首页 > 代码库 > CloudFoundry.yml修正版

CloudFoundry.yml修正版

---
name: CFRELEASE02
director_uuid: fdd46e30-f2c5-41dc-9662-0976fdac5716

releases:
- name: cf
  version: 171

meta:
  environment: null
  stemcell:
    name: bosh-vsphere-esxi-ubuntu
    version: 2366
  
compilation:
  workers: 2
  cloud_properties:
    ram: 1024
    disk: 6144
    cpu: 2
  network: default
  reuse_compilation_vms: true  

update:
  canaries: 1
  #waiting for 60s to get update job status
  canary_watch_time: 30000 - 90000
  update_watch_time: 30000 - 90000
  max_in_flight: 4
  max_errors: 4
  
networks:
- name: default
  subnets:
  - range: 192.168.2.0/24
    # Reserved IPs are the IPs that BOSH should not use in the declared range.
    reserved:
    # IP addresses which you don't want allocated by BOSH
    - 192.168.2.20 - 192.168.2.39      
    - 192.168.2.140 - 192.168.2.254
    # IP addresses which you don't want allocated by BOSH
    - 192.168.2.2 - 192.168.2.10
    # Static IPs are the IPs that are statically assigned to jobs in this manifest. The BOSH director does not attempt
    # to dynamically assign these to new VMs.
    static:
    - 192.168.2.40 - 192.168.2.100
    gateway: 192.168.2.1
    # If you configured your BOSH/micro-BOSH to enable DNS, leave the DNS section empty. The BOSH director automatically uses the
    # BOSH/micro-BOSH powerDNS IP. If any jobs ever need to resolve DNS entries outside the BOSH powerDNS subdomain
    # (*.microbosh by default), configure the powerDNS recursor in your bosh release.
    dns:
      - 192.168.2.2 
    cloud_properties:
      name: "VM Network"

resource_pools:
  - name: small_z1
    network: default
    size: 0
    stemcell:
      name: bosh-vsphere-esxi-ubuntu
      version: 2366
    cloud_properties:
      ram: 1024
      disk: 2048
      cpu: 1
  - name: medium_z1
    network: default
    size: 12
    stemcell:
      name: bosh-vsphere-esxi-ubuntu
      version: 2366
    cloud_properties:
      ram: 1024
      disk: 2048
      cpu: 1
  - name: large_z1
    network: default
    size: 0
    stemcell:
      name: bosh-vsphere-esxi-ubuntu
      version: 2366
    cloud_properties:
      ram: 1024
      disk: 10240
      cpu: 1
  - name: runner_z1
    network: default
    size: 1
    stemcell:
      name: bosh-vsphere-esxi-ubuntu
      version: 2366
    cloud_properties:
      ram: 16384
      disk: 32768
      cpu: 2
  - name: router_z1
    network: default
    size: 3
    stemcell:
      name: bosh-vsphere-esxi-ubuntu
      version: 2366
    cloud_properties:
      ram: 4096
      disk: 20480
      cpu: 2
    
jobs:
  - name: ha_proxy_z1
    instances: 1
    networks:
    - name: default
      static_ips:
      - 192.168.2.40
    properties:
      ha_proxy:
        ssl_pem: '-----BEGIN CERTIFICATE-----
  
          MIICLzCCAZgCCQCSoIG3LoeSMTANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJV
  
          UzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoT
  
          B1Bpdm90YWwxFjAUBgNVBAsTDUNsb3VkIEZvdW5kcnkwHhcNMTMxMDE3MjMxNzM5
  
          WhcNMTQxMDE3MjMxNzM5WjBcMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAU
  
          BgNVBAcTDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoTB1Bpdm90YWwxFjAUBgNVBAsT
  
          DUNsb3VkIEZvdW5kcnkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANqyjJMH
  
          FDbJ4XM2vLRxz6i82Gd2Y2dnAKYgu67FgheHGQJSv38lvn8JrAOBXu2QJgP8sJa+
  
          XqUWUTMo9BWvhvedQLojtcpLdULc0FhlIXn8bThGlTQyrSg9QJobhQZGziFVrdQM
  
          UZy4X+s6A2Szb9iOg3TYibnnfnuvdZli83eRAgMBAAEwDQYJKoZIhvcNAQEFBQAD
  
          gYEAbFu65WT+czpiJqHhNz5AnGYA8kieVlV7KhcljLtsU4Sxut5Vq9uXFBE09KCg
  
          YkyZ9KfzXArTeRCfcbm5xq12I+1nf6q0QjT1y3P6ztax0rpyb0i+4GWvA+ruMhfx
  
          n4QM1MkiJVYBGKkXFZDd1zsdR3pY4vm1uiMY75IvJQfgb08=
  
          -----END CERTIFICATE-----
  
          -----BEGIN RSA PRIVATE KEY-----
  
          MIICXQIBAAKBgQDasoyTBxQ2yeFzNry0cc+ovNhndmNnZwCmILuuxYIXhxkCUr9/
  
          Jb5/CawDgV7tkCYD/LCWvl6lFlEzKPQVr4b3nUC6I7XKS3VC3NBYZSF5/G04RpU0
  
          Mq0oPUCaG4UGRs4hVa3UDFGcuF/rOgNks2/YjoN02Im55357r3WZYvN3kQIDAQAB
  
          AoGAa88G81fTBCtDA1vhbIaKWuE1QNOgrxGcxUhvnPlqZxTHJFkMY66EmPV4oYW9
  
          +RhNVTvVBYq092boAnNW1/Xebvrk1SnBDkrLntnGPmExkatOkPTFFlNXfePu6qOJ
  
          ULwYg8rKRwpvLoQXxbzMDXApPBifBNWGHVneGuHLpwPEQgECQQD0IJOecEyorrCR
  
          6+wmJBS/IwqQO0Ooj7kZEg65MHi9exVe+XFvP0lW2NAUsDuBLz79hjslSqIJjRG8
  
          c6q36oqhAkEA5VVeEip+T4DV12I5A5maGexVMeC92K7EGU/H8YhltxVZ/RtNngdT
  
          3r19WeDbDF7R5CJy2f7AYullk3S6fkk28QJBALdEiW1k4rezRMyW7tYHOifvN2vl
  
          gbpWAt/GRZVSxSGB+B4vZq/cM8NlynftgQ5PGJucnGQ3bgN7irgNoTimc2ECQFMX
  
          QBMy5DroAhKcmu2r/IKB90gwFnjosVI+bsIbWkcgbE9hUhj8rK2aWE11Q8hSnpea
  
          x6QmQgxUZiIr+9n/qvECQQDiDIeSmo2mRYsaqr4CQ3Ak+EDjsm9XTpXHuqm+xgFO
  
          iDIeQCWd3/twqdDTR7FaDE7Q0i559u7A1yLumUn8caLF
  
          -----END RSA PRIVATE KEY-----'
      networks:
        apps: default
        management: default
    release: cf
    resource_pool: router_z1
    template: haproxy

  - name: syslog_aggregator
    instances: 1  
    resource_pool: medium_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.46
    persistent_disk: 10024 
    templates:
      - name: syslog_aggregator
        release: cf
    properties:
      domain: acp.local
      syslog_aggregator:
        log_email:
          enabled: false
          from_email: zhaozhenyang@apusic.com
          from_password: 1qazXSW@
          to_email: zhaozhenyang@apusic.com
          smtp_server: smtp.apusic.com
          smtp_port: 25
          smtp_domain: APUSIC.com
        port: 5632
        transport: "tcp"

  - name: nats
    instances: 1  
    resource_pool: medium_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.43
    persistent_disk: 10024
    templates:
      - name: nats
        release: cf
      - name: nats_stream_forwarder
        release: cf
    properties:
      syslog_aggregator:
        address: 192.168.2.46
        port: 5632
        all: false
        transport: "tcp"
      networks:
        apps: default
        management: default
      nats:
        address: 192.168.2.43
        user: nats
        password: c1oudc0w
        port: 4222
        authorization_timeout: 15
        machines:
          - 192.168.2.43
        debug: true
        trace: true
        monitor_port: 0
        prof_port: 0

  - name: etcd
    instances: 1
    resource_pool: medium_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.41
    persistent_disk: 10024      
    templates:
      - name: etcd
        release: cf
      - name: etcd_metrics_server
        release: cf
    properties:
      heartbeat_interval_in_milliseconds: 50
      election_timeout_in_milliseconds: 1000
      etcd:
        machines:
          - 192.168.2.41
      etcd_metrics_server:
        etcd:
          machine: "127.0.0.1"
          port: 4001
        nats:
          machines:
            - 192.168.2.43
          port: 4222
          username: nats
          password: c1oudc0w
        status:
          port: 5678
          username: ""
          password: ""
      networks:
        apps: default
        management: default
        
  - name: loggregator
    instances: 1  
    resource_pool: medium_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.44
    persistent_disk: 10024      
    templates:
      - name: loggregator
        release: cf
    properties:
      syslog_aggregator:
        address: 192.168.2.46
        port: 5632
        all: false
        transport: "tcp"
      loggregator:
        debug: false
        servers:
          z1:
            - 192.168.2.44
        status:
          user: ""
          password: ""
          port: 0
          maxRetainedLogMessages: 100
          incoming_port: 3456
          outgoing_port: 8080
      loggregator_endpoint:
        shared_secret: c1oudc0w
      etcd:
        machines:
          - 192.168.2.41
      ssl:
        skip_cert_verify: true
      networks:
        apps: default
        management: default
        
  - name: postgres
    instances: 1  
    resource_pool: medium_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.48
    templates:
      - name: postgres
        release: cf
    persistent_disk: 4096
    properties:
      db: databases
      databases:
        port: 5524
        roles:
          - name: ccadmin
            password: admin
            tag: admin
          - name: uaaadmin
            password: admin
            tag: admin
        databases:
          - citext: true
            name: ccdb
            tag: cc
          - citext: true
            name: uaadb
            tag: uaa
        db_scheme: postgres

  - name: gorouter
    instances: 2  
    resource_pool: router_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.47
        - 192.168.2.50
    templates:
      - name: gorouter
        release: cf
    properties:
      syslog_aggregator:
        address: 192.168.2.46
        port: 5632
        all: false
        transport: "tcp"
      loggregator_endpoint:
        host: 192.168.2.44
      networks:
        apps: default
        management: default

  - name: uaa
    instances: 1
    resource_pool: medium_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.42
    templates:
      - name: uaa
        release: cf
    persistent_disk: 4096
    properties:
      syslog_aggregator:
        address: 192.168.2.46
        port: 5632
        all: false
        transport: "tcp"
      networks:
        apps: default
        management: default
        
  - name: login
    instances: 1
    resource_pool: medium_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.51
    templates:
      - name: login
        release: cf
    persistent_disk: 4096
    properties:
      syslog_aggregator:
        address: 192.168.2.46
        port: 5632
        all: false
        transport: "tcp"
      name: Login Server for the UAA
      login:
        protocol: http
        brand: oss
        uaa_certificate: null
        catalina_opts: -Xmx384m -XX:MaxPermSize=128m
        links:
          home: http://console.acp.local
          passwd: http://console.acp.local/password_resets/new
          signup: http://console.acp.local/register
      networks:
        apps: default
        management: default

  - name: dea_next
    instances: 1  
    resource_pool: runner_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.49
    templates:
      - name: dea_next
        release: cf
      - name: dea_logging_agent
        release: cf
    persistent_disk: 40960  
    properties:
      syslog_aggregator:
        address: 192.168.2.46
        port: 5632
        all: false
        transport: "tcp"
      loggregator_endpoint: 
        host: 192.168.2.44
      networks:
        apps: default
        management: default
    
  - name: cloud_controller_ng
    instances: 1  
    resource_pool: medium_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.52
    templates:
      - name: cloud_controller_ng
        release: cf
    persistent_disk: 4096

  - name: cloud_controller_clock
    instances: 1  
    resource_pool: medium_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.53
    templates:
      - name: cloud_controller_clock
        release: cf
    persistent_disk: 0

  - name: cloud_controller_worker
    instances: 1  
    resource_pool: medium_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.54
    templates:
      - name: cloud_controller_worker
        release: cf
    persistent_disk: 0
         
  - name: loggregator_trafficcontroller
    instances: 1  
    resource_pool: medium_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.45
    persistent_disk: 10024
    templates:
      - name: loggregator_trafficcontroller
        release: cf
    properties:
      system_domain: acp.local
      syslog_aggregator:
        address: 192.168.2.46
        port: 5632
      traffic_controller:
        host: 192.168.2.45
        zone: z1
      loggregator:
        servers:
          z1:
            - 192.168.2.44
      ssl:
        skip_cert_verify: true
      cc:
        srv_api_uri: https://api.acp.local
      networks:
        apps: default
      
  - name: hm9000
    instances: 1
    resource_pool: medium_z1
    networks:
      - name: default
        static_ips:
        - 192.168.2.55
    templates:
      - name: hm9000
        release: cf
    persistent_disk: 4096
    properties:
      syslog_aggregator:
        address: 192.168.2.46
        port: 5632
        all: false
        transport: "tcp"
      cc:
        srv_api_uri: https://api.acp.local
      ccng:
        bulk_api_user: "bulk_api"
        bulk_api_password: c1oudc0w
      etcd:
        machines:
          - 192.168.2.41
      ssl:
        skip_cert_verify: true
      networks:
        apps: default
        management: default
        
properties:
  system_domain: acp.local
  system_domain_organization: system_domain
  support_address: http://support.acp.local
  domain: acp.local
  app_domains:
    - acp.local
  description: "Cloud Foundry v2 sponsored by Pivotal"
  etcd:
    machines: 
      - 192.168.2.41
  networks:
    apps: default
    management: default
  ssl:
    skip_cert_verify: true
  nats:
    user: nats
    password: c1oudc0w
    port: 4222
    machines:
      - 192.168.2.43
    use_gnatsd: true
  router:
    servers:
      z1:
      - 192.168.2.47
      z2:
      - 192.168.2.50
    endpoint_timeout: 60
    status:
      user: router
      password: c1oudc0w
  loggregator_endpoint:
    host: 192.168.2.44
    shared_secret: c1oudc0w

  loggregator:
    servers:
      default:
        - 192.168.2.44

  collector:
    datadog_api_key: ""
    datadog_application_key: ""
    deployment_name: CFRELEASE02
    use_datadog: true
    use_tsdb: false
  disk_quota_enabled: false

  ccdb: &ccdb
    address: 192.168.2.48
    databases:
    - citext: true
      name: ccdb
      tag: cc
    db_scheme: postgres
    port: 5524
    roles:
    - name: ccadmin
      password: admin
      tag: admin

  ccdb_ng: *ccdb

  cc: &cc
    bulk_api_user: "bulk_api"
    bulk_api_password: c1oudc0w
    srv_api_uri: https://api.acp.local
    db_logging_level: debug2
    ccng.logging_level: debug2
    db_encryption_key: c1oudc0w
    quota_definitions:
      default:
        memory_limit: 10240
        total_services: 100
        non_basic_services_allowed: true
        total_routes: 1000
        trial_db_allowed: true
    hm9000_noop: false
    staging_upload_user: uploaduser
    staging_upload_password: c1oudc0w
    install_buildpacks:
      - name: java_buildpack
        package: buildpack_java
      - name: ruby_buildpack
        package: buildpack_ruby
      - name: nodejs_buildpack
        package: buildpack_nodejs
    
  ccng: *cc
  
  uaa:
    admin:
      client_secret: c1oudc0w
    batch:
      password: batch-password
      username: batch-username
    catalina_opts: -Xmx384m -XX:MaxPermSize=128m
    cc:
      client_secret: c1oudc0w
    client:
      autoapprove:
        - cf
    clients:
      cf:  
        override: true  
        authorized-grant-types: password,implicit,refresh_token  
        authorities: uaa.none  
        scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write  
        access-token-validity: 7200  
        refresh-token-validity: 1209600
      app-direct:
        access-token-validity: 1209600
        authorities: app_direct_invoice.write
        authorized-grant-types: authorization_code,client_credentials,password,refresh_token,implicit
        override: true
        redirect-uri: http://console.acp.local
        refresh-token-validity: 1209600
        secret: c1oudc0w
      cc_service_broker_client: null
      developer_console:
        access-token-validity: 1209600
        authorities: scim.write,scim.read,cloud_controller.read,cloud_controller.write,password.write,uaa.admin,uaa.resource,cloud_controller.admin,billing.admin
        authorized-grant-types: authorization_code,client_credentials
        override: true
        redirect-uri: http://console.acp.local/oauth/callback
        refresh-token-validity: 1209600
        scope: openid,cloud_controller.read,cloud_controller.write,password.write,console.admin,console.support
        secret: c1oudc0w
      login:
        authorities: oauth.login
        authorized-grant-types: authorization_code,client_credentials,refresh_token
        override: true
        redirect-uri: http://login.acp.local
        scope: openid,oauth.approvals
        secret: c1oudc0w
      servicesmgmt:
        authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
        authorized-grant-types: authorization_code,client_credentials,password,implicit
        autoapprove: true
        override: true
        redirect-uri: http://servicesmgmt.acp.local/auth/cloudfoundry/callback
        scope: openid,cloud_controller.read,cloud_controller.write
        secret: c1oudc0w
      space-mail:
        access-token-validity: 1209600
        authorities: scim.read,scim.write,cloud_controller.admin
        authorized-grant-types: client_credentials
        override: true
        refresh-token-validity: 1209600
        secret: c1oudc0w
      support-services:
        access-token-validity: 1209600
        authorities: portal.users.read
        authorized-grant-types: authorization_code,client_credentials
        redirect-uri: http://support-signon.acp.local
        refresh-token-validity: 1209600
        scope: scim.write,scim.read,openid,cloud_controller.read,cloud_controller.write
        secret: c1oudc0w
    jwt:
      signing_key: '-----BEGIN RSA PRIVATE KEY-----

        MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1

        JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6

        0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB

        AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA

        Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0

        KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J

        duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE

        xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8

        +5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek

        lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h

        jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh

        HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+

        4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=

        -----END RSA PRIVATE KEY-----'
      verification_key: '-----BEGIN PUBLIC KEY-----

        MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d

        KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX

        qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug

        spULZVNRxq7veq/fzwIDAQAB

        -----END PUBLIC KEY-----'
    #login:
      #addnew: false
    no_ssl: false
    scim:
      users:
      - admin|admin|scim.write,scim.read,openid,cloud_controller.admin
    url: http://uaa.acp.local
 
  uaadb:
    address: 192.168.2.48
    databases:
    - citext: true
      name: uaadb
      tag: uaa
    db_scheme: postgresql
    port: 5524
    roles:
    - name: uaaadmin
      password: admin
      tag: admin