Created
February 17, 2017 08:00
-
-
Save nota-ja/d8808742d4dbaa3d3dca0789f2db54fd to your computer and use it in GitHub Desktop.
Revisions
-
nota-ja created this gist
Feb 17, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,782 @@ --- name: routing-pr-66-example director_uuid: DIRECTOR_UUID releases: - {name: cf, version: 251} - {name: garden-runc, version: 1.1.1} - {name: diego, version: 1.5.3} - {name: cflinuxfs2-rootfs, version: 1.45.0} networks: - name: private type: manual subnets: - range: 10.0.0.0/24 gateway: 10.0.0.1 dns: [10.0.0.6] reserved: ["10.0.0.1 - 10.0.0.20", "10.0.0.41 - 10.0.0.99"] static: ["10.0.0.21 - 10.0.0.40"] cloud_properties: net_id: NET_ID security_groups: - cf-sg - name: public type: vip cloud_properties: {} resource_pools: - name: small network: private stemcell: name: bosh-openstack-kvm-ubuntu-trusty-go_agent version: 3312.15 cloud_properties: instance_type: m1.small - name: medium network: private stemcell: name: bosh-openstack-kvm-ubuntu-trusty-go_agent version: 3312.15 cloud_properties: instance_type: m1.medium - name: large network: private stemcell: name: bosh-openstack-kvm-ubuntu-trusty-go_agent version: 3312.15 cloud_properties: instance_type: m1.large compilation: workers: 4 network: private reuse_compilation_vms: true cloud_properties: instance_type: m1.medium update: canaries: 1 canary_watch_time: 30000-600000 update_watch_time: 30000-600000 max_in_flight: 1 jobs: - name: core resource_pool: medium instances: 1 persistent_disk: 100000 templates: - {name: postgres, release: cf} - {name: nats, release: cf} - {name: etcd, release: cf} - {name: consul_agent, release: cf} - {name: metron_agent, release: cf} - {name: route_registrar, release: cf} - {name: blobstore, release: cf} - {name: bbs, release: diego} - {name: auctioneer, release: diego} - {name: route_emitter, release: diego} networks: - name: private default: - gateway - dns static_ips: [10.0.0.21] properties: consul: agent: mode: server services: etcd: {} blobstore: {} route_registrar: routes: - name: blobstore port: 8086 tags: component: blobstore uris: - blobstore.example.org registration_interval: 20s - name: ctrl resource_pool: medium instances: 2 templates: - {name: consul_agent, release: cf} - {name: metron_agent, release: cf} - {name: route_registrar, release: cf} - {name: cloud_controller_ng, release: cf} - {name: cloud_controller_worker, release: cf} - {name: cloud_controller_clock, release: cf} - {name: uaa, release: cf} - {name: stager, release: cf} - {name: nsync, release: cf} - {name: tps, release: cf} - {name: cc_uploader, release: cf} - {name: go-buildpack, release: cf} - {name: binary-buildpack, release: cf} - {name: nodejs-buildpack, release: cf} - {name: ruby-buildpack, release: cf} - {name: php-buildpack, release: cf} - {name: python-buildpack, release: cf} - {name: staticfile-buildpack, release: cf} - {name: java-offline-buildpack, release: cf} networks: - name: private default: - gateway - dns static_ips: [10.0.0.22, 10.0.0.23] properties: consul: agent: services: cloud_controller_ng: {} uaa: {} route_registrar: routes: - name: api port: 9022 uris: - api.example.org registration_interval: 20s - name: uaa port: 38080 uris: - uaa.example.org - "*.uaa.example.org" - login.example.org - "*.login.example.org" registration_interval: 20s - name: router resource_pool: small instances: 2 templates: - {name: consul_agent, release: cf} - {name: metron_agent, release: cf} - {name: route_registrar, release: cf} - {name: gorouter, release: cf} - {name: loggregator_trafficcontroller, release: cf} - {name: doppler, release: cf} - {name: syslog_drain_binder, release: cf} - {name: file_server, release: diego} - {name: ssh_proxy, release: diego} networks: - name: public static_ips: [192.168.1.57, 192.168.1.59] - name: private default: - gateway - dns static_ips: [10.0.0.24, 10.0.0.25] properties: consul: agent: services: gorouter: {} route_registrar: routes: - name: loggregator port: 28080 uris: - loggregator.example.org registration_interval: 20s - name: doppler port: 28081 uris: - doppler.example.org registration_interval: 20s - name: cell resource_pool: medium instances: 2 templates: - {name: consul_agent, release: cf} - {name: metron_agent, release: cf} - {name: garden, release: garden-runc} - {name: cflinuxfs2-rootfs-setup, release: cflinuxfs2-rootfs} - {name: rep, release: diego} networks: - name: private default: - gateway - dns static_ips: [10.0.0.31, 10.0.0.32] - name: smoke lifecycle: errand resource_pool: small instances: 1 templates: - {name: smoke-tests, release: cf} networks: - name: private default: - gateway - dns static_ips: [10.0.0.29] - name: cat lifecycle: errand resource_pool: small instances: 1 templates: - {name: acceptance-tests, release: cf} networks: - name: private default: - gateway - dns static_ips: [10.0.0.29] properties: version: "251" support_address: https://www.example.org/ description: Cloud Foundry with Diego on OpenStack system_domain: example.org system_domain_organization: system app_domains: [example.org] disk_quota_enabled: true ssl: skip_cert_verify: true app_ssh: host_key_fingerprint: HOST_KEY_FINGERPRINT databases: databases: - tag: cc name: ccdb citext: true - tag: uaa name: uaadb citext: true - tag: diego name: diego citext: false roles: - tag: admin name: ccadmin password: PASSWD - tag: admin name: uaaadmin password: PASSWD - tag: admin name: diego password: PASSWD db_scheme: postgres address: 10.0.0.21 port: 5524 ccdb: db_scheme: postgres address: 10.0.0.21 port: 5524 databases: - tag: cc name: ccdb citext: true roles: - tag: admin name: ccadmin password: PASSWD uaadb: db_scheme: postgresql address: 10.0.0.21 port: 5524 databases: - tag: uaa name: uaadb citext: true roles: - tag: admin name: uaaadmin password: PASSWD nats: machines: [10.0.0.21] port: 4222 user: nats password: PASSWD etcd: machines: [10.0.0.21] require_ssl: false peer_require_ssl: false advertise_urls_dns_suffix: etcd.service.cf.internal cluster: - {name: all, instances: 1} consul: agent: servers: lan: - 10.0.0.21 domain: cf.internal encrypt_keys: [PASSWD] ca_cert: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- agent_cert: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- agent_key: | -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- server_cert: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- server_key: | -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- require_ssl: false blobstore: admin_users: - {username: blobstore-username, password: PASSWD} secure_link: secret: PASSWD port: 8086 tls: port: 4043 cert: |+ -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- private_key: |+ -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- ca_cert: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- router: debug_address: 0.0.0.0:17003 ssl_skip_validation: true route_services_secret: PASSWD route_services_recommend_https: false # status: # port: 8092 # user: "" # password: "" cc: srv_api_uri: https://api.example.org external_protocol: https external_host: api diego: stager_url: http://stager.service.cf.internal:8890 diego_docker: true default_to_diego_backend: true users_can_select_backend: false allow_app_ssh_access: true billing_event_writing_enabled: true default_app_memory: 256 quota_definitions: default: memory_limit: 10240 non_basic_services_allowed: true total_routes: 1000 total_services: 100 db_encryption_key: PASSWD bulk_api_password: PASSWD internal_api_password: PASSWD service_name: cloud-controller-ng staging_upload_user: bosh staging_upload_password: PASSWD security_group_definitions: - name: public_networks rules: - {destination: 0.0.0.0-9.255.255.255, protocol: all} - {destination: 11.0.0.0-169.253.255.255, protocol: all} - {destination: 169.255.0.0-172.15.255.255, protocol: all} - {destination: 172.32.0.0-192.167.255.255, protocol: all} - {destination: 192.169.0.0-255.255.255.255, protocol: all} - name: dns rules: - {destination: 0.0.0.0/0, ports: "53", protocol: tcp} - {destination: 0.0.0.0/0, ports: "53", protocol: udp} - name: all rules: - {destination: 0.0.0.0/0, protocol: all} default_running_security_groups: [public_networks, dns] default_staging_security_groups: [all] default_fog_connection: local_root: /var/vcap/store buildpacks: blobstore_type: webdav webdav_config: password: PASSWD private_endpoint: https://blobstore.service.cf.internal:4043 public_endpoint: http://blobstore.example.org secret: PASSWD username: blobstore-username droplets: blobstore_type: webdav webdav_config: password: PASSWD private_endpoint: https://blobstore.service.cf.internal:4043 public_endpoint: http://blobstore.example.org secret: PASSWD username: blobstore-username packages: blobstore_type: webdav webdav_config: password: PASSWD private_endpoint: https://blobstore.service.cf.internal:4043 public_endpoint: http://blobstore.example.org secret: PASSWD username: blobstore-username resource_pool: blobstore_type: webdav webdav_config: password: PASSWD private_endpoint: https://blobstore.service.cf.internal:4043 public_endpoint: http://blobstore.example.org secret: PASSWD username: blobstore-username install_buildpacks: - {name: java_buildpack, package: java-offline-buildpack} - {name: ruby_buildpack, package: ruby-buildpack} - {name: nodejs_buildpack, package: nodejs-buildpack} - {name: go_buildpack, package: go-buildpack} - {name: python_buildpack, package: python-buildpack} - {name: php_buildpack, package: php-buildpack} - {name: staticfile_buildpack, package: staticfile-buildpack} - {name: binary_buildpack, package: binary-buildpack} user_buildpacks: [] disable_custom_buildpacks: false login: protocol: http url: http://login.example.org saml: serviceProviderKey: | -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- serviceProviderKeyPassword: "" serviceProviderCertificate: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- uaa: dump_requests: true url: https://uaa.example.org issuer: https://uaa.example.org no_ssl: false require_https: false ssl: port: -1 port: 38080 zones: internal: hostnames: - uaa.service.cf.internal scim: users: - name: admin password: PASSWD groups: - scim.write - scim.read - openid - cloud_controller.admin - doppler.firehose - clients.read - clients.write - routing.router_groups.read user: override: true userids_enabled: true jwt: signing_key: | -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- verification_key: | -----BEGIN PUBLIC KEY----- -----END PUBLIC KEY----- cc: client_secret: PASSWD admin: client_secret: PASSWD batch: username: batchuser password: PASSWD clients: cf: id: cf override: true authorized-grant-types: implicit,password,refresh_token scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,cloud_controller.admin_read_only,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read,routing.router_groups.write authorities: uaa.none access-token-validity: 600 refresh-token-validity: 2592000 cloud_controller_username_lookup: authorities: scim.userids authorized-grant-types: client_credentials secret: PASSWD doppler: override: true authorities: uaa.resource secret: PASSWD login: override: true secret: PASSWD authorities: oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write authorized-grant-types: authorization_code,client_credentials,refresh_token redirect-uri: http://login.example.org scope: openid,oauth.approvals notifications: authorities: cloud_controller.admin,scim.read authorized-grant-types: client_credentials secret: PASSWD gorouter: authorities: routing.routes.read authorized-grant-types: client_credentials,refresh_token secret: PASSWD cc_routing: secret: PASSWD ssh-proxy: authorized-grant-types: authorization_code autoapprove: true override: true redirect-uri: /login scope: openid,cloud_controller.read,cloud_controller.write secret: PASSWD tcp_emitter: authorities: routing.routes.write,routing.routes.read authorized-grant-types: client_credentials,refresh_token secret: PASSWD tcp_router: authorities: routing.routes.read authorized-grant-types: client_credentials,refresh_token secret: PASSWD garden: allow_host_access: true graph_cleanup_threshold_in_mb: 15000 allow_networks: - 0.0.0.0/0 insecure_docker_registry_list: &insecure - 192.168.1.202:5000 capi: nsync: bbs: &bbs api_location: bbs.service.cf.internal:8889 ca_cert: "" client_cert: "" client_key: "" require_ssl: false cc: &capicc base_url: http://cloud-controller-ng.service.cf.internal:9022 basic_auth_password: PASSWD stager: listen_addr: 0.0.0.0:8890 staging_task_callback_url: http://stager.service.cf.internal:8890 bbs: *bbs cc: *capicc insecure_docker_registry_list: *insecure tps: bbs: *bbs cc: *capicc watcher: debug_addr: 0.0.0.0:17020 listener: debug_addr: 0.0.0.0:17021 traffic_controller_url: wss://doppler.example.org:443 diego: ssl: skip_cert_verify: true bbs: active_key_label: key1 encryption_keys: - {label: key1, passphrase: PASSWD} require_ssl: false ca_cert: "" server_cert: "" server_key: "" sql: db_driver: postgres db_username: diego db_password: PASSWD db_host: 10.0.0.21 db_port: 5524 db_schema: diego auctioneer: api_url: http://auctioneer.service.cf.internal:9016 etcd: machines: [etcd.service.cf.internal] require_ssl: false ca_cert: "" client_cert: "" client_key: "" auctioneer: bbs: *bbs converger: bbs: *bbs route_emitter: bbs: *bbs nats: machines: [10.0.0.21] port: 4222 user: nats password: PASSWD ssh_proxy: bbs: *bbs host_key: | -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- enable_cf_auth: true uaa_token_url: http://login.example.org/oauth/token uaa_secret: PASSWD rep: zone: z1 bbs: *bbs preloaded_rootfses: ["cflinuxfs2:/var/vcap/packages/cflinuxfs2/rootfs"] syslog_daemon_config: address: 192.168.1.202 port: 5142 dropsonde: enabled: true metron_endpoint: shared_secret: PASSWD metron_agent: deployment: ENVIRONMENT zone: z1 dropsonde_incoming_port: 3457 loggregator_endpoint: shared_secret: PASSWD loggregator: etcd: machines: [etcd.service.cf.internal] incoming_port: 13456 dropsonde_incoming_port: 13457 doppler_port: 18081 outgoing_dropsonde_port: 28081 tls: ca_cert: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- doppler: cert: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- key: | -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- metron: cert: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- key: | -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- trafficcontroller: cert: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- key: | -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- doppler_endpoint: shared_secret: PASSWD doppler: enabled: true use_ssl: true port: 443 incoming_port: 13456 dropsonde_incoming_port: 13457 outgoing_port: 18081 zone: z1 traffic_controller: outgoing_port: 28080 zone: z1 logger_endpoint: use_ssl: true port: 443 uaa_client_id: cf uaa_endpoint: https://uaa.example.org smoke_tests: suite_name: CF_SMOKE_TESTS api: https://api.example.org apps_domain: example.org user: admin password: PASSWD org: SMOKE_TEST_ORG space: SMOKE_TEST_SPACE use_existing_org: false use_existing_space: false logging_app: '' runtime_app: '' skip_ssl_validation: true ginkgo_opts: '-v' enable_windows_tests: false backend: 'diego' acceptance_tests: api: https://api.example.org apps_domain: example.org admin_user: admin admin_password: PASSWD skip_ssl_validation: true nodes: 2 include_route_services: true include_diego_docker: true include_diego_ssh: true default_timeout: 60 cf_push_timeout: 240 long_curl_timeout: 240 broker_start_timeout: 600 persistent_app_host: cat-persistent persistent_app_space: cat-persistent persistent_app_org: cat-persistent persistent_app_quota_name: cat-persistent