Last active
December 24, 2015 16:29
-
-
Save allomov/6828388 to your computer and use it in GitHub Desktop.
create_secure_groups_openstack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: lomov-cf | |
| releases: | |
| - name: cf | |
| version: 176 | |
| director_uuid: ab3dec87-3877-4169-97bc-5c62c765fe46 | |
| meta: | |
| # releases: ~ | |
| # environment: ~ | |
| # networks: | |
| # cf1: | |
| # type: manual | |
| # subnets: | |
| # - range: 192.168.115.0/24 | |
| # name: default | |
| # reserved: | |
| # - 192.168.115.0 - 192.168.115.10 | |
| # static: | |
| # - 192.168.115.20 - 192.168.115.254 | |
| # gateway: 192.168.115.1 | |
| # dns: | |
| # - 192.168.0.202 | |
| # - 8.8.8.8 | |
| openstack: | |
| auth_url: http://172.16.0.2:5000/v2.0 | |
| username: lomov | |
| api_key: qwaszx | |
| tenant: CF-Lomov | |
| default_security_groups: ["lomov-ssh", "lomov-bosh", "lomov-cf-private", "lomov-cf-public"] | |
| default_key_name: microbosh | |
| stemcell: | |
| name: bosh-openstack-kvm-ubuntu | |
| version: 2427 | |
| floating_static_ips: | |
| - 172.16.0.69 | |
| # - 172.16.0.75 - 172.16.0.79 | |
| networks: | |
| - name: floating | |
| type: vip | |
| cloud_properties: {} | |
| - name: cf2 | |
| type: vip | |
| cloud_properties: {} | |
| - name: cf1 | |
| type: manual | |
| subnets: | |
| - range: 192.168.115.0/24 | |
| name: default | |
| default: | |
| - dns | |
| - gateway | |
| reserved: | |
| - 192.168.115.2 - 192.168.115.10 | |
| static: | |
| - 192.168.115.20 - 192.168.115.254 | |
| gateway: 192.168.115.1 | |
| dns: | |
| - 192.168.0.202 | |
| - 8.8.8.8 | |
| cloud_properties: {} | |
| properties: | |
| domain: lomov-cf.altoros.com | |
| cc: | |
| app_events: | |
| cutoff_age_in_days: 31 | |
| app_usage_events: | |
| cutoff_age_in_days: 31 | |
| audit_events: | |
| cutoff_age_in_days: 31 | |
| billing_event_writing_enabled: true | |
| broker_client_timeout_seconds: 70 | |
| buildpacks: | |
| resource_directory_key: cc-buildpacks | |
| bulk_api_password: B1gP_ss0rd | |
| client_max_body_size: 256M | |
| db_encryption_key: DB_ENG_CC | |
| default_app_memory: 1024 | |
| default_quota_definition: default | |
| development_mode: false | |
| diego: false | |
| disable_custom_buildpacks: false | |
| droplets: | |
| resource_directory_key: cc-droplets | |
| hm9000_noop: false | |
| maximum_app_disk_in_mb: 2048 | |
| packages: | |
| resource_directory_key: cc-packages | |
| process_group: cloud_controller | |
| quota_definitions: | |
| default: | |
| memory_limit: 10240 | |
| non_basic_services_allowed: true | |
| total_routes: 1000 | |
| total_services: 100 | |
| trial_db_allowed: false | |
| runaway: | |
| memory_limit: 102400 | |
| non_basic_services_allowed: true | |
| total_routes: 1000 | |
| total_services: 100 | |
| trial_db_allowed: false | |
| resource_pool: | |
| resource_directory_key: cc-resources | |
| srv_api_uri: http://api.lomov-cf.altoros.com | |
| staging_upload_password: Stg1ng | |
| staging_upload_user: staging | |
| tasks_disabled: false | |
| ccdb: | |
| db_scheme: postgres | |
| address: 0.data.cf1.cf.microbosh | |
| port: 5524 | |
| roles: | |
| - tag: admin | |
| name: ccadmin | |
| password: c1oudc0w | |
| databases: | |
| - tag: cc | |
| name: ccdb | |
| citext: true | |
| databases: | |
| db_scheme: postgres | |
| address: 0.data.cf1.cf.microbosh | |
| port: 5524 | |
| roles: | |
| - tag: admin | |
| name: ccadmin | |
| password: c1oudc0w | |
| - tag: admin | |
| name: uaaadmin | |
| password: c1oudc0w | |
| databases: | |
| - tag: cc | |
| name: ccdb | |
| citext: true | |
| - tag: uaa | |
| name: uaadb | |
| citext: true | |
| uaa: | |
| url: http://uaa.lomov-cf.altoros.com | |
| spring_profiles: postgresql | |
| no_ssl: true | |
| catalina_opts: -Xmx768m -XX:MaxPermSize=256m | |
| resource_id: account_manager | |
| jwt: | |
| signing_key: "-----BEGIN RSA PRIVATE KEY----- \nMIIEpQIBAAKCAQEA11TXSiFRMTwP5KOQSWZoh3Cv8ZhOrZ0uBwNX/qkZTOz/HMEy\n0zJj6sjTWRkQAUgC3bwA3FKXvwYXwSvgpktxGpKABH5EXb3ZC9KG/4ZhzG3n9LxP\nIngUCCRDdWkyoV8R6zjkyrVfpK8Hu1VA6SDdlxfKNvdGrdfqdldiNt1QjkGIQB/O\nNreOXB7w6lMV3GY5t5W3aBC9o2cpl6Ubwar1Nkvy8MY3V6gUCthS8gpaJn6cJF2A\n1NUWnYx66Mv9qUIG+DAtmTv65h+27OhMqs/lO3fj/RS4rrgHwHQNYism9fiE8dJZ\nHcr4w7YH7uAKVJZsrrKahdYvdm2b/koRIuUCRQIDAQABAoIBAQChG79AnZDr725M\nuPwZjt+ihnN9pWEokLOBV8UcqlRds+xkDUEDt23+mmdXAGNzMffDAwj5z2nt6JcZ\nVsTsZwGmyfmyYu6v3H1qVQfgYyEFHS4xdDsZJRKHzOoUDLNu/Xygq56y8+UtiC+W\nwACi7I4eoBQR8A0XwLaR+GtpdUjyRUJbllFZcP6Y5ohuDLXE0HV14WP1WUbN9GC1\nQELZh6u/PmMLwRNYqEegOA6XvTaG2BQO6niO/F22EYy2D8x9nduQVBp8L5wLnSL1\nbFuOk3VYDzU9Eulcgxomex41Eb7ixrgOqUWwVDBYXW4MfnQ7go/88LErcDkSNaQb\nGw3uHRWBAoGBAO02y1R9v8PBpFHgcx1fnAXujEUSGBTThQnmqFSHkunLGLWrlcXx\n6H5jmbWBrhMmxw16BiB+RZe6sHtVCp6l0AkscruN6QFSolB17ukg3Phb3EfEJwED\nXcwZ6ouustR8QjfRElHPuZZ9Q4zmu2DKGxbAgLPZftKqwhEWLBKttsdVAoGBAOhi\nZ6btEgVWt3f+b2uOz6QYRlf6Ho/m7raLhyF0fehRvhThgwVZCEScxe+FvwNTYium\n1INHbPYQ2+vSzMVIaT7YzesVU6mwwyXmjDR2cD9VmLi3Zej1FEJt7QXx1ArnsmxM\nu/RVm4OaMOovOVfzDTWVpT1peb6UhgjEeTUij28xAoGBAKIctFCFr6wkhhu+fG0y\njfov0ITTnMl+1IizrY43KNvGBJkDLlQcwnq9rqowebp04cv//HfwU7chysI+mAdb\n4hSi37X1gat5wZujPSbtYpYIkT4qe01h85QskfHr7iLw2IA0zYRDpd2GtcdxV9UJ\nygF+hXZjyRxHvmDW+j+5oBQRAoGBAN7CzgenA/pYKSF+poIdcRAlMPFO05MwVS5p\nzAyW5ccY7LSJhJZQxWs4OUmlFPj0KowbrWV2x42NlbOW7DJFepYDMEmktQFab4da\nXJZB3tHnlLGlJKzOmjAfvfFP4urdNh045YePtLbPzQoAYODdHZF7NN4MyOaW63Fm\nHaaAzaxRAoGAY3I3IzGUGiYbI4MZiqeUeRf1QyMjgkurfPJB21b5N7LDVnZ3VhiI\n0hhNp7xKCbn0TIqTbMq9UBQlAfyf4t1cZomKSFrg9euWKh50Z+2rwLfyMBeYLHqp\ns1q2Nsw0Q6zyPADaCPsSU5GhQvZI+rSFSIHdKwP6jrlX+/Zn6x3RWnA=\n-----END RSA PRIVATE KEY-----\n" | |
| verification_key: | | |
| -----BEGIN PUBLIC KEY----- | |
| MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11TXSiFRMTwP5KOQSWZo | |
| h3Cv8ZhOrZ0uBwNX/qkZTOz/HMEy0zJj6sjTWRkQAUgC3bwA3FKXvwYXwSvgpktx | |
| GpKABH5EXb3ZC9KG/4ZhzG3n9LxPIngUCCRDdWkyoV8R6zjkyrVfpK8Hu1VA6SDd | |
| lxfKNvdGrdfqdldiNt1QjkGIQB/ONreOXB7w6lMV3GY5t5W3aBC9o2cpl6Ubwar1 | |
| Nkvy8MY3V6gUCthS8gpaJn6cJF2A1NUWnYx66Mv9qUIG+DAtmTv65h+27OhMqs/l | |
| O3fj/RS4rrgHwHQNYism9fiE8dJZHcr4w7YH7uAKVJZsrrKahdYvdm2b/koRIuUC | |
| RQIDAQAB | |
| -----END PUBLIC KEY----- | |
| cc: | |
| client_secret: c1oudc0w | |
| admin: | |
| client_secret: c1oudc0w | |
| batch: | |
| username: batchuser | |
| password: c1oudc0w | |
| client: | |
| autoapprove: | |
| - cf | |
| clients: | |
| cf: | |
| override: true | |
| authorized-grant-types: password,implicit,refresh_token | |
| authorities: uaa.none | |
| scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write | |
| access-token-validity: 7200 | |
| refresh-token-validity: 1209600 | |
| login: | |
| override: true | |
| scope: openid | |
| authorities: oauth.login | |
| secret: c1oudc0w | |
| authorized-grant-types: authorization_code,client_credentials,refresh_token | |
| redirect-uri: http://login.lomov-cf.altoros.com | |
| app-direct: | |
| secret: c1oudc0w | |
| developer_console: | |
| secret: c1oudc0w | |
| notifications: | |
| secret: c1oudc0w | |
| servicesmgmt: | |
| secret: c1oudc0w | |
| space-mail: | |
| secret: c1oudc0w | |
| support-services: | |
| secret: c1oudc0w | |
| login: | |
| addnew: false | |
| scim: | |
| users: | |
| - admin|c1oudc0w|scim.write,scim.read,openid,cloud_controller.admin | |
| - services|c1oudc0w|scim.write,scim.read,openid,cloud_controller.admin | |
| uaadb: | |
| db_scheme: postgresql | |
| address: 0.data.cf1.cf.microbosh | |
| port: 5524 | |
| roles: | |
| - tag: admin | |
| name: uaaadmin | |
| password: c1oudc0w | |
| databases: | |
| - tag: uaa | |
| name: uaadb | |
| citext: true | |
| loggregator_endpoint: | |
| host: 0.loggregator-trafficcontroller.cf1.cf.microbosh | |
| shared_secret: L0gregAt0rSecret | |
| nats: | |
| address: 0.core.cf1.cf.microbosh | |
| debug: false | |
| machines: | |
| - 0.core.cf1.cf.microbosh | |
| password: Natspass0wrd | |
| port: 4222 | |
| trace: false | |
| use_gnatsd: true | |
| user: nats | |
| dea_next: | |
| directory_server_protocol: https | |
| disk_mb: 32768 | |
| disk_overcommit_factor: 2 | |
| evacuation_bail_out_time_in_seconds: 600 | |
| instance_disk_inode_limit: 200000 | |
| kernel_network_tuning_enabled: true | |
| memory_mb: 16368 | |
| memory_overcommit_factor: 3 | |
| staging_disk_inode_limit: 200000 | |
| router: | |
| status: | |
| port: 8080 | |
| password: P_ssw0td | |
| user: gorouter |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo apt-get install python-novaclient | |
| # . "./etc/localrc" # load password and etc. | |
| export OS_USERNAME=admin | |
| export OS_PASSWORD=$ADMIN_PASSWORD | |
| export OS_TENANT_NAME=demo | |
| export OS_AUTH_URL=http://192.168.100.2:5000/v2.0 | |
| nova secgroup-add-rule default udp 68 68 0.0.0.0/0 | |
| nova secgroup-create ssh "SSH" | |
| nova secgroup-add-rule ssh tcp 22 22 0.0.0.0/0 | |
| nova secgroup-add-rule ssh icmp -1 -1 0.0.0.0/0 | |
| nova secgroup-add-rule ssh udp 68 68 0.0.0.0/0 | |
| # All ports (from 1 to 65535) where the source group is the current security group | |
| # Port 22 from source 0.0.0.0/0 (CIDR): Used for inbound SSH access | |
| # Port 53 from source 0.0.0.0/0 (CIDR): Used for inbound DNS requests | |
| # Port 4222 from source 0.0.0.0/0 (CIDR): Used by NATS | |
| # Port 6868 from source 0.0.0.0/0 (CIDR): Used by BOSH Agent | |
| # Port 25250 from source 0.0.0.0/0 (CIDR): Used by BOSH Blobstore | |
| # Port 25555 from source 0.0.0.0/0 (CIDR): Used by BOSH Director | |
| # Port 25777 from source 0.0.0.0/0 (CIDR): Used by BOSH Registry | |
| nova secgroup-create bosh "BOSH" | |
| nova secgroup-add-group-rule bosh bosh tcp 1 65535 | |
| nova secgroup-add-rule bosh tcp 4222 4222 0.0.0.0/0 | |
| nova secgroup-add-rule bosh tcp 6868 6868 0.0.0.0/0 | |
| nova secgroup-add-rule bosh tcp 25250 25250 0.0.0.0/0 | |
| nova secgroup-add-rule bosh tcp 25555 25555 0.0.0.0/0 | |
| nova secgroup-add-rule bosh tcp 25777 25777 0.0.0.0/0 | |
| nova secgroup-add-rule bosh tcp 53 53 0.0.0.0/0 | |
| nova secgroup-add-rule bosh udp 53 53 0.0.0.0/0 | |
| nova secgroup-add-rule bosh udp 68 68 0.0.0.0/0 | |
| nova secgroup-create cf-public "cf-public" | |
| nova secgroup-add-rule cf-public tcp 80 80 0.0.0.0/0 | |
| nova secgroup-add-rule cf-public tcp 443 443 0.0.0.0/0 | |
| nova secgroup-add-rule cf-public udp 68 68 0.0.0.0/0 | |
| nova secgroup-create cf-private "cf-private" | |
| nova secgroup-add-group-rule cf-private cf-private tcp 1 65535 | |
| nova secgroup-add-rule cf-private udp 68 68 0.0.0.0/0 | |
| # add ssh key to | |
| nova keypair-add microbosh > ~/.ssh/microbosh | |
| nova dns-create-public-domain cf-lomov |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # scp /home/ubuntu/.ssh/microbosh | |
| sudo apt-get -y install libmysqlclient-dev libxslt-dev libxml2-dev libpq-dev libsqlite3-dev genisoimage | |
| \curl -sSL https://get.rvm.io | bash | |
| rvm install 1.9.3 | |
| gem install --no-ri --no-rdoc bosh_cli | |
| gem install --no-ri --no-rdoc bosh_cli_plugin_micro | |
| wget http://bosh-jenkins-artifacts.s3.amazonaws.com/bosh-stemcell/openstack/bosh-stemcell-latest-openstack-kvm-ubuntu.tgz | |
| bosh upload stemcell bosh-stemcell-latest-openstack-kvm-ubuntu.tgz | |
| # install spiff | |
| sudo apt-get install go | |
| mkdir $HOME/go | |
| echo "export GOPATH=\$HOME/go" >> ~/.bashrc | |
| echo "export PATH=\$PATH:$GOPATH/bin" >> ~/.bashrc | |
| source ~/.bashrc | |
| go get github.com/cloudfoundry-incubator/spiff | |
| # install cf-release | |
| git clone https://github.com/cloudfoundry/cf-release.git | |
| cd cf-release | |
| git checkout v176 | |
| ./update | |
| bosh upload release releases/cf-176.yml | |
| ./generate_deployment_manifest openstack templates/cf-minimal-dev.yml ~/deployments/cf-lomov/cf-openstack.yml > ~/deployments/cf-lomov/cf.yml | |
| bosh deployment ~/deployments/cf-lomov/cf.yml | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: microbosh-openstack | |
| logging: | |
| level: DEBUG | |
| network: | |
| type: dynamic | |
| vip: <...> # free floating IP | |
| cloud_properties: | |
| net_id: <...> | |
| resources: | |
| persistent_disk: 20480 | |
| cloud_properties: | |
| instance_type: m1.small | |
| cloud: | |
| plugin: openstack | |
| properties: | |
| openstack: | |
| auth_url: <...> | |
| username: <...> | |
| api_key: <...> | |
| tenant: <...> | |
| default_security_groups: ["ssh", "bosh"] | |
| default_key_name: microbosh | |
| private_key: "/home/ubuntu/.ssh/microbosh" | |
| apply_spec: | |
| properties: | |
| director: | |
| max_threads: 3 | |
| hm: | |
| resurrector_enabled: true | |
| ntp: | |
| - 0.north-america.pool.ntp.org | |
| - 1.north-america.pool.ntp.org |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment