v1 vs v2 https://bosh.io/docs/cli-v2-diff.html
bosh2 is strict about SSL certs. If a director has been initialized using bosh1 cli, connecting to the director via bosh2 cli will throw the folowing error :
ubuntu@bosh-stemcell:~$ bosh2 alias-env dev -e 10.193.72.9
Fetching info:
Performing request GET 'https://10.193.72.9:25555/info':
Performing GET request:
Retry: Get https://10.193.72.9:25555/info: x509: cannot validate certificate for 10.193.72.9 because it doesn't contain any IP SANs
To fix this issue, follow the reference doc here : http://bosh.io/docs/director-certs bosh2 is used as a cert generator here.
- create a template file :
variables:
- name: default_ca
type: certificate
options:
is_ca: true
common_name: bosh_ca
- name: director_ssl
type: certificate
options:
ca: default_ca
common_name: ((internal_ip))
alternative_names: [((internal_ip))]
- name: uaa_ssl
type: certificate
options:
ca: default_ca
common_name: ((internal_ip))
alternative_names: [((internal_ip))]
- name: uaa_service_provider_ssl
type: certificate
options:
ca: default_ca
common_name: ((internal_ip))
alternative_names: [((internal_ip))]
- run the following command :
bosh2 interpolate tpl.yml -v internal_ip=<director_ip> --vars-store certs.yml
This will generate a certs.yml with root_ca, cert and private key in director_ssl section.
- edit the yml file to update the following sections :
...
jobs:
- name: bosh
properties:
director:
ssl:
key: |
-----BEGIN RSA PRIVATE KEY-----
MII...
-----END RSA PRIVATE KEY-----
cert: |
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
...
hm:
director_account:
ca_cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-
If there is an existing director, detach the persistent disk and delete the vm from vSphere. Update the
bosh-state.jsonso that new VM is created upon the next director deploy command -
deploy director with the new updated certs.
bosh2 create-env bosh.yml
- create an alias for a new "env" (equiv of a
bosh target)
ubuntu@bosh-stemcell:~$ bosh2 alias-env dev -e 10.193.72.9 --ca-cert <(bosh2 int certs.yml --path /director_ssl/ca)
Using environment '10.193.72.9' as anonymous user
Name enaml-bosh
UUID 7c7bec21-5387-4409-815f-79faa47d9294
Version 1.3232.2.0 (00000000)
CPI vsphere_cpi
Features compiled_package_cache: disabled
dns: disabled
snapshots: disabled
User (not logged in)
Succeeded
- login to the director (equiv of
bosh login)
ubuntu@bosh-stemcell:~$ bosh2 log-in -e dev
Username (): director
Password ():
Using environment '10.193.72.9' as client 'director'
Logged in to '10.193.72.9'
Succeeded
ubuntu@bosh-stemcell:~$ bosh2 -e dev env
Using environment '10.193.72.9' as client 'director'
Name enaml-bosh
UUID 7c7bec21-5387-4409-815f-79faa47d9294
Version 1.3232.2.0 (00000000)
CPI vsphere_cpi
Features compiled_package_cache: disabled
dns: disabled
snapshots: disabled
User director
Succeeded
bosh status
ubuntu@bosh-stemcell:~$ bosh2 -e dev env
Using environment '10.193.72.9' as client 'director'
Name enaml-bosh
UUID 7c7bec21-5387-4409-815f-79faa47d9294
Version 1.3232.2.0 (00000000)
CPI vsphere_cpi
Features compiled_package_cache: disabled
dns: disabled
snapshots: disabled
User director
- list aliased environments
ubuntu@bosh-stemcell:~$ bosh2 envs
URL Alias
10.193.72.9 dev
1 environments
Succeeded
- upload a release
bosh2 -e dev ur nginx-1.11.7.tgz
- upload stemcell
bosh2 -e dev us https://s3.amazonaws.com/bosh-core-stemcells/vsphere/bosh-stemcell-3421.4-vsphere-esxi-ubuntu-trusty-go_agent.tgz
- create a deployment
bosh2 -e dev -d nginx deploy nginx.yml