drnic/cf-aws-dns-small.yml

## cf-aws-dns-small.yml
# Ensure:
# * "cf" security group has all ports open (until ports required are better understood)
# * replace 'YOUR-BOSH-UUID' with UUID from "bosh status"
# * replace 2.3.4.5 with an elastic IP from target AWS region
# * replace 'mycloud.com' with your base domain that maps *.DOMAIN to your IP address
#
# Also:
# * your microbosh has port 53 (UDP or TCP) open for internal DNS
#
# Optional:
# * replace 'c1oudc0w' with a password (numbers and letters only)
---
name: cf
director_uuid: YOUR-BOSH-UUID

releases:
 - name: appcloud
   version: latest

compilation:
  workers: 6
  network: default
  reuse_compilation_vms: true
  cloud_properties:
    instance_type: m1.medium

update:
  canaries: 1
  canary_watch_time: 30000-600000
  update_watch_time: 30000-600000
  max_in_flight: 4
  max_errors: 1

networks:
- name: floating
  type: vip
  cloud_properties: {}
- name: default
  type: dynamic
  cloud_properties:
    security_groups:
    - default
    - cf

resource_pools:
  - name: small
    network: default
    size: 2
    stemcell:
      name: bosh-stemcell
      version: latest
    cloud_properties:
      instance_type: m1.small

  - name: medium
    network: default
    size: 2
    stemcell:
      name: bosh-stemcell
      version: latest
    cloud_properties:
      instance_type: m1.medium

jobs:
  - name: core
    template:
      - syslog_aggregator
      - nats
      - postgres
      - health_manager_next
      - collector
      - debian_nfs_server
      - login
    instances: 1
    resource_pool: medium
    persistent_disk: 8192
    networks:
    - name: default
      default:
      - dns
      - gateway
    properties:
      db: databases

  - name: uaa
    template:
      - uaa
    instances: 1
    resource_pool: small
    networks:
      - name: default
        default: [dns, gateway]

  - name: api
    template:
      - cloud_controller_ng
      - gorouter
    instances: 1
    resource_pool: medium
    networks:
    - name: default
      default:
      - dns
      - gateway
    - name: floating
      static_ips:
      - 2.3.4.5
    properties:
      db: databases

  - name: dea
    template:
      - dea_next
    instances: 1
    resource_pool: small
    networks:
      - name: default
        default: [dns, gateway]

properties:
  domain: mycloud.com
  system_domain: mycloud.com
  system_domain_organization: "mycloud"
  app_domains:
    - mycloud.com

  networks:
    apps: default
    management: default

  nats:
    address: 0.core.default.cf.microbosh
    port: 4222
    user: nats
    password: "c1oudc0w"
    authorization_timeout: 5

  router:
    port: 8081
    status:
      port: 8080
      user: gorouter
      password: "c1oudc0w"

  dea: &dea
    max_memory: 4096
    memory_mb: 4084
    memory_overcommit_factor: 4
    disk_mb: 4096
    disk_overcommit_factor: 4

  dea_next: *dea

  service_lifecycle:
    serialization_data_server:
    - 0.core.default.cf.microbosh

  syslog_aggregator:
    address: 0.core.default.cf.microbosh
    port: 54321

  serialization_data_server:
    port: 8080
    logging_level: debug
    upload_token: 8f7COGvThwlmulIzAgOHxMXurBrG364k
    upload_timeout: 10

  collector:
    deployment_name: cf
    use_tsdb: false
    use_aws_cloudwatch: false
    use_datadog: false

  nfs_server:
    address: 0.core.default.cf.microbosh
    #network: "*.cf.microbosh"
    #idmapd_domain: iad1

  debian_nfs_server:
    no_root_squash: true

  databases: &databases
    db_scheme: postgres
    address: 0.core.default.cf.microbosh
    port: 5524
    roles:
      - tag: admin
        name: ccadmin
        password: "c1oudc0w"
      - tag: admin
        name: uaaadmin
        password: "c1oudc0w"
    databases:
      - tag: cc
        name: ccdb
        citext: true
      - tag: uaa
        name: uaadb
        citext: true

  ccdb: &ccdb
    db_scheme: postgres
    address: 0.core.default.cf.microbosh
    port: 5524
    roles:
      - tag: admin
        name: ccadmin
        password: "c1oudc0w"
    databases:
      - tag: cc
        name: ccdb
        citext: true

  ccdb_ng: *ccdb

  uaadb:
    db_scheme: postgresql
    address: 0.core.default.cf.microbosh
    port: 5524
    roles:
      - tag: admin
        name: uaaadmin
        password: "c1oudc0w"
    databases:
      - tag: uaa
        name: uaadb
        citext: true

  cc_api_version: v2

  cc: &cc
    logging_level: debug
    external_host: ccng
    srv_api_uri: http://api.mycloud.com
    cc_partition: default
    db_encryption_key: "b963127302433579"
    bootstrap_admin_email: admin@mycloud.com
    bulk_api_password: "c1oudc0w"
    uaa_resource_id: cloud_controller
    staging_upload_user: uploaduser
    staging_upload_password: c1oudc0w
    resource_pool:
      resource_directory_key: cc-resources
      fog_connection:
        provider: Local
        local_root: /var/vcap/shared
    packages:
      app_package_directory_key: cc-packages
    droplets:
      droplet_directory_key: cc-droplets

  ccng: *cc

  login:
    protocol: http
    links:
      home: http://console.mycloud.com
      passwd: http://console.mycloud.com/password_resets/new
      signup: http://console.mycloud.com/register

  uaa:
    url: http://uaa.mycloud.com
    spring_profiles: postgresql
    no_ssl: true
    catalina_opts: -Xmx768m -XX:MaxPermSize=256m
    resource_id: account_manager
    jwt:
      signing_key: |
        -----BEGIN RSA PRIVATE KEY-----
        MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
        JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
        0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
        AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
        Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
        KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
        duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
        xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
        +5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
        lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
        jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
        HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
        4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
        -----END RSA PRIVATE KEY-----
      verification_key: |
        -----BEGIN PUBLIC KEY-----
        MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
        KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
        qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
        spULZVNRxq7veq/fzwIDAQAB
        -----END PUBLIC KEY-----
    cc:
      client_secret: "c1oudc0w"
    admin:
      client_secret: "c1oudc0w"
    batch:
      username: batchuser
      password: c1oudc0w
    client:
      autoapprove:
        - cf
        - vmc
        - my
        - micro
        - support-signon
        - login
    clients:
      login:
        override: true
        scope: openid
        authorities: oauth.login
        secret: c1oudc0w
        authorized-grant-types: authorization_code,client_credentials,refresh_token
        redirect-uri: http://login.mycloud.com
      support-services:
        scope: scim.write,scim.read,openid,cloud_controller.read,cloud_controller.write
        secret: ssosecretsso
        authorized-grant-types: authorization_code,client_credentials
        redirect-uri: http://support-signon.mycloud.com
        authorities: portal.users.read
        access-token-validity: 1209600
        refresh-token-validity: 1209600
      vmc:
        override: true
        authorized-grant-types: password,implicit
        authorities: uaa.none
        scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
      cf:
        override: true
        authorized-grant-types: password,implicit,refresh_token
        authorities: uaa.none
        scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
      servicesmgmt:
        override: true
        secret: serivcesmgmtsecret
        scope: openid,cloud_controller.read,cloud_controller.write
        authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
        authorized-grant-types: authorization_code,client_credentials,password,implicit
        redirect-uri: http://servicesmgmt.yourdomain.com/auth/cloudfoundry/callback
        autoapprove: true
    scim:
      users:
      - admin|c1oudc0w|scim.write,scim.read,openid,cloud_controller.admin
      - services|c1oudc0w|scim.write,scim.read,openid,cloud_controller.admin
	# Ensure:
	# * "cf" security group has all ports open (until ports required are better understood)
	# * replace 'YOUR-BOSH-UUID' with UUID from "bosh status"
	# * replace 2.3.4.5 with an elastic IP from target AWS region
	# * replace 'mycloud.com' with your base domain that maps *.DOMAIN to your IP address
	#
	# Also:
	# * your microbosh has port 53 (UDP or TCP) open for internal DNS
	#
	# Optional:
	# * replace 'c1oudc0w' with a password (numbers and letters only)
	---
	name: cf
	director_uuid: YOUR-BOSH-UUID

	releases:
	- name: appcloud
	version: latest

	compilation:
	workers: 6
	network: default
	reuse_compilation_vms: true
	cloud_properties:
	instance_type: m1.medium

	update:
	canaries: 1
	canary_watch_time: 30000-600000
	update_watch_time: 30000-600000
	max_in_flight: 4
	max_errors: 1

	networks:
	- name: floating
	type: vip
	cloud_properties: {}
	- name: default
	type: dynamic
	cloud_properties:
	security_groups:
	- default
	- cf

	resource_pools:
	- name: small
	network: default
	size: 2
	stemcell:
	name: bosh-stemcell
	version: latest
	cloud_properties:
	instance_type: m1.small

	- name: medium
	network: default
	size: 2
	stemcell:
	name: bosh-stemcell
	version: latest
	cloud_properties:
	instance_type: m1.medium

	jobs:
	- name: core
	template:
	- syslog_aggregator
	- nats
	- postgres
	- health_manager_next
	- collector
	- debian_nfs_server
	- login
	instances: 1
	resource_pool: medium
	persistent_disk: 8192
	networks:
	- name: default
	default:
	- dns
	- gateway
	properties:
	db: databases

	- name: uaa
	template:
	- uaa
	instances: 1
	resource_pool: small
	networks:
	- name: default
	default: [dns, gateway]

	- name: api
	template:
	- cloud_controller_ng
	- gorouter
	instances: 1
	resource_pool: medium
	networks:
	- name: default
	default:
	- dns
	- gateway
	- name: floating
	static_ips:
	- 2.3.4.5
	properties:
	db: databases

	- name: dea
	template:
	- dea_next
	instances: 1
	resource_pool: small
	networks:
	- name: default
	default: [dns, gateway]

	properties:
	domain: mycloud.com
	system_domain: mycloud.com
	system_domain_organization: "mycloud"
	app_domains:
	- mycloud.com

	networks:
	apps: default
	management: default

	nats:
	address: 0.core.default.cf.microbosh
	port: 4222
	user: nats
	password: "c1oudc0w"
	authorization_timeout: 5

	router:
	port: 8081
	status:
	port: 8080
	user: gorouter
	password: "c1oudc0w"

	dea: &dea
	max_memory: 4096
	memory_mb: 4084
	memory_overcommit_factor: 4
	disk_mb: 4096
	disk_overcommit_factor: 4

	dea_next: *dea

	service_lifecycle:
	serialization_data_server:
	- 0.core.default.cf.microbosh

	syslog_aggregator:
	address: 0.core.default.cf.microbosh
	port: 54321

	serialization_data_server:
	port: 8080
	logging_level: debug
	upload_token: 8f7COGvThwlmulIzAgOHxMXurBrG364k
	upload_timeout: 10

	collector:
	deployment_name: cf
	use_tsdb: false
	use_aws_cloudwatch: false
	use_datadog: false

	nfs_server:
	address: 0.core.default.cf.microbosh
	#network: "*.cf.microbosh"
	#idmapd_domain: iad1

	debian_nfs_server:
	no_root_squash: true

	databases: &databases
	db_scheme: postgres
	address: 0.core.default.cf.microbosh
	port: 5524
	roles:
	- tag: admin
	name: ccadmin
	password: "c1oudc0w"
	- tag: admin
	name: uaaadmin
	password: "c1oudc0w"
	databases:
	- tag: cc
	name: ccdb
	citext: true
	- tag: uaa
	name: uaadb
	citext: true

	ccdb: &ccdb
	db_scheme: postgres
	address: 0.core.default.cf.microbosh
	port: 5524
	roles:
	- tag: admin
	name: ccadmin
	password: "c1oudc0w"
	databases:
	- tag: cc
	name: ccdb
	citext: true

	ccdb_ng: *ccdb

	uaadb:
	db_scheme: postgresql
	address: 0.core.default.cf.microbosh
	port: 5524
	roles:
	- tag: admin
	name: uaaadmin
	password: "c1oudc0w"
	databases:
	- tag: uaa
	name: uaadb
	citext: true

	cc_api_version: v2

	cc: &cc
	logging_level: debug
	external_host: ccng
	srv_api_uri: http://api.mycloud.com
	cc_partition: default
	db_encryption_key: "b963127302433579"
	bootstrap_admin_email: admin@mycloud.com
	bulk_api_password: "c1oudc0w"
	uaa_resource_id: cloud_controller
	staging_upload_user: uploaduser
	staging_upload_password: c1oudc0w
	resource_pool:
	resource_directory_key: cc-resources
	fog_connection:
	provider: Local
	local_root: /var/vcap/shared
	packages:
	app_package_directory_key: cc-packages
	droplets:
	droplet_directory_key: cc-droplets

	ccng: *cc

	login:
	protocol: http
	links:
	home: http://console.mycloud.com
	passwd: http://console.mycloud.com/password_resets/new
	signup: http://console.mycloud.com/register

	uaa:
	url: http://uaa.mycloud.com
	spring_profiles: postgresql
	no_ssl: true
	catalina_opts: -Xmx768m -XX:MaxPermSize=256m
	resource_id: account_manager
	jwt:
	signing_key: \|
	-----BEGIN RSA PRIVATE KEY-----
	MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
	JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
	0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
	AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
	Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
	KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
	duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
	xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
	+5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
	lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
	jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
	HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
	4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
	-----END RSA PRIVATE KEY-----
	verification_key: \|
	-----BEGIN PUBLIC KEY-----
	MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
	KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
	qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
	spULZVNRxq7veq/fzwIDAQAB
	-----END PUBLIC KEY-----
	cc:
	client_secret: "c1oudc0w"
	admin:
	client_secret: "c1oudc0w"
	batch:
	username: batchuser
	password: c1oudc0w
	client:
	autoapprove:
	- cf
	- vmc
	- my
	- micro
	- support-signon
	- login
	clients:
	login:
	override: true
	scope: openid
	authorities: oauth.login
	secret: c1oudc0w
	authorized-grant-types: authorization_code,client_credentials,refresh_token
	redirect-uri: http://login.mycloud.com
	support-services:
	scope: scim.write,scim.read,openid,cloud_controller.read,cloud_controller.write
	secret: ssosecretsso
	authorized-grant-types: authorization_code,client_credentials
	redirect-uri: http://support-signon.mycloud.com
	authorities: portal.users.read
	access-token-validity: 1209600
	refresh-token-validity: 1209600
	vmc:
	override: true
	authorized-grant-types: password,implicit
	authorities: uaa.none
	scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
	cf:
	override: true
	authorized-grant-types: password,implicit,refresh_token
	authorities: uaa.none
	scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write
	servicesmgmt:
	override: true
	secret: serivcesmgmtsecret
	scope: openid,cloud_controller.read,cloud_controller.write
	authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
	authorized-grant-types: authorization_code,client_credentials,password,implicit
	redirect-uri: http://servicesmgmt.yourdomain.com/auth/cloudfoundry/callback
	autoapprove: true
	scim:
	users:
	- admin\|c1oudc0w\|scim.write,scim.read,openid,cloud_controller.admin
	- services\|c1oudc0w\|scim.write,scim.read,openid,cloud_controller.admin
No results found