<% director_uuid = 'CHANGE-ME' floating_ip = 'CHANGE-ME' root_domain = "#{floating_ip}.xip.io" net_id = 'CHANGE-ME' deployment_name = 'cf' cf_release = '183' protocol = 'http' common_password = 'c1oudc0wc1oudc0w' %> --- name: <%= deployment_name %> director_uuid: <%= director_uuid %> releases: - name: cf version: <%= cf_release %> compilation: workers: 5 network: default reuse_compilation_vms: true cloud_properties: instance_type: m1.medium update: canaries: 0 canary_watch_time: 30000-600000 update_watch_time: 30000-600000 max_in_flight: 32 serial: false networks: - name: default type: dynamic cloud_properties: net_id: <%= net_id %> security_groups: - default - bosh - name: public type: dynamic cloud_properties: net_id: <%= net_id %> security_groups: - default - bosh - cf-public - name: floating type: vip cloud_properties: {} resource_pools: - name: small network: default stemcell: name: bosh-openstack-kvm-ubuntu-trusty-go_agent version: latest cloud_properties: instance_type: m1.small - name: medium network: default stemcell: name: bosh-openstack-kvm-ubuntu-trusty-go_agent version: latest cloud_properties: instance_type: m1.medium - name: large network: default stemcell: name: bosh-openstack-kvm-ubuntu-trusty-go_agent version: latest cloud_properties: instance_type: m1.xlarge jobs: - name: haproxy templates: - name: haproxy instances: 1 resource_pool: small networks: - name: public default: [dns, gateway] - name: floating static_ips: - <%= floating_ip %> properties: networks: apps: public - name: data templates: - name: debian_nfs_server - name: postgres instances: 1 resource_pool: medium persistent_disk: 102400 networks: - name: default - name: core templates: - name: nats - name: nats_stream_forwarder - name: etcd - name: etcd_metrics_server - name: hm9000 - name: uaa - name: login instances: 1 resource_pool: medium persistent_disk: 10024 networks: - name: default - name: api templates: - name: gorouter - name: cloud_controller_ng - name: cloud_controller_clock - name: cloud_controller_worker - name: loggregator - name: loggregator_trafficcontroller instances: 1 resource_pool: medium networks: - name: default - name: runner templates: - name: dea_next - name: dea_logging_agent - name: metron_agent instances: 1 resource_pool: large networks: - name: default properties: networks: apps: default domain: <%= root_domain %> system_domain: <%= root_domain %> system_domain_organization: admin app_domains: - <%= root_domain %> ssl: skip_cert_verify: true request_timeout_in_seconds: 300 dropsonde: enabled: true ha_proxy: ssl_pem: | -----BEGIN CERTIFICATE----- MIIBrTCCARYCCQC8Nv/VzAW5gzANBgkqhkiG9w0BAQsFADAbMQ0wCwYDVQQKDARC b3NoMQowCAYDVQQDDAEqMB4XDTE0MDcyNDA0MjkzNloXDTI0MDcyMTA0MjkzNlow GzENMAsGA1UECgwEQm9zaDEKMAgGA1UEAwwBKjCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAusGqZW2nSyqSI5RY8Hm8270XfYEuR3kPVYuwwAftEi7BSaR+4fpb a9kXaJwcPMIecQOsPTByoqyXfseUx1yZVBEnq/7ZjYj1ipfGa99XfQEjCzXaS3Je NkdwhJf3IZf7XQMhSZMs7NmvZ6aD91st83NCr316fdDoKvRRi66YlOcCAwEAATAN BgkqhkiG9w0BAQsFAAOBgQCc6HCnAY3PdykXNXLyrnRk31tuHCrwSKSGH+tf24v8 DO9wUuuja+jGYou5lE+lzRs8KBYR97ENb0hNC0oYrU3XWinWJAdM2Dp3/lWQJF9T 9yQKNnctjW6U7YbCqkbkZXesZglSjtTnyiVlD59shmDNZZCQnbG7CLkrnlQGuM4n zg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE REQUEST----- MIIBWjCBxAIBADAbMQ0wCwYDVQQKDARCb3NoMQowCAYDVQQDDAEqMIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQC6waplbadLKpIjlFjwebzbvRd9gS5HeQ9Vi7DA B+0SLsFJpH7h+ltr2RdonBw8wh5xA6w9MHKirJd+x5THXJlUESer/tmNiPWKl8Zr 31d9ASMLNdpLcl42R3CEl/chl/tdAyFJkyzs2a9npoP3Wy3zc0KvfXp90Ogq9FGL rpiU5wIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAVpFm7oKKgQsuK1RUxoJ25XO2 aS9GpengE57N0LH1dKxyHF7g+fPer6YAwpNE7bZNjyPRkng33OJ7N67nvYtFs6eN CFBf8okWpmFgJ6gC5zNxYQRm1RU7+RUpM2ceMT1g14SmA5ffS48rYaSx2raKphYA KI1neJFzwM3gQfrwI+s= -----END CERTIFICATE REQUEST----- -----BEGIN PRIVATE KEY----- MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALrBqmVtp0sqkiOU WPB5vNu9F32BLkd5D1WLsMAH7RIuwUmkfuH6W2vZF2icHDzCHnEDrD0wcqKsl37H lMdcmVQRJ6v+2Y2I9YqXxmvfV30BIws12ktyXjZHcISX9yGX+10DIUmTLOzZr2em g/dbLfNzQq99en3Q6Cr0UYuumJTnAgMBAAECgYEAjQFwcEiMiXpJAMgfJuIjsB1j QQVqNdi3tTVVbIgPfS0ED2A91M08fX9Z50gHIfDHHzlQsJqF00FQ2Q5DzQqjUMS+ EJvVQsen71B8LNkKB+8GlJjTN+QoW0UAWtvK6gRYB4VIe+5LrWlioQWHucYH8UzB veyzthWQBPfxDkYrvdECQQDsR0T/oo0kN3GHcwRe4p4oVMUncu9pci8IRZf7gSKN 8db+LVTSm7jrhUOmSmCL//A2VnoNpPriFaP573dHH9kLAkEAylg56itY8Kn9AAAk 1BlFprO0Odecz8Cf8ZNzzpAvnN/AqRSF04PTUCRavJonGirW6tU+qgybMMO3uVHf 9/W1FQJAQn/Ihp4sVS4ZkMKpTz8+viEln/W0NhxB6nUT0mBE5mhTVxRRFDlpsTe/ k3TJeX2eEN0D2wU86xamIPjpvCXVgwJBAJ+CQ01tFHTLnEz20BF/Rp/uQ+HhLZW8 pJlcgstQcKg63vaq3gBqiBdCQWEyKCcBpGCE8Bw/Sct8TgXCHEutHy0CQQCv14lC nM7h6y+I9r3cqZRBDMfWpvAl25doctNWY0McmudIT9FHIBtvayRnBqa9Z554Bk6S f+4pffb9Gl/e6Fxh -----END PRIVATE KEY----- nats: user: nats password: <%= common_password %> address: 0.core.default.<%= deployment_name %>.microbosh port: 4222 machines: - 0.core.default.<%= deployment_name %>.microbosh etcd: machines: - 0.core.default.<%= deployment_name %>.microbosh etcd_metrics_server: nats: machines: - 0.core.default.<%= deployment_name %>.microbosh username: nats password: <%= common_password %> syslog_aggregator: {} nfs_server: address: 0.data.default.<%= deployment_name %>.microbosh allow_from_entries: - "*.<%= deployment_name %>.microbosh" idmapd_domain: openstacklocal databases: &databases db_scheme: postgres address: 0.data.default.<%= deployment_name %>.microbosh port: 5524 roles: - tag: admin name: ccadmin password: <%= common_password %> - tag: admin name: uaaadmin password: <%= common_password %> - tag: admin name: consoleadmin password: <%= common_password %> - tag: admin name: appusageserviceadmin password: <%= common_password %> databases: - tag: cc name: ccdb citext: true - tag: uaa name: uaadb citext: true - tag: console name: consoledb citext: true - tag: appusageservicedb name: appusageservicedb citext: true ccdb: &ccdb db_scheme: postgres address: 0.data.default.<%= deployment_name %>.microbosh port: 5524 roles: - tag: admin name: ccadmin password: <%= common_password %> databases: - tag: cc name: ccdb citext: true uaadb: db_scheme: postgresql address: 0.data.default.<%= deployment_name %>.microbosh port: 5524 roles: - tag: admin name: uaaadmin password: <%= common_password %> databases: - tag: uaa name: uaadb citext: true cc: &cc external_host: api srv_api_uri: <%= protocol %>://api.<%= root_domain %> jobs: global: timeout_in_seconds: 14400 app_bits_packer: timeout_in_seconds: null app_events_cleanup: timeout_in_seconds: null app_usage_events_cleanup: timeout_in_seconds: null blobstore_delete: timeout_in_seconds: null blobstore_upload: timeout_in_seconds: null droplet_deletion: timeout_in_seconds: null droplet_upload: timeout_in_seconds: null model_deletion: timeout_in_seconds: null app_events: cutoff_age_in_days: 31 app_usage_events: cutoff_age_in_days: 31 audit_events: cutoff_age_in_days: 31 billing_event_writing_enabled: true diego: false diego_docker: false default_app_memory: 1024 default_app_disk_in_mb: 1024 maximum_app_disk_in_mb: 2048 client_max_body_size: 1536M bulk_api_password: <%= common_password %> staging_upload_user: upload staging_upload_password: <%= common_password %> db_encryption_key: <%= common_password %> disable_custom_buildpacks: false broker_client_timeout_seconds: 120 development_mode: false resource_pool: resource_directory_key: cloudfoundry-resources fog_connection: provider: Local local_root: /var/vcap/nfs/shared packages: app_package_directory_key: cloudfoundry-packages fog_connection: provider: Local local_root: /var/vcap/nfs/shared droplets: droplet_directory_key: cloudfoundry-droplets fog_connection: provider: Local local_root: /var/vcap/nfs/shared buildpacks: buildpack_directory_key: cloudfoundry-buildpacks fog_connection: provider: Local local_root: /var/vcap/nfs/shared install_buildpacks: - name: java_buildpack package: buildpack_java - name: ruby_buildpack package: buildpack_ruby - name: nodejs_buildpack package: buildpack_nodejs - name: go_buildpack package: buildpack_go - name: python_buildpack package: buildpack_python - name: php_buildpack package: buildpack_php newrelic: license_key: null environment_name: <%= deployment_name %> quota_definitions: default: memory_limit: 10240 total_services: 100 non_basic_services_allowed: true total_routes: 1000 trial_db_allowed: true runaway: memory_limit: 102400 total_services: -1 total_routes: 1000 non_basic_services_allowed: true security_group_definitions: - name: public_networks rules: - protocol: all destination: 0.0.0.0-9.255.255.255 - protocol: all destination: 11.0.0.0-169.253.255.255 - protocol: all destination: 169.255.0.0-172.15.255.255 - protocol: all destination: 172.32.0.0-192.167.255.255 - protocol: all destination: 192.169.0.0-255.255.255.25 - name: internal_network rules: - protocol: all destination: 10.0.0.0-10.255.255.255 - name: dns rules: - destination: 0.0.0.0/0 ports: '53' protocol: tcp - destination: 0.0.0.0/0 ports: '53' protocol: udp default_running_security_groups: - public_networks - internal_network - dns default_staging_security_groups: - public_networks - internal_network - dns dea: &dea disk_mb: 102400 disk_overcommit_factor: 2 memory_mb: 15000 memory_overcommit_factor: 3 staging_disk_inode_limit: 200000 instance_disk_inode_limit: 200000 kernel_network_tuning_enabled: true directory_server_protocol: <%= protocol %> evacuation_bail_out_time_in_seconds: 600 logging_level: debug staging_disk_limit_mb: 4096 staging_memory_limit_mb: 1024 mtu: 1460 deny_networks: - 169.254.0.0/16 # Metadata endpoint dea_next: *dea disk_quota_enabled: true dea_logging_agent: status: user: admin password: <%= common_password %> loggregator_endpoint: shared_secret: <%= common_password %> host: 0.api.default.<%= deployment_name %>.microbosh loggregator: incoming_port: 3456 outgoing_port: 8081 zone: 'zone' servers: zone: - 0.api.default.<%= deployment_name %>.microbosh traffic_controller: zone: 'zone' incoming_port: 3457 outgoing_port: 8082 logger_endpoint: use_ssl: <%= protocol == 'https' %> port: 80 metron_endpoint: shared_secret: <%= common_password %> metron_agent: zone: 'zone' login: enabled: true protocol: <%= protocol %> port: 8081 catalina_opts: -Xmx768m -XX:MaxPermSize=256m brand: oss links: home: <%= protocol %>://console.<%= root_domain %> passwd: <%= protocol %>://console.<%= root_domain %>/password_resets/new signup: <%= protocol %>://console.<%= root_domain %>/register router: endpoint_timeout: 60 status: port: 8080 user: gorouter password: <%= common_password %> servers: z1: - 0.api.default.<%= deployment_name %>.microbosh z2: [] uaa: url: <%= protocol %>://uaa.<%= root_domain %> no_ssl: <%= protocol == 'http' %> catalina_opts: -Xmx768m -XX:MaxPermSize=256m cc: client_secret: <%= common_password %> admin: client_secret: <%= common_password %> batch: username: batch password: <%= common_password %> clients: cf: override: true authorized-grant-types: implicit,password,refresh_token authorities: uaa.none scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write access-token-validity: 7200 refresh-token-validity: 1209600 admin: secret: <%= common_password %> authorized-grant-types: client_credentials authorities: clients.read,clients.write,clients.secret,password.write,scim.write,scim.read,uaa.admin login: id: login override: true autoapprove: true scope: openid,oauth.approvals authorities: oauth.login secret: <%= common_password %> authorized-grant-types: authorization_code,client_credentials,refresh_token redirect-uri: <%= protocol %>://login.<%= root_domain %> portal: override: true scope: openid,cloud_controller.read,cloud_controller.write,password.write,console.admin,console.support authorities: scim.write,scim.read,cloud_controller.read,cloud_controller.write,password.write,uaa.admin,uaa.resource,cloud_controller.admin,billing.admin secret: <%= common_password %> authorized-grant-types: authorization_code,client_credentials access-token-validity: 1209600 refresh-token-validity: 1209600 redirect-uri: <%= protocol %>://console.<%= root_domain %>/oauth/callback cc_service_broker_client: id: cc_service_broker_client override: true autoapprove: true secret: <%= common_password %> authorized-grant-types: client_credentials scope: cloud_controller.write,openid,cloud_controller.read,cloud_controller_service_permissions.read authorities: clients.read,clients.write,clients.admin access-token-validity: 1209600 refresh-token-validity: 1209600 scim: users: - admin|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin,uaa.admin,password.write - services|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin jwt: signing_key: | -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1 JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6 0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0 KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8 +5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+ 4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY= -----END RSA PRIVATE KEY----- verification_key: | -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug spULZVNRxq7veq/fzwIDAQAB -----END PUBLIC KEY-----