ├── external-blobstore.yml ├── external-db-prep.yml ├── external-db.yml ├── gcp │ ├── azs.yml │ ├── ocf.yml │ └── windows.yml ├── meta.yml ├── nfs-ldap-data.yml ├── nfs-ldap.yml ├── ocfp.yml ├── openstack │ ├── azs.yml │ ├── blobstore.yml │ ├── ocf.yml │ └── windows.yml ├── provided-router-ssl.yml ├── scale │ ├── dev.yml │ └── prod.yml ├── smb-broker.yml ├── split-network.yml ├── stackit │ ├── azs.yml │ ├── blobstore.yml │ ├── ocf.yml │ └── windows.yml ├── stratos.yml ├── trust-blacksmith-ca.yml ├── trusted-certs-cflinuxfs3.yml ├── trusted-certs-cflinuxfs4.yml ├── trusted-certs-windows.yml ├── trusted-certs.yml └── vsphere │ ├── azs.yml │ ├── ocf.yml │ └── windows.yml ├── operations ├── custom-azs.yml ├── db-override-mysql-names.yml ├── db-override-names.yml ├── db-override-postgres-names.yml ├── diego-cells-networking.yml ├── dynamic │ ├── instance_counts.yml │ └── instance_types.yml ├── migrate │ ├── cells.yml │ └── postgres.yml ├── rename-network-and-deployment.yml ├── scale-to-one-az.yml ├── scale-to-three-azs.yml ├── use-cflinuxfs3.yml └── use-external-dbs-ports.yml ├── overlay ├── addons │ ├── app-scheduler.yml │ ├── autoscaler.yml │ ├── migration-db-override-names.yml │ ├── migration-v1-nats-credentials-tls.yml │ ├── migration-v1-nats-credentials.yml │ ├── migration.yml │ ├── nfs-ldap-config.yml │ ├── nfs-ldap-tls.yml │ ├── nfs-ldap.yml │ ├── nfs-volume-service.yml │ ├── no-tcp-routers.yml │ ├── prometheus.yml │ ├── scs.yml │ ├── smb-volume-service.yml │ ├── ssh-proxy-on-routers.yml │ ├── stratos.yml │ ├── trust-blacksmith-ca-cflinuxfs3.yml │ ├── trust-blacksmith-ca.yml │ ├── uaa-admin-client.yml │ └── v1-vm-types.yml ├── azure_availability_sets.yml ├── base.yml ├── blobstore │ ├── aws-iam.yml │ ├── aws.yml │ ├── azure.yml │ ├── external.yml │ ├── meta.yml │ └── minio.yml ├── db │ ├── external-mysql.yml │ ├── external-postgres.yml │ ├── external.yml │ ├── internal-overrides.yml │ └── local-mysql-db.yml ├── dynamic-templates │ ├── isolation-segment-additional-trusted-certs-cflinuxfs3.yml │ ├── isolation-segment-additional-trusted-certs.yml │ ├── isolation-segment-cflinuxfs3.yml │ ├── isolation-segment-dns-sd.yml │ ├── isolation-segment-network.yml │ ├── isolation-segment-nfs-ldap-config.yml │ ├── isolation-segment-nfs-ldap-ocfp.yml │ ├── isolation-segment-nfs-ldap-tls.yml │ ├── isolation-segment-nfs-ldap.yml │ ├── isolation-segment-nfs.yml │ ├── isolation-segment-ocfp-trusted-certs.yml │ ├── isolation-segment-smb.yml │ └── isolation-segment.yml ├── dynamic │ └── .keep ├── enable-service-discovery.yml ├── identity.yml ├── override-app-domains.yml ├── override-releases │ ├── compiled-windows.yml │ ├── compiled.yml │ ├── static-windows.yml │ └── static.yml ├── routing │ ├── haproxy-provided-cert.yml │ ├── haproxy-public-network.yml │ ├── haproxy-small-footprint.yml │ ├── haproxy-tls.yml │ └── haproxy.yml ├── ten-year-ca-expiry.yml ├── uaa-branding.yml ├── upstream_version.yml └── windows.yml └── spec ├── cloud_configs ├── aws.yml └── azure.yml ├── credhub ├── app-autoscaler-integration.yml ├── availability-zones.yml ├── azure.yml ├── bare.yml ├── blobstore-aws.yml ├── blobstore-azure.yml ├── blobstore-gcp.yml ├── blobstore-minio.yml ├── compiled-releases.yml ├── compiled-windows-releases.yml ├── container-routing-integrity.yml ├── dns-service-discovery.yml ├── haproxy-self-signed.yml ├── haproxy-tls.yml ├── haproxy.yml ├── isolation-segments-extended.yml ├── isolation-segments.yml ├── loggregator-forwarder-agent.yml ├── mysql-db.yml ├── native-garden-runc.yml ├── no-tcp-routers.yml ├── override-vm-types-and-counts-old-names.yml ├── override-vm-types-and-counts.yml ├── postgres-db.yml ├── router-synergy.yml ├── routing-api.yml ├── small-footprint.yml ├── upgrade-from-v1-with-db-override-names.yml ├── upgraded-from-v1-with-204-overrides.yml ├── upgraded-from-v1.yml ├── upgrading-to-v2-with-204-overrides.yml ├── upgrading-to-v2.yml └── windows-and-smb-support.yml ├── credhub_variables ├── aws.yml ├── azure.yml ├── gcp.yml ├── haproxy-tls.yml ├── isolation-segments-addl-certs.yml └── isolation-segments-nfs.yml ├── deployments ├── app-autoscaler-integration.yml ├── availability-zones.yml ├── azure.yml ├── bare.yml ├── blobstore-aws.yml ├── blobstore-azure.yml ├── blobstore-gcp.yml ├── blobstore-minio.yml ├── compiled-releases.yml ├── compiled-windows-releases.yml ├── container-routing-integrity.yml ├── dns-service-discovery.yml ├── haproxy-self-signed.yml ├── haproxy-tls.yml ├── haproxy.yml ├── isolation-segments-extended.yml ├── isolation-segments.yml ├── loggregator-forwarder-agent.yml ├── mysql-db.yml ├── native-garden-runc.yml ├── nfs-volume-services.yml ├── no-tcp-routers.yml ├── override-vm-types-and-counts-old-names.yml ├── override-vm-types-and-counts.yml ├── postgres-db.yml ├── router-synergy.yml ├── routing-api.yml ├── small-footprint.yml ├── upgrade-from-v1-with-db-override-names.yml ├── upgraded-from-v1-with-204-overrides.yml ├── upgraded-from-v1.yml ├── upgrading-to-v2-with-204-overrides.yml ├── upgrading-to-v2.yml └── windows-and-smb-support.yml ├── exodus ├── migrated.yml └── v1.yml ├── go.mod ├── go.sum ├── results ├── app-autoscaler-integration.yml ├── availability-zones.yml ├── azure.yml ├── bare.yml ├── blobstore-aws.yml ├── blobstore-azure.yml ├── blobstore-gcp.yml ├── blobstore-minio.yml ├── compiled-releases.yml ├── compiled-windows-releases.yml ├── container-routing-integrity.yml ├── dns-service-discovery.yml ├── haproxy-self-signed.yml ├── haproxy-tls.yml ├── haproxy.yml ├── isolation-segments-extended.yml ├── isolation-segments.yml ├── loggregator-forwarder-agent.yml ├── mysql-db.yml ├── native-garden-runc.yml ├── no-tcp-routers.yml ├── override-vm-types-and-counts-old-names.yml ├── override-vm-types-and-counts.yml ├── postgres-db.yml ├── router-synergy.yml ├── routing-api.yml ├── small-footprint.yml ├── upgrade-from-v1-with-db-override-names.yml ├── upgraded-from-v1-with-204-overrides.yml ├── upgraded-from-v1.yml ├── upgrading-to-v2-with-204-overrides.yml ├── upgrading-to-v2.yml └── windows-and-smb-support.yml ├── runtime_configs └── dns.yml ├── spec_suite_test.go ├── spec_test.go └── vault ├── app-autoscaler-integration.yml ├── availability-zones.yml ├── azure.yml ├── bare.yml ├── blobstore-aws.yml ├── blobstore-azure.yml ├── blobstore-gcp.yml ├── blobstore-minio.yml ├── compiled-releases.yml ├── compiled-windows-releases.yml ├── container-routing-integrity.yml ├── dns-service-discovery.yml ├── haproxy-self-signed.yml ├── haproxy-tls.yml ├── haproxy.yml ├── isolation-segments-extended.yml ├── isolation-segments.yml ├── loggregator-forwarder-agent.yml ├── mysql-db.yml ├── native-garden-runc.yml ├── nfs-volume-services.yml ├── no-tcp-routers.yml ├── override-vm-types-and-counts-old-names.yml ├── override-vm-types-and-counts.yml ├── postgres-db.yml ├── router-synergy.yml ├── routing-api.yml ├── small-footprint.yml ├── upgrade-from-v1-with-db-override-names.yml ├── upgraded-from-v1-with-204-overrides.yml ├── upgraded-from-v1.yml ├── upgraded-v1.yml ├── upgrading-to-v2-with-204-overrides.yml ├── upgrading-to-v2.yml └── windows-and-smb-support.yml /.gitignore: -------------------------------------------------------------------------------- 1 | *.tar.gz 2 | .DS_Store 3 | *.log 4 | *.bak 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | When contributing to this repository, please first discuss the 4 | change you wish to make via issue, email, or any other method with 5 | the owners of this repository before making a change. 6 | 7 | Please note we have a Code of Conduct, please follow it in all 8 | your interactions with the project. 9 | 10 | ## Pull Request Process 11 | 12 | 1. Ensure that the Kit still compiles, and can be deployed using a 13 | recent vintage of the Genesis CLI. 14 | 15 | 2. Provide the context of the discussion with the repository 16 | owners and core team members that lead to the submission of the 17 | pull request. This may be as simple as a link to an issue. 18 | 19 | 3. After review and approval, your Pull Request will be merged by 20 | a repository owner. 21 | -------------------------------------------------------------------------------- /HISTORY: -------------------------------------------------------------------------------- 1 | 2018-08-02 loosely integrate cf-deployment as of 2118b5d 2 | 2018-10-19 loosely integrate cf-deployment as of b7dc33b 3 | 2019-10-02 loosely integrate cf-deployment as of 73fba59 (v9.5.0) 4 | 2020-01-20 loosely integrate cf-deployment as of cd8dbd4 (v12.5.0) 5 | 2020-01-22 loosely integrate cf-deployment as of 40d989d (v12.20.0) 6 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2019 Stark & Wayne 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to 7 | deal in the Software without restriction, including without limitation the 8 | rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 9 | sell copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software.. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 21 | IN THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /cf-deployment/iaas-support/README.md: -------------------------------------------------------------------------------- 1 | # IaaS Support 2 | 3 | **Note:** The Release Integration team does not maintain nor validate deployments to IaaSes other than GCP and AWS. 4 | Deployers to other IaaS such as those listed below (with the exception of BOSH Lite) will need to rely on the general CF community for support on IaaS-related issues. 5 | 6 | The examples in this directory 7 | are **not** under continuous test, 8 | and may not be up to date. 9 | 10 | They are intended to be a useful starting place. 11 | For more information about 12 | cf-deployment's use of cloud configs, 13 | please see [On Cloud Configs](../texts/on-cloud-configs.md). 14 | 15 | The examples are variablized. 16 | You may be able to use them unmodified 17 | (beyond filling in the appropriate vars) 18 | with `bosh update-cloud-config /cloud-config.yml -l /cloud-config-vars.yml`. 19 | 20 | ## IaaS Details 21 | 22 | See the READMEs for each IaaS: 23 | 24 | - [bosh-lite](bosh-lite/README.md) 25 | - [openstack](openstack/README.md) 26 | - [vsphere](vsphere/README.md) 27 | - [softlayer](softlayer/README.md) 28 | - [alicloud](alicloud/README.md) 29 | -------------------------------------------------------------------------------- /cf-deployment/iaas-support/alicloud/cloud-config-vars.yml: -------------------------------------------------------------------------------- 1 | az1_zone: 2 | az1_vswitch_range: 3 | az1_vswitch_gateway: 4 | az1_vswitch_id: 5 | 6 | az2_zone: 7 | az2_vswitch_range: 8 | az2_vswitch_gateway: 9 | az2_vswitch_id: 10 | 11 | az3_zone: 12 | az3_vswitch_range: 13 | az3_vswitch_gateway: 14 | az3_vswitch_id: 15 | 16 | security_group_id_1: 17 | security_group_id_2: 18 | security_group_id_3: 19 | 20 | http_slb_id_array: [] 21 | tcp_slb_id_array: [] 22 | -------------------------------------------------------------------------------- /cf-deployment/iaas-support/alicloud/stemcells.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Light Stemcells 3 | - type: replace 4 | path: /stemcells/alias=default/version? 5 | value: 1018 6 | -------------------------------------------------------------------------------- /cf-deployment/iaas-support/alicloud/upload-releases.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | #========= 4 | # $1 release local directory. Default to $(pwd) 5 | # $2 bosh director name 6 | #========= 7 | 8 | # upload cf release 9 | RELEASES_ON_LOCAL=$1 10 | if [[ $RELEASES_ON_LOCAL == "" ]]; then 11 | RELEASES_ON_LOCAL=$(pwd) 12 | elif [[ $RELEASES_ON_LOCAL == */ ]]; then 13 | tmp = $RELEASES_ON_LOCAL 14 | RELEASES_ON_LOCAL= ${tmp%?} 15 | fi 16 | 17 | for file_r in ${RELEASES_ON_LOCAL}/*; do 18 | temp_file=`basename $file_r` 19 | if [[ $temp_file == *.tgz ]]; then 20 | if [[ $2 == "" ]]; then 21 | bosh upload-release ${RELEASES_ON_LOCAL}/$temp_file 22 | else 23 | bosh -e $2 upload-release ${RELEASES_ON_LOCAL}/$temp_file 24 | fi 25 | fi 26 | done 27 | -------------------------------------------------------------------------------- /cf-deployment/iaas-support/bosh-lite/cloud-config.yml: -------------------------------------------------------------------------------- 1 | azs: 2 | - name: z1 3 | - name: z2 4 | - name: z3 5 | compilation: 6 | az: z1 7 | network: default 8 | reuse_compilation_vms: true 9 | vm_type: minimal 10 | workers: 6 11 | disk_types: 12 | - disk_size: 1024 13 | name: 1GB 14 | - disk_size: 5120 15 | name: 5GB 16 | - disk_size: 10240 17 | name: 10GB 18 | - disk_size: 100240 19 | name: 100GB 20 | # Note: the "default" disk type is not used in cf-deployment. 21 | # it is included for compatibility with the bosh-deployment 22 | # cloud-config. 23 | - disk_size: 1024 24 | name: default 25 | networks: 26 | - name: default 27 | subnets: 28 | - azs: [z1, z2, z3] 29 | cloud_properties: 30 | name: random 31 | gateway: 10.244.0.1 32 | range: 10.244.0.0/20 33 | reserved: 34 | - 10.244.0.1 35 | static: 36 | - 10.244.0.2 - 10.244.0.127 37 | - 10.244.1.0 - 10.244.1.127 38 | - 10.244.2.0 - 10.244.2.127 39 | - 10.244.3.0 - 10.244.3.127 40 | vm_extensions: 41 | - name: 5GB_ephemeral_disk 42 | - name: 10GB_ephemeral_disk 43 | - name: 50GB_ephemeral_disk 44 | - name: 100GB_ephemeral_disk 45 | - name: 500GB_ephemeral_disk 46 | - name: 1TB_ephemeral_disk 47 | - name: ssh-proxy-and-router-lb 48 | cloud_properties: 49 | ports: 50 | - host: 80 51 | - host: 443 52 | - host: 2222 53 | - name: cf-tcp-router-network-properties 54 | cloud_properties: 55 | ports: 56 | - host: 1024-1123 57 | vm_types: 58 | - name: minimal 59 | - name: small 60 | - name: small-highmem 61 | - name: medium 62 | # Note: the "default" vm type is not used in cf-deployment. 63 | # it is included for compatibility with the bosh-deployment 64 | # cloud-config. 65 | - name: default 66 | -------------------------------------------------------------------------------- /cf-deployment/iaas-support/openstack/cloud-config-vars.yml: -------------------------------------------------------------------------------- 1 | availability_zone1: 2 | availability_zone2: 3 | availability_zone3: 4 | 5 | network_id1: 6 | network_id2: 7 | network_id3: -------------------------------------------------------------------------------- /cf-deployment/iaas-support/openstack/flavors.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: minimal 3 | ram: 3840 4 | vcpus: 1 5 | ephemeral: 10 6 | - name: small 7 | ram: 7680 8 | vcpus: 2 9 | ephemeral: 14 10 | - name: small-highmem 11 | ram: 31232 12 | vcpus: 4 13 | ephemeral: 10 14 | - name: small-50GB-ephemeral-disk 15 | ram: 7680 16 | vcpus: 2 17 | ephemeral: 50 18 | - name: small-highmem-100GB-ephemeral-disk 19 | ram: 31232 20 | vcpus: 4 21 | ephemeral: 100 22 | -------------------------------------------------------------------------------- /cf-deployment/iaas-support/softlayer/README.md: -------------------------------------------------------------------------------- 1 | # Deploy Cloud Foundry on a Softlayer Bosh-Lite Director 2 | **Note about support:** The Release Integration team does not maintain nor validate Softlayer deployments and Softlayer deployers must rely on the general CF community for support. 3 | 4 | To deploy Cloud Foundry on a Softlayer VM with a Bosh-Lite director, 5 | you will need to follow 6 | the default Bosh-Lite instructions 7 | with one addition. 8 | Because the director is public, 9 | the `system_domain` property 10 | cannot be `bosh-lite.com`. 11 | You will need to replace 12 | the `system_domain` 13 | with your own 14 | static or dynamic DNS domain 15 | (which should point to the director VM). 16 | In order to resolve the custom domain, it is required 17 | to add the Bosh DNS alias for your `system_domain`. 18 | 19 | The updated `deploy` command is the following: 20 | 21 | ``` 22 | bosh -e deploy -d cf cf-deployment/cf-deployment.yml \ 23 | -o cf-deployment/operations/bosh-lite.yml \ 24 | -o cf-deployment/iaas-support/softlayer/add-system-domain-dns-alias.yml \ 25 | -v system_domain= 26 | ``` 27 | -------------------------------------------------------------------------------- /cf-deployment/iaas-support/softlayer/add-system-domain-dns-alias.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /addons/name=bosh-dns-aliases/jobs/name=bosh-dns-aliases/properties/aliases/domain=_.((system_domain))?/targets/- 3 | value: 4 | query: 10.244.0.34 5 | -------------------------------------------------------------------------------- /cf-deployment/iaas-support/vsphere/README.md: -------------------------------------------------------------------------------- 1 | # Deploying Cloud Foundry on Vsphere 2 | **Note about support:** The Release Integration team does not maintain nor validate Vsphere deployments and Vsphere deployers must rely on the general CF community for support. 3 | 4 | In this directory, we provide an example `cloud-config.yml` for Vsphere. 5 | 6 | For more information, see the [BOSH documentation](https://bosh.io/docs/init-vsphere.html). 7 | -------------------------------------------------------------------------------- /cf-deployment/iaas-support/vsphere/cloud-config-vars.yml: -------------------------------------------------------------------------------- 1 | z1_cluster: 2 | z1_resource_pool: 3 | z1_datacenter_name: 4 | z1_network_name: 5 | z1_network_gateway: 6 | z1_network_dns_array: [] 7 | z1_network_range: 8 | z1_network_reserved_array: [] 9 | 10 | z2_cluster: 11 | z2_resource_pool: 12 | z2_datacenter_name: 13 | z2_network_name: 14 | z2_network_gateway: 15 | z2_network_dns_array: [] 16 | z2_network_range: 17 | z2_network_reserved_array: [] 18 | 19 | z3_cluster: 20 | z3_resource_pool: 21 | z3_datacenter_name: 22 | z3_network_name: 23 | z3_network_gateway: 24 | z3_network_dns_array: [] 25 | z3_network_range: 26 | z3_network_reserved_array: [] -------------------------------------------------------------------------------- /cf-deployment/operations/addons/add-system-metrics-agent-windows2019.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /addons?/name=loggr-system-metrics-agent-windows2019 3 | value: 4 | name: loggr-system-metrics-agent-windows2019 5 | include: 6 | stemcell: 7 | - os: windows2019 8 | jobs: 9 | - name: loggr-system-metrics-agent-windows 10 | release: system-metrics 11 | properties: 12 | metrics_port: 53035 13 | system_metrics: 14 | tls: 15 | ca_cert: "((system_metrics.ca))" 16 | cert: "((system_metrics.certificate))" 17 | key: "((system_metrics.private_key))" 18 | -------------------------------------------------------------------------------- /cf-deployment/operations/addons/component-syslog-custom-ca.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /addons/name=syslog_forwarder/jobs/name=syslog_forwarder/properties/syslog/ca_cert? 4 | value: ((syslog_ca_cert)) 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/addons/enable-component-syslog.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /addons?/- 3 | value: 4 | include: 5 | stemcell: 6 | - os: ubuntu-bionic 7 | - os: ubuntu-jammy 8 | jobs: 9 | - name: syslog_forwarder 10 | properties: 11 | syslog: 12 | address: ((syslog_address)) 13 | custom_rule: | 14 | ((syslog_custom_rule)) 15 | if ($programname startswith "vcap.") then stop 16 | fallback_servers: ((syslog_fallback_servers)) 17 | permitted_peer: ((syslog_permitted_peer)) 18 | port: ((syslog_port)) 19 | tls_enabled: true 20 | transport: tcp 21 | release: syslog 22 | name: syslog_forwarder 23 | - type: replace 24 | path: /releases/- 25 | value: 26 | name: syslog 27 | sha1: 17dcdf7b4c65ea59dd7f8aa845171c80f950ade0 28 | url: https://bosh.io/d/github.com/cloudfoundry/syslog-release?v=12.3.3 29 | version: 12.3.3 30 | -------------------------------------------------------------------------------- /cf-deployment/operations/addons/example-vars-files/vars-enable-component-syslog.yml: -------------------------------------------------------------------------------- 1 | --- 2 | syslog_address: logN.papertrailapp.com 3 | syslog_port: 5473 4 | syslog_fallback_servers: [] 5 | syslog_permitted_peer: '*.papertrailapp.com' 6 | syslog_custom_rule: '' 7 | # Note: single quotes work well for a simple single-line rule. 8 | # However, the yaml `|` multi-line syntax works better 9 | # for multiple rules, or rules with multiple lines. 10 | 11 | # This property only necessary/used 12 | # if using the component-syslog-custom-ca ops file. 13 | syslog_ca_cert: | 14 | -------------------------------------------------------------------------------- /cf-deployment/operations/aws.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # --- changing default ports --- 3 | - type: replace 4 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/doppler?/port 5 | value: 4443 6 | 7 | # set load balancer's healthy threshold to 60sec (bbl's default) 8 | - type: replace 9 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/load_balancer_healthy_threshold? 10 | value: 60 11 | -------------------------------------------------------------------------------- /cf-deployment/operations/azure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # --- change router frontend timeout --- 3 | - type: replace 4 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/frontend_idle_timeout? 5 | value: 180 6 | -------------------------------------------------------------------------------- /cf-deployment/operations/backup-and-restore/enable-backup-restore-azure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=backup-restore/jobs/- 4 | value: 5 | name: azure-blobstore-backup-restorer 6 | release: backup-and-restore-sdk 7 | properties: 8 | enabled: true 9 | containers: 10 | droplets: 11 | name: "((droplet_directory_key))" 12 | azure_storage_account: "((blobstore_storage_account_name))" 13 | azure_storage_key: "((blobstore_storage_access_key))" 14 | packages: 15 | name: "((app_package_directory_key))" 16 | azure_storage_account: "((blobstore_storage_account_name))" 17 | azure_storage_key: "((blobstore_storage_access_key))" 18 | buildpacks: 19 | name: "((buildpack_directory_key))" 20 | azure_storage_account: "((blobstore_storage_account_name))" 21 | azure_storage_key: "((blobstore_storage_access_key))" 22 | -------------------------------------------------------------------------------- /cf-deployment/operations/backup-and-restore/enable-backup-restore-gcs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=backup-restore/jobs/- 4 | value: 5 | name: gcs-blobstore-backup-restorer 6 | release: backup-and-restore-sdk 7 | properties: 8 | enabled: true 9 | gcp_service_account_key: ((gcs_service_account_json_key)) 10 | buckets: 11 | droplets: 12 | bucket_name: ((droplet_directory_key)) 13 | backup_bucket_name: ((droplet_backup_directory_key)) 14 | buildpacks: 15 | bucket_name: ((buildpack_directory_key)) 16 | backup_bucket_name: ((buildpack_backup_directory_key)) 17 | packages: 18 | bucket_name: ((app_package_directory_key)) 19 | backup_bucket_name: ((app_package_backup_directory_key)) 20 | -------------------------------------------------------------------------------- /cf-deployment/operations/backup-and-restore/enable-backup-restore-s3-unversioned.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=backup-restore/jobs/- 4 | value: 5 | name: s3-unversioned-blobstore-backup-restorer 6 | release: backup-and-restore-sdk 7 | properties: 8 | enabled: true 9 | buckets: 10 | droplets: 11 | name: "((droplet_directory_key))" 12 | region: "((aws_region))" 13 | aws_access_key_id: "((blobstore_access_key_id))" 14 | aws_secret_access_key: "((blobstore_secret_access_key))" 15 | backup: 16 | name: "((droplet_backup_directory_key))" 17 | region: "((aws_backup_region))" 18 | packages: 19 | name: "((app_package_directory_key))" 20 | region: "((aws_region))" 21 | aws_access_key_id: "((blobstore_access_key_id))" 22 | aws_secret_access_key: "((blobstore_secret_access_key))" 23 | backup: 24 | name: "((app_package_backup_directory_key))" 25 | region: "((aws_backup_region))" 26 | buildpacks: 27 | name: "((buildpack_directory_key))" 28 | region: "((aws_region))" 29 | aws_access_key_id: "((blobstore_access_key_id))" 30 | aws_secret_access_key: "((blobstore_secret_access_key))" 31 | backup: 32 | name: "((buildpack_backup_directory_key))" 33 | region: "((aws_backup_region))" 34 | -------------------------------------------------------------------------------- /cf-deployment/operations/backup-and-restore/enable-backup-restore-s3-versioned.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=backup-restore/jobs/- 4 | value: 5 | name: s3-versioned-blobstore-backup-restorer 6 | release: backup-and-restore-sdk 7 | properties: 8 | enabled: true 9 | buckets: 10 | droplets: 11 | name: "((droplet_directory_key))" 12 | region: "((aws_region))" 13 | aws_access_key_id: "((blobstore_access_key_id))" 14 | aws_secret_access_key: "((blobstore_secret_access_key))" 15 | packages: 16 | name: "((app_package_directory_key))" 17 | region: "((aws_region))" 18 | aws_access_key_id: "((blobstore_access_key_id))" 19 | aws_secret_access_key: "((blobstore_secret_access_key))" 20 | buildpacks: 21 | name: "((buildpack_directory_key))" 22 | region: "((aws_region))" 23 | aws_access_key_id: "((blobstore_access_key_id))" 24 | aws_secret_access_key: "((blobstore_secret_access_key))" 25 | -------------------------------------------------------------------------------- /cf-deployment/operations/backup-and-restore/enable-backup-restore.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/- 3 | value: 4 | name: backup-and-restore-sdk 5 | sha1: 817a1c6ad5d23a5adea1ada52bfa13543392a11b 6 | url: https://bosh.io/d/github.com/cloudfoundry-incubator/backup-and-restore-sdk-release?v=1.19.36 7 | version: 1.19.36 8 | - type: replace 9 | path: /instance_groups/- 10 | value: 11 | azs: 12 | - z1 13 | instances: 1 14 | jobs: 15 | - name: database-backup-restorer 16 | release: backup-and-restore-sdk 17 | - name: bbr-cfnetworkingdb 18 | properties: 19 | release_level_backup: true 20 | release: cf-networking 21 | - name: bbr-cloudcontrollerdb 22 | release: capi 23 | - name: bbr-routingdb 24 | release: routing 25 | - name: bbr-uaadb 26 | properties: 27 | release_level_backup: true 28 | release: uaa 29 | - name: bbr-credhubdb 30 | properties: 31 | release_level_backup: true 32 | release: credhub 33 | - name: cf-cli-8-linux 34 | release: cf-cli 35 | name: backup-restore 36 | networks: 37 | - name: default 38 | persistent_disk_type: 10GB 39 | stemcell: default 40 | vm_type: minimal 41 | - type: replace 42 | path: /instance_groups/name=api/jobs/name=routing-api/properties/release_level_backup? 43 | value: true 44 | -------------------------------------------------------------------------------- /cf-deployment/operations/backup-and-restore/enable-restore-azure-clone.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=backup-restore/jobs/- 4 | value: 5 | name: azure-blobstore-backup-restorer 6 | release: backup-and-restore-sdk 7 | properties: 8 | enabled: true 9 | containers: 10 | droplets: 11 | name: "((droplet_directory_key))" 12 | azure_storage_account: "((blobstore_storage_account_name))" 13 | azure_storage_key: "((blobstore_storage_access_key))" 14 | restore_from: 15 | azure_storage_account: "((restore_from_blobstore_storage_account_name))" 16 | azure_storage_key: "((restore_from_blobstore_storage_access_key))" 17 | packages: 18 | name: "((app_package_directory_key))" 19 | azure_storage_account: "((blobstore_storage_account_name))" 20 | azure_storage_key: "((blobstore_storage_access_key))" 21 | restore_from: 22 | azure_storage_account: "((restore_from_blobstore_storage_account_name))" 23 | azure_storage_key: "((restore_from_blobstore_storage_access_key))" 24 | buildpacks: 25 | name: "((buildpack_directory_key))" 26 | azure_storage_account: "((blobstore_storage_account_name))" 27 | azure_storage_key: "((blobstore_storage_access_key))" 28 | restore_from: 29 | azure_storage_account: "((restore_from_blobstore_storage_account_name))" 30 | azure_storage_key: "((restore_from_blobstore_storage_access_key))" 31 | -------------------------------------------------------------------------------- /cf-deployment/operations/backup-and-restore/enable-restore-nfs-broker.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=backup-restore/jobs/- 3 | value: 4 | name: nfsbrokerpush 5 | provides: 6 | nfsbrokerpush: {as: colocated-nfsbrokerpush} 7 | properties: 8 | nfsbrokerpush: 9 | app_domain: ((system_domain)) 10 | app_name: nfs-broker 11 | cf: 12 | client_id: nfs-broker-push-client 13 | client_secret: ((nfs-broker-push-uaa-client-secret)) 14 | create_credhub_security_group: true 15 | create_sql_security_group: false 16 | credhub: 17 | uaa_ca_cert: ((uaa_ssl.ca)) 18 | uaa_client_id: nfs-broker-credhub-client 19 | uaa_client_secret: ((nfs-broker-credhub-uaa-client-secret)) 20 | domain: ((system_domain)) 21 | organization: system 22 | password: ((nfs-broker-password)) 23 | skip_cert_verify: true 24 | space: nfs-broker-space 25 | store_id: nfsbroker 26 | syslog_url: "" 27 | username: nfs-broker 28 | release: nfs-volume 29 | - type: replace 30 | path: /instance_groups/name=backup-restore/jobs/- 31 | value: 32 | name: nfsbroker-bbr-lock 33 | release: nfs-volume 34 | consumes: 35 | nfsbrokerpush: {from: colocated-nfsbrokerpush} 36 | -------------------------------------------------------------------------------- /cf-deployment/operations/backup-and-restore/enable-restore-smb-broker.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=backup-restore/jobs/- 3 | value: 4 | name: smbbrokerpush 5 | provides: 6 | smbbrokerpush: {as: smbbrokerpush-co-located} 7 | properties: 8 | app_domain: ((system_domain)) 9 | cf: 10 | client_id: smb-broker-client 11 | client_secret: ((smb-broker-uaa-client-secret)) 12 | credhub: 13 | store_id: smbbroker 14 | uaa_client_id: smb-broker-credhub-client 15 | uaa_client_secret: ((smb-broker-credhub-uaa-client-secret)) 16 | url: https://credhub.service.cf.internal:8844 17 | domain: ((system_domain)) 18 | organization: system 19 | password: ((smb-broker-password)) 20 | skip_cert_verify: true 21 | space: smb-broker-space 22 | syslog_url: "" 23 | username: smb-broker 24 | release: smb-volume 25 | - type: replace 26 | path: /instance_groups/name=backup-restore/jobs/- 27 | value: 28 | name: bbr-smbbroker 29 | release: smb-volume 30 | consumes: 31 | smbbrokerpush: {from: smbbrokerpush-co-located} 32 | 33 | -------------------------------------------------------------------------------- /cf-deployment/operations/backup-and-restore/example-vars-files/vars-enable-backup-restore-gcs.yml: -------------------------------------------------------------------------------- 1 | droplet_backup_directory_key: # Name of the backup bucket for droplets 2 | app_package_backup_directory_key: # Name of the backup bucket for app packages 3 | buildpack_backup_directory_key: # Name of the backup bucket for buildpacks 4 | -------------------------------------------------------------------------------- /cf-deployment/operations/backup-and-restore/example-vars-files/vars-enable-backup-restore-s3-unversioned.yml: -------------------------------------------------------------------------------- 1 | droplet_backup_directory_key: # Name of the backup bucket for droplets 2 | app_package_backup_directory_key: # Name of the backup bucket for app packages 3 | buildpack_backup_directory_key: # Name of the backup bucket for buildpacks 4 | aws_backup_region: # Region containing the backup buckets -------------------------------------------------------------------------------- /cf-deployment/operations/backup-and-restore/example-vars-files/vars-enable-restore-azure-clone.yml: -------------------------------------------------------------------------------- 1 | restore_from_blobstore_storage_account_name: name # account name for azure storage account to restore from 2 | restore_from_blobstore_storage_access_key: key # access key for azure storage account to restore from 3 | -------------------------------------------------------------------------------- /cf-deployment/operations/backup-and-restore/skip-backup-restore-droplets-and-packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=backup-restore/jobs/name=azure-blobstore-backup-restorer?/properties/containers/droplets 4 | 5 | - type: remove 6 | path: /instance_groups/name=backup-restore/jobs/name=gcs-blobstore-backup-restorer?/properties/buckets/droplets 7 | 8 | - type: remove 9 | path: /instance_groups/name=backup-restore/jobs/name=s3-unversioned-blobstore-backup-restorer?/properties/buckets/droplets 10 | 11 | - type: remove 12 | path: /instance_groups/name=backup-restore/jobs/name=s3-versioned-blobstore-backup-restorer?/properties/buckets/droplets 13 | 14 | - type: remove 15 | path: /instance_groups/name=backup-restore/jobs/name=azure-blobstore-backup-restorer?/properties/containers/packages 16 | 17 | - type: remove 18 | path: /instance_groups/name=backup-restore/jobs/name=gcs-blobstore-backup-restorer?/properties/buckets/packages 19 | 20 | - type: remove 21 | path: /instance_groups/name=backup-restore/jobs/name=s3-unversioned-blobstore-backup-restorer?/properties/buckets/packages 22 | 23 | - type: remove 24 | path: /instance_groups/name=backup-restore/jobs/name=s3-versioned-blobstore-backup-restorer?/properties/buckets/packages 25 | 26 | - type: remove 27 | path: /instance_groups/name=singleton-blobstore?/jobs/name=blobstore/properties/select_directories_to_backup/2 28 | 29 | - type: remove 30 | path: /instance_groups/name=singleton-blobstore?/jobs/name=blobstore/properties/select_directories_to_backup/1 31 | -------------------------------------------------------------------------------- /cf-deployment/operations/backup-and-restore/skip-backup-restore-droplets.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=backup-restore/jobs/name=azure-blobstore-backup-restorer?/properties/containers/droplets 4 | 5 | - type: remove 6 | path: /instance_groups/name=backup-restore/jobs/name=gcs-blobstore-backup-restorer?/properties/buckets/droplets 7 | 8 | - type: remove 9 | path: /instance_groups/name=backup-restore/jobs/name=s3-unversioned-blobstore-backup-restorer?/properties/buckets/droplets 10 | 11 | - type: remove 12 | path: /instance_groups/name=backup-restore/jobs/name=s3-versioned-blobstore-backup-restorer?/properties/buckets/droplets 13 | 14 | - type: remove 15 | path: /instance_groups/name=singleton-blobstore?/jobs/name=blobstore/properties/select_directories_to_backup/2 16 | -------------------------------------------------------------------------------- /cf-deployment/operations/community/README.md: -------------------------------------------------------------------------------- 1 | # Community-supported ops-files 2 | 3 | This is the README for Community Ops-files. To learn more about `cf-deployment`, go to the main [README](../../README.md). 4 | 5 | - For General Ops-files, check out the [Ops-file README](../README.md). 6 | - For Addons Ops-files that can be applied to manifests or runtime configs, check out the [Addons Ops-file README](../addons/README.md). 7 | - For Backup and Restore Ops-files (for configuring your deployment for use with [BBR](https://github.com/cloudfoundry-incubator/bosh-backup-and-restore)), checkout the [Backup and Restore Ops-files README](../backup-and-restore/README.md). 8 | - For Experimental Ops-files, check out the [Experimental Ops-file README](../experimental/README.md). 9 | 10 | Included in this directory is a collection of ops files submitted by the CF community. They are **not** supported or tested in any way by the Release Integration team. If you encounter an issue with any of these files, please contact the maintainer listed below. 11 | 12 | ## Ops-Files 13 | 14 | | File | Maintainer | Purpose | 15 | | --- | --- | --- | 16 | | [`change-metron-agent-deployment.yml`](change-metron-agent-deployment.yml) | [SAP SE](https://www.sap.com/) - submitted by [jsievers](https://github.com/jsievers) | Adds an ops file for changing the metron agent deployment property in all jobs | 17 | | [`use-haproxy.yml`](use-haproxy.yml) | [Stark & Wayne](https://www.starkandwayne.com/) - submitted by [rkoster](https://github.com/rkoster) | Adds https://github.com/cloudfoundry-incubator/haproxy-boshrelease as a load balancer for environments without IaaS provided load blancers. | 18 | -------------------------------------------------------------------------------- /cf-deployment/operations/community/change-metron-agent-deployment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # cf-deployment uses system_domain as metron agent deployment. 3 | # Use this to override metron agent deployment name in the loggregator_agent addon 4 | - type: replace 5 | path: /addons/name=loggregator_agent/jobs/name=loggregator_agent/properties/deployment? 6 | value: ((loggregator_agent_deployment)) 7 | - type: replace 8 | path: /addons/name=loggregator_agent/jobs/name=loggregator_agent/properties/tags?/deployment 9 | value: ((loggregator_agent_deployment)) 10 | - type: replace 11 | path: /addons/name=forwarder_agent/jobs/name=loggr-forwarder-agent/properties/deployment? 12 | value: ((loggregator_agent_deployment)) 13 | - type: replace 14 | path: /addons/name=forwarder_agent/jobs/name=loggr-forwarder-agent/properties/tags?/deployment 15 | value: ((loggregator_agent_deployment)) 16 | -------------------------------------------------------------------------------- /cf-deployment/operations/community/use-haproxy.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/- 3 | value: 4 | name: haproxy 5 | sha1: ec3c14969efbe9dc2c0360191217fb34dc6727c1 6 | url: https://bosh.io/d/github.com/cloudfoundry-incubator/haproxy-boshrelease?v=14.3.0%2B2.8.10 7 | version: 14.3.0+2.8.10 8 | - type: replace 9 | path: /instance_groups/name=smoke-tests 10 | value: 11 | azs: 12 | - z1 13 | - z2 14 | instances: 2 15 | jobs: 16 | - name: keepalived 17 | properties: 18 | keepalived: 19 | vip: ((haproxy_static_vip)) 20 | release: haproxy 21 | - name: haproxy 22 | properties: 23 | ha_proxy: 24 | ssl_pem: ((router_ssl.certificate))((router_ssl.private_key)) 25 | tcp_link_port: 2222 26 | release: haproxy 27 | name: haproxy 28 | networks: 29 | - name: default 30 | stemcell: default 31 | vm_type: minimal 32 | - type: replace 33 | path: /instance_groups/- 34 | value: 35 | azs: 36 | - z1 37 | instances: 1 38 | jobs: 39 | - name: smoke_tests 40 | properties: 41 | smoke_tests: 42 | api: https://api.((system_domain)) 43 | apps_domain: ((system_domain)) 44 | cf_dial_timeout_in_seconds: 300 45 | org: cf_smoke_tests_org 46 | password: ((cf_admin_password)) 47 | skip_ssl_validation: true 48 | space: cf_smoke_tests_space 49 | user: admin 50 | release: cf-smoke-tests 51 | lifecycle: errand 52 | name: smoke-tests 53 | networks: 54 | - name: default 55 | stemcell: default 56 | update: 57 | serial: true 58 | vm_type: minimal 59 | -------------------------------------------------------------------------------- /cf-deployment/operations/configure-default-router-group.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=api/jobs/name=routing-api/properties/routing_api/router_groups/name=default-tcp/reservable_ports 3 | value: ((default_router_group_reservable_ports)) 4 | -------------------------------------------------------------------------------- /cf-deployment/operations/disable-dynamic-asgs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=policy-server-asg-syncer/properties/disable? 4 | value: true 5 | 6 | - type: replace 7 | path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/properties/enable_asg_syncing? 8 | value: false 9 | -------------------------------------------------------------------------------- /cf-deployment/operations/disable-http2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/enable_http2? 4 | value: false 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/disable-router-tls-termination.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/enable_ssl 4 | - type: remove 5 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/tls_pem 6 | - type: remove 7 | path: /variables/name=router_ssl 8 | - type: remove 9 | path: /variables/name=router_ca 10 | -------------------------------------------------------------------------------- /cf-deployment/operations/disable-tls-tcp-routing-isolation-segment-stage-1-unproxied-ports.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=isolated-diego-cell/jobs/name=rep/properties/containers/proxy/enable_unproxied_port_mappings? 4 | value: true 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/disable-tls-tcp-routing-isolation-segment-stage-2-route-emitter.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=isolated-diego-cell/jobs/name=route_emitter/properties/tcp/enable_tls? 4 | value: false 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/disable-tls-tcp-routing-stage-1-unproxied-ports.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/proxy/enable_unproxied_port_mappings? 4 | value: true 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/disable-tls-tcp-routing-stage-2-tcp-router-and-route-emitter.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=tcp-router/jobs/name=tcp_router/properties/tcp_router/backend_tls?/enabled 4 | value: false 5 | 6 | - type: replace 7 | path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/tcp/enable_tls? 8 | value: false 9 | -------------------------------------------------------------------------------- /cf-deployment/operations/enable-cc-rate-limiting.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/rate_limiter? 4 | value: 5 | enabled: true 6 | general_limit: "((cc_rate_limiter_general_limit))" 7 | unauthenticated_limit: "((cc_rate_limiter_unauthenticated_limit))" 8 | -------------------------------------------------------------------------------- /cf-deployment/operations/enable-cc-v2-rate-limiting.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/rate_limiter_v2_api? 4 | value: 5 | enabled: true 6 | general_limit: "((cc_v2_rate_limiter_general_limit))" 7 | admin_limit: "((cc_v2_rate_limiter_admin_limit))" 8 | reset_interval_in_minutes: "((cc_v2_rate_limiter_reset_interval_in_minutes))" 9 | - type: replace 10 | path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/cf/scopes/- 11 | value: "cloud_controller.v2_api_rate_limit_exempt" -------------------------------------------------------------------------------- /cf-deployment/operations/enable-cpu-throttling.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Enabling this feature only makes sense if `set-cpu-weight` is enabled as well 3 | - type: replace 4 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/cpu_throttling? 5 | value: true 6 | -------------------------------------------------------------------------------- /cf-deployment/operations/enable-nfs-ldap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_svc_user? 4 | value: ((nfs-ldap-service-user)) 5 | - type: replace 6 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_svc_password? 7 | value: ((nfs-ldap-service-password)) 8 | - type: replace 9 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_host? 10 | value: ((nfs-ldap-host)) 11 | - type: replace 12 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_port? 13 | value: ((nfs-ldap-port)) 14 | - type: replace 15 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_proto? 16 | value: ((nfs-ldap-proto)) 17 | - type: replace 18 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_user_fqdn? 19 | value: ((nfs-ldap-fqdn)) 20 | - type: replace 21 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/allowed-in-source? 22 | value: "" 23 | - type: replace 24 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_ca_cert? 25 | value: ((ldap_server_ssl.ca)) 26 | - type: replace 27 | path: /instance_groups/name=nfs-broker-push/jobs/name=nfsbrokerpush/properties/nfsbrokerpush/ldap_enabled? 28 | value: true 29 | -------------------------------------------------------------------------------- /cf-deployment/operations/enable-privileged-container-support.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/diego?/use_privileged_containers_for_running 4 | value: true 5 | 6 | - type: replace 7 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/diego?/use_privileged_containers_for_running 8 | value: true 9 | 10 | - type: replace 11 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/diego?/use_privileged_containers_for_running 12 | value: true 13 | -------------------------------------------------------------------------------- /cf-deployment/operations/enable-service-discovery.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #this feature is enabled by default now 3 | -------------------------------------------------------------------------------- /cf-deployment/operations/enable-tls-on-file-server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=file_server/properties/https_server_enabled? 4 | value: true 5 | - type: replace 6 | path: /instance_groups/name=api/jobs/name=file_server/properties/tls? 7 | value: 8 | cert: ((file_server_cert.certificate)) 9 | key: ((file_server_cert.private_key)) 10 | - type: replace 11 | path: /variables/- 12 | value: 13 | name: file_server_cert 14 | type: certificate 15 | update_mode: converge 16 | options: 17 | ca: service_cf_internal_ca 18 | common_name: file-server.service.cf.internal 19 | alternative_names: 20 | - file-server.service.cf.internal 21 | extended_key_usage: 22 | - server_auth 23 | -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-enable-nfs-ldap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | nfs-ldap-service-user: user 3 | nfs-ldap-service-password: password 4 | nfs-ldap-host: host 5 | nfs-ldap-port: port 6 | nfs-ldap-proto: proto 7 | nfs-ldap-fqdn: fqdn 8 | ldap_server_ssl: 9 | ca: | 10 | -----BEGIN CERTIFICATE----- 11 | meow 12 | -----END CERTIFICATE----- 13 | -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-override-app-domains.yml: -------------------------------------------------------------------------------- 1 | --- 2 | app_domains: 3 | - name: example.com 4 | - name: tcp-apps.example.com 5 | smoke_test_app_domain: example.com 6 | -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-rename-deployment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | deployment_name: new-deployment-name 3 | -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-rename-network.yml: -------------------------------------------------------------------------------- 1 | --- 2 | network_name: new-network-name 3 | -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-use-alicloud-oss-blobstore-to-multi-bucket.yml: -------------------------------------------------------------------------------- 1 | blobstore_region: cn-hangzhou 2 | blobstore_endpoint: oss-cn-hangzhou.aliyuncs.com 3 | blobstore_access_key_id: example-access-key-id 4 | blobstore_secret_access_key: example-secret-access-key 5 | app_package_directory_key: example-app-package-directory-key 6 | buildpack_directory_key: example-buildpack-directory-key 7 | droplet_directory_key: example-droplet-directory-key 8 | resource_directory_key: example-resource-directory-key 9 | -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-use-alicloud-oss-blobstore.yml: -------------------------------------------------------------------------------- 1 | blobstore_region: cn-hangzhou 2 | blobstore_endpoint: oss-cn-hangzhou.aliyuncs.com 3 | blobstore_access_key_id: example-access-key-id 4 | blobstore_secret_access_key: example-secret-access-key 5 | blobstore_bucket_name: example-oss-bucket-name 6 | app_package_directory_key: example-app-package-directory-key 7 | buildpack_directory_key: example-buildpack-directory-key 8 | droplet_directory_key: example-droplet-directory-key 9 | resource_directory_key: example-resource-directory-key 10 | -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-use-azure-storage-blobstore.yml: -------------------------------------------------------------------------------- 1 | environment: planet_earth 2 | blobstore_storage_account_name: blobaccount1 3 | blobstore_storage_access_key: blobkey1 4 | app_package_directory_key: example-apps-dir 5 | buildpack_directory_key: example-buildpacks-dir 6 | droplet_directory_key: example-droplets-dir 7 | resource_directory_key: example-resources-dir -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-use-blobstore-cdn.yml: -------------------------------------------------------------------------------- 1 | cdn_key_pair_id: amz-123-xyz 2 | cdn_private_key: lkjlkjlkjkljlkjkl 3 | resource_pool_cdn_uri: https://www.example.com/ 4 | droplets_cdn_uri: https://www.example.com/ 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-use-external-blobstore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | fog_connection: 3 | provider: Google 4 | google_storage_access_key_id: fun-time-access-key 5 | google_storage_secret_access_key: fun-time-sekret-access-key 6 | 7 | app_package_directory_key: fun-time-packages 8 | buildpack_directory_key: fun-time-buildpacks 9 | droplet_directory_key: fun-time-droplets 10 | resource_directory_key: fun-time-resources 11 | -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-use-gcs-blobstore-access-key.yml: -------------------------------------------------------------------------------- 1 | --- 2 | blobstore_access_key_id: example-gcs-access-key-id 3 | blobstore_secret_access_key: example-gcs-secret-access-key 4 | 5 | app_package_directory_key: example-apps-dir 6 | buildpack_directory_key: example-buildpacks-dir 7 | droplet_directory_key: example-droplets-dir 8 | resource_directory_key: example-resources-dir 9 | -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-use-gcs-blobstore-service-account.yml: -------------------------------------------------------------------------------- 1 | --- 2 | app_package_directory_key: example-apps-dir 3 | buildpack_directory_key: example-buildpacks-dir 4 | droplet_directory_key: example-droplets-dir 5 | resource_directory_key: example-resources-dir 6 | gcs_project: gcs-project-id 7 | gcs_service_account_email: gcs-service-account@gcs-project-id.iam.gserviceaccount.com 8 | gcs_service_account_json_key: > 9 | { 10 | "service": "account", 11 | "json": "blob" 12 | } 13 | -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-use-operator-provided-router-tls-certificates.yml: -------------------------------------------------------------------------------- 1 | router_tls_pem: 2 | - cert_chain: | 3 | -----BEGIN CERTIFICATE----- 4 | meow 5 | -----END CERTIFICATE----- 6 | -----BEGIN CERTIFICATE----- 7 | chain meow 8 | -----END CERTIFICATE----- 9 | private_key: | 10 | -----BEGIN PRIVATE KEY----- 11 | meow 12 | -----END PRIVATE KEY----- 13 | -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-use-s3-blobstore.yml: -------------------------------------------------------------------------------- 1 | aws_region: us-east-1 2 | blobstore_access_key_id: example-access-key-id 3 | blobstore_secret_access_key: example-secret-access-key 4 | app_package_directory_key: example-app-package-directory-key 5 | buildpack_directory_key: example-buildpack-directory-key 6 | droplet_directory_key: example-droplet-directory-key 7 | resource_directory_key: example-resource-directory-key -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-use-swift-blobstore.yml: -------------------------------------------------------------------------------- 1 | openstack_password: openstack_password 2 | auth_url: https://auth.url 3 | openstack_domain: openstack_domain 4 | openstack_domain_id: openstack_domain_id 5 | openstack_project: openstack_project 6 | openstack_region: openstack_region 7 | openstack_temp_url_key: openstack_temp_url_key 8 | openstack_username: openstack_username 9 | 10 | buildpack_directory_key: buildpacks 11 | droplet_directory_key: droplets 12 | app_package_directory_key: apppackages 13 | resource_directory_key: resources 14 | -------------------------------------------------------------------------------- /cf-deployment/operations/example-vars-files/vars-use-trusted-ca-cert-for-apps.yml: -------------------------------------------------------------------------------- 1 | --- 2 | trusted_cert_for_apps: 3 | ca: | 4 | -----BEGIN CERTIFICATE----- 5 | meow 6 | -----END CERTIFICATE----- 7 | 8 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/add-cflinuxfs4.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ### 3 | # Deprecated as we integrate cflinuxfs4 directly into cf-deployment.yml 4 | ### 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/add-metric-store.yml: -------------------------------------------------------------------------------- 1 | ../use-metric-store.yml -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/add-otel-collector-windows.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /addons?/name=otel-collector-windows2019 3 | value: 4 | name: otel-collector-windows2019 5 | include: 6 | stemcell: 7 | - os: windows2019 8 | jobs: 9 | - name: otel-collector-windows 10 | release: otel-collector 11 | properties: 12 | # https://opentelemetry.io/docs/collector/configuration/ 13 | config: ((otel_collector_config)) 14 | ingress: 15 | grpc: 16 | tls: 17 | ca_cert: ((otel_collector_tls.ca)) 18 | cert: ((otel_collector_tls.certificate)) 19 | key: ((otel_collector_tls.private_key)) 20 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/add-otel-collector.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /addons?/name=otel-collector 3 | value: 4 | exclude: 5 | jobs: 6 | - name: smoke_tests 7 | release: cf-smoke-tests 8 | include: 9 | stemcell: 10 | - os: ubuntu-jammy 11 | jobs: 12 | - name: otel-collector 13 | properties: 14 | config: ((otel_collector_config)) 15 | ingress: 16 | grpc: 17 | tls: 18 | ca_cert: ((otel_collector_tls.ca)) 19 | cert: ((otel_collector_tls.certificate)) 20 | key: ((otel_collector_tls.private_key)) 21 | release: otel-collector 22 | name: otel-collector 23 | - type: replace 24 | path: /variables/name=otel_collector_tls? 25 | value: 26 | name: otel_collector_tls 27 | options: 28 | alternative_names: 29 | - otel-collector 30 | ca: loggregator_ca 31 | common_name: otel-collector 32 | extended_key_usage: 33 | - client_auth 34 | - server_auth 35 | type: certificate 36 | update_mode: converge 37 | - type: replace 38 | path: /releases/name=otel-collector? 39 | value: 40 | name: otel-collector 41 | sha1: 7b534dbe5a8cdf6c7cefa94fc2ca22f077fb2be8 42 | url: https://bosh.io/d/github.com/cloudfoundry/otel-collector-release?v=0.11.0 43 | version: 0.11.0 44 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/add-system-metrics-agent-windows2019.yml: -------------------------------------------------------------------------------- 1 | ../addons/add-system-metrics-agent-windows2019.yml -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/add-system-metrics-agent.yml: -------------------------------------------------------------------------------- 1 | ../addons/add-system-metrics-agent.yml -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/colocate-smoke-tests-on-cc-worker.yml: -------------------------------------------------------------------------------- 1 | - type: remove 2 | path: /addons/name=loggregator_agent/exclude/jobs/name=smoke_tests 3 | - type: remove 4 | path: /addons/name=prom_scraper/exclude/jobs/name=smoke_tests 5 | - type: remove 6 | path: /instance_groups/name=smoke-tests 7 | - type: replace 8 | path: /instance_groups/name=cc-worker/jobs/- 9 | value: 10 | name: smoke_tests 11 | release: cf-smoke-tests 12 | properties: 13 | bpm: 14 | enabled: true 15 | smoke_tests: 16 | api: "https://api.((system_domain))" 17 | apps_domain: "((system_domain))" 18 | client: cf_smoke_tests 19 | client_secret: "((uaa_clients_cf_smoke_tests_secret))" 20 | org: cf_smoke_tests_org 21 | space: cf_smoke_tests_space 22 | cf_dial_timeout_in_seconds: 300 23 | skip_ssl_validation: true 24 | - type: replace 25 | path: /instance_groups/name=cc-worker/jobs/- 26 | value: 27 | name: cf-cli-8-linux 28 | release: cf-cli 29 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/disable-cf-credhub.yml: -------------------------------------------------------------------------------- 1 | # Instance Group 2 | - type: remove 3 | path: /instance_groups/name=credhub 4 | 5 | # Release 6 | - type: remove 7 | path: /releases/name=credhub 8 | 9 | # UAA clients 10 | - type: remove 11 | path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/cc_service_key_client? 12 | - type: remove 13 | path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/credhub_admin_client 14 | - type: replace 15 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/uaa/clients/cc_service_key_client/secret 16 | value: x 17 | 18 | # Properties 19 | - type: remove 20 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/credhub_api 21 | - type: remove 22 | path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs/1 23 | - type: remove 24 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates/1 25 | 26 | # Vars 27 | - type: remove 28 | path: /variables/name=credhub_encryption_password 29 | - type: remove 30 | path: /variables/name=credhub_admin_client_secret 31 | - type: remove 32 | path: /variables/name=credhub_ca 33 | - type: remove 34 | path: /variables/name=credhub_tls 35 | - type: remove 36 | path: /variables/name=uaa_clients_cc_service_key_client_secret -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/disable-interpolate-service-bindings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/credential_references?/interpolate_service_bindings 4 | value: false 5 | 6 | - type: replace 7 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/credential_references?/interpolate_service_bindings 8 | value: false 9 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/disable-logs-in-firehose-windows2019.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/jobs/name=loggregator_agent_windows/properties/disable_logs? 4 | value: true 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/disable-logs-in-firehose.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /addons/name=loggregator_agent/jobs/name=loggregator_agent/properties/disable_logs? 4 | value: true 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/disable-tls-tcp-routing-windows-stage-1-unproxied-ports.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers/proxy/enable_unproxied_port_mappings? 4 | value: true 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/disable-tls-tcp-routing-windows-stage-2-route-emitter.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/jobs/name=route_emitter_windows/properties/tcp/enable_tls? 4 | value: false 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/disable-v2-api.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/temporary_enable_v2? 4 | value: false 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/enable-app-log-rate-limiting-windows2019.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/diego/executor/max_log_lines_per_second? 4 | value: ((app_log_rate_limit)) 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/enable-app-log-rate-limiting.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/diego/executor/max_log_lines_per_second? 4 | value: ((app_log_rate_limit)) 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/enable-bpm-garden.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # No-op, BPM enablement for garden is an implementation detail of rootless 3 | # containers support. See rootless-containers.yml 4 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/enable-containerd-for-processes.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/experimental_use_containerd_mode_for_processes? 3 | value: true 4 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/enable-cpu-throttling.yml: -------------------------------------------------------------------------------- 1 | ../enable-cpu-throttling.yml -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/enable-direct-io-grootfs.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties?/grootfs/experimental_direct_io 3 | value: true 4 | 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/enable-iptables-logger.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Enable iptables logging for ASGs 3 | - type: replace 4 | path: /instance_groups/name=diego-cell/jobs/name=silk-cni/properties?/iptables_logging 5 | value: true 6 | 7 | # Enable iptables logging for c2c 8 | - type: replace 9 | path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/properties?/iptables_logging 10 | value: true 11 | 12 | # Turn on iptables-logger job 13 | # This job forwards iptables kernel logs to /var/vcap/sys/log/iptables-logger 14 | - type: replace 15 | path: /instance_groups/name=diego-cell/jobs/- 16 | value: 17 | name: iptables-logger 18 | release: silk 19 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/enable-nginx-routing-integrity-windows2019.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/enabled 3 | value: true 4 | - type: replace 5 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/enable_unproxied_port_mappings 6 | value: false 7 | - type: replace 8 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/require_and_verify_client_certificates 9 | value: true 10 | - type: replace 11 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/trusted_ca_certificates 12 | value: 13 | - ((gorouter_backend_tls.ca)) 14 | - ((ssh_proxy_backends_tls.ca)) 15 | ((tcp_router_backend_tls.ca)) 16 | - type: replace 17 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers?/proxy/verify_subject_alt_name 18 | value: 19 | - gorouter.service.cf.internal 20 | - ssh-proxy.service.cf.internal 21 | - tcp-router.service.cf.internal 22 | - type: replace 23 | path: /instance_groups/name=windows2019-cell/jobs/name=route_emitter_windows/properties/tcp?/enable_tls 24 | value: true 25 | - type: replace 26 | path: /instance_groups/name=windows2019-cell/jobs/- 27 | value: 28 | name: envoy_windows 29 | release: envoy-nginx 30 | - type: replace 31 | path: /releases/name=envoy-nginx? 32 | value: 33 | name: envoy-nginx 34 | sha1: 7a4a575262b1a7cbf582302ee8e1f11d6e31fc21 35 | url: https://bosh.io/d/github.com/cloudfoundry-incubator/envoy-nginx-release?v=0.29.0 36 | version: 0.29.0 37 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/enable-oci-phase-1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/diego?/enable_declarative_asset_downloads 4 | value: true 5 | 6 | - type: replace 7 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/cc/diego?/enable_declarative_asset_downloads 8 | value: true 9 | 10 | - type: replace 11 | path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/cc/diego?/enable_declarative_asset_downloads 12 | value: true 13 | 14 | - type: replace 15 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/layering_mode? 16 | value: "two-layer" 17 | 18 | - type: replace 19 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/grootfs?/tls 20 | value: 21 | cert: ((grootfs_remote_layer_tls.certificate)) 22 | key: ((grootfs_remote_layer_tls.private_key)) 23 | ca_cert: ((grootfs_remote_layer_tls.ca)) 24 | 25 | - type: replace 26 | path: /variables/- 27 | value: 28 | name: grootfs_remote_layer_tls 29 | type: certificate 30 | update_mode: converge 31 | options: 32 | ca: service_cf_internal_ca 33 | common_name: cell.service.cf.internal 34 | alternative_names: 35 | - cell.service.cf.internal 36 | - "*.cell.service.cf.internal" 37 | extended_key_usage: 38 | - client_auth 39 | - server_auth 40 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/enable-traffic-to-internal-networks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/default_running_security_groups/- 4 | value: internal 5 | 6 | - type: replace 7 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/security_group_definitions/- 8 | value: 9 | name: internal 10 | rules: 11 | - destination: 10.0.0.0-10.254.255.255 12 | protocol: all 13 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/example-vars-files/vars-override-otel-collector-exporters.yml: -------------------------------------------------------------------------------- 1 | --- 2 | otel_collector_config: 3 | receivers: 4 | otlp/placeholder: # no need to change, receivers are filled in automatically by the release 5 | 6 | processors: 7 | batch: 8 | 9 | exporters: 10 | file/traces: 11 | path: /tmp/otel-collector-traces.log 12 | file/metrics: 13 | path: /tmp/otel-collector-metrics.log 14 | file/logs: 15 | path: /tmp/otel-collector-logs.log 16 | # otlp/test: 17 | # endpoint: otelcol:4317 18 | 19 | service: 20 | pipelines: 21 | traces: 22 | receivers: [otlp/placeholder] # no need to change, receivers are filled in automatically by the release 23 | processors: [batch] 24 | exporters: 25 | - file/traces 26 | # - otlp/test 27 | metrics: 28 | receivers: [otlp/placeholder] # no need to change, receivers are filled in automatically by the release 29 | processors: [batch] 30 | exporters: 31 | - file/metrics 32 | # - otlp/test 33 | logs: 34 | receivers: [otlp/placeholder] # no need to change, receivers are filled in automatically by the release 35 | processors: [batch] 36 | exporters: 37 | - file/logs 38 | # - otlp/test 39 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/fast-deploy-with-downtime-and-danger.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /update/canaries 4 | value: 0 5 | 6 | - type: replace 7 | path: /update/max_in_flight 8 | value: 100% 9 | 10 | - type: replace 11 | path: /instance_groups/name=database/update/serial 12 | value: true 13 | - type: replace 14 | path: /instance_groups/name=singleton-blobstore/update/serial 15 | value: false 16 | - type: replace 17 | path: /instance_groups/name=router/update/serial 18 | value: false 19 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/set-cflinuxfs4-default-stack.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ### 3 | # Deprecated as we integrate cflinuxfs4 directly into cf-deployment.yml 4 | ### 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/set-cpu-weight-windows2019.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/containers/set_cpu_weight? 4 | value: true 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/set-cpu-weight.yml: -------------------------------------------------------------------------------- 1 | ../set-cpu-weight.yml -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/use-compiled-releases-windows.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/name=diego 3 | value: 4 | name: diego 5 | sha1: 2b859378fc80cc983fbc875ebf934d7a3eab66f1 6 | url: https://bosh.io/d/github.com/cloudfoundry/diego-release?v=2.105.0 7 | version: 2.105.0 8 | - type: replace 9 | path: /releases/name=garden-runc 10 | value: 11 | name: garden-runc 12 | sha1: 56cb4687e28cfbb6ed90e0b5afe28c118b7e9c6e 13 | url: https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.57.0 14 | version: 1.57.0 15 | - type: replace 16 | path: /releases/name=loggregator-agent 17 | value: 18 | name: loggregator-agent 19 | sha1: a425e43b561f9df3fed255786424885ae12a5f80 20 | url: https://bosh.io/d/github.com/cloudfoundry/loggregator-agent-release?v=8.3.0 21 | version: 8.3.0 22 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/use-create-swap-delete-vm-strategy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /update/vm_strategy? 4 | value: "create-swap-delete" 5 | 6 | - type: replace 7 | path: /features?/use_dns_addresses 8 | value: true 9 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/use-mysql-version-8.0.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ### 3 | # Deprecated as we now use MySQL version 8.0 by default. 4 | ### 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/use-native-garden-runc-runner.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - type: remove 4 | path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/containerd_mode? 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/experimental/use-trusted-ca-cert-for-apps-cflinuxfs4.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ### 3 | # Deprecated as we integrate cflinuxfs4 directly into cf-deployment.yml 4 | ### 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/openstack.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=diego-cell/vm_extensions? 4 | 5 | - type: remove 6 | path: /instance_groups/name=api/vm_extensions? 7 | 8 | - type: replace 9 | path: /instance_groups/name=diego-cell/vm_type? 10 | value: small-highmem-100GB-ephemeral-disk 11 | 12 | - type: replace 13 | path: /instance_groups/name=api/vm_type? 14 | value: small-50GB-ephemeral-disk 15 | -------------------------------------------------------------------------------- /cf-deployment/operations/override-app-domains.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/app_domains 4 | value: ((app_domains)) 5 | - type: replace 6 | path: /instance_groups/name=smoke-tests/jobs/name=smoke_tests/properties/smoke_tests/apps_domain 7 | value: ((smoke_test_app_domain)) 8 | -------------------------------------------------------------------------------- /cf-deployment/operations/scale-database-cluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=database/instances 4 | value: 3 5 | - type: replace 6 | path: /instance_groups/name=database/azs 7 | value: [z1, z2, z3] 8 | 9 | - type: replace 10 | path: /instance_groups/name=database/jobs/name=proxy/properties/shutdown_delay? 11 | value: 30 12 | -------------------------------------------------------------------------------- /cf-deployment/operations/set-bbs-active-key.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-api/jobs/name=bbs/properties/diego/bbs/active_key_label 4 | value: "((diego_bbs_active_key_label))" 5 | - type: replace 6 | path: /instance_groups/name=diego-api/jobs/name=bbs/properties/diego/bbs/encryption_keys/0/label 7 | value: "((diego_bbs_active_key_label))" 8 | -------------------------------------------------------------------------------- /cf-deployment/operations/set-cpu-weight.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/set_cpu_weight? 4 | value: true 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/set-router-static-ips.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=router/networks 4 | value: 5 | - name: default 6 | static_ips: ((router_static_ips)) 7 | 8 | -------------------------------------------------------------------------------- /cf-deployment/operations/stop-skipping-tls-validation.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=smoke-tests/jobs/name=smoke_tests/properties/smoke_tests/skip_ssl_validation 4 | 5 | - type: remove 6 | path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/ssl/skip_cert_verify 7 | 8 | - type: remove 9 | path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/ssl/skip_cert_verify 10 | 11 | - type: remove 12 | path: /instance_groups/name=log-api/jobs/name=loggregator_trafficcontroller/properties/ssl/skip_cert_verify -------------------------------------------------------------------------------- /cf-deployment/operations/test/alter-ssh-proxy-redirect-uri.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/ssh-proxy/redirect-uri 4 | value: http://localhost/ 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/test/enable-nfs-test-ldapserver.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=nfstestserver/jobs/- 3 | value: 4 | name: nfstestldapserver 5 | release: nfs-volume 6 | properties: 7 | ldap: 8 | ssl: 9 | active: true 10 | ca_cert: ((ldap_server_ssl.ca)) 11 | server_cert: ((ldap_server_ssl.certificate)) 12 | server_key: ((ldap_server_ssl.private_key)) 13 | 14 | - type: replace 15 | path: /addons/name=bosh-dns-aliases/jobs/name=bosh-dns-aliases/properties/aliases/domain=nfstestldapserver.service.cf.internal? 16 | value: 17 | domain: nfstestldapserver.service.cf.internal 18 | targets: 19 | - query: '*' 20 | instance_group: nfstestserver 21 | deployment: cf 22 | network: default 23 | domain: bosh 24 | 25 | - type: replace 26 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_ca_cert? 27 | value: ((ldap_server_ssl.ca)) 28 | 29 | - type: replace 30 | path: /variables/- 31 | value: 32 | name: ldap_test_server_ca 33 | type: certificate 34 | options: 35 | common_name: ldap_test_server_ca 36 | is_ca: true 37 | 38 | - type: replace 39 | path: /variables/- 40 | value: 41 | name: ldap_server_ssl 42 | type: certificate 43 | update_mode: converge 44 | options: 45 | ca: ldap_test_server_ca 46 | common_name: nfstestldapserver.service.cf.internal 47 | alternative_names: 48 | - nfstestldapserver.service.cf.internal 49 | -------------------------------------------------------------------------------- /cf-deployment/operations/test/enable-nfs-test-server.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/- 3 | value: 4 | name: nfstestserver 5 | azs: [z1] 6 | instances: 1 7 | stemcell: default 8 | vm_type: medium 9 | networks: [ name: default ] 10 | jobs: 11 | - name: nfstestserver 12 | release: nfs-volume 13 | properties: 14 | nfstestserver: {} 15 | 16 | - type: replace 17 | path: /addons/name=bosh-dns-aliases/jobs/name=bosh-dns-aliases/properties/aliases/domain=nfstestserver.service.cf.internal? 18 | value: 19 | domain: nfstestserver.service.cf.internal 20 | targets: 21 | - query: '*' 22 | instance_group: nfstestserver 23 | deployment: cf 24 | network: default 25 | domain: bosh 26 | -------------------------------------------------------------------------------- /cf-deployment/operations/test/enable-smb-test-server.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/- 3 | value: 4 | name: smbtestserver 5 | azs: [z1] 6 | instances: 1 7 | stemcell: default 8 | vm_type: medium 9 | persistent_disk_type: 10GB 10 | networks: [ name: default ] 11 | jobs: 12 | - name: smbtestserver 13 | release: smb-volume 14 | properties: 15 | username: ((smb-username)) 16 | password: ((smb-password)) 17 | 18 | - type: replace 19 | path: /addons/name=bosh-dns-aliases/jobs/name=bosh-dns-aliases/properties/aliases/domain=smbtestserver.service.cf.internal? 20 | value: 21 | domain: smbtestserver.service.cf.internal 22 | targets: 23 | - query: '*' 24 | instance_group: smbtestserver 25 | deployment: cf 26 | network: default 27 | domain: bosh 28 | -------------------------------------------------------------------------------- /cf-deployment/operations/test/fips-stemcell.yml: -------------------------------------------------------------------------------- 1 | - path: /stemcells/- 2 | type: replace 3 | value: 4 | alias: default 5 | os: ubuntu-jammy 6 | version: "1.613" 7 | -------------------------------------------------------------------------------- /cf-deployment/operations/test/scale-to-one-az-addon-parallel-cats.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Use this after the scale-to-one-az ops file to scale up to minimal size 3 | # in order to run CATS quickly without flakes and 12 threads 4 | - type: replace 5 | path: /instance_groups/name=diego-cell/instances 6 | value: 2 7 | - type: replace 8 | path: /instance_groups/name=diego-cell/vm_type 9 | value: medium 10 | - type: replace 11 | path: /instance_groups/name=api/instances 12 | value: 2 13 | 14 | -------------------------------------------------------------------------------- /cf-deployment/operations/test/set-smoke-test-timeout-scale.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=smoke-tests/jobs/name=smoke_tests/properties/smoke_tests/timeout_scale? 4 | value: 5 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/test/speed-up-dynamic-asgs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=api/jobs/name=policy-server-asg-syncer/properties/asg_poll_interval_seconds? 4 | value: 1 5 | - type: replace 6 | path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/properties/asg_poll_interval_seconds? 7 | value: 1 8 | -------------------------------------------------------------------------------- /cf-deployment/operations/test/use-cflinuxfs4-compat-isolation-segment-diego-cell.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=isolated-diego-cell/jobs/name=cflinuxfs4-rootfs-setup? 3 | value: 4 | name: cflinuxfs4-rootfs-setup 5 | properties: 6 | cflinuxfs4-rootfs: 7 | trusted_certs: 8 | - ((diego_instance_identity_ca.ca)) 9 | - ((credhub_tls.ca)) 10 | - ((uaa_ssl.ca)) 11 | release: cflinuxfs4-compat 12 | -------------------------------------------------------------------------------- /cf-deployment/operations/use-absolute-cpu-entitlement-persistent-isolation-segment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=isolated-diego-cell/jobs/name=rep/properties/loggregator/app_metric_exclusion_filter? 4 | value: 5 | - cpu_entitlement 6 | -------------------------------------------------------------------------------- /cf-deployment/operations/use-absolute-cpu-entitlement-windows2019.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/jobs/name=rep_windows/properties/loggregator/app_metric_exclusion_filter? 4 | value: 5 | - cpu_entitlement 6 | -------------------------------------------------------------------------------- /cf-deployment/operations/use-absolute-cpu-entitlement.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/loggregator/app_metric_exclusion_filter? 4 | value: 5 | - cpu_entitlement 6 | -------------------------------------------------------------------------------- /cf-deployment/operations/use-cflinuxfs4-compat.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup? 3 | value: 4 | name: cflinuxfs4-rootfs-setup 5 | properties: 6 | cflinuxfs4-rootfs: 7 | trusted_certs: 8 | - ((diego_instance_identity_ca.ca)) 9 | - ((credhub_tls.ca)) 10 | - ((uaa_ssl.ca)) 11 | release: cflinuxfs4-compat 12 | - type: replace 13 | path: /releases/name=cflinuxfs4 14 | value: 15 | name: cflinuxfs4-compat 16 | sha1: 2eee4fee54404c8a7965ec1bdd9d9517ff3993d4 17 | url: https://bosh.io/d/github.com/cloudfoundry/cflinuxfs4-compat-release?v=1.174.0 18 | version: 1.174.0 19 | -------------------------------------------------------------------------------- /cf-deployment/operations/use-haproxy-public-network.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: remove 3 | path: /instance_groups/name=haproxy/networks/name=default/static_ips 4 | 5 | - type: replace 6 | path: /instance_groups/name=haproxy/networks/name=default/default? 7 | value: [dns, gateway] 8 | 9 | - type: replace 10 | path: /instance_groups/name=haproxy/networks/- 11 | value: 12 | name: ((haproxy_public_network_name)) 13 | static_ips: [((haproxy_public_ip))] 14 | 15 | - type: replace 16 | path: /instance_groups/name=haproxy/vm_extensions?/- 17 | value: cf-haproxy-network-properties 18 | -------------------------------------------------------------------------------- /cf-deployment/operations/use-haproxy.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/- 3 | value: 4 | name: haproxy 5 | sha1: ec3c14969efbe9dc2c0360191217fb34dc6727c1 6 | url: https://bosh.io/d/github.com/cloudfoundry-incubator/haproxy-boshrelease?v=14.3.0%2B2.8.10 7 | version: 14.3.0+2.8.10 8 | - type: remove 9 | path: /instance_groups/name=router/vm_extensions 10 | - type: remove 11 | path: /instance_groups/name=tcp-router/vm_extensions 12 | - type: remove 13 | path: /instance_groups/name=scheduler/vm_extensions 14 | - type: replace 15 | path: /instance_groups/name=smoke-tests:before 16 | value: 17 | azs: 18 | - z1 19 | instances: 1 20 | jobs: 21 | - name: haproxy 22 | properties: 23 | ha_proxy: 24 | backend_ca_file: ((router_ssl.ca)) 25 | backend_port: 443 26 | backend_ssl: verify 27 | ssl_pem: ((haproxy_ssl.certificate))((haproxy_ssl.private_key)) 28 | tcp_link_port: 2222 29 | release: haproxy 30 | name: haproxy 31 | networks: 32 | - name: default 33 | static_ips: 34 | - ((haproxy_private_ip)) 35 | stemcell: default 36 | vm_type: minimal 37 | - type: replace 38 | path: /variables/- 39 | value: 40 | name: haproxy_ca 41 | options: 42 | common_name: haproxyCA 43 | is_ca: true 44 | type: certificate 45 | - type: replace 46 | path: /variables/- 47 | value: 48 | name: haproxy_ssl 49 | options: 50 | alternative_names: 51 | - ((system_domain)) 52 | - '*.((system_domain))' 53 | ca: haproxy_ca 54 | common_name: haproxySSL 55 | type: certificate 56 | -------------------------------------------------------------------------------- /cf-deployment/operations/use-internal-lookup-for-route-services.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/route_services_internal_lookup? 4 | value: true 5 | -------------------------------------------------------------------------------- /cf-deployment/operations/use-latest-stemcell.yml: -------------------------------------------------------------------------------- 1 | - path: /stemcells/alias=default/version 2 | type: replace 3 | value: latest 4 | -------------------------------------------------------------------------------- /cf-deployment/operations/use-latest-windows2019-stemcell.yml: -------------------------------------------------------------------------------- 1 | - path: /stemcells/alias=windows2019/version 2 | type: replace 3 | value: latest 4 | -------------------------------------------------------------------------------- /cf-deployment/operations/use-offline-windows2019fs.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=windows2019-cell/jobs/name=windows2019fs? 3 | value: 4 | name: windows2019fs 5 | properties: 6 | windows-rootfs: 7 | trusted_certs: | 8 | ((diego_instance_identity_ca.ca)) 9 | ((credhub_tls.ca)) 10 | ((uaa_ssl.ca)) 11 | release: windows2019fs 12 | - type: replace 13 | path: /releases/name=windows2019fs? 14 | value: 15 | name: windows2019fs 16 | version: 2.73.0 17 | -------------------------------------------------------------------------------- /cf-deployment/operations/use-online-windows2019fs.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=windows2019-cell/jobs/name=windows2019fs? 3 | value: 4 | name: windows2019fs 5 | properties: 6 | windows-rootfs: 7 | trusted_certs: | 8 | ((diego_instance_identity_ca.ca)) 9 | ((credhub_tls.ca)) 10 | ((uaa_ssl.ca)) 11 | release: windowsfs 12 | - type: replace 13 | path: /releases/name=windowsfs? 14 | value: 15 | name: windowsfs 16 | sha1: 71e1dc4dcd1427a9d422f41b4f9f220d5f685fbe 17 | url: https://bosh.io/d/github.com/cloudfoundry/windowsfs-online-release?v=2.73.0 18 | version: 2.73.0 19 | -------------------------------------------------------------------------------- /cf-deployment/operations/use-operator-provided-router-tls-certificates.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=router/jobs/name=gorouter/properties/router/tls_pem 4 | value: ((router_tls_pem)) 5 | - type: remove 6 | path: /variables/name=router_ssl 7 | - type: remove 8 | path: /variables/name=router_ca 9 | -------------------------------------------------------------------------------- /cf-deployment/operations/use-trusted-ca-cert-for-apps.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs/- 4 | value: ((trusted_cert_for_apps.ca)) 5 | 6 | - type: replace 7 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates/- 8 | value: ((trusted_cert_for_apps.ca)) 9 | -------------------------------------------------------------------------------- /ci/envs/ci-gcp-baseline.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | features: 4 | - ((append)) 5 | - small-footprint 6 | 7 | genesis: 8 | env: ci-gcp-baseline 9 | 10 | params: 11 | disk_type: default 12 | base_domain: (( concat meta._ip_prefix "8.49.netip.cc" )) 13 | postgres_vip: (( concat meta._ip_prefix "8.48" )) 14 | availability_zones: [z1, z2, z3] 15 | haproxy_ips: [ (( concat meta._ip_prefix "8.49" )) ] 16 | -------------------------------------------------------------------------------- /ci/envs/ci-gcp-cats.yml: -------------------------------------------------------------------------------- 1 | --- 2 | genesis: 3 | env: ci-gcp-cats 4 | 5 | params: 6 | disk_type: default 7 | base_domain: (( concat meta._ip_prefix "8.192.netip.cc" )) 8 | postgres_vip: (( concat meta._ip_prefix "8.193" )) 9 | haproxy_instances: 1 10 | haproxy_ips: [ (( concat meta._ip_prefix "8.192" )) ] 11 | diego_cell_instances: 4 12 | 13 | cf_core_network: default 14 | cf_edge_network: default 15 | cf_runtime_network: default 16 | cf_db_network: default 17 | 18 | -------------------------------------------------------------------------------- /ci/envs/ci-gcp-upgrade.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | features: 4 | - ((append)) 5 | - small-footprint 6 | 7 | genesis: 8 | env: ci-gcp-upgrade 9 | 10 | params: 11 | disk_type: default 12 | base_domain: (( concat meta._ip_prefix "8.49.netip.cc" )) 13 | postgres_vip: (( concat meta._ip_prefix "8.48" )) 14 | availability_zones: [z1, z2, z3] 15 | haproxy_ips: [ (( concat meta._ip_prefix "8.49" )) ] 16 | -------------------------------------------------------------------------------- /ci/envs/ci-gcp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | genesis: 3 | bosh_env: gcp-uswest2-genesis-ci 4 | 5 | meta: 6 | _ip_prefix: "10.4." 7 | -------------------------------------------------------------------------------- /ci/envs/ci-vsphere-baseline.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | features: 4 | - ((append)) 5 | - small-footprint 6 | - app-autoscaler-integration 7 | - app-scheduler-integration 8 | ci: 9 | job: deploy 10 | serial_groups: [deployment] 11 | 12 | genesis: 13 | env: ci-vsphere-baseline 14 | min_version: 3.0.8 15 | 16 | params: 17 | disk_type: default 18 | base_domain: (( concat meta._ip_prefix "8.49.netip.cc" )) 19 | postgres_vip: (( concat meta._ip_prefix "8.48" )) 20 | availability_zones: [z1] 21 | haproxy_ips: [ (( concat meta._ip_prefix "8.49" )) ] 22 | -------------------------------------------------------------------------------- /ci/envs/ci-vsphere-cats.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | ci: 4 | job: acceptance-tests 5 | after: upgrade 6 | type: custom 7 | resources: 8 | - cats 9 | blocking: false # set true if a pass is required to proceed 10 | 11 | genesis: 12 | env: ci-vsphere-cats 13 | 14 | params: 15 | disk_type: default 16 | base_domain: (( concat meta._ip_prefix "8.192.netip.cc" )) 17 | postgres_vip: (( concat meta._ip_prefix "8.193" )) 18 | haproxy_instances: 1 19 | haproxy_ips: [ (( concat meta._ip_prefix "8.192" )) ] 20 | diego_cell_instances: 4 21 | 22 | cf_core_network: default 23 | cf_edge_network: default 24 | cf_runtime_network: default 25 | cf_db_network: default 26 | 27 | -------------------------------------------------------------------------------- /ci/envs/ci-vsphere-upgrade.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | features: 4 | - ((append)) 5 | - small-footprint 6 | ci: 7 | job: upgrade 8 | type: upgrade 9 | serial_groups: [deployment] 10 | 11 | genesis: 12 | env: ci-vsphere-upgrade 13 | 14 | params: 15 | disk_type: default 16 | base_domain: (( concat meta._ip_prefix "8.49.netip.cc" )) 17 | postgres_vip: (( concat meta._ip_prefix "8.48" )) 18 | availability_zones: [z1] 19 | haproxy_ips: [ (( concat meta._ip_prefix "8.49" )) ] 20 | -------------------------------------------------------------------------------- /ci/envs/ci-vsphere.yml: -------------------------------------------------------------------------------- 1 | --- 2 | genesis: 3 | bosh_env: rsat-bc-genesis-ci 4 | 5 | meta: 6 | _ip_prefix: "172.20." 7 | -------------------------------------------------------------------------------- /ci/envs/ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: latest 5 | features: 6 | - haproxy 7 | - tls 8 | - self-signed 9 | - cf-deployment/operations/enable-service-discovery 10 | -------------------------------------------------------------------------------- /ci/pipeline/custom-resources/cats.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | - name: cats 3 | type: git 4 | check_every: 24h 5 | source: 6 | uri: https://github.com/cloudfoundry/cf-acceptance-tests 7 | tag_filter: "v7.3.0" 8 | -------------------------------------------------------------------------------- /ci/pipeline/jobs/build-kit.yml: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: build-kit 3 | public: true 4 | serial: false 5 | plan: 6 | - do: 7 | - in_parallel: 8 | - { get: version, params: {pre: rc} } 9 | - { get: git, trigger: true } 10 | - { get: git-ci } 11 | - { get: release-cache } 12 | - task: build-kit 13 | file: git-ci/ci/tasks/build-kit.yml 14 | params: 15 | KIT_SHORTNAME: (( grab meta.kit )) 16 | VAULT_URI: (( grab meta.vault.url )) 17 | VAULT_TOKEN: (( grab meta.vault.token )) 18 | - put: build 19 | params: 20 | file: build/*.tar.gz 21 | acl: public-read 22 | - put: version 23 | params: {file: version/number} 24 | - put: release-cache 25 | params: 26 | file: release-cache/release-lookup-cache.json 27 | acl: public-read 28 | content-type: application/json 29 | on_success: 30 | put: notify 31 | params: 32 | topic: (( concat meta.shout.topic "-$BUILD_JOB_NAME" )) 33 | message: prerelease build for '$BUILD_JOB_NAME' succeeded. 34 | ok: yes 35 | link: (( grab meta.shout.links.build )) 36 | on_failure: 37 | put: notify 38 | params: 39 | topic: (( concat meta.shout.topic "-$BUILD_JOB_NAME" )) 40 | message: prerelease build for '$BUILD_JOB_NAME' failed. 41 | ok: no 42 | link: (( grab meta.shout.links.build )) 43 | -------------------------------------------------------------------------------- /ci/pipeline/jobs/prepare.yml: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: prepare 3 | public: true 4 | serial: true 5 | plan: 6 | - do: 7 | - in_parallel: 8 | - { get: version, passed: (( grab meta.blocking_tests )), params: {bump: final} } 9 | - { get: spec-check, passed: (( grab meta.blocking_tests )) } 10 | - { get: git, passed: (( grab meta.blocking_tests )), trigger: true } 11 | - { get: git-ci } 12 | - { get: git-latest-tag } 13 | - { get: release-notes } 14 | - task: generate-release-notes 15 | file: git-ci/ci/tasks/generate-release-notes.yml 16 | params: 17 | RELEASE_NOTES_WEB_URL: (( grab meta.github.release_notes.edit )) 18 | RELEASE_NOTES_FILE: (( grab meta.github.release_notes.file )) 19 | GIT_NAME: (( grab meta.git.name )) 20 | GIT_EMAIL: (( grab meta.git.email )) 21 | VAULT_URI: (( grab meta.vault.url )) 22 | VAULT_TOKEN: (( grab meta.vault.token )) 23 | KIT_SHORTNAME: (( grab meta.kit )) 24 | - put: release-notes 25 | params: 26 | rebase: true 27 | repository: release-notes 28 | on_failure: 29 | put: notify 30 | params: 31 | topic: (( concat meta.shout.topic "-$BUILD_JOB_NAME" )) 32 | message: release candidate job 'pre' failed (which is unusual). 33 | ok: no 34 | link: (( grab meta.shout.links.build )) 35 | -------------------------------------------------------------------------------- /ci/pipeline/jobs/ship-prerelease.yml: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: ship-prerelease 3 | public: true 4 | serial: false 5 | plan: 6 | - do: 7 | - in_parallel: 8 | - { get: build, passed: [build-kit]} 9 | - { get: version, passed: [build-kit]} 10 | - { get: git, passed: [build-kit]} 11 | - { get: git-ci } 12 | 13 | - task: ship-prerelease 14 | file: git-ci/ci/tasks/prerelease.yml 15 | params: 16 | PRERELEASE: 1 17 | KIT_SHORTNAME: (( grab meta.kit )) 18 | DEVELOP_BRANCH: (( grab meta.github.branch )) 19 | RELEASE_BRANCH: (( grab meta.github.branch )) # TODO: main-branch )) 20 | RELEASE_ROOT: gh 21 | RELEASE_NOTES: (( grab meta.github.release_notes.file )) 22 | NOTIFICATION_OUT: notifications 23 | GITHUB_OWNER: (( grab meta.github.owner )) 24 | GIT_EMAIL: (( grab meta.git.email )) 25 | GIT_NAME: (( grab meta.git.name )) 26 | 27 | - put: github-prerelease 28 | params: 29 | name: gh/name 30 | tag: gh/tag 31 | body: gh/notes.md 32 | commitish: gh/commit 33 | globs: [gh/artifacts/*] 34 | 35 | on_failure: 36 | put: notify 37 | params: 38 | topic: (( concat meta.shout.topic "-$BUILD_JOB_NAME" )) 39 | message: tests job '$BUILD_JOB_NAME' failed. 40 | ok: no 41 | link: (( grab meta.shout.links.build )) 42 | -------------------------------------------------------------------------------- /ci/pipeline/jobs/spec-check.yml: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: spec-check 3 | public: true 4 | serial: false 5 | plan: 6 | - do: 7 | - in_parallel: 8 | - { get: build, passed: [build-kit], trigger: true} 9 | - { get: version, passed: [build-kit]} 10 | - { get: git, passed: [build-kit]} 11 | - { get: git-ci } 12 | - { get: git-latest-tag } 13 | - task: spec-check 14 | file: git-ci/ci/tasks/spec-check.yml 15 | - put: spec-check 16 | params: 17 | file: spec-check/diff-* 18 | acl: public-read 19 | on_failure: 20 | put: notify 21 | params: 22 | topic: (( concat meta.shout.topic "-$BUILD_JOB_NAME" )) 23 | message: tests job '$BUILD_JOB_NAME' failed. 24 | ok: no 25 | link: (( grab meta.shout.links.build )) 26 | -------------------------------------------------------------------------------- /ci/pipeline/jobs/version-major.yml: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: major 3 | public: true 4 | plan: 5 | - do: 6 | - { get: version, trigger: false, params: {bump: major} } 7 | - { put: version, params: {file: version/number} } 8 | on_success: 9 | put: notify 10 | params: 11 | topic: (( concat meta.shout.topic "-$BUILD_JOB_NAME" )) 12 | message: major version bump job '$BUILD_JOB_NAME' succeeded. 13 | ok: yes 14 | link: (( grab meta.shout.links.build )) 15 | on_failure: 16 | put: notify 17 | params: 18 | topic: (( concat meta.shout.topic "-$BUILD_JOB_NAME" )) 19 | message: major version bump job '$BUILD_JOB_NAME' failed (which is unusual). 20 | ok: no 21 | link: (( grab meta.shout.links.build )) 22 | -------------------------------------------------------------------------------- /ci/pipeline/jobs/version-minor.yml: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: minor 3 | public: true 4 | plan: 5 | - do: 6 | - { get: version, trigger: false, params: {bump: minor} } 7 | - { put: version, params: {file: version/number} } 8 | on_success: 9 | put: notify 10 | params: 11 | topic: (( concat meta.shout.topic "-$BUILD_JOB_NAME" )) 12 | message: minor version bump job '$BUILD_JOB_NAME' succeeded. 13 | ok: yes 14 | link: (( grab meta.shout.links.build )) 15 | on_failure: 16 | put: notify 17 | params: 18 | topic: (( concat meta.shout.topic "-$BUILD_JOB_NAME" )) 19 | message: minor version bump job '$BUILD_JOB_NAME' failed (which is unusual). 20 | ok: no 21 | link: (( grab meta.shout.links.build )) 22 | -------------------------------------------------------------------------------- /ci/pipeline/jobs/version-patch.yml: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: patch 3 | public: true 4 | plan: 5 | - do: 6 | - { get: version, trigger: false, params: {bump: patch} } 7 | - { put: version, params: {file: version/number} } 8 | on_success: 9 | put: notify 10 | params: 11 | topic: (( concat meta.shout.topic "-$BUILD_JOB_NAME" )) 12 | message: patch version bump job '$BUILD_JOB_NAME' succeeded. 13 | ok: yes 14 | link: (( grab meta.shout.links.build )) 15 | on_failure: 16 | put: notify 17 | params: 18 | topic: (( concat meta.shout.topic "-$BUILD_JOB_NAME" )) 19 | message: patch version bump job '$BUILD_JOB_NAME' failed (which is unusual). 20 | ok: no 21 | link: (( grab meta.shout.links.build )) 22 | -------------------------------------------------------------------------------- /ci/pipeline/optional-jobs/spec-tests.yml: -------------------------------------------------------------------------------- 1 | jobs: 2 | - name: spec-tests 3 | public: true 4 | serial: false 5 | plan: 6 | - do: 7 | - in_parallel: 8 | - { get: build, passed: [build-kit], trigger: true} 9 | - { get: version, passed: [build-kit]} 10 | - { get: git, passed: [build-kit]} 11 | - { get: git-ci } 12 | - { get: git-latest-tag } 13 | - task: spec-tests 14 | file: git-ci/ci/tasks/spec-tests.yml 15 | attempts: 2 16 | on_failure: 17 | put: notify 18 | params: 19 | topic: (( concat meta.shout.topic "-$BUILD_JOB_NAME" )) 20 | message: tests job '$BUILD_JOB_NAME' failed. 21 | ok: no 22 | link: (( grab meta.shout.links.build )) 23 | 24 | -------------------------------------------------------------------------------- /ci/pipeline/optional-resources/upstream-manifest.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | - name: upstream-manifest 3 | type: git 4 | check_every: 168h 5 | source: 6 | uri: (( grab meta.upstream.manifest.url )) 7 | branch: (( grab meta.upstream.manifest.branch || "main" )) 8 | ignore_paths: [ci/*] 9 | -------------------------------------------------------------------------------- /ci/pipeline/resources/build.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | - name: build 3 | type: s3 4 | source: 5 | endpoint: (( grab meta.aws.endpoint || ~ )) 6 | skip_ssl_verification: (( grab meta.aws.insecure || false )) 7 | access_key_id: (( grab meta.aws.access_key )) 8 | secret_access_key: (( grab meta.aws.secret_key )) 9 | region_name: (( grab meta.aws.region_name )) 10 | bucket: (( grab meta.aws.bucket )) 11 | regexp: (( concat meta.name "/build/(.*)\.tar.gz" )) 12 | -------------------------------------------------------------------------------- /ci/pipeline/resources/git-ci.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | - name: git-ci 3 | type: git 4 | check_every: 1h 5 | source: 6 | uri: (( grab meta.github.ci-uri || meta.github.uri)) 7 | branch: (( grab meta.github.ci-branch || meta.github.branch )) 8 | private_key: (( grab meta.github.private_key )) 9 | paths: [ci/*] 10 | disable_ci_skip: true 11 | -------------------------------------------------------------------------------- /ci/pipeline/resources/git-latest-tag.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | - name: git-latest-tag 3 | type: git 4 | check_every: 1h 5 | source: 6 | uri: (( grab meta.github.uri )) 7 | branch: (( grab meta.github.branch )) 8 | private_key: (( grab meta.github.private_key )) 9 | tag_regex: '^v[0-9\.]*$' 10 | disable_ci_skip: true 11 | -------------------------------------------------------------------------------- /ci/pipeline/resources/git-main.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | - name: git-main 3 | type: git 4 | check_every: 1h 5 | source: 6 | uri: (( grab meta.github.uri )) 7 | branch: (( grab meta.github.main-branch )) 8 | private_key: (( grab meta.github.private_key )) 9 | -------------------------------------------------------------------------------- /ci/pipeline/resources/git.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | - name: git 3 | type: git 4 | check_every: 1h 5 | source: 6 | uri: (( grab meta.github.uri )) 7 | branch: (( grab meta.github.branch )) 8 | private_key: (( grab meta.github.private_key )) 9 | ignore_paths: ["ci"] 10 | commit_filter: 11 | exclude: 12 | - '^\[ci\] release v' 13 | - '^WIP:' 14 | -------------------------------------------------------------------------------- /ci/pipeline/resources/github-prerelease.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | - name: github-prerelease 3 | type: github-release 4 | source: 5 | owner: (( grab meta.github.owner )) 6 | repository: (( grab meta.github.repo )) 7 | access_token: (( grab meta.github.access_token )) 8 | pre_release: true 9 | release: false 10 | -------------------------------------------------------------------------------- /ci/pipeline/resources/github.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | - name: github 3 | type: github-release 4 | source: 5 | owner: (( grab meta.github.owner )) 6 | repository: (( grab meta.github.repo )) 7 | access_token: (( grab meta.github.access_token )) 8 | -------------------------------------------------------------------------------- /ci/pipeline/resources/notify.yml: -------------------------------------------------------------------------------- 1 | resource_types: 2 | - name: shout-notification 3 | type: docker-image 4 | source: 5 | repository: huntprod/shout-resource 6 | 7 | resources: 8 | - name: notify 9 | type: shout-notification 10 | source: 11 | topic: (( grab meta.shout.topic )) 12 | url: (( grab meta.shout.url )) 13 | username: (( grab meta.shout.username )) 14 | password: (( grab meta.shout.password )) 15 | 16 | -------------------------------------------------------------------------------- /ci/pipeline/resources/release-cache.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | - name: release-cache 3 | type: s3 4 | source: 5 | driver: s3 6 | endpoint: (( grab meta.aws.endpoint || ~ )) 7 | skip_ssl_verification: (( grab meta.aws.insecure || false )) 8 | access_key_id: (( grab meta.aws.access_key )) 9 | secret_access_key: (( grab meta.aws.secret_key )) 10 | bucket: (( grab meta.aws.bucket )) 11 | region_name: (( grab meta.aws.region_name )) 12 | versioned_file: "release-lookup-cache.json" 13 | initial_version: "EfKas_zbhzhLrSyrWLz753zC5RyyambH" 14 | -------------------------------------------------------------------------------- /ci/pipeline/resources/release-notes.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | - name: release-notes 3 | type: git 4 | check_every: 1h 5 | source: 6 | uri: (( grab meta.github.release_notes.uri )) 7 | branch: (( grab meta.github.release_notes.branch )) 8 | private_key: (( grab meta.github.release_notes.private_key || meta.github.private_key )) 9 | paths: [ (( grab meta.github.release_notes.file )) ] 10 | disable_ci_skip: true 11 | -------------------------------------------------------------------------------- /ci/pipeline/resources/spec-check.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | - name: spec-check 3 | type: s3 4 | source: 5 | endpoint: (( grab meta.aws.endpoint || ~ )) 6 | skip_ssl_verification: (( grab meta.aws.insecure || false )) 7 | access_key_id: (( grab meta.aws.access_key )) 8 | secret_access_key: (( grab meta.aws.secret_key )) 9 | bucket: (( grab meta.aws.bucket )) 10 | region_name: (( grab meta.aws.region_name )) 11 | regexp: (( concat meta.name "/spec-check/diff-(.*)" )) 12 | -------------------------------------------------------------------------------- /ci/pipeline/resources/version.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | - name: version 3 | type: semver 4 | source : 5 | driver: s3 6 | endpoint: (( grab meta.aws.endpoint || ~ )) 7 | skip_ssl_verification: (( grab meta.aws.insecure || false )) 8 | access_key_id: (( grab meta.aws.access_key )) 9 | secret_access_key: (( grab meta.aws.secret_key )) 10 | bucket: (( grab meta.aws.bucket )) 11 | region_name: (( grab meta.aws.region_name )) 12 | key: (( concat meta.name "/version" )) 13 | initial_version: (( grab meta.initial_version || "0.0.1" )) 14 | -------------------------------------------------------------------------------- /ci/scripts/generate-release-notes: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | set -o pipefail 4 | 5 | export VERSION_FROM="version/number" 6 | export GIT_NAME="${GIT_NAME:-"Genesis CI Bot"}" 7 | export GIT_EMAIL="${GIT_EMAIL:-"genesis-ci@rubidiumstudios.com"}" 8 | 9 | header() { 10 | echo 11 | echo "================================================================================" 12 | echo "$1" 13 | echo "--------------------------------------------------------------------------------" 14 | echo 15 | } 16 | 17 | bail() { 18 | echo >&2 "$* Did you misconfigure Concourse?" 19 | exit 2 20 | } 21 | test -n "${KIT_SHORTNAME:-}" || bail "KIT_SHORTNAME must be set to the short name of this kit." 22 | test -n "${RELEASE_NOTES_FILE:-}" || bail "RELEASE_NOTES_FILE must be set to the filename for the release notes." 23 | test -n "${RELEASE_NOTES_WEB_URL:-}" || bail "RELEASE_NOTES_WEB_URL must be set to the release notes gist edit URL." 24 | 25 | test -f "${VERSION_FROM}" || bail "Version file (${VERSION_FROM}) not found." 26 | VERSION=$(cat "${VERSION_FROM}") 27 | test -n "${VERSION}" || bail "Version file (${VERSION_FROM}) was empty." 28 | 29 | git-ci/ci/scripts/release-notes "$VERSION" "git" "git-latest-tag" "release-notes/$RELEASE_NOTES_FILE" 30 | cat "release-notes/$RELEASE_NOTES_FILE" 31 | 32 | header "Uploading the release notes" 33 | 34 | git config --global user.name "$GIT_NAME" 35 | git config --global user.email "$GIT_EMAIL" 36 | 37 | git -C release-notes add "$RELEASE_NOTES_FILE" 38 | git -C release-notes commit -m "Updated release notes for $KIT_SHORTNAME-genesis-kit v$VERSION" 39 | 40 | echo $'\n'"The release notes can be edited at ${RELEASE_NOTES_WEB_URL}" 41 | -------------------------------------------------------------------------------- /ci/scripts/smoketests: -------------------------------------------------------------------------------- 1 | genesis "do" "${DEPLOY_ENV}" -- smoketest 2 | -------------------------------------------------------------------------------- /ci/scripts/spec-check: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | # Resource Directories 5 | REPO_ROOT="git" 6 | CI_ROOT="git-ci" 7 | TAG_ROOT="git-latest-tag" 8 | OUTPUT_ROOT="spec-check" 9 | 10 | CI_PATH="$(cd "${CI_ROOT}" && pwd)" 11 | TAG="$(cat "${TAG_ROOT}/.git/ref")" 12 | results_file="$(cd "${OUTPUT_ROOT}" && pwd)/diff-$(date -u +%Y%m%d%H%M%S)" 13 | 14 | # Run as a script to preserve color output 15 | export CI_PATH 16 | export TAG 17 | pushd "${REPO_ROOT}" &>/dev/null 18 | script --flush --quiet \ 19 | --return "$results_file" \ 20 | --command '"${CI_PATH}"/ci/scripts/compare-release-specs "$TAG"' 21 | 22 | # Trim script header/footer (ignore error) 23 | sed -i '1d;$d' "$results_file" || true 24 | -------------------------------------------------------------------------------- /ci/scripts/test-addons: -------------------------------------------------------------------------------- 1 | genesis "do" "${DEPLOY_ENV}" -- setup-cli -f 2 | genesis "do" "${DEPLOY_ENV}" -- login 3 | -------------------------------------------------------------------------------- /ci/settings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | meta: 3 | kit: cf 4 | release: CF Genesis Kit 5 | target: pipes/genesis 6 | url: https://pipes.scalecf.net 7 | iaas: vsphere 8 | exposed: no 9 | version_file: version 10 | initial_version: 2.1.0 11 | 12 | upstream: 13 | manifest: 14 | package: cf-deployment 15 | branch: main 16 | 17 | categories: 18 | - name: core 19 | label: Cloud Foundry Components 20 | default: true 21 | - name: buildpacks 22 | label: Buildpacks 23 | pattern: '.*-buildpack' 24 | 25 | vault: 26 | url: ((vault.url)) 27 | token: ((vault.token)) 28 | 29 | aws: 30 | access_key: ((cloudfoundry-community-aws.access_key_id)) 31 | secret_key: ((cloudfoundry-community-aws.secret_access_key)) 32 | 33 | github: 34 | owner: genesis-community 35 | repo: cf-genesis-kit 36 | branch: develop 37 | main-branch: main 38 | private_key: ((github.private_key)) 39 | access_token: ((github.access_token)) 40 | name: ((github.name)) 41 | email: ((github.email)) 42 | 43 | shout: 44 | url: ((shout.url)) 45 | username: ((shout.username)) 46 | password: ((shout.password)) 47 | 48 | cats_params: 49 | .: (( inject meta.task_connectivity_params )) 50 | DEPLOY_ENV: (( concat "ci-" meta.iaas "-cats" )) 51 | KIT_SHORTNAME: (( grab meta.kit )) 52 | SKIP_CATS: false 53 | FAILFAST: true 54 | VERBOSE: false 55 | CATS_NODES: 6 56 | -------------------------------------------------------------------------------- /ci/tasks/build-kit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: registry-image 6 | source: 7 | repository: ((image/genesis.url)) 8 | tag: ((image/genesis.tag)) 9 | 10 | inputs: 11 | - name: version 12 | - name: git 13 | - name: git-ci 14 | - name: release-cache 15 | 16 | outputs: 17 | - name: build 18 | - name: release-cache 19 | 20 | params: 21 | GENESIS_HONOR_ENV: 1 22 | 23 | run: 24 | path: git-ci/ci/scripts/build-kit 25 | -------------------------------------------------------------------------------- /ci/tasks/cats.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: ((image/concourse_go.url)) 8 | tag: ((image/concourse_go.tag)) 9 | 10 | inputs: 11 | - name: git 12 | - name: git-ci 13 | - name: cats 14 | - name: work 15 | 16 | run: 17 | path: git-ci/ci/scripts/cats 18 | 19 | params: 20 | GENESIS_HONOR_ENV: 1 21 | SKIP_CATS: false 22 | FAILFAST: true 23 | VERBOSE: false 24 | CATS_NODES: 2 25 | RUN_CATS: nul 26 | -------------------------------------------------------------------------------- /ci/tasks/deploy-stable.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: registry-image 6 | source: 7 | repository: ((image/genesis.url)) 8 | tag: ((image/genesis.tag)) 9 | 10 | inputs: 11 | - name: git-latest-tag 12 | - name: git-ci 13 | 14 | outputs: 15 | - name: work 16 | 17 | run: 18 | path: git-ci/ci/scripts/deploy 19 | 20 | params: 21 | TAG_ROOT: git-latest-tag 22 | GENESIS_HONOR_ENV: 1 23 | GIT_NAME: Genesis CI Bot 24 | GIT_EMAIL: genesis-ci@rubidiumstudios.com 25 | VAULT_URI: ((vault.url)) 26 | VAULT_TOKEN: ((vault.token)) 27 | KIT_SHORTNAME: bosh 28 | SECRETS_SEED_DATA: ((secrets_seed_data)) 29 | -------------------------------------------------------------------------------- /ci/tasks/deploy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: registry-image 6 | source: 7 | repository: ((image/genesis.url)) 8 | tag: ((image/genesis.tag)) 9 | 10 | inputs: 11 | - name: git 12 | - name: git-ci 13 | - name: version 14 | - name: build 15 | 16 | outputs: 17 | - name: work 18 | 19 | run: 20 | path: git-ci/ci/scripts/deploy 21 | 22 | params: 23 | BUILD_ROOT: build 24 | GENESIS_HONOR_ENV: 1 25 | GIT_NAME: Genesis CI Bot 26 | GIT_EMAIL: genesis-ci@rubidiumstudios.com 27 | VAULT_URI: ((vault.url)) 28 | VAULT_TOKEN: ((vault.token)) 29 | SECRETS_SEED_DATA: ((secrets_seed_data)) 30 | -------------------------------------------------------------------------------- /ci/tasks/generate-release-notes.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: registry-image 6 | source: 7 | repository: ((image/genesis.url)) 8 | tag: ((image/genesis.tag)) 9 | 10 | inputs: 11 | - name: git 12 | - name: git-ci 13 | - name: git-latest-tag 14 | - name: version 15 | - name: release-notes 16 | 17 | outputs: 18 | - name: release-notes 19 | 20 | params: 21 | GITHUB_ACCESS_TOKEN: ((github.access_token)) 22 | 23 | run: 24 | path: git-ci/ci/scripts/generate-release-notes 25 | -------------------------------------------------------------------------------- /ci/tasks/get-latest-upstream-manifest.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: registry-image 6 | source: 7 | repository: ((image/concourse_go.url)) 8 | tag: ((image/concourse_go.tag)) 9 | 10 | inputs: 11 | - name: git-ci 12 | - name: git 13 | - name: upstream-manifest 14 | path: upstream 15 | 16 | outputs: 17 | - name: git 18 | 19 | run: 20 | path: git-ci/ci/scripts/get-latest-upstream-manifest 21 | -------------------------------------------------------------------------------- /ci/tasks/prerelease.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: registry-image 6 | source: 7 | repository: ((image/genesis.url)) 8 | tag: ((image/genesis.tag)) 9 | 10 | inputs: 11 | - name: version 12 | - name: git 13 | - name: git-ci 14 | - name: build 15 | 16 | outputs: 17 | - name: gh 18 | - name: notifications 19 | 20 | params: 21 | PRERELEASE: 1 22 | RELEASE_ROOT: gh 23 | NOTIFICATION_OUT: notifications 24 | DEVELOP_BRANCH: develop 25 | RELEASE_BRANCH: main 26 | GITHUB_OWNER: genesis-community 27 | GIT_EMAIL: genesis-ci@rubidiumstudios.com 28 | GIT_NAME: Genesis CI Bot 29 | 30 | run: 31 | path: git-ci/ci/scripts/release 32 | -------------------------------------------------------------------------------- /ci/tasks/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: registry-image 6 | source: 7 | repository: ((image/genesis.url)) 8 | tag: ((image/genesis.tag)) 9 | 10 | inputs: 11 | - name: version 12 | - name: git 13 | - name: git-ci 14 | - name: git-main 15 | - name: spec-check 16 | - name: build 17 | - name: release-notes 18 | - name: release-cache 19 | 20 | outputs: 21 | - name: gh 22 | - name: git-main 23 | - name: notifications 24 | 25 | params: 26 | RELEASE_ROOT: gh 27 | NOTIFICATION_OUT: notifications 28 | DEVELOP_BRANCH: develop 29 | RELEASE_BRANCH: main 30 | GITHUB_OWNER: genesis-community 31 | GIT_EMAIL: genesis-ci@rubidiumstudios.com 32 | GIT_NAME: Genesis CI Bot 33 | 34 | run: 35 | path: git-ci/ci/scripts/release 36 | -------------------------------------------------------------------------------- /ci/tasks/spec-check.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: registry-image 6 | source: 7 | repository: ((image/genesis.url)) 8 | tag: ((image/genesis.tag)) 9 | 10 | inputs: 11 | - name: git 12 | - name: git-ci 13 | - name: git-latest-tag 14 | 15 | outputs: 16 | - name: spec-check 17 | 18 | params: 19 | GENESIS_HONOR_ENV: 1 20 | GITHUB_AUTH_TOKEN: ((github.access_token)) 21 | 22 | run: 23 | path: git-ci/ci/scripts/spec-check 24 | -------------------------------------------------------------------------------- /ci/tasks/spec-tests.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: registry-image 6 | source: 7 | repository: ((image/concourse_go.url)) 8 | tag: ((image/concourse_go.tag)) 9 | 10 | inputs: 11 | - name: git 12 | - name: git-ci 13 | 14 | run: 15 | dir: git/spec 16 | path: ginkgo 17 | args: [ "-p", "." ] 18 | -------------------------------------------------------------------------------- /ci/tasks/update-release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: registry-image 6 | source: 7 | repository: ((image/concourse_go.url)) 8 | tag: ((image/concourse_go.tag)) 9 | 10 | inputs: 11 | - name: git 12 | - name: git-ci 13 | - name: bosh-release 14 | 15 | outputs: 16 | - name: git 17 | 18 | run: 19 | path: git-ci/ci/scripts/update-release 20 | 21 | params: 22 | RELEASE_NAME: 23 | RELEASE_PATH: 24 | BRANCH: 25 | -------------------------------------------------------------------------------- /ci/tasks/upgrade.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: registry-image 6 | source: 7 | repository: ((image/genesis.url)) 8 | tag: ((image/genesis.tag)) 9 | 10 | inputs: 11 | - name: git 12 | - name: git-ci 13 | - name: version 14 | - name: build 15 | - name: work 16 | 17 | outputs: 18 | - name: work 19 | 20 | run: 21 | path: git-ci/ci/scripts/deploy 22 | 23 | params: 24 | GENESIS_HONOR_ENV: 1 25 | BUILD_ROOT: build 26 | GIT_NAME: Genesis CI Bot 27 | GIT_EMAIL: genesis-ci@rubidiumstudios.com 28 | VAULT_URI: ((vault.url)) 29 | VAULT_TOKEN: ((vault.token)) 30 | BOSH_ENVIRONMENT: ((bosh.uri)) 31 | BOSH_CA_CERT: ((bosh.ca)) 32 | BOSH_CLIENT: ((bosh.username)) 33 | BOSH_CLIENT_SECRET: ((bosh.password)) 34 | KEEP_STATE: true 35 | SECRETS_SEED_DATA: ((secrets_seed_data)) 36 | -------------------------------------------------------------------------------- /ci/upstream.yml: -------------------------------------------------------------------------------- 1 | sections: 2 | - name: core 3 | label: Cloud Foundry Components 4 | - name: buildpacks 5 | label: Buildpacks 6 | 7 | core: 8 | app-autoscaler: {} 9 | bpm: {} 10 | bosh-dns-aliases: {} 11 | capi: {} 12 | cf-cli: {} 13 | cf-networking: {} 14 | cf-smoke-tests: {} 15 | cf-syslog-drain: {} 16 | cflinuxfs2: {} 17 | cflinuxfs3: {} 18 | credhub: {} 19 | diego: {} 20 | garden-runc: {} 21 | haproxy: {} 22 | loggregator: {} 23 | loggregator-agent: {} 24 | log-cache: {} 25 | mapfs: {} 26 | metrics-discovery: {} 27 | nats: {} 28 | nfs-volume: {} 29 | postgres: {} 30 | pxc: {} 31 | routing: {} 32 | statsd-injector: {} 33 | uaa: {} 34 | silk: {} 35 | smb-volume: {} 36 | winc: {} 37 | windows-resize-root-disk: {} 38 | windows-utilities: {} 39 | windowsfs: {} 40 | 41 | buildpacks: 42 | binary-buildpack: {} 43 | dotnet-core-buildpack: {} 44 | go-buildpack: {} 45 | hwc-buildpack: {} 46 | java-buildpack: {} 47 | nginx-buildpack: {} 48 | nodejs-buildpack: {} 49 | php-buildpack: {} 50 | python-buildpack: {} 51 | r-buildpack: {} 52 | ruby-buildpack: {} 53 | staticfile-buildpack: {} 54 | -------------------------------------------------------------------------------- /ci/upstreamrepo.yml: -------------------------------------------------------------------------------- 1 | repos: 2 | - name: bosh 3 | repo: https://github.com/cloudfoundry/bosh 4 | - name: credhub 5 | repo: https://github.com/pivotal/credhub-release 6 | - name: bpm 7 | repo: https://github.com/cloudfoundry/bpm-release 8 | - name: uaa 9 | repo: https://github.com/cloudfoundry/uaa-release 10 | 11 | -------------------------------------------------------------------------------- /hooks/addon-smoketest~tst.pm: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | # vim: set ts=2 sw=2 sts=2 foldmethod=marker 3 | package Genesis::Hook::Addon::CF::Smoketest v2.7.0; 4 | 5 | use strict; 6 | use warnings; 7 | use v5.20; # Genesis min perl version is 5.20 8 | use Genesis qw/bail info run/; 9 | use Genesis::UI qw/prompt_for_boolean/; 10 | use parent qw(Genesis::Hook::Addon); 11 | use lib $ENV{GENESIS_LIB} // "$ENV{HOME}/.genesis/lib"; 12 | 13 | sub init { 14 | my $class = shift; 15 | my $obj = $class->SUPER::init(@_); 16 | $obj->check_minimum_genesis_version('3.1.0-rc.20'); 17 | return $obj; 18 | } 19 | 20 | sub cmd_details { 21 | return 22 | "Run the smoke tests errand on the first vm in the api instance group."; 23 | } 24 | 25 | sub perform { 26 | my ($self) = @_; 27 | 28 | $self->bosh->execute( 29 | 'run-errand', 30 | 'smoke_tests', 31 | {interactive => 1}, # Run in interactive mode means seeing output as it happens 32 | ) 33 | 34 | return $self->done(); 35 | } 36 | 37 | 1; 38 | -------------------------------------------------------------------------------- /hooks/features: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | for feature in $GENESIS_REQUESTED_FEATURES; do 3 | case $feature in 4 | cf-deployment/operations/enable-nfs-volume-services) echo "nfs-volume-services" ;; 5 | cf-deployment/operations/enable-nfs-lambda) echo "nfs-lambda" ;; 6 | cf-deployment/operations/enable-smb-volume-services) echo "smb-volume-services" ;; 7 | internal-db) echo "+internal-db" ;; 8 | internal-blobstore) echo "+internal-blobstore" ;; 9 | *) echo "$feature" ;; 10 | esac 11 | done 12 | 13 | db_overrides="$(lookup params 2>/dev/null | jq -r '. | keys| .[] | select(. | test("^(cc|uaa|diego|policyserver|silk|locket|routingapi|credhub)db_(name|user)$"))')" 14 | [[ -z "$db_overrides" ]] || echo "+override-db-names" 15 | 16 | migrated_v1_env="$(exodus migrated_v1_env)" 17 | if [[ $migrated_v1_env != "1" ]]; then 18 | version="$(exodus kit_version)" 19 | if [[ -n "${version:-}" ]] && ! new_enough "${version}" "2.0.0-rc0"; then 20 | migrated_v1_env=1 21 | fi 22 | fi 23 | if [[ -n "${migrated_v1_env:-}" ]]; then 24 | echo "+migrated-v1-env" 25 | want_feature no-v1-vm-types || echo "v1-vm-types" 26 | fi 27 | exit 0 28 | -------------------------------------------------------------------------------- /hooks/info: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eu 3 | exodus_data="$(lookup --exodus .)" 4 | system_domain="$(echo "$exodus_data" | jq -r '.system_domain // "system.\(.base_domain)"')" 5 | api_domain="$(echo "$exodus_data" | jq -r '.api_domain // "api.\($system_domain)"' --arg system_domain "$system_domain")" 6 | api_url=https://$api_domain 7 | admin="$(echo "$exodus_data" | jq -r '.admin_username')" 8 | password="$(echo "$exodus_data" | jq -r '.admin_password')" 9 | upstream_version="$(echo "$exodus_data" | jq -r '."cf-deployment-version"')" 10 | upstream_hotfixes="$(echo "$exodus_data" | jq -r '."cf-deployment-hotfixes//false"')" 11 | upstream_url="$(echo "$exodus_data" | jq -r '."cf-deployment-releases"')" 12 | hotfixes="" 13 | [[ "$upstream_hotfixes" == "true" ]] && hotfixes=" #Y{(+ hot-fixes)}" 14 | 15 | describe \ 16 | "Based on #M{cf-deployment $upstream_version}$hotfixes" \ 17 | "[url: #c{$upstream_url}]" \ 18 | "" \ 19 | "Access to Cloud Foundry API:" \ 20 | " url: #C{$api_url}" \ 21 | " username: #M{$admin}" \ 22 | " password: #G{$password}" 23 | echo 24 | curl -m5 -Lsk $api_url/v2/info | jq -Cr . | sed -e 's/^/ /' 25 | -------------------------------------------------------------------------------- /hooks/post-deploy: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eu 3 | 4 | if [[ $GENESIS_DEPLOY_RC == 0 ]] 5 | then 6 | describe \ 7 | "" \ 8 | "#M{$GENESIS_ENVIRONMENT} Cloud Foundry deployed!" \ 9 | "" \ 10 | "For details about the deployment, run" \ 11 | "" \ 12 | " #G{$GENESIS_CALL_ENV info}" \ 13 | "" \ 14 | "To see a list of available addons, run" \ 15 | "" \ 16 | " #G{$GENESIS_CALL_ENV do -- list}" \ 17 | "" \ 18 | "To set up your local cf CLI installation with useful plugins:" \ 19 | "" \ 20 | " #G{$GENESIS_CALL_ENV do -- setup-cli}" \ 21 | "" \ 22 | "To log into Cloud Foundry, run" \ 23 | "" \ 24 | " #G{$GENESIS_CALL_ENV do -- login}" \ 25 | "" 26 | fi 27 | 28 | exit 0 29 | -------------------------------------------------------------------------------- /kit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: cf 3 | version: 2.5.2 4 | authors: [ Dennis Bell ] 5 | docs: https://github.com/genesis-community/cf-genesis-kit 6 | code: https://github.com/genesis-community/cf-genesis-kit 7 | 8 | description: | 9 | This kit will deploy OSS Cloud Foundry to BOSH. It is a wrapper around the 10 | de-facto community standard [cf-deployment](https://github.com/cloudfoundry/cf-deployment) repository. 11 | 12 | It also contains convenience functions for inter-kit communication and add-on 13 | routines for common activities. 14 | 15 | required_configs: 16 | - cloud 17 | - runtime 18 | 19 | genesis_version_min: 3.1.0-rc.9 20 | secrets_store: credhub 21 | 22 | supports: 23 | - aws 24 | - azure 25 | - gcp 26 | - openstack 27 | - vsphere 28 | - stackit 29 | 30 | -------------------------------------------------------------------------------- /ocfp/aws/blobstore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | bosh-variables: 3 | fog_connection: 4 | provider: AWS 5 | aws_access_key_id: (( grab params.blobstore_s3_access_key )) 6 | aws_secret_access_key: (( grab params.blobstore_s3_secret_key )) 7 | region: (( grab params.blobstore_s3_region )) 8 | 9 | # Per https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html a key cannot 10 | # contain upper case so override here to exclude upper case 11 | variables: 12 | - name: cc_directory_key 13 | type: password 14 | options: 15 | exclude_upper: true 16 | 17 | -------------------------------------------------------------------------------- /ocfp/aws/ocf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | instance_groups: 3 | - name: router 4 | vm_extensions: 5 | - ((replace)) 6 | - cf-system-apps-lb 7 | 8 | - name: scheduler 9 | vm_extensions: 10 | - ((replace)) 11 | - cf-ssh-lb 12 | 13 | - name: tcp-router 14 | vm_extensions: 15 | - ((replace)) 16 | - (( grab params.tcp_lb_vm_ext || "cf-tcp-lb" )) 17 | 18 | --- 19 | # OCFP Cloud Config accounts for larger ephemeral disks vvv 20 | - type: remove 21 | path: /instance_groups/name=diego-cell/vm_extensions 22 | - type: remove 23 | path: /instance_groups/name=api/vm_extensions 24 | 25 | -------------------------------------------------------------------------------- /ocfp/aws/windows.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/networks 4 | value: 5 | - name: (( concat genesis.env "-ocf" )) 6 | 7 | - type: replace 8 | path: /instance_groups/name=windows2019-cell/azs 9 | value: 10 | - (( concat genesis.env "-z1" )) 11 | - (( concat genesis.env "-z2" )) 12 | - (( concat genesis.env "-z3" )) 13 | 14 | - type: replace 15 | path: /instance_groups/name=windows2019-cell/vm_type 16 | value: (( grab params.windows_diego_cell_vm_type || "default" )) 17 | 18 | - type: replace 19 | path: /instance_groups/name=windows2019-cell/instances 20 | value: (( grab params.windows_diego_cell_instances || 1 )) 21 | 22 | - type: remove 23 | path: /instance_groups/name=windows2019-cell/vm_extensions 24 | 25 | - type: remove 26 | path: /instance_groups/name=smoke-tests-windows? 27 | 28 | #- type: replace 29 | # path: /instance_groups/name=smoke-tests-windows/networks 30 | # value: 31 | # - name: (( concat genesis.env "-ocf" )) 32 | # 33 | # path: /instance_groups/name=smoke-tests-windows/azs 34 | # value: 35 | # - (( concat genesis.env "-z1" )) 36 | # 37 | #- type: replace 38 | # path: /instance_groups/name=smoke-tests-windows/vm_type 39 | # value: (( grab params.errand_vm_type || "default" )) 40 | 41 | -------------------------------------------------------------------------------- /ocfp/azure/azs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/genesis-community/cf-genesis-kit/a17965b910205fb7c2726503005e08989a23f831/ocfp/azure/azs.yml -------------------------------------------------------------------------------- /ocfp/azure/ocf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | -------------------------------------------------------------------------------- /ocfp/azure/windows.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | -------------------------------------------------------------------------------- /ocfp/external-blobstore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | params: 3 | blobstore_s3_region: (( vault meta.ocfp.vault.config "/bosh/iaas/region:name" )) 4 | blobstore_s3_access_key: (( vault meta.ocfp.vault.config "/bosh/iam/s3:access_key" )) 5 | blobstore_s3_secret_key: (( vault meta.ocfp.vault.config "/bosh/iam/s3:secret_key" )) 6 | blobstore_app_packages_directory: (( vault meta.ocfp.vault.config "/blobstores/app_packages:name" )) 7 | blobstore_buildpacks_directory: (( vault meta.ocfp.vault.config "/blobstores/buildpacks:name" )) 8 | blobstore_droplets_directory: (( vault meta.ocfp.vault.config "/blobstores/droplets:name" )) 9 | blobstore_resources_directory: (( vault meta.ocfp.vault.config "/blobstores/resources:name" )) 10 | -------------------------------------------------------------------------------- /ocfp/gcp/azs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/genesis-community/cf-genesis-kit/a17965b910205fb7c2726503005e08989a23f831/ocfp/gcp/azs.yml -------------------------------------------------------------------------------- /ocfp/gcp/ocf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | -------------------------------------------------------------------------------- /ocfp/gcp/windows.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | -------------------------------------------------------------------------------- /ocfp/meta.yml: -------------------------------------------------------------------------------- 1 | --- 2 | meta: 3 | ocfp: 4 | env: 5 | scale: (( grab params.ocfp_env_scale || "dev" )) 6 | cloud: (( concat genesis.env "." genesis.type "." )) 7 | 8 | vault: 9 | config_prefix: (( grab params.ocfp_vault_config_prefix || "config/" )) 10 | config: (( concat genesis.ocfp_config_mount genesis.ocfp_env )) 11 | 12 | certs: 13 | trusted: 14 | - (( append )) # Account for unexpected merge orders. 15 | - (( vault genesis.secrets_mount "certs/org:ca" )) # Organization CA, if exists 16 | - (( vault genesis.secrets_mount "certs/dbs:ca" )) # External Databases CA 17 | # TODO: Add Blacksmith Services CA here, add in blacksmith integration 18 | 19 | cf: 20 | fqdns: 21 | base: (( vault meta.ocfp.vault.config "/fqdns:base" )) 22 | system: (( vault meta.ocfp.vault.config "/fqdns:system" )) 23 | apps: 24 | - (( vault meta.ocfp.vault.config "/fqdns:apps" )) 25 | 26 | -------------------------------------------------------------------------------- /ocfp/nfs-ldap-data.yml: -------------------------------------------------------------------------------- 1 | --- 2 | meta: 3 | nfs: 4 | ldap: 5 | user: (( vault meta.vault "/nfs/ldap:user" )) 6 | pass: (( vault meta.vault "/nfs/ldap:pass" )) 7 | host: (( vault meta.vault "/nfs/ldap:host" )) 8 | port: (( vault meta.vault "/nfs/ldap:port" )) 9 | proto: (( vault meta.vault "/nfs/ldap:proto" )) 10 | fqdn: (( vault meta.vault "/nfs/ldap:fqdn" )) 11 | ca: (( vault meta.vault "/nfs/ldap:ca" )) 12 | 13 | bosh-variables: 14 | nfs-ldap-service-user: (( grab meta.nfs.ldap.user )) 15 | nfs-ldap-service-password: (( grab meta.nfs.ldap.pass )) 16 | nfs-ldap-host: (( grab meta.nfs.ldap.host )) 17 | nfs-ldap-port: (( grab meta.nfs.ldap.port )) 18 | nfs-ldap-proto: (( grab meta.nfs.ldap.proto )) 19 | nfs-ldap-fqdn: (( grab meta.nfs.ldap.fqdn )) 20 | nfs-ldap-ca-cert: (( grab meta.nfs.ldap.ca )) 21 | 22 | params: 23 | nfs-ldap-service-user: (( grab meta.nfs.ldap.user )) 24 | nfs-ldap-service-password: (( grab meta.nfs.ldap.pass )) 25 | nfs-ldap-host: (( grab meta.nfs.ldap.host )) 26 | nfs-ldap-port: (( grab meta.nfs.ldap.port )) 27 | nfs-ldap-proto: (( grab meta.nfs.ldap.proto )) 28 | nfs-ldap-fqdn: (( grab meta.nfs.ldap.fqdn )) 29 | nfs-ldap-ca-cert: (( grab meta.nfs.ldap.ca )) 30 | 31 | -------------------------------------------------------------------------------- /ocfp/nfs-ldap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_ca_cert? 4 | value: (( grab meta.nfs.ldap.ca )) 5 | 6 | - type: replace 7 | path: /instance_groups/name=nfs-broker-push/networks 8 | value: 9 | - name: (( concat genesis.env "-ocf" )) 10 | 11 | - type: replace 12 | path: /instance_groups/name=nfs-broker-push/azs 13 | value: (( grab meta.ocfp.azs )) 14 | 15 | - type: replace 16 | path: /instance_groups/name=nfs-broker-push/vm_type 17 | value: (( concat "errand-" meta.ocfp.env.scale )) 18 | 19 | -------------------------------------------------------------------------------- /ocfp/openstack/blobstore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Nothing to do here since we are using the default internal blobstore 3 | 4 | -------------------------------------------------------------------------------- /ocfp/openstack/ocf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | params: 3 | cf_router_vmx: (( concat meta.ocfp.env.cloud "vmx-cf-router-network-properties" )) 4 | cf_tcp_router_vmx: (( concat meta.ocfp.env.cloud "vmx-cf-tcp-router-network-properties" )) 5 | diego_cell_vmx: (( concat meta.ocfp.env.cloud "vmx-diego-ssh-proxy-network-properties" )) 6 | 7 | instance_groups: 8 | - name: scheduler 9 | vm_extensions: 10 | - (( replace )) 11 | - (( grab params.diego_cell_vmx )) 12 | 13 | - name: router 14 | vm_extensions: 15 | - (( replace )) 16 | - (( grab params.cf_router_vmx )) 17 | 18 | - name: tcp-router 19 | vm_extensions: 20 | - (( replace )) 21 | - (( grab params.cf_tcp_router_vmx )) 22 | 23 | --- 24 | # OCFP Cloud Config accounts for larger ephemeral disks vvv 25 | - type: remove 26 | path: /instance_groups/name=diego-cell/vm_extensions 27 | - type: remove 28 | path: /instance_groups/name=api/vm_extensions 29 | 30 | -------------------------------------------------------------------------------- /ocfp/openstack/windows.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/networks 4 | value: 5 | - name: (( concat genesis.env "-ocf" )) 6 | 7 | - type: replace 8 | path: /instance_groups/name=windows2019-cell/azs 9 | value: 10 | - (( concat genesis.env "-z1" )) 11 | - (( concat genesis.env "-z2" )) 12 | - (( concat genesis.env "-z3" )) 13 | 14 | - type: replace 15 | path: /instance_groups/name=windows2019-cell/vm_type 16 | value: (( grab params.windows_diego_cell_vm_type || "default" )) 17 | 18 | - type: replace 19 | path: /instance_groups/name=windows2019-cell/instances 20 | value: (( grab params.windows_diego_cell_instances || 1 )) 21 | 22 | - type: remove 23 | path: /instance_groups/name=windows2019-cell/vm_extensions 24 | 25 | - type: remove 26 | path: /instance_groups/name=smoke-tests-windows? 27 | 28 | #- type: replace 29 | # path: /instance_groups/name=smoke-tests-windows/networks 30 | # value: 31 | # - name: (( concat genesis.env "-ocf" )) 32 | # 33 | # path: /instance_groups/name=smoke-tests-windows/azs 34 | # value: 35 | # - (( concat genesis.env "-z1" )) 36 | # 37 | #- type: replace 38 | # path: /instance_groups/name=smoke-tests-windows/vm_type 39 | # value: (( grab params.errand_vm_type || "default" )) 40 | 41 | -------------------------------------------------------------------------------- /ocfp/provided-router-ssl.yml: -------------------------------------------------------------------------------- 1 | --- 2 | instance_groups: 3 | - name: router 4 | jobs: 5 | - name: gorouter 6 | properties: 7 | router: 8 | tls_pem: 9 | - cert_chain: (( vault params.router-ssl-path ":cert_chain" )) 10 | private_key: (( vault params.router-ssl-path ":private_key" )) 11 | 12 | --- 13 | - type: remove 14 | path: /variables/name=router_ssl 15 | - type: remove 16 | path: /variables/name=router_ca 17 | -------------------------------------------------------------------------------- /ocfp/scale/dev.yml: -------------------------------------------------------------------------------- 1 | --- 2 | params: 3 | api_instances: 3 4 | cc_worker_instances: 3 5 | credhub_instances: 3 6 | diego_api_instances: 3 7 | diego_cell_instances: 1 8 | doppler_instances: 3 9 | log_api_instances: 3 10 | log_cache_instances: 3 11 | nats_instances: 3 12 | router_instances: 3 13 | scheduler_instances: 3 14 | tcp_router_instances: 3 15 | uaa_instances: 3 16 | -------------------------------------------------------------------------------- /ocfp/scale/prod.yml: -------------------------------------------------------------------------------- 1 | --- 2 | params: 3 | api_instances: 3 4 | cc_worker_instances: 3 5 | credhub_instances: 3 6 | diego_api_instances: 3 7 | diego_cell_instances: 10 8 | doppler_instances: 3 9 | log_api_instances: 3 10 | log_cache_instances: 3 11 | nats_instances: 3 12 | router_instances: 3 13 | scheduler_instances: 3 14 | tcp_router_instances: 3 15 | uaa_instances: 3 16 | # windows_diego_cell_instances: 1 17 | -------------------------------------------------------------------------------- /ocfp/smb-broker.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=smb-broker-push/networks 4 | value: 5 | - name: (( concat genesis.env "-ocf" )) 6 | 7 | - type: replace 8 | path: /instance_groups/name=smb-broker-push/azs 9 | value: (( grab meta.ocfp.azs )) 10 | 11 | - type: replace 12 | path: /instance_groups/name=smb-broker-push/vm_type 13 | value: (( concat "errand-" meta.ocfp.env.scale )) 14 | 15 | -------------------------------------------------------------------------------- /ocfp/split-network.yml: -------------------------------------------------------------------------------- 1 | --- 2 | params: 3 | cf_core_network: (( concat meta.ocfp.env.cloud "net-ocf-core" )) 4 | cf_edge_network: (( concat meta.ocfp.env.cloud "net-ocf-edge" )) 5 | cf_tcp_edge_network: (( concat meta.ocfp.env.cloud "net-ocf-tcp" )) 6 | cf_runtime_network: (( concat meta.ocfp.env.cloud "net-ocf-runtime" )) 7 | cf_db_network: (( concat meta.ocfp.env.cloud "net-ocf-db" )) 8 | -------------------------------------------------------------------------------- /ocfp/stackit/blobstore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Nothing to do here since we are using the default internal blobstore 3 | 4 | -------------------------------------------------------------------------------- /ocfp/stackit/ocf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | params: 3 | cf_router_vmx: (( concat meta.ocfp.env.cloud "vmx-cf-router-network-properties" )) 4 | cf_tcp_router_vmx: (( concat meta.ocfp.env.cloud "vmx-cf-tcp-router-network-properties" )) 5 | diego_cell_vmx: (( concat meta.ocfp.env.cloud "vmx-diego-ssh-proxy-network-properties" )) 6 | 7 | instance_groups: 8 | - name: scheduler 9 | vm_extensions: 10 | - (( replace )) 11 | - (( grab params.diego_cell_vmx )) 12 | 13 | - name: router 14 | vm_extensions: 15 | - (( replace )) 16 | - (( grab params.cf_router_vmx )) 17 | 18 | - name: tcp-router 19 | vm_extensions: 20 | - (( replace )) 21 | - (( grab params.cf_tcp_router_vmx )) 22 | 23 | --- 24 | # OCFP Cloud Config accounts for larger ephemeral disks vvv 25 | - type: remove 26 | path: /instance_groups/name=diego-cell/vm_extensions 27 | - type: remove 28 | path: /instance_groups/name=api/vm_extensions 29 | 30 | -------------------------------------------------------------------------------- /ocfp/stackit/windows.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=windows2019-cell/networks 4 | value: 5 | - name: (( concat genesis.env "-ocf" )) 6 | 7 | - type: replace 8 | path: /instance_groups/name=windows2019-cell/azs 9 | value: 10 | - (( concat genesis.env "-z1" )) 11 | - (( concat genesis.env "-z2" )) 12 | - (( concat genesis.env "-z3" )) 13 | 14 | - type: replace 15 | path: /instance_groups/name=windows2019-cell/vm_type 16 | value: (( grab params.windows_diego_cell_vm_type || "default" )) 17 | 18 | - type: replace 19 | path: /instance_groups/name=windows2019-cell/instances 20 | value: (( grab params.windows_diego_cell_instances || 1 )) 21 | 22 | - type: remove 23 | path: /instance_groups/name=windows2019-cell/vm_extensions 24 | 25 | - type: remove 26 | path: /instance_groups/name=smoke-tests-windows? 27 | 28 | #- type: replace 29 | # path: /instance_groups/name=smoke-tests-windows/networks 30 | # value: 31 | # - name: (( concat genesis.env "-ocf" )) 32 | # 33 | # path: /instance_groups/name=smoke-tests-windows/azs 34 | # value: 35 | # - (( concat genesis.env "-z1" )) 36 | # 37 | #- type: replace 38 | # path: /instance_groups/name=smoke-tests-windows/vm_type 39 | # value: (( grab params.errand_vm_type || "default" )) 40 | 41 | -------------------------------------------------------------------------------- /ocfp/stratos.yml: -------------------------------------------------------------------------------- 1 | --- 2 | meta: 3 | stratos_domain: (( vault meta.ocfp.vault.config "/fqdns:stratos" )) 4 | 5 | -------------------------------------------------------------------------------- /ocfp/trust-blacksmith-ca.yml: -------------------------------------------------------------------------------- 1 | --- 2 | meta: 3 | ocfp: 4 | certs: 5 | trusted: 6 | - (( append )) 7 | - (( vault $GENESIS_EXODUS_MOUNT genesis.env "/blacksmith:blacksmith_ca" )) 8 | 9 | -------------------------------------------------------------------------------- /ocfp/trusted-certs-cflinuxfs3.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - name: diego-cell 3 | jobs: 4 | - name: cflinuxfs3-rootfs-setup 5 | properties: 6 | cflinuxfs3-rootfs: 7 | trusted_certs: 8 | - (( append )) 9 | - (( join "" meta.ocfp.certs.trusted )) 10 | -------------------------------------------------------------------------------- /ocfp/trusted-certs-cflinuxfs4.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - name: diego-cell 3 | jobs: 4 | - name: cflinuxfs4-rootfs-setup 5 | properties: 6 | cflinuxfs4-rootfs: 7 | trusted_certs: 8 | - (( append )) 9 | - (( join "" meta.ocfp.certs.trusted )) 10 | 11 | -------------------------------------------------------------------------------- /ocfp/trusted-certs-windows.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - name: windows2019-cell 3 | jobs: 4 | - name: rep_windows 5 | properties: 6 | containers: 7 | trusted_ca_certificates: 8 | - (( append )) 9 | - (( join "" meta.ocfp.certs.trusted )) 10 | 11 | -------------------------------------------------------------------------------- /ocfp/trusted-certs.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - name: diego-cell 3 | jobs: 4 | - name: rep 5 | properties: 6 | containers: 7 | trusted_ca_certificates: 8 | - (( append )) 9 | - (( join "" meta.ocfp.certs.trusted )) 10 | -------------------------------------------------------------------------------- /ocfp/vsphere/azs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/genesis-community/cf-genesis-kit/a17965b910205fb7c2726503005e08989a23f831/ocfp/vsphere/azs.yml -------------------------------------------------------------------------------- /ocfp/vsphere/ocf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | -------------------------------------------------------------------------------- /ocfp/vsphere/windows.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | -------------------------------------------------------------------------------- /operations/db-override-mysql-names.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=database/jobs/name=pxc-mysql/properties/seeded_databases 3 | value: 4 | - name: ((cloud_controller_database_name)) 5 | password: ((cc_database_password)) 6 | username: ((cloud_controller_database_username)) 7 | - name: ((diego_database_name)) 8 | password: ((diego_database_password)) 9 | username: ((diego_database_username)) 10 | - name: ((network_connectivity_database_name)) 11 | password: ((network_connectivity_database_password)) 12 | username: ((network_connectivity_database_username)) 13 | - name: ((network_policy_database_name)) 14 | password: ((network_policy_database_password)) 15 | username: ((network_policy_database_username)) 16 | - name: ((routing_api_database_name)) 17 | password: ((routing_api_database_password)) 18 | username: ((routing_api_database_username)) 19 | - name: ((uaa_database_name)) 20 | password: ((uaa_database_password)) 21 | username: ((uaa_database_username)) 22 | - name: ((locket_database_name)) 23 | password: ((locket_database_password)) 24 | username: ((locket_database_username)) 25 | - name: ((credhub_database_name)) 26 | password: ((credhub_database_password)) 27 | username: ((credhub_database_username)) 28 | -------------------------------------------------------------------------------- /operations/diego-cells-networking.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Use distinct vxlan policy links for runtime cells 3 | - type: replace 4 | path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/provides?/vpa 5 | value: {as: vpa-runtime} 6 | - type: replace 7 | path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/vpa 8 | value: {from: vpa-runtime} 9 | - type: replace 10 | path: /instance_groups/name=diego-cell/jobs/name=silk-cni/consumes?/vpa 11 | value: {from: vpa-runtime} 12 | - type: replace 13 | path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/iptables 14 | value: {from: iptables-runtime} 15 | - type: replace 16 | path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/iptables 17 | value: {from: iptables-runtime} 18 | - type: replace 19 | path: /instance_groups/name=diego-cell/jobs/name=netmon/consumes?/iptables 20 | value: {from: iptables-runtime} 21 | - type: replace 22 | path: /instance_groups/name=diego-cell/jobs/name=garden/provides?/iptables 23 | value: {as: iptables-runtime} 24 | - type: replace 25 | path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/cni_config 26 | value: {from: cni_config_runtime} 27 | - type: replace 28 | path: /instance_groups/name=diego-cell/jobs/name=silk-cni/provides?/cni_config 29 | value: {as: cni_config_runtime} 30 | 31 | -------------------------------------------------------------------------------- /operations/dynamic/instance_counts.yml: -------------------------------------------------------------------------------- 1 | --- [] 2 | 3 | # This is a dynamically created file for setting the instance counts when 4 | # specified by `params.*_instances` entries. It is created by the 5 | # hooks/blueprint script. 6 | -------------------------------------------------------------------------------- /operations/dynamic/instance_types.yml: -------------------------------------------------------------------------------- 1 | --- [] 2 | 3 | # This is a dynamically created file for setting the instance vm types when 4 | # specified by `params.*_vm_type` entries. It is created by the 5 | # hooks/blueprint script. 6 | -------------------------------------------------------------------------------- /operations/migrate/cells.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=diego-cell/migrated_from? 3 | value: 4 | - name: cell -------------------------------------------------------------------------------- /operations/migrate/postgres.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=database/jobs/- 3 | value: 4 | name: migrate-postgres 5 | release: migrate-postgres 6 | 7 | - type: replace 8 | path: /releases/- 9 | value: 10 | name: migrate-postgres 11 | version: 1.0.1 12 | url: https://github.com/rkoster/migrate-postgres-boshrelease/releases/download/v1.0.1/migrate-postgres-1.0.1.tgz 13 | sha1: b66d02413a3745b23c4b55897019a9d24967b564 14 | -------------------------------------------------------------------------------- /operations/scale-to-one-az.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Use this override to only use a single Availability Zone. 3 | - type: replace 4 | path: /meta/azs? 5 | value: 6 | - (( grab params.availability_zones[0] || meta.default_azs[0] )) 7 | -------------------------------------------------------------------------------- /operations/scale-to-three-azs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Use this override to deploy 3 Availability Zones. 3 | - type: replace 4 | path: /instance_groups/name=nats/azs 5 | value: [ z1, z2, z3 ] 6 | - type: replace 7 | path: /instance_groups/name=diego-api/azs 8 | value: [ z1, z2, z3 ] 9 | - type: replace 10 | path: /instance_groups/name=uaa/azs 11 | value: [ z1, z2, z3 ] 12 | - type: replace 13 | path: /instance_groups/name=scheduler/azs 14 | value: [ z1, z2, z3 ] 15 | - type: replace 16 | path: /instance_groups/name=diego-cell/azs 17 | value: [ z1, z2, z3 ] 18 | - type: replace 19 | path: /instance_groups/name=router/azs 20 | value: [ z1, z2, z3 ] 21 | - type: replace 22 | path: /instance_groups/name=api/azs 23 | value: [ z1, z2, z3 ] 24 | - type: replace 25 | path: /instance_groups/name=cc-worker/azs 26 | value: [ z1, z2, z3 ] 27 | - type: replace 28 | path: /instance_groups/name=doppler/azs 29 | value: [ z1, z2, z3 ] 30 | - type: replace 31 | path: /instance_groups/name=log-cache/azs 32 | value: [ z1, z2, z3 ] 33 | - type: replace 34 | path: /instance_groups/name=log-api/azs 35 | value: [ z1, z2, z3 ] 36 | - type: replace 37 | path: /instance_groups/name=tcp-router/azs 38 | value: [ z1, z2, z3 ] 39 | - type: replace 40 | path: /instance_groups/name=credhub/azs 41 | value: [ z1, z2, z3 ] 42 | -------------------------------------------------------------------------------- /overlay/addons/app-scheduler.yml: -------------------------------------------------------------------------------- 1 | --- 2 | exodus: 3 | app_scheduler_client: app_scheduler_client 4 | app_scheduler_secret: ((uaa_clients_app_scheduler_secret)) 5 | nats_client_cert: ((nats_client_cert.certificate)) 6 | nats_client_key: ((nats_client_cert.private_key)) 7 | 8 | instance_groups: 9 | - name: uaa 10 | jobs: 11 | - name: uaa 12 | properties: 13 | uaa: 14 | clients: 15 | app_scheduler_client: 16 | authorized-grant-types: client_credentials 17 | authorities: cloud_controller.read,cloud_controller.admin,uaa.resource 18 | secret: "((uaa_clients_app_scheduler_secret))" 19 | 20 | variables: 21 | - name: uaa_clients_app_scheduler_secret 22 | type: password 23 | 24 | -------------------------------------------------------------------------------- /overlay/addons/migration-db-override-names.yml: -------------------------------------------------------------------------------- 1 | bosh-variables: 2 | cloud_controller_database_name: (( grab params.ccdb_name || meta.database_defaults.cloud_controller.name )) 3 | uaa_database_name: (( grab params.uaadb_name || meta.database_defaults.uaa.name )) 4 | diego_database_name: (( grab params.diegodb_name || meta.database_defaults.diego.name )) 5 | network_policy_database_name: (( grab params.policyserverdb_name || meta.database_defaults.network_policy.name )) 6 | network_connectivity_database_name: (( grab params.silkdb_name || meta.database_defaults.network_connectivity.name )) 7 | locket_database_name: (( grab params.locketdb_name || meta.database_defaults.locket.name )) 8 | credhub_database_name: (( grab params.credhubdb_name || meta.database_defaults.credhub.name )) 9 | -------------------------------------------------------------------------------- /overlay/addons/migration-v1-nats-credentials-tls.yml: -------------------------------------------------------------------------------- 1 | 2 | instance_groups: 3 | - name: nats 4 | jobs: 5 | - name: nats-tls 6 | properties: 7 | nats: 8 | user: nats_user 9 | -------------------------------------------------------------------------------- /overlay/addons/migration-v1-nats-credentials.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - name: nats 3 | jobs: 4 | - name: nats 5 | properties: 6 | nats: 7 | user: nats_user 8 | -------------------------------------------------------------------------------- /overlay/addons/nfs-ldap-config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_svc_user? 4 | value: (( grab meta.nfs.ldap.user )) 5 | - type: replace 6 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_svc_password? 7 | value: (( grab meta.nfs.ldap.pass )) 8 | - type: replace 9 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_host? 10 | value: (( grab meta.nfs.ldap.host )) 11 | - type: replace 12 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_port? 13 | value: (( grab meta.nfs.ldap.port )) 14 | - type: replace 15 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_proto? 16 | value: (( grab meta.nfs.ldap.proto )) 17 | - type: replace 18 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_user_fqdn? 19 | value: (( grab meta.nfs.ldap.fqdn )) 20 | - type: replace 21 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/allowed-in-source? 22 | value: "" 23 | - type: replace 24 | path: /instance_groups/name=nfs-broker-push/jobs/name=nfsbrokerpush/properties/nfsbrokerpush/ldap_enabled? 25 | value: true 26 | 27 | -------------------------------------------------------------------------------- /overlay/addons/nfs-ldap-tls.yml: -------------------------------------------------------------------------------- 1 | --- 2 | params: 3 | nfs-ldap-ca-cert: ((nfs-ldap-ca-cert.ca)) 4 | 5 | variables: 6 | - name: nfs-ldap-ca-cert 7 | type: certificate 8 | options: 9 | common_name: NFSLDAPCA 10 | is_ca: true 11 | 12 | --- 13 | - type: replace 14 | path: /instance_groups/name=diego-cell/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_ca_cert? 15 | value: (( grab params.nfs-ldap-ca-cert )) 16 | 17 | -------------------------------------------------------------------------------- /overlay/addons/nfs-ldap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | bosh-variables: 3 | nfs-ldap-service-user: (( grab params.nfs-ldap-service-user )) 4 | nfs-ldap-host: (( grab params.nfs-ldap-host )) 5 | nfs-ldap-port: (( grab params.nfs-ldap-port )) 6 | nfs-ldap-proto: (( grab params.nfs-ldap-proto )) 7 | nfs-ldap-fqdn: (( grab params.nfs-ldap-fqdn )) 8 | 9 | params: 10 | nfs-ldap-service-user: (( param "Provide value for NFS LDAP service user" )) 11 | nfs-ldap-host: (( param "Provide value for NFS LDAP host" )) 12 | nfs-ldap-port: 389 13 | nfs-ldap-proto: tcp 14 | nfs-ldap-fqdn: (( param "Provide value for NFS LDAP fqdn" )) 15 | -------------------------------------------------------------------------------- /overlay/addons/nfs-volume-service.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - name: nfs-broker-push 3 | networks: 4 | - ((replace)) 5 | - name: ((cf_runtime_network)) 6 | azs: (( grab meta.azs )) 7 | -------------------------------------------------------------------------------- /overlay/addons/no-tcp-routers.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - name: tcp-router 3 | - (( delete "tcp-router" )) 4 | -------------------------------------------------------------------------------- /overlay/addons/prometheus.yml: -------------------------------------------------------------------------------- 1 | --- 2 | exodus: 3 | firehose_exporter_secret: (( grab instance_groups.uaa.jobs.uaa.properties.uaa.clients.firehose_exporter.secret )) 4 | cf_exporter_secret: (( grab instance_groups.uaa.jobs.uaa.properties.uaa.clients.cf_exporter.secret )) 5 | 6 | instance_groups: 7 | - name: uaa 8 | jobs: 9 | - name: uaa 10 | properties: 11 | uaa: 12 | clients: 13 | cf_exporter: 14 | override: true 15 | authorized-grant-types: client_credentials,refresh_token 16 | authorities: cloud_controller.admin_read_only 17 | scopes: 18 | - openid 19 | - cloud_controller.admin_read_only 20 | secret: "((uaa_clients_cf_exporter_secret))" 21 | firehose_exporter: 22 | override: true 23 | authorized-grant-types: client_credentials,refresh_token 24 | authorities: doppler.firehose 25 | scopes: 26 | - openid 27 | - doppler.firehose 28 | secret: "((uaa_clients_firehose_exporter_secret))" 29 | combined_exporter: # for old prometheus kit 30 | authorized-grant-types: client_credentials, refresh_token 31 | authorities: doppler.firehose,cloud_controller.admin_read_only 32 | scopes: 33 | - openid 34 | - oauth.approvals 35 | - scim.userids 36 | - cloud_controller.admin_read_only 37 | secret: "((uaa_clients_firehose_exporter_secret))" 38 | 39 | variables: 40 | - name: uaa_clients_firehose_exporter_secret 41 | type: password 42 | - name: uaa_clients_cf_exporter_secret 43 | type: password 44 | -------------------------------------------------------------------------------- /overlay/addons/scs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | exodus: 3 | scs_client: scs_client 4 | scs_secret: (( grab instance_groups.uaa.jobs.uaa.properties.uaa.clients.scs_client.secret )) 5 | 6 | instance_groups: 7 | - name: uaa 8 | jobs: 9 | - name: uaa 10 | properties: 11 | uaa: 12 | clients: 13 | scs_client: 14 | authorized-grant-types: client_credentials 15 | authorities: uaa.admin,clients.admin,cloud_controller.read,cloud_controller.admin,uaa.resource 16 | secret: "((uaa_clients_scs_secret))" 17 | 18 | variables: 19 | - name: uaa_clients_scs_secret 20 | type: password 21 | 22 | --- 23 | - type: replace 24 | path: /instance_groups/name=api?/jobs/name=cloud_controller_ng/properties/cc/broker_client_timeout_seconds 25 | value: 300 26 | 27 | -------------------------------------------------------------------------------- /overlay/addons/smb-volume-service.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - name: smb-broker-push 3 | networks: 4 | - ((replace)) 5 | - name: ((cf_runtime_network)) 6 | azs: (( grab meta.azs )) -------------------------------------------------------------------------------- /overlay/addons/ssh-proxy-on-routers.yml: -------------------------------------------------------------------------------- 1 | addons: 2 | - name: bosh-dns-aliases 3 | jobs: 4 | - name: bosh-dns-aliases 5 | properties: 6 | aliases: 7 | - (( merge on domain )) 8 | - domain: ssh-proxy.service.cf.internal 9 | targets: 10 | - (( merge on query )) 11 | - query: "*" 12 | instance_group: router 13 | 14 | instance_groups: 15 | - name: scheduler 16 | vm_extensions: 17 | - (( delete "diego-ssh-proxy-network-properties" )) 18 | 19 | - name: router 20 | jobs: 21 | - name: ssh_proxy 22 | .: (( inject instance_groups.scheduler.jobs.ssh_proxy )) 23 | vm_extensions: 24 | - (( append )) 25 | - diego-ssh-proxy-network-properties 26 | -------------------------------------------------------------------------------- /overlay/addons/stratos.yml: -------------------------------------------------------------------------------- 1 | --- 2 | meta: 3 | stratos_domain: (( concat "console." params.apps_domain )) 4 | 5 | instance_groups: 6 | - name: uaa 7 | jobs: 8 | - name: uaa 9 | properties: 10 | uaa: 11 | clients: 12 | stratos_client: 13 | authorized-grant-types: authorization_code,client_credentials,refresh_token 14 | redirect-uri: (( concat "https://" meta.stratos_domain "/pp/v1/auth/sso_login_callback" )) 15 | autoapprove: true # Bypass users approval 16 | access-token-validity: 1200 17 | authorities: uaa.none 18 | override: true 19 | refresh-token-validity: 2592000 20 | scopes: 21 | - network.admin 22 | - network.write 23 | - cloud_controller.read 24 | - cloud_controller.write 25 | - openid,password.write 26 | - cloud_controller.admin 27 | - scim.read,scim.write 28 | - doppler.firehose 29 | - uaa.user 30 | - routing.router_groups.read 31 | - routing.router_groups.write 32 | - cloud_controller.admin_read_only 33 | - cloud_controller.global_auditor 34 | - perm.admin 35 | - clients.read 36 | secret: "((stratos_client_secret))" 37 | 38 | variables: 39 | - name: stratos_client_secret 40 | type: password 41 | 42 | exodus: 43 | stratos_client: stratos_client 44 | stratos_secret: ((stratos_client_secret)) 45 | 46 | -------------------------------------------------------------------------------- /overlay/addons/trust-blacksmith-ca-cflinuxfs3.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs3-rootfs-setup/properties/cflinuxfs3-rootfs/trusted_certs/- 4 | value: (( vault $GENESIS_EXODUS_MOUNT genesis.env "/blacksmith:blacksmith_ca" )) 5 | -------------------------------------------------------------------------------- /overlay/addons/trust-blacksmith-ca.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs/- 4 | value: (( vault $GENESIS_EXODUS_MOUNT genesis.env "/blacksmith:blacksmith_ca" )) 5 | - type: replace 6 | path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates/- 7 | value: (( vault $GENESIS_EXODUS_MOUNT genesis.env "/blacksmith:blacksmith_ca" )) 8 | 9 | -------------------------------------------------------------------------------- /overlay/addons/uaa-admin-client.yml: -------------------------------------------------------------------------------- 1 | --- 2 | exodus: 3 | uaa_admin_client: admin 4 | uaa_admin_client_secret: ((uaa_admin_client_secret)) 5 | -------------------------------------------------------------------------------- /overlay/addons/v1-vm-types.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # v1.x default vm types 3 | instance_groups: 4 | - name: diego-api 5 | vm_type: bbs 6 | - name: diego-cell 7 | vm_type: cell 8 | - name: log-api 9 | vm_type: loggregator 10 | - name: scheduler 11 | vm_type: diego 12 | - name: api 13 | vm_type: api 14 | - name: doppler 15 | vm_type: doppler 16 | - name: nats 17 | vm_type: nats 18 | - name: router 19 | vm_type: router 20 | - name: tcp-router 21 | vm_type: router 22 | - name: uaa 23 | vm_type: uaa 24 | - name: singleton-blobstore 25 | vm_type: blobstore 26 | - name: database 27 | vm_type: postgres 28 | - name: smoke-tests 29 | vm_type: errand 30 | 31 | # Not originally in v1 32 | 33 | - name: cc-worker 34 | vm_type: minimal 35 | - name: rotate-cc-database-key 36 | vm_type: errand 37 | - name: credhub 38 | vm_type: minimal 39 | 40 | -------------------------------------------------------------------------------- /overlay/azure_availability_sets.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Use this override to setup the availability sets in Azure 3 | instance_groups: 4 | - name: nats 5 | vm_extensions: 6 | - (( append )) 7 | - nats_as 8 | - name: diego-api 9 | vm_extensions: 10 | - (( append )) 11 | - diego_api_as 12 | - name: uaa 13 | vm_extensions: 14 | - (( append )) 15 | - uaa_as 16 | - name: scheduler 17 | vm_extensions: 18 | - (( append )) 19 | - scheduler_as 20 | - name: diego-cell 21 | vm_extensions: 22 | - (( append )) 23 | - diego_cell_as 24 | - name: router 25 | vm_extensions: 26 | - (( append )) 27 | - router_as 28 | - name: api 29 | vm_extensions: 30 | - (( append )) 31 | - api_as 32 | - name: cc-worker 33 | vm_extensions: 34 | - (( append )) 35 | - cc_worker_as 36 | - name: doppler 37 | vm_extensions: 38 | - (( append )) 39 | - doppler_as 40 | - name: log-api 41 | vm_extensions: 42 | - (( append )) 43 | - log_api_as 44 | - name: tcp-router 45 | vm_extensions: 46 | - (( append )) 47 | - tcp_router_as 48 | - name: credhub 49 | vm_extensions: 50 | - (( append )) 51 | - credhub_as 52 | 53 | -------------------------------------------------------------------------------- /overlay/blobstore/aws-iam.yml: -------------------------------------------------------------------------------- 1 | bosh-variables: 2 | fog_connection: 3 | use_iam_profile: true 4 | aws_access_key_id: (( prune )) 5 | aws_secret_access_key: (( prune )) 6 | -------------------------------------------------------------------------------- /overlay/blobstore/aws.yml: -------------------------------------------------------------------------------- 1 | params: 2 | blobstore_s3_region: (( param "Specify the AWS region for your Cloud Controller blobstore" )) 3 | 4 | bosh-variables: 5 | fog_connection: 6 | provider: AWS 7 | aws_access_key_id: ((blobstore_access_key_id)) 8 | aws_secret_access_key: ((blobstore_secret_access_key)) 9 | region: (( grab params.blobstore_s3_region )) 10 | 11 | # Per https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html a key cannot 12 | # contain upper case so override here to exclude upper case 13 | variables: 14 | - name: cc_directory_key 15 | type: password 16 | options: 17 | exclude_upper: true 18 | 19 | # Credhub Secrets 20 | # blobstore_access_key_id 21 | # blobstore_secret_access_key 22 | -------------------------------------------------------------------------------- /overlay/blobstore/azure.yml: -------------------------------------------------------------------------------- 1 | 2 | bosh-variables: 3 | environment: (( grab params.blobstore_environment || params.azure_environment || "AzureCloud" )) 4 | 5 | # Per https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules#microsoftstorage a key cannot 6 | # contain upper case so override here to exclude upper case 7 | variables: 8 | - name: cc_directory_key 9 | type: password 10 | options: 11 | exclude_upper: true 12 | 13 | # Credhub Secrets 14 | # blobstore_storage_account_name 15 | # blobstore_storage_access_key 16 | 17 | -------------------------------------------------------------------------------- /overlay/blobstore/external.yml: -------------------------------------------------------------------------------- 1 | bosh-variables: 2 | app_package_directory_key: (( grab params.blobstore_app_packages_directory || meta.blobstore_bucket_path.app-packages )) 3 | buildpack_directory_key: (( grab params.blobstore_buildpacks_directory || meta.blobstore_bucket_path.buildpacks )) 4 | droplet_directory_key: (( grab params.blobstore_droplets_directory || meta.blobstore_bucket_path.droplets )) 5 | resource_directory_key: (( grab params.blobstore_resources_directory || meta.blobstore_bucket_path.resources )) 6 | -------------------------------------------------------------------------------- /overlay/blobstore/meta.yml: -------------------------------------------------------------------------------- 1 | meta: 2 | blobstore_bucket_env: (( grab params.blobstore_bucket_env || $GENESIS_ENVIRONMENT )) 3 | blobstore_bucket_type: (( grab params.blobstore_bucket_type || $GENESIS_TYPE )) 4 | blobstore_bucket_prefix_default: (( concat meta.blobstore_bucket_env "-" meta.blobstore_bucket_type )) 5 | blobstore_bucket_prefix: (( grab params.blobstore_bucket_prefix || meta.blobstore_bucket_prefix_default )) 6 | blobstore_bucket_suffix: (( grab params.blobstore_bucket_suffix || "((cc_directory_key))" )) 7 | 8 | blobstore_bucket_path: 9 | app-packages: (( concat meta.blobstore_bucket_prefix "-app-packages-" meta.blobstore_bucket_suffix )) 10 | buildpacks: (( concat meta.blobstore_bucket_prefix "-buildpacks-" meta.blobstore_bucket_suffix )) 11 | droplets: (( concat meta.blobstore_bucket_prefix "-droplets-" meta.blobstore_bucket_suffix )) 12 | resources: (( concat meta.blobstore_bucket_prefix "-resources-" meta.blobstore_bucket_suffix )) 13 | 14 | variables: 15 | - name: cc_directory_key 16 | type: password 17 | options: 18 | length: 10 # 26^10 = 1.4 x 10^14 possibilities 19 | # exclude_upper: true 20 | # exclude_number: true 21 | -------------------------------------------------------------------------------- /overlay/blobstore/minio.yml: -------------------------------------------------------------------------------- 1 | params: 2 | blobstore_minio_endpoint: (( param "Specify the Minio URL (including protocol) to use as your Cloud Controller blobstore" )) 3 | 4 | bosh-variables: 5 | fog_connection: 6 | provider: AWS 7 | endpoint: (( grab params.blobstore_minio_endpoint )) 8 | aws_access_key_id: ((blobstore_access_key_id)) 9 | aws_secret_access_key: ((blobstore_secret_access_key)) 10 | aws_signature_version: '2' 11 | region: "''" 12 | path_style: true 13 | 14 | # Credhub Secrets 15 | # blobstore_access_key_id 16 | # blobstore_secret_access_key 17 | 18 | -------------------------------------------------------------------------------- /overlay/db/external-mysql.yml: -------------------------------------------------------------------------------- 1 | --- 2 | params: 3 | external_db_host: (( param "Please provide the hostname / IP of your external MySQL database instance" )) 4 | external_db_scheme: mysql 5 | external_db_port: 3306 6 | external_db_password: ((external_db_password)) 7 | -------------------------------------------------------------------------------- /overlay/db/external-postgres.yml: -------------------------------------------------------------------------------- 1 | --- 2 | params: 3 | external_db_host: (( param "Please provide the hostname / IP of your external MySQL database instance" )) 4 | external_db_scheme: postgres 5 | external_db_port: 5432 6 | external_db_password: ((external_db_password)) 7 | 8 | # UAA is not a team player, wants to go its own way... 9 | uaadb_scheme: postgresql 10 | -------------------------------------------------------------------------------- /overlay/db/local-mysql-db.yml: -------------------------------------------------------------------------------- 1 | # These variables are only valid if you're using mysql. 2 | # This needs to be separate from the base, because the use-postgres ops file 3 | # cannot be guaranteed to run after the overlay base and therefore clean up 4 | # these keys for us. 5 | variables: 6 | - { name: pxc_galera_ca, options: { duration: 3650 } } 7 | - { name: pxc_server_ca, options: { duration: 3650 } } -------------------------------------------------------------------------------- /overlay/dynamic-templates/isolation-segment-additional-trusted-certs-cflinuxfs3.yml: -------------------------------------------------------------------------------- 1 | --- 2 | instance_groups: 3 | - name: (( grab meta.name )) 4 | jobs: 5 | - name: cflinuxfs3-rootfs-setup 6 | properties: 7 | cflinuxfs3-rootfs: 8 | trusted_certs: (( defer grab params.isolation_segments.{{segment-name}}.base_trusted_certs params.isolation_segments.{{segment-name}}.additional_trusted_certs )) 9 | -------------------------------------------------------------------------------- /overlay/dynamic-templates/isolation-segment-additional-trusted-certs.yml: -------------------------------------------------------------------------------- 1 | params: 2 | isolation_segments: 3 | - name: {{segment-name}} 4 | base_trusted_certs: 5 | - ((diego_instance_identity_ca.ca)) 6 | - ((credhub_tls.ca)) 7 | - ((uaa_ssl.ca)) 8 | additional_trusted_certs: 9 | - (( append )) 10 | 11 | instance_groups: 12 | - name: (( grab meta.name )) 13 | jobs: 14 | - name: cflinuxfs4-rootfs-setup 15 | properties: 16 | cflinuxfs4-rootfs: 17 | trusted_certs: (( defer grab params.isolation_segments.{{segment-name}}.base_trusted_certs params.isolation_segments.{{segment-name}}.additional_trusted_certs )) 18 | - name: rep 19 | properties: 20 | containers: 21 | trusted_ca_certificates: (( defer grab params.isolation_segments.{{segment-name}}.base_trusted_certs params.isolation_segments.{{segment-name}}.additional_trusted_certs )) 22 | -------------------------------------------------------------------------------- /overlay/dynamic-templates/isolation-segment-cflinuxfs3.yml: -------------------------------------------------------------------------------- 1 | --- 2 | genesis: 3 | env: (( grab $GENESIS_ENVIRONMENT )) 4 | secrets_mount: (( grab $GENESIS_SECRETS_MOUNT )) 5 | vault_prefix: (( grab $GENESIS_VAULT_PREFIX )) 6 | vault_env: (( grab $GENESIS_VAULT_ENV_SLUG )) 7 | 8 | meta: 9 | vault: (( concat genesis.secrets_mount genesis.vault_prefix )) 10 | 11 | __default_tags: 12 | - (( grab meta.tag || meta.name )) 13 | 14 | __default_vm_extentions: 15 | - 100GB_ephemeral_disk 16 | 17 | instance_groups: 18 | - name: (( grab meta.name )) 19 | jobs: 20 | - (( merge on name )) 21 | - name: rep 22 | release: diego 23 | properties: 24 | diego: 25 | rep: 26 | preloaded_rootfses: 27 | - (( prepend )) 28 | - cflinuxfs3:/var/vcap/packages/cflinuxfs3/rootfs.tar 29 | - (( insert before "cflinuxfs4-rootfs-setup" )) 30 | - name: cflinuxfs3-rootfs-setup 31 | release: cflinuxfs3 32 | properties: 33 | cflinuxfs3-rootfs: 34 | trusted_certs: 35 | - ((diego_instance_identity_ca.ca)) 36 | - ((credhub_tls.ca)) 37 | - ((uaa_ssl.ca)) 38 | -------------------------------------------------------------------------------- /overlay/dynamic-templates/isolation-segment-dns-sd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /addons/name=bosh-dns-aliases/jobs/name=bosh-dns-aliases/properties/aliases/domain=_.cell.service.cf.internal/targets/- 4 | value: 5 | query: '_' 6 | instance_group: {{segment-name}} 7 | deployment: ((deployment_name)) 8 | network: (( grab meta.network_name || "default" )) 9 | domain: bosh 10 | - type: replace 11 | path: /instance_groups/name={{segment-name}}/jobs/name=bosh-dns-adapter? 12 | value: 13 | name: bosh-dns-adapter 14 | properties: 15 | internal_domains: ["apps.internal."] 16 | dnshttps: 17 | client: 18 | tls: ((cf_app_sd_client_tls)) 19 | server: 20 | ca: ((cf_app_sd_server_tls.ca)) 21 | release: cf-networking 22 | - type: replace 23 | path: /instance_groups/name={{segment-name}}/jobs/name=route_emitter/properties/internal_routes? 24 | value: 25 | enabled: true 26 | -------------------------------------------------------------------------------- /overlay/dynamic-templates/isolation-segment-network.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - (( merge on name )) 3 | - name: (( grab meta.name )) 4 | networks: 5 | - (( replace )) 6 | - name: (( grab meta.network_name || "(( grab params.cf_runtime_network ))" )) 7 | 8 | addons: 9 | - name: bosh-dns-aliases 10 | jobs: 11 | - name: bosh-dns-aliases 12 | properties: 13 | aliases: 14 | - domain: _.cell.service.cf.internal 15 | targets: 16 | - (( replace )) 17 | - (( defer append )) 18 | - deployment: ((deployment_name)) 19 | domain: bosh 20 | instance_group: (( grab meta.name )) 21 | network: (( grab meta.network_name || "(( grab params.cf_runtime_network ))" )) 22 | query: _ 23 | 24 | -------------------------------------------------------------------------------- /overlay/dynamic-templates/isolation-segment-nfs-ldap-config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - type: replace 3 | path: /instance_groups/name={{segment-name}}/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_svc_user? 4 | value: (( grab meta.nfs.ldap.user )) 5 | - type: replace 6 | path: /instance_groups/name={{segment-name}}/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_svc_password? 7 | value: (( grab meta.nfs.ldap.pass )) 8 | - type: replace 9 | path: /instance_groups/name={{segment-name}}/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_host? 10 | value: (( grab meta.nfs.ldap.host )) 11 | - type: replace 12 | path: /instance_groups/name={{segment-name}}/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_port? 13 | value: (( grab meta.nfs.ldap.port )) 14 | - type: replace 15 | path: /instance_groups/name={{segment-name}}/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_proto? 16 | value: (( grab meta.nfs.ldap.proto )) 17 | - type: replace 18 | path: /instance_groups/name={{segment-name}}/jobs/name=nfsv3driver/properties/nfsv3driver/ldap_user_fqdn? 19 | value: (( grab meta.nfs.ldap.fqdn )) 20 | - type: replace 21 | path: /instance_groups/name={{segment-name}}/jobs/name=nfsv3driver/properties/nfsv3driver/allowed-in-source? 22 | value: "" 23 | 24 | -------------------------------------------------------------------------------- /overlay/dynamic-templates/isolation-segment-nfs-ldap-ocfp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | meta: 3 | nfs: 4 | ldap: 5 | user: (( vault meta.vault "/nfs/ldap:user" )) 6 | pass: (( vault meta.vault "/nfs/ldap:pass" )) 7 | host: (( vault meta.vault "/nfs/ldap:host" )) 8 | port: (( vault meta.vault "/nfs/ldap:port" )) 9 | proto: (( vault meta.vault "/nfs/ldap:proto" )) 10 | fqdn: (( vault meta.vault "/nfs/ldap:fqdn" )) 11 | ca: (( vault meta.vault "/nfs/ldap:ca" )) 12 | 13 | bosh-variables: 14 | nfs-ldap-service-user: (( grab meta.nfs.ldap.user )) 15 | nfs-ldap-service-password: (( grab meta.nfs.ldap.pass )) 16 | nfs-ldap-host: (( grab meta.nfs.ldap.host )) 17 | nfs-ldap-port: (( grab meta.nfs.ldap.port )) 18 | nfs-ldap-proto: (( grab meta.nfs.ldap.proto )) 19 | nfs-ldap-fqdn: (( grab meta.nfs.ldap.fqdn )) 20 | 21 | params: 22 | nfs-ldap-service-user: (( grab meta.nfs.ldap.user )) 23 | nfs-ldap-service-password: (( grab meta.nfs.ldap.pass )) 24 | nfs-ldap-host: (( grab meta.nfs.ldap.host )) 25 | nfs-ldap-port: (( grab meta.nfs.ldap.port )) 26 | nfs-ldap-proto: (( grab meta.nfs.ldap.proto )) 27 | nfs-ldap-fqdn: (( grab meta.nfs.ldap.fqdn )) 28 | nfs-ldap-ca-cert: (( grab meta.nfs.ldap.ca )) 29 | -------------------------------------------------------------------------------- /overlay/dynamic-templates/isolation-segment-nfs-ldap-tls.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - name: (( grab meta.name )) 3 | jobs: 4 | - name: nfsv3driver 5 | properties: 6 | nfsv3driver: 7 | ldap_ca_cert: (( grab meta.nfs-ldap-ca-cert || params.nfs-ldap-ca-cert )) 8 | 9 | -------------------------------------------------------------------------------- /overlay/dynamic-templates/isolation-segment-nfs-ldap.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - name: (( grab meta.name )) 3 | jobs: 4 | - name: nfsv3driver 5 | properties: 6 | nfsv3driver: 7 | ldap_svc_user: ((nfs-ldap-service-user)) 8 | ldap_svc_password: ((nfs-ldap-service-password)) 9 | ldap_host: ((nfs-ldap-host)) 10 | ldap_port: ((nfs-ldap-port)) 11 | ldap_proto: ((nfs-ldap-proto)) 12 | ldap_user_fqdn: ((nfs-ldap-fqdn)) 13 | allowed-in-source: "" 14 | -------------------------------------------------------------------------------- /overlay/dynamic-templates/isolation-segment-nfs.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - name: (( grab meta.name )) 3 | jobs: 4 | - name: nfsv3driver 5 | properties: 6 | nfsv3driver: 7 | tls: 8 | ca_cert: ((nfsv3driver_cert.ca)) 9 | client_cert: ((nfsv3driver_client_cert.certificate)) 10 | client_key: ((nfsv3driver_client_cert.private_key)) 11 | server_cert: ((nfsv3driver_cert.certificate)) 12 | server_key: ((nfsv3driver_cert.private_key)) 13 | release: nfs-volume 14 | - name: mapfs 15 | release: mapfs 16 | provides: 17 | mapfs: nil 18 | -------------------------------------------------------------------------------- /overlay/dynamic-templates/isolation-segment-ocfp-trusted-certs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | params: 3 | isolation_segments: 4 | - name: {{segment-name}} 5 | additional_trusted_certs: 6 | - (( append )) 7 | - (( grab meta.ocfp.certs.trusted )) 8 | -------------------------------------------------------------------------------- /overlay/dynamic-templates/isolation-segment-smb.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - name: (( grab meta.name )) 3 | jobs: 4 | - name: smbdriver 5 | properties: 6 | tls: 7 | ca_cert: ((smbdriver_cert.ca)) 8 | client_cert: ((smbdriver_client_cert.certificate)) 9 | client_key: ((smbdriver_client_cert.private_key)) 10 | server_cert: ((smbdriver_cert.certificate)) 11 | server_key: ((smbdriver_cert.private_key)) 12 | release: smb-volume 13 | -------------------------------------------------------------------------------- /overlay/dynamic/.keep: -------------------------------------------------------------------------------- 1 | #placeholder 2 | -------------------------------------------------------------------------------- /overlay/enable-service-discovery.yml: -------------------------------------------------------------------------------- 1 | meta: 2 | internal_app_domains: 3 | - name: apps.internal 4 | internal: true 5 | 6 | instance_groups: 7 | - name: diego-cell 8 | jobs: 9 | - name: bosh-dns-adapter 10 | properties: 11 | internal_domains: ["apps.internal."] 12 | dnshttps: 13 | client: 14 | tls: ((cf_app_sd_client_tls)) 15 | server: 16 | ca: ((cf_app_sd_client_tls.ca)) 17 | release: cf-networking 18 | - name: route_emitter 19 | properties: 20 | internal_routes: 21 | enabled: true 22 | 23 | - name: scheduler 24 | jobs: 25 | - name: service-discovery-controller 26 | properties: 27 | dnshttps: 28 | client: 29 | ca: ((cf_app_sd_server_tls.ca)) 30 | server: 31 | tls: ((cf_app_sd_server_tls)) 32 | release: cf-networking 33 | 34 | variables: 35 | - name: cf_app_sd_ca 36 | options: 37 | common_name: service-discovery-controller.service.cf.internal 38 | is_ca: true 39 | type: certificate 40 | - name: cf_app_sd_server_tls 41 | options: 42 | ca: cf_app_sd_ca 43 | common_name: service-discovery-controller.service.cf.internal 44 | extended_key_usage: 45 | - server_auth 46 | type: certificate 47 | - name: cf_app_sd_client_tls 48 | options: 49 | ca: cf_app_sd_ca 50 | common_name: service-discovery-controller.service.cf.internal 51 | extended_key_usage: 52 | - client_auth 53 | type: certificate 54 | -------------------------------------------------------------------------------- /overlay/identity.yml: -------------------------------------------------------------------------------- 1 | --- # FIXME: This needs to be updates regarding cli versions 2 | instance_groups: 3 | - name: api 4 | jobs: 5 | - name: cloud_controller_ng 6 | properties: 7 | name: (( concat "Cloud Foundry (" genesis.env ")" )) 8 | build: (( concat "cf-genesis-kit v" kit.version )) 9 | support_address: (( grab params.identity_support_address || "https://github.com/genesis-community/cf-genesis-kit" )) 10 | description: (( grab params.identity_description || "Use `genesis info` on environment file for more details" )) 11 | cc: 12 | min_cli_version: "6.23.0" 13 | min_recommended_cli_version: "6.23.0" 14 | -------------------------------------------------------------------------------- /overlay/override-app-domains.yml: -------------------------------------------------------------------------------- 1 | meta: 2 | app_domains: 3 | - (( concat "run." params.base_domain )) 4 | 5 | instance_groups: 6 | - name: api 7 | jobs: 8 | - name: cloud_controller_ng 9 | properties: 10 | app_domains: (( grab params.app_domains )) 11 | - name: smoke-tests 12 | jobs: 13 | - name: smoke_tests 14 | properties: 15 | smoke_tests: 16 | apps_domain: (( grab params.apps_domain )) 17 | -------------------------------------------------------------------------------- /overlay/override-releases/compiled-windows.yml: -------------------------------------------------------------------------------- 1 | --- {} 2 | -------------------------------------------------------------------------------- /overlay/override-releases/compiled.yml: -------------------------------------------------------------------------------- 1 | --- {} 2 | 3 | # releases: 4 | # - name: routing 5 | # sha1: 6feb59ec3e2687b469aa9451ab72a5922baf8025 6 | # stemcell: 7 | # os: ubuntu-jammy 8 | # version: "1.80" 9 | # url: https://storage.googleapis.com/cf-deployment-compiled-releases/routing-0.275.0-ubuntu-jammy-1.80-20230712-204705-863429293.tgz 10 | # version: 0.275.0 11 | # cf-deployment-hotfixes: true 12 | -------------------------------------------------------------------------------- /overlay/override-releases/static-windows.yml: -------------------------------------------------------------------------------- 1 | --- {} 2 | -------------------------------------------------------------------------------- /overlay/override-releases/static.yml: -------------------------------------------------------------------------------- 1 | --- {} 2 | 3 | # releases: 4 | # - name: "routing" 5 | # version: "0.275.0" 6 | # url: "https://bosh.io/d/github.com/cloudfoundry/routing-release?v=0.275.0" 7 | # sha1: "6dd63d1653bf333ea64fca061a3a16d9be2e750f" 8 | # exodus: 9 | # cf-deployment-hotfixes: true 10 | -------------------------------------------------------------------------------- /overlay/routing/haproxy-provided-cert.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # This overlay removes the cert variables added in the haproxy-tls overlay, as 4 | # they will not use the same CA cert. 5 | # 6 | # Relies on overlay/routing/haproxy-tls.yml to be applied first. 7 | 8 | variables: 9 | - (( delete "haproxy_ca" )) 10 | - (( delete "haproxy_ssl" )) 11 | 12 | exodus: 13 | self-signed: false 14 | -------------------------------------------------------------------------------- /overlay/routing/haproxy-public-network.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # This provides the nominal edge network as the default for the dns and gateway 4 | # if HAProxy uses a different network for its ingress addresses. This can't be 5 | # done as a go-patch file as the network name is dynamic, depending on features 6 | # 7 | # Relies on overlay/routing/haproxy.yml to be applied first. 8 | 9 | instance_groups: 10 | - name: haproxy 11 | networks: 12 | - name: (( grab params.cf_edge_network || default)) 13 | default: [dns, gateway] 14 | 15 | -------------------------------------------------------------------------------- /overlay/routing/haproxy-small-footprint.yml: -------------------------------------------------------------------------------- 1 | params: 2 | haproxy_instances: 1 3 | -------------------------------------------------------------------------------- /overlay/routing/haproxy-tls.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # This provides TLS support and the associated variable block to generate the 4 | # required certs. 5 | # 6 | # Relies on overlay/routing/haproxy.yml to be applied first. 7 | 8 | params: 9 | disable_tls_10: true 10 | disable_tls_11: true 11 | 12 | instance_groups: 13 | - name: haproxy 14 | jobs: 15 | - name: haproxy 16 | properties: 17 | ha_proxy: 18 | backend_ca_file: ((router_ssl.ca)) 19 | backend_port: 443 20 | backend_ssl: verify 21 | disable_tls_10: (( grab params.disable_tls_10 )) 22 | disable_tls_11: (( grab params.disable_tls_11 )) 23 | 24 | ssl_pem: ((haproxy_ssl.certificate))((haproxy_ssl.private_key)) 25 | 26 | variables: 27 | - name: haproxy_ca 28 | options: 29 | common_name: haproxyCA 30 | is_ca: true 31 | duration: 3650 32 | type: certificate 33 | - name: haproxy_ssl 34 | options: 35 | alternative_names: 36 | - ((system_domain)) 37 | - '*.((system_domain))' 38 | ca: haproxy_ca 39 | common_name: haproxySSL 40 | extended_key_usage: [server_auth,client_auth] 41 | type: certificate 42 | 43 | exodus: 44 | self-signed: true 45 | 46 | -------------------------------------------------------------------------------- /overlay/ten-year-ca-expiry.yml: -------------------------------------------------------------------------------- 1 | # CAs should last 10 years instead of the default Credhub 1y 2 | variables: 3 | - { name: silk_ca, options: { duration: 3650 } } 4 | - { name: network_policy_ca, options: { duration: 3650 } } 5 | - { name: service_cf_internal_ca, options: { duration: 3650 } } 6 | - { name: loggregator_ca, options: { duration: 3650 } } 7 | - { name: log_cache_ca, options: { duration: 3650 } } 8 | - { name: router_ca, options: { duration: 3650 } } 9 | - { name: routing_api_ca, options: { duration: 3650 } } 10 | - { name: uaa_ca, options: { duration: 3650 } } 11 | - { name: application_ca, options: { duration: 3650 } } 12 | - { name: diego_instance_identity_ca, options: { duration: 3650 } } 13 | - { name: credhub_ca, options: { duration: 3650 } } 14 | - { name: metric_scraper_ca, options: { duration: 3650 } } 15 | -------------------------------------------------------------------------------- /overlay/uaa-branding.yml: -------------------------------------------------------------------------------- 1 | meta: 2 | branding: 3 | product_logo: (( grab params.cf_branding_product_logo || nil )) 4 | square_logo: (( grab params.cf_branding_square_logo || nil )) 5 | footer_legal_text: (( grab params.cf_branding_footer_legal_text || nil )) 6 | footer_links: (( grab params.cf_branding_footer_links || nil )) 7 | 8 | instance_groups: 9 | - name: uaa 10 | jobs: 11 | - name: uaa 12 | properties: 13 | login: 14 | links: 15 | passwd: (( concat "https://login." params.system_domain "/forgot_password" )) 16 | signup: (( concat "https://login." params.system_domain "/create_account" )) 17 | branding: 18 | product_logo: (( grab meta.branding.product_logo )) 19 | square_logo: (( grab meta.branding.square_logo )) 20 | footer_legal_text: (( grab meta.branding.footer_legal_text )) 21 | footer_links: (( grab meta.branding.footer_links )) 22 | 23 | -------------------------------------------------------------------------------- /overlay/upstream_version.yml: -------------------------------------------------------------------------------- 1 | exodus: 2 | cf-deployment-version: 44.4.0 3 | cf-deployment-date: 2024-Nov-11 15:24:29 UTC 4 | cf-deployment-url: https://github.com/cloudfoundry/cf-deployment/releases/tag/v44.4.0 5 | -------------------------------------------------------------------------------- /overlay/windows.yml: -------------------------------------------------------------------------------- 1 | instance_groups: 2 | - name: windows2019-cell 3 | vm_type: (( grab params.windows_diego_cell_vm_type || "small-highmem" )) 4 | networks: 5 | - ((replace)) 6 | - name: ((cf_runtime_network)) 7 | instances: (( grab params.windows_diego_cell_instances || 1)) 8 | azs: (( grab meta.azs )) 9 | jobs: 10 | - name: resize_root_disk 11 | release: windows-resize-root-disk 12 | properties: {} 13 | releases: 14 | - name: windows-resize-root-disk 15 | version: "1.0" 16 | sha1: 8fe1adc3b6b6b68d8a370c576f649929f5452c6a 17 | url: https://github.com/starkandwayne/windows-resize-root-disk/releases/download/v1.0/windows-resize-root-disk-release-1.0.tgz 18 | -------------------------------------------------------------------------------- /spec/credhub_variables/aws.yml: -------------------------------------------------------------------------------- 1 | blobstore_access_key_id: test-access-key 2 | blobstore_secret_access_key: test-secret-access-key -------------------------------------------------------------------------------- /spec/credhub_variables/azure.yml: -------------------------------------------------------------------------------- 1 | blobstore_storage_access_key: test-access-key 2 | blobstore_storage_account_name: test-secret-access-key -------------------------------------------------------------------------------- /spec/credhub_variables/gcp.yml: -------------------------------------------------------------------------------- 1 | gcs_project: test-access-key 2 | gcs_service_account_email: test-secret-access-key 3 | gcs_service_account_json_key: test -------------------------------------------------------------------------------- /spec/credhub_variables/haproxy-tls.yml: -------------------------------------------------------------------------------- 1 | haproxy_ssl: 2 | certificate: test-ssl-cert 3 | private_key: test-ssl-private-key -------------------------------------------------------------------------------- /spec/credhub_variables/isolation-segments-addl-certs.yml: -------------------------------------------------------------------------------- 1 | another-cert-of-dubious-validity: 2 | certificate: first-additional-test-ssl-cert 3 | private_key: first-additional-test-ssl-private-key 4 | some-strange-cert: 5 | certificate: second-additional-test-ssl-cert 6 | private_key: second-additional-test-ssl-private-key 7 | -------------------------------------------------------------------------------- /spec/credhub_variables/isolation-segments-nfs.yml: -------------------------------------------------------------------------------- 1 | nfs-ldap-service-password: ldap-secure-password 2 | -------------------------------------------------------------------------------- /spec/deployments/app-autoscaler-integration.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - app-autoscaler-integration 7 | 8 | genesis: 9 | env: app-autoscaler-integration 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | 14 | -------------------------------------------------------------------------------- /spec/deployments/availability-zones.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - postgres-db # to test deleted instance groups 7 | - ssh-proxy-on-routers 8 | 9 | genesis: 10 | env: availability-zones 11 | 12 | params: 13 | base_domain: cf.testing.examle 14 | availability_zones: [ us-west-2a, us-west-2b, us-west-2c ] 15 | external_db_host: test-external-postgres-db-host 16 | external_db_port: test-port 17 | external_db_username: test-db-username 18 | external_db_password: test-db-password 19 | bbsdb_host: test bbsdb-host 20 | bbsdb_user: test-bbsdb-user 21 | bbsdb_password: test-bbsdb-password 22 | 23 | -------------------------------------------------------------------------------- /spec/deployments/azure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - azure-blobstore 7 | 8 | genesis: 9 | env: azure 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | -------------------------------------------------------------------------------- /spec/deployments/bare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - partitioned-network 7 | - bare 8 | 9 | genesis: 10 | env: bare 11 | 12 | params: 13 | base_domain: cf.testing.examle 14 | 15 | -------------------------------------------------------------------------------- /spec/deployments/blobstore-aws.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - aws-blobstore 7 | 8 | genesis: 9 | env: blobstore-aws 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | blobstore_s3_region: blobstore-s3-region 14 | -------------------------------------------------------------------------------- /spec/deployments/blobstore-azure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - azure-blobstore 7 | 8 | genesis: 9 | env: blobstore-azure 10 | 11 | params: 12 | base_domain: cf.testing.examle -------------------------------------------------------------------------------- /spec/deployments/blobstore-gcp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - gcp-blobstore 7 | 8 | genesis: 9 | env: blobstore-gcp 10 | 11 | params: 12 | base_domain: cf.testing.examle -------------------------------------------------------------------------------- /spec/deployments/blobstore-minio.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - minio-blobstore 7 | 8 | genesis: 9 | env: blobstore-minio 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | blobstore_minio_endpoint: test-minio-endpoint -------------------------------------------------------------------------------- /spec/deployments/compiled-releases.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - compiled-releases 7 | 8 | genesis: 9 | env: compiled-releases 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | -------------------------------------------------------------------------------- /spec/deployments/compiled-windows-releases.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - compiled-releases 7 | - windows-diego-cells 8 | - smb-volume-services 9 | 10 | genesis: 11 | env: compiled-windows-releases 12 | 13 | params: 14 | base_domain: cf.testing.examle 15 | -------------------------------------------------------------------------------- /spec/deployments/container-routing-integrity.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - container-routing-integrity 7 | 8 | genesis: 9 | env: container-routing-integrity 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | 14 | -------------------------------------------------------------------------------- /spec/deployments/dns-service-discovery.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - dns-service-discovery 7 | 8 | genesis: 9 | env: dns-service-discovery 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | 14 | -------------------------------------------------------------------------------- /spec/deployments/haproxy-self-signed.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - haproxy 7 | - self-signed 8 | 9 | genesis: 10 | env: haproxy-self-signed 11 | 12 | params: 13 | base_domain: cf.testing.examle 14 | haproxy_ips: test-ha-proxy-ips 15 | 16 | -------------------------------------------------------------------------------- /spec/deployments/haproxy-tls.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - haproxy 7 | - tls 8 | 9 | genesis: 10 | env: haproxy-tls 11 | 12 | params: 13 | base_domain: cf.testing.examle 14 | haproxy_ips: test-ha-proxy-ips 15 | 16 | -------------------------------------------------------------------------------- /spec/deployments/haproxy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - haproxy 7 | 8 | genesis: 9 | env: haproxy 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | haproxy_ips: test-ha-proxy-ips -------------------------------------------------------------------------------- /spec/deployments/isolation-segments-extended.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.1.2 5 | features: 6 | - isolation-segments 7 | - nfs-volume-services 8 | - nfs-ldap 9 | - cflinuxfs3 10 | 11 | genesis: 12 | env: isolation-segments-extended 13 | 14 | params: 15 | base_domain: cf.testing.example 16 | availability_zones: [zoneA, zoneB, zoneC, zoneD] 17 | diego_cell_vm_type: xlarge 18 | cf_runtime_network: cf-core 19 | isolation_segments: 20 | - name: custom-params-group 21 | azs: 22 | - custom-az 23 | instances: 5 24 | vm_type: small-highmem 25 | stemcell: test 26 | tag: custom-iso-group 27 | vm_extensions: 28 | - 100GB_ephemeral_disk 29 | - cf-router-network-properties 30 | - name: default-params-group 31 | azs: 32 | - z1 33 | network_name: default 34 | tags: 35 | - default-iso-group 36 | - default 37 | 38 | nfs-ldap-fqdn: cn=Users,dc=corp,dc=test,dc=com 39 | nfs-ldap-host: ldap.myhost.com 40 | nfs-ldap-service-user: ldap-user 41 | -------------------------------------------------------------------------------- /spec/deployments/isolation-segments.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.1.2 5 | features: 6 | - isolation-segments 7 | 8 | genesis: 9 | env: isolation-segments 10 | 11 | params: 12 | base_domain: cf.testing.example 13 | isolation_segments: 14 | - name: custom-params-group 15 | azs: 16 | - custom-az 17 | instances: 5 18 | vm_type: small-highmem 19 | stemcell: test 20 | vm_extensions: 21 | - 100GB_ephemeral_disk 22 | - cf-router-network-properties 23 | - name: default-params-group 24 | azs: 25 | - z1 26 | network_name: default 27 | additional_trusted_certs: 28 | - ((some-strange-cert)) 29 | - ((another-cert-of-dubious-validity)) 30 | -------------------------------------------------------------------------------- /spec/deployments/loggregator-forwarder-agent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - loggregator-forwarder-agent 7 | 8 | genesis: 9 | env: loggregator-forwarder-agent 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | 14 | -------------------------------------------------------------------------------- /spec/deployments/mysql-db.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - mysql-db 7 | 8 | genesis: 9 | env: mysql-db 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | external_db_host: test-external-mysql-db-host 14 | external_db_port: test-port 15 | external_db_username: test-db-username 16 | external_db_password: test-db-password 17 | bbsdb_host: test bbsdb-host 18 | bbsdb_user: test-bbsdb-user 19 | bbsdb_password: test-bbsdb-password 20 | 21 | -------------------------------------------------------------------------------- /spec/deployments/native-garden-runc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - native-garden-runc 7 | 8 | genesis: 9 | env: native-garden-runc 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | 14 | -------------------------------------------------------------------------------- /spec/deployments/nfs-volume-services.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - nfs-volume-services 7 | 8 | genesis: 9 | env: nfs-volume-services 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | 14 | -------------------------------------------------------------------------------- /spec/deployments/no-tcp-routers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.3 5 | features: 6 | - no-tcp-routers 7 | 8 | 9 | genesis: 10 | env: no-tcp-routers 11 | 12 | params: 13 | base_domain: cf.testing.example 14 | 15 | -------------------------------------------------------------------------------- /spec/deployments/override-vm-types-and-counts-old-names.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.3 5 | features: [] 6 | 7 | genesis: 8 | env: override-vm-types-and-counts-old-names 9 | 10 | params: 11 | base_domain: cf.testing.example 12 | 13 | postgres_instances: 17 14 | bbs_instances: 18 15 | cell_instances: 19 16 | loggregator_instances: 23 17 | diego_instances: 27 18 | blobstore_instances: 28 19 | 20 | postgres_vm_type: custom_database_vm 21 | bbs_vm_type: custom_diego_api_vm 22 | cell_vm_type: custom_diego_cell_vm 23 | loggregator_vm_type: custom_log_api_vm 24 | diego_vm_type: custom_scheduler_vm 25 | blobstore_vm_type: custom_singleton_blobstore_vm 26 | 27 | # Test errand meta-group 28 | errand_instances: 3 29 | smoke_tests_instances: 29 30 | errand_vm_type: custom_errand_vm 31 | rotate_cc_database_key_vm_type: custom_rotate_cc_database_key_vm 32 | 33 | -------------------------------------------------------------------------------- /spec/deployments/override-vm-types-and-counts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.3 5 | features: [] 6 | 7 | genesis: 8 | env: override-vm-types-and-counts 9 | 10 | params: 11 | base_domain: cf.testing.example 12 | 13 | api_instances: 14 14 | cc_worker_instances: 15 15 | credhub_instances: 16 16 | database_instances: 17 17 | diego_api_instances: 18 18 | diego_cell_instances: 19 19 | doppler_instances: 20 20 | haproxy_instances: 22 21 | log_api_instances: 23 22 | nats_instances: 24 23 | rotate_cc_database_key_instances: 25 24 | router_instances: 26 25 | scheduler_instances: 27 26 | singleton_blobstore_instances: 28 27 | smoke_tests_instances: 29 28 | tcp_router_instances: 30 29 | uaa_instances: 31 30 | 31 | api_vm_type: custom_api_vm 32 | cc_worker_vm_type: custom_cc_worker_vm 33 | credhub_vm_type: custom_credhub_vm 34 | database_vm_type: custom_database_vm 35 | diego_api_vm_type: custom_diego_api_vm 36 | diego_cell_vm_type: custom_diego_cell_vm 37 | doppler_vm_type: custom_doppler_vm 38 | haproxy_vm_type: custom_haproxy_vm 39 | log_api_vm_type: custom_log_api_vm 40 | nats_vm_type: custom_nats_vm 41 | rotate_cc_database_key_vm_type: custom_rotate_cc_database_key_vm 42 | router_vm_type: custom_router_vm 43 | scheduler_vm_type: custom_scheduler_vm 44 | singleton_blobstore_vm_type: custom_singleton_blobstore_vm 45 | smoke_tests_vm_type: custom_smoke_tests_vm 46 | tcp_router_vm_type: custom_tcp_router_vm 47 | uaa_vm_type: custom_uaa_vm 48 | -------------------------------------------------------------------------------- /spec/deployments/postgres-db.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - postgres-db 7 | 8 | genesis: 9 | env: postgres-db 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | external_db_host: test-external-postgres-db-host 14 | external_db_port: test-port 15 | external_db_username: test-db-username 16 | external_db_password: test-db-password 17 | bbsdb_host: test bbsdb-host 18 | bbsdb_user: test-bbsdb-user 19 | bbsdb_password: test-bbsdb-password 20 | 21 | -------------------------------------------------------------------------------- /spec/deployments/router-synergy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - small-footprint 7 | - ssh-proxy-on-routers 8 | - haproxy 9 | - self-signed 10 | - tls 11 | - no-tcp-routers 12 | - cf-deployment/operations/enable-service-discovery 13 | 14 | genesis: 15 | env: router-synergy 16 | 17 | params: 18 | base_domain: cf.testing.example 19 | haproxy_ips: test-ha-proxy-ips 20 | availability_zones: [ us-west-2a, us-west-2b, us-west-2c ] 21 | 22 | -------------------------------------------------------------------------------- /spec/deployments/routing-api.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - routing-api 7 | 8 | genesis: 9 | env: routing-api 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | 14 | -------------------------------------------------------------------------------- /spec/deployments/small-footprint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - haproxy 7 | - small-footprint 8 | 9 | genesis: 10 | env: small-footprint 11 | 12 | params: 13 | base_domain: cf.testing.examle 14 | availability_zones: 15 | - z2 16 | haproxy_ips: test-ha-proxy-ips 17 | -------------------------------------------------------------------------------- /spec/deployments/upgrade-from-v1-with-db-override-names.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.3 5 | features: 6 | - ssh-proxy-on-routers 7 | - local-postgres-db 8 | 9 | genesis: 10 | env: upgrade-from-v1-with-db-override-names 11 | 12 | params: 13 | base_domain: cf.testing.examle 14 | 15 | availability_zones: [ z1, z2, z3, z4 ] 16 | -------------------------------------------------------------------------------- /spec/deployments/upgraded-from-v1-with-204-overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.4 5 | features: 6 | - ssh-proxy-on-routers 7 | - local-postgres-db 8 | - v2-nats-credentials # Use v2 nats name - added in v2.0.4 9 | 10 | genesis: 11 | env: upgraded-from-v1-with-204-overrides 12 | 13 | params: 14 | base_domain: cf.testing.examle 15 | 16 | availability_zones: [ z1, z2, z3, z4 ] 17 | 18 | # Override blobstore bucket to use v2 naming - added in v2.0.4 19 | meta: 20 | blobstore_bucket_path: 21 | app-packages: (( concat meta.blobstore_bucket_prefix "-app-packages-" meta.blobstore_bucket_suffix )) 22 | -------------------------------------------------------------------------------- /spec/deployments/upgraded-from-v1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.3 5 | features: 6 | - ssh-proxy-on-routers 7 | 8 | genesis: 9 | env: upgraded-from-v1 10 | 11 | params: 12 | base_domain: cf.testing.examle 13 | 14 | availability_zones: [ z1, z2, z3, z4 ] 15 | -------------------------------------------------------------------------------- /spec/deployments/upgrading-to-v2-with-204-overrides.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.4 5 | features: 6 | - ssh-proxy-on-routers 7 | - local-postgres-db 8 | - v2-nats-credentials # Use v2 nats name - added in v2.0.4 9 | 10 | genesis: 11 | env: upgrading-to-v2-with-204-overrides 12 | 13 | params: 14 | base_domain: cf.testing.examle 15 | 16 | # Override blobstore bucket to use v2 naming - added in v2.0.4 17 | meta: 18 | blobstore_bucket_path: 19 | app-packages: (( concat meta.blobstore_bucket_prefix "-app-packages-" meta.blobstore_bucket_suffix )) 20 | -------------------------------------------------------------------------------- /spec/deployments/upgrading-to-v2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.3 5 | features: [] 6 | 7 | genesis: 8 | env: upgrading-to-v2 9 | 10 | params: 11 | base_domain: cf.testing.example 12 | -------------------------------------------------------------------------------- /spec/deployments/windows-and-smb-support.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kit: 3 | name: dev 4 | version: 2.0.0 5 | features: 6 | - windows-diego-cells 7 | - smb-volume-services 8 | 9 | genesis: 10 | env: windows-and-smb-support 11 | 12 | params: 13 | base_domain: cf.testing.examle 14 | -------------------------------------------------------------------------------- /spec/exodus/migrated.yml: -------------------------------------------------------------------------------- 1 | --- 2 | cf: 3 | kit_name: cf 4 | kit_version: 2.0.2 5 | migrated_v1_env: "1" 6 | -------------------------------------------------------------------------------- /spec/exodus/v1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | cf: 3 | kit_name: cf 4 | kit_version: 1.10.4 5 | -------------------------------------------------------------------------------- /spec/spec_suite_test.go: -------------------------------------------------------------------------------- 1 | package spec_test 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestSpec(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "CF Genesis Kit Spec Suite") 13 | } 14 | -------------------------------------------------------------------------------- /spec/vault/app-autoscaler-integration.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/availability-zones.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/azure.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/bare.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/blobstore-aws.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/blobstore-azure.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/blobstore-gcp.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/blobstore-minio.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/compiled-releases.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/compiled-windows-releases.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/container-routing-integrity.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/dns-service-discovery.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/haproxy-self-signed.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/haproxy-tls.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/haproxy.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/isolation-segments-extended.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/isolation-segments.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/loggregator-forwarder-agent.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/mysql-db.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/native-garden-runc.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/nfs-volume-services.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/no-tcp-routers.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/override-vm-types-and-counts-old-names.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/override-vm-types-and-counts.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/postgres-db.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/router-synergy.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/routing-api.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/small-footprint.yml: -------------------------------------------------------------------------------- 1 | secret/handshake: 2 | knock: 3 | -------------------------------------------------------------------------------- /spec/vault/upgrade-from-v1-with-db-override-names.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/upgraded-from-v1-with-204-overrides.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/upgraded-from-v1.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/upgraded-v1.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/upgrading-to-v2-with-204-overrides.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/upgrading-to-v2.yml: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /spec/vault/windows-and-smb-support.yml: -------------------------------------------------------------------------------- 1 | {} --------------------------------------------------------------------------------