frodenas · August 29, 2015 14:04 · Jul 19, 2014 · Jul 19, 2014
diff --git a/gistfile1.txt → cf-175-gce.yml b/gistfile1.txt → cf-175-gce.yml
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,460 @@
+<%
+director_uuid = 'CHANGE-ME'
+static_ip = 'CHANGE-ME'
+root_domain = "#{static_ip}.xip.io"
+deployment_name = 'cf'
+cf_release = '175'
+protocol = 'http'
+common_password = 'c1oudc0wc1oudc0w'
+%>
+---
+name: <%= deployment_name %>
+director_uuid: <%= director_uuid %>
+
+releases:
+ - name: cf
+   version: <%= cf_release %>
+
+compilation:
+  workers: 5
+  network: default
+  reuse_compilation_vms: true
+  cloud_properties:
+    instance_type: n1-highcpu-2
+
+update:
+  canaries: 0
+  canary_watch_time: 30000-600000
+  update_watch_time: 30000-600000
+  max_in_flight: 32
+  serial: false
+
+networks:
+  - name: default
+    type: dynamic
+    cloud_properties:
+      tags:
+        - bosh
+
+  - name: outbound
+    type: dynamic
+    cloud_properties:
+      ephemeral_external_ip: true
+      tags:
+        - bosh
+
+  - name: inbound
+    type: dynamic
+    cloud_properties:
+      ephemeral_external_ip: true
+      target_pool: cloudfoundry
+      tags:
+        - bosh
+        - <%= deployment_name %>
+
+  - name: static
+    type: vip
+    cloud_properties: {}
+
+resource_pools:
+  - name: common
+    network: default
+    size: 4
+    stemcell:
+      name: bosh-google-kvm-ubuntu-trusty
+      version: latest
+    cloud_properties:
+      instance_type: n1-standard-2
+
+  - name: large
+    network: default
+    size: 3
+    stemcell:
+      name: bosh-google-kvm-ubuntu-trusty
+      version: latest
+    cloud_properties:
+      instance_type: n1-highmem-4
+
+jobs:
+  - name: nfs
+    templates:
+      - name: debian_nfs_server
+    instances: 1
+    resource_pool: common
+    persistent_disk: 65535
+    networks:
+      - name: default
+        default: [dns, gateway]
+
+  - name: data
+    templates:
+      - name: postgres
+    instances: 1
+    resource_pool: common
+    persistent_disk: 65535
+    networks:
+      - name: default
+        default: [dns, gateway]
+    properties:
+      db: databases
+
+  - name: core
+    templates:
+      - name: nats
+      - name: nats_stream_forwarder
+      - name: uaa
+      - name: etcd
+      - name: hm9000
+    instances: 1
+    resource_pool: common
+    persistent_disk: 10024
+    networks:
+      - name: default
+        default: [dns, gateway]
+
+  - name: api
+    templates:
+      - name: cloud_controller_ng
+      - name: cloud_controller_worker
+      - name: cloud_controller_clock
+      - name: loggregator
+      - name: loggregator_trafficcontroller
+      - name: gorouter
+    instances: 1
+    resource_pool: common
+    networks:
+      - name: inbound
+        default: [dns, gateway]
+    properties:
+      networks:
+        apps: inbound
+
+  - name: dea
+    templates:
+      - name: dea_logging_agent
+      - name: dea_next
+    instances: 3
+    resource_pool: large
+    networks:
+      - name: outbound
+        default: [dns, gateway]
+    properties:
+      networks:
+        apps: outbound
+
+properties:
+  domain: <%= root_domain %>
+  system_domain: <%= root_domain %>
+  system_domain_organization: 'admin'
+  app_domains:
+    - <%= root_domain %>
+
+  haproxy: {}
+
+  networks:
+    apps: default
+
+  nats:
+    user: nats
+    password: <%= common_password %>
+    address: 0.core.default.<%= deployment_name %>.microbosh
+    port: 4222
+    machines:
+      - 0.core.default.<%= deployment_name %>.microbosh
+
+  syslog_aggregator: {}
+
+  nfs_server:
+    address: 0.nfs.default.<%= deployment_name %>.microbosh
+    network: "*.<%= deployment_name %>.microbosh"
+    idmapd_domain: "localdomain"
+
+  debian_nfs_server:
+    no_root_squash: true
+
+  loggregator_endpoint:
+    shared_secret: <%= common_password %>
+    host: 0.api.inbound.<%= deployment_name %>.microbosh
+
+  loggregator:
+    incoming_port: 3456
+    outgoing_port: 8081
+    servers:
+      zone:
+        -  0.api.inbound.<%= deployment_name %>.microbosh
+
+  traffic_controller:
+    zone: 'zone'
+    incoming_port: 3457
+    outgoing_port: 8082
+
+  logger_endpoint:
+    use_ssl: <%= protocol == 'https' %>
+    port: 80
+
+  ssl:
+    skip_cert_verify: true
+
+  router:
+    endpoint_timeout: 60
+    status:
+      port: 8080
+      user: gorouter
+      password: <%= common_password %>
+    servers:
+      z1:
+        - 0.api.inbound.<%= deployment_name %>.microbosh
+      z2: []
+
+  etcd:
+    machines:
+      - 0.core.default.<%= deployment_name %>.microbosh
+
+  dea: &dea
+    disk_mb: 102400
+    disk_overcommit_factor: 2
+    memory_mb: 15000
+    memory_overcommit_factor: 3    
+    directory_server_protocol: <%= protocol %>
+    mtu: 1460
+    deny_networks:
+      - 169.254.0.0/16 # Google Metadata endpoint
+
+  dea_next: *dea
+
+  disk_quota_enabled: false
+
+  dea_logging_agent:
+    status:
+      user: admin
+      password: <%= common_password %>
+
+  databases: &databases
+    db_scheme: postgres
+    address: 0.data.default.<%= deployment_name %>.microbosh
+    port: 5524
+    roles:
+      - tag: admin
+        name: ccadmin
+        password: <%= common_password %>
+      - tag: admin
+        name: uaaadmin
+        password: <%= common_password %>
+    databases:
+      - tag: cc
+        name: ccdb
+        citext: true
+      - tag: uaa
+        name: uaadb
+        citext: true
+
+  ccdb: &ccdb
+    db_scheme: postgres
+    address: 0.data.default.<%= deployment_name %>.microbosh
+    port: 5524
+    roles:
+      - tag: admin
+        name: ccadmin
+        password: <%= common_password %>
+    databases:
+      - tag: cc
+        name: ccdb
+        citext: true
+
+  ccdb_ng: *ccdb
+
+  uaadb:
+    db_scheme: postgresql
+    address: 0.data.default.<%= deployment_name %>.microbosh
+    port: 5524
+    roles:
+      - tag: admin
+        name: uaaadmin
+        password: <%= common_password %>
+    databases:
+      - tag: uaa
+        name: uaadb
+        citext: true
+
+  cc: &cc
+    srv_api_uri: <%= protocol %>://api.<%= root_domain %>    
+    jobs:
+      global:
+        timeout_in_seconds: 14400
+      app_bits_packer:
+        timeout_in_seconds: null
+      app_events_cleanup:
+        timeout_in_seconds: null
+      app_usage_events_cleanup:
+        timeout_in_seconds: null
+      blobstore_delete:
+        timeout_in_seconds: null
+      blobstore_upload:
+        timeout_in_seconds: null
+      droplet_deletion:
+        timeout_in_seconds: null
+      droplet_upload:
+        timeout_in_seconds: null
+      model_deletion:
+        timeout_in_seconds: null
+    bulk_api_password: <%= common_password %>
+    staging_upload_user: upload
+    staging_upload_password: <%= common_password %>
+    quota_definitions:
+      default:
+        memory_limit: 10240
+        total_services: 100
+        non_basic_services_allowed: true
+        total_routes: 1000
+        trial_db_allowed: true
+      runaway:
+        memory_limit: 102400
+        total_services: -1
+        total_routes: 1000
+        non_basic_services_allowed: true
+    resource_pool:
+      resource_directory_key: cloudfoundry-resources
+      fog_connection:
+        provider: Local
+        local_root: /var/vcap/nfs/shared
+    packages:
+      app_package_directory_key: cloudfoundry-packages
+      fog_connection:
+        provider: Local
+        local_root: /var/vcap/nfs/shared
+    droplets:
+      droplet_directory_key: cloudfoundry-droplets
+      fog_connection:
+        provider: Local
+        local_root: /var/vcap/nfs/shared
+    buildpacks:
+      buildpack_directory_key: cloudfoundry-buildpacks
+      fog_connection:
+        provider: Local
+        local_root: /var/vcap/nfs/shared        
+    install_buildpacks:
+      - name: java_buildpack
+        package: buildpack_java
+      - name: ruby_buildpack
+        package: buildpack_ruby
+      - name: nodejs_buildpack
+        package: buildpack_nodejs
+      - name: go_buildpack
+        package: buildpack_go
+      - name: python_buildpack
+        package: buildpack_python
+      - name: php_buildpack
+        package: buildpack_php
+    db_encryption_key: <%= common_password %>
+    diego: false
+    newrelic:
+      license_key: null
+      environment_name: <%= deployment_name %>       
+
+    security_group_definitions:
+      - name: public_networks
+        rules:
+          - protocol: all
+            destination: 0.0.0.0-9.255.255.255
+          - protocol: all
+            destination: 11.0.0.0-169.253.255.255
+          - protocol: all
+            destination: 169.255.0.0-172.15.255.255
+          - protocol: all
+            destination: 172.32.0.0-192.167.255.255
+          - protocol: all
+            destination: 192.169.0.0-255.255.255.25
+      - name: dns
+        rules:
+          - destination: 0.0.0.0/0
+            ports: '53'
+            protocol: tcp
+          - destination: 0.0.0.0/0
+            ports: '53'
+            protocol: udp
+
+    default_running_security_groups:
+      - public_networks
+      - dns
+    default_staging_security_groups:
+      - public_networks
+      - dns
+
+  ccng: *cc
+
+  login:
+    enabled: false
+
+  uaa:
+    url: <%= protocol %>://uaa.<%= root_domain %>
+    no_ssl: <%= protocol == 'http' %>
+    cc:
+      client_secret: <%= common_password %>
+    admin:
+      client_secret: <%= common_password %>
+    batch:
+      username: batch
+      password: <%= common_password %>
+    clients:
+      cf:
+        override: true
+        authorized-grant-types: password,implicit,refresh_token
+        authorities: uaa.none
+        scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
+        access-token-validity: 7200
+        refresh-token-validity: 1209600
+      admin:
+        secret: <%= common_password %>
+        authorized-grant-types: client_credentials
+        authorities: clients.read,clients.write,clients.secret,password.write,scim.read,uaa.admin
+      login:
+        id: login
+        override: true
+        autoapprove: true
+        scope: openid,oauth.approvals
+        authorities: oauth.login
+        secret: <%= common_password %>
+        authorized-grant-types: authorization_code,client_credentials,refresh_token
+        redirect-uri: <%= protocol %>://login.<%= root_domain %>
+      portal:
+        override: true
+        scope: openid,cloud_controller.read,cloud_controller.write,password.write,console.admin,console.support
+        authorities: scim.write,scim.read,cloud_controller.read,cloud_controller.write,password.write,uaa.admin,uaa.resource,cloud_controller.admin,billing.admin
+        secret: <%= common_password %>
+        authorized-grant-types: authorization_code,client_credentials
+        access-token-validity: 1209600
+        refresh-token-validity: 1209600
+        redirect-uri: <%= protocol %>://console.<%= root_domain %>/oauth/callback
+      cc_service_broker_client:
+        secret: <%= common_password %>
+        authorized-grant-types: client_credentials
+        scope: cloud_controller.write,openid,cloud_controller.read,cloud_controller_service_permissions.read
+        authorities: clients.read,clients.write,clients.admin
+    scim:
+      users:
+      - admin|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin,uaa.admin,password.write
+      - services|<%= common_password %>|scim.write,scim.read,openid,cloud_controller.admin
+    jwt:
+      signing_key: |
+        -----BEGIN RSA PRIVATE KEY-----
+        MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
+        JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
+        0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
+        AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
+        Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
+        KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
+        duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
+        xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
+        +5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
+        lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
+        jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
+        HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
+        4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
+        -----END RSA PRIVATE KEY-----
+      verification_key: |
+        -----BEGIN PUBLIC KEY-----
+        MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
+        KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
+        qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
+        spULZVNRxq7veq/fzwIDAQAB
+        -----END PUBLIC KEY-----