├── .DS_Store ├── .gitignore ├── LICENSE ├── README.md ├── deploy_pcf ├── .DS_Store ├── 1.12 │ ├── ert-resources-srt.json.erb │ ├── ert-resources.json.erb │ ├── gcp_bosh_config.yml.erb │ ├── gcp_cf.yml.erb │ ├── gcp_cf_resources.json.erb │ ├── gcp_cf_resources_srt.json.erb │ └── vsphere_cf.yml.erb ├── 2.0 │ ├── ert-resources-srt.json.erb │ ├── ert-resources.json.erb │ ├── gcp_bosh_config.yml.erb │ ├── gcp_cf.yml.erb │ ├── gcp_cf_resources.json.erb │ ├── gcp_cf_resources_srt.json.erb │ └── vsphere_cf.yml.erb ├── 2.1 │ ├── ert-resources-srt.json.erb │ ├── ert-resources.json.erb │ ├── gcp_bosh_config.yml.erb │ ├── gcp_cf.yml.erb │ ├── gcp_cf_resources.json.erb │ ├── gcp_cf_resources_srt.json.erb │ └── vsphere_cf.yml.erb ├── 2.2 │ ├── ert-resources-srt.json.erb │ ├── ert-resources.json.erb │ ├── gcp_bosh_config.yml.erb │ ├── gcp_cf.yml.erb │ ├── gcp_cf_resources.json.erb │ ├── gcp_cf_resources_srt.json.erb │ └── vsphere_cf.yml.erb ├── 2.3 │ ├── ert-resources-srt.json.erb │ ├── ert-resources.json.erb │ ├── gcp_bosh_config.yml.erb │ ├── gcp_cf.yml.erb │ ├── gcp_cf_resources.json.erb │ ├── gcp_cf_resources_srt.json.erb │ └── vsphere_cf.yml.erb ├── 2.4 │ ├── ert-resources-srt.json.erb │ ├── ert-resources.json.erb │ ├── gcp_cf.yml.erb │ ├── gcp_cf_resources.json.erb │ ├── gcp_cf_resources_srt.json.erb │ └── vsphere_cf.yml.erb ├── 2.5 │ ├── ert-resources-srt.json.erb │ ├── ert-resources.json.erb │ ├── gcp_cf.yml.erb │ ├── gcp_cf_resources.json.erb │ ├── gcp_cf_resources_srt.json.erb │ └── vsphere_cf.yml.erb ├── 2.6 │ ├── ert-resources-srt.json.erb │ ├── ert-resources.json.erb │ ├── gcp_cf.yml.erb │ ├── gcp_cf_resources.json.erb │ ├── gcp_cf_resources_srt.json.erb │ └── vsphere_cf.yml.erb ├── 2.7 │ ├── ert-resources-srt.json.erb │ ├── ert-resources.json.erb │ ├── gcp_cf.yml.erb │ ├── gcp_cf_resources.json.erb │ ├── gcp_cf_resources_srt.json.erb │ └── vsphere_cf.yml.erb ├── 3.0 │ ├── ert-resources-srt.json.erb │ ├── ert-resources.json.erb │ ├── gcp_cf.yml.erb │ ├── gcp_cf_resources.json.erb │ ├── gcp_cf_resources_srt.json.erb │ └── vsphere_cf.yml.erb ├── README.md ├── append_custom_vm_type.rb ├── aws_dns_delegate_ns.json.erb ├── default │ ├── custom_vm_types.json │ ├── gcp_bosh_config.yml.erb │ ├── openstack-ert-resources.json.erb │ ├── openstack_bosh_config.yml.erb │ ├── openstack_cf.yml.erb │ └── vsphere_bosh_config.yml.erb ├── gcp_istio_router_lb_override.tf ├── gcp_ops_manager_image_timeout_override.tf ├── gcp_ops_manager_service_account_override.tf ├── gcp_tcp_lb_dns_pks_override.tf.erb ├── gcp_use_public_ops_manager_image_override.tf ├── gcp_ws_lb_dns_override.tf.erb ├── generate_minimal_ert_resource_list.rb ├── has_custom_vm_types.rb ├── mk_ssl_cert_key.sh ├── opsman_settings.json.erb ├── pks │ ├── .DS_Store │ ├── gcp_bosh_pks_subnet_config.yml.erb │ ├── gcp_pks.yml.erb │ ├── gcp_service_account_override.tf │ └── vsphere_pks.yml.erb ├── terraform.aws.route53.tf ├── terraform.openstack.tfvars.erb ├── terraform.tfvars.erb ├── upload_root_ca_to_credhub.sh └── upload_tiles_to_opsman.sh └── scripts ├── certbot_authenticator.sh ├── certbot_cleanup.sh ├── credhub-tfstate ├── metrics_pipeline └── task_pipeline_metrics.yml ├── nimbus-bosh-config.yml ├── nimbus-tas-config.yml ├── nimbus_dual_networks.rb ├── nimbus_vc70_dual_networks.rb ├── nimbus_vcenter67.rb ├── nimbus_vcenter70.rb ├── pcf-internetless.sh ├── readme.md ├── update_tracker_service.rb ├── update_tracker_service.yml └── vault-tfstate /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pivotal-cf/toolsmiths-shared-scripts/9e0b6171bf37a960094149c1e5c1bb7287328ce2/.DS_Store -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | credentials.yml 2 | *secret* 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Creating a new shared-scripts version: 2 | 3 | * Find the most recent version tag. 4 | * Increment that version number by one. 5 | * Apply that tag '$NEW_VERSION' to the git commit you want to version. 6 | * Push the changes to github. 7 | 8 | ``` 9 | git tag v1.0.12 11866e5a5e68ab4f292d0d99f2c183d086dd2a4a 10 | git push 11 | git push --tags 12 | ``` 13 | 14 | * Then we should update the versions used in our app 15 | 16 | ``` 17 | update pcf_versions 18 | set script_version = 'v1.0.12' 19 | where script_version = 'v1.0.11' 20 | ``` 21 | AND 22 | ``` 23 | update pks_versions 24 | set script_version = 'v1.0.12' 25 | where script_version = 'v1.0.11' 26 | ``` 27 | -------------------------------------------------------------------------------- /deploy_pcf/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pivotal-cf/toolsmiths-shared-scripts/9e0b6171bf37a960094149c1e5c1bb7287328ce2/deploy_pcf/.DS_Store -------------------------------------------------------------------------------- /deploy_pcf/1.12/ert-resources-srt.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "backup-prepare": { 3 | "instances": 0 4 | }, 5 | "mysql_monitor": { 6 | "instances": 0 7 | }, 8 | "ha_proxy": { 9 | "instances": 1 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /deploy_pcf/1.12/ert-resources.json.erb: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /deploy_pcf/1.12/gcp_bosh_config.yml.erb: -------------------------------------------------------------------------------- 1 | <% 2 | require 'ipaddr' 3 | azs=`terraform output azs`.strip.split(",\n") 4 | azs.rotate!(1) 5 | region=`terraform output region`.strip 6 | network_name=`terraform output network_name`.strip 7 | management_subnet_name=`terraform output management_subnet_name`.strip 8 | management_subnet_cidrs=`terraform output management_subnet_cidrs`.strip 9 | management_subnet_range=IPAddr.new(management_subnet_cidrs).to_range() 10 | management_subnet_gateway=`terraform output management_subnet_gateway`.strip 11 | pas_subnet_name=`terraform output pas_subnet_name`.strip 12 | pas_subnet_cidrs=`terraform output pas_subnet_cidrs`.strip 13 | pas_subnet_range=IPAddr.new(pas_subnet_cidrs).to_range() 14 | pas_subnet_gateway=`terraform output pas_subnet_gateway`.strip 15 | services_subnet_name=`terraform output services_subnet_name`.strip 16 | services_subnet_cidrs=`terraform output services_subnet_cidrs`.strip 17 | services_subnet_range=IPAddr.new(services_subnet_cidrs).to_range() 18 | services_subnet_gateway=`terraform output services_subnet_gateway`.strip 19 | -%> 20 | 21 | director-configuration: 22 | ntp_servers_string: "169.254.169.254" 23 | az-configuration: 24 | - name: <%= azs[0] %> 25 | - name: <%= azs[1] %> 26 | - name: <%= azs[2] %> 27 | iaas-configuration: 28 | project: <%= ENV.fetch('GCP_PROJECT_NAME') %> 29 | default_deployment_tag: <%= ENV.fetch('DEFAULT_DEPLOYMENT_TAG') %> 30 | auth_json: <%= ENV.fetch('GCP_SERVICE_ACCOUNT_KEY').inspect %> 31 | network-assignment: 32 | singleton_availability_zone: 33 | name: <%= azs[0] %> 34 | network: 35 | name: <%= management_subnet_name %> 36 | networks-configuration: 37 | icmp_checks_enabled: false 38 | networks: 39 | - name: <%= management_subnet_name %> 40 | subnets: 41 | - iaas_identifier: <%= network_name %>/<%= management_subnet_name %>/<%= region %> 42 | cidr: <%= management_subnet_cidrs %> 43 | reserved_ip_ranges: <%= management_subnet_range.entries[0] %>-<%= management_subnet_range.entries[4] %> 44 | dns: 8.8.8.8 45 | gateway: <%= management_subnet_gateway %> 46 | availability_zone_names: <%= azs %> 47 | - name: <%= pas_subnet_name %> 48 | subnets: 49 | - iaas_identifier: <%= network_name %>/<%= pas_subnet_name %>/<%= region %> 50 | cidr: <%= pas_subnet_cidrs %> 51 | reserved_ip_ranges: <%= pas_subnet_range.entries[0] %>-<%= pas_subnet_range.entries[4] %> 52 | dns: 8.8.8.8 53 | gateway: <%= pas_subnet_gateway %> 54 | availability_zone_names: <%= azs %> 55 | - name: <%= services_subnet_name %> 56 | service_network: true 57 | subnets: 58 | - iaas_identifier: <%= network_name %>/<%= services_subnet_name %>/<%= region %> 59 | cidr: <%= services_subnet_cidrs %> 60 | reserved_ip_ranges: <%= services_subnet_range.entries[0] %>-<%= services_subnet_range.entries[4] %> 61 | dns: 169.254.169.254 62 | gateway: <%= services_subnet_gateway %> 63 | availability_zone_names: <%= azs %> 64 | security-configuration: 65 | trusted_certificates: <%= ENV.fetch('OM_CA_CERT').dump %> 66 | -------------------------------------------------------------------------------- /deploy_pcf/1.12/gcp_cf.yml.erb: -------------------------------------------------------------------------------- 1 | <% cf_azs=`terraform output azs`.strip.split(",\n") 2 | cf_azs.rotate!(1) 3 | pas_subnet_name=`terraform output pas_subnet_name`.strip %> 4 | 5 | product-properties: 6 | .cloud_controller.system_domain: 7 | value: sys.<%= ENV.fetch('DOMAIN') %> 8 | .cloud_controller.apps_domain: 9 | value: apps.<%= ENV.fetch('DOMAIN') %> 10 | .properties.networking_point_of_entry: 11 | value: external_ssl 12 | .properties.haproxy_forward_tls: 13 | value: disable 14 | .properties.gorouter_ssl_ciphers: 15 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 16 | .properties.haproxy_ssl_ciphers: 17 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 18 | .properties.networking_poe_ssl_cert: 19 | value: 20 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 21 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 22 | .properties.routing_frontend_idle_timeout: 23 | value: 540 24 | .properties.security_acknowledgement: 25 | value: X 26 | .properties.system_blobstore: 27 | value: internal 28 | .properties.tcp_routing: 29 | value: disable 30 | .mysql_monitor.recipient_email: 31 | value: test@example.com 32 | .uaa.service_provider_key_credentials: 33 | value: 34 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 35 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 36 | network-properties: 37 | singleton_availability_zone: 38 | name: <%= cf_azs[0] %> 39 | other_availability_zones: 40 | - name: <%= cf_azs[0] %> 41 | network: 42 | name: <%= pas_subnet_name %> 43 | 44 | -------------------------------------------------------------------------------- /deploy_pcf/1.12/gcp_cf_resources.json.erb: -------------------------------------------------------------------------------- 1 | <% tcp_router=`terraform output tcp_router_pool`.strip 2 | http_lb=`terraform output http_lb_backend_name`.strip 3 | ws_router=`terraform output ws_router_pool`.strip 4 | ssh_router=`terraform output ssh_router_pool`.strip %> 5 | 6 | { 7 | "tcp_router": { 8 | "elb_names": [ 9 | "tcp:<%= tcp_router %>" 10 | ] 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "http:<%= http_lb %>", 16 | "tcp:<%= ws_router %>" 17 | ] 18 | }, 19 | "diego_brain": { 20 | "instances": 1, 21 | "elb_names": [ 22 | "tcp:<%= ssh_router %>" 23 | ] 24 | }, 25 | "ha_proxy": { 26 | "instances": 0 27 | }, 28 | "diego_cell": { 29 | "instances": 1, 30 | "instance_type": { 31 | "id": "toolsmiths.n1-highmem-2.128" 32 | } 33 | }, 34 | "uaa": { 35 | "instances": 1, 36 | "instance_type": { 37 | "id": "toolsmiths.custom-1-2.32" 38 | } 39 | }, 40 | "cloud_controller": { 41 | "instances": 1, 42 | "instance_type": { 43 | "id": "toolsmiths.custom-1-4.32" 44 | } 45 | }, 46 | "nfs_server": { 47 | "instances": 1, 48 | "instance_type": { 49 | "id": "medium.disk" 50 | } 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /deploy_pcf/1.12/gcp_cf_resources_srt.json.erb: -------------------------------------------------------------------------------- 1 | <% http_lb=`terraform output http_lb_backend_name`.strip 2 | ws_router=`terraform output ws_router_pool`.strip 3 | ssh_router=`terraform output ssh_router_pool`.strip %> 4 | 5 | { 6 | "backup-prepare": { 7 | "instances": 0 8 | }, 9 | "mysql_monitor": { 10 | "instances": 0 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "http:<%= http_lb %>", 16 | "tcp:<%= ws_router %>" 17 | ] 18 | }, 19 | "control": { 20 | "instances": 1, 21 | "elb_names": [ 22 | "tcp:<%= ssh_router %>" 23 | ] 24 | }, 25 | "compute": { 26 | "instances": 1, 27 | "instance_type": { 28 | "id": "toolsmiths.n1-highmem-2.128" 29 | } 30 | }, 31 | "blobstore": { 32 | "instances": 1, 33 | "instance_type": { 34 | "id": "medium.disk" 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /deploy_pcf/1.12/vsphere_cf.yml.erb: -------------------------------------------------------------------------------- 1 | product-properties: 2 | .properties.security_acknowledgement: 3 | type: string 4 | value: I agree 5 | .mysql_monitor.recipient_email: 6 | type: string 7 | value: bogus@this.is.just.a.placeholder.pivotal.io 8 | .cloud_controller.system_domain: 9 | type: wildcard_domain 10 | value: sys.<%= ENV.fetch('DOMAIN') %> 11 | .cloud_controller.apps_domain: 12 | type: wildcard_domain 13 | value: apps.<%= ENV.fetch('DOMAIN') %> 14 | .ha_proxy.static_ips: 15 | type: ip_ranges 16 | value: <%= ENV.fetch('HAPROXY_IP') %> 17 | .ha_proxy.skip_cert_verify: 18 | type: boolean 19 | value: true 20 | .properties.haproxy_forward_tls: 21 | value: disable 22 | .properties.gorouter_ssl_ciphers: 23 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 24 | .properties.haproxy_ssl_ciphers: 25 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 26 | .properties.networking_poe_ssl_cert: 27 | value: 28 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 29 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 30 | .uaa.service_provider_key_credentials: 31 | value: 32 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 33 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 34 | -------------------------------------------------------------------------------- /deploy_pcf/2.0/ert-resources-srt.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "backup-prepare": { 3 | "instances": 0 4 | }, 5 | "mysql_monitor": { 6 | "instances": 0 7 | }, 8 | "ha_proxy": { 9 | "instances": 1 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /deploy_pcf/2.0/ert-resources.json.erb: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /deploy_pcf/2.0/gcp_bosh_config.yml.erb: -------------------------------------------------------------------------------- 1 | <% 2 | require 'ipaddr' 3 | azs=`terraform output azs`.strip.split(",\n") 4 | azs.rotate!(1) 5 | region=`terraform output region`.strip 6 | network_name=`terraform output network_name`.strip 7 | management_subnet_name=`terraform output management_subnet_name`.strip 8 | management_subnet_cidrs=`terraform output management_subnet_cidrs`.strip 9 | management_subnet_range=IPAddr.new(management_subnet_cidrs).to_range() 10 | management_subnet_gateway=`terraform output management_subnet_gateway`.strip 11 | pas_subnet_name=`terraform output pas_subnet_name`.strip 12 | pas_subnet_cidrs=`terraform output pas_subnet_cidrs`.strip 13 | pas_subnet_range=IPAddr.new(pas_subnet_cidrs).to_range() 14 | pas_subnet_gateway=`terraform output pas_subnet_gateway`.strip 15 | services_subnet_name=`terraform output services_subnet_name`.strip 16 | services_subnet_cidrs=`terraform output services_subnet_cidrs`.strip 17 | services_subnet_range=IPAddr.new(services_subnet_cidrs).to_range() 18 | services_subnet_gateway=`terraform output services_subnet_gateway`.strip 19 | -%> 20 | 21 | director-configuration: 22 | ntp_servers_string: "169.254.169.254" 23 | az-configuration: 24 | - name: <%= azs[0] %> 25 | - name: <%= azs[1] %> 26 | - name: <%= azs[2] %> 27 | iaas-configuration: 28 | project: <%= ENV.fetch('GCP_PROJECT_NAME') %> 29 | default_deployment_tag: <%= ENV.fetch('DEFAULT_DEPLOYMENT_TAG') %> 30 | auth_json: <%= ENV.fetch('GCP_SERVICE_ACCOUNT_KEY').inspect %> 31 | network-assignment: 32 | singleton_availability_zone: 33 | name: <%= azs[0] %> 34 | network: 35 | name: <%= management_subnet_name %> 36 | networks-configuration: 37 | icmp_checks_enabled: false 38 | networks: 39 | - name: <%= management_subnet_name %> 40 | subnets: 41 | - iaas_identifier: <%= network_name %>/<%= management_subnet_name %>/<%= region %> 42 | cidr: <%= management_subnet_cidrs %> 43 | reserved_ip_ranges: <%= management_subnet_range.entries[0] %>-<%= management_subnet_range.entries[4] %> 44 | dns: 8.8.8.8 45 | gateway: <%= management_subnet_gateway %> 46 | availability_zone_names: <%= azs %> 47 | - name: <%= pas_subnet_name %> 48 | subnets: 49 | - iaas_identifier: <%= network_name %>/<%= pas_subnet_name %>/<%= region %> 50 | cidr: <%= pas_subnet_cidrs %> 51 | reserved_ip_ranges: <%= pas_subnet_range.entries[0] %>-<%= pas_subnet_range.entries[4] %> 52 | dns: 8.8.8.8 53 | gateway: <%= pas_subnet_gateway %> 54 | availability_zone_names: <%= azs %> 55 | - name: <%= services_subnet_name %> 56 | service_network: true 57 | subnets: 58 | - iaas_identifier: <%= network_name %>/<%= services_subnet_name %>/<%= region %> 59 | cidr: <%= services_subnet_cidrs %> 60 | reserved_ip_ranges: <%= services_subnet_range.entries[0] %>-<%= services_subnet_range.entries[4] %> 61 | dns: 169.254.169.254 62 | gateway: <%= services_subnet_gateway %> 63 | availability_zone_names: <%= azs %> 64 | security-configuration: 65 | trusted_certificates: <%= ENV.fetch('OM_CA_CERT').dump %> 66 | -------------------------------------------------------------------------------- /deploy_pcf/2.0/gcp_cf.yml.erb: -------------------------------------------------------------------------------- 1 | <% buildpacks_bucket=`terraform output buildpacks_bucket`.strip 2 | droplets_bucket=`terraform output droplets_bucket`.strip 3 | packages_bucket=`terraform output packages_bucket`.strip 4 | resources_bucket=`terraform output resources_bucket`.strip 5 | project=`terraform output project`.strip 6 | service_account_email=`terraform output service_account_email`.strip 7 | cf_azs=`terraform output azs`.strip.split(",\n") 8 | cf_azs.rotate!(1) 9 | pas_subnet_name=`terraform output pas_subnet_name`.strip %> 10 | 11 | product-properties: 12 | .cloud_controller.system_domain: 13 | value: sys.<%= ENV.fetch('DOMAIN') %> 14 | .cloud_controller.apps_domain: 15 | value: apps.<%= ENV.fetch('DOMAIN') %> 16 | .properties.haproxy_forward_tls: 17 | value: disable 18 | .properties.gorouter_ssl_ciphers: 19 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 20 | .properties.haproxy_ssl_ciphers: 21 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 22 | .properties.networking_poe_ssl_certs: 23 | value: 24 | - name: certificate 25 | certificate: 26 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 27 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 28 | .router.frontend_idle_timeout: 29 | value: 540 30 | .properties.credhub_key_encryption_passwords: 31 | value: 32 | - name: primary-encryption-key 33 | key: 34 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 35 | primary: true 36 | .properties.secure_service_instance_credentials: 37 | type: boolean 38 | value: true 39 | .properties.security_acknowledgement: 40 | value: X 41 | .properties.system_blobstore: 42 | value: internal 43 | .properties.tcp_routing: 44 | value: disable 45 | .mysql_monitor.recipient_email: 46 | value: test@example.com 47 | .uaa.service_provider_key_credentials: 48 | value: 49 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 50 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 51 | network-properties: 52 | singleton_availability_zone: 53 | name: <%= cf_azs[0] %> 54 | other_availability_zones: 55 | - name: <%= cf_azs[0] %> 56 | network: 57 | name: <%= pas_subnet_name %> 58 | -------------------------------------------------------------------------------- /deploy_pcf/2.0/gcp_cf_resources.json.erb: -------------------------------------------------------------------------------- 1 | <% tcp_router=`terraform output tcp_router_pool`.strip 2 | http_lb=`terraform output http_lb_backend_name`.strip 3 | ws_router=`terraform output ws_router_pool`.strip 4 | ssh_router=`terraform output ssh_router_pool`.strip %> 5 | 6 | { 7 | "tcp_router": { 8 | "elb_names": [ 9 | "tcp:<%= tcp_router %>" 10 | ] 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "http:<%= http_lb %>", 16 | "tcp:<%= ws_router %>" 17 | ] 18 | }, 19 | "diego_brain": { 20 | "instances": 1, 21 | "elb_names": [ 22 | "tcp:<%= ssh_router %>" 23 | ] 24 | }, 25 | "ha_proxy": { 26 | "instances": 0 27 | }, 28 | "diego_cell": { 29 | "instances": 1, 30 | "instance_type": { 31 | "id": "toolsmiths.n1-highmem-2.128" 32 | } 33 | }, 34 | "uaa": { 35 | "instances": 1, 36 | "instance_type": { 37 | "id": "toolsmiths.custom-1-2.32" 38 | } 39 | }, 40 | "cloud_controller": { 41 | "instances": 1, 42 | "instance_type": { 43 | "id": "toolsmiths.custom-1-4.32" 44 | } 45 | }, 46 | "credhub": { 47 | "instances": 1 48 | }, 49 | "nfs_server": { 50 | "instances": 1, 51 | "instance_type": { 52 | "id": "medium.disk" 53 | } 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /deploy_pcf/2.0/gcp_cf_resources_srt.json.erb: -------------------------------------------------------------------------------- 1 | <% http_lb=`terraform output http_lb_backend_name`.strip 2 | ws_router=`terraform output ws_router_pool`.strip 3 | ssh_router=`terraform output ssh_router_pool`.strip %> 4 | 5 | { 6 | "backup-prepare": { 7 | "instances": 0 8 | }, 9 | "mysql_monitor": { 10 | "instances": 0 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "http:<%= http_lb %>", 16 | "tcp:<%= ws_router %>" 17 | ] 18 | }, 19 | "control": { 20 | "instances": 1, 21 | "elb_names": [ 22 | "tcp:<%= ssh_router %>" 23 | ] 24 | }, 25 | "compute": { 26 | "instances": 1, 27 | "instance_type": { 28 | "id": "toolsmiths.n1-highmem-2.128" 29 | } 30 | }, 31 | "blobstore": { 32 | "instances": 1, 33 | "instance_type": { 34 | "id": "medium.disk" 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /deploy_pcf/2.0/vsphere_cf.yml.erb: -------------------------------------------------------------------------------- 1 | product-properties: 2 | .properties.security_acknowledgement: 3 | type: string 4 | value: I agree 5 | .mysql_monitor.recipient_email: 6 | type: string 7 | value: bogus@this.is.just.a.placeholder.pivotal.io 8 | .cloud_controller.system_domain: 9 | type: wildcard_domain 10 | value: sys.<%= ENV.fetch('DOMAIN') %> 11 | .cloud_controller.apps_domain: 12 | type: wildcard_domain 13 | value: apps.<%= ENV.fetch('DOMAIN') %> 14 | .ha_proxy.static_ips: 15 | type: ip_ranges 16 | value: <%= ENV.fetch('HAPROXY_IP') %> 17 | .ha_proxy.skip_cert_verify: 18 | type: boolean 19 | value: true 20 | .properties.credhub_key_encryption_passwords: 21 | value: 22 | - name: primary-encryption-key 23 | key: 24 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 25 | primary: true 26 | .properties.secure_service_instance_credentials: 27 | type: boolean 28 | value: true 29 | .properties.haproxy_forward_tls: 30 | value: disable 31 | .properties.gorouter_ssl_ciphers: 32 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 33 | .properties.haproxy_ssl_ciphers: 34 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 35 | .properties.networking_poe_ssl_certs: 36 | value: 37 | - name: certificate 38 | certificate: 39 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 40 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 41 | .uaa.service_provider_key_credentials: 42 | value: 43 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 44 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 45 | -------------------------------------------------------------------------------- /deploy_pcf/2.1/ert-resources-srt.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "backup-prepare": { 3 | "instances": 0 4 | }, 5 | "mysql_monitor": { 6 | "instances": 0 7 | }, 8 | "ha_proxy": { 9 | "instances": 1 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /deploy_pcf/2.1/ert-resources.json.erb: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /deploy_pcf/2.1/gcp_bosh_config.yml.erb: -------------------------------------------------------------------------------- 1 | <% 2 | require 'ipaddr' 3 | azs=`terraform output azs`.strip.split(",\n") 4 | azs.rotate!(1) 5 | region=`terraform output region`.strip 6 | network_name=`terraform output network_name`.strip 7 | management_subnet_name=`terraform output management_subnet_name`.strip 8 | management_subnet_cidrs=`terraform output management_subnet_cidrs`.strip 9 | management_subnet_range=IPAddr.new(management_subnet_cidrs).to_range() 10 | management_subnet_gateway=`terraform output management_subnet_gateway`.strip 11 | pas_subnet_name=`terraform output pas_subnet_name`.strip 12 | pas_subnet_cidrs=`terraform output pas_subnet_cidrs`.strip 13 | pas_subnet_range=IPAddr.new(pas_subnet_cidrs).to_range() 14 | pas_subnet_gateway=`terraform output pas_subnet_gateway`.strip 15 | services_subnet_name=`terraform output services_subnet_name`.strip 16 | services_subnet_cidrs=`terraform output services_subnet_cidrs`.strip 17 | services_subnet_range=IPAddr.new(services_subnet_cidrs).to_range() 18 | services_subnet_gateway=`terraform output services_subnet_gateway`.strip 19 | -%> 20 | 21 | security-configuration: 22 | trusted_certificates: <%= ENV.fetch('OM_CA_CERT', "").dump %> 23 | director-configuration: 24 | ntp_servers_string: "169.254.169.254" 25 | az-configuration: 26 | - name: <%= azs[0] %> 27 | - name: <%= azs[1] %> 28 | - name: <%= azs[2] %> 29 | iaas-configuration: 30 | project: <%= ENV.fetch('GCP_PROJECT_NAME') %> 31 | default_deployment_tag: <%= ENV.fetch('DEFAULT_DEPLOYMENT_TAG') %> 32 | auth_json: <%= ENV.fetch('GCP_SERVICE_ACCOUNT_KEY').inspect %> 33 | network-assignment: 34 | singleton_availability_zone: 35 | name: <%= azs[0] %> 36 | network: 37 | name: <%= management_subnet_name %> 38 | networks-configuration: 39 | icmp_checks_enabled: false 40 | networks: 41 | - name: <%= management_subnet_name %> 42 | subnets: 43 | - iaas_identifier: <%= network_name %>/<%= management_subnet_name %>/<%= region %> 44 | cidr: <%= management_subnet_cidrs %> 45 | reserved_ip_ranges: <%= management_subnet_range.entries[0] %>-<%= management_subnet_range.entries[4] %> 46 | dns: 8.8.8.8 47 | gateway: <%= management_subnet_gateway %> 48 | availability_zone_names: <%= azs %> 49 | - name: <%= pas_subnet_name %> 50 | subnets: 51 | - iaas_identifier: <%= network_name %>/<%= pas_subnet_name %>/<%= region %> 52 | cidr: <%= pas_subnet_cidrs %> 53 | reserved_ip_ranges: <%= pas_subnet_range.entries[0] %>-<%= pas_subnet_range.entries[4] %> 54 | dns: 8.8.8.8 55 | gateway: <%= pas_subnet_gateway %> 56 | availability_zone_names: <%= azs %> 57 | - name: <%= services_subnet_name %> 58 | subnets: 59 | - iaas_identifier: <%= network_name %>/<%= services_subnet_name %>/<%= region %> 60 | cidr: <%= services_subnet_cidrs %> 61 | reserved_ip_ranges: <%= services_subnet_range.entries[0] %>-<%= services_subnet_range.entries[4] %> 62 | dns: 169.254.169.254 63 | gateway: <%= services_subnet_gateway %> 64 | availability_zone_names: <%= azs %> 65 | -------------------------------------------------------------------------------- /deploy_pcf/2.1/gcp_cf.yml.erb: -------------------------------------------------------------------------------- 1 | <% buildpacks_bucket=`terraform output buildpacks_bucket`.strip 2 | droplets_bucket=`terraform output droplets_bucket`.strip 3 | packages_bucket=`terraform output packages_bucket`.strip 4 | resources_bucket=`terraform output resources_bucket`.strip 5 | project=`terraform output project`.strip 6 | service_account_email=`terraform output service_account_email`.strip 7 | cf_azs=`terraform output azs`.strip.split(",\n") 8 | cf_azs.rotate!(1) 9 | pas_subnet_name=`terraform output pas_subnet_name`.strip %> 10 | 11 | product-properties: 12 | .cloud_controller.system_domain: 13 | value: sys.<%= ENV.fetch('DOMAIN') %> 14 | .cloud_controller.apps_domain: 15 | value: apps.<%= ENV.fetch('DOMAIN') %> 16 | .properties.haproxy_forward_tls: 17 | value: disable 18 | .properties.gorouter_ssl_ciphers: 19 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 20 | .properties.haproxy_ssl_ciphers: 21 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 22 | .properties.networking_poe_ssl_certs: 23 | value: 24 | - name: certificate 25 | certificate: 26 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 27 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 28 | .router.frontend_idle_timeout: 29 | value: 540 30 | .properties.credhub_key_encryption_passwords: 31 | value: 32 | - name: primary-encryption-key 33 | key: 34 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 35 | primary: true 36 | .properties.secure_service_instance_credentials: 37 | type: boolean 38 | value: true 39 | .properties.security_acknowledgement: 40 | value: X 41 | .properties.system_blobstore: 42 | value: internal 43 | .properties.tcp_routing: 44 | value: disable 45 | .mysql_monitor.recipient_email: 46 | value: test@example.com 47 | .uaa.service_provider_key_credentials: 48 | value: 49 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 50 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 51 | network-properties: 52 | singleton_availability_zone: 53 | name: <%= cf_azs[0] %> 54 | other_availability_zones: 55 | - name: <%= cf_azs[0] %> 56 | network: 57 | name: <%= pas_subnet_name %> 58 | -------------------------------------------------------------------------------- /deploy_pcf/2.1/gcp_cf_resources.json.erb: -------------------------------------------------------------------------------- 1 | <% tcp_router=`terraform output tcp_router_pool`.strip 2 | http_lb=`terraform output http_lb_backend_name`.strip 3 | ws_router=`terraform output ws_router_pool`.strip 4 | ssh_router=`terraform output ssh_router_pool`.strip %> 5 | 6 | { 7 | "tcp_router": { 8 | "elb_names": [ 9 | "tcp:<%= tcp_router %>" 10 | ] 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "http:<%= http_lb %>", 16 | "tcp:<%= ws_router %>" 17 | ] 18 | }, 19 | "diego_brain": { 20 | "instances": 1, 21 | "elb_names": [ 22 | "tcp:<%= ssh_router %>" 23 | ] 24 | }, 25 | "ha_proxy": { 26 | "instances": 0 27 | }, 28 | "diego_cell": { 29 | "instances": 1, 30 | "instance_type": { 31 | "id": "toolsmiths.n1-highmem-2.128" 32 | } 33 | }, 34 | "uaa": { 35 | "instances": 1, 36 | "instance_type": { 37 | "id": "toolsmiths.custom-1-2.32" 38 | } 39 | }, 40 | "cloud_controller": { 41 | "instances": 1, 42 | "instance_type": { 43 | "id": "toolsmiths.custom-1-4.32" 44 | } 45 | }, 46 | "credhub": { 47 | "instances": 1 48 | }, 49 | "nfs_server": { 50 | "instances": 1, 51 | "instance_type": { 52 | "id": "medium.disk" 53 | } 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /deploy_pcf/2.1/gcp_cf_resources_srt.json.erb: -------------------------------------------------------------------------------- 1 | <% http_lb=`terraform output http_lb_backend_name`.strip 2 | ws_router=`terraform output ws_router_pool`.strip 3 | ssh_router=`terraform output ssh_router_pool`.strip %> 4 | 5 | { 6 | "backup-prepare": { 7 | "instances": 0 8 | }, 9 | "mysql_monitor": { 10 | "instances": 0 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "http:<%= http_lb %>", 16 | "tcp:<%= ws_router %>" 17 | ] 18 | }, 19 | "control": { 20 | "instances": 1, 21 | "elb_names": [ 22 | "tcp:<%= ssh_router %>" 23 | ] 24 | }, 25 | "compute": { 26 | "instances": 1, 27 | "instance_type": { 28 | "id": "toolsmiths.n1-highmem-2.128" 29 | } 30 | }, 31 | "blobstore": { 32 | "instances": 1, 33 | "instance_type": { 34 | "id": "medium.disk" 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /deploy_pcf/2.1/vsphere_cf.yml.erb: -------------------------------------------------------------------------------- 1 | product-properties: 2 | .properties.security_acknowledgement: 3 | type: string 4 | value: I agree 5 | .mysql_monitor.recipient_email: 6 | type: string 7 | value: bogus@this.is.just.a.placeholder.pivotal.io 8 | .cloud_controller.system_domain: 9 | type: wildcard_domain 10 | value: sys.<%= ENV.fetch('DOMAIN') %> 11 | .cloud_controller.apps_domain: 12 | type: wildcard_domain 13 | value: apps.<%= ENV.fetch('DOMAIN') %> 14 | .ha_proxy.static_ips: 15 | type: ip_ranges 16 | value: <%= ENV.fetch('HAPROXY_IP') %> 17 | .ha_proxy.skip_cert_verify: 18 | type: boolean 19 | value: true 20 | .properties.credhub_key_encryption_passwords: 21 | value: 22 | - name: primary-encryption-key 23 | key: 24 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 25 | primary: true 26 | .properties.secure_service_instance_credentials: 27 | type: boolean 28 | value: true 29 | .properties.haproxy_forward_tls: 30 | value: disable 31 | .properties.gorouter_ssl_ciphers: 32 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 33 | .properties.haproxy_ssl_ciphers: 34 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 35 | .properties.networking_poe_ssl_certs: 36 | value: 37 | - name: certificate 38 | certificate: 39 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 40 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 41 | .uaa.service_provider_key_credentials: 42 | value: 43 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 44 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 45 | -------------------------------------------------------------------------------- /deploy_pcf/2.2/ert-resources-srt.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "backup-prepare": { 3 | "instances": 0 4 | }, 5 | "mysql_monitor": { 6 | "instances": 0 7 | }, 8 | "ha_proxy": { 9 | "instances": 1 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /deploy_pcf/2.2/ert-resources.json.erb: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /deploy_pcf/2.2/gcp_bosh_config.yml.erb: -------------------------------------------------------------------------------- 1 | <% 2 | require 'ipaddr' 3 | azs=`terraform output azs`.strip.split(",\n") 4 | azs.rotate!(1) 5 | region=`terraform output region`.strip 6 | network_name=`terraform output network_name`.strip 7 | management_subnet_name=`terraform output management_subnet_name`.strip 8 | management_subnet_cidrs=`terraform output management_subnet_cidrs`.strip 9 | management_subnet_range=IPAddr.new(management_subnet_cidrs).to_range() 10 | management_subnet_gateway=`terraform output management_subnet_gateway`.strip 11 | pas_subnet_name=`terraform output pas_subnet_name`.strip 12 | pas_subnet_cidrs=`terraform output pas_subnet_cidrs`.strip 13 | pas_subnet_range=IPAddr.new(pas_subnet_cidrs).to_range() 14 | pas_subnet_gateway=`terraform output pas_subnet_gateway`.strip 15 | services_subnet_name=`terraform output services_subnet_name`.strip 16 | services_subnet_cidrs=`terraform output services_subnet_cidrs`.strip 17 | services_subnet_range=IPAddr.new(services_subnet_cidrs).to_range() 18 | services_subnet_gateway=`terraform output services_subnet_gateway`.strip 19 | -%> 20 | 21 | security-configuration: 22 | trusted_certificates: <%= ENV.fetch('OM_CA_CERT', "").dump %> 23 | director-configuration: 24 | ntp_servers_string: "169.254.169.254" 25 | az-configuration: 26 | - name: <%= azs[0] %> 27 | - name: <%= azs[1] %> 28 | - name: <%= azs[2] %> 29 | iaas-configuration: 30 | project: <%= ENV.fetch('GCP_PROJECT_NAME') %> 31 | default_deployment_tag: <%= ENV.fetch('DEFAULT_DEPLOYMENT_TAG') %> 32 | auth_json: <%= ENV.fetch('GCP_SERVICE_ACCOUNT_KEY').inspect %> 33 | network-assignment: 34 | singleton_availability_zone: 35 | name: <%= azs[0] %> 36 | network: 37 | name: <%= management_subnet_name %> 38 | networks-configuration: 39 | icmp_checks_enabled: false 40 | networks: 41 | - name: <%= management_subnet_name %> 42 | subnets: 43 | - iaas_identifier: <%= network_name %>/<%= management_subnet_name %>/<%= region %> 44 | cidr: <%= management_subnet_cidrs %> 45 | reserved_ip_ranges: <%= management_subnet_range.entries[0] %>-<%= management_subnet_range.entries[4] %> 46 | dns: 8.8.8.8 47 | gateway: <%= management_subnet_gateway %> 48 | availability_zone_names: <%= azs %> 49 | - name: <%= pas_subnet_name %> 50 | subnets: 51 | - iaas_identifier: <%= network_name %>/<%= pas_subnet_name %>/<%= region %> 52 | cidr: <%= pas_subnet_cidrs %> 53 | reserved_ip_ranges: <%= pas_subnet_range.entries[0] %>-<%= pas_subnet_range.entries[4] %> 54 | dns: 8.8.8.8 55 | gateway: <%= pas_subnet_gateway %> 56 | availability_zone_names: <%= azs %> 57 | - name: <%= services_subnet_name %> 58 | subnets: 59 | - iaas_identifier: <%= network_name %>/<%= services_subnet_name %>/<%= region %> 60 | cidr: <%= services_subnet_cidrs %> 61 | reserved_ip_ranges: <%= services_subnet_range.entries[0] %>-<%= services_subnet_range.entries[4] %> 62 | dns: 169.254.169.254 63 | gateway: <%= services_subnet_gateway %> 64 | availability_zone_names: <%= azs %> 65 | -------------------------------------------------------------------------------- /deploy_pcf/2.2/gcp_cf.yml.erb: -------------------------------------------------------------------------------- 1 | <% buildpacks_bucket=`terraform output buildpacks_bucket`.strip 2 | droplets_bucket=`terraform output droplets_bucket`.strip 3 | packages_bucket=`terraform output packages_bucket`.strip 4 | resources_bucket=`terraform output resources_bucket`.strip 5 | project=`terraform output project`.strip 6 | service_account_email=`terraform output service_account_email`.strip 7 | cf_azs=`terraform output azs`.strip.split(",\n") 8 | cf_azs.rotate!(1) 9 | pas_subnet_name=`terraform output pas_subnet_name`.strip %> 10 | 11 | product-properties: 12 | .cloud_controller.system_domain: 13 | value: sys.<%= ENV.fetch('DOMAIN') %> 14 | .cloud_controller.apps_domain: 15 | value: apps.<%= ENV.fetch('DOMAIN') %> 16 | .properties.haproxy_forward_tls: 17 | value: disable 18 | .properties.gorouter_ssl_ciphers: 19 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 20 | .properties.haproxy_ssl_ciphers: 21 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 22 | .properties.networking_poe_ssl_certs: 23 | value: 24 | - name: certificate 25 | certificate: 26 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 27 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 28 | .router.frontend_idle_timeout: 29 | value: 540 30 | .properties.credhub_key_encryption_passwords: 31 | value: 32 | - name: primary-encryption-key 33 | key: 34 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 35 | primary: true 36 | .properties.secure_service_instance_credentials: 37 | type: boolean 38 | value: true 39 | .properties.security_acknowledgement: 40 | value: X 41 | .properties.system_blobstore: 42 | value: internal 43 | .properties.tcp_routing: 44 | value: disable 45 | .mysql_monitor.recipient_email: 46 | value: test@example.com 47 | .uaa.service_provider_key_credentials: 48 | value: 49 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 50 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 51 | network-properties: 52 | singleton_availability_zone: 53 | name: <%= cf_azs[0] %> 54 | other_availability_zones: 55 | - name: <%= cf_azs[0] %> 56 | network: 57 | name: <%= pas_subnet_name %> 58 | -------------------------------------------------------------------------------- /deploy_pcf/2.2/gcp_cf_resources.json.erb: -------------------------------------------------------------------------------- 1 | <% tcp_router=`terraform output tcp_router_pool`.strip 2 | http_lb=`terraform output http_lb_backend_name`.strip 3 | ws_router=`terraform output ws_router_pool`.strip 4 | ssh_router=`terraform output ssh_router_pool`.strip %> 5 | 6 | { 7 | "tcp_router": { 8 | "elb_names": [ 9 | "tcp:<%= tcp_router %>" 10 | ] 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "http:<%= http_lb %>", 16 | "tcp:<%= ws_router %>" 17 | ] 18 | }, 19 | "diego_brain": { 20 | "instances": 1, 21 | "elb_names": [ 22 | "tcp:<%= ssh_router %>" 23 | ] 24 | }, 25 | "ha_proxy": { 26 | "instances": 0 27 | }, 28 | "diego_cell": { 29 | "instances": 1, 30 | "instance_type": { 31 | "id": "toolsmiths.n1-highmem-2.128" 32 | } 33 | }, 34 | "uaa": { 35 | "instances": 1, 36 | "instance_type": { 37 | "id": "toolsmiths.custom-1-2.32" 38 | } 39 | }, 40 | "cloud_controller": { 41 | "instances": 1, 42 | "instance_type": { 43 | "id": "toolsmiths.custom-1-4.32" 44 | } 45 | }, 46 | "credhub": { 47 | "instances": 1 48 | }, 49 | "nfs_server": { 50 | "instances": 1, 51 | "instance_type": { 52 | "id": "medium.disk" 53 | } 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /deploy_pcf/2.2/gcp_cf_resources_srt.json.erb: -------------------------------------------------------------------------------- 1 | <% http_lb=`terraform output http_lb_backend_name`.strip 2 | ws_router=`terraform output ws_router_pool`.strip 3 | ssh_router=`terraform output ssh_router_pool`.strip %> 4 | 5 | { 6 | "backup-prepare": { 7 | "instances": 0 8 | }, 9 | "mysql_monitor": { 10 | "instances": 0 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "http:<%= http_lb %>", 16 | "tcp:<%= ws_router %>" 17 | ] 18 | }, 19 | "control": { 20 | "instances": 1, 21 | "elb_names": [ 22 | "tcp:<%= ssh_router %>" 23 | ] 24 | }, 25 | "compute": { 26 | "instances": 1, 27 | "instance_type": { 28 | "id": "toolsmiths.n1-highmem-2.128" 29 | } 30 | }, 31 | "blobstore": { 32 | "instances": 1, 33 | "instance_type": { 34 | "id": "medium.disk" 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /deploy_pcf/2.2/vsphere_cf.yml.erb: -------------------------------------------------------------------------------- 1 | product-properties: 2 | .properties.security_acknowledgement: 3 | type: string 4 | value: I agree 5 | .mysql_monitor.recipient_email: 6 | type: string 7 | value: bogus@this.is.just.a.placeholder.pivotal.io 8 | .cloud_controller.system_domain: 9 | type: wildcard_domain 10 | value: sys.<%= ENV.fetch('DOMAIN') %> 11 | .cloud_controller.apps_domain: 12 | type: wildcard_domain 13 | value: apps.<%= ENV.fetch('DOMAIN') %> 14 | .ha_proxy.static_ips: 15 | type: ip_ranges 16 | value: <%= ENV.fetch('HAPROXY_IP') %> 17 | .ha_proxy.skip_cert_verify: 18 | type: boolean 19 | value: true 20 | .properties.credhub_key_encryption_passwords: 21 | value: 22 | - name: primary-encryption-key 23 | key: 24 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 25 | primary: true 26 | .properties.secure_service_instance_credentials: 27 | type: boolean 28 | value: true 29 | .properties.haproxy_forward_tls: 30 | value: disable 31 | .properties.gorouter_ssl_ciphers: 32 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 33 | .properties.haproxy_ssl_ciphers: 34 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 35 | .properties.networking_poe_ssl_certs: 36 | value: 37 | - name: certificate 38 | certificate: 39 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 40 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 41 | .uaa.service_provider_key_credentials: 42 | value: 43 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 44 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 45 | -------------------------------------------------------------------------------- /deploy_pcf/2.3/ert-resources-srt.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "backup_restore": { 3 | "instances": 0 4 | }, 5 | "mysql_monitor": { 6 | "instances": 0 7 | }, 8 | "ha_proxy": { 9 | "instances": 1 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /deploy_pcf/2.3/ert-resources.json.erb: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /deploy_pcf/2.3/gcp_bosh_config.yml.erb: -------------------------------------------------------------------------------- 1 | <% 2 | require 'ipaddr' 3 | azs=`terraform output azs`.strip.split(",\n") 4 | azs.rotate!(1) 5 | region=`terraform output region`.strip 6 | network_name=`terraform output network_name`.strip 7 | management_subnet_name=`terraform output management_subnet_name`.strip 8 | management_subnet_cidrs=`terraform output management_subnet_cidrs`.strip 9 | management_subnet_range=IPAddr.new(management_subnet_cidrs).to_range() 10 | management_subnet_gateway=`terraform output management_subnet_gateway`.strip 11 | pas_subnet_name=`terraform output pas_subnet_name`.strip 12 | pas_subnet_cidrs=`terraform output pas_subnet_cidrs`.strip 13 | pas_subnet_range=IPAddr.new(pas_subnet_cidrs).to_range() 14 | pas_subnet_gateway=`terraform output pas_subnet_gateway`.strip 15 | services_subnet_name=`terraform output services_subnet_name`.strip 16 | services_subnet_cidrs=`terraform output services_subnet_cidrs`.strip 17 | services_subnet_range=IPAddr.new(services_subnet_cidrs).to_range() 18 | services_subnet_gateway=`terraform output services_subnet_gateway`.strip 19 | -%> 20 | 21 | security-configuration: 22 | trusted_certificates: <%= ENV.fetch('OM_CA_CERT', "").dump %> 23 | director-configuration: 24 | ntp_servers_string: "169.254.169.254" 25 | az-configuration: 26 | - name: <%= azs[0] %> 27 | - name: <%= azs[1] %> 28 | - name: <%= azs[2] %> 29 | iaas-configuration: 30 | project: <%= ENV.fetch('GCP_PROJECT_NAME') %> 31 | default_deployment_tag: <%= ENV.fetch('DEFAULT_DEPLOYMENT_TAG') %> 32 | auth_json: <%= ENV.fetch('GCP_SERVICE_ACCOUNT_KEY').inspect %> 33 | network-assignment: 34 | singleton_availability_zone: 35 | name: <%= azs[0] %> 36 | network: 37 | name: <%= management_subnet_name %> 38 | networks-configuration: 39 | icmp_checks_enabled: false 40 | networks: 41 | - name: <%= management_subnet_name %> 42 | subnets: 43 | - iaas_identifier: <%= network_name %>/<%= management_subnet_name %>/<%= region %> 44 | cidr: <%= management_subnet_cidrs %> 45 | reserved_ip_ranges: <%= management_subnet_range.entries[0] %>-<%= management_subnet_range.entries[4] %> 46 | dns: 8.8.8.8 47 | gateway: <%= management_subnet_gateway %> 48 | availability_zone_names: <%= azs %> 49 | - name: <%= pas_subnet_name %> 50 | subnets: 51 | - iaas_identifier: <%= network_name %>/<%= pas_subnet_name %>/<%= region %> 52 | cidr: <%= pas_subnet_cidrs %> 53 | reserved_ip_ranges: <%= pas_subnet_range.entries[0] %>-<%= pas_subnet_range.entries[4] %> 54 | dns: 8.8.8.8 55 | gateway: <%= pas_subnet_gateway %> 56 | availability_zone_names: <%= azs %> 57 | - name: <%= services_subnet_name %> 58 | subnets: 59 | - iaas_identifier: <%= network_name %>/<%= services_subnet_name %>/<%= region %> 60 | cidr: <%= services_subnet_cidrs %> 61 | reserved_ip_ranges: <%= services_subnet_range.entries[0] %>-<%= services_subnet_range.entries[4] %> 62 | dns: 169.254.169.254 63 | gateway: <%= services_subnet_gateway %> 64 | availability_zone_names: <%= azs %> 65 | -------------------------------------------------------------------------------- /deploy_pcf/2.3/gcp_cf.yml.erb: -------------------------------------------------------------------------------- 1 | <% buildpacks_bucket=`terraform output buildpacks_bucket`.strip 2 | droplets_bucket=`terraform output droplets_bucket`.strip 3 | packages_bucket=`terraform output packages_bucket`.strip 4 | resources_bucket=`terraform output resources_bucket`.strip 5 | project=`terraform output project`.strip 6 | service_account_email=`terraform output service_account_email`.strip 7 | cf_azs=`terraform output azs`.strip.split(",\n") 8 | cf_azs.rotate!(1) 9 | pas_subnet_name=`terraform output pas_subnet_name`.strip %> 10 | 11 | product-properties: 12 | .cloud_controller.system_domain: 13 | value: sys.<%= ENV.fetch('DOMAIN') %> 14 | .cloud_controller.apps_domain: 15 | value: apps.<%= ENV.fetch('DOMAIN') %> 16 | .properties.haproxy_forward_tls: 17 | value: disable 18 | .properties.gorouter_ssl_ciphers: 19 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 20 | .properties.haproxy_ssl_ciphers: 21 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 22 | .properties.networking_poe_ssl_certs: 23 | value: 24 | - name: certificate 25 | certificate: 26 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 27 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 28 | .router.frontend_idle_timeout: 29 | value: 540 30 | .properties.credhub_key_encryption_passwords: 31 | value: 32 | - name: primary-encryption-key 33 | key: 34 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 35 | primary: true 36 | .properties.secure_service_instance_credentials: 37 | type: boolean 38 | value: true 39 | .properties.security_acknowledgement: 40 | value: X 41 | .properties.system_blobstore: 42 | value: internal 43 | .properties.tcp_routing: 44 | value: disable 45 | .mysql_monitor.recipient_email: 46 | value: test@example.com 47 | .uaa.service_provider_key_credentials: 48 | value: 49 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 50 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 51 | network-properties: 52 | singleton_availability_zone: 53 | name: <%= cf_azs[0] %> 54 | other_availability_zones: 55 | - name: <%= cf_azs[0] %> 56 | network: 57 | name: <%= pas_subnet_name %> 58 | -------------------------------------------------------------------------------- /deploy_pcf/2.3/gcp_cf_resources.json.erb: -------------------------------------------------------------------------------- 1 | <% tcp_router=`terraform output tcp_router_pool`.strip 2 | http_lb=`terraform output http_lb_backend_name`.strip 3 | ws_router=`terraform output ws_router_pool`.strip 4 | ssh_router=`terraform output ssh_router_pool`.strip %> 5 | 6 | { 7 | "tcp_router": { 8 | "elb_names": [ 9 | "tcp:<%= tcp_router %>" 10 | ] 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "tcp:<%= ws_router %>" 16 | ] 17 | }, 18 | "diego_brain": { 19 | "instances": 1, 20 | "elb_names": [ 21 | "tcp:<%= ssh_router %>" 22 | ] 23 | }, 24 | "ha_proxy": { 25 | "instances": 0 26 | }, 27 | "diego_cell": { 28 | "instances": 1, 29 | "instance_type": { 30 | "id": "toolsmiths.n1-highmem-2.128" 31 | } 32 | }, 33 | "uaa": { 34 | "instances": 1, 35 | "instance_type": { 36 | "id": "toolsmiths.custom-1-2.32" 37 | } 38 | }, 39 | "cloud_controller": { 40 | "instances": 1, 41 | "instance_type": { 42 | "id": "toolsmiths.custom-1-4.32" 43 | } 44 | }, 45 | "credhub": { 46 | "instances": 1 47 | }, 48 | "nfs_server": { 49 | "instances": 1, 50 | "instance_type": { 51 | "id": "medium.disk" 52 | } 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /deploy_pcf/2.3/gcp_cf_resources_srt.json.erb: -------------------------------------------------------------------------------- 1 | <% http_lb=`terraform output http_lb_backend_name`.strip 2 | ws_router=`terraform output ws_router_pool`.strip 3 | ssh_router=`terraform output ssh_router_pool`.strip %> 4 | 5 | { 6 | "backup_restore": { 7 | "instances": 0 8 | }, 9 | "mysql_monitor": { 10 | "instances": 0 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "tcp:<%= ws_router %>" 16 | ] 17 | }, 18 | "control": { 19 | "instances": 1, 20 | "elb_names": [ 21 | "tcp:<%= ssh_router %>" 22 | ] 23 | }, 24 | "compute": { 25 | "instances": 1, 26 | "instance_type": { 27 | "id": "toolsmiths.n1-highmem-2.128" 28 | } 29 | }, 30 | "blobstore": { 31 | "instances": 1, 32 | "instance_type": { 33 | "id": "medium.disk" 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /deploy_pcf/2.3/vsphere_cf.yml.erb: -------------------------------------------------------------------------------- 1 | product-properties: 2 | .properties.security_acknowledgement: 3 | type: string 4 | value: I agree 5 | .mysql_monitor.recipient_email: 6 | type: string 7 | value: bogus@this.is.just.a.placeholder.pivotal.io 8 | .cloud_controller.system_domain: 9 | type: wildcard_domain 10 | value: sys.<%= ENV.fetch('DOMAIN') %> 11 | .cloud_controller.apps_domain: 12 | type: wildcard_domain 13 | value: apps.<%= ENV.fetch('DOMAIN') %> 14 | .ha_proxy.static_ips: 15 | type: ip_ranges 16 | value: <%= ENV.fetch('HAPROXY_IP') %> 17 | .ha_proxy.skip_cert_verify: 18 | type: boolean 19 | value: true 20 | .properties.credhub_key_encryption_passwords: 21 | value: 22 | - name: primary-encryption-key 23 | key: 24 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 25 | primary: true 26 | .properties.secure_service_instance_credentials: 27 | type: boolean 28 | value: true 29 | .properties.haproxy_forward_tls: 30 | value: disable 31 | .properties.gorouter_ssl_ciphers: 32 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 33 | .properties.haproxy_ssl_ciphers: 34 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 35 | .properties.networking_poe_ssl_certs: 36 | value: 37 | - name: certificate 38 | certificate: 39 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 40 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 41 | .uaa.service_provider_key_credentials: 42 | value: 43 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 44 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 45 | -------------------------------------------------------------------------------- /deploy_pcf/2.4/ert-resources-srt.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "backup_restore": { 3 | "instances": 0 4 | }, 5 | "mysql_monitor": { 6 | "instances": 0 7 | }, 8 | "ha_proxy": { 9 | "instances": 1 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /deploy_pcf/2.4/ert-resources.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "ha_proxy": { 3 | "instances": 1 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /deploy_pcf/2.4/gcp_cf.yml.erb: -------------------------------------------------------------------------------- 1 | <% buildpacks_bucket=`terraform output buildpacks_bucket`.strip 2 | droplets_bucket=`terraform output droplets_bucket`.strip 3 | packages_bucket=`terraform output packages_bucket`.strip 4 | resources_bucket=`terraform output resources_bucket`.strip 5 | project=`terraform output project`.strip 6 | service_account_email=`terraform output service_account_email`.strip 7 | cf_azs=`terraform output azs`.strip.split(",\n") 8 | cf_azs.rotate!(1) 9 | pas_subnet_name=`terraform output pas_subnet_name`.strip %> 10 | 11 | product-properties: 12 | .cloud_controller.system_domain: 13 | value: sys.<%= ENV.fetch('DOMAIN') %> 14 | .cloud_controller.apps_domain: 15 | value: apps.<%= ENV.fetch('DOMAIN') %> 16 | .properties.haproxy_forward_tls: 17 | value: disable 18 | .properties.gorouter_ssl_ciphers: 19 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 20 | .properties.haproxy_ssl_ciphers: 21 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 22 | .properties.networking_poe_ssl_certs: 23 | value: 24 | - name: certificate 25 | certificate: 26 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 27 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 28 | .router.frontend_idle_timeout: 29 | value: 540 30 | .properties.credhub_key_encryption_passwords: 31 | value: 32 | - name: primary-encryption-key 33 | key: 34 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 35 | primary: true 36 | .properties.secure_service_instance_credentials: 37 | type: boolean 38 | value: true 39 | .properties.security_acknowledgement: 40 | value: X 41 | .properties.system_blobstore: 42 | value: internal 43 | .properties.tcp_routing: 44 | value: disable 45 | .mysql_monitor.recipient_email: 46 | value: test@example.com 47 | .uaa.service_provider_key_credentials: 48 | value: 49 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 50 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 51 | network-properties: 52 | singleton_availability_zone: 53 | name: <%= cf_azs[0] %> 54 | other_availability_zones: 55 | - name: <%= cf_azs[0] %> 56 | network: 57 | name: <%= pas_subnet_name %> 58 | -------------------------------------------------------------------------------- /deploy_pcf/2.4/gcp_cf_resources.json.erb: -------------------------------------------------------------------------------- 1 | <% tcp_router=`terraform output tcp_router_pool`.strip 2 | http_lb=`terraform output http_lb_backend_name`.strip 3 | ws_router=`terraform output ws_router_pool`.strip 4 | ssh_router=`terraform output ssh_router_pool`.strip %> 5 | 6 | { 7 | "tcp_router": { 8 | "elb_names": [ 9 | "tcp:<%= tcp_router %>" 10 | ] 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "tcp:<%= ws_router %>" 16 | ] 17 | }, 18 | "diego_brain": { 19 | "instances": 1, 20 | "elb_names": [ 21 | "tcp:<%= ssh_router %>" 22 | ] 23 | }, 24 | "ha_proxy": { 25 | "instances": 0 26 | }, 27 | "diego_cell": { 28 | "instances": 1, 29 | "instance_type": { 30 | "id": "toolsmiths.n1-highmem-2.128" 31 | } 32 | }, 33 | "uaa": { 34 | "instances": 1, 35 | "instance_type": { 36 | "id": "toolsmiths.custom-1-2.32" 37 | } 38 | }, 39 | "cloud_controller": { 40 | "instances": 1, 41 | "instance_type": { 42 | "id": "toolsmiths.custom-1-4.32" 43 | } 44 | }, 45 | "credhub": { 46 | "instances": 1 47 | }, 48 | "nfs_server": { 49 | "instances": 1, 50 | "instance_type": { 51 | "id": "medium.disk" 52 | } 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /deploy_pcf/2.4/gcp_cf_resources_srt.json.erb: -------------------------------------------------------------------------------- 1 | <% http_lb=`terraform output http_lb_backend_name`.strip 2 | ws_router=`terraform output ws_router_pool`.strip 3 | ssh_router=`terraform output ssh_router_pool`.strip %> 4 | 5 | { 6 | "backup_restore": { 7 | "instances": 0 8 | }, 9 | "mysql_monitor": { 10 | "instances": 0 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "tcp:<%= ws_router %>" 16 | ] 17 | }, 18 | "control": { 19 | "instances": 1, 20 | "elb_names": [ 21 | "tcp:<%= ssh_router %>" 22 | ] 23 | }, 24 | "compute": { 25 | "instances": 1, 26 | "instance_type": { 27 | "id": "toolsmiths.n1-highmem-2.128" 28 | } 29 | }, 30 | "blobstore": { 31 | "instances": 1, 32 | "instance_type": { 33 | "id": "medium.disk" 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /deploy_pcf/2.4/vsphere_cf.yml.erb: -------------------------------------------------------------------------------- 1 | product-properties: 2 | .properties.security_acknowledgement: 3 | type: string 4 | value: I agree 5 | .mysql_monitor.recipient_email: 6 | type: string 7 | value: bogus@this.is.just.a.placeholder.pivotal.io 8 | .cloud_controller.system_domain: 9 | type: wildcard_domain 10 | value: sys.<%= ENV.fetch('DOMAIN') %> 11 | .cloud_controller.apps_domain: 12 | type: wildcard_domain 13 | value: apps.<%= ENV.fetch('DOMAIN') %> 14 | .ha_proxy.static_ips: 15 | type: ip_ranges 16 | value: <%= ENV.fetch('HAPROXY_IP') %> 17 | .ha_proxy.skip_cert_verify: 18 | type: boolean 19 | value: true 20 | .properties.credhub_key_encryption_passwords: 21 | value: 22 | - name: primary-encryption-key 23 | key: 24 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 25 | primary: true 26 | .properties.secure_service_instance_credentials: 27 | type: boolean 28 | value: true 29 | .properties.haproxy_forward_tls: 30 | value: disable 31 | .properties.gorouter_ssl_ciphers: 32 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 33 | .properties.haproxy_ssl_ciphers: 34 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 35 | .properties.networking_poe_ssl_certs: 36 | value: 37 | - name: certificate 38 | certificate: 39 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 40 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 41 | .uaa.service_provider_key_credentials: 42 | value: 43 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 44 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 45 | -------------------------------------------------------------------------------- /deploy_pcf/2.5/ert-resources-srt.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "backup_restore": { 3 | "instances": 0 4 | }, 5 | "mysql_monitor": { 6 | "instances": 0 7 | }, 8 | "ha_proxy": { 9 | "instances": 1 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /deploy_pcf/2.5/ert-resources.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "ha_proxy": { 3 | "instances": 1 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /deploy_pcf/2.5/gcp_cf.yml.erb: -------------------------------------------------------------------------------- 1 | <% buildpacks_bucket=`terraform output buildpacks_bucket`.strip 2 | droplets_bucket=`terraform output droplets_bucket`.strip 3 | packages_bucket=`terraform output packages_bucket`.strip 4 | resources_bucket=`terraform output resources_bucket`.strip 5 | project=`terraform output project`.strip 6 | service_account_email=`terraform output service_account_email`.strip 7 | cf_azs=`terraform output azs`.strip.split(",\n") 8 | cf_azs.rotate!(1) 9 | pas_subnet_name=`terraform output pas_subnet_name`.strip %> 10 | 11 | product-properties: 12 | .cloud_controller.system_domain: 13 | value: sys.<%= ENV.fetch('DOMAIN') %> 14 | .cloud_controller.apps_domain: 15 | value: apps.<%= ENV.fetch('DOMAIN') %> 16 | .properties.haproxy_forward_tls: 17 | value: disable 18 | .properties.gorouter_ssl_ciphers: 19 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 20 | .properties.haproxy_ssl_ciphers: 21 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 22 | .properties.networking_poe_ssl_certs: 23 | value: 24 | - name: certificate 25 | certificate: 26 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 27 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 28 | .router.frontend_idle_timeout: 29 | value: 540 30 | .properties.credhub_key_encryption_passwords: 31 | value: 32 | - name: primary-encryption-key 33 | key: 34 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 35 | primary: true 36 | .properties.secure_service_instance_credentials: 37 | type: boolean 38 | value: true 39 | .properties.security_acknowledgement: 40 | value: X 41 | .properties.system_blobstore: 42 | value: internal 43 | .properties.tcp_routing: 44 | value: disable 45 | .mysql_monitor.recipient_email: 46 | value: test@example.com 47 | .uaa.service_provider_key_credentials: 48 | value: 49 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 50 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 51 | .properties.stack_migration_acknowledgement: 52 | value: X 53 | network-properties: 54 | singleton_availability_zone: 55 | name: <%= cf_azs[0] %> 56 | other_availability_zones: 57 | - name: <%= cf_azs[0] %> 58 | network: 59 | name: <%= pas_subnet_name %> 60 | -------------------------------------------------------------------------------- /deploy_pcf/2.5/gcp_cf_resources.json.erb: -------------------------------------------------------------------------------- 1 | <% tcp_router=`terraform output tcp_router_pool`.strip 2 | http_lb=`terraform output http_lb_backend_name`.strip 3 | ws_router=`terraform output ws_router_pool`.strip 4 | ssh_router=`terraform output ssh_router_pool`.strip %> 5 | 6 | { 7 | "tcp_router": { 8 | "elb_names": [ 9 | "tcp:<%= tcp_router %>" 10 | ] 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "tcp:<%= ws_router %>" 16 | ] 17 | }, 18 | "diego_brain": { 19 | "instances": 1, 20 | "elb_names": [ 21 | "tcp:<%= ssh_router %>" 22 | ] 23 | }, 24 | "ha_proxy": { 25 | "instances": 0 26 | }, 27 | "diego_cell": { 28 | "instances": 1, 29 | "instance_type": { 30 | "id": "toolsmiths.n1-highmem-2.128" 31 | } 32 | }, 33 | "uaa": { 34 | "instances": 1, 35 | "instance_type": { 36 | "id": "toolsmiths.custom-1-2.32" 37 | } 38 | }, 39 | "cloud_controller": { 40 | "instances": 1, 41 | "instance_type": { 42 | "id": "toolsmiths.custom-1-4.32" 43 | } 44 | }, 45 | "credhub": { 46 | "instances": 1 47 | }, 48 | "nfs_server": { 49 | "instances": 1, 50 | "instance_type": { 51 | "id": "medium.disk" 52 | } 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /deploy_pcf/2.5/gcp_cf_resources_srt.json.erb: -------------------------------------------------------------------------------- 1 | <% http_lb=`terraform output http_lb_backend_name`.strip 2 | ws_router=`terraform output ws_router_pool`.strip 3 | ssh_router=`terraform output ssh_router_pool`.strip %> 4 | 5 | { 6 | "backup_restore": { 7 | "instances": 0 8 | }, 9 | "mysql_monitor": { 10 | "instances": 0 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "tcp:<%= ws_router %>" 16 | ] 17 | }, 18 | "control": { 19 | "instances": 1, 20 | "elb_names": [ 21 | "tcp:<%= ssh_router %>" 22 | ] 23 | }, 24 | "compute": { 25 | "instances": 1, 26 | "instance_type": { 27 | "id": "toolsmiths.n1-highmem-2.128" 28 | } 29 | }, 30 | "blobstore": { 31 | "instances": 1, 32 | "instance_type": { 33 | "id": "medium.disk" 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /deploy_pcf/2.5/vsphere_cf.yml.erb: -------------------------------------------------------------------------------- 1 | product-properties: 2 | .properties.security_acknowledgement: 3 | type: string 4 | value: I agree 5 | .mysql_monitor.recipient_email: 6 | type: string 7 | value: bogus@this.is.just.a.placeholder.pivotal.io 8 | .cloud_controller.system_domain: 9 | type: wildcard_domain 10 | value: sys.<%= ENV.fetch('DOMAIN') %> 11 | .cloud_controller.apps_domain: 12 | type: wildcard_domain 13 | value: apps.<%= ENV.fetch('DOMAIN') %> 14 | .ha_proxy.static_ips: 15 | type: ip_ranges 16 | value: <%= ENV.fetch('HAPROXY_IP') %> 17 | .ha_proxy.skip_cert_verify: 18 | type: boolean 19 | value: true 20 | .properties.credhub_key_encryption_passwords: 21 | value: 22 | - name: primary-encryption-key 23 | key: 24 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 25 | primary: true 26 | .properties.secure_service_instance_credentials: 27 | type: boolean 28 | value: true 29 | .properties.haproxy_forward_tls: 30 | value: disable 31 | .properties.gorouter_ssl_ciphers: 32 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 33 | .properties.haproxy_ssl_ciphers: 34 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 35 | .properties.networking_poe_ssl_certs: 36 | value: 37 | - name: certificate 38 | certificate: 39 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 40 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 41 | .uaa.service_provider_key_credentials: 42 | value: 43 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 44 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 45 | .properties.stack_migration_acknowledgement: 46 | value: X -------------------------------------------------------------------------------- /deploy_pcf/2.6/ert-resources-srt.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "backup_restore": { 3 | "instances": 0 4 | }, 5 | "mysql_monitor": { 6 | "instances": 0 7 | }, 8 | "ha_proxy": { 9 | "instances": 1 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /deploy_pcf/2.6/ert-resources.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "ha_proxy": { 3 | "instances": 1 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /deploy_pcf/2.6/gcp_cf.yml.erb: -------------------------------------------------------------------------------- 1 | <% buildpacks_bucket=`terraform output buildpacks_bucket`.strip 2 | droplets_bucket=`terraform output droplets_bucket`.strip 3 | packages_bucket=`terraform output packages_bucket`.strip 4 | resources_bucket=`terraform output resources_bucket`.strip 5 | project=`terraform output project`.strip 6 | service_account_email=`terraform output service_account_email`.strip 7 | cf_azs=`terraform output azs`.strip.split(",\n") 8 | cf_azs.rotate!(1) 9 | pas_subnet_name=`terraform output pas_subnet_name`.strip %> 10 | 11 | product-properties: 12 | .cloud_controller.system_domain: 13 | value: sys.<%= ENV.fetch('DOMAIN') %> 14 | .cloud_controller.apps_domain: 15 | value: apps.<%= ENV.fetch('DOMAIN') %> 16 | .properties.haproxy_forward_tls: 17 | value: disable 18 | .properties.gorouter_ssl_ciphers: 19 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 20 | .properties.haproxy_ssl_ciphers: 21 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 22 | .properties.networking_poe_ssl_certs: 23 | value: 24 | - name: certificate 25 | certificate: 26 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 27 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 28 | .router.frontend_idle_timeout: 29 | value: 540 30 | .properties.credhub_key_encryption_passwords: 31 | value: 32 | - name: primary-encryption-key 33 | key: 34 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 35 | primary: true 36 | .properties.secure_service_instance_credentials: 37 | type: boolean 38 | value: true 39 | .properties.security_acknowledgement: 40 | value: X 41 | .properties.system_blobstore: 42 | value: internal 43 | .properties.tcp_routing: 44 | value: disable 45 | .mysql_monitor.recipient_email: 46 | value: test@example.com 47 | .uaa.service_provider_key_credentials: 48 | value: 49 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 50 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 51 | network-properties: 52 | singleton_availability_zone: 53 | name: <%= cf_azs[0] %> 54 | other_availability_zones: 55 | - name: <%= cf_azs[0] %> 56 | network: 57 | name: <%= pas_subnet_name %> 58 | -------------------------------------------------------------------------------- /deploy_pcf/2.6/gcp_cf_resources.json.erb: -------------------------------------------------------------------------------- 1 | <% tcp_router=`terraform output tcp_router_pool`.strip 2 | http_lb=`terraform output http_lb_backend_name`.strip 3 | ws_router=`terraform output ws_router_pool`.strip 4 | ssh_router=`terraform output ssh_router_pool`.strip %> 5 | 6 | { 7 | "tcp_router": { 8 | "elb_names": [ 9 | "tcp:<%= tcp_router %>" 10 | ] 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "tcp:<%= ws_router %>" 16 | ] 17 | }, 18 | "diego_brain": { 19 | "instances": 1, 20 | "elb_names": [ 21 | "tcp:<%= ssh_router %>" 22 | ] 23 | }, 24 | "ha_proxy": { 25 | "instances": 0 26 | }, 27 | "diego_cell": { 28 | "instances": 1, 29 | "instance_type": { 30 | "id": "toolsmiths.n1-highmem-2.128" 31 | } 32 | }, 33 | "uaa": { 34 | "instances": 1, 35 | "instance_type": { 36 | "id": "toolsmiths.custom-1-2.32" 37 | } 38 | }, 39 | "cloud_controller": { 40 | "instances": 1, 41 | "instance_type": { 42 | "id": "toolsmiths.custom-1-4.32" 43 | } 44 | }, 45 | "credhub": { 46 | "instances": 1 47 | }, 48 | "nfs_server": { 49 | "instances": 1, 50 | "instance_type": { 51 | "id": "medium.disk" 52 | } 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /deploy_pcf/2.6/gcp_cf_resources_srt.json.erb: -------------------------------------------------------------------------------- 1 | <% http_lb=`terraform output http_lb_backend_name`.strip 2 | ws_router=`terraform output ws_router_pool`.strip 3 | ssh_router=`terraform output ssh_router_pool`.strip %> 4 | 5 | { 6 | "backup_restore": { 7 | "instances": 0 8 | }, 9 | "mysql_monitor": { 10 | "instances": 0 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "tcp:<%= ws_router %>" 16 | ] 17 | }, 18 | "control": { 19 | "instances": 1, 20 | "elb_names": [ 21 | "tcp:<%= ssh_router %>" 22 | ] 23 | }, 24 | "compute": { 25 | "instances": 1, 26 | "instance_type": { 27 | "id": "toolsmiths.n1-highmem-2.128" 28 | } 29 | }, 30 | "blobstore": { 31 | "instances": 1, 32 | "instance_type": { 33 | "id": "medium.disk" 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /deploy_pcf/2.6/vsphere_cf.yml.erb: -------------------------------------------------------------------------------- 1 | product-properties: 2 | .properties.security_acknowledgement: 3 | type: string 4 | value: I agree 5 | .mysql_monitor.recipient_email: 6 | type: string 7 | value: bogus@this.is.just.a.placeholder.pivotal.io 8 | .cloud_controller.system_domain: 9 | type: wildcard_domain 10 | value: sys.<%= ENV.fetch('DOMAIN') %> 11 | .cloud_controller.apps_domain: 12 | type: wildcard_domain 13 | value: apps.<%= ENV.fetch('DOMAIN') %> 14 | .ha_proxy.static_ips: 15 | type: ip_ranges 16 | value: <%= ENV.fetch('HAPROXY_IP') %> 17 | .ha_proxy.skip_cert_verify: 18 | type: boolean 19 | value: true 20 | .properties.credhub_key_encryption_passwords: 21 | value: 22 | - name: primary-encryption-key 23 | key: 24 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 25 | primary: true 26 | .properties.secure_service_instance_credentials: 27 | type: boolean 28 | value: true 29 | .properties.haproxy_forward_tls: 30 | value: disable 31 | .properties.gorouter_ssl_ciphers: 32 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 33 | .properties.haproxy_ssl_ciphers: 34 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 35 | .properties.networking_poe_ssl_certs: 36 | value: 37 | - name: certificate 38 | certificate: 39 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 40 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 41 | .uaa.service_provider_key_credentials: 42 | value: 43 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 44 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 45 | -------------------------------------------------------------------------------- /deploy_pcf/2.7/ert-resources-srt.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "backup_restore": { 3 | "instances": 0 4 | }, 5 | "mysql_monitor": { 6 | "instances": 0 7 | }, 8 | "ha_proxy": { 9 | "instances": 1 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /deploy_pcf/2.7/ert-resources.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "ha_proxy": { 3 | "instances": 1 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /deploy_pcf/2.7/gcp_cf.yml.erb: -------------------------------------------------------------------------------- 1 | <% buildpacks_bucket=`terraform output buildpacks_bucket`.strip 2 | droplets_bucket=`terraform output droplets_bucket`.strip 3 | packages_bucket=`terraform output packages_bucket`.strip 4 | resources_bucket=`terraform output resources_bucket`.strip 5 | project=`terraform output project`.strip 6 | service_account_email=`terraform output service_account_email`.strip 7 | cf_azs=`terraform output azs`.strip.split(",\n") 8 | cf_azs.rotate!(1) 9 | pas_subnet_name=`terraform output pas_subnet_name`.strip %> 10 | 11 | product-properties: 12 | .cloud_controller.system_domain: 13 | value: sys.<%= ENV.fetch('DOMAIN') %> 14 | .cloud_controller.apps_domain: 15 | value: apps.<%= ENV.fetch('DOMAIN') %> 16 | .properties.haproxy_forward_tls: 17 | value: disable 18 | .properties.gorouter_ssl_ciphers: 19 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 20 | .properties.haproxy_ssl_ciphers: 21 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 22 | .properties.networking_poe_ssl_certs: 23 | value: 24 | - name: certificate 25 | certificate: 26 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 27 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 28 | .router.frontend_idle_timeout: 29 | value: 540 30 | .properties.credhub_internal_provider_keys: 31 | value: 32 | - name: primary-encryption-key 33 | key: 34 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 35 | primary: true 36 | .properties.secure_service_instance_credentials: 37 | type: boolean 38 | value: true 39 | .properties.security_acknowledgement: 40 | value: X 41 | .properties.system_blobstore: 42 | value: internal 43 | .properties.tcp_routing: 44 | value: disable 45 | .mysql_monitor.recipient_email: 46 | value: test@example.com 47 | .uaa.service_provider_key_credentials: 48 | value: 49 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 50 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 51 | network-properties: 52 | singleton_availability_zone: 53 | name: <%= cf_azs[0] %> 54 | other_availability_zones: 55 | - name: <%= cf_azs[0] %> 56 | network: 57 | name: <%= pas_subnet_name %> 58 | -------------------------------------------------------------------------------- /deploy_pcf/2.7/gcp_cf_resources.json.erb: -------------------------------------------------------------------------------- 1 | <% tcp_router=`terraform output tcp_router_pool`.strip 2 | http_lb=`terraform output http_lb_backend_name`.strip 3 | ws_router=`terraform output ws_router_pool`.strip 4 | ssh_router=`terraform output ssh_router_pool`.strip %> 5 | 6 | { 7 | "tcp_router": { 8 | "elb_names": [ 9 | "tcp:<%= tcp_router %>" 10 | ] 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "tcp:<%= ws_router %>" 16 | ] 17 | }, 18 | "diego_brain": { 19 | "instances": 1, 20 | "elb_names": [ 21 | "tcp:<%= ssh_router %>" 22 | ] 23 | }, 24 | "ha_proxy": { 25 | "instances": 0 26 | }, 27 | "diego_cell": { 28 | "instances": 1, 29 | "instance_type": { 30 | "id": "toolsmiths.n1-highmem-2.128" 31 | } 32 | }, 33 | "uaa": { 34 | "instances": 1, 35 | "instance_type": { 36 | "id": "toolsmiths.custom-1-2.32" 37 | } 38 | }, 39 | "cloud_controller": { 40 | "instances": 1, 41 | "instance_type": { 42 | "id": "toolsmiths.custom-1-4.32" 43 | } 44 | }, 45 | "credhub": { 46 | "instances": 1 47 | }, 48 | "nfs_server": { 49 | "instances": 1, 50 | "instance_type": { 51 | "id": "medium.disk" 52 | } 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /deploy_pcf/2.7/gcp_cf_resources_srt.json.erb: -------------------------------------------------------------------------------- 1 | <% http_lb=`terraform output http_lb_backend_name`.strip 2 | ws_router=`terraform output ws_router_pool`.strip 3 | ssh_router=`terraform output ssh_router_pool`.strip %> 4 | 5 | { 6 | "backup_restore": { 7 | "instances": 0 8 | }, 9 | "mysql_monitor": { 10 | "instances": 0 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "tcp:<%= ws_router %>" 16 | ] 17 | }, 18 | "control": { 19 | "instances": 1, 20 | "elb_names": [ 21 | "tcp:<%= ssh_router %>" 22 | ] 23 | }, 24 | "compute": { 25 | "instances": 1, 26 | "instance_type": { 27 | "id": "toolsmiths.n1-highmem-2.128" 28 | } 29 | }, 30 | "blobstore": { 31 | "instances": 1, 32 | "instance_type": { 33 | "id": "medium.disk" 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /deploy_pcf/2.7/vsphere_cf.yml.erb: -------------------------------------------------------------------------------- 1 | product-properties: 2 | .properties.security_acknowledgement: 3 | type: string 4 | value: I agree 5 | .mysql_monitor.recipient_email: 6 | type: string 7 | value: bogus@this.is.just.a.placeholder.pivotal.io 8 | .cloud_controller.system_domain: 9 | type: wildcard_domain 10 | value: sys.<%= ENV.fetch('DOMAIN') %> 11 | .cloud_controller.apps_domain: 12 | type: wildcard_domain 13 | value: apps.<%= ENV.fetch('DOMAIN') %> 14 | .ha_proxy.static_ips: 15 | type: ip_ranges 16 | value: <%= ENV.fetch('HAPROXY_IP') %> 17 | .ha_proxy.skip_cert_verify: 18 | type: boolean 19 | value: true 20 | .properties.credhub_internal_provider_keys: 21 | value: 22 | - name: primary-encryption-key 23 | key: 24 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 25 | primary: true 26 | .properties.secure_service_instance_credentials: 27 | type: boolean 28 | value: true 29 | .properties.haproxy_forward_tls: 30 | value: disable 31 | .properties.gorouter_ssl_ciphers: 32 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 33 | .properties.haproxy_ssl_ciphers: 34 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 35 | .properties.networking_poe_ssl_certs: 36 | value: 37 | - name: certificate 38 | certificate: 39 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 40 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 41 | .uaa.service_provider_key_credentials: 42 | value: 43 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 44 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 45 | -------------------------------------------------------------------------------- /deploy_pcf/3.0/ert-resources-srt.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "backup_restore": { 3 | "instances": 0 4 | }, 5 | "mysql_monitor": { 6 | "instances": 0 7 | }, 8 | "ha_proxy": { 9 | "instances": 1 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /deploy_pcf/3.0/ert-resources.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "ha_proxy": { 3 | "instances": 1 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /deploy_pcf/3.0/gcp_cf.yml.erb: -------------------------------------------------------------------------------- 1 | <% buildpacks_bucket=`terraform output buildpacks_bucket`.strip 2 | droplets_bucket=`terraform output droplets_bucket`.strip 3 | packages_bucket=`terraform output packages_bucket`.strip 4 | resources_bucket=`terraform output resources_bucket`.strip 5 | project=`terraform output project`.strip 6 | service_account_email=`terraform output service_account_email`.strip 7 | cf_azs=`terraform output azs`.strip.split(",\n") 8 | cf_azs.rotate!(1) 9 | pas_subnet_name=`terraform output pas_subnet_name`.strip %> 10 | 11 | product-properties: 12 | .cloud_controller.system_domain: 13 | value: sys.<%= ENV.fetch('DOMAIN') %> 14 | .cloud_controller.apps_domain: 15 | value: apps.<%= ENV.fetch('DOMAIN') %> 16 | .properties.gorouter_ssl_ciphers: 17 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 18 | .properties.networking_poe_ssl_certs: 19 | value: 20 | - name: certificate 21 | certificate: 22 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 23 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 24 | .router.frontend_idle_timeout: 25 | value: 540 26 | .properties.credhub_internal_provider_keys: 27 | value: 28 | - name: primary-encryption-key 29 | key: 30 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 31 | primary: true 32 | .properties.secure_service_instance_credentials: 33 | type: boolean 34 | value: true 35 | .properties.security_acknowledgement: 36 | value: X 37 | .properties.system_blobstore: 38 | value: internal 39 | .properties.tcp_routing: 40 | value: disable 41 | .mysql_monitor.recipient_email: 42 | value: test@example.com 43 | .uaa.service_provider_key_credentials: 44 | value: 45 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 46 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 47 | network-properties: 48 | singleton_availability_zone: 49 | name: <%= cf_azs[0] %> 50 | other_availability_zones: 51 | - name: <%= cf_azs[0] %> 52 | network: 53 | name: <%= pas_subnet_name %> 54 | -------------------------------------------------------------------------------- /deploy_pcf/3.0/gcp_cf_resources.json.erb: -------------------------------------------------------------------------------- 1 | <% tcp_router=`terraform output tcp_router_pool`.strip 2 | http_lb=`terraform output http_lb_backend_name`.strip 3 | ws_router=`terraform output ws_router_pool`.strip 4 | ssh_router=`terraform output ssh_router_pool`.strip %> 5 | 6 | { 7 | "tcp_router": { 8 | "elb_names": [ 9 | "tcp:<%= tcp_router %>" 10 | ] 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "tcp:<%= ws_router %>" 16 | ] 17 | }, 18 | "diego_brain": { 19 | "instances": 1, 20 | "elb_names": [ 21 | "tcp:<%= ssh_router %>" 22 | ] 23 | }, 24 | "diego_cell": { 25 | "instances": 1, 26 | "instance_type": { 27 | "id": "toolsmiths.n1-highmem-2.128" 28 | } 29 | }, 30 | "uaa": { 31 | "instances": 1, 32 | "instance_type": { 33 | "id": "toolsmiths.custom-1-2.32" 34 | } 35 | }, 36 | "cloud_controller": { 37 | "instances": 1, 38 | "instance_type": { 39 | "id": "toolsmiths.custom-1-4.64" 40 | } 41 | }, 42 | "credhub": { 43 | "instances": 1 44 | }, 45 | "nfs_server": { 46 | "instances": 1, 47 | "instance_type": { 48 | "id": "toolsmiths.medium-disk-2-4.32" 49 | } 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /deploy_pcf/3.0/gcp_cf_resources_srt.json.erb: -------------------------------------------------------------------------------- 1 | <% http_lb=`terraform output http_lb_backend_name`.strip 2 | ws_router=`terraform output ws_router_pool`.strip 3 | ssh_router=`terraform output ssh_router_pool`.strip %> 4 | 5 | { 6 | "backup_restore": { 7 | "instances": 0 8 | }, 9 | "mysql_monitor": { 10 | "instances": 0 11 | }, 12 | "router": { 13 | "instances": 1, 14 | "elb_names": [ 15 | "tcp:<%= ws_router %>" 16 | ] 17 | }, 18 | "control": { 19 | "instances": 1, 20 | "elb_names": [ 21 | "tcp:<%= ssh_router %>" 22 | ] 23 | }, 24 | "compute": { 25 | "instances": 1, 26 | "instance_type": { 27 | "id": "toolsmiths.n1-highmem-2.128" 28 | } 29 | }, 30 | "blobstore": { 31 | "instances": 1, 32 | "instance_type": { 33 | "id": "toolsmiths.medium-disk-2-4.32" 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /deploy_pcf/3.0/vsphere_cf.yml.erb: -------------------------------------------------------------------------------- 1 | product-properties: 2 | .properties.security_acknowledgement: 3 | type: string 4 | value: I agree 5 | .mysql_monitor.recipient_email: 6 | type: string 7 | value: bogus@this.is.just.a.placeholder.pivotal.io 8 | .cloud_controller.system_domain: 9 | type: wildcard_domain 10 | value: sys.<%= ENV.fetch('DOMAIN') %> 11 | .cloud_controller.apps_domain: 12 | type: wildcard_domain 13 | value: apps.<%= ENV.fetch('DOMAIN') %> 14 | .ha_proxy.static_ips: 15 | type: ip_ranges 16 | value: <%= ENV.fetch('HAPROXY_IP') %> 17 | .ha_proxy.skip_cert_verify: 18 | type: boolean 19 | value: true 20 | .properties.credhub_internal_provider_keys: 21 | value: 22 | - name: primary-encryption-key 23 | key: 24 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 25 | primary: true 26 | .properties.secure_service_instance_credentials: 27 | type: boolean 28 | value: true 29 | .properties.gorouter_ssl_ciphers: 30 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 31 | .properties.networking_poe_ssl_certs: 32 | value: 33 | - name: certificate 34 | certificate: 35 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 36 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 37 | .uaa.service_provider_key_credentials: 38 | value: 39 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 40 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 41 | -------------------------------------------------------------------------------- /deploy_pcf/README.md: -------------------------------------------------------------------------------- 1 | # Deploy PCF files 2 | In this directory, we maintain files that we use to automate the deploy of PCFs to vSphere and GCP. 3 | 4 | ### Creating NS records in AWS Route53 5 | - We use the `aws_dns_delegate_ns.json.erb` file to delegate NS records to AWS Route53 6 | 7 | ### Configuring BOSH director/OpsManager 8 | - We use the following files to configure the BOSH director for GCP 9 | - `gcp_azs.json.erb` 10 | - `gcp_iaas.json.erb` 11 | - `gcp_network_assignment.json.erb` 12 | - `gcp_networks.json.erb` 13 | - We use the following file to configure the VM settings for the OpsManager on vSphere 14 | - `opsman_settings.json.erb` 15 | - We use the following files to configure the BOSH director for vSphere 16 | - `networks.json.erb` 17 | - `iaas.json.erb` 18 | 19 | ### Custom Terraform variables to be used with `terraforming-gcp` 20 | - We use the `terraform.tfvar.erb` file to send custom variables to the `terraforming-gcp` scripts. 21 | 22 | ### Configuring ERT 23 | - We have a `default` folder that houses the default configuration files for the different versions of ERT from 1.8 - 2.1 24 | - Inside the folder, there are files for both vSphere and GCP. The vSphere files start with `ert-` where as the GCP files start with `gcp_cf_` 25 | - To override the defaults, create a folder for the version of ERT (eg. `2.1`) and put a copy of the file to be overridden inside it. 26 | -------------------------------------------------------------------------------- /deploy_pcf/append_custom_vm_type.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | require 'json' 4 | 5 | default_vm_types_file = File.read(ARGV[0]) 6 | custom_vm_types_file = ARGV[1].nil? ? '{}' : File.read(ARGV[1]) 7 | 8 | default_vm_types_hash = JSON.parse(default_vm_types_file) 9 | custom_vm_types_list = JSON.parse(custom_vm_types_file) 10 | 11 | if custom_vm_types_list.nil? 12 | p 'No custom vm types provided!' 13 | else 14 | custom_vm_types_list.each { |vm| default_vm_types_hash["vm_types"].push(vm) } 15 | end 16 | 17 | 18 | File.open('modified_vm_types.json','w') do |f| 19 | f.write(default_vm_types_hash.to_json) 20 | end 21 | -------------------------------------------------------------------------------- /deploy_pcf/aws_dns_delegate_ns.json.erb: -------------------------------------------------------------------------------- 1 | <% action = ENV['ACTION'] || 'UPSERT' %> 2 | <% name_servers = [] -%> 3 | <% File.readlines('google_name_servers.txt').each do |line| -%> 4 | <% name_servers << "{\"Value\": \"#{line.strip}\"}" -%> 5 | <% end -%> 6 | { 7 | "Comment": "<%= action %> NS record for <%= ENV.fetch('ENV_NAME') %>.cf-app.com", 8 | "Changes": [ 9 | { 10 | "Action": "<%= action %>", 11 | "ResourceRecordSet": { 12 | "Name": "<%= ENV.fetch('ENV_NAME') %>.cf-app.com.", 13 | "Type": "NS", 14 | "TTL": 300, 15 | "ResourceRecords": [ 16 | <%= name_servers.join(',') %> 17 | ] 18 | } 19 | } 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /deploy_pcf/default/custom_vm_types.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "toolsmiths.n1-highmem-2.128", 4 | "ram": 13312, 5 | "cpu": 2, 6 | "ephemeral_disk": 131072, 7 | "builtin": false 8 | }, 9 | { 10 | "name": "toolsmiths.custom-1-2.32", 11 | "ram": 2048, 12 | "cpu": 1, 13 | "ephemeral_disk": 32768, 14 | "builtin": false 15 | }, 16 | { 17 | "name": "toolsmiths.custom-1-4.32", 18 | "ram": 4096, 19 | "cpu": 1, 20 | "ephemeral_disk": 32768, 21 | "builtin": false 22 | }, 23 | { 24 | "name": "toolsmiths.custom-1-4.64", 25 | "ram": 4096, 26 | "cpu": 1, 27 | "ephemeral_disk": 65536, 28 | "builtin": false 29 | }, 30 | { 31 | "name": "toolsmiths.medium-disk-2-4.32", 32 | "ram": 4096, 33 | "cpu": 2, 34 | "ephemeral_disk": 32768, 35 | "builtin": false 36 | }, 37 | { 38 | "name": "toolsmiths.custom-highram-2-32.128", 39 | "ram": 32768, 40 | "cpu": 2, 41 | "ephemeral_disk": 131072, 42 | "builtin": false 43 | } 44 | ] 45 | -------------------------------------------------------------------------------- /deploy_pcf/default/gcp_bosh_config.yml.erb: -------------------------------------------------------------------------------- 1 | <% 2 | require 'ipaddr' 3 | azs=`terraform output azs`.strip.split(",\n") 4 | azs.rotate!(1) 5 | region=`terraform output region`.strip 6 | network_name=`terraform output network_name`.strip 7 | management_subnet_name=`terraform output management_subnet_name`.strip 8 | management_subnet_cidrs=`terraform output management_subnet_cidrs`.strip 9 | management_subnet_range=IPAddr.new(management_subnet_cidrs).to_range() 10 | management_subnet_gateway=`terraform output management_subnet_gateway`.strip 11 | pas_subnet_name=`terraform output pas_subnet_name`.strip 12 | pas_subnet_cidrs=`terraform output pas_subnet_cidrs`.strip 13 | pas_subnet_range=IPAddr.new(pas_subnet_cidrs).to_range() 14 | pas_subnet_gateway=`terraform output pas_subnet_gateway`.strip 15 | services_subnet_name=`terraform output services_subnet_name`.strip 16 | services_subnet_cidrs=`terraform output services_subnet_cidrs`.strip 17 | services_subnet_range=IPAddr.new(services_subnet_cidrs).to_range() 18 | services_subnet_gateway=`terraform output services_subnet_gateway`.strip 19 | -%> 20 | 21 | security-configuration: 22 | opsmanager_root_ca_trusted_certs: true 23 | director-configuration: 24 | ntp_servers_string: "169.254.169.254" 25 | az-configuration: 26 | - name: <%= azs[0] %> 27 | - name: <%= azs[1] %> 28 | - name: <%= azs[2] %> 29 | iaas-configuration: 30 | project: <%= ENV.fetch('GCP_PROJECT_NAME') %> 31 | default_deployment_tag: <%= ENV.fetch('DEFAULT_DEPLOYMENT_TAG') %> 32 | auth_json: <%= ENV.fetch('GCP_SERVICE_ACCOUNT_KEY').inspect %> 33 | network-assignment: 34 | singleton_availability_zone: 35 | name: <%= azs[0] %> 36 | network: 37 | name: <%= management_subnet_name %> 38 | networks-configuration: 39 | icmp_checks_enabled: false 40 | networks: 41 | - name: <%= management_subnet_name %> 42 | subnets: 43 | - iaas_identifier: <%= network_name %>/<%= management_subnet_name %>/<%= region %> 44 | cidr: <%= management_subnet_cidrs %> 45 | reserved_ip_ranges: <%= management_subnet_range.entries[0] %>-<%= management_subnet_range.entries[4] %> 46 | dns: 8.8.8.8 47 | gateway: <%= management_subnet_gateway %> 48 | availability_zone_names: <%= azs %> 49 | - name: <%= pas_subnet_name %> 50 | subnets: 51 | - iaas_identifier: <%= network_name %>/<%= pas_subnet_name %>/<%= region %> 52 | cidr: <%= pas_subnet_cidrs %> 53 | reserved_ip_ranges: <%= pas_subnet_range.entries[0] %>-<%= pas_subnet_range.entries[4] %> 54 | dns: 8.8.8.8 55 | gateway: <%= pas_subnet_gateway %> 56 | availability_zone_names: <%= azs %> 57 | - name: <%= services_subnet_name %> 58 | subnets: 59 | - iaas_identifier: <%= network_name %>/<%= services_subnet_name %>/<%= region %> 60 | cidr: <%= services_subnet_cidrs %> 61 | reserved_ip_ranges: <%= services_subnet_range.entries[0] %>-<%= services_subnet_range.entries[4] %> 62 | dns: 169.254.169.254 63 | gateway: <%= services_subnet_gateway %> 64 | availability_zone_names: <%= azs %> 65 | -------------------------------------------------------------------------------- /deploy_pcf/default/openstack-ert-resources.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "ha_proxy": { 3 | "floating_ips": <%= ENV.fetch('HAPROXY_PUBLIC_IP').dump %>, 4 | "instances": 1 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /deploy_pcf/default/openstack_bosh_config.yml.erb: -------------------------------------------------------------------------------- 1 | <% 2 | keystone_version = ENV.fetch('KEYSTONE_VERSION', 'v2.0') 3 | %> 4 | --- 5 | iaas-configuration: 6 | identity_endpoint: <%= ENV.fetch('AUTH_URL') %> 7 | username: <%= ENV.fetch('USERNAME') %> 8 | password: <%= ENV.fetch('PASSWORD') %> 9 | tenant: <%= ENV.fetch('ENV_NAME') %> 10 | security_group: <%= ENV.fetch('ENV_NAME') %>-ops-manager 11 | key_pair_name: <%= ENV.fetch('KEYPAIR') %> 12 | ssh_private_key: "<%= ENV.fetch('SSH_PRIVATE_KEY').gsub(/\n/,'\\n') %>" 13 | region: <%= ENV.fetch('ENV_REGION') %> 14 | ignore_server_availability_zone: false 15 | disable_dhcp: false 16 | networking_model: nova 17 | keystone_version: <%= keystone_version %> 18 | <% if keystone_version != 'v2.0' -%> 19 | domain: <%= ENV.fetch('KEYSTONE_DOMAIN') %> 20 | <% end -%> 21 | director-configuration: 22 | ntp_servers_string: <%= ENV.fetch('NTP_SERVERS_STRING', 'ntp1.svc.pivotal.io') %> 23 | az-configuration: 24 | - name: <%= ENV.fetch('AZ') %> 25 | networks-configuration: 26 | icmp_checks_enabled: true 27 | networks: 28 | - name: <%= ENV.fetch('ENV_NAME') %>-pas-internal-network 29 | subnets: 30 | - iaas_identifier: <%= ENV.fetch('INTERNAL_NETWORK_ID') %> 31 | cidr: <%= ENV.fetch('INTERNAL_CIDR') %> 32 | dns: <%= ENV.fetch('DNS') %> 33 | gateway: <%= ENV.fetch('INTERNAL_GATEWAY') %> 34 | reserved_ip_ranges: <%= ENV.fetch('INTERNAL_RESERVED_IPS') %> 35 | availability_zone_names: 36 | - <%= ENV.fetch('AZ') %> 37 | network-assignment: 38 | singleton_availability_zone: 39 | name: <%= ENV.fetch('AZ') %> 40 | network: 41 | name: <%= ENV.fetch('ENV_NAME') %>-pas-internal-network 42 | -------------------------------------------------------------------------------- /deploy_pcf/default/openstack_cf.yml.erb: -------------------------------------------------------------------------------- 1 | --- 2 | product-properties: 3 | .properties.security_acknowledgement: 4 | value: "I do not agree" 5 | .uaa.service_provider_key_credentials: 6 | value: 7 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 8 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 9 | .mysql_monitor.recipient_email: 10 | value: bogus@this.is.just.a.placeholder.pivotal.io 11 | .cloud_controller.system_domain: 12 | value: sys.<%= ENV.fetch('DOMAIN') %> 13 | .cloud_controller.apps_domain: 14 | value: apps.<%= ENV.fetch('DOMAIN') %> 15 | .ha_proxy.static_ips: 16 | value: <%= ENV.fetch('HAPROXY_IP') %> 17 | .ha_proxy.skip_cert_verify: 18 | value: true 19 | .properties.credhub_key_encryption_passwords: 20 | value: 21 | - name: primary-encryption-key 22 | key: 23 | secret: <%= (ENV.fetch('DEFAULT_OPSMAN_PASSWORD') * 3)[0..25].dump %> 24 | primary: true 25 | .properties.secure_service_instance_credentials: 26 | value: true 27 | .properties.haproxy_forward_tls: 28 | value: disable 29 | .properties.gorouter_ssl_ciphers: 30 | value: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 31 | .properties.haproxy_ssl_ciphers: 32 | value: DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384 33 | .properties.networking_poe_ssl_certs: 34 | value: 35 | - name: certificate 36 | certificate: 37 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 38 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 39 | 40 | -------------------------------------------------------------------------------- /deploy_pcf/default/vsphere_bosh_config.yml.erb: -------------------------------------------------------------------------------- 1 | az-configuration: 2 | - name: default 3 | cluster: <%= ENV.fetch('VC_CLUSTER') %> 4 | resource_pool: <%= ENV.fetch('ENV_NAME') %> 5 | director-configuration: 6 | ntp_servers_string: ntp1.svc.pivotal.io 7 | network-assignment: 8 | singleton_availability_zone: 9 | name: default 10 | network: 11 | name: default 12 | networks-configuration: 13 | icmp_checks_enabled: false 14 | networks: 15 | - name: default 16 | subnets: 17 | - iaas_identifier: <%= ENV.fetch('ENV_NAME') %> 18 | cidr: <%= ENV.fetch('CIDR') %> 19 | reserved_ip_ranges: <%= ENV.fetch('RESERVED_IP_RANGES') %> 20 | dns: <%= ENV.fetch('DNS') %> 21 | gateway: <%= ENV.fetch('GATEWAY') %> 22 | availability_zone_names: [default] 23 | iaas-configuration: 24 | vcenter_host: <%= ENV.fetch('VC_URL') %> 25 | vcenter_username: <%= ENV.fetch('VC_USERNAME') %> 26 | vcenter_password: <%= ENV.fetch('VC_PASSWORD') %> 27 | datacenter: <%= ENV.fetch('VC_DATACENTER') %> 28 | disk_type: thin 29 | ephemeral_datastores_string: <%= ENV.fetch('VC_DATASTORE') %> 30 | persistent_datastores_string: <%= ENV.fetch('VC_DATASTORE') %> 31 | bosh_vm_folder: <%= ENV.fetch('ENV_NAME') %>_vms 32 | bosh_template_folder: <%= ENV.fetch('ENV_NAME') %>_templates 33 | bosh_disk_path: <%= ENV.fetch('ENV_NAME') %>_disks 34 | -------------------------------------------------------------------------------- /deploy_pcf/gcp_istio_router_lb_override.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_firewall" "cf-mesh" { 2 | name = "${var.env_name}-cf-mesh" 3 | network = "${google_compute_network.pcf-network.name}" 4 | 5 | allow { 6 | protocol = "tcp" 7 | ports = ["80", "443"] 8 | } 9 | 10 | target_tags = ["${var.env_name}-cf-mesh"] 11 | } 12 | 13 | resource "google_compute_address" "cf-mesh" { 14 | name = "${var.env_name}-cf-mesh" 15 | } 16 | 17 | resource "google_compute_http_health_check" "cf-mesh" { 18 | name = "${var.env_name}-cf-mesh" 19 | port = 8002 20 | check_interval_sec = 5 21 | timeout_sec = 3 22 | healthy_threshold = 3 23 | unhealthy_threshold = 3 24 | } 25 | 26 | resource "google_compute_target_pool" "cf-mesh" { 27 | name = "${var.env_name}-cf-mesh" 28 | 29 | health_checks = [ 30 | "${google_compute_http_health_check.cf-mesh.name}", 31 | ] 32 | } 33 | 34 | resource "google_compute_forwarding_rule" "cf-mesh-https" { 35 | name = "${var.env_name}-cf-mesh-https" 36 | target = "${google_compute_target_pool.cf-mesh.self_link}" 37 | port_range = "443" 38 | ip_protocol = "TCP" 39 | ip_address = "${google_compute_address.cf-mesh.address}" 40 | } 41 | 42 | resource "google_compute_forwarding_rule" "cf-mesh-http" { 43 | name = "${var.env_name}-cf-mesh-http" 44 | target = "${google_compute_target_pool.cf-mesh.self_link}" 45 | port_range = "80" 46 | ip_protocol = "TCP" 47 | ip_address = "${google_compute_address.cf-mesh.address}" 48 | } 49 | 50 | resource "google_dns_record_set" "wildcard-mesh-apps-dns" { 51 | name = "*.mesh.apps.${google_dns_managed_zone.env_dns_zone.dns_name}" 52 | type = "A" 53 | ttl = 300 54 | 55 | managed_zone = "${google_dns_managed_zone.env_dns_zone.name}" 56 | 57 | rrdatas = ["${google_compute_address.cf-mesh.address}"] 58 | } 59 | 60 | output "mesh_router_pool" { 61 | value = "${google_compute_firewall.cf-mesh.name}" 62 | } 63 | 64 | output "mesh_dns" { 65 | value = "${replace(replace(google_dns_record_set.wildcard-mesh-apps-dns.name, "/^\\*\\./", ""), "/\\.$/", "")}" 66 | } 67 | -------------------------------------------------------------------------------- /deploy_pcf/gcp_ops_manager_image_timeout_override.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_image" "ops-manager-image" { 2 | timeouts { 3 | create = "90m" 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /deploy_pcf/gcp_ops_manager_service_account_override.tf: -------------------------------------------------------------------------------- 1 | resource "google_service_account" "opsman_service_account" { 2 | count = 0 3 | account_id = "${var.env_name}-opsman" 4 | display_name = "${var.env_name} Ops Manager VM Service Account" 5 | } 6 | 7 | resource "google_service_account_key" "opsman_service_account_key" { 8 | count = 0 9 | service_account_id = "${google_service_account.opsman_service_account.id}" 10 | } 11 | 12 | resource "google_compute_instance" "ops-manager" { 13 | name = "${var.env_name}-ops-manager" 14 | machine_type = "${var.opsman_machine_type}" 15 | zone = "${element(var.zones, 1)}" 16 | tags = ["${var.env_name}-ops-manager-external"] 17 | 18 | timeouts { 19 | create = "10m" 20 | } 21 | 22 | boot_disk { 23 | initialize_params { 24 | image = "${google_compute_image.ops-manager-image.self_link}" 25 | size = 150 26 | type = "pd-ssd" 27 | } 28 | } 29 | 30 | network_interface { 31 | subnetwork = "${google_compute_subnetwork.management-subnet.name}" 32 | 33 | access_config { 34 | nat_ip = "${google_compute_address.ops-manager-ip.address}" 35 | } 36 | } 37 | 38 | service_account { 39 | scopes = ["cloud-platform"] 40 | } 41 | 42 | metadata = { 43 | ssh-keys = "${format("ubuntu:%s", tls_private_key.ops-manager.public_key_openssh)}" 44 | block-project-ssh-keys = "TRUE" 45 | } 46 | } 47 | 48 | output "service_account_email" { 49 | value = "${element(concat(google_service_account.opsman_service_account.*.email, list("")), 0)}" 50 | } 51 | 52 | -------------------------------------------------------------------------------- /deploy_pcf/gcp_tcp_lb_dns_pks_override.tf.erb: -------------------------------------------------------------------------------- 1 | <% 2 | env_name = ENV.fetch('ENV_NAME') 3 | cluster_name = "#{env_name}-pks-cluster-1" 4 | %> 5 | 6 | resource "google_compute_address" "pks-tcp" { 7 | name = "<%= cluster_name %>" 8 | } 9 | 10 | resource "google_compute_target_pool" "pks-tcp" { 11 | name = "<%= cluster_name %>" 12 | } 13 | 14 | resource "google_compute_forwarding_rule" "pks-tcp" { 15 | name = "<%= cluster_name %>" 16 | target = "${google_compute_target_pool.pks-tcp.self_link}" 17 | port_range = "8443" 18 | ip_protocol = "TCP" 19 | ip_address = "${google_compute_address.pks-tcp.address}" 20 | } 21 | -------------------------------------------------------------------------------- /deploy_pcf/gcp_use_public_ops_manager_image_override.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_instance" "ops-manager" { 2 | boot_disk { 3 | initialize_params { 4 | image = "${var.opsman_image_url}" 5 | size = 150 6 | type = "pd-ssd" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /deploy_pcf/gcp_ws_lb_dns_override.tf.erb: -------------------------------------------------------------------------------- 1 | <% 2 | load_balancer = 'google_compute_address.cf-ws.address' 3 | %> 4 | resource "google_dns_record_set" "wildcard-sys-dns" { 5 | rrdatas = ["${<%= load_balancer %>}"] 6 | } 7 | 8 | resource "google_dns_record_set" "wildcard-apps-dns" { 9 | rrdatas = ["${<%= load_balancer %>}"] 10 | } 11 | 12 | // There is a bug on GCP DNS, For more details please see: #177709735 13 | resource "google_dns_record_set" "login-sys-dns" { 14 | name = "login.sys.${google_dns_managed_zone.env_dns_zone.dns_name}" 15 | type = "A" 16 | ttl = 300 17 | 18 | managed_zone = "${google_dns_managed_zone.env_dns_zone.name}" 19 | 20 | rrdatas = ["${<%= load_balancer %>}"] 21 | } 22 | 23 | // There is a bug on GCP DNS, For more details please see: #177709735 24 | resource "google_dns_record_set" "uaa-sys-dns" { 25 | name = "uaa.sys.${google_dns_managed_zone.env_dns_zone.dns_name}" 26 | type = "A" 27 | ttl = 300 28 | 29 | managed_zone = "${google_dns_managed_zone.env_dns_zone.name}" 30 | 31 | rrdatas = ["${<%= load_balancer %>}"] 32 | } 33 | 34 | // There is a bug on GCP DNS, For more details please see: #177709735 35 | resource "google_dns_record_set" "wildcard-login-sys-dns" { 36 | name = "*.login.sys.${google_dns_managed_zone.env_dns_zone.dns_name}" 37 | type = "A" 38 | ttl = 300 39 | 40 | managed_zone = "${google_dns_managed_zone.env_dns_zone.name}" 41 | 42 | rrdatas = ["${<%= load_balancer %>}"] 43 | } 44 | 45 | // There is a bug on GCP DNS, For more details please see: #177709735 46 | resource "google_dns_record_set" "wildcard-uaa-sys-dns" { 47 | name = "*.uaa.sys.${google_dns_managed_zone.env_dns_zone.dns_name}" 48 | type = "A" 49 | ttl = 300 50 | 51 | managed_zone = "${google_dns_managed_zone.env_dns_zone.name}" 52 | 53 | rrdatas = ["${<%= load_balancer %>}"] 54 | } 55 | -------------------------------------------------------------------------------- /deploy_pcf/generate_minimal_ert_resource_list.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | require 'json' 4 | 5 | original_resources = File.read(ARGV[0]) 6 | resource_overrides = ARGV[1].nil? ? '{}' : File.read(ARGV[1]) 7 | 8 | original_resources_json = JSON.parse(original_resources) 9 | instances_to_modify = {} 10 | 11 | original_resources_json['resources'].each do |resource| 12 | desired_resources = 0 13 | #"" means "Use the 'Automatic' value, stored in instances_best_fit" 14 | if resource['instances'] == "" 15 | if resource['instances_best_fit'] == "" 16 | puts "WARN: instances and instances_best_fit are both the empty string. This is unexpected and unhandled." 17 | end 18 | desired_resources = resource['instances_best_fit'] 19 | else 20 | desired_resources = resource['instances'] 21 | end 22 | if desired_resources > 1 23 | instances_to_modify[resource['identifier']] = {instances: 1} 24 | end 25 | end 26 | 27 | instances_to_modify.merge!(JSON.parse(resource_overrides)) 28 | 29 | File.open('modified_resources.json','w') do |f| 30 | f.write(instances_to_modify.to_json) 31 | end 32 | -------------------------------------------------------------------------------- /deploy_pcf/has_custom_vm_types.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | require 'json' 4 | 5 | default_vm_types = JSON.parse(File.read(ARGV[0]))['vm_types'] 6 | custom_vm_types = JSON.parse(File.read(ARGV[1])) 7 | 8 | shared_vm_types = default_vm_types & custom_vm_types 9 | if shared_vm_types != custom_vm_types 10 | puts false 11 | exit(0) 12 | end 13 | 14 | puts true 15 | -------------------------------------------------------------------------------- /deploy_pcf/mk_ssl_cert_key.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | [[ ${1} ]] && DOMAIN=${1} 5 | : ${DOMAIN:?must be set the DNS domain root (ex: example.cf-app.com)} 6 | : ${KEY_BITS:=2048} 7 | : ${DAYS:=365} 8 | 9 | openssl req -new -x509 -nodes -sha256 -newkey rsa:${KEY_BITS} -days ${DAYS} -keyout ${DOMAIN}.ca.key.pkcs8 -out ${DOMAIN}.ca.crt -config <( cat << EOF 10 | [ req ] 11 | prompt = no 12 | distinguished_name = dn 13 | 14 | [ dn ] 15 | C = US 16 | O = Pivotal 17 | CN = Toolsmiths autogenerated CA 18 | 19 | EOF 20 | ) 21 | 22 | openssl rsa -in ${DOMAIN}.ca.key.pkcs8 -out ${DOMAIN}.ca.key 23 | 24 | openssl req -nodes -sha256 -newkey rsa:${KEY_BITS} -days ${DAYS} -keyout ${DOMAIN}.key -out ${DOMAIN}.csr -config <( cat << EOF 25 | [ req ] 26 | prompt = no 27 | distinguished_name = dn 28 | req_extensions = v3_req 29 | 30 | [ dn ] 31 | C = US 32 | O = Pivotal 33 | CN = *.${DOMAIN} 34 | 35 | [ v3_req ] 36 | subjectAltName = DNS:*.${DOMAIN}, DNS:*.apps.${DOMAIN}, DNS:*.sys.${DOMAIN}, DNS:*.login.sys.${DOMAIN}, DNS:*.uaa.sys.${DOMAIN} 37 | EOF 38 | ) 39 | 40 | openssl x509 -req -in ${DOMAIN}.csr -CA ${DOMAIN}.ca.crt -CAkey ${DOMAIN}.ca.key.pkcs8 -CAcreateserial -out ${DOMAIN}.host.crt -days ${DAYS} -sha256 -extfile <( cat << EOF 41 | basicConstraints = CA:FALSE 42 | subjectAltName = DNS:*.${DOMAIN}, DNS:*.apps.${DOMAIN}, DNS:*.sys.${DOMAIN}, DNS:*.login.sys.${DOMAIN}, DNS:*.uaa.sys.${DOMAIN} 43 | subjectKeyIdentifier = hash 44 | EOF 45 | ) 46 | 47 | cat ${DOMAIN}.host.crt ${DOMAIN}.ca.crt > ${DOMAIN}.crt 48 | -------------------------------------------------------------------------------- /deploy_pcf/opsman_settings.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "DiskProvisioning":"thin", 3 | "IPAllocationPolicy":"dhcpPolicy", 4 | "IPProtocol":"IPv4", 5 | "NetworkMapping": [{ 6 | "Name":"Network 1", 7 | "Network":"<%= ENV.fetch('ENV_NAME') %>" 8 | }], 9 | "PropertyMapping":[ 10 | {"Key":"custom_hostname","Value":"<%= ENV.fetch('ENV_NAME') %>-ops-manager"}, 11 | {"Key":"ip0","Value":"<%= ENV.fetch('OPSMAN_IP') %>"}, 12 | {"Key":"netmask0","Value":"<%= ENV.fetch('NETMASK') %>"}, 13 | {"Key":"gateway","Value":"<%= ENV.fetch('GATEWAY') %>"}, 14 | {"Key":"DNS","Value":"<%= ENV.fetch('DNS') %>"}, 15 | {"Key":"ntp_servers","Value":"<%= ENV.fetch('NTP') %>"}, 16 | {"Key":"admin_password","Value":"<%= ENV.fetch('UBUNTU_PASSWORD') %>"}, 17 | {"Key":"public_ssh_key","Value":"<%= ENV.fetch('PUBLIC_SSH_KEY') %>"} 18 | ], 19 | "PowerOn":false, 20 | "InjectOvfEnv":false, 21 | "WaitForIP":false 22 | } 23 | -------------------------------------------------------------------------------- /deploy_pcf/pks/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pivotal-cf/toolsmiths-shared-scripts/9e0b6171bf37a960094149c1e5c1bb7287328ce2/deploy_pcf/pks/.DS_Store -------------------------------------------------------------------------------- /deploy_pcf/pks/gcp_bosh_pks_subnet_config.yml.erb: -------------------------------------------------------------------------------- 1 | <% 2 | require 'ipaddr' 3 | network_name=`terraform output network_name`.strip 4 | region=`terraform output region`.strip 5 | azs=`terraform output azs`.strip.split(",\n") 6 | pks_subnet_name=`terraform output pks_subnet_name`.strip 7 | pks_subnet_cidrs=`terraform output pks_subnet_cidrs`.strip 8 | pks_subnet_range=IPAddr.new(pks_subnet_cidrs).to_range() 9 | pks_subnet_gateway=`terraform output pks_subnet_gateway`.strip 10 | pks_services_subnet_name=`terraform output pks_services_subnet_name`.strip 11 | pks_services_subnet_cidrs=`terraform output pks_services_subnet_cidrs`.strip 12 | pks_services_subnet_range=IPAddr.new(pks_services_subnet_cidrs).to_range() 13 | pks_services_subnet_gateway=`terraform output pks_services_subnet_gateway`.strip 14 | %> 15 | networks-configuration: 16 | networks: 17 | - name: <%= pks_subnet_name %> 18 | subnets: 19 | - iaas_identifier: <%= network_name %>/<%= pks_subnet_name %>/<%= region %> 20 | cidr: <%= pks_subnet_cidrs %> 21 | reserved_ip_ranges: <%= pks_subnet_range.entries[1] %>-<%= pks_subnet_range.entries[9] %> 22 | dns: 169.254.169.254 23 | gateway: <%= pks_subnet_gateway %> 24 | availability_zone_names: <%= azs %> 25 | - name: <%= pks_services_subnet_name %> 26 | subnets: 27 | - iaas_identifier: <%= network_name %>/<%= pks_services_subnet_name %>/<%= region %> 28 | cidr: <%= pks_services_subnet_cidrs %> 29 | reserved_ip_ranges: <%= pks_services_subnet_range.entries[1] %>-<%= pks_services_subnet_range.entries[9] %> 30 | dns: 169.254.169.254 31 | gateway: <%= pks_services_subnet_gateway %> 32 | availability_zone_names: <%= azs %> 33 | -------------------------------------------------------------------------------- /deploy_pcf/pks/gcp_pks.yml.erb: -------------------------------------------------------------------------------- 1 | <% pks_azs=`terraform output azs`.strip.split(",\n") 2 | pks_azs.rotate!(1) 3 | project=`terraform output project`.strip 4 | network=`terraform output network_name`.strip 5 | pks_lb_backend_name=`terraform output pks_lb_backend_name`.strip 6 | pks_subnet_name=`terraform output pks_subnet_name`.strip 7 | pks_services_subnet_name=`terraform output pks_services_subnet_name`.strip %> 8 | 9 | network-properties: 10 | singleton_availability_zone: 11 | name: <%= pks_azs[0] %> 12 | other_availability_zones: 13 | - name: <%= pks_azs[0] %> 14 | - name: <%= pks_azs[1] %> 15 | - name: <%= pks_azs[2] %> 16 | network: 17 | name: <%= pks_subnet_name %> 18 | service_network: 19 | name: <%= pks_services_subnet_name %> 20 | 21 | product-properties: 22 | .properties.pks_api_hostname: 23 | value: api.pks.<%= ENV.fetch('DOMAIN') %> 24 | .pivotal-container-service.pks_tls: 25 | value: 26 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 27 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 28 | 29 | .properties.plan1_selector: 30 | value: "Plan Active" 31 | .properties.plan1_selector.active.master_az_placement: 32 | value: 33 | - <%= pks_azs[0] %> 34 | .properties.plan1_selector.active.worker_az_placement: 35 | value: 36 | - <%= pks_azs[0] %> 37 | 38 | .properties.cloud_provider: 39 | value: "GCP" 40 | .properties.cloud_provider.gcp.project_id: 41 | value: <%= project %> 42 | .properties.cloud_provider.gcp.network: 43 | value: <%= network %> 44 | .properties.cloud_provider.gcp.master_service_account: 45 | value: <%= ENV.fetch('MASTER_SERVICE_ACCOUNT_EMAIL') %> 46 | .properties.cloud_provider.gcp.worker_service_account: 47 | value: <%= ENV.fetch('WORKER_SERVICE_ACCOUNT_EMAIL') %> 48 | .properties.vm_extensions: 49 | value: 50 | - "public_ip" 51 | 52 | .properties.telemetry_selector: 53 | selected_option: "enabled" 54 | value: "enabled" 55 | .properties.telemetry_selector.enabled.environment_provider: 56 | value: "pivotal-cf-toolsmiths" 57 | .properties.telemetry_installation_purpose_selector: 58 | value: dev_or_pre_prod 59 | # This property is found in the UAA config section 60 | .properties.oidc_selector: 61 | value: disabled 62 | 63 | resource-config: 64 | pivotal-container-service: 65 | elb_names: 66 | - tcp:<%= pks_lb_backend_name %> 67 | -------------------------------------------------------------------------------- /deploy_pcf/pks/gcp_service_account_override.tf: -------------------------------------------------------------------------------- 1 | // do not create service accounts and service account keys for PKS, because of terraform failure. 2 | resource "google_service_account" "pks_master_node_service_account" { 3 | count = 0 4 | account_id = "${var.env_name}-pks-master-node" 5 | display_name = "${var.env_name} PKS Service Account" 6 | } 7 | 8 | resource "google_service_account" "pks_worker_node_service_account" { 9 | count = 0 10 | account_id = "${var.env_name}-pks-worker-node" 11 | display_name = "${var.env_name} PKS Service Account" 12 | } 13 | resource "google_service_account_key" "pks_master_node_service_account_key" { 14 | count = 0 15 | service_account_id = "${google_service_account.pks_master_node_service_account.id}" 16 | } 17 | 18 | resource "google_service_account_key" "pks_worker_node_service_account_key" { 19 | count = 0 20 | service_account_id = "${google_service_account.pks_worker_node_service_account.id}" 21 | } 22 | -------------------------------------------------------------------------------- /deploy_pcf/pks/vsphere_pks.yml.erb: -------------------------------------------------------------------------------- 1 | --- 2 | product-name: pivotal-container-service 3 | 4 | network-properties: 5 | singleton_availability_zone: 6 | name: default 7 | other_availability_zones: 8 | - name: default 9 | network: 10 | name: default 11 | service_network: 12 | name: default 13 | 14 | product-properties: 15 | .properties.pks_api_hostname: 16 | value: api.pks.<%= ENV.fetch('DOMAIN') %> 17 | .pivotal-container-service.pks_tls: 18 | value: 19 | cert_pem: <%= ENV.fetch('DOMAIN_CRT').dump %> 20 | private_key_pem: <%= ENV.fetch('DOMAIN_KEY').dump %> 21 | 22 | .properties.plan1_selector: 23 | value: "Plan Active" 24 | .properties.plan1_selector.active.master_az_placement: 25 | value: 26 | - default 27 | .properties.plan1_selector.active.worker_az_placement: 28 | value: 29 | - default 30 | 31 | .properties.cloud_provider: 32 | value: "vSphere" 33 | .properties.cloud_provider.vsphere.vcenter_master_creds: 34 | value: 35 | identity: <%= ENV.fetch('VC_USERNAME') %> 36 | password: <%= ENV.fetch('VC_PASSWORD') %> 37 | .properties.cloud_provider.vsphere.vcenter_ip: 38 | value: <%= ENV.fetch('VC_URL') %> 39 | .properties.cloud_provider.vsphere.vcenter_dc: 40 | value: <%= ENV.fetch('VC_DATACENTER') %> 41 | .properties.cloud_provider.vsphere.vcenter_ds: 42 | value: <%= ENV.fetch('VC_DATASTORE') %> 43 | .properties.cloud_provider.vsphere.vcenter_vms: 44 | value: <%= ENV.fetch('ENV_NAME') %>_vms 45 | 46 | .properties.telemetry_selector: 47 | selected_option: "enabled" 48 | value: "enabled" 49 | .properties.telemetry_selector.enabled.environment_provider: 50 | value: "pivotal-cf-toolsmiths" 51 | .properties.telemetry_installation_purpose_selector: 52 | value: dev_or_pre_prod 53 | # This property is found in the UAA config section 54 | .properties.oidc_selector: 55 | value: disabled 56 | -------------------------------------------------------------------------------- /deploy_pcf/terraform.aws.route53.tf: -------------------------------------------------------------------------------- 1 | variable "aws_access_key" {} 2 | variable "aws_access_secret" {} 3 | variable "aws_hosted_zone_id" {} 4 | 5 | provider "aws" { 6 | alias = "aws" 7 | access_key = "${var.aws_access_key}" 8 | secret_key = "${var.aws_access_secret}" 9 | region = "us-east-1" 10 | } 11 | 12 | resource "aws_route53_record" "pcf" { 13 | provider = "aws.aws" 14 | zone_id = "${var.aws_hosted_zone_id}" 15 | name = "pcf.${var.project}" 16 | type = "A" 17 | ttl = "60" 18 | records = [ 19 | "${openstack_networking_floatingip_v2.ops_manager.address}"] 20 | } 21 | 22 | resource "aws_route53_record" "sys-wildcard" { 23 | provider = "aws.aws" 24 | zone_id = "${var.aws_hosted_zone_id}" 25 | name = "*.sys.${var.project}" 26 | type = "A" 27 | ttl = "60" 28 | records = [ 29 | "${openstack_networking_floatingip_v2.ha_proxy.address}"] 30 | } 31 | 32 | resource "aws_route53_record" "apps-wildcard" { 33 | provider = "aws.aws" 34 | zone_id = "${var.aws_hosted_zone_id}" 35 | name = "*.apps.${var.project}" 36 | type = "A" 37 | ttl = "60" 38 | records = [ 39 | "${openstack_networking_floatingip_v2.ha_proxy.address}"] 40 | } 41 | 42 | resource "aws_route53_record" "uaa-wildcard" { 43 | provider = "aws.aws" 44 | zone_id = "${var.aws_hosted_zone_id}" 45 | name = "*.uaa.sys.${var.project}" 46 | type = "A" 47 | ttl = "60" 48 | records = [ 49 | "${openstack_networking_floatingip_v2.ha_proxy.address}"] 50 | } 51 | 52 | resource "aws_route53_record" "login-wildcard" { 53 | provider = "aws.aws" 54 | zone_id = "${var.aws_hosted_zone_id}" 55 | name = "*.login.sys.${var.project}" 56 | type = "A" 57 | ttl = "60" 58 | records = [ 59 | "${openstack_networking_floatingip_v2.ha_proxy.address}"] 60 | } 61 | -------------------------------------------------------------------------------- /deploy_pcf/terraform.openstack.tfvars.erb: -------------------------------------------------------------------------------- 1 | env_name = "<%= ENV.fetch('ENV_NAME') %>" 2 | project = "<%= ENV.fetch('ENV_NAME') %>" 3 | username = "<%= ENV.fetch('USERNAME') %>" 4 | password = "<%= ENV.fetch('PASSWORD') %>" 5 | domain = "<%= ENV.fetch('DOMAIN') %>" 6 | region = "<%= ENV.fetch('ENV_REGION') %>" 7 | az = "<%= ENV.fetch('AZ') %>" 8 | dns_nameservers = <%= ENV.fetch('DNS').split(',') %> 9 | auth_url = "<%= ENV.fetch('AUTH_URL') %>" 10 | keypair = "<%= ENV.fetch('KEYPAIR') %>" 11 | external_network_name = "<%= ENV.fetch('EXTERNAL_NET_NAME') %>" 12 | internal_cidr = "<%= ENV.fetch('INTERNAL_CIDR') %>" 13 | ops_manager_image = "<%= ENV.fetch('OPSMAN_IMAGE') %>" 14 | key = "" 15 | aws_access_key = "<%= ENV.fetch('AWS_ACCESS_KEY_ID') %>" 16 | aws_access_secret = "<%= ENV.fetch('AWS_SECRET_ACCESS_KEY') %>" 17 | aws_hosted_zone_id = "<%= ENV.fetch('AWS_HOSTED_ZONE_ID') %>" 18 | -------------------------------------------------------------------------------- /deploy_pcf/terraform.tfvars.erb: -------------------------------------------------------------------------------- 1 | <% 2 | region = ENV.fetch('ENV_REGION', 'us-central1') 3 | tries = ENV.fetch('TRIES', 0).to_i 4 | case region 5 | when 'us-central1' 6 | zones = ['us-central1-b', 'us-central1-f', 'us-central1-c'] 7 | when 'europe-west1' 8 | zones = ['europe-west1-b', 'europe-west1-c', 'europe-west1-d'] 9 | else 10 | raise "Unsupported region '#{region}'" 11 | end 12 | %> 13 | 14 | env_name = "<%= ENV.fetch('ENV_NAME') %>" 15 | region = "<%= region %>" 16 | opsman_image_url = "<%= ENV.fetch('ops_man_image_project') %>/<%= ENV.fetch('ops_man_image_name') %>" 17 | zones = <%= zones.rotate!(tries) %> 18 | project = "<%= ENV.fetch('GCP_PROJECT_NAME') %>" 19 | dns_suffix = "cf-app.com" 20 | create_gcs_buckets = true 21 | ssl_cert = "<%= File.read("./#{ENV.fetch('ENV_NAME')}.cf-app.com.crt").gsub("\n", '\n') %>" 22 | ssl_private_key = "<%= File.read("./#{ENV.fetch('ENV_NAME')}.cf-app.com.key").gsub("\n", '\n') %>" 23 | service_account_key = < 25 | SERVICE_ACCOUNT_KEY 26 | create_iam_service_account_members = false 27 | create_blobstore_service_account_key = false 28 | pks = <%= ENV.key?('PKS_VERSION_FILTER') %> 29 | create_gcs_buckets = false 30 | -------------------------------------------------------------------------------- /deploy_pcf/upload_root_ca_to_credhub.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -ex 4 | PATH=$(pwd):$PATH 5 | export PATH 6 | 7 | urflag=false 8 | prflag=false 9 | erflag=false 10 | 11 | NO_ARGS=0 12 | E_OPTERROR=85 13 | 14 | usage() { echo "Usage: cmd -u -p -e >" 1>&2; exit 1; } 15 | 16 | if [ $# -eq "$NO_ARGS" ] 17 | then 18 | usage 19 | exit $E_OPTERROR 20 | fi 21 | 22 | while getopts "u:p:e:" Option 23 | do 24 | case $Option in 25 | u ) 26 | urflag=true 27 | OPSMAN_USERNAME=$OPTARG 28 | ;; 29 | p ) 30 | prflag=true 31 | OPSMAN_PASSWORD=$OPTARG 32 | ;; 33 | e ) 34 | erflag=true 35 | ENV_NAME=$OPTARG 36 | ;; 37 | * ) usage ;; 38 | esac 39 | done 40 | shift $(($OPTIND - 1)) 41 | 42 | if ! $urflag || ! $prflag || ! $trflag || ! $erflag 43 | then 44 | echo "Required option was not specified" >&2 45 | usage 46 | fi 47 | 48 | export OPSMAN_USERNAME 49 | export OPSMAN_PASSWORD 50 | export ENV_NAME 51 | export TARGET="https://pcf.${ENV_NAME}.cf-app.com" 52 | 53 | uaa_login="$(./om-linux -t $TARGET -u $OPSMAN_USERNAME -p $OPSMAN_PASSWORD -k curl -s -p /api/v0/deployed/director/credentials/uaa_login_client_credentials)" 54 | uaa_admin="$(./om-linux -t $TARGET -u $OPSMAN_USERNAME -p $OPSMAN_PASSWORD -k curl -s -p /api/v0/deployed/director/credentials/uaa_admin_user_credentials)" 55 | 56 | login_client_cred="$(echo "$uaa_login" | jq -r .credential.value.password)" 57 | admin_user_name="$(echo "$uaa_admin" | jq -r .credential.value.identity)" 58 | admin_user_password="$(echo "$uaa_admin" | jq -r .credential.value.password)" 59 | 60 | set +e 61 | which uaac > /dev/null 62 | UAAC_EC=$? 63 | set -e 64 | 65 | if [ $UAAC_EC -ne 0 ] 66 | then 67 | echo "uaac was not found on our PATH. Assuming we're on a 1.12 PCF and using the version in the tempest-web vendor directory." 68 | UAAC_DIR=/home/tempest-web/tempest/web/vendor/uaac 69 | UAAC="bundle exec vendor/bundle/ruby/2.3.0/bin/uaac" 70 | else 71 | UAAC_DIR="." 72 | UAAC=uaac 73 | fi 74 | 75 | pushd $UAAC_DIR 76 | $UAAC target 10.0.0.5:8443 --skip-ssl-validation 77 | $UAAC token owner get login $admin_user_name --password=$admin_user_password --secret=$login_client_cred 78 | 79 | if $UAAC clients | grep -q "name: credhub" 80 | then 81 | echo "credhub client already exists" 82 | else 83 | $UAAC client add --authorized_grant_types client_credentials --authorities credhub.read,credhub.write credhub --secret=credhub 84 | fi 85 | popd 86 | 87 | set +e 88 | which credhub > /dev/null 89 | CREDHUB_EC=$? 90 | set -e 91 | 92 | if [ $CREDHUB_EC -ne 0 ] 93 | then 94 | echo "credhub CLI was not found on our path. Assuming we're on a 1.12 PCF and downloading the CLI from github." 95 | curl -L https://github.com/cloudfoundry-incubator/credhub-cli/releases/download/1.7.7/credhub-linux-1.7.7.tgz | tar xzf - 96 | chmod +x ./credhub 97 | fi 98 | 99 | credhub login -s 10.0.0.5:8844 --ca-cert=/var/tempest/workspaces/default/root_ca_certificate --client-name=credhub --client-secret=credhub 100 | credhub set --type certificate --name /services/tls_ca \ 101 | --root <(jq -r .ca ./tls_ca.json) \ 102 | --certificate <(jq -r .certificate ./tls_ca.json) \ 103 | --private <(jq -r .private_key ./tls_ca.json) 104 | 105 | #Try to cleanup what we downloaded 106 | if [ -f ./credhub ] 107 | then 108 | rm ./credhub 109 | fi 110 | -------------------------------------------------------------------------------- /deploy_pcf/upload_tiles_to_opsman.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | PATH=$(pwd):$PATH 5 | export PATH 6 | 7 | urflag=false 8 | prflag=false 9 | trflag=false 10 | grflag=false 11 | vrflag=false 12 | erflag=false 13 | irflag=false 14 | srflag=false 15 | 16 | NO_ARGS=0 17 | E_OPTERROR=85 18 | 19 | usage() { echo "Usage: cmd -u -p -t -g -v -e -i -s " 1>&2; exit 1; } 20 | 21 | download_tile() { 22 | file_glob="INVALID_FILE_GLOB" 23 | 24 | case $PRODUCT_SLUG in 25 | 'elastic-runtime' ) 26 | export STAGE_PRODUCT_SLUG='cf' 27 | if [[ $GLOB_FILTER == *"srt"* ]]; then 28 | file_glob="srt*.pivotal" 29 | else 30 | file_glob="cf*.pivotal" 31 | fi 32 | ;; 33 | 'pivotal-container-service' ) 34 | export STAGE_PRODUCT_SLUG='pivotal-container-service' 35 | file_glob="*.pivotal" 36 | ;; 37 | *) 38 | echo "Unsupported slug: '$slug'" 39 | exit 1 40 | ;; 41 | esac 42 | 43 | release_version=$(pivnet-cli releases --product-slug $PRODUCT_SLUG --format=json | jq -r '.[ ] .version' | grep -F "${PRODUCT_VERSION}" | head -n 1) 44 | pivnet-cli download-product-files \ 45 | --product-slug $PRODUCT_SLUG \ 46 | --release-version "${release_version}" \ 47 | --glob $file_glob \ 48 | --accept-eula 49 | } 50 | 51 | check_stemcell_exists() { 52 | stemcell_slug=$1 53 | version=$2 54 | iaas_glob=$3 55 | if pivnet-cli product-files -p "$stemcell_slug" -r "$version" | grep "bosh-stemcell-${version}-${iaas_glob}" 1>/dev/null; then 56 | return 0 57 | else 58 | echo "WARNING: No stemcell files on Pivnet for version ${version} and IaaS ${IAAS}." >&2 59 | return 1 60 | fi 61 | } 62 | 63 | if [ $# -eq "$NO_ARGS" ] 64 | then 65 | usage 66 | exit $E_OPTERROR 67 | fi 68 | 69 | while getopts "u:p:t:g:v:e:i:s:" Option 70 | do 71 | case $Option in 72 | u ) 73 | urflag=true 74 | OPSMAN_USERNAME=$OPTARG 75 | ;; 76 | p ) 77 | prflag=true 78 | OPSMAN_PASSWORD=$OPTARG 79 | ;; 80 | t ) 81 | trflag=true 82 | PIVNET_TOKEN=$OPTARG 83 | ;; 84 | g ) 85 | grflag=true 86 | GLOB_FILTER=$OPTARG 87 | ;; 88 | v ) 89 | vrflag=true 90 | PRODUCT_VERSION=$OPTARG 91 | ;; 92 | e ) 93 | erflag=true 94 | ENV_NAME=$OPTARG 95 | ;; 96 | i ) 97 | irflag=true 98 | IAAS=$OPTARG 99 | ;; 100 | s ) 101 | srflag=true 102 | PRODUCT_SLUG=$OPTARG 103 | ;; 104 | * ) usage ;; 105 | esac 106 | done 107 | shift $(($OPTIND - 1)) 108 | 109 | if ! $urflag || ! $prflag || ! $trflag || ! $grflag || ! $vrflag || ! $erflag || ! $irflag || ! $srflag 110 | then 111 | echo "Required option was not specified" >&2 112 | usage 113 | fi 114 | 115 | export OPSMAN_USERNAME 116 | export OPSMAN_PASSWORD 117 | export ENV_NAME 118 | export PIVNET_TOKEN 119 | export PRODUCT_VERSION 120 | export GLOB_FILTER 121 | export IAAS 122 | export PRODUCT_SLUG 123 | 124 | echo 125 | echo "==============================================================================================" 126 | echo " Examining IAAS value ..." 127 | echo "==============================================================================================" 128 | stemcell_glob="" 129 | case $IAAS in 130 | "gcp") 131 | stemcell_glob="*google*";; 132 | "vsphere") 133 | stemcell_glob="*vsphere*";; 134 | *) 135 | echo "Unhandled IAAS value: '${IAAS}'" 136 | exit 1;; 137 | esac 138 | 139 | echo 140 | echo "==============================================================================================" 141 | echo " Downloding ${PRODUCT_SLUG} tile to @ https://pcf.$ENV_NAME.cf-app.com ..." 142 | echo "==============================================================================================" 143 | 144 | set +e 145 | tries=3 146 | while [[ ${tries} -gt 0 ]] 147 | do 148 | echo "# pivnet-cli login" 149 | pivnet-cli login --api-token "${PIVNET_TOKEN}" && break 150 | tries=$(( ${tries} - 1 )) 151 | echo "# pivnet-cli login ${tries} tries remaining" 152 | [[ ${tries} -gt 0 ]] && echo "pivnet-cli login - waiting 5 mins for next try" && sleep 300 153 | done 154 | set -e 155 | 156 | download_tile 157 | 158 | echo 159 | echo "==============================================================================================" 160 | echo " Uploading ${PRODUCT_SLUG} tile to @ https://pcf.$ENV_NAME.cf-app.com ..." 161 | echo "==============================================================================================" 162 | om-linux --target "https://pcf.${ENV_NAME}.cf-app.com" -k \ 163 | --username "${OPSMAN_USERNAME}" \ 164 | --password "${OPSMAN_PASSWORD}" \ 165 | --request-timeout 18000 \ 166 | upload-product \ 167 | --product ./*.pivotal 2>&1 | tee om-output.txt 168 | 169 | echo 170 | echo "==============================================================================================" 171 | echo " Staging ${PRODUCT_SLUG} tile to @ https://pcf.$ENV_NAME.cf-app.com ..." 172 | echo "==============================================================================================" 173 | uploaded_product_version=$(om-linux --target "https://pcf.${ENV_NAME}.cf-app.com" -k \ 174 | --username "${OPSMAN_USERNAME}" \ 175 | --password "${OPSMAN_PASSWORD}" \ 176 | available-products \ 177 | --format=json \ 178 | | jq -r ".[] | select(.name | contains(\"${STAGE_PRODUCT_SLUG}\")) | .version") 179 | 180 | uploaded_product_name=$(om-linux --target "https://pcf.${ENV_NAME}.cf-app.com" -k \ 181 | --username "${OPSMAN_USERNAME}" \ 182 | --password "${OPSMAN_PASSWORD}" \ 183 | available-products \ 184 | --format=json \ 185 | | jq -r ".[] | select(.name | contains(\"${STAGE_PRODUCT_SLUG}\")) | .name") 186 | 187 | om-linux --target "https://pcf.${ENV_NAME}.cf-app.com" -k \ 188 | --username "${OPSMAN_USERNAME}" \ 189 | --password "${OPSMAN_PASSWORD}" \ 190 | stage-product \ 191 | --product-name ${uploaded_product_name} \ 192 | --product-version "${uploaded_product_version}" 193 | 194 | stemcell_os=$(unzip -p "*.pivotal" metadata/*.yml | yq-go r - stemcell_criteria.os) 195 | tile_stemcell_version=$(unzip -p "*.pivotal" metadata/*.yml | yq-go r - stemcell_criteria.version) 196 | major_version=$(echo "$tile_stemcell_version" | cut -f1 -d'.') 197 | 198 | product_slug="" 199 | case $stemcell_os in 200 | "ubuntu-trusty") 201 | product_slug="stemcells" 202 | ;; 203 | *) 204 | product_slug="stemcells-${stemcell_os}";; 205 | esac 206 | 207 | has_tile="true" 208 | if ! check_stemcell_exists "$product_slug" "$tile_stemcell_version" "$stemcell_glob"; then 209 | has_tile="false" 210 | fi 211 | 212 | for i in $(seq 1 5); 213 | do 214 | latest_stemcell_version=$(pivnet-cli releases -p $product_slug --format=json | jq '.[].version' -r | grep -e "^$major_version$" -e "^$major_version\..*$" | sort --version-sort | tail -n $i | head -n 1) 215 | 216 | if [[ "$tile_stemcell_version" != "$latest_stemcell_version" ]]; then 217 | echo "Tile metadata specified $stemcell_os stemcell version $tile_stemcell_version, but $latest_stemcell_version is the latest usable release on Pivnet." 218 | fi 219 | 220 | has_latest="true" 221 | if ! check_stemcell_exists "$product_slug" "$latest_stemcell_version" "$stemcell_glob"; then 222 | has_latest="false" 223 | fi 224 | 225 | stemcell_version="" 226 | if [[ $has_tile == "true" ]]; then 227 | stemcell_version=$tile_stemcell_version 228 | break 229 | elif [[ $has_latest == "true" ]]; then 230 | stemcell_version=$latest_stemcell_version 231 | break 232 | else 233 | echo "Could not find $latest_stemcell_version." 234 | fi 235 | done 236 | 237 | if [[ $stemcell_version == "" ]]; then 238 | echo "ERROR: Could not find a compatible stemcell on Pivnet." >&2 239 | exit 1 240 | fi 241 | 242 | echo 243 | echo "==============================================================================================" 244 | echo " Downloading stemcell ${stemcell_os} version ${stemcell_version} ... " 245 | echo "==============================================================================================" 246 | 247 | pivnet-cli download-product-files \ 248 | --product-slug "${product_slug}" \ 249 | --release-version "${stemcell_version}" \ 250 | --glob "${stemcell_glob}" \ 251 | --accept-eula 252 | 253 | echo "==============================================================================================" 254 | echo " Uploading stemcell ${stemcell_os} version ${stemcell_version} ... " 255 | echo "==============================================================================================" 256 | om-linux --target "https://pcf.${ENV_NAME}.cf-app.com" -k \ 257 | --username "${OPSMAN_USERNAME}" \ 258 | --password "${OPSMAN_PASSWORD}" \ 259 | upload-stemcell \ 260 | --stemcell ./${stemcell_glob}.tgz 261 | 262 | rm -rfv ./*.pivotal ./*.tgz 263 | -------------------------------------------------------------------------------- /scripts/certbot_authenticator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # authenticate to the GCP Project 4 | echo $GCP_SERVICE_ACCOUNT_KEY > account_key.json 5 | gcloud auth activate-service-account --key-file account_key.json 6 | 7 | # Create TXT record 8 | gcloud dns record-sets transaction start --zone=${ENV_NAME}-zone 9 | challenge_record=$(gcloud dns record-sets list -z ${ENV_NAME}-zone | grep "_acme-challenge.${CERTBOT_DOMAIN}.") 10 | if [ -n "$challenge_record" ]; then 11 | echo "found the TXT record: ${challenge_record}" 12 | r_name=$(echo $challenge_record | awk '{print $1}') 13 | r_type=$(echo $challenge_record | awk '{print $2}') 14 | r_ttl=$(echo $challenge_record | awk '{print $3}') 15 | r_data=$(echo $challenge_record | awk '{print $4}') 16 | gcloud dns record-sets transaction remove ${r_data} --name=${r_name} --type=${r_type} --ttl=${r_ttl} --zone=${ENV_NAME}-zone 17 | fi 18 | 19 | # pass positional arg as data after -- to dodge issus with challenge strings starting with hyphens 20 | # see https://issuetracker.google.com/issues/193054503?pli=1 21 | gcloud dns record-sets transaction add --name=_acme-challenge.${CERTBOT_DOMAIN}. --ttl=300 --type=TXT --zone=${ENV_NAME}-zone -- "$CERTBOT_VALIDATION" 22 | gcloud dns record-sets transaction execute --zone=${ENV_NAME}-zone 23 | 24 | # Sleep to make sure the change has time to propagate over to DNS 25 | sleep 120 26 | -------------------------------------------------------------------------------- /scripts/certbot_cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "the cleanup script was run" 3 | -------------------------------------------------------------------------------- /scripts/credhub-tfstate: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | require 'zlib' 4 | require 'stringio' 5 | require 'English' 6 | 7 | def usage 8 | puts 'Usage:' 9 | puts ' Gzips and uuencode/decodes Terraform tfstate and stores/retrieves from credhub' 10 | puts ' Requires ENV_NAME environment variable' 11 | puts ' credhub-tfstate set|get' 12 | end 13 | 14 | if ARGV.length == 1 && !ENV['ENV_NAME'].nil? 15 | if ARGV[0] == 'set' 16 | tfstate = File.read('terraform.tfstate', tfstate) 17 | gzipped_tfstate = '' 18 | 19 | gzipped_writer = StringIO.new(gzipped_tfstate) 20 | gzw = Zlib::GzipWriter.new(gzipped_writer) 21 | gzw.write(tfstate) 22 | gzw.close 23 | 24 | encoded_tfstate = [gzipped_tfstate].pack('u') 25 | 26 | # Store in an env var to get around funky Ruby interpolation issues. 27 | ENV['ENCODED_TFSTATE'] = encoded_tfstate 28 | 29 | `credhub set -t value -n "$ENV_NAME/tfstate_gz_uu" -v "$ENCODED_TFSTATE"` 30 | 31 | exit $CHILD_STATUS.exitstatus 32 | elsif ARGV[0] == 'get' 33 | encoded_tfstate = `credhub get -n "$ENV_NAME/tfstate_gz_uu" --output-json | jq -r '.["value"]'` 34 | 35 | # uudecode the data 36 | decoded_tfstate = encoded_tfstate.unpack('u') 37 | tfstate_reader = StringIO.new(decoded_tfstate[0]) 38 | 39 | # Gunzip the data 40 | gz = Zlib::GzipReader.new(tfstate_reader) 41 | tfstate = gz.read 42 | gz.close 43 | 44 | File.write('terraform.tfstate', tfstate) 45 | end 46 | else 47 | usage 48 | exit 1 49 | end 50 | -------------------------------------------------------------------------------- /scripts/metrics_pipeline/task_pipeline_metrics.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: registry-image 6 | source: 7 | repository: cftoolsmiths/network-check 8 | run: 9 | path: /usr/local/bin/ruby 10 | args: 11 | - '-e' 12 | - | 13 | require 'wavefront-sdk/credentials' 14 | require 'wavefront-sdk/write' 15 | metrics_source = ENV.fetch('METRICS_SOURCE') 16 | wf = Wavefront::Write.new( 17 | Wavefront::Credentials.new.all, 18 | writer: :api, 19 | noauto: true, 20 | ) 21 | wf.open 22 | wf.write([{ 23 | path: "toolsmiths.pipeline", 24 | value: ENV.fetch('PIPELINE_COMPLETE'), 25 | source: metrics_source, 26 | tags: { 27 | 'environment' => ENV.fetch('ENV_NAME'), 28 | 'project' => ENV.fetch('GCP_PROJECT_NAME'), 29 | 'pool' => ENV.fetch('POOL_NAME') 30 | } 31 | }]) 32 | params: 33 | PIPELINE_COMPLETE: 0 34 | ENV_NAME: '' 35 | GCP_PROJECT_NAME: '' 36 | POOL_NAME: '' 37 | METRICS_SOURCE: '' 38 | WAVEFRONT_ENDPOINT: '' 39 | WAVEFRONT_TOKEN: '' 40 | -------------------------------------------------------------------------------- /scripts/nimbus-bosh-config.yml: -------------------------------------------------------------------------------- 1 | az-configuration: 2 | - name: default-az 3 | clusters: 4 | - cluster: cluster0 5 | network-assignment: 6 | singleton_availability_zone: 7 | name: default-az 8 | network: 9 | name: default-network 10 | networks-configuration: 11 | icmp_checks_enabled: true 12 | networks: 13 | - name: default-network 14 | subnets: 15 | - iaas_identifier: internal-network 16 | cidr: 192.168.111.0/24 17 | reserved_ip_ranges: 192.168.111.0-192.168.111.152 18 | dns: 10.195.12.31 19 | gateway: 192.168.111.1 20 | availability_zone_names: [default-az] 21 | properties-configuration: 22 | director_configuration: 23 | ntp_servers_string: time1.oc.vmware.com 24 | iaas_configuration: 25 | vcenter_host: 26 | vcenter_username: 27 | vcenter_password: 28 | datacenter: vcqaDC 29 | disk_type: thin 30 | ephemeral_datastores_string: local-0 31 | persistent_datastores_string: local-0 32 | bosh_vm_folder: pcf_vms 33 | bosh_template_folder: pcf_templates 34 | bosh_disk_path: pcf_disks 35 | -------------------------------------------------------------------------------- /scripts/nimbus-tas-config.yml: -------------------------------------------------------------------------------- 1 | product-name: cf 2 | errand-config: 3 | deploy-autoscaler: 4 | post-deploy-state: false 5 | deploy-notifications: 6 | post-deploy-state: false 7 | deploy-notifications-ui: 8 | post-deploy-state: false 9 | metric_registrar_smoke_test: 10 | post-deploy-state: false 11 | nfsbrokerpush: 12 | post-deploy-state: false 13 | push-apps-manager: 14 | post-deploy-state: false 15 | push-usage-service: 16 | post-deploy-state: false 17 | rotate_cc_database_key: 18 | post-deploy-state: false 19 | smbbrokerpush: 20 | post-deploy-state: false 21 | smoke_tests: 22 | post-deploy-state: true 23 | test-autoscaling: 24 | post-deploy-state: false 25 | resource-config: 26 | backup_restore: 27 | instances: 0 28 | ha_proxy: 29 | instances: 1 30 | mysql_monitor: 31 | instances: 0 32 | product-properties: 33 | .cloud_controller.apps_domain: 34 | type: wildcard_domain 35 | value: nimbus-tas.cf-app.com 36 | .cloud_controller.system_domain: 37 | type: wildcard_domain 38 | value: nimbus-tas.cf-app.com 39 | .ha_proxy.skip_cert_verify: 40 | type: boolean 41 | value: true 42 | .ha_proxy.static_ips: 43 | type: ip_ranges 44 | value: 192.168.111.153 45 | .mysql_monitor.recipient_email: 46 | type: string 47 | value: bogus@this.is.just.a.placeholder.pivotal.io 48 | .properties.credhub_internal_provider_keys: 49 | value: 50 | - key: 51 | secret: pivotalcfpivotalcfpivotalc 52 | name: primary-encryption-key 53 | primary: true 54 | .properties.haproxy_forward_tls: 55 | value: disable 56 | .properties.secure_service_instance_credentials: 57 | type: boolean 58 | value: true 59 | .properties.security_acknowledgement: 60 | type: string 61 | value: I agree 62 | -------------------------------------------------------------------------------- /scripts/nimbus_dual_networks.rb: -------------------------------------------------------------------------------- 1 | #command to run: /mts/git/bin/nimbus-testbeddeploy --testbedSpecRubyFile https://raw.githubusercontent.com/pivotal-cf/toolsmiths-shared-scripts/master/scripts/dual-network.rb --runName dual-network-claas-centos1 --context general:nsx 2 | $testbed = Proc.new do 3 | { 4 | "name" => "dual-network-testbed", 5 | "version" => 3, 6 | "network" => [ 7 | { 8 | "name" => "net.0", 9 | "enableDhcp" => true 10 | } 11 | ], 12 | "genericVm" => [ 13 | { 14 | "name" => "worker.0", 15 | "type" => "worker-template", 16 | "nics" => 2, 17 | "networks" => ["public", "nsx::net.0"] 18 | }, 19 | { 20 | "name" => "worker.1", 21 | "type" => "claas-centos", 22 | "nics" => 2, 23 | "networks" => ["nsx::net.0"] 24 | } 25 | ] 26 | } 27 | end 28 | -------------------------------------------------------------------------------- /scripts/nimbus_vc70_dual_networks.rb: -------------------------------------------------------------------------------- 1 | oneGB = 1 * 1000 * 1000 # in KB 2 | 3 | $testbed = Proc.new do 4 | { 5 | "name" => "testbed-test", 6 | "version" => 3, 7 | "network" => [ 8 | { 9 | "name" => "net.0", 10 | "enableDhcp" => true, 11 | "enableStaticIpService" => true 12 | } 13 | ], 14 | "esx" => (0..0).map do | idx | 15 | { 16 | "name" => "esx.#{idx}", 17 | "nics" => 2, # 2 NICs 18 | "networks" => ["public", "nsx::net.0"], 19 | "vc" => "vc.0", 20 | "customBuild" => "ob-15843807", 21 | "dc" => "vcqaDC", 22 | "clusterName" => "cluster0", 23 | "style" => "fullInstall", 24 | "cpus" => 32, # 32 vCPUs 25 | "memory" => 98000, # 98GB memory 26 | "fullClone" => true, 27 | "disks" => [ 10 * 1000 * oneGB ], # 10 TB Disk 28 | "guestOSlist" => [ 29 | { 30 | "vmName" => "centos-vm.#{idx}", 31 | "ovfuri" => NimbusUtils.get_absolute_ovf("CentOS-7-64-VMTools/CentOS-7-x64.ovf") 32 | } 33 | ] 34 | } 35 | end, 36 | 37 | "vcs" => [ 38 | { 39 | "name" => "vc.0", 40 | "type" => "vcva", 41 | "customBuild" => "ob-15952498", 42 | "dcName" => ["vcqaDC"], 43 | "enableDrs" => true, 44 | "clusters" => [ 45 | { 46 | "name" => "cluster0", 47 | "dc" => "vcqaDC" 48 | } 49 | ] 50 | } 51 | ], 52 | 53 | "beforePostBoot" => Proc.new do |runId, testbedSpec, vmList, catApi, logDir| 54 | end, 55 | "postBoot" => Proc.new do |runId, testbedSpec, vmList, catApi, logDir| 56 | end 57 | } 58 | end 59 | -------------------------------------------------------------------------------- /scripts/nimbus_vcenter67.rb: -------------------------------------------------------------------------------- 1 | oneGB = 1 * 1000 * 1000 # in KB 2 | 3 | $testbed = Proc.new do 4 | { 5 | "name" => "testbed-test", 6 | "version" => 3, 7 | "esx" => (0..1).map do | idx | 8 | { 9 | "name" => "esx.#{idx}", 10 | "vc" => "vc.0", 11 | "customBuild" => "ob-15817962", 12 | "dc" => "vcqaDC", 13 | "clusterName" => "cluster0", 14 | "style" => "fullInstall", 15 | "cpus" => 32, # of vCPUs 16 | "memory" => 98000, # 98GB memory 17 | "disks" => [ 1000 * oneGB, 1000 * oneGB ], 18 | "nicType" => ["vmxnet3"], 19 | "network" => ["public"], 20 | "guestOSlist" => [ 21 | { 22 | "vmName" => "centos-vm.#{idx}", 23 | "ovfuri" => NimbusUtils.get_absolute_ovf("CentOS-7-64-VMTools/CentOS-7-x64.ovf") 24 | } 25 | ] 26 | } 27 | end, 28 | 29 | "vcs" => [ 30 | { 31 | "name" => "vc.0", 32 | "type" => "vcva", 33 | "customBuild" => "ob-15843809", 34 | "dcName" => ["vcqaDC"], 35 | "clusters" => [ 36 | { 37 | "name" => "cluster0", 38 | "dc" => "vcqaDC", 39 | "enableDrs" => true 40 | } 41 | ], 42 | "nicType" => ["vmxnet3"], 43 | "network" => ["public"], 44 | } 45 | ], 46 | 47 | "beforePostBoot" => Proc.new do |runId, testbedSpec, vmList, catApi, logDir| 48 | end, 49 | "postBoot" => Proc.new do |runId, testbedSpec, vmList, catApi, logDir| 50 | end 51 | } 52 | end 53 | -------------------------------------------------------------------------------- /scripts/nimbus_vcenter70.rb: -------------------------------------------------------------------------------- 1 | oneGB = 1 * 1000 * 1000 # in KB 2 | 3 | $testbed = Proc.new do 4 | { 5 | "name" => "testbed-test", 6 | "version" => 3, 7 | "esx" => (0..0).map do | idx | 8 | { 9 | "name" => "esx.#{idx}", 10 | "vc" => "vc.0", 11 | "customBuild" => "ob-15843807", 12 | "dc" => "vcqaDC", 13 | "clusterName" => "cluster0", 14 | "style" => "fullInstall", 15 | "cpus" => 32, # 32 vCPUs 16 | "memory" => 98000, # 98GB memory 17 | "fullClone" => true, 18 | "disks" => [ 2 * 1000 * oneGB ], # 2 TB Disk 19 | "guestOSlist" => [ 20 | { 21 | "vmName" => "centos-vm.#{idx}", 22 | "ovfuri" => NimbusUtils.get_absolute_ovf("CentOS-7-64-VMTools/CentOS-7-x64.ovf") 23 | } 24 | ] 25 | } 26 | end, 27 | 28 | "vcs" => [ 29 | { 30 | "name" => "vc.0", 31 | "type" => "vcva", 32 | "customBuild" => "ob-15952498", 33 | "dcName" => ["vcqaDC"], 34 | "enableDrs" => true, 35 | "clusters" => [ 36 | { 37 | "name" => "cluster0", 38 | "dc" => "vcqaDC" 39 | } 40 | ] 41 | } 42 | ], 43 | 44 | "beforePostBoot" => Proc.new do |runId, testbedSpec, vmList, catApi, logDir| 45 | end, 46 | "postBoot" => Proc.new do |runId, testbedSpec, vmList, catApi, logDir| 47 | end 48 | } 49 | end 50 | -------------------------------------------------------------------------------- /scripts/pcf-internetless.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ## ---------------------------------------------------------------------- 3 | ## Requirement: 4 | ## o User must configure gcloud cli environment properly. 5 | ## ---------------------------------------------------------------------- 6 | 7 | set -e 8 | 9 | env_name=${1?you must provide a GCP environment as the first argument} 10 | 11 | ## ---------------------------------------------------------------------- 12 | ## Retrieve bosh director vm instance. This will fail if the gcloud 13 | ## cli environmenet isn't configured properly. 14 | ## ---------------------------------------------------------------------- 15 | 16 | bosh_director_vm="$(gcloud compute instances list --filter="networkInterfaces.networkIP~10.0.0.5 AND networkInterfaces.network~${env_name}-pcf-network" --format="value(NAME)")" 17 | 18 | if [ -z "${bosh_director_vm}" ]; then 19 | echo "FATAL: bosh_director VM not found. Check your gcloud cli environment" 20 | gcloud config list 21 | exit 2 22 | fi 23 | 24 | ## ---------------------------------------------------------------------- 25 | ## Apply network tag to bosh director and ops manager instances 26 | ## ---------------------------------------------------------------------- 27 | 28 | gcloud compute instances add-tags \ 29 | "${bosh_director_vm}" \ 30 | --tags "${env_name}-management" 31 | 32 | gcloud compute instances add-tags "${env_name}-ops-manager" \ 33 | --tags "${env_name}-management" 34 | 35 | ## ---------------------------------------------------------------------- 36 | ## create firewall EGRESS rules to restrict outgoing traffic 37 | ## ---------------------------------------------------------------------- 38 | 39 | gcloud compute firewall-rules create "${env_name}-internetless-management-egress" \ 40 | --network="${env_name}-pcf-network" \ 41 | --direction=egress \ 42 | --destination-ranges=0.0.0.0/0 \ 43 | --action=allow \ 44 | --rules=all \ 45 | --priority=0 \ 46 | --target-tags="${env_name}-management" 47 | 48 | gcloud compute firewall-rules create "${env_name}-internetless-intra-pcf-vm-egress-allow" \ 49 | --network="${env_name}-pcf-network" \ 50 | --direction=egress \ 51 | --destination-ranges="$(gcloud compute addresses list --filter "${env_name}-cf" --format="value[terminator=','](address)")"10.0.0.0/24,10.0.4.0/22,10.0.8.0/22 \ 52 | --action=allow \ 53 | --rules=all \ 54 | --priority=100 55 | 56 | gcloud compute firewall-rules create "${env_name}-internetless-egress-deny" \ 57 | --network="${env_name}-pcf-network" \ 58 | --direction=egress \ 59 | --destination-ranges=0.0.0.0/0 \ 60 | --action=deny \ 61 | --rules=all \ 62 | --priority=1000 63 | 64 | gcloud compute firewall-rules create "${env_name}-internetless-dns-egress" \ 65 | --network="${env_name}-pcf-network" \ 66 | --direction=egress \ 67 | --destination-ranges=8.8.8.8 \ 68 | --action=allow \ 69 | --rules=all \ 70 | --priority=4 71 | 72 | cat <-internetless-management-egress 10 | Ops Manager and Bosh Director granted access to all internet addresses 11 | 12 | -internetless-dns-egress 13 | All VMs can use the 8.8.8.8 DNS server 14 | 15 | -internetless-intra-pcf-vm-egress-allow 16 | All VMs can see each other’s private IP addresses & the loadbalancers 17 | 18 | -internetless-egress-deny 19 | All other internet access is blocked. This is mainly for the ERT VMs and any other tiles that happen to be installed later 20 | -------------------------------------------------------------------------------- /scripts/update_tracker_service.rb: -------------------------------------------------------------------------------- 1 | require 'octokit' 2 | require 'yaml' 3 | 4 | if ARGV.empty? 5 | puts "Please pass me YAML config file" 6 | puts "Usage: ruby update_tracker_service.rb " 7 | exit 8 | end 9 | config = YAML.load(File.open(ARGV[0])) 10 | 11 | @client = Octokit::Client.new(access_token: config['github_token']) 12 | @client.auto_paginate = true 13 | 14 | service_name = 'pivotaltracker' 15 | config_hash = {:token => config['tracker_token']} 16 | repos = config['repos'] 17 | repos.each do |repo| 18 | hook_array = @client.hooks("#{repo}").select { |hook| hook.name == service_name} 19 | if hook_array.length > 0 20 | id = hook_array.first.id 21 | puts "Updating repo: #{repo} service: #{service_name} with new token" 22 | @client.edit_hook("#{repo}", id, service_name, config_hash) 23 | else 24 | puts "Adding service: #{service_name} to repo: #{repo} with new token" 25 | @client.create_hook("#{repo}", service_name, config_hash) 26 | end 27 | end 28 | 29 | 30 | puts "Testing hook changes ..... " 31 | 32 | @client2 = Octokit::Client.new(access_token: config['github_token']) 33 | @client2.auto_paginate = true 34 | 35 | repos.each do |repo| 36 | hook_array = @client2.hooks("#{repo}").select { |hook| hook.name == service_name} 37 | id = hook_array.first.id 38 | 39 | # Incremental backoff since Github API doesn't immediately reflect changes. 40 | 41 | i = 1 42 | while i <= 4 do 43 | @client2.test_hook("#{repo}", id) 44 | sleep (2*i) 45 | 46 | if @client2.hooks("#{repo}").select { |hook| hook.name == service_name}.first.last_response.status == 'misconfigured' 47 | i += 1 48 | if i == 5 49 | puts "hook config failed for #{repo}" 50 | end 51 | else 52 | puts "hook config completed for: #{repo}" 53 | i = 5 54 | end 55 | end 56 | 57 | end 58 | 59 | -------------------------------------------------------------------------------- /scripts/update_tracker_service.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | github_token: 4 | tracker_token: 5 | repos: 6 | - Example-Org/Example-Repo 7 | - pivotal-cf/toolsmiths-docs 8 | -------------------------------------------------------------------------------- /scripts/vault-tfstate: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | require 'zlib' 4 | require 'stringio' 5 | 6 | def usage 7 | puts "Usage:" 8 | puts " Gzips and uuencode/decodes Terraform tfstate and stores/retrieves from vault" 9 | puts " Requires ENV_NAME environment variable" 10 | puts " vault-tfstate set|get" 11 | end 12 | 13 | if ARGV.length() == 1 && !(ENV['ENV_NAME'].nil?()) 14 | if ARGV[0] == "set" 15 | tfstate = File.read("terraform.tfstate", tfstate) 16 | gzipped_tfstate = "" 17 | 18 | gzipped_writer = StringIO.new(gzipped_tfstate) 19 | gzw = Zlib::GzipWriter.new(gzipped_writer) 20 | gzw.write(tfstate) 21 | gzw.close() 22 | 23 | encoded_tfstate = [gzipped_tfstate].pack('u') 24 | 25 | #Store in an env var to get around funky Ruby interpolation issues. 26 | ENV['ENCODED_TFSTATE'] = encoded_tfstate 27 | 28 | `vault write "/toolsmiths-envs/$ENV_NAME/tfstate_gz_uu" value="$ENCODED_TFSTATE"` 29 | 30 | elsif ARGV[0] == "get" 31 | encoded_tfstate = `vault read "/toolsmiths-envs/$ENV_NAME/tfstate_gz_uu" -format=json | jq -r '.data.value'` 32 | #uudecode the data 33 | decoded_tfstate = encoded_tfstate.unpack("u") 34 | tfstate_reader = StringIO.new(decoded_tfstate[0]) 35 | 36 | #Gunzip the data 37 | gz = Zlib::GzipReader.new(tfstate_reader) 38 | tfstate = gz.read() 39 | gz.close() 40 | 41 | File.write("terraform.tfstate",tfstate) 42 | end 43 | else 44 | usage() 45 | exit 1 46 | end 47 | --------------------------------------------------------------------------------