Skip to content

Instantly share code, notes, and snippets.

@nota-ja

nota-ja/bosh-cf-routing-pr-66.yml

Created February 17, 2017 08:00
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save nota-ja/d8808742d4dbaa3d3dca0789f2db54fd to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save nota-ja/d8808742d4dbaa3d3dca0789f2db54fd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
bosh-cf-routing-pr-66.yml
---
name: routing-pr-66-example
director_uuid: DIRECTOR_UUID
releases:
- {name: cf, version: 251}
- {name: garden-runc, version: 1.1.1}
- {name: diego, version: 1.5.3}
- {name: cflinuxfs2-rootfs, version: 1.45.0}
networks:
- name: private
type: manual
subnets:
- range: 10.0.0.0/24
gateway: 10.0.0.1
dns: [10.0.0.6]
reserved: ["10.0.0.1 - 10.0.0.20", "10.0.0.41 - 10.0.0.99"]
static: ["10.0.0.21 - 10.0.0.40"]
cloud_properties:
net_id: NET_ID
security_groups:
- cf-sg
- name: public
type: vip
cloud_properties: {}
resource_pools:
- name: small
network: private
stemcell:
name: bosh-openstack-kvm-ubuntu-trusty-go_agent
version: 3312.15
cloud_properties:
instance_type: m1.small
- name: medium
network: private
stemcell:
name: bosh-openstack-kvm-ubuntu-trusty-go_agent
version: 3312.15
cloud_properties:
instance_type: m1.medium
- name: large
network: private
stemcell:
name: bosh-openstack-kvm-ubuntu-trusty-go_agent
version: 3312.15
cloud_properties:
instance_type: m1.large
compilation:
workers: 4
network: private
reuse_compilation_vms: true
cloud_properties:
instance_type: m1.medium
update:
canaries: 1
canary_watch_time: 30000-600000
update_watch_time: 30000-600000
max_in_flight: 1
jobs:
- name: core
resource_pool: medium
instances: 1
persistent_disk: 100000
templates:
- {name: postgres, release: cf}
- {name: nats, release: cf}
- {name: etcd, release: cf}
- {name: consul_agent, release: cf}
- {name: metron_agent, release: cf}
- {name: route_registrar, release: cf}
- {name: blobstore, release: cf}
- {name: bbs, release: diego}
- {name: auctioneer, release: diego}
- {name: route_emitter, release: diego}
networks:
- name: private
default:
- gateway
- dns
static_ips: [10.0.0.21]
properties:
consul:
agent:
mode: server
services:
etcd: {}
blobstore: {}
route_registrar:
routes:
- name: blobstore
port: 8086
tags:
component: blobstore
uris:
- blobstore.example.org
registration_interval: 20s
- name: ctrl
resource_pool: medium
instances: 2
templates:
- {name: consul_agent, release: cf}
- {name: metron_agent, release: cf}
- {name: route_registrar, release: cf}
- {name: cloud_controller_ng, release: cf}
- {name: cloud_controller_worker, release: cf}
- {name: cloud_controller_clock, release: cf}
- {name: uaa, release: cf}
- {name: stager, release: cf}
- {name: nsync, release: cf}
- {name: tps, release: cf}
- {name: cc_uploader, release: cf}
- {name: go-buildpack, release: cf}
- {name: binary-buildpack, release: cf}
- {name: nodejs-buildpack, release: cf}
- {name: ruby-buildpack, release: cf}
- {name: php-buildpack, release: cf}
- {name: python-buildpack, release: cf}
- {name: staticfile-buildpack, release: cf}
- {name: java-offline-buildpack, release: cf}
networks:
- name: private
default:
- gateway
- dns
static_ips: [10.0.0.22, 10.0.0.23]
properties:
consul:
agent:
services:
cloud_controller_ng: {}
uaa: {}
route_registrar:
routes:
- name: api
port: 9022
uris:
- api.example.org
registration_interval: 20s
- name: uaa
port: 38080
uris:
- uaa.example.org
- "*.uaa.example.org"
- login.example.org
- "*.login.example.org"
registration_interval: 20s
- name: router
resource_pool: small
instances: 2
templates:
- {name: consul_agent, release: cf}
- {name: metron_agent, release: cf}
- {name: route_registrar, release: cf}
- {name: gorouter, release: cf}
- {name: loggregator_trafficcontroller, release: cf}
- {name: doppler, release: cf}
- {name: syslog_drain_binder, release: cf}
- {name: file_server, release: diego}
- {name: ssh_proxy, release: diego}
networks:
- name: public
static_ips: [192.168.1.57, 192.168.1.59]
- name: private
default:
- gateway
- dns
static_ips: [10.0.0.24, 10.0.0.25]
properties:
consul:
agent:
services:
gorouter: {}
route_registrar:
routes:
- name: loggregator
port: 28080
uris:
- loggregator.example.org
registration_interval: 20s
- name: doppler
port: 28081
uris:
- doppler.example.org
registration_interval: 20s
- name: cell
resource_pool: medium
instances: 2
templates:
- {name: consul_agent, release: cf}
- {name: metron_agent, release: cf}
- {name: garden, release: garden-runc}
- {name: cflinuxfs2-rootfs-setup, release: cflinuxfs2-rootfs}
- {name: rep, release: diego}
networks:
- name: private
default:
- gateway
- dns
static_ips: [10.0.0.31, 10.0.0.32]
- name: smoke
lifecycle: errand
resource_pool: small
instances: 1
templates:
- {name: smoke-tests, release: cf}
networks:
- name: private
default:
- gateway
- dns
static_ips: [10.0.0.29]
- name: cat
lifecycle: errand
resource_pool: small
instances: 1
templates:
- {name: acceptance-tests, release: cf}
networks:
- name: private
default:
- gateway
- dns
static_ips: [10.0.0.29]
properties:
version: "251"
support_address: https://www.example.org/
description: Cloud Foundry with Diego on OpenStack
system_domain: example.org
system_domain_organization: system
app_domains: [example.org]
disk_quota_enabled: true
ssl:
skip_cert_verify: true
app_ssh:
host_key_fingerprint: HOST_KEY_FINGERPRINT
databases:
databases:
- tag: cc
name: ccdb
citext: true
- tag: uaa
name: uaadb
citext: true
- tag: diego
name: diego
citext: false
roles:
- tag: admin
name: ccadmin
password: PASSWD
- tag: admin
name: uaaadmin
password: PASSWD
- tag: admin
name: diego
password: PASSWD
db_scheme: postgres
address: 10.0.0.21
port: 5524
ccdb:
db_scheme: postgres
address: 10.0.0.21
port: 5524
databases:
- tag: cc
name: ccdb
citext: true
roles:
- tag: admin
name: ccadmin
password: PASSWD
uaadb:
db_scheme: postgresql
address: 10.0.0.21
port: 5524
databases:
- tag: uaa
name: uaadb
citext: true
roles:
- tag: admin
name: uaaadmin
password: PASSWD
nats:
machines: [10.0.0.21]
port: 4222
user: nats
password: PASSWD
etcd:
machines: [10.0.0.21]
require_ssl: false
peer_require_ssl: false
advertise_urls_dns_suffix: etcd.service.cf.internal
cluster:
- {name: all, instances: 1}
consul:
agent:
servers:
lan:
- 10.0.0.21
domain: cf.internal
encrypt_keys: [PASSWD]
ca_cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
agent_cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
agent_key: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
server_cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
server_key: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
require_ssl: false
blobstore:
admin_users:
- {username: blobstore-username, password: PASSWD}
secure_link:
secret: PASSWD
port: 8086
tls:
port: 4043
cert: |+
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
private_key: |+
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
ca_cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
router:
debug_address: 0.0.0.0:17003
ssl_skip_validation: true
route_services_secret: PASSWD
route_services_recommend_https: false
# status:
# port: 8092
# user: ""
# password: ""
cc:
srv_api_uri: https://api.example.org
external_protocol: https
external_host: api
diego:
stager_url: http://stager.service.cf.internal:8890
diego_docker: true
default_to_diego_backend: true
users_can_select_backend: false
allow_app_ssh_access: true
billing_event_writing_enabled: true
default_app_memory: 256
quota_definitions:
default:
memory_limit: 10240
non_basic_services_allowed: true
total_routes: 1000
total_services: 100
db_encryption_key: PASSWD
bulk_api_password: PASSWD
internal_api_password: PASSWD
service_name: cloud-controller-ng
staging_upload_user: bosh
staging_upload_password: PASSWD
security_group_definitions:
- name: public_networks
rules:
- {destination: 0.0.0.0-9.255.255.255, protocol: all}
- {destination: 11.0.0.0-169.253.255.255, protocol: all}
- {destination: 169.255.0.0-172.15.255.255, protocol: all}
- {destination: 172.32.0.0-192.167.255.255, protocol: all}
- {destination: 192.169.0.0-255.255.255.255, protocol: all}
- name: dns
rules:
- {destination: 0.0.0.0/0, ports: "53", protocol: tcp}
- {destination: 0.0.0.0/0, ports: "53", protocol: udp}
- name: all
rules:
- {destination: 0.0.0.0/0, protocol: all}
default_running_security_groups: [public_networks, dns]
default_staging_security_groups: [all]
default_fog_connection:
local_root: /var/vcap/store
buildpacks:
blobstore_type: webdav
webdav_config:
password: PASSWD
private_endpoint: https://blobstore.service.cf.internal:4043
public_endpoint: http://blobstore.example.org
secret: PASSWD
username: blobstore-username
droplets:
blobstore_type: webdav
webdav_config:
password: PASSWD
private_endpoint: https://blobstore.service.cf.internal:4043
public_endpoint: http://blobstore.example.org
secret: PASSWD
username: blobstore-username
packages:
blobstore_type: webdav
webdav_config:
password: PASSWD
private_endpoint: https://blobstore.service.cf.internal:4043
public_endpoint: http://blobstore.example.org
secret: PASSWD
username: blobstore-username
resource_pool:
blobstore_type: webdav
webdav_config:
password: PASSWD
private_endpoint: https://blobstore.service.cf.internal:4043
public_endpoint: http://blobstore.example.org
secret: PASSWD
username: blobstore-username
install_buildpacks:
- {name: java_buildpack, package: java-offline-buildpack}
- {name: ruby_buildpack, package: ruby-buildpack}
- {name: nodejs_buildpack, package: nodejs-buildpack}
- {name: go_buildpack, package: go-buildpack}
- {name: python_buildpack, package: python-buildpack}
- {name: php_buildpack, package: php-buildpack}
- {name: staticfile_buildpack, package: staticfile-buildpack}
- {name: binary_buildpack, package: binary-buildpack}
user_buildpacks: []
disable_custom_buildpacks: false
login:
protocol: http
url: http://login.example.org
saml:
serviceProviderKey: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
serviceProviderKeyPassword: ""
serviceProviderCertificate: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
uaa:
dump_requests: true
url: https://uaa.example.org
issuer: https://uaa.example.org
no_ssl: false
require_https: false
ssl:
port: -1
port: 38080
zones:
internal:
hostnames:
- uaa.service.cf.internal
scim:
users:
- name: admin
password: PASSWD
groups:
- scim.write
- scim.read
- openid
- cloud_controller.admin
- doppler.firehose
- clients.read
- clients.write
- routing.router_groups.read
user:
override: true
userids_enabled: true
jwt:
signing_key: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
verification_key: |
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
cc:
client_secret: PASSWD
admin:
client_secret: PASSWD
batch:
username: batchuser
password: PASSWD
clients:
cf:
id: cf
override: true
authorized-grant-types: implicit,password,refresh_token
scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,cloud_controller.admin_read_only,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read,routing.router_groups.write
authorities: uaa.none
access-token-validity: 600
refresh-token-validity: 2592000
cloud_controller_username_lookup:
authorities: scim.userids
authorized-grant-types: client_credentials
secret: PASSWD
doppler:
override: true
authorities: uaa.resource
secret: PASSWD
login:
override: true
secret: PASSWD
authorities: oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write
authorized-grant-types: authorization_code,client_credentials,refresh_token
redirect-uri: http://login.example.org
scope: openid,oauth.approvals
notifications:
authorities: cloud_controller.admin,scim.read
authorized-grant-types: client_credentials
secret: PASSWD
gorouter:
authorities: routing.routes.read
authorized-grant-types: client_credentials,refresh_token
secret: PASSWD
cc_routing:
secret: PASSWD
ssh-proxy:
authorized-grant-types: authorization_code
autoapprove: true
override: true
redirect-uri: /login
scope: openid,cloud_controller.read,cloud_controller.write
secret: PASSWD
tcp_emitter:
authorities: routing.routes.write,routing.routes.read
authorized-grant-types: client_credentials,refresh_token
secret: PASSWD
tcp_router:
authorities: routing.routes.read
authorized-grant-types: client_credentials,refresh_token
secret: PASSWD
garden:
allow_host_access: true
graph_cleanup_threshold_in_mb: 15000
allow_networks:
- 0.0.0.0/0
insecure_docker_registry_list: &insecure
- 192.168.1.202:5000
capi:
nsync:
bbs: &bbs
api_location: bbs.service.cf.internal:8889
ca_cert: ""
client_cert: ""
client_key: ""
require_ssl: false
cc: &capicc
base_url: http://cloud-controller-ng.service.cf.internal:9022
basic_auth_password: PASSWD
stager:
listen_addr: 0.0.0.0:8890
staging_task_callback_url: http://stager.service.cf.internal:8890
bbs: *bbs
cc: *capicc
insecure_docker_registry_list: *insecure
tps:
bbs: *bbs
cc: *capicc
watcher:
debug_addr: 0.0.0.0:17020
listener:
debug_addr: 0.0.0.0:17021
traffic_controller_url: wss://doppler.example.org:443
diego:
ssl:
skip_cert_verify: true
bbs:
active_key_label: key1
encryption_keys:
- {label: key1, passphrase: PASSWD}
require_ssl: false
ca_cert: ""
server_cert: ""
server_key: ""
sql:
db_driver: postgres
db_username: diego
db_password: PASSWD
db_host: 10.0.0.21
db_port: 5524
db_schema: diego
auctioneer:
api_url: http://auctioneer.service.cf.internal:9016
etcd:
machines: [etcd.service.cf.internal]
require_ssl: false
ca_cert: ""
client_cert: ""
client_key: ""
auctioneer:
bbs: *bbs
converger:
bbs: *bbs
route_emitter:
bbs: *bbs
nats:
machines: [10.0.0.21]
port: 4222
user: nats
password: PASSWD
ssh_proxy:
bbs: *bbs
host_key: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
enable_cf_auth: true
uaa_token_url: http://login.example.org/oauth/token
uaa_secret: PASSWD
rep:
zone: z1
bbs: *bbs
preloaded_rootfses: ["cflinuxfs2:/var/vcap/packages/cflinuxfs2/rootfs"]
syslog_daemon_config:
address: 192.168.1.202
port: 5142
dropsonde:
enabled: true
metron_endpoint:
shared_secret: PASSWD
metron_agent:
deployment: ENVIRONMENT
zone: z1
dropsonde_incoming_port: 3457
loggregator_endpoint:
shared_secret: PASSWD
loggregator:
etcd:
machines: [etcd.service.cf.internal]
incoming_port: 13456
dropsonde_incoming_port: 13457
doppler_port: 18081
outgoing_dropsonde_port: 28081
tls:
ca_cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
doppler:
cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
metron:
cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
trafficcontroller:
cert: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
doppler_endpoint:
shared_secret: PASSWD
doppler:
enabled: true
use_ssl: true
port: 443
incoming_port: 13456
dropsonde_incoming_port: 13457
outgoing_port: 18081
zone: z1
traffic_controller:
outgoing_port: 28080
zone: z1
logger_endpoint:
use_ssl: true
port: 443
uaa_client_id: cf
uaa_endpoint: https://uaa.example.org
smoke_tests:
suite_name: CF_SMOKE_TESTS
api: https://api.example.org
apps_domain: example.org
user: admin
password: PASSWD
org: SMOKE_TEST_ORG
space: SMOKE_TEST_SPACE
use_existing_org: false
use_existing_space: false
logging_app: ''
runtime_app: ''
skip_ssl_validation: true
ginkgo_opts: '-v'
enable_windows_tests: false
backend: 'diego'
acceptance_tests:
api: https://api.example.org
apps_domain: example.org
admin_user: admin
admin_password: PASSWD
skip_ssl_validation: true
nodes: 2
include_route_services: true
include_diego_docker: true
include_diego_ssh: true
default_timeout: 60
cf_push_timeout: 240
long_curl_timeout: 240
broker_start_timeout: 600
persistent_app_host: cat-persistent
persistent_app_space: cat-persistent
persistent_app_org: cat-persistent
persistent_app_quota_name: cat-persistent
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment