From 96fe80237539b04a91b867424c821825d260558d Mon Sep 17 00:00:00 2001 From: zyjiaobj Date: Tue, 23 Apr 2019 13:46:57 +0800 Subject: [PATCH 1/2] bump latest cf-test-helpers features to use existing org and space (#187) --- src/acceptance/config/config.go | 103 +++++++++++------- .../cloudfoundry-incubator/cf-test-helpers | 2 +- 2 files changed, 67 insertions(+), 38 deletions(-) diff --git a/src/acceptance/config/config.go b/src/acceptance/config/config.go index 79a1198538..673734ff8a 100644 --- a/src/acceptance/config/config.go +++ b/src/acceptance/config/config.go @@ -13,33 +13,38 @@ const JAVA_APP = "../assets/app/HelloWorldJavaWeb.war" const NODE_APP = "../assets/app/nodeApp" type Config struct { - ApiEndpoint string `json:"api"` - AppsDomain string `json:"apps_domain"` - UseHttp bool `json:"use_http"` - AdminUser string `json:"admin_user"` - AdminPassword string `json:"admin_password"` - UseExistingUser bool `json:"use_existing_user"` - ShouldKeepUser bool `json:"keep_user_at_suite_end"` - ExistingUser string `json:"existing_user"` - ExistingUserPassword string `json:"existing_user_password"` - ConfigurableTestPassword string `json:"test_password"` - PersistentAppHost string `json:"persistent_app_host"` - PersistentAppSpace string `json:"persistent_app_space"` - PersistentAppOrg string `json:"persistent_app_org"` - PersistentAppQuotaName string `json:"persistent_app_quota_name"` - SkipSSLValidation bool `json:"skip_ssl_validation"` - ArtifactsDirectory string `json:"artifacts_directory"` - DefaultTimeout int `json:"default_timeout"` - SleepTimeout int `json:"sleep_timeout"` - DetectTimeout int `json:"detect_timeout"` - CfPushTimeout int `json:"cf_push_timeout"` - LongCurlTimeout int `json:"long_curl_timeout"` - BrokerStartTimeout int `json:"broker_start_timeout"` - AsyncServiceOperationTimeout int `json:"async_service_operation_timeout"` - TimeoutScale float64 `json:"timeout_scale"` - JavaBuildpackName string `json:"java_buildpack_name"` - NodejsBuildpackName string `json:"nodejs_buildpack_name"` - NamePrefix string `json:"name_prefix"` + ApiEndpoint string `json:"api"` + AppsDomain string `json:"apps_domain"` + UseHttp bool `json:"use_http"` + AdminUser string `json:"admin_user"` + AdminPassword string `json:"admin_password"` + UseExistingUser bool `json:"use_existing_user"` + ShouldKeepUser bool `json:"keep_user_at_suite_end"` + ExistingUser string `json:"existing_user"` + ExistingUserPassword string `json:"existing_user_password"` + ConfigurableTestPassword string `json:"test_password"` + UseExistingOrganization bool `json:"use_existing_organization"` + ExistingOrganization string `json:"existing_organization"` + AddExistingUserToExistingSpace bool `json:"add_existing_user_to_existing_space"` + UseExistingSpace bool `json:"use_existing_space"` + ExistingSpace string `json:"existing_space"` + SkipSSLValidation bool `json:"skip_ssl_validation"` + ArtifactsDirectory string `json:"artifacts_directory"` + DefaultTimeout int `json:"default_timeout"` + SleepTimeout int `json:"sleep_timeout"` + DetectTimeout int `json:"detect_timeout"` + CfPushTimeout int `json:"cf_push_timeout"` + LongCurlTimeout int `json:"long_curl_timeout"` + BrokerStartTimeout int `json:"broker_start_timeout"` + AsyncServiceOperationTimeout int `json:"async_service_operation_timeout"` + TimeoutScale float64 `json:"timeout_scale"` + JavaBuildpackName string `json:"java_buildpack_name"` + NodejsBuildpackName string `json:"nodejs_buildpack_name"` + NamePrefix string `json:"name_prefix"` + AdminClient string `json:"admin_client"` + AdminClientSecret string `json:"admin_client_secret"` + ExistingClient string `json:"existing_client"` + ExistingClientSecret string `json:"existing_client_secret"` ServiceName string `json:"service_name"` ServicePlan string `json:"service_plan"` @@ -53,10 +58,8 @@ type Config struct { } var defaults = Config{ - PersistentAppHost: "ASATS-persistent-app", - PersistentAppSpace: "ASATS-persistent-space", - PersistentAppOrg: "ASATS-persistent-org", - PersistentAppQuotaName: "ASATS-persistent-quota", + AddExistingUserToExistingSpace: true, + JavaBuildpackName: "java_buildpack", NodejsBuildpackName: "nodejs_buildpack", DefaultTimeout: 30, // seconds @@ -210,14 +213,24 @@ func (c *Config) GetArtifactsDirectory() string { return c.ArtifactsDirectory } -func (c *Config) GetPersistentAppSpace() string { - return c.PersistentAppSpace +func (c *Config) GetUseExistingOrganization() bool { + return c.UseExistingOrganization +} + +func (c *Config) GetExistingOrganization() string { + return c.ExistingOrganization +} + +func (c *Config) GetAddExistingUserToExistingSpace() bool { + return c.AddExistingUserToExistingSpace } -func (c *Config) GetPersistentAppOrg() string { - return c.PersistentAppOrg + +func (c *Config) GetUseExistingSpace() bool { + return c.UseExistingSpace } -func (c *Config) GetPersistentAppQuotaName() string { - return c.PersistentAppQuotaName + +func (c *Config) GetExistingSpace() string { + return c.ExistingSpace } func (c *Config) GetNamePrefix() string { @@ -259,3 +272,19 @@ func (c *Config) GetApiEndpoint() string { func (c *Config) IsServiceOfferingEnabled() bool { return c.ServiceOfferingEnabled } + +func (c *Config) GetAdminClient() string { + return c.AdminClient +} + +func (c *Config) GetAdminClientSecret() string { + return c.AdminClientSecret +} + +func (c *Config) GetExistingClient() string { + return c.ExistingClient +} + +func (c *Config) GetExistingClientSecret() string { + return c.ExistingClientSecret +} diff --git a/src/github.com/cloudfoundry-incubator/cf-test-helpers b/src/github.com/cloudfoundry-incubator/cf-test-helpers index a36cb53dbc..83791edc4b 160000 --- a/src/github.com/cloudfoundry-incubator/cf-test-helpers +++ b/src/github.com/cloudfoundry-incubator/cf-test-helpers @@ -1 +1 @@ -Subproject commit a36cb53dbca7484674a964b48a1c6f276f1158b3 +Subproject commit 83791edc4b0a2d48b602088c30332063b8f02f32 From af2c4aa87f6a0b6c621a22bf1fb0975a10981e29 Mon Sep 17 00:00:00 2001 From: qibobo Date: Wed, 24 Apr 2019 07:27:43 +0800 Subject: [PATCH 2/2] apiserver and servicebroker can connect to the database through tls --- example/operation/postgres-ssl-fewer.yml | 15 ++++++++++- example/operation/postgres-ssl.yml | 14 +++++++++++ jobs/apiserver/spec | 6 +++++ jobs/apiserver/templates/config.json.erb | 6 ++++- jobs/apiserver/templates/policy_db_ca.crt.erb | 3 +++ jobs/apiserver/templates/pre-start.erb | 8 +++++- .../templates/eventgenerator.yml.erb | 13 +++++++--- jobs/eventgenerator/templates/pre-start.erb | 8 +++++- .../templates/metricscollector.yml.erb | 12 ++++++--- jobs/metricscollector/templates/pre-start.erb | 8 +++++- jobs/operator/templates/operator.yml.erb | 25 +++++++++++++++---- jobs/operator/templates/pre-start.erb | 8 +++++- jobs/scalingengine/templates/pre-start.erb | 8 +++++- .../templates/scalingengine.yml.erb | 18 +++++++++---- .../templates/application.properties.erb | 12 +++++++-- jobs/scheduler/templates/pre-start.erb | 10 ++++++-- jobs/servicebroker/spec | 7 ++++++ .../templates/binding_db_ca.crt.erb | 3 +++ jobs/servicebroker/templates/config.json.erb | 7 +++++- jobs/servicebroker/templates/pre-start.erb | 8 +++++- src/app-autoscaler | 2 +- 21 files changed, 170 insertions(+), 31 deletions(-) create mode 100644 jobs/apiserver/templates/policy_db_ca.crt.erb create mode 100644 jobs/servicebroker/templates/binding_db_ca.crt.erb diff --git a/example/operation/postgres-ssl-fewer.yml b/example/operation/postgres-ssl-fewer.yml index 08cc5d1fd7..a2ed1b5a9d 100644 --- a/example/operation/postgres-ssl-fewer.yml +++ b/example/operation/postgres-ssl-fewer.yml @@ -128,7 +128,20 @@ path: /instance_groups/name=asactors/jobs/name=operator/properties/autoscaler/lock_db/tls? value: *database_tls - +#apiserver +- type: replace + path: /instance_groups/name=asapi/jobs/name=apiserver/properties/autoscaler/policy_db/sslmode? + value: *sslmode +- type: replace + path: /instance_groups/name=asapi/jobs/name=apiserver/properties/autoscaler/policy_db/tls? + value: *database_tls +#servicebroker +- type: replace + path: /instance_groups/name=asapi/jobs/name=servicebroker/properties/autoscaler/binding_db/sslmode? + value: *sslmode +- type: replace + path: /instance_groups/name=asapi/jobs/name=servicebroker/properties/autoscaler/binding_db/tls? + value: *database_tls diff --git a/example/operation/postgres-ssl.yml b/example/operation/postgres-ssl.yml index 0983f76546..01a9d87268 100644 --- a/example/operation/postgres-ssl.yml +++ b/example/operation/postgres-ssl.yml @@ -128,6 +128,20 @@ path: /instance_groups/name=operator/jobs/name=operator/properties/autoscaler/lock_db/tls? value: *database_tls +- type: replace + path: /instance_groups/name=apiserver/jobs/name=apiserver/properties/autoscaler/policy_db/sslmode? + value: *sslmode +- type: replace + path: /instance_groups/name=apiserver/jobs/name=apiserver/properties/autoscaler/policy_db/tls? + value: *database_tls + +- type: replace + path: /instance_groups/name=servicebroker/jobs/name=servicebroker/properties/autoscaler/binding_db/sslmode? + value: *sslmode +- type: replace + path: /instance_groups/name=servicebroker/jobs/name=servicebroker/properties/autoscaler/binding_db/tls? + value: *database_tls + diff --git a/jobs/apiserver/spec b/jobs/apiserver/spec index b7c2611490..7678e7bfc7 100644 --- a/jobs/apiserver/spec +++ b/jobs/apiserver/spec @@ -28,6 +28,7 @@ templates: eventgenerator_ca.crt.erb: config/certs/eventgenerator/ca.crt eventgenerator_client.crt.erb: config/certs/eventgenerator/client.crt eventgenerator_client.key.erb: config/certs/eventgenerator/client.key + policy_db_ca.crt.erb: config/certs/policy_db/ca.crt hooks/pre-start.sh.erb: bin/hooks/pre-start.sh hooks/pre-stop.sh.erb: bin/hooks/pre-stop.sh hooks/post-start.sh.erb: bin/hooks/post-start.sh @@ -175,6 +176,11 @@ properties: description: "Port on which the policydb server will listen" autoscaler.policy_db.roles: description: "The list of database roles used in policydb database including name/password" + autoscaler.policy_db.tls.ca: + default: '' + autoscaler.policy_db.sslmode: + default: disable + description: "sslmode to connect to postgres server" autoscaler.api_server.hooks.pre_start: description: "Script to run before starting api_server" diff --git a/jobs/apiserver/templates/config.json.erb b/jobs/apiserver/templates/config.json.erb index c187f53664..fe689b3100 100644 --- a/jobs/apiserver/templates/config.json.erb +++ b/jobs/apiserver/templates/config.json.erb @@ -18,6 +18,10 @@ eventgenerator_host = p('autoscaler.api_server.eventgenerator.host') eventgenerator_port = p('autoscaler.api_server.eventgenerator.port') service_offering_enabled = p('autoscaler.api_server.service_offering_enabled') + db_uri = db_scheme + "://" + role['name'] + ":" + role['password'] + "@" + address + ":" + db_port.to_s + "/" + database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') + unless p('autoscaler.policy_db.tls.ca') == "" + db_uri = db_uri + "&sslrootcert=/var/vcap/jobs/apiserver/config/certs/policy_db/ca.crt" + end params = { 'port' => p('autoscaler.api_server.port'), @@ -34,7 +38,7 @@ 'maxConnections' => p('autoscaler.api_server.db_config.max_connections'), 'minConnections' => p('autoscaler.api_server.db_config.min_connections'), 'idleTimeout' => p('autoscaler.api_server.db_config.idle_timeout'), - 'uri' => db_scheme + "://" + role['name'] + ":" + role['password'] + "@" + address + ":" + db_port.to_s + "/" + database['name'] , + 'uri' => db_uri, }, 'scheduler' => { 'uri' => "https://" + scheduler_host + ":" + scheduler_port.to_s, diff --git a/jobs/apiserver/templates/policy_db_ca.crt.erb b/jobs/apiserver/templates/policy_db_ca.crt.erb new file mode 100644 index 0000000000..cd61f88ecd --- /dev/null +++ b/jobs/apiserver/templates/policy_db_ca.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.policy_db.tls.ca") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/apiserver/templates/pre-start.erb b/jobs/apiserver/templates/pre-start.erb index 306a2cb030..305e599358 100644 --- a/jobs/apiserver/templates/pre-start.erb +++ b/jobs/apiserver/templates/pre-start.erb @@ -34,9 +34,15 @@ DBNAME='<%= database['name'] %>' USER='<%= role['name'] %>' PASSWORD='<%= role['password'] %>' PORT='<%= p("autoscaler.policy_db.port") %>' +SSLMODE='<%= p("autoscaler.policy_db.sslmode") %>' +DBURI="jdbc:postgresql://$HOST:$PORT/$DBNAME?sslmode=$SSLMODE" + +<% unless p('autoscaler.policy_db.tls.ca') == "" %> +DBURI=$DBURI"&sslrootcert=/var/vcap/jobs/apiserver/config/certs/policy_db/ca.crt" +<% end %> detect_dns $HOST $PORT -java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url jdbc:postgresql://$HOST:$PORT/$DBNAME --username=$USER --password=$PASSWORD \ +java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url "$DBURI" --username=$USER --password=$PASSWORD \ --driver=org.postgresql.Driver --changeLogFile=$API_DIR/db/api.db.changelog.yml update diff --git a/jobs/eventgenerator/templates/eventgenerator.yml.erb b/jobs/eventgenerator/templates/eventgenerator.yml.erb index b61a7ada31..d43e5e44bd 100644 --- a/jobs/eventgenerator/templates/eventgenerator.yml.erb +++ b/jobs/eventgenerator/templates/eventgenerator.yml.erb @@ -8,16 +8,21 @@ policy_db_port = p('autoscaler.policy_db.port') policy_db_role = p_arr('autoscaler.policy_db.roles').find { |role| role['tag'] == 'policydb' or role['tag'] == 'default' } policy_db_database = p_arr('autoscaler.policy_db.databases').find { |database| database['tag'] == 'policydb' or database['tag'] == 'default' } - policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') + "&sslrootcert=/var/vcap/jobs/eventgenerator/config/certs/policy_db/ca.crt" - + policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') + unless p('autoscaler.policy_db.tls.ca') == "" + policy_db_url = policy_db_url + "&sslrootcert=/var/vcap/jobs/eventgenerator/config/certs/policy_db/ca.crt" + end app_metrics_db_scheme = p('autoscaler.appmetrics_db.db_scheme') app_metrics_db_address = p('autoscaler.appmetrics_db.address') app_metrics_db_port = p('autoscaler.appmetrics_db.port') app_metrics_db_role = p_arr('autoscaler.appmetrics_db.roles').find { |role| role['tag'] == 'appmetricsdb' or role['tag'] == 'default' } app_metrics_db_database = p_arr('autoscaler.appmetrics_db.databases').find { |database| database['tag'] == 'appmetricsdb' or database['tag'] == 'default' } - app_metrics_db_url = app_metrics_db_scheme + "://" + app_metrics_db_role['name'] + ":" + app_metrics_db_role['password'] + "@" + app_metrics_db_address + ":" + app_metrics_db_port.to_s + "/" + app_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.appmetrics_db.sslmode') + "&sslrootcert=/var/vcap/jobs/eventgenerator/config/certs/appmetrics_db/ca.crt" - + app_metrics_db_url = app_metrics_db_scheme + "://" + app_metrics_db_role['name'] + ":" + app_metrics_db_role['password'] + "@" + app_metrics_db_address + ":" + app_metrics_db_port.to_s + "/" + app_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.appmetrics_db.sslmode') + unless p('autoscaler.appmetrics_db.tls.ca') == "" + app_metrics_db_url = app_metrics_db_url + "&sslrootcert=/var/vcap/jobs/eventgenerator/config/certs/appmetrics_db/ca.crt" + end + sorted_instances=link("eventgenerator").instances.sort_by {|i|i.address} nodeIndex=sorted_instances.index(sorted_instances.find{|i|i.id == spec.id}) addrs=sorted_instances.map{|i| "'#{i.address}:#{p('autoscaler.eventgenerator.server.port')}'"} diff --git a/jobs/eventgenerator/templates/pre-start.erb b/jobs/eventgenerator/templates/pre-start.erb index c3d4151fab..2efc6ad214 100644 --- a/jobs/eventgenerator/templates/pre-start.erb +++ b/jobs/eventgenerator/templates/pre-start.erb @@ -27,9 +27,15 @@ DBNAME='<%= database['name'] %>' USER='<%= role['name'] %>' PASSWORD='<%= role['password'] %>' PORT='<%= p("autoscaler.appmetrics_db.port") %>' +SSLMODE='<%= p("autoscaler.appmetrics_db.sslmode") %>' +DBURI="jdbc:postgresql://$HOST:$PORT/$DBNAME?sslmode=$SSLMODE" + +<% unless p('autoscaler.appmetrics_db.tls.ca') == "" %> +DBURI=$DBURI"&sslrootcert=/var/vcap/jobs/eventgenerator/config/certs/appmetrics_db/ca.crt" +<% end %> detect_dns $HOST $PORT -java -cp "/var/vcap/packages/db/target/lib/*" liquibase.integration.commandline.Main --url jdbc:postgresql://$HOST:$PORT/$DBNAME --username=$USER --password=$PASSWORD \ +java -cp "/var/vcap/packages/db/target/lib/*" liquibase.integration.commandline.Main --url "$DBURI" --username=$USER --password=$PASSWORD \ --driver=org.postgresql.Driver --changeLogFile=/var/vcap/packages/eventgenerator/dataaggregator.db.changelog.yml update diff --git a/jobs/metricscollector/templates/metricscollector.yml.erb b/jobs/metricscollector/templates/metricscollector.yml.erb index babde45e4a..f1de0ead53 100644 --- a/jobs/metricscollector/templates/metricscollector.yml.erb +++ b/jobs/metricscollector/templates/metricscollector.yml.erb @@ -8,14 +8,20 @@ instance_metrics_db_port = p('autoscaler.instancemetrics_db.port') instance_metrics_db_role = p_arr('autoscaler.instancemetrics_db.roles').find { |role| role['tag'] == 'instancemetricsdb' or role['tag'] == 'default' } instance_metrics_db_database = p_arr('autoscaler.instancemetrics_db.databases').find { |database| database['tag'] == 'instancemetricsdb' or database['tag'] == 'default' } - instance_metrics_db_url = instance_metrics_db_scheme + "://" + instance_metrics_db_role['name'] + ":" + instance_metrics_db_role['password'] + "@" + instance_metrics_db_address + ":" + instance_metrics_db_port.to_s + "/" + instance_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.instancemetrics_db.sslmode') + "&sslrootcert=/var/vcap/jobs/metricscollector/config/certs/appinstancemetrics_db/ca.crt" - + instance_metrics_db_url = instance_metrics_db_scheme + "://" + instance_metrics_db_role['name'] + ":" + instance_metrics_db_role['password'] + "@" + instance_metrics_db_address + ":" + instance_metrics_db_port.to_s + "/" + instance_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.instancemetrics_db.sslmode') + unless p('autoscaler.instancemetrics_db.tls.ca') == "" + instance_metrics_db_url = instance_metrics_db_url + "&sslrootcert=/var/vcap/jobs/metricscollector/config/certs/appinstancemetrics_db/ca.crt" + end + policy_db_scheme = p('autoscaler.policy_db.db_scheme') policy_db_address = p('autoscaler.policy_db.address') policy_db_port = p('autoscaler.policy_db.port') policy_db_role = p_arr('autoscaler.policy_db.roles').find { |role| role['tag'] == 'policydb' or role['tag'] == 'default' } policy_db_database = p_arr('autoscaler.policy_db.databases').find { |database| database['tag'] == 'policydb' or database['tag'] == 'default' } - policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') + "&sslrootcert=/var/vcap/jobs/metricscollector/config/certs/policy_db/ca.crt" + policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') + unless p('autoscaler.policy_db.tls.ca') == "" + policy_db_url = policy_db_url + "&sslrootcert=/var/vcap/jobs/metricscollector/config/certs/policy_db/ca.crt" + end sorted_instances=link("metricscollector").instances.sort_by {|i|i.address} nodeIndex=sorted_instances.index(sorted_instances.find{|i|i.id == spec.id}) diff --git a/jobs/metricscollector/templates/pre-start.erb b/jobs/metricscollector/templates/pre-start.erb index 7717b22f7e..f6e502d951 100644 --- a/jobs/metricscollector/templates/pre-start.erb +++ b/jobs/metricscollector/templates/pre-start.erb @@ -28,9 +28,15 @@ DBNAME='<%= database['name'] %>' USER='<%= role['name'] %>' PASSWORD='<%= role['password'] %>' PORT='<%= p("autoscaler.instancemetrics_db.port") %>' +SSLMODE='<%= p("autoscaler.instancemetrics_db.sslmode") %>' +DBURI="jdbc:postgresql://$HOST:$PORT/$DBNAME?sslmode=$SSLMODE" + +<% unless p('autoscaler.instancemetrics_db.tls.ca') == "" %> +DBURI=$DBURI"&sslrootcert=/var/vcap/jobs/metricscollector/config/certs/appinstancemetrics_db/ca.crt" +<% end %> detect_dns $HOST $PORT -java -cp "/var/vcap/packages/db/target/lib/*" liquibase.integration.commandline.Main --url jdbc:postgresql://$HOST:$PORT/$DBNAME --username=$USER --password=$PASSWORD \ +java -cp "/var/vcap/packages/db/target/lib/*" liquibase.integration.commandline.Main --url "$DBURI" --username=$USER --password=$PASSWORD \ --driver=org.postgresql.Driver --changeLogFile=/var/vcap/packages/metricscollector/metricscollector.db.changelog.yml update diff --git a/jobs/operator/templates/operator.yml.erb b/jobs/operator/templates/operator.yml.erb index ce175d5aef..c28d4ae2f6 100644 --- a/jobs/operator/templates/operator.yml.erb +++ b/jobs/operator/templates/operator.yml.erb @@ -8,35 +8,50 @@ policy_db_port = p('autoscaler.policy_db.port') policy_db_role = p_arr('autoscaler.policy_db.roles').find { |role| role['tag'] == 'policydb' or role['tag'] == 'default' } policy_db_database = p_arr('autoscaler.policy_db.databases').find { |database| database['tag'] == 'policydb' or database['tag'] == 'default' } - policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') + "&sslrootcert=/var/vcap/jobs/operator/config/certs/policy_db/ca.crt" + policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') + unless p('autoscaler.policy_db.tls.ca') == "" + policy_db_url = policy_db_url + "&sslrootcert=/var/vcap/jobs/operator/config/certs/policy_db/ca.crt" + end instance_metrics_db_scheme = p('autoscaler.instancemetrics_db.db_scheme') instance_metrics_db_address = p('autoscaler.instancemetrics_db.address') instance_metrics_db_port = p('autoscaler.instancemetrics_db.port') instance_metrics_db_role = p_arr('autoscaler.instancemetrics_db.roles').find { |role| role['tag'] == 'instancemetricsdb' or role['tag'] == 'default' } instance_metrics_db_database = p_arr('autoscaler.instancemetrics_db.databases').find { |database| database['tag'] == 'instancemetricsdb' or database['tag'] == 'default' } - instance_metrics_db_url = instance_metrics_db_scheme + "://" + instance_metrics_db_role['name'] + ":" + instance_metrics_db_role['password'] + "@" + instance_metrics_db_address + ":" + instance_metrics_db_port.to_s + "/" + instance_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.instancemetrics_db.sslmode') + "&sslrootcert=/var/vcap/jobs/operator/config/certs/appinstancemetrics_db/ca.crt" + instance_metrics_db_url = instance_metrics_db_scheme + "://" + instance_metrics_db_role['name'] + ":" + instance_metrics_db_role['password'] + "@" + instance_metrics_db_address + ":" + instance_metrics_db_port.to_s + "/" + instance_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.instancemetrics_db.sslmode') + unless p('autoscaler.instancemetrics_db.tls.ca') == "" + instance_metrics_db_url = instance_metrics_db_url + "&sslrootcert=/var/vcap/jobs/operator/config/certs/appinstancemetrics_db/ca.crt" + end app_metrics_db_scheme = p('autoscaler.appmetrics_db.db_scheme') app_metrics_db_address = p('autoscaler.appmetrics_db.address') app_metrics_db_port = p('autoscaler.appmetrics_db.port') app_metrics_db_role = p_arr('autoscaler.appmetrics_db.roles').find { |role| role['tag'] == 'appmetricsdb' or role['tag'] == 'default' } app_metrics_db_database = p_arr('autoscaler.appmetrics_db.databases').find { |database| database['tag'] == 'appmetricsdb' or database['tag'] == 'default' } - app_metrics_db_url = app_metrics_db_scheme + "://" + app_metrics_db_role['name'] + ":" + app_metrics_db_role['password'] + "@" + app_metrics_db_address + ":" + app_metrics_db_port.to_s + "/" + app_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.appmetrics_db.sslmode') + "&sslrootcert=/var/vcap/jobs/operator/config/certs/appmetrics_db/ca.crt" + app_metrics_db_url = app_metrics_db_scheme + "://" + app_metrics_db_role['name'] + ":" + app_metrics_db_role['password'] + "@" + app_metrics_db_address + ":" + app_metrics_db_port.to_s + "/" + app_metrics_db_database['name'] + "?sslmode=" + p('autoscaler.appmetrics_db.sslmode') + unless p('autoscaler.appmetrics_db.tls.ca') == "" + app_metrics_db_url = app_metrics_db_url + "&sslrootcert=/var/vcap/jobs/operator/config/certs/appmetrics_db/ca.crt" + end scaling_engine_db_scheme = p('autoscaler.scalingengine_db.db_scheme') scaling_engine_db_address = p('autoscaler.scalingengine_db.address') scaling_engine_db_port = p('autoscaler.scalingengine_db.port') scaling_engine_db_role = p_arr('autoscaler.scalingengine_db.roles').find { |role| role['tag'] == 'scalingenginedb' or role['tag'] == 'default' } scaling_engine_db_database = p_arr('autoscaler.scalingengine_db.databases').find { |database| database['tag'] == 'scalingenginedb' or database['tag'] == 'default' } - scaling_engine_db_url = scaling_engine_db_scheme + "://" + scaling_engine_db_role['name'] + ":" + scaling_engine_db_role['password'] + "@" + scaling_engine_db_address + ":" + scaling_engine_db_port.to_s + "/" + scaling_engine_db_database['name'] + "?sslmode=" + p('autoscaler.scalingengine_db.sslmode') + "&sslrootcert=/var/vcap/jobs/operator/config/certs/scalingengine_db/ca.crt" + scaling_engine_db_url = scaling_engine_db_scheme + "://" + scaling_engine_db_role['name'] + ":" + scaling_engine_db_role['password'] + "@" + scaling_engine_db_address + ":" + scaling_engine_db_port.to_s + "/" + scaling_engine_db_database['name'] + "?sslmode=" + p('autoscaler.scalingengine_db.sslmode') + unless p('autoscaler.scalingengine_db.tls.ca') == "" + scaling_engine_db_url = scaling_engine_db_url + "&sslrootcert=/var/vcap/jobs/operator/config/certs/scalingengine_db/ca.crt" + end lock_db_scheme = p('autoscaler.lock_db.db_scheme') lock_db_address = p('autoscaler.lock_db.address') lock_db_port = p('autoscaler.lock_db.port') lock_db_role = p_arr('autoscaler.lock_db.roles').find { |role| role['tag'] == 'lockdb' or role['tag'] == 'default' } lock_db_database = p_arr('autoscaler.lock_db.databases').find { |database| database['tag'] == 'lockdb' or database['tag'] == 'default' } - lock_db_url = lock_db_scheme + "://" + lock_db_role['name'] + ":" + lock_db_role['password'] + "@" + lock_db_address + ":" + lock_db_port.to_s + "/" + lock_db_database['name'] + "?sslmode=" + p('autoscaler.lock_db.sslmode')+ "&sslrootcert=/var/vcap/jobs/operator/config/certs/lock_db/ca.crt" + lock_db_url = lock_db_scheme + "://" + lock_db_role['name'] + ":" + lock_db_role['password'] + "@" + lock_db_address + ":" + lock_db_port.to_s + "/" + lock_db_database['name'] + "?sslmode=" + p('autoscaler.lock_db.sslmode') + unless p('autoscaler.lock_db.tls.ca') == "" + lock_db_url = lock_db_url + "&sslrootcert=/var/vcap/jobs/operator/config/certs/lock_db/ca.crt" + end %> cf: diff --git a/jobs/operator/templates/pre-start.erb b/jobs/operator/templates/pre-start.erb index 1d786621cc..5684a20f18 100644 --- a/jobs/operator/templates/pre-start.erb +++ b/jobs/operator/templates/pre-start.erb @@ -32,9 +32,15 @@ DBNAME='<%= database['name'] %>' USER='<%= role['name'] %>' PASSWORD='<%= role['password'] %>' PORT='<%= p("autoscaler.lock_db.port") %>' +SSLMODE='<%= p("autoscaler.lock_db.sslmode") %>' +DBURI="jdbc:postgresql://$HOST:$PORT/$DBNAME?sslmode=$SSLMODE" + +<% unless p('autoscaler.lock_db.tls.ca') == "" %> +DBURI=$DBURI"&sslrootcert=/var/vcap/jobs/operator/config/certs/lock_db/ca.crt" +<% end %> detect_dns $HOST $PORT -java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url jdbc:postgresql://$HOST:$PORT/$DBNAME --username=$USER --password=$PASSWORD \ +java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url "$DBURI" --username=$USER --password=$PASSWORD \ --driver=org.postgresql.Driver --changeLogFile=$operator_DIR/operator.db.changelog.yml update diff --git a/jobs/scalingengine/templates/pre-start.erb b/jobs/scalingengine/templates/pre-start.erb index 96ea8794c8..2657366ee2 100644 --- a/jobs/scalingengine/templates/pre-start.erb +++ b/jobs/scalingengine/templates/pre-start.erb @@ -28,8 +28,14 @@ DBNAME='<%= database['name'] %>' USER='<%= role['name'] %>' PASSWORD='<%= role['password'] %>' PORT='<%= p("autoscaler.scalingengine_db.port") %>' +SSLMODE='<%= p("autoscaler.scalingengine_db.sslmode") %>' +DBURI="jdbc:postgresql://$HOST:$PORT/$DBNAME?sslmode=$SSLMODE" + +<% unless p('autoscaler.scalingengine_db.tls.ca') == "" %> +DBURI=$DBURI"&sslrootcert=/var/vcap/jobs/scalingengine/config/certs/scalingengine_db/ca.crt" +<% end %> detect_dns $HOST $PORT -java -cp "/var/vcap/packages/db/target/lib/*" liquibase.integration.commandline.Main --url jdbc:postgresql://$HOST:$PORT/$DBNAME --username=$USER --password=$PASSWORD \ +java -cp "/var/vcap/packages/db/target/lib/*" liquibase.integration.commandline.Main --url "$DBURI" --username=$USER --password=$PASSWORD \ --driver=org.postgresql.Driver --changeLogFile=/var/vcap/packages/scalingengine/scalingengine.db.changelog.yml update diff --git a/jobs/scalingengine/templates/scalingengine.yml.erb b/jobs/scalingengine/templates/scalingengine.yml.erb index c94dc65632..49b3071136 100644 --- a/jobs/scalingengine/templates/scalingengine.yml.erb +++ b/jobs/scalingengine/templates/scalingengine.yml.erb @@ -8,7 +8,10 @@ scaling_engine_db_port = p('autoscaler.scalingengine_db.port') scaling_engine_db_role = p_arr('autoscaler.scalingengine_db.roles').find { |role| role['tag'] == 'scalingenginedb' or role['tag'] == 'default' } scaling_engine_db_database = p_arr('autoscaler.scalingengine_db.databases').find { |database| database['tag'] == 'scalingenginedb' or database['tag'] == 'default' } - scaling_engine_db_url = scaling_engine_db_scheme + "://" + scaling_engine_db_role['name'] + ":" + scaling_engine_db_role['password'] + "@" + scaling_engine_db_address + ":" + scaling_engine_db_port.to_s + "/" + scaling_engine_db_database['name'] + "?sslmode=" + p('autoscaler.scalingengine_db.sslmode') + "&sslrootcert=/var/vcap/jobs/scalingengine/config/certs/scalingengine_db/ca.crt" + scaling_engine_db_url = scaling_engine_db_scheme + "://" + scaling_engine_db_role['name'] + ":" + scaling_engine_db_role['password'] + "@" + scaling_engine_db_address + ":" + scaling_engine_db_port.to_s + "/" + scaling_engine_db_database['name'] + "?sslmode=" + p('autoscaler.scalingengine_db.sslmode') + unless p('autoscaler.scalingengine_db.tls.ca') == "" + scaling_engine_db_url = scaling_engine_db_url + "&sslrootcert=/var/vcap/jobs/scalingengine/config/certs/scalingengine_db/ca.crt" + end policy_db_scheme = p('autoscaler.policy_db.db_scheme') @@ -16,19 +19,24 @@ policy_db_port = p('autoscaler.policy_db.port') policy_db_role = p_arr('autoscaler.policy_db.roles').find { |role| role['tag'] == 'policydb' or role['tag'] == 'default' } policy_db_database = p_arr('autoscaler.policy_db.databases').find { |database| database['tag'] == 'policydb' or database['tag'] == 'default'} - policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') + "&sslrootcert=/var/vcap/jobs/scalingengine/config/certs/policy_db/ca.crt" - + policy_db_url = policy_db_scheme + "://" + policy_db_role['name'] + ":" + policy_db_role['password'] + "@" + policy_db_address + ":" + policy_db_port.to_s + "/" + policy_db_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') + unless p('autoscaler.policy_db.tls.ca') == "" + policy_db_url = policy_db_url + "&sslrootcert=/var/vcap/jobs/scalingengine/config/certs/policy_db/ca.crt" + end scheduler_db_scheme = p('autoscaler.scheduler_db.db_scheme') scheduler_db_address = p('autoscaler.scheduler_db.address') scheduler_db_port = p('autoscaler.scheduler_db.port') scheduler_db_role = p_arr('autoscaler.scheduler_db.roles').find { |role| role['tag'] == 'schedulerdb' or role['tag'] == 'default' } scheduler_db_database = p_arr('autoscaler.scheduler_db.databases').find { |database| database['tag'] == 'schedulerdb' or database['tag'] == 'default' } - scheduler_db_url = scheduler_db_scheme + "://" + scheduler_db_role['name'] + ":" + scheduler_db_role['password'] + "@" + scheduler_db_address + ":" + scheduler_db_port.to_s + "/" + scheduler_db_database['name'] + "?sslmode=" + p('autoscaler.scheduler_db.sslmode') + "&sslrootcert=/var/vcap/jobs/scalingengine/config/certs/scheduler_db/ca.crt" - + scheduler_db_url = scheduler_db_scheme + "://" + scheduler_db_role['name'] + ":" + scheduler_db_role['password'] + "@" + scheduler_db_address + ":" + scheduler_db_port.to_s + "/" + scheduler_db_database['name'] + "?sslmode=" + p('autoscaler.scheduler_db.sslmode') + unless p('autoscaler.scheduler_db.tls.ca') == "" + scheduler_db_url = scheduler_db_url + "&sslrootcert=/var/vcap/jobs/scalingengine/config/certs/scheduler_db/ca.crt" + end %> + cf: api: <%= p("autoscaler.cf.api") %> grant_type: <%= p("autoscaler.cf.grant_type") %> diff --git a/jobs/scheduler/templates/application.properties.erb b/jobs/scheduler/templates/application.properties.erb index f5e15dbdb4..c28f295f5d 100644 --- a/jobs/scheduler/templates/application.properties.erb +++ b/jobs/scheduler/templates/application.properties.erb @@ -8,22 +8,30 @@ schedulerdb_role = p_arr('autoscaler.scheduler_db.roles').find { |role| role['tag'] == 'schedulerdb' or role['tag'] == 'default' } schedulerdb_database = p_arr('autoscaler.scheduler_db.databases').find { |database| database['tag'] == 'schedulerdb' or database['tag'] == 'default' } + schedulerdb_url = "jdbc:postgresql://" + p('autoscaler.scheduler_db.address') + ":" + p('autoscaler.scheduler_db.port').to_s + "/" + schedulerdb_database['name'] + "?sslmode=" + p('autoscaler.scheduler_db.sslmode') + unless p('autoscaler.scheduler_db.tls.ca') == "" + schedulerdb_url = schedulerdb_url + "&sslrootcert=/var/vcap/jobs/scheduler/config/certs/scheduler_db/ca.crt" + end policydb_role = p_arr('autoscaler.policy_db.roles').find { |role| role['tag'] == 'policydb' or role['tag'] == 'default' } policydb_database = p_arr('autoscaler.policy_db.databases').find { |database| database['tag'] == 'policydb' or database['tag'] == 'default' } + policydb_url = "jdbc:postgresql://" + p('autoscaler.policy_db.address') + ":" + p('autoscaler.policy_db.port').to_s + "/" + schedulerdb_database['name'] + "?sslmode=" + p('autoscaler.policy_db.sslmode') + unless p('autoscaler.policy_db.tls.ca') == "" + policydb_url = policydb_url + "&sslrootcert=/var/vcap/jobs/scheduler/config/certs/policy_db/ca.crt" + end %> #datasource for application and quartz spring.datasource.driverClassName=org.postgresql.Driver -spring.datasource.url=jdbc:postgresql://<%=p('autoscaler.scheduler_db.address')%>:<%=p('autoscaler.scheduler_db.port') %>/<%=schedulerdb_database['name'] %>?sslmode=<%=p('autoscaler.scheduler_db.sslmode') %>&sslrootcert=/var/vcap/jobs/scheduler/config/certs/scheduler_db/ca.crt +spring.datasource.url=<%=schedulerdb_url %> spring.datasource.username=<%=schedulerdb_role['name'] %> spring.datasource.password=<%=schedulerdb_role['password'] %> #datasource for policy spring.policyDbDataSource.driverClassName=org.postgresql.Driver -spring.policyDbDataSource.url=jdbc:postgresql://<%=p('autoscaler.policy_db.address')%>:<%=p('autoscaler.policy_db.port') %>/<%=policydb_database['name'] %>?sslmode=<%=p('autoscaler.scheduler_db.sslmode') %>&sslrootcert=/var/vcap/jobs/scheduler/config/certs/policy_db/ca.crt +spring.policyDbDataSource.url=<%=policydb_url %> spring.policyDbDataSource.password=<%=policydb_role['password'] %> spring.policyDbDataSource.username=<%=policydb_role['name'] %> diff --git a/jobs/scheduler/templates/pre-start.erb b/jobs/scheduler/templates/pre-start.erb index f8973fe311..ee1cf07e49 100644 --- a/jobs/scheduler/templates/pre-start.erb +++ b/jobs/scheduler/templates/pre-start.erb @@ -32,13 +32,19 @@ DBNAME='<%= database['name'] %>' USER='<%= role['name'] %>' PASSWORD='<%= role['password'] %>' PORT='<%= p("autoscaler.scheduler_db.port") %>' +SSLMODE='<%= p("autoscaler.scheduler_db.sslmode") %>' +DBURI="jdbc:postgresql://$HOST:$PORT/$DBNAME?sslmode=$SSLMODE" + +<% unless p('autoscaler.scheduler_db.tls.ca') == "" %> +DBURI=$DBURI"&sslrootcert=/var/vcap/jobs/scheduler/config/certs/scheduler_db/ca.crt" +<% end %> detect_dns $HOST $PORT -java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url jdbc:postgresql://$HOST:$PORT/$DBNAME --username=$USER --password=$PASSWORD \ +java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url "$DBURI" --username=$USER --password=$PASSWORD \ --driver=org.postgresql.Driver --changeLogFile=$SCHEDULER_DIR/db/scheduler.changelog-master.yaml update -java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url jdbc:postgresql://$HOST:$PORT/$DBNAME --username=$USER --password=$PASSWORD \ +java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url "$DBURI" --username=$USER --password=$PASSWORD \ --driver=org.postgresql.Driver --changeLogFile=$SCHEDULER_DIR/db/quartz.changelog-master.yaml update # Generate key store for the clients communicate with scheduler. diff --git a/jobs/servicebroker/spec b/jobs/servicebroker/spec index 178af25933..d57a026008 100644 --- a/jobs/servicebroker/spec +++ b/jobs/servicebroker/spec @@ -17,6 +17,7 @@ templates: apiserver_client.crt.erb: config/certs/apiserver/client.crt apiserver_client.key.erb: config/certs/apiserver/client.key catalog.json.erb: config/catalog.json + binding_db_ca.crt.erb: config/certs/binding_db/ca.crt hooks/pre-start.sh.erb: bin/hooks/pre-start.sh hooks/pre-stop.sh.erb: bin/hooks/pre-stop.sh hooks/post-start.sh.erb: bin/hooks/post-start.sh @@ -96,6 +97,12 @@ properties: description: "Port on which the bindingdb server will listen" autoscaler.binding_db.roles: description: "The list of database roles used in bindingdb database including name/password" + autoscaler.binding_db.tls.ca: + default: '' + autoscaler.binding_db.sslmode: + default: disable + description: "sslmode to connect to postgres server" + autoscaler.service_broker.catalog: description: "The service broker catalog" default: diff --git a/jobs/servicebroker/templates/binding_db_ca.crt.erb b/jobs/servicebroker/templates/binding_db_ca.crt.erb new file mode 100644 index 0000000000..5935a893b1 --- /dev/null +++ b/jobs/servicebroker/templates/binding_db_ca.crt.erb @@ -0,0 +1,3 @@ +<% if_p("autoscaler.binding_db.tls.ca") do |value| %> +<%= value %> +<% end %> \ No newline at end of file diff --git a/jobs/servicebroker/templates/config.json.erb b/jobs/servicebroker/templates/config.json.erb index 746a42e567..75464d6946 100644 --- a/jobs/servicebroker/templates/config.json.erb +++ b/jobs/servicebroker/templates/config.json.erb @@ -10,6 +10,11 @@ database = p_arr('autoscaler.binding_db.databases').find { |database| database['tag'] == 'bindingdb' or database['tag'] == 'default'} apiserver_host = p('autoscaler.service_broker.api_server.host') apiserver_port = p('autoscaler.service_broker.api_server.port') + db_uri = db_scheme + "://" + role['name'] + ":" + role['password'] + "@" + address + ":" + db_port.to_s + "/" + database['name'] + "?sslmode=" + p('autoscaler.binding_db.sslmode') + + unless p('autoscaler.binding_db.tls.ca') == "" + db_uri = db_uri + "&sslrootcert=/var/vcap/jobs/servicebroker/config/certs/binding_db/ca.crt" + end params = { 'port' => p('autoscaler.service_broker.port'), 'publicPort' => p('autoscaler.service_broker.publicPort'), @@ -21,7 +26,7 @@ 'maxConnections' => p('autoscaler.service_broker.db_config.max_connections'), 'minConnections' => p('autoscaler.service_broker.db_config.min_connections'), 'idleTimeout' => p('autoscaler.service_broker.db_config.idle_timeout'), - 'uri' => db_scheme + "://" + role['name'] + ":" + role['password'] + "@" + address + ":" + db_port.to_s + "/" + database['name'] , + 'uri' => db_uri, }, 'apiserver' => { 'uri' => "https://" + apiserver_host + ":"+ apiserver_port.to_s, diff --git a/jobs/servicebroker/templates/pre-start.erb b/jobs/servicebroker/templates/pre-start.erb index a0808d9f3f..e32c0b64e3 100644 --- a/jobs/servicebroker/templates/pre-start.erb +++ b/jobs/servicebroker/templates/pre-start.erb @@ -32,9 +32,15 @@ DBNAME='<%= database['name'] %>' USER='<%= role['name'] %>' PASSWORD='<%= role['password'] %>' PORT='<%= p("autoscaler.binding_db.port") %>' +SSLMODE='<%= p("autoscaler.binding_db.sslmode") %>' +DBURI="jdbc:postgresql://$HOST:$PORT/$DBNAME?sslmode=$SSLMODE" + +<% unless p('autoscaler.binding_db.tls.ca') == "" %> +DBURI=$DBURI"&sslrootcert=/var/vcap/jobs/servicebroker/config/certs/binding_db/ca.crt" +<% end %> detect_dns $HOST $PORT -java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url jdbc:postgresql://$HOST:$PORT/$DBNAME --username=$USER --password=$PASSWORD \ +java -cp "$DB_DIR/target/lib/*" liquibase.integration.commandline.Main --url "$DBURI" --username=$USER --password=$PASSWORD \ --driver=org.postgresql.Driver --changeLogFile=$SERVICEBROKER_DIR/db/servicebroker.db.changelog.json update diff --git a/src/app-autoscaler b/src/app-autoscaler index 5e07f00c88..5159325831 160000 --- a/src/app-autoscaler +++ b/src/app-autoscaler @@ -1 +1 @@ -Subproject commit 5e07f00c887bf6c8397cdfd28727efa97180b95c +Subproject commit 5159325831a4f5c5a064caa5f07f871832bdf567