Skip to content

Commit

Permalink
Merge branch 'release-276' into v1
Browse files Browse the repository at this point in the history
  • Loading branch information
Thomas Mitchell committed Feb 15, 2018
2 parents 9529180 + b9c33ed commit 94c6e7a
Show file tree
Hide file tree
Showing 8 changed files with 77 additions and 59 deletions.
1 change: 1 addition & 0 deletions base/0-deployment-order.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ instance_groups:
stemcell: default
networks:
- name: (( grab params.cf_internal_network ))
static_ips: (( static_ips(15, 16, 17, 18, 19) ))

- name: loggregator_trafficcontroller
instances: (( grab params.loggregator_instances ))
Expand Down
3 changes: 1 addition & 2 deletions base/cell.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ instance_groups:
consul_server: nil
consul_client: {from: consul_client_link}

- { name: cflinuxfs2-rootfs-setup, release: cflinuxfs2-rootfs }
- { name: cflinuxfs2-rootfs-setup, release: cflinuxfs2 }

- name: garden
release: garden-runc
Expand All @@ -24,7 +24,6 @@ instance_groups:
persistent_image_list:
- "/var/vcap/packages/cflinuxfs2/rootfs"


- name: rep
release: diego
properties:
Expand Down
3 changes: 3 additions & 0 deletions base/certs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ meta:
server:
public_cert: (( vault meta.vault "/diego/certs/capi:certificate" ))
private_key: (( vault meta.vault "/diego/certs/capi:key" ))
client:
cert: (( vault meta.vault "/diego/certs/capi_client:certificate" ))
key: (( vault meta.vault "/diego/certs/capi_client:key" ))

cc_uploader:
server:
Expand Down
7 changes: 4 additions & 3 deletions base/cloud_controller.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ instance_groups:
cc-service-dashboards:
scope: openid,cloud_controller_service_permissions.read
secret: (( grab meta.uaa.cc_broker_secret ))
cc_service_key_client:
secret: (( grab meta.uaa.cc_service_key_client_secret ))
cc_routing:
secret: (( grab meta.uaa.cc_routing_secret ))
cloud_controller_username_lookup:
Expand Down Expand Up @@ -149,8 +151,7 @@ meta:
- load_balancer
default_to_diego_backend: true

# This Diego block should go away in a future upgrade
# when these keys just become the defaults
#This is still here even though it was supposed to be gone two releases ago...
diego:
temporary_local_staging: true
temporary_local_tasks: true
Expand Down Expand Up @@ -222,7 +223,7 @@ meta:
rules: (( grab params.app_services_networks ))
- name: load_balancer
rules: (( grab params.cf_public_ips ))
srv_api_uri: (( concat "https://" meta.api_hostname ))

volume_services_enabled: true

statsd_injector:
Expand Down
8 changes: 6 additions & 2 deletions base/loggregator.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,14 +71,17 @@ instance_groups:
properties:
system_domain: (( grab params.system_domain ))
cc:
srv_api_uri: (( grab meta.cc.srv_api_uri ))
tls_port: (( grab meta.cc.tls_port ))
internal_service_hostname: cloud-controller-ng.service.cf.internal
mutual_tls:
ca_cert: (( grab meta.cc.mutual_tls.ca_cert ))
ssl:
skip_cert_verify: (( grab params.skip_ssl_validation ))
loggregator:
tls:
ca_cert: (( grab meta.certs.loggregator.ca ))
trafficcontroller: (( grab meta.certs.loggregator.trafficcontroller.server ))
cc_trafficcontroller: (( grab meta.certs.diego.capi.client ))
uaa:
client_secret: (( grab meta.uaa.doppler_secret ))
etcd:
Expand All @@ -88,7 +91,8 @@ instance_groups:
traffic_controller:
etcd: (( grab meta.certs.etcd.client ))
uaa:
url: (( grab meta.uaa.url ))
internal_url: (( grab meta.uaa.internal_url ))
ca_cert: (( grab meta.certs.uaa.ca ))

- name: route_registrar
release: routing
Expand Down
104 changes: 52 additions & 52 deletions base/releases.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,82 +4,82 @@ releases:
version: "1.0.14"
sha1: c5ba6b6d99b972ec34dece478302351d8b4f6bbc
- name: capi
url: https://bosh.io/d/github.com/cloudfoundry/capi-release?v=1.40.0
version: "1.40.0"
sha1: 108794c6db23467462af24a6f9c4612269520882
url: https://bosh.io/d/github.com/cloudfoundry/capi-release?v=1.43.0
version: "1.43.0"
sha1: 94da536a79b95bf9b723d30ab42a944938cf2e76
- name: cf-smoke-tests
url: https://bosh.io/d/github.com/cloudfoundry/cf-smoke-tests-release?v=40
version: "40"
sha1: 97179a05f901e5360178cb6cf8e78dcf9de6d2c2
- name: cflinuxfs2-rootfs
url: https://bosh.io/d/github.com/cloudfoundry/cflinuxfs2-rootfs-release?v=1.60.0
version: "1.60.0"
sha1: 12b7e2473d0f4e9edc90bc3da873f51e70ede942
- name: cflinuxfs2
url: https://bosh.io/d/github.com/cloudfoundry/cflinuxfs2-release?v=1.157.0
version: "1.157.0"
sha1: 0a2ce532d4e8e981d411e8a8f71472a2c0c58ad9
- name: consul
url: https://bosh.io/d/github.com/cloudfoundry-incubator/consul-release?v=171
version: "171"
sha1: e781dd1050c5f90339f3405f07af094a6c46052d
url: https://bosh.io/d/github.com/cloudfoundry-incubator/consul-release?v=173
version: "173"
sha1: a8beaed125cc4edcf7a21ee3bff51985eed2b2a1
- name: diego
url: https://bosh.io/d/github.com/cloudfoundry/diego-release?v=1.25.1
version: "1.25.1"
sha1: a99d4914d08ea395955163e0b0882221e022248d
url: https://bosh.io/d/github.com/cloudfoundry/diego-release?v=1.26.2
version: "1.26.2"
sha1: 75509c821f15eca32b0e26886a7236b13517bb29
- name: dotnet-core-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/dotnet-core-buildpack-release?v=1.0.23
version: "1.0.23"
sha1: ee292aa57b7eab52162a7499ad472864df567695
url: https://bosh.io/d/github.com/cloudfoundry/dotnet-core-buildpack-release?v=1.0.27
version: "1.0.27"
sha1: a81799dc1c05b14d7d46e125a7fe8308385568b0
- name: etcd
url: https://bosh.io/d/github.com/cloudfoundry-incubator/etcd-release?v=104
version: "104"
sha1: 91d27a5a583d22acaf926023063fcdb2003522e6
- name: garden-runc
url: https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.9.0
version: "1.9.0"
sha1: 77bfe8bdb2c3daec5b40f5116a6216badabd196c
url: https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.9.4
version: "1.9.4"
sha1: 9cccd7685ac075ad6956cba3ab5881e3435cd7e3
- name: go-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/go-buildpack-release?v=1.8.6
version: "1.8.6"
sha1: d9d0f9feb07ca9dd5f58c95d458e5935e69ee892
url: https://bosh.io/d/github.com/cloudfoundry/go-buildpack-release?v=1.8.8
version: "1.8.8"
sha1: b65744415cf7fb901d06df997a82c26618ece17b
- name: java-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/java-buildpack-release?v=3.19
version: "3.19"
sha1: 4248c595e596536cdb2ffeeefee153c5d76fbe7d
url: https://bosh.io/d/github.com/cloudfoundry/java-buildpack-release?v=4.5.1
version: "4.5.1"
sha1: d99f66ff5e9182849a5310dbc545eb9af429d187
- name: loggregator
url: https://github.com/cloudfoundry/loggregator-release/releases/download/v92/release.tgz
version: "92"
sha1: ad497780da9c4dd0e5f7b114637217251168ae6d
url: https://bosh.io/d/github.com/cloudfoundry/loggregator-release?v=99
version: "99"
sha1: 2080e1e0594591dafa716c69f207eb29929bce3d
- name: nats
url: https://bosh.io/d/github.com/cloudfoundry/nats-release?v=22
version: "22"
sha1: 1300071c7cf43f5d299a6eaec6f6bb6cca7eac3b
- name: nodejs-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/nodejs-buildpack-release?v=1.6.4
version: "1.6.4"
sha1: 25a924abd54b029e7f01e80b3dca56bcbab1da32
url: https://bosh.io/d/github.com/cloudfoundry/nodejs-buildpack-release?v=1.6.7
version: "1.6.7"
sha1: 56eeb1dc6fc0664270328c2c0fcff5936aa68d7e
- name: php-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/php-buildpack-release?v=4.3.39
version: "4.3.39"
sha1: 7eadd84e55cd6c87510fb75de9d325e61faba1ce
url: https://bosh.io/d/github.com/cloudfoundry/php-buildpack-release?v=4.3.42
version: "4.3.42"
sha1: 8161798443f31242968797da14f2aa905672cac3
- name: python-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/python-buildpack-release?v=1.5.22
version: "1.5.22"
sha1: 7b81cbc5694228c7015ee3d39a45a19bd84b336c
url: https://bosh.io/d/github.com/cloudfoundry/python-buildpack-release?v=1.5.25
version: "1.5.25"
sha1: dcd97e1053f0677ed1db9415f7abcd9824c4c2f9
- name: routing
url: https://bosh.io/d/github.com/cloudfoundry-incubator/cf-routing-release?v=0.159.0
version: "0.159.0"
sha1: 739f663f976fea826595880cfd58470bc8d49172
url: https://bosh.io/d/github.com/cloudfoundry-incubator/cf-routing-release?v=0.163.0
version: "0.163.0"
sha1: f0dacd62bbf23b70684370c7ededaf2733ddb6ae
- name: ruby-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/ruby-buildpack-release?v=1.6.46
version: "1.6.46"
sha1: 23e4e12f7a3ccadda59727eb95b26a853e86fbbe
url: https://bosh.io/d/github.com/cloudfoundry/ruby-buildpack-release?v=1.7.3
version: "1.7.3"
sha1: 079d84993e3a854f8e3938f7a4761a0d76fee295
- name: staticfile-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/staticfile-buildpack-release?v=1.4.12
version: "1.4.12"
sha1: 40e3b8a5a9d540fc53c41f5e164ed636420e9e3e
url: https://bosh.io/d/github.com/cloudfoundry/staticfile-buildpack-release?v=1.4.16
version: "1.4.16"
sha1: 8fd958f62024be957604277bc104bbef3dd3bfc2
- name: statsd-injector
url: https://bosh.io/d/github.com/cloudfoundry/statsd-injector-release?v=1.0.29
version: "1.0.29"
sha1: 6e8f626d107c8e2b525b50571393a6eaaf664ad3
url: https://bosh.io/d/github.com/cloudfoundry/statsd-injector-release?v=1.0.30
version: "1.0.30"
sha1: b0f201e0341af9736848514c76149070ea902e41
- name: uaa
url: https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=45
version: "45"
sha1: 4d4fba13b724b75206f5eb3abae8efa94dcf7db8
url: https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=51
version: "51"
sha1: 869b8e6bf58f5431b3579f730f142814aae39d71
6 changes: 6 additions & 0 deletions base/uaa.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@ instance_groups:
authorized-grant-types: client_credentials
scope: openid,cloud_controller_service_permissions.read
secret: (( grab meta.uaa.cc_broker_secret ))
cc_service_key_client:
authorities: credhub.read,credhub.write
authorized-grant-types: client_credentials
secret: (( grab meta.uaa.cc_service_key_client_secret ))
cc_routing:
authorities: routing.router_groups.read
authorized-grant-types: client_credentials
Expand Down Expand Up @@ -158,12 +162,14 @@ meta:

uaa:
url: (( concat "https://uaa." params.system_domain ))
internal_url: "https://uaa.service.cf.internal:8443"
port: 8080
ssl_port: 8443

admin_client_secret: (( vault meta.vault "/uaa/client_secrets:admin_client" ))
cc_broker_secret: (( vault meta.vault "/uaa/client_secrets:cc_broker" ))
cc_routing_secret: (( vault meta.vault "/uaa/client_secrets:cc_routing" ))
cc_service_key_client_secret: (( vault meta.vault "/uaa/client_secrets:cc_service_key_client" ))
cc_user_lookup_secret: (( vault meta.vault "/uaa/client_secrets:cc_user_lookup" ))
doppler_secret: (( vault meta.vault "/uaa/client_secrets:doppler" ))
firehose_secret: (( vault meta.vault "/uaa/client_secrets:firehose" ))
Expand Down
4 changes: 4 additions & 0 deletions kit.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,9 @@ certificates:
capi:
valid_for: 1y
names: [ "cloud-controller-ng.service.cf.internal" ]
capi_client:
valid_for: 1y
names: [ "cloud controller client" ]
cc_uploader:
valid_for: 1y
names: [ "cc_uploader" ]
Expand Down Expand Up @@ -184,6 +187,7 @@ credentials:
uaa/client_secrets:
admin_client: random 64
cc_broker: random 64
cc_service_key_client: random 64
cc_routing: random 64
cc_user_lookup: random 64
doppler: random 64
Expand Down

0 comments on commit 94c6e7a

Please sign in to comment.