BOSH VMは次のような構成になる。
目次
BOSH Liteのインストール
BOSH VM作成
credhub.yml
も追加する。
bosh2 create-env bosh.yml \
--state ./state.json \
-o virtualbox/cpi.yml \
-o virtualbox/outbound-network.yml \
-o bosh-lite.yml \
-o bosh-lite-runc.yml \
-o uaa.yml \
-o credhub.yml \
-o jumpbox-user.yml \
--vars-store ./creds.yml \
-v director_name="bosh-lite" \
-v internal_ip=192.168.50.6 \
-v internal_gw=192.168.50.1 \
-v internal_cidr=192.168.50.0/24 \
-v outbound_network_name=NatNetwork
Stemcellのアップロード
bosh2 upload-stemcell https://bosh.io/d/stemcells/bosh-warden-boshlite-ubuntu-trusty-go_agent
Cloud Configの設定
bosh2 -n update-cloud-config ./warden/cloud-config.yml
CredHubを使う
CredHub CLIインストール
brew install cloudfoundry/tap/credhub-cli
CredHubログイン
bosh2 int ./creds.yml --path /uaa_ssl/ca > ~/uaa_ca
bosh2 int ./creds.yml --path /credhub_ca/ca > ~/credhub_ca
credhub login -s 192.168.50.6:8844 -u credhub-cli -p `bosh2 int ./creds.yml --path /credhub_cli_password` --ca-cert ~/uaa_ca --ca-cert ~/credhub_ca
軽くAPIを試す
$ credhub generate -n demo-pass -t password
id: 5a5ae163-6f4a-4582-b2cd-560dbb98007a
name: /demo-pass
type: password
value: NvxyWg1vX41G0IQxO3eZJvocVTBQQ6
version_created_at: 2017-07-02T07:18:54Z
$ credhub get -n demo-pass
id: 5a5ae163-6f4a-4582-b2cd-560dbb98007a
name: /demo-pass
type: password
value: NvxyWg1vX41G0IQxO3eZJvocVTBQQ6
version_created_at: 2017-07-02T07:18:54Z
$ credhub delete -n demo-pass
Credential successfully deleted
Concourseをデプロイ
以下のmanifestファイルをデプロイする
---
name: concourse
releases:
- name: concourse
version: 3.3.0
url: https://bosh.io/d/github.com/concourse/concourse?v=3.3.0
sha1: f0b5ab73ba26e9cc72c8989d20ae2e8d994f18c4
- name: garden-runc
version: 1.6.0
url: https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.6.0
sha1: 58fbc64aff303e6d76899441241dd5dacef50cb7
stemcells:
- alias: trusty
os: ubuntu-trusty
version: latest
instance_groups:
- name: web
instances: 1
vm_type: default
stemcell: trusty
azs: [z1]
networks:
- name: default
static_ips: [((internal_ip))]
jobs:
- name: atc
release: concourse
properties:
external_url: &external_url https://((internal_ip))
basic_auth_username: admin
basic_auth_password: ((ui_password))
tls_cert: ((atc_ssl.certificate))
tls_key: ((atc_ssl.private_key))
bind_port: 80
tls_bind_port: 443
postgresql_database: &atc_db atc
- name: tsa
release: concourse
properties: {}
- name: db
instances: 1
vm_type: default
persistent_disk_type: default
stemcell: trusty
azs: [z1]
networks:
- name: default
jobs:
- name: postgresql
release: concourse
properties:
databases:
- name: *atc_db
role: atc
password: ((postgres_password))
- name: worker
instances: 1
vm_type: default
stemcell: trusty
azs: [z1]
networks:
- name: default
jobs:
- name: groundcrew
release: concourse
properties: {}
- name: baggageclaim
release: concourse
properties: {}
- name: garden
release: garden-runc
properties:
garden:
listen_network: tcp
listen_address: 0.0.0.0:7777
update:
canaries: 1
max_in_flight: 1
serial: false
canary_watch_time: 1000-60000
update_watch_time: 1000-60000
variables:
- name: default_ca
type: certificate
options:
is_ca: true
common_name: ca
- name: atc_ssl
type: certificate
options:
ca: default_ca
common_name: ((internal_ip))
alternative_names: [((internal_ip))]
- name: postgres_password
type: password
- name: ui_password
type: password
デプロイ
bosh2 deploy -d concourse -v internal_ip=10.244.0.34 concourse.yml
できた。
CredHubの確認
manifestファイル中のvariables
に設定されているCredentialsがCredHubに生成される。(CredHubを使わない場合はbosh deploy
で--vars-store
に指定したファイルにCredentialsが保存される。)
$ credhub find concourse
credentials:
- name: /bosh-lite/concourse/ui_password
version_created_at: 2017-07-02T07:46:26Z
- name: /bosh-lite/concourse/postgres_password
version_created_at: 2017-07-02T07:46:26Z
- name: /bosh-lite/concourse/atc_ssl
version_created_at: 2017-07-02T07:46:26Z
- name: /bosh-lite/concourse/default_ca
version_created_at: 2017-07-02T07:46:26Z
ログインパスワードは次のように取得可能。
$ credhub get -n "/bosh-lite/concourse/ui_password"
id: 3beffe4b-32ed-4294-8622-26d106d9279b
name: /bosh-lite/concourse/ui_password
type: password
value: BYreZKTynCG5fQr21rOdwnKyYWvII0
version_created_at: 2017-07-02T07:46:26Z
CredentialsのRotate
Concourseのログインパスワードを再生成する
$ credhub regenerate -n "/bosh-lite/concourse/ui_password"
id: 3c988b52-4278-4494-968c-d639fcdf3d49
name: /bosh-lite/concourse/ui_password
type: password
value: CJ4HQLek91MSRt13QHfYRFewFmtKIQ
version_created_at: 2017-07-02T08:23:08Z
もう一度デプロイ
bosh2 deploy -d concourse -v internal_ip=10.244.0.34 concourse.yml
簡単にパスワードを変更できた。