Skip to content

Instantly share code, notes, and snippets.

@frodenas

frodenas/cf-183-openstack.yml

Created March 14, 2015 19:40
Show Gist options
  • Save frodenas/3609ad8111bc2cfb4763 to your computer and use it in GitHub Desktop.
Save frodenas/3609ad8111bc2cfb4763 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. frodenas created this gist Mar 14, 2015.
    562 changes: 562 additions & 0 deletions cf-183-openstack.yml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,562 @@
    <%
    director_uuid = 'CHANGE-ME'
    floating_ip = 'CHANGE-ME'
    root_domain = "#{floating_ip}.xip.io"
    net_id = 'CHANGE-ME'
    deployment_name = 'cf'
    cf_release = '183'
    protocol = 'http'
    common_password = 'c1oudc0wc1oudc0w'
    %>
    ---
    name: <%= deployment_name %>
    director_uuid: <%= director_uuid %>

    releases:
    - name: cf
    version: <%= cf_release %>

    compilation:
    workers: 5
    network: default
    reuse_compilation_vms: true
    cloud_properties:
    instance_type: m1.medium

    update:
    canaries: 0
    canary_watch_time: 30000-600000
    update_watch_time: 30000-600000
    max_in_flight: 32
    serial: false

    networks:
    - name: default
    type: dynamic
    cloud_properties:
    net_id: <%= net_id %>
    security_groups:
    - default
    - bosh

    - name: public
    type: dynamic
    cloud_properties:
    net_id: <%= net_id %>
    security_groups:
    - default
    - bosh
    - cf-public

    - name: floating
    type: vip
    cloud_properties: {}

    resource_pools:
    - name: small
    network: default
    stemcell:
    name: bosh-openstack-kvm-ubuntu-trusty-go_agent
    version: latest
    cloud_properties:
    instance_type: m1.small

    - name: medium
    network: default
    stemcell:
    name: bosh-openstack-kvm-ubuntu-trusty-go_agent
    version: latest
    cloud_properties:
    instance_type: m1.medium

    - name: large
    network: default
    stemcell:
    name: bosh-openstack-kvm-ubuntu-trusty-go_agent
    version: latest
    cloud_properties:
    instance_type: m1.xlarge

    jobs:
    - name: haproxy
    templates:
    - name: haproxy
    instances: 1
    resource_pool: small
    networks:
    - name: public
    default: [dns, gateway]
    - name: floating
    static_ips:
    - <%= floating_ip %>
    properties:
    networks:
    apps: public

    - name: data
    templates:
    - name: debian_nfs_server
    - name: postgres
    instances: 1
    resource_pool: medium
    persistent_disk: 102400
    networks:
    - name: default

    - name: core
    templates:
    - name: nats
    - name: nats_stream_forwarder
    - name: etcd
    - name: etcd_metrics_server
    - name: hm9000
    - name: uaa
    - name: login
    instances: 1
    resource_pool: medium
    persistent_disk: 10024
    networks:
    - name: default

    - name: api
    templates:
    - name: gorouter
    - name: cloud_controller_ng
    - name: cloud_controller_clock
    - name: cloud_controller_worker
    - name: loggregator
    - name: loggregator_trafficcontroller
    instances: 1
    resource_pool: medium
    networks:
    - name: default

    - name: runner
    templates:
    - name: dea_next
    - name: dea_logging_agent
    - name: metron_agent
    instances: 1
    resource_pool: large
    networks:
    - name: default

    properties:
    networks:
    apps: default

    domain: <%= root_domain %>
    system_domain: <%= root_domain %>
    system_domain_organization: admin
    app_domains:
    - <%= root_domain %>

    ssl:
    skip_cert_verify: true

    request_timeout_in_seconds: 300

    dropsonde:
    enabled: true

    ha_proxy:
    ssl_pem: |
    -----BEGIN CERTIFICATE-----
    MIIBrTCCARYCCQC8Nv/VzAW5gzANBgkqhkiG9w0BAQsFADAbMQ0wCwYDVQQKDARC
    b3NoMQowCAYDVQQDDAEqMB4XDTE0MDcyNDA0MjkzNloXDTI0MDcyMTA0MjkzNlow
    GzENMAsGA1UECgwEQm9zaDEKMAgGA1UEAwwBKjCBnzANBgkqhkiG9w0BAQEFAAOB
    jQAwgYkCgYEAusGqZW2nSyqSI5RY8Hm8270XfYEuR3kPVYuwwAftEi7BSaR+4fpb
    a9kXaJwcPMIecQOsPTByoqyXfseUx1yZVBEnq/7ZjYj1ipfGa99XfQEjCzXaS3Je
    NkdwhJf3IZf7XQMhSZMs7NmvZ6aD91st83NCr316fdDoKvRRi66YlOcCAwEAATAN
    BgkqhkiG9w0BAQsFAAOBgQCc6HCnAY3PdykXNXLyrnRk31tuHCrwSKSGH+tf24v8
    DO9wUuuja+jGYou5lE+lzRs8KBYR97ENb0hNC0oYrU3XWinWJAdM2Dp3/lWQJF9T
    9yQKNnctjW6U7YbCqkbkZXesZglSjtTnyiVlD59shmDNZZCQnbG7CLkrnlQGuM4n
    zg==
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE REQUEST-----
    MIIBWjCBxAIBADAbMQ0wCwYDVQQKDARCb3NoMQowCAYDVQQDDAEqMIGfMA0GCSqG
    SIb3DQEBAQUAA4GNADCBiQKBgQC6waplbadLKpIjlFjwebzbvRd9gS5HeQ9Vi7DA
    B+0SLsFJpH7h+ltr2RdonBw8wh5xA6w9MHKirJd+x5THXJlUESer/tmNiPWKl8Zr
    31d9ASMLNdpLcl42R3CEl/chl/tdAyFJkyzs2a9npoP3Wy3zc0KvfXp90Ogq9FGL
    rpiU5wIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAVpFm7oKKgQsuK1RUxoJ25XO2
    aS9GpengE57N0LH1dKxyHF7g+fPer6YAwpNE7bZNjyPRkng33OJ7N67nvYtFs6eN
    CFBf8okWpmFgJ6gC5zNxYQRm1RU7+RUpM2ceMT1g14SmA5ffS48rYaSx2raKphYA
    KI1neJFzwM3gQfrwI+s=
    -----END CERTIFICATE REQUEST-----
    -----BEGIN PRIVATE KEY-----
    MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALrBqmVtp0sqkiOU
    WPB5vNu9F32BLkd5D1WLsMAH7RIuwUmkfuH6W2vZF2icHDzCHnEDrD0wcqKsl37H
    lMdcmVQRJ6v+2Y2I9YqXxmvfV30BIws12ktyXjZHcISX9yGX+10DIUmTLOzZr2em
    g/dbLfNzQq99en3Q6Cr0UYuumJTnAgMBAAECgYEAjQFwcEiMiXpJAMgfJuIjsB1j
    QQVqNdi3tTVVbIgPfS0ED2A91M08fX9Z50gHIfDHHzlQsJqF00FQ2Q5DzQqjUMS+
    EJvVQsen71B8LNkKB+8GlJjTN+QoW0UAWtvK6gRYB4VIe+5LrWlioQWHucYH8UzB
    veyzthWQBPfxDkYrvdECQQDsR0T/oo0kN3GHcwRe4p4oVMUncu9pci8IRZf7gSKN
    8db+LVTSm7jrhUOmSmCL//A2VnoNpPriFaP573dHH9kLAkEAylg56itY8Kn9AAAk
    1BlFprO0Odecz8Cf8ZNzzpAvnN/AqRSF04PTUCRavJonGirW6tU+qgybMMO3uVHf
    9/W1FQJAQn/Ihp4sVS4ZkMKpTz8+viEln/W0NhxB6nUT0mBE5mhTVxRRFDlpsTe/
    k3TJeX2eEN0D2wU86xamIPjpvCXVgwJBAJ+CQ01tFHTLnEz20BF/Rp/uQ+HhLZW8
    pJlcgstQcKg63vaq3gBqiBdCQWEyKCcBpGCE8Bw/Sct8TgXCHEutHy0CQQCv14lC
    nM7h6y+I9r3cqZRBDMfWpvAl25doctNWY0McmudIT9FHIBtvayRnBqa9Z554Bk6S
    f+4pffb9Gl/e6Fxh
    -----END PRIVATE KEY-----
    nats:
    user: nats
    password: <%= common_password %>
    address: 0.core.default.<%= deployment_name %>.microbosh
    port: 4222
    machines:
    - 0.core.default.<%= deployment_name %>.microbosh

    etcd:
    machines:
    - 0.core.default.<%= deployment_name %>.microbosh

    etcd_metrics_server:
    nats:
    machines:
    - 0.core.default.<%= deployment_name %>.microbosh
    username: nats
    password: <%= common_password %>

    syslog_aggregator: {}

    nfs_server:
    address: 0.data.default.<%= deployment_name %>.microbosh
    allow_from_entries:
    - "*.<%= deployment_name %>.microbosh"
    idmapd_domain: openstacklocal

    databases: &databases
    db_scheme: postgres
    address: 0.data.default.<%= deployment_name %>.microbosh
    port: 5524
    roles:
    - tag: admin
    name: ccadmin
    password: <%= common_password %>
    - tag: admin
    name: uaaadmin
    password: <%= common_password %>
    - tag: admin
    name: consoleadmin
    password: <%= common_password %>
    - tag: admin
    name: appusageserviceadmin
    password: <%= common_password %>
    databases:
    - tag: cc
    name: ccdb
    citext: true
    - tag: uaa
    name: uaadb
    citext: true
    - tag: console
    name: consoledb
    citext: true
    - tag: appusageservicedb
    name: appusageservicedb
    citext: true

    ccdb: &ccdb
    db_scheme: postgres
    address: 0.data.default.<%= deployment_name %>.microbosh
    port: 5524
    roles:
    - tag: admin
    name: ccadmin
    password: <%= common_password %>
    databases:
    - tag: cc
    name: ccdb
    citext: true

    uaadb:
    db_scheme: postgresql
    address: 0.data.default.<%= deployment_name %>.microbosh
    port: 5524
    roles:
    - tag: admin
    name: uaaadmin
    password: <%= common_password %>
    databases:
    - tag: uaa
    name: uaadb
    citext: true

    cc: &cc
    external_host: api
    srv_api_uri: <%= protocol %>://api.<%= root_domain %>
    jobs:
    global:
    timeout_in_seconds: 14400
    app_bits_packer:
    timeout_in_seconds: null
    app_events_cleanup:
    timeout_in_seconds: null
    app_usage_events_cleanup:
    timeout_in_seconds: null
    blobstore_delete:
    timeout_in_seconds: null
    blobstore_upload:
    timeout_in_seconds: null
    droplet_deletion:
    timeout_in_seconds: null
    droplet_upload:
    timeout_in_seconds: null
    model_deletion:
    timeout_in_seconds: null
    app_events:
    cutoff_age_in_days: 31
    app_usage_events:
    cutoff_age_in_days: 31
    audit_events:
    cutoff_age_in_days: 31
    billing_event_writing_enabled: true
    diego: false
    diego_docker: false
    default_app_memory: 1024
    default_app_disk_in_mb: 1024
    maximum_app_disk_in_mb: 2048
    client_max_body_size: 1536M
    bulk_api_password: <%= common_password %>
    staging_upload_user: upload
    staging_upload_password: <%= common_password %>
    db_encryption_key: <%= common_password %>
    disable_custom_buildpacks: false
    broker_client_timeout_seconds: 120
    development_mode: false
    resource_pool:
    resource_directory_key: cloudfoundry-resources
    fog_connection:
    provider: Local
    local_root: /var/vcap/nfs/shared
    packages:
    app_package_directory_key: cloudfoundry-packages
    fog_connection:
    provider: Local
    local_root: /var/vcap/nfs/shared
    droplets:
    droplet_directory_key: cloudfoundry-droplets
    fog_connection:
    provider: Local
    local_root: /var/vcap/nfs/shared
    buildpacks:
    buildpack_directory_key: cloudfoundry-buildpacks
    fog_connection:
    provider: Local
    local_root: /var/vcap/nfs/shared
    install_buildpacks:
    - name: java_buildpack
    package: buildpack_java
    - name: ruby_buildpack
    package: buildpack_ruby
    - name: nodejs_buildpack
    package: buildpack_nodejs
    - name: go_buildpack
    package: buildpack_go
    - name: python_buildpack
    package: buildpack_python
    - name: php_buildpack
    package: buildpack_php
    newrelic:
    license_key: null
    environment_name: <%= deployment_name %>
    quota_definitions:
    default:
    memory_limit: 10240
    total_services: 100
    non_basic_services_allowed: true
    total_routes: 1000
    trial_db_allowed: true
    runaway:
    memory_limit: 102400
    total_services: -1
    total_routes: 1000
    non_basic_services_allowed: true
    security_group_definitions:
    - name: public_networks
    rules:
    - protocol: all
    destination: 0.0.0.0-9.255.255.255
    - protocol: all
    destination: 11.0.0.0-169.253.255.255
    - protocol: all
    destination: 169.255.0.0-172.15.255.255
    - protocol: all
    destination: 172.32.0.0-192.167.255.255
    - protocol: all
    destination: 192.169.0.0-255.255.255.25
    - name: internal_network
    rules:
    - protocol: all
    destination: 10.0.0.0-10.255.255.255
    - name: dns
    rules:
    - destination: 0.0.0.0/0
    ports: '53'
    protocol: tcp
    - destination: 0.0.0.0/0
    ports: '53'
    protocol: udp
    default_running_security_groups:
    - public_networks
    - internal_network
    - dns
    default_staging_security_groups:
    - public_networks
    - internal_network
    - dns

    dea: &dea
    disk_mb: 102400
    disk_overcommit_factor: 2
    memory_mb: 15000
    memory_overcommit_factor: 3
    staging_disk_inode_limit: 200000
    instance_disk_inode_limit: 200000
    kernel_network_tuning_enabled: true
    directory_server_protocol: <%= protocol %>
    evacuation_bail_out_time_in_seconds: 600
    logging_level: debug
    staging_disk_limit_mb: 4096
    staging_memory_limit_mb: 1024
    mtu: 1460
    deny_networks:
    - 169.254.0.0/16 # Metadata endpoint
    dea_next: *dea
    disk_quota_enabled: true

    dea_logging_agent:
    status:
    user: admin
    password: <%= common_password %>

    loggregator_endpoint:
    shared_secret: <%= common_password %>
    host: 0.api.default.<%= deployment_name %>.microbosh

    loggregator:
    incoming_port: 3456
    outgoing_port: 8081
    zone: 'zone'
    servers:
    zone:
    - 0.api.default.<%= deployment_name %>.microbosh

    traffic_controller:
    zone: 'zone'
    incoming_port: 3457
    outgoing_port: 8082

    logger_endpoint:
    use_ssl: <%= protocol == 'https' %>
    port: 80

    metron_endpoint:
    shared_secret: <%= common_password %>

    metron_agent:
    zone: 'zone'

    login:
    enabled: true
    protocol: <%= protocol %>
    port: 8081
    catalina_opts: -Xmx768m -XX:MaxPermSize=256m
    brand: oss
    links:
    home: <%= protocol %>://console.<%= root_domain %>
    passwd: <%= protocol %>://console.<%= root_domain %>/password_resets/new
    signup: <%= protocol %>://console.<%= root_domain %>/register

    router:
    endpoint_timeout: 60
    status:
    port: 8080
    user: gorouter
    password: <%= common_password %>
    servers:
    z1:
    - 0.api.default.<%= deployment_name %>.microbosh
    z2: []

    uaa:
    url: <%= protocol %>://uaa.<%= root_domain %>
    no_ssl: <%= protocol == 'http' %>
    catalina_opts: -Xmx768m -XX:MaxPermSize=256m
    cc:
    client_secret: <%= common_password %>
    admin:
    client_secret: <%= common_password %>
    batch:
    username: batch
    password: <%= common_password %>
    clients:
    cf:
    override: true
    authorized-grant-types: implicit,password,refresh_token
    authorities: uaa.none
    scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
    access-token-validity: 7200
    refresh-token-validity: 1209600
    admin:
    secret: <%= common_password %>
    authorized-grant-types: client_credentials
    authorities: clients.read,clients.write,clients.secret,password.write,scim.write,scim.read,uaa.admin
    login:
    id: login
    override: true
    autoapprove: true
    scope: openid,oauth.approvals
    authorities: oauth.login
    secret: <%= common_password %>
    authorized-grant-types: authorization_code,client_credentials,refresh_token
    redirect-uri: <%= protocol %>://login.<%= root_domain %>
    portal:
    override: true
    scope: openid,cloud_controller.read,cloud_controller.write,password.write,console.admin,console.support
    authorities: scim.write,scim.read,cloud_controller.read,cloud_controller.write,password.write,uaa.admin,uaa.resource,cloud_controller.admin,billing.admin
    secret: <%= common_password %>
    authorized-grant-types: authorization_code,client_credentials
    access-token-validity: 1209600
    refresh-token-validity: 1209600
    redirect-uri: <%= protocol %>://console.<%= root_domain %>/oauth/callback
    cc_service_broker_client:
    id: cc_service_broker_client
    override: true
    autoapprove: true
    secret: <%= common_password %>
    authorized-grant-types: client_credentials
    scope: cloud_controller.write,openid,cloud_controller.read,cloud_controller_service_permissions.read
    authorities: clients.read,clients.write,clients.admin
    access-token-validity: 1209600
    refresh-token-validity: 1209600
    scim:
    users:
    - admin|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin,uaa.admin,password.write
    - services|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin
    jwt:
    signing_key: |
    -----BEGIN RSA PRIVATE KEY-----
    MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
    JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
    0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
    AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
    Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
    KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
    duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
    xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
    +5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
    lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
    jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
    HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
    4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
    -----END RSA PRIVATE KEY-----
    verification_key: |
    -----BEGIN PUBLIC KEY-----
    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
    KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
    qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
    spULZVNRxq7veq/fzwIDAQAB
    -----END PUBLIC KEY-----