Ocfp (#211)

[Major Improvement]

* Added `ocfp` feature which encodes the opensource cloud foundry platform reference architecture. `ocfp` specifies that inputs for features come from vault.

  The reference architecture specifies the `network`, `vm_type`, `disk_type`, and `azs` based on `dev` vs `prod` environment scales.

  Naming scheme is entirely based on environment name, and is designed to work with the `ocfp-ops-scripts` `ocfp` cli in order to generate configs, initialize and test environments.

  * Support for dynamic isolation segments added.

  * `bosh-dns` is explicitely leveraged.

  * Features included by default:
    - `enable-service-discovery`
    - iaas specific external blobstores
    - external-db
    - autoscaler integration
    - app-scheduler integration
    - scs / spring cloud services integration
    - prometheus integration

  * Automatic overrides for inputs from vault for trusted certificates:
    - org (ex: company wide internal ca)
    - datbase cert (ex: rds)

  * Automatic overrides for included features for inputs to come from vault:
    - trust-blacksmith-ca
    - nfs-volume-services
    - smb-volume-services
    - stratos-integration

[Improvements]

* New addon hooks:
  - Spring Cloud Services (scs) - deploys scs to CF as a marketplace service.
  - stratos - Deploys stratos as the apps ui to CF.

Co-authored-by: Dennis Bell <dennis.j.bell@gmail.com>
Co-authored-by: ChrisMcGowan <cmcgowan279@gmail.com>
Co-authored-by: Benjamin Gandon <benjamin@gstack.io>
Co-authored-by: DigitalEagle <TheDigitalEagle@users.noreply.github.com>
Co-authored-by: Chris Weibel <christopher.weibel@gmail.com>

hooks/addon

@@ -14,84 +14,77 @@ list() {
   echo
   echo "  smoketest         Run the smoke tests errand on the first vm in the"
   echo "                    api instance group."
+  echo
+  echo "  stratos           Deploy Stratos, the Cloud Foundry web console."
+  echo 
 }
 
-
 login() {
   if ! cf plugins | grep -q '^cf-targets'; then
     describe "#Y{The cf-targets plugin does not seem to be installed}"
-        echo "Install it first, via 'genesis do $GENESIS_ENVIRONMENT -- setup-cli'"
+    echo "Install it first, via 'genesis do $GENESIS_ENVIRONMENT -- setup-cli'"
     exit 1
   fi
 
-  base="$(lookup params.base_domain)"
-  system_domain="$(lookup --exodus system_domain "system.$base")"
-  api_url=https://api.$system_domain
+  api_domain="$(exodus api_domain)"
+  api_url="https://${api_domain}"
   username="$(exodus admin_username)"
   password="$(exodus admin_password)"
 
   #TODO enfoce ssl validation
   cf api "$api_url" --skip-ssl-validation
   cf auth "$username" "$password"
   cf save-target -f "$GENESIS_ENVIRONMENT"
-  echo ; echo
+  echo -e "\n\n"
   cf target
 }
 
 case $GENESIS_ADDON_SCRIPT in
-list)
-  list
-  exit 0
-  ;;
-
-login)
-  login
-  exit 0
-  ;;
-
-remigrate)
-  # Migrate the secrets
-  set -e
-  #shellcheck disable=SC1091
-  source ./hooks/migrate-to-2.0
-  validate_expected_vault_secrets
-  correct_x509_certs
-  migrate_credentials_to_credhub
-  ;;
-
-setup-cli)
-
-	force=0
-	while test $# -gt 0 ; do
-		case "$1" in
-			-f) force=1;;
-			-*) describe "#R{[ERROR]} Bad option $1: expecting -f" && exit 1 ;;
-			*)  describe "#R{[ERROR]} setup-cli does not take any arguments" && exit 1;;
-		esac
-		shift
-	done
-  if ! cf list-plugin-repos | grep -q CF-Community; then
-    describe 'Adding #G{Cloud Foundry Community} plugins repository...'
-    cf add-plugin-repo CF-Community http://plugins.cloudfoundry.org
-  fi
-  if ! cf plugins | grep -q '^cf-targets'; then
-    describe 'Installing the #C{cf-targets} plugin...'
-		cmd=( cf install-plugin -r CF-Community Targets )
-		if [[ "$force" == "1" ]] ; then
-			cmd+=( -f )
-		fi
-    "${cmd[@]}"
-  fi
-  cf plugins
-  ;;
-
-smoketest)
-  "$GENESIS_BOSH_COMMAND" -e "$BOSH_ENVIRONMENT" -d "$BOSH_DEPLOYMENT" run-errand smoke_tests
-  ;;
-
-*)
-  echo "Unrecognized Cloud Foundry Genesis Kit addon."
-  list
-  exit 1
-  ;;
+  (list) list ; exit 0 ;;
+
+  (login) login ; exit 0 ;;
+
+  (remigrate)
+    # Migrate the secrets
+    set -e
+    #shellcheck disable=SC1091
+    source ./hooks/migrate-to-2.0
+    validate_expected_vault_secrets
+    correct_x509_certs
+    migrate_credentials_to_credhub
+    ;;
+
+  (setup-cli)
+    force=0
+    while test $# -gt 0 ; do
+      case "$1" in
+        (-f) force=1;;
+        (-*) describe "#R{[ERROR]} Bad option $1: expecting -f" && exit 1 ;;
+        (*)  describe "#R{[ERROR]} setup-cli does not take any arguments" && exit 1;;
+      esac
+      shift
+    done
+    if ! cf list-plugin-repos | grep -q CF-Community; then
+      describe 'Adding #G{Cloud Foundry Community} plugins repository...'
+      cf add-plugin-repo CF-Community http://plugins.cloudfoundry.org
+    fi
+    if ! cf plugins | grep -q '^cf-targets'; then
+      describe 'Installing the #C{cf-targets} plugin...'
+      cmd=( cf install-plugin -r CF-Community Targets )
+      if [[ "$force" == "1" ]] ; then
+        cmd+=( -f )
+      fi
+      "${cmd[@]}"
+    fi
+    cf plugins
+    ;;
+
+  (smoketest)
+    "$GENESIS_BOSH_COMMAND" -e "$BOSH_ENVIRONMENT" -d "$BOSH_DEPLOYMENT" run-errand smoke_tests
+    ;;
+
+  (*) run_extended_addon "$@" ;; # This will run the addon script in the
+                            # $GENESIS_ADDON_SCRIPT file, if it exists.
+                            # Ex: hooks/addon-stratos
 esac
+

hooks/addon-scs

@@ -0,0 +1,222 @@
+#!/bin/bash
+set -eu
+
+fail() { echo "$@" >&2 ; exit 1; }
+
+fetch::uri() {
+  local url=$1
+  curl --fail --silent --show-error --location --remote-name \
+    --url "${url}" \
+    || fail "Failed to download: ${url}"
+}
+
+fetch::artifacts() {
+  mkdir artifacts
+  pushd artifacts
+  for uri in "${configserver_jar_uri}" "${registry_jar_uri}"
+  do fetch::uri "${uri}"
+  done
+  popd
+}
+
+extract() {
+  case "${1}" in
+    (*.zip) unzip -o "${1}" ;; # unzip scs-*.zip
+    (*gz)   tar zxf "${1}"  ;; # extract scs-*gz
+    (*)     fail "Unknown file type: ${1}" ;;
+  esac
+  rm ${1}
+}
+
+exodus_path=$(lookup --partial "genesis.exodus_base")
+system_api_domain="$(exodus api_domain)"
+system_domain="$(exodus system_domain)"
+cf_admin_username="$(exodus admin_username)"
+cf_admin_password="$(exodus admin_password)"
+apps_domain="$(exodus apps_domain)"
+
+org="system"
+space="scs"
+cf create-space -o "${org}" "${space}"
+cf target -o "${org}" -s "${space}"
+
+scs_client=$(safe get ${exodus_path}:scs_client)
+scs_client_secret=$(safe get ${exodus_path}:scs_secret)
+scs_space_guid=$(cf space ${space} --guid)
+
+memory="256M"
+disk="1048M"
+buildpack="go_buildpack"
+release_tag="Greenwich.SR3"
+broker_uri="https://github.com/starkandwayne/scs-broker/archive/refs/tags/v0.0.2.tar.gz"
+configserver_jar_uri="https://github.com/starkandwayne/cf-spring-cloud-config-server/releases/download/1.1.0/spring-cloud-config-server-1.1.0-2.5.14.SCS.3.1.37.jar"
+registry_jar_uri="https://github.com/starkandwayne/scs-service-registry/releases/download/1.0.1-3.1.37/service-registry-1.0.1-3.1.37.jar"
+
+broker_name="scs-broker"
+broker_old_name="scs-broker"
+broker_auth_username=${BROKER_AUTH_USERNAME:-"admin"}
+broker_auth_password=${BROKER_AUTH_PASSWORD:-"admin"}
+skip_ssl_validation="true"
+scs_broker_archive= # Default to downloading
+
+deploy=0
+register=0
+
+while [[ $# > 0 ]]
+do # Process opertor arguments
+  case "${1}" in
+    (run) shift ;;
+    (skip_ssl_validation)
+      skip_ssl_validation="${2}"
+      shift 2 || fail "Usage: ... skip_ssl_validation <true|false>"
+      ;;
+    (memory)
+      memory="${2}"
+      shift 2 || fail "Usage: ... memory <#M>"
+      ;;
+    (disk)
+      disk="${2}"
+      shift 2 || fail "Usage: ... disk <#M>"
+      ;;
+    (buildpack)
+      buildpack="${2}"
+      shift 2 || fail "Usage: ... buildpack <buildpack-name>"
+      ;;
+    (release_tag)
+      release_tag="${2}"
+      shift 2 || fail "Usage: ... release_tag <tag>"
+      ;;
+    (broker_uri)
+      broker_uri="${2}"
+      shift 2 || fail "Usage: ... broker_uri <uri>"
+      ;;
+    (broker_username)
+      broker_auth_username="${2}"
+      shift 2 || fail "Usage: ... broker_username <username>"
+      ;;
+    (broker_password)
+      broker_auth_password="${2}"
+      shift 2 || fail "Usage: ... broker_password <password>"
+      ;;
+    (configserver_jar_uri)
+      configserver_jar_uri="${2}"
+      shift 2 || fail "Usage: ... configserver_jar_uri <uri>"
+      ;;
+    (registry_jar_uri)
+      registry_jar_uri="${2}"
+      shift 2 || fail "Usage: ... registry_jar_uri <uri>"
+      ;;
+    (deploy)
+      deploy=1
+      shift
+      ;;
+    (register)
+      register=1
+      shift
+      ;;
+    (*)
+      fail "Unknown argument: ${1}"
+      ;;
+  esac
+done
+
+if [[ ${deploy} > 0 ]]
+then
+  echo "Deploying SCS Broker"
+
+  fetch::uri "${broker_uri}"
+
+  extract $(basename "${broker_uri}")
+
+  cd scs-broker-*
+
+  fetch::artifacts
+
+  cat > manifest.yml <<-APPMANIFEST
+---
+applications:
+  - name: scs-broker
+    buildpack: ${buildpack}
+    memory: ${memory}
+    disk_quota: ${disk}
+    host: console
+    timeout: 180
+    health-check-type: port
+    env:
+      GOPACKAGENAME: scs-broker
+      SCS_BROKER_CONFIG: |-
+        {
+          "broker_id": "${broker_name}",
+          "broker_name": "${broker_name}",
+          "description": "Broker to create SCS services",
+          "long_description": "Broker to create Spring Cloud Services (SCS) Config Servers or Service Registries",
+          "instance_domain": "${apps_domain}",
+          "instance_space_guid": "${scs_space_guid}",
+          "artifacts_directory": "/app/artifacts",
+          "broker_auth": {
+            "user": "${broker_auth_username}",
+            "password": $(jq --null-input --arg "val" "${broker_auth_password}" '$val')
+          },
+          "cloud_foundry_config": {
+            "api_url": "https://${system_api_domain}",
+            "skip_ssl_validation": ${skip_ssl_validation},
+            "cf_username": "${cf_admin_username}",
+            "cf_password": $(jq --null-input --arg "val" "${cf_admin_password}" '$val'),
+            "uaa_client_id": "${scs_client}",
+            "uaa_client_secret": "${scs_client_secret}"
+          },
+          "services": [
+            {
+              "service_id": "config-server",
+              "service_name": "config-server",
+              "service_plan_id": "default-cs",
+              "service_plan_name": "default",
+              "service_description": "Broker to create Config Servers",
+              "service_download_uri": "${configserver_jar_uri}"
+            },
+            {
+              "service_id": "service-registry",
+              "service_name": "service-registry",
+              "service_plan_id": "default-sr",
+              "service_plan_name": "default",
+              "service_description": "Broker to create Service Registries",
+              "service_download_uri": "${registry_jar_uri}"
+            }
+          ]
+        }
+
+APPMANIFEST
+
+  echo "Pushing SCS Broker..."
+  cf push -f "manifest.yml"
+
+  echo <<-EOT
+SCS service broker is now running, you should now be able to create a service, e.g.:
+\t$ cf create-service config-server default test-service -c "{...whatever json configuration you wish to use for config-server - see config-server docs from Spring.io...}"
+EOT
+fi
+
+if [[ ${register} > 0 ]]
+then
+  broker_is_registered=$(
+    cf curl "/v2/service_brokers" \
+      | jq --raw-output \
+          --arg "broker_name" "${broker_name}" \
+          --arg "broker_old_name" "${broker_old_name}" \
+          '.resources[].entity
+            | select(.name == $broker_name or .name == $broker_old_name)
+            | .name'
+  )
+  broker_action="creat"
+  if [[ -n ${broker_is_registered} ]]; then
+    broker_action="updat"
+  fi
+
+  echo "Registering SCS Broker"
+  echo "${broker_action^}ing the service broker..."
+  cf "${broker_action}e-service-broker" "${broker_name}" \
+    "${broker_auth_username}" "${broker_auth_password}" \
+    "https://scs-broker.${apps_domain}"
+fi
+
+exit 0