Merge pull request #189 from cloudfoundry/develop

bump latest develop to master to enhance postgres ssl mode support

example/operation/postgres-ssl-fewer.yml

@@ -128,7 +128,20 @@
   path: /instance_groups/name=asactors/jobs/name=operator/properties/autoscaler/lock_db/tls?
   value: *database_tls
 
-
+#apiserver
+- type: replace
+  path: /instance_groups/name=asapi/jobs/name=apiserver/properties/autoscaler/policy_db/sslmode?
+  value: *sslmode
+- type: replace
+  path: /instance_groups/name=asapi/jobs/name=apiserver/properties/autoscaler/policy_db/tls?
+  value: *database_tls
+#servicebroker
+- type: replace
+  path: /instance_groups/name=asapi/jobs/name=servicebroker/properties/autoscaler/binding_db/sslmode?
+  value: *sslmode
+- type: replace
+  path: /instance_groups/name=asapi/jobs/name=servicebroker/properties/autoscaler/binding_db/tls?
+  value: *database_tls
 
 
 

example/operation/postgres-ssl.yml

@@ -128,6 +128,20 @@
   path: /instance_groups/name=operator/jobs/name=operator/properties/autoscaler/lock_db/tls?
   value: *database_tls
 
+- type: replace
+  path: /instance_groups/name=apiserver/jobs/name=apiserver/properties/autoscaler/policy_db/sslmode?
+  value: *sslmode
+- type: replace
+  path: /instance_groups/name=apiserver/jobs/name=apiserver/properties/autoscaler/policy_db/tls?
+  value: *database_tls
+
+- type: replace
+  path: /instance_groups/name=servicebroker/jobs/name=servicebroker/properties/autoscaler/binding_db/sslmode?
+  value: *sslmode
+- type: replace
+  path: /instance_groups/name=servicebroker/jobs/name=servicebroker/properties/autoscaler/binding_db/tls?
+  value: *database_tls
+
 
 
 

jobs/apiserver/spec

@@ -28,6 +28,7 @@ templates:
   eventgenerator_ca.crt.erb: config/certs/eventgenerator/ca.crt
   eventgenerator_client.crt.erb: config/certs/eventgenerator/client.crt
   eventgenerator_client.key.erb: config/certs/eventgenerator/client.key
+  policy_db_ca.crt.erb: config/certs/policy_db/ca.crt
   hooks/pre-start.sh.erb: bin/hooks/pre-start.sh
   hooks/pre-stop.sh.erb: bin/hooks/pre-stop.sh
   hooks/post-start.sh.erb: bin/hooks/post-start.sh
@@ -175,6 +176,11 @@ properties:
     description: "Port on which the policydb server will listen"
   autoscaler.policy_db.roles:
     description: "The list of database roles used in policydb database including name/password"
+  autoscaler.policy_db.tls.ca:
+    default: ''
+  autoscaler.policy_db.sslmode:
+    default: disable
+    description: "sslmode to connect to postgres server"
 
   autoscaler.api_server.hooks.pre_start:
     description: "Script to run before starting api_server"

jobs/apiserver/templates/config.json.erb

@@ -18,6 +18,10 @@
   eventgenerator_host = p('autoscaler.api_server.eventgenerator.host')
   eventgenerator_port = p('autoscaler.api_server.eventgenerator.port')
   service_offering_enabled = p('autoscaler.api_server.service_offering_enabled')
+  db_uri = db_scheme + "://" + role['name'] + ":" + role['password'] + "@" + address + ":" + db_port.to_s + "/" + database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') 
+  unless p('autoscaler.policy_db.tls.ca') == ""
+    db_uri = db_uri + "&sslrootcert=/var/vcap/jobs/apiserver/config/certs/policy_db/ca.crt"
+  end
 
   params = {
     'port' => p('autoscaler.api_server.port'),
@@ -34,7 +38,7 @@
        'maxConnections' => p('autoscaler.api_server.db_config.max_connections'),
        'minConnections' => p('autoscaler.api_server.db_config.min_connections'),
        'idleTimeout' => p('autoscaler.api_server.db_config.idle_timeout'),
-       'uri' => db_scheme + "://" + role['name'] + ":" + role['password'] + "@" + address + ":" + db_port.to_s + "/" + database['name']  ,
+       'uri' => db_uri,
      },
     'scheduler' => {
        'uri' => "https://" + scheduler_host + ":" + scheduler_port.to_s,

jobs/apiserver/templates/policy_db_ca.crt.erb

@@ -0,0 +1,3 @@
+<% if_p("autoscaler.policy_db.tls.ca") do |value| %>
+<%= value %>
+<% end %>

jobs/apiserver/templates/pre-start.erb

@@ -34,9 +34,15 @@ DBNAME='<%= database['name'] %>'
 USER='<%= role['name'] %>'
 PASSWORD='<%= role['password'] %>'
 PORT='<%= p("autoscaler.policy_db.port") %>'
+SSLMODE='<%= p("autoscaler.policy_db.sslmode") %>'
+DBURI="jdbc:postgresql://$HOST:$PORT/$DBNAME?sslmode=$SSLMODE"
+
+<% unless p('autoscaler.policy_db.tls.ca') == "" %>
+DBURI=$DBURI"&sslrootcert=/var/vcap/jobs/apiserver/config/certs/policy_db/ca.crt"
+<% end %>
 
 detect_dns $HOST $PORT
 
-java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url jdbc:postgresql://$HOST:$PORT/$DBNAME --username=$USER --password=$PASSWORD \
+java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url "$DBURI" --username=$USER --password=$PASSWORD \
 --driver=org.postgresql.Driver --changeLogFile=$API_DIR/db/api.db.changelog.yml update
 

jobs/eventgenerator/templates/eventgenerator.yml.erb

@@ -8,16 +8,21 @@
   policy_db_port = p('autoscaler.policy_db.port')
   policy_db_role = p_arr('autoscaler.policy_db.roles').find { |role| role['tag'] == 'policydb' or role['tag'] == 'default' } 
   policy_db_database = p_arr('autoscaler.policy_db.databases').find { |database| database['tag'] == 'policydb' or database['tag'] == 'default' } 
-  policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') + "&sslrootcert=/var/vcap/jobs/eventgenerator/config/certs/policy_db/ca.crt" 
-
+  policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') 
+  unless p('autoscaler.policy_db.tls.ca') == ""
+    policy_db_url = policy_db_url + "&sslrootcert=/var/vcap/jobs/eventgenerator/config/certs/policy_db/ca.crt" 
+  end
 
   app_metrics_db_scheme = p('autoscaler.appmetrics_db.db_scheme')
   app_metrics_db_address = p('autoscaler.appmetrics_db.address')
   app_metrics_db_port = p('autoscaler.appmetrics_db.port')
   app_metrics_db_role = p_arr('autoscaler.appmetrics_db.roles').find { |role| role['tag'] == 'appmetricsdb' or role['tag'] == 'default' }
   app_metrics_db_database = p_arr('autoscaler.appmetrics_db.databases').find { |database| database['tag'] == 'appmetricsdb' or database['tag'] == 'default' }
-  app_metrics_db_url = app_metrics_db_scheme + "://" + app_metrics_db_role['name'] + ":" + app_metrics_db_role['password'] + "@" + app_metrics_db_address + ":" + app_metrics_db_port.to_s + "/" + app_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.appmetrics_db.sslmode') + "&sslrootcert=/var/vcap/jobs/eventgenerator/config/certs/appmetrics_db/ca.crt" 
-
+  app_metrics_db_url = app_metrics_db_scheme + "://" + app_metrics_db_role['name'] + ":" + app_metrics_db_role['password'] + "@" + app_metrics_db_address + ":" + app_metrics_db_port.to_s + "/" + app_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.appmetrics_db.sslmode')  
+  unless p('autoscaler.appmetrics_db.tls.ca') == ""
+    app_metrics_db_url = app_metrics_db_url + "&sslrootcert=/var/vcap/jobs/eventgenerator/config/certs/appmetrics_db/ca.crt" 
+  end
+
   sorted_instances=link("eventgenerator").instances.sort_by {|i|i.address}
   nodeIndex=sorted_instances.index(sorted_instances.find{|i|i.id == spec.id})
   addrs=sorted_instances.map{|i| "'#{i.address}:#{p('autoscaler.eventgenerator.server.port')}'"}

jobs/eventgenerator/templates/pre-start.erb

@@ -27,9 +27,15 @@ DBNAME='<%= database['name'] %>'
 USER='<%= role['name'] %>'
 PASSWORD='<%= role['password'] %>'
 PORT='<%= p("autoscaler.appmetrics_db.port") %>'
+SSLMODE='<%= p("autoscaler.appmetrics_db.sslmode") %>'
+DBURI="jdbc:postgresql://$HOST:$PORT/$DBNAME?sslmode=$SSLMODE"
+
+<% unless p('autoscaler.appmetrics_db.tls.ca') == "" %>
+DBURI=$DBURI"&sslrootcert=/var/vcap/jobs/eventgenerator/config/certs/appmetrics_db/ca.crt"
+<% end %>
 
 detect_dns $HOST $PORT
 
-java -cp "/var/vcap/packages/db/target/lib/*" liquibase.integration.commandline.Main --url jdbc:postgresql://$HOST:$PORT/$DBNAME --username=$USER --password=$PASSWORD \
+java -cp "/var/vcap/packages/db/target/lib/*" liquibase.integration.commandline.Main --url "$DBURI" --username=$USER --password=$PASSWORD \
 --driver=org.postgresql.Driver --changeLogFile=/var/vcap/packages/eventgenerator/dataaggregator.db.changelog.yml update
 

jobs/metricscollector/templates/metricscollector.yml.erb

@@ -8,14 +8,20 @@
   instance_metrics_db_port = p('autoscaler.instancemetrics_db.port')
   instance_metrics_db_role = p_arr('autoscaler.instancemetrics_db.roles').find { |role| role['tag'] == 'instancemetricsdb' or role['tag'] == 'default' } 
   instance_metrics_db_database = p_arr('autoscaler.instancemetrics_db.databases').find { |database| database['tag'] == 'instancemetricsdb' or database['tag'] == 'default' } 
-  instance_metrics_db_url = instance_metrics_db_scheme + "://" + instance_metrics_db_role['name'] + ":" + instance_metrics_db_role['password'] + "@" + instance_metrics_db_address + ":" + instance_metrics_db_port.to_s + "/" + instance_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.instancemetrics_db.sslmode') + "&sslrootcert=/var/vcap/jobs/metricscollector/config/certs/appinstancemetrics_db/ca.crt"
-
+  instance_metrics_db_url = instance_metrics_db_scheme + "://" + instance_metrics_db_role['name'] + ":" + instance_metrics_db_role['password'] + "@" + instance_metrics_db_address + ":" + instance_metrics_db_port.to_s + "/" + instance_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.instancemetrics_db.sslmode') 
+  unless p('autoscaler.instancemetrics_db.tls.ca') == ""
+    instance_metrics_db_url = instance_metrics_db_url + "&sslrootcert=/var/vcap/jobs/metricscollector/config/certs/appinstancemetrics_db/ca.crt"
+  end
+
   policy_db_scheme = p('autoscaler.policy_db.db_scheme')
   policy_db_address = p('autoscaler.policy_db.address')
   policy_db_port = p('autoscaler.policy_db.port')
   policy_db_role = p_arr('autoscaler.policy_db.roles').find { |role| role['tag'] == 'policydb' or role['tag'] == 'default'  }
   policy_db_database = p_arr('autoscaler.policy_db.databases').find { |database| database['tag'] == 'policydb' or database['tag'] == 'default' }
-  policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') + "&sslrootcert=/var/vcap/jobs/metricscollector/config/certs/policy_db/ca.crt"
+  policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') 
+  unless p('autoscaler.policy_db.tls.ca') == ""
+    policy_db_url = policy_db_url + "&sslrootcert=/var/vcap/jobs/metricscollector/config/certs/policy_db/ca.crt"
+  end
 
   sorted_instances=link("metricscollector").instances.sort_by {|i|i.address}
   nodeIndex=sorted_instances.index(sorted_instances.find{|i|i.id == spec.id})

jobs/metricscollector/templates/pre-start.erb

@@ -28,9 +28,15 @@ DBNAME='<%= database['name'] %>'
 USER='<%= role['name'] %>'
 PASSWORD='<%= role['password'] %>'
 PORT='<%= p("autoscaler.instancemetrics_db.port") %>'
+SSLMODE='<%= p("autoscaler.instancemetrics_db.sslmode") %>'
+DBURI="jdbc:postgresql://$HOST:$PORT/$DBNAME?sslmode=$SSLMODE"
+
+<% unless p('autoscaler.instancemetrics_db.tls.ca') == "" %>
+DBURI=$DBURI"&sslrootcert=/var/vcap/jobs/metricscollector/config/certs/appinstancemetrics_db/ca.crt"
+<% end %>
 
 detect_dns $HOST $PORT
 
-java -cp "/var/vcap/packages/db/target/lib/*" liquibase.integration.commandline.Main --url jdbc:postgresql://$HOST:$PORT/$DBNAME --username=$USER --password=$PASSWORD \
+java -cp "/var/vcap/packages/db/target/lib/*" liquibase.integration.commandline.Main --url "$DBURI" --username=$USER --password=$PASSWORD \
 --driver=org.postgresql.Driver --changeLogFile=/var/vcap/packages/metricscollector/metricscollector.db.changelog.yml update
 

jobs/operator/templates/operator.yml.erb

@@ -8,35 +8,50 @@
   policy_db_port = p('autoscaler.policy_db.port')
   policy_db_role = p_arr('autoscaler.policy_db.roles').find { |role| role['tag'] == 'policydb' or role['tag'] == 'default'  }
   policy_db_database = p_arr('autoscaler.policy_db.databases').find { |database| database['tag'] == 'policydb' or database['tag'] == 'default' }
-  policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') + "&sslrootcert=/var/vcap/jobs/operator/config/certs/policy_db/ca.crt"
+  policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode')
+  unless p('autoscaler.policy_db.tls.ca') == ""
+    policy_db_url = policy_db_url + "&sslrootcert=/var/vcap/jobs/operator/config/certs/policy_db/ca.crt" 
+  end
 
   instance_metrics_db_scheme = p('autoscaler.instancemetrics_db.db_scheme')
   instance_metrics_db_address = p('autoscaler.instancemetrics_db.address')
   instance_metrics_db_port = p('autoscaler.instancemetrics_db.port')
   instance_metrics_db_role = p_arr('autoscaler.instancemetrics_db.roles').find { |role| role['tag'] == 'instancemetricsdb' or role['tag'] == 'default' } 
   instance_metrics_db_database = p_arr('autoscaler.instancemetrics_db.databases').find { |database| database['tag'] == 'instancemetricsdb' or database['tag'] == 'default' } 
-  instance_metrics_db_url = instance_metrics_db_scheme + "://" + instance_metrics_db_role['name'] + ":" + instance_metrics_db_role['password'] + "@" + instance_metrics_db_address + ":" + instance_metrics_db_port.to_s + "/" + instance_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.instancemetrics_db.sslmode') + "&sslrootcert=/var/vcap/jobs/operator/config/certs/appinstancemetrics_db/ca.crt"
+  instance_metrics_db_url = instance_metrics_db_scheme + "://" + instance_metrics_db_role['name'] + ":" + instance_metrics_db_role['password'] + "@" + instance_metrics_db_address + ":" + instance_metrics_db_port.to_s + "/" + instance_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.instancemetrics_db.sslmode')
+  unless p('autoscaler.instancemetrics_db.tls.ca') == ""
+    instance_metrics_db_url = instance_metrics_db_url + "&sslrootcert=/var/vcap/jobs/operator/config/certs/appinstancemetrics_db/ca.crt"
+  end
 
   app_metrics_db_scheme = p('autoscaler.appmetrics_db.db_scheme')
   app_metrics_db_address = p('autoscaler.appmetrics_db.address')
   app_metrics_db_port = p('autoscaler.appmetrics_db.port')
   app_metrics_db_role = p_arr('autoscaler.appmetrics_db.roles').find { |role| role['tag'] == 'appmetricsdb' or role['tag'] == 'default' }
   app_metrics_db_database = p_arr('autoscaler.appmetrics_db.databases').find { |database| database['tag'] == 'appmetricsdb' or database['tag'] == 'default' }
-  app_metrics_db_url = app_metrics_db_scheme + "://" + app_metrics_db_role['name'] + ":" + app_metrics_db_role['password'] + "@" + app_metrics_db_address + ":" + app_metrics_db_port.to_s + "/" + app_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.appmetrics_db.sslmode') + "&sslrootcert=/var/vcap/jobs/operator/config/certs/appmetrics_db/ca.crt"
+  app_metrics_db_url = app_metrics_db_scheme + "://" + app_metrics_db_role['name'] + ":" + app_metrics_db_role['password'] + "@" + app_metrics_db_address + ":" + app_metrics_db_port.to_s + "/" + app_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.appmetrics_db.sslmode') 
+  unless p('autoscaler.appmetrics_db.tls.ca') == ""
+    app_metrics_db_url = app_metrics_db_url + "&sslrootcert=/var/vcap/jobs/operator/config/certs/appmetrics_db/ca.crt"
+  end
 
   scaling_engine_db_scheme = p('autoscaler.scalingengine_db.db_scheme')
   scaling_engine_db_address = p('autoscaler.scalingengine_db.address')
   scaling_engine_db_port = p('autoscaler.scalingengine_db.port')
   scaling_engine_db_role = p_arr('autoscaler.scalingengine_db.roles').find { |role| role['tag'] == 'scalingenginedb' or role['tag'] == 'default' }
   scaling_engine_db_database = p_arr('autoscaler.scalingengine_db.databases').find { |database| database['tag'] == 'scalingenginedb' or database['tag'] == 'default' }
-  scaling_engine_db_url = scaling_engine_db_scheme + "://" + scaling_engine_db_role['name'] + ":" + scaling_engine_db_role['password'] + "@" + scaling_engine_db_address + ":" + scaling_engine_db_port.to_s + "/" + scaling_engine_db_database['name'] + "?sslmode=" + p('autoscaler.scalingengine_db.sslmode') + "&sslrootcert=/var/vcap/jobs/operator/config/certs/scalingengine_db/ca.crt"
+  scaling_engine_db_url = scaling_engine_db_scheme + "://" + scaling_engine_db_role['name'] + ":" + scaling_engine_db_role['password'] + "@" + scaling_engine_db_address + ":" + scaling_engine_db_port.to_s + "/" + scaling_engine_db_database['name'] + "?sslmode=" + p('autoscaler.scalingengine_db.sslmode') 
+  unless p('autoscaler.scalingengine_db.tls.ca') == ""
+    scaling_engine_db_url = scaling_engine_db_url + "&sslrootcert=/var/vcap/jobs/operator/config/certs/scalingengine_db/ca.crt"
+  end
 
   lock_db_scheme = p('autoscaler.lock_db.db_scheme')
   lock_db_address = p('autoscaler.lock_db.address')
   lock_db_port = p('autoscaler.lock_db.port')
   lock_db_role = p_arr('autoscaler.lock_db.roles').find { |role| role['tag'] == 'lockdb' or role['tag'] == 'default' }
   lock_db_database = p_arr('autoscaler.lock_db.databases').find { |database| database['tag'] == 'lockdb' or database['tag'] == 'default' }
-  lock_db_url = lock_db_scheme + "://" + lock_db_role['name'] + ":" + lock_db_role['password'] + "@" + lock_db_address + ":" + lock_db_port.to_s + "/" + lock_db_database['name'] + "?sslmode=" + p('autoscaler.lock_db.sslmode')+ "&sslrootcert=/var/vcap/jobs/operator/config/certs/lock_db/ca.crt"
+  lock_db_url = lock_db_scheme + "://" + lock_db_role['name'] + ":" + lock_db_role['password'] + "@" + lock_db_address + ":" + lock_db_port.to_s + "/" + lock_db_database['name'] + "?sslmode=" + p('autoscaler.lock_db.sslmode')
+  unless p('autoscaler.lock_db.tls.ca') == ""
+    lock_db_url = lock_db_url + "&sslrootcert=/var/vcap/jobs/operator/config/certs/lock_db/ca.crt"
+  end
 %>
 
 cf:

jobs/operator/templates/pre-start.erb

@@ -32,9 +32,15 @@ DBNAME='<%= database['name'] %>'
 USER='<%= role['name'] %>'
 PASSWORD='<%= role['password'] %>'
 PORT='<%= p("autoscaler.lock_db.port") %>'
+SSLMODE='<%= p("autoscaler.lock_db.sslmode") %>'
+DBURI="jdbc:postgresql://$HOST:$PORT/$DBNAME?sslmode=$SSLMODE"
+
+<% unless p('autoscaler.lock_db.tls.ca') == "" %>
+DBURI=$DBURI"&sslrootcert=/var/vcap/jobs/operator/config/certs/lock_db/ca.crt"
+<% end %>
 
 detect_dns $HOST $PORT
 
-java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url jdbc:postgresql://$HOST:$PORT/$DBNAME --username=$USER --password=$PASSWORD \
+java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url "$DBURI" --username=$USER --password=$PASSWORD \
 --driver=org.postgresql.Driver --changeLogFile=$operator_DIR/operator.db.changelog.yml update
 

jobs/scalingengine/templates/pre-start.erb

@@ -28,8 +28,14 @@ DBNAME='<%= database['name'] %>'
 USER='<%= role['name'] %>'
 PASSWORD='<%= role['password'] %>'
 PORT='<%= p("autoscaler.scalingengine_db.port") %>'
+SSLMODE='<%= p("autoscaler.scalingengine_db.sslmode") %>'
+DBURI="jdbc:postgresql://$HOST:$PORT/$DBNAME?sslmode=$SSLMODE"
+
+<% unless p('autoscaler.scalingengine_db.tls.ca') == "" %>
+DBURI=$DBURI"&sslrootcert=/var/vcap/jobs/scalingengine/config/certs/scalingengine_db/ca.crt"
+<% end %>
 
 detect_dns $HOST $PORT
 
-java -cp "/var/vcap/packages/db/target/lib/*" liquibase.integration.commandline.Main --url jdbc:postgresql://$HOST:$PORT/$DBNAME --username=$USER --password=$PASSWORD \
+java -cp "/var/vcap/packages/db/target/lib/*" liquibase.integration.commandline.Main --url "$DBURI" --username=$USER --password=$PASSWORD \
 --driver=org.postgresql.Driver --changeLogFile=/var/vcap/packages/scalingengine/scalingengine.db.changelog.yml update