Created
December 8, 2020 21:51
-
-
Save cunnie/fb2e7971bf941aefd17f4fb0c4c3740d to your computer and use it in GitHub Desktop.
Concourse Pipeline to Partially Deploy Tanzu Ops Manager & BOSH on VMware VMC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jobs: | |
| - name: configure-director | |
| plan: | |
| - in_parallel: | |
| steps: | |
| - get: nsx-t-ci-pipeline | |
| - get: pcf-ops-manager | |
| params: | |
| globs: [] | |
| - in_parallel: | |
| steps: | |
| - get: platform-automation-tasks | |
| params: | |
| globs: | |
| - platform-automation-tasks-*.zip | |
| unpack: true | |
| resource: platform-automation | |
| - get: platform-automation-image | |
| params: | |
| globs: | |
| - platform-automation-image-*.tgz | |
| unpack: true | |
| resource: platform-automation | |
| - config: | |
| image_resource: | |
| source: | |
| repository: harbor-repo.vmware.com/dockerhub-proxy-cache/pasnsxt/python-tasks | |
| type: docker-image | |
| outputs: | |
| - name: env | |
| platform: linux | |
| run: | |
| args: | |
| - -c | |
| - | | |
| mkdir -p env | |
| tee > env/env.yml <<EOT | |
| target: "https://54.190.108.43" | |
| skip-ssl-validation: true | |
| username: admin | |
| password: super-secret | |
| decryption-passphrase: super-secret | |
| EOT | |
| path: /bin/bash | |
| task: create-env-file | |
| - config: | |
| image_resource: | |
| source: | |
| repository: harbor-repo.vmware.com/dockerhub-proxy-cache/pasnsxt/python-tasks | |
| type: docker-image | |
| outputs: | |
| - name: vars | |
| platform: linux | |
| run: | |
| args: | |
| - -c | |
| - | | |
| mkdir -p vars/ | |
| tee vars/director.yml <<EOF | |
| --- | |
| iaas-configurations_0_vcenter_host: vcenter.sddc-35-162-72-214.vmwarevmc.com | |
| iaas-configurations_0_vcenter_username: [email protected] | |
| iaas-configurations_0_bosh_disk_path: disks | |
| iaas-configurations_0_bosh_template_folder: templates | |
| iaas-configurations_0_bosh_vm_folder: vms | |
| iaas-configurations_0_datacenter: SDDC-Datacenter | |
| iaas-configurations_0_disk_type: thin | |
| iaas-configurations_0_ephemeral_datastores_string: WorkloadDatastore | |
| iaas-configurations_0_name: default | |
| iaas-configurations_0_persistent_datastores_string: WorkloadDatastore | |
| iaas-configurations_0_nsx_networking_enabled: false | |
| iaas-configurations_0_nsx_t_auth_type: local_user | |
| iaas-configurations_0_ssl_verification_enabled: false | |
| properties-configuration_security_configuration_generate_vm_passwords: true | |
| az_1_name: az1 | |
| az_1_cluster_name: Cluster-1 | |
| az_1_rp_name: az1 | |
| az_2_name: az2 | |
| az_2_cluster_name: Cluster-1 | |
| az_2_rp_name: az2 | |
| az_3_name: az3 | |
| az_3_cluster_name: Cluster-1 | |
| az_3_rp_name: az3 | |
| ntp_servers: time.google.com | |
| infra_vsphere_network: sddc-cgw-network-1 | |
| infra_nw_cidr: 192.168.1.0/24 | |
| infra_excluded_range: 192.168.1.1-192.168.1.10,192.168.1.13-192.168.1.254 | |
| infra_nw_dns: 8.8.8.8 | |
| infra_nw_gateway: 192.168.1.1 | |
| deployment_vsphere_network: sddc-cgw-network-1 | |
| deployment_nw_cidr: 192.168.1.0/24 | |
| deployment_excluded_range: 192.168.1.1-192.168.1.12 | |
| deployment_nw_dns: 8.8.8.8 | |
| deployment_nw_gateway: 192.168.1.1 | |
| vcenter_pwd: super-secret-password | |
| nsx_password: dummy | |
| nsx_username: dummy | |
| nsx_address: dummy | |
| nsx_ca_certificate: | | |
| EOF | |
| echo "-----BEGIN CERTIFICATE----- | |
| MIID3jCCAsagAwIBAgIECv+eFzANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV | |
| UzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEUMBIGA1UEChMLVk13 | |
| YXJlIEluYy4xDDAKBgNVBAsTA05TWDEqMCgGA1UEAxMhbnN4bWdyLTAxLmhhYXMt | |
| MjQxLnBlei5waXZvdGFsLmlvMB4XDTIwMTExMzIxMjYwNVoXDTIzMDIxNjIxMjYw | |
| NVowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlQYWxvIEFs | |
| dG8xFDASBgNVBAoTC1ZNd2FyZSBJbmMuMQwwCgYDVQQLEwNOU1gxKjAoBgNVBAMT | |
| IW5zeG1nci0wMS5oYWFzLTI0MS5wZXoucGl2b3RhbC5pbzCCASIwDQYJKoZIhvcN | |
| AQEBBQADggEPADCCAQoCggEBALV476YLmt1deti3qBvcAH+jokbDrJaDRcKdApUi | |
| dFJRfn3Kplhsq3NR6mxT91NLCUswMDicCjGUOs2wkU9fq6eK6AFfMVc4Pgs8PlDw | |
| AzifWR9YyhecW3pwqsboNH8QPRWzPMG9hqrXJkse4ze0v04x9KfsSoIxTfQWqBCK | |
| j+1tWLUdxYzFMWwb8hKrE4FTqy4HVEJPttiwVesLMTWOy5fbECzoV/sk5fDlQl5H | |
| /+YA5+R4RrfKoCZsK3fCWcA0Xx31tpwHJxx06RkuUH8lSVdCw6ZTt056+uT3CMxG | |
| NrT9euTAVlvy/QITWuXEb3Ka75dxS4KcsDOFN4WkjUBep7cCAwEAAaNkMGIwEwYD | |
| VR0lBAwwCgYIKwYBBQUHAwEwLAYDVR0RBCUwI4IhbnN4bWdyLTAxLmhhYXMtMjQx | |
| LnBlei5waXZvdGFsLmlvMB0GA1UdDgQWBBTOGxFlY72yFV8KqQ59EQPLW4tT3DAN | |
| BgkqhkiG9w0BAQsFAAOCAQEArPSnjFxOqPjWNk4W1304UpPnWyhkUZUsr3TIdVsR | |
| rkdAAYKM4My+rMCmjPAejmYkoIbK0exLYumV9KDiLWAPspTmqWkaRAl8sSrChhga | |
| 7RJWUPErjlU8mGKceyGK8LBAvRqyA2gzLAO6C4rXfrFLpJJ5Lo6BECKco0of4fh7 | |
| H9qgQAs5hI1GmFPR6arlZHTe5qK8cM4omMkIIbz5fSNDfv95Xm21DYa5TmxPL9+v | |
| IE1QRedwSMBNYkB9ngRr5A/MDzYBmBT2MX3U92mV9RD6Q7+etX1VEQy86i0Io+xW | |
| FhHEGGWtSQIl9KMHBvYlAfL67pSh7AyoDL+0gR9mMS2E5Q== | |
| -----END CERTIFICATE----- | |
| " | sed "s/^/ /" | tee -a vars/director.yml | |
| path: /bin/bash | |
| task: create-vars-file | |
| - file: platform-automation-tasks/tasks/staged-director-config.yml | |
| image: platform-automation-image | |
| task: get-staged-config | |
| - file: platform-automation-tasks/tasks/configure-director.yml | |
| image: platform-automation-image | |
| input_mapping: | |
| config: generated-config | |
| ops-files: nsx-t-ci-pipeline | |
| params: | |
| OPS_FILES: ops-files/vars/director-ops-file.yml | |
| VARS_FILES: vars/director.yml | |
| task: configure-director | |
| - name: deploy-director | |
| plan: | |
| - in_parallel: | |
| steps: | |
| - get: nsx-t-ci-pipeline | |
| passed: [ configure-director ] | |
| - in_parallel: | |
| steps: | |
| - get: platform-automation-tasks | |
| params: | |
| globs: | |
| - platform-automation-tasks-*.zip | |
| unpack: true | |
| resource: platform-automation | |
| - get: platform-automation-image | |
| params: | |
| globs: | |
| - platform-automation-image-*.tgz | |
| unpack: true | |
| resource: platform-automation | |
| - config: | |
| image_resource: | |
| source: | |
| repository: harbor-repo.vmware.com/dockerhub-proxy-cache/pasnsxt/python-tasks | |
| type: docker-image | |
| outputs: | |
| - name: env | |
| platform: linux | |
| run: | |
| args: | |
| - -c | |
| - | | |
| mkdir -p env | |
| tee > env/env.yml <<EOT | |
| target: "https://54.190.108.43" | |
| skip-ssl-validation: true | |
| username: admin | |
| password: super-secret | |
| decryption-passphrase: super-secret | |
| EOT | |
| path: /bin/bash | |
| task: create-env-file | |
| - attempts: 2 | |
| file: platform-automation-tasks/tasks/apply-director-changes.yml | |
| image: platform-automation-image | |
| task: apply-changes | |
| - name: upload-tas | |
| plan: | |
| - in_parallel: | |
| steps: | |
| - get: nsx-t-ci-pipeline | |
| # passed: [ deploy-director ] | |
| - get: pivnet-product | |
| params: | |
| globs: | |
| - srt-*.pivotal | |
| resource: tas-tile | |
| - in_parallel: | |
| steps: | |
| - get: platform-automation-tasks | |
| params: | |
| globs: | |
| - platform-automation-tasks-*.zip | |
| unpack: true | |
| resource: platform-automation | |
| - get: platform-automation-image | |
| params: | |
| globs: | |
| - platform-automation-image-*.tgz | |
| unpack: true | |
| resource: platform-automation | |
| - config: | |
| image_resource: | |
| source: | |
| repository: harbor-repo.vmware.com/dockerhub-proxy-cache/pasnsxt/python-tasks | |
| type: docker-image | |
| outputs: | |
| - name: env | |
| platform: linux | |
| run: | |
| args: | |
| - -c | |
| - | | |
| mkdir -p env | |
| tee > env/env.yml <<EOT | |
| target: "https://54.190.108.43" | |
| skip-ssl-validation: true | |
| username: admin | |
| password: super-secret | |
| decryption-passphrase: super-secret | |
| EOT | |
| path: /bin/bash | |
| task: create-env-file | |
| - config: | |
| image_resource: | |
| source: | |
| repository: harbor-repo.vmware.com/dockerhub-proxy-cache/pasnsxt/python-tasks | |
| type: docker-image | |
| outputs: | |
| - name: download-config | |
| platform: linux | |
| run: | |
| args: | |
| - -c | |
| - | | |
| mkdir -p download-config/ | |
| tee > download-config/download-config.yml <<EOT | |
| --- | |
| pivnet-api-token: super-secret-token | |
| pivnet-file-glob: "${PIVNET_FILE_GLOB}" | |
| product-version-regex: $PRODUCT_VERSION_REGEX | |
| pivnet-product-slug: "${PIVNET_PRODUCT_SLUG}" | |
| stemcell-iaas: "${STEMCELL_IAAS}" | |
| EOT | |
| path: /bin/bash | |
| params: | |
| PIVNET_FILE_GLOB: srt-*.pivotal | |
| PIVNET_PRODUCT_SLUG: elastic-runtime | |
| PRODUCT_VERSION_REGEX: ^2\.11\.\d+(-(alpha|beta|rc)\.\d+)?$ | |
| STEMCELL_IAAS: vsphere | |
| task: create-product-config-file | |
| - do: | |
| - file: platform-automation-tasks/tasks/download-product.yml | |
| image: platform-automation-image | |
| input_mapping: | |
| config: download-config | |
| task: download-pas | |
| - file: platform-automation-tasks/tasks/upload-and-stage-product.yml | |
| image: platform-automation-image | |
| input_mapping: | |
| product: downloaded-product | |
| task: upload-and-stage-product | |
| - file: platform-automation-tasks/tasks/upload-stemcell.yml | |
| image: platform-automation-image | |
| input_mapping: | |
| stemcell: downloaded-stemcell | |
| task: upload-stemcell | |
| - name: configure-tas | |
| plan: | |
| - in_parallel: | |
| steps: | |
| - get: nsx-t-ci-pipeline | |
| passed: [ upload-tas ] | |
| - in_parallel: | |
| steps: | |
| - get: platform-automation-tasks | |
| params: | |
| globs: | |
| - platform-automation-tasks-*.zip | |
| unpack: true | |
| resource: platform-automation | |
| - get: platform-automation-image | |
| params: | |
| globs: | |
| - platform-automation-image-*.tgz | |
| unpack: true | |
| resource: platform-automation | |
| - config: | |
| image_resource: | |
| source: | |
| repository: harbor-repo.vmware.com/dockerhub-proxy-cache/pasnsxt/python-tasks | |
| type: docker-image | |
| outputs: | |
| - name: env | |
| platform: linux | |
| run: | |
| args: | |
| - -c | |
| - | | |
| mkdir -p env | |
| tee > env/env.yml <<EOT | |
| target: "https://54.190.108.43" | |
| skip-ssl-validation: true | |
| username: admin | |
| password: super-secret | |
| decryption-passphrase: super-secret | |
| EOT | |
| path: /bin/bash | |
| task: create-env-file | |
| - in_parallel: | |
| steps: | |
| - config: | |
| image_resource: | |
| source: | |
| repository: harbor-repo.vmware.com/dockerhub-proxy-cache/pasnsxt/python-tasks | |
| type: docker-image | |
| outputs: | |
| - name: vars | |
| platform: linux | |
| run: | |
| args: | |
| - -c | |
| - | | |
| export OM_TARGET="https://54.190.108.43" | |
| export OM_USERNAME="admin" | |
| export OM_PASSWORD="super-secret" | |
| mkdir -p vars/ | |
| om -k \ | |
| curl -x POST -p '/api/v0/certificates/generate' \ | |
| -d '{"domains": ["*.cfapps.haas-241.pez.pivotal.io","*.run.haas-241.pez.pivotal.io"]}' | | |
| jq -r '.| | |
| { | |
| pas_domain: "haas-241.pez.pivotal.io", | |
| properties_credhub_hsm_provider_client_certificate: { | |
| cert_pem: .certificate, | |
| private_key_pem: .key | |
| }, | |
| uaa_service_provider_key_credentials: { | |
| cert_pem: .certificate, | |
| private_key_pem: .key | |
| }, | |
| networking_poe_ssl_certs: { | |
| cert_pem: .certificate, | |
| private_key_pem: .key | |
| } | |
| }' > vars/vars.json | |
| cat vars/vars.json | |
| cat > vars/ops-file.yml <<OPSFILE | |
| --- | |
| - type: remove | |
| path: /product-properties/.properties.credhub_key_encryption_passwords | |
| - type: replace | |
| path: /product-properties/.properties.credhub_internal_provider_keys? | |
| value: | |
| value: | |
| - name: primary-encryption-key | |
| primary: true | |
| key: | |
| secret: super-secret-password | |
| - type: replace | |
| path: /network-properties/network? | |
| value: | |
| name: deployment | |
| - type: replace | |
| path: /network-properties/other_availability_zones? | |
| value: | |
| - name: az1 | |
| - name: az2 | |
| - name: az3 | |
| - type: replace | |
| path: /network-properties/singleton_availability_zone? | |
| value: | |
| name: az1 | |
| - type: replace | |
| path: /network-properties/network? | |
| value: | |
| name: deployment | |
| - type: replace | |
| path: /product-properties/.cloud_controller.apps_domain? | |
| value: | |
| value: cfapps.\((pas_domain)\) | |
| - type: replace | |
| path: /product-properties/.cloud_controller.system_domain? | |
| value: | |
| value: run.\((pas_domain)\) | |
| - type: replace | |
| path: /product-properties/.mysql_monitor.recipient_email? | |
| value: | |
| value: [email protected] | |
| - type: replace | |
| path: /product-properties/.properties.cf_networking_search_domains? | |
| value: | |
| value: "apps.internal" | |
| - type: replace | |
| path: /product-properties/.properties.container_networking_interface_plugin? | |
| value: | |
| value: external | |
| - type: remove | |
| path: /product-properties/.properties.container_networking_interface_plugin.silk.enable_log_traffic? | |
| - type: remove | |
| path: /product-properties/.properties.container_networking_interface_plugin.silk.iptables_accepted_udp_logs_per_sec? | |
| - type: remove | |
| path: /product-properties/.properties.container_networking_interface_plugin.silk.iptables_denied_logs_per_sec? | |
| - type: remove | |
| path: /product-properties/.properties.container_networking_interface_plugin.silk.network_mtu? | |
| - type: remove | |
| path: /product-properties/.properties.container_networking_interface_plugin.silk.vtep_port? | |
| - type: replace | |
| path: /product-properties/.properties.credhub_key_encryption_passwords? | |
| value: | |
| value: | |
| - name: primary-encryption-key | |
| primary: true | |
| provider: internal | |
| key: | |
| secret: super-secret-password | |
| - type: replace | |
| path: /product-properties/.properties.haproxy_forward_tls? | |
| value: | |
| selected_option: disable | |
| value: disable | |
| - type: replace | |
| path: /product-properties/.properties.push_apps_manager_company_name? | |
| value: | |
| value: "null" | |
| - type: replace | |
| path: /product-properties/.properties.routing_tls_termination? | |
| value: | |
| value: router | |
| - type: replace | |
| path: /product-properties/.properties.security_acknowledgement? | |
| value: | |
| value: X | |
| - type: replace | |
| path: /product-properties/.properties.tcp_routing? | |
| value: | |
| value: enable | |
| - type: replace | |
| path: /product-properties/.properties.tcp_routing.enable.reservable_ports? | |
| value: | |
| value: "8080,52135,34000-35000" | |
| - type: replace | |
| path: /resource-config/compute/instances? | |
| value: 3 | |
| # Additional configuration not in pristine files | |
| - type: replace | |
| path: /product-properties/.cloud_controller.encrypt_key? | |
| value: | |
| value: | |
| secret: super-secret-password | |
| - type: replace | |
| path: /product-properties/.properties.credhub_hsm_provider_partition_password? | |
| value: | |
| value: | |
| secret: super-secret-password | |
| - type: replace | |
| path: /product-properties/.properties.networking_poe_ssl_certs? | |
| value: | |
| value: | |
| - certificate: | |
| cert_pem: \((networking_poe_ssl_certs.cert_pem)\) | |
| private_key_pem: \((networking_poe_ssl_certs.private_key_pem)\) | |
| name: default | |
| - type: remove | |
| path: /product-properties/.properties.nfs_volume_driver.enable.ldap_service_account_password? | |
| - type: remove | |
| path: /product-properties/.properties.smtp_credentials? | |
| - type: remove | |
| path: /product-properties/.uaa.service_provider_key_password? | |
| OPSFILE | |
| cat vars/ops-file.yml | |
| path: /bin/bash | |
| task: create-vars-file | |
| - file: platform-automation-tasks/tasks/staged-config.yml | |
| image: platform-automation-image | |
| params: | |
| PRODUCT_NAME: cf | |
| task: get-staged-config | |
| - file: platform-automation-tasks/tasks/configure-product.yml | |
| image: platform-automation-image | |
| input_mapping: | |
| config: generated-config | |
| ops-files: nsx-t-ci-pipeline | |
| params: | |
| CONFIG_FILE: cf.yml | |
| OPS_FILES: vars/ops-file.yml | |
| VARS_FILES: vars/vars.json | |
| task: configure-product | |
| resource_types: | |
| - name: nsx-t-version | |
| source: | |
| repository: harbor-repo.vmware.com/dockerhub-proxy-cache/pasnsxt/nsx-t-version | |
| tag: latest | |
| type: docker-image | |
| - name: pivnet | |
| source: | |
| repository: harbor-repo.vmware.com/dockerhub-proxy-cache/pivotalcf/pivnet-resource | |
| tag: latest-final | |
| type: docker-image | |
| - name: terraform | |
| source: | |
| repository: harbor-repo.vmware.com/dockerhub-proxy-cache/ljfranklin/terraform-resource | |
| tag: latest | |
| type: docker-image | |
| resources: | |
| - icon: github | |
| name: nsx-t-ci-pipeline | |
| source: | |
| branch: master | |
| private_key: | | |
| -----BEGIN OPENSSH PRIVATE KEY----- | |
| b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW | |
| VAVcaaPYTLu7EzbviuUBAAAAEnBhcy1uc3hAcGl2b3RhbC5pbwECAw== | |
| -----END OPENSSH PRIVATE KEY----- | |
| uri: [email protected]:pivotal/pas-nsx-t-ci.git | |
| type: git | |
| - name: tas-tile | |
| source: | |
| api_token: super-secret-token | |
| product_slug: elastic-runtime | |
| product_version: ^2\.11\.\d+(-(alpha|beta|rc)\.\d+)?$ | |
| sort_by: semver | |
| type: pivnet | |
| - name: pcf-ops-manager | |
| source: | |
| api_token: super-secret-token | |
| product_slug: ops-manager | |
| product_version: ^(2\.10\.\d+-[^i].*|2\.10\.\d+|2\.10)$ | |
| sort_by: semver | |
| type: pivnet | |
| - name: platform-automation | |
| source: | |
| api_token: super-secret-token | |
| product_slug: platform-automation | |
| product_version: ^4\.2 | |
| type: pivnet |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment