For some time, after watching people having lots of fun with Bosh – I decided to give “Bosh” the service deployment system a try.
Bosh has great documentation that explains how it can be used on some popular cloud infrastructures. For simplicity sake, lets just call them “clouds”.
That’s where the problems started, because as we all know too well, the officially supported mainstream clouds are Amazon, OpenStack and VMWare. I immediately rejected the idea of replacing my existing and quite functional cloud orchestration system with anything else. I use Project-FiFo which does an absolutely amazing job orchestrating SmartOS hypervisors.
Despite having documentation for specific cloud software, Bosh is designed not to be tied to any specific cloud or cloud OS. Currently the integration between Bosh and clouds, called CPI (Cloud Provider Interface), lives inside bosh itself which is a problem if you want to add a new one. The good news is that there is a ongoing initiative to support ‘external CPIs’ which aims to decouple Bosh from the cloud implementation itself. The bad news is that its not yet finished and there is no documentation.
This post is about integrating Bosh with FiFo using an external Cloud Provider Interface (CPI).
Each CPI must implement a set of pre-defined inputs and outputs, which is used by Bosh to talk to each cloud system to perform actions: e.g. VM Creation. Each VM is based on a specific OS image, flavour, dataset or “stemcells” as Bosh likes to call them.
1) External CPI
Bosh communicates with external CPI’s using standard input output (stdin, stdout), so you can write external CPI’s in almost any language.
This implementation is called bosh-fifo-cpi and is done using node.js.
It’s used in 2 types of cases:
- When deploying “micro bosh” from a client, so that the micro bosh deployer knows how to upload a “stemcell” and create the initial micro bosh instance.
- Inside a running “micro bosh” VM, so that it can interact with the Project-FiFo cloud when deploying services.
These are the various methods “Bosh” need from CPI:
- create_stemcell: Called when uploading a stemcell to the cloud.
- create_vm
- delete_stemcell
- delte_vm
- get_vm: After bosh creates a vm, it calls this for getting additional VM info e.g. IP address
- has_vm: Used when triggering bosh cck
- ping
- reboot_vm
- set_vms_metadata: Used to set VM metadata, like the job its running, or its agent id.
Additionally, there are the disk methods such as “create”, “attach”, “detach” and “delete” that are used to mount the data of one VM into another (Bosh migration process) or when you tell Bosh to create a VM with a persistent disk. In the case of FiFo/Smartos we don’t have that functionality so we will just skip them for now.
2) Stemcell
A stemcell is essentially an OS image, which contains some of the base software preinstalled, including the bosh-agent. Bosh need a “stemcell” to initiate the VMs that runs the software its supposed to run, as described in the manifests.
Bosh needs to upload its stemcells to the cloud.
There are currently two ways to accomplish this:
- Build a procedure that executes scripts in a chroot, and packs an image from it.
- Directly download one from here
All the supported mainstream cloud software have the same thing in common. They manage Linux VM’s. Therefore the existing pre-built stemcells are for Linux. To make Bosh work on another Operating System like SmartOS & Zones will require some modifications to the bosh-agent and a different stemcell build procedure. SmartOS can run KVM perfectly fine, so lets use Linux as a base for now…
We will use the OpenStack Ubuntu “GO” agent image. It contains an OpenStack specific configuration inside. We will change that using a custom init script, which will be executed on every VM first boot, by some additional SmartOS bits we need to put inside.
This process has 3 parts:
- Run a VM, using the downloaded OpenStack stemcell
- Customize the VM
- Build a customized stemcell out of it.
2.1) Running a VM from the original stemcell
We will take the OpenStack stemcell, extract its image and run a VM from it.
In the Global Zone:
$ mkdir /opt/extract; cd /opt/extract $ tar zxf ../bosh-stemcell-you-downloaded.tgz $ tar zxf image $ qemu-img info root.img image: root.img file format: qcow2 virtual size: 10G (10737418240 bytes) disk size: 1.0G cluster_size: 65536 $ qemu-img convert -O raw root.img image.raw $ qemu-img info image.raw image: image.raw file format: raw virtual size: 10G (10737418240 bytes) disk size: 1.0G $ vmadm create -f VM_BOSH.json Successfully created VM e26d89c6-be16-46ed-a58d-b8d0f7c105ba $ VM=e26d89c6-be16-46ed-a58d-b8d0f7c105ba $ DISK=$(vmadm info $VM | json block.0.inserted.file) $ vmadm stop -f $VM $ dd if=./image.raw of=$DISK bs=1M 10240+0 records in 10240+0 records out $ vmadm start $VM Successfully started VM 664d3956-f8fc-48a1-9f3e-a72ef09ae1a9 $ svcadm restart chunter
This is an example of VM_BOSH.json.
{
"brand": "kvm",
"alias": "bosh",
"resolvers": ["10.0.0.1"],
"ram": 2048,
"vcpus": 2,
"nics": [
{
"nic_tag": "admin",
"ip": "10.0.0.240",
"netmask": "255.255.255.0",
"gateway": "10.0.0.1",
"model": "virtio",
"primary": true
}
],
"disks": [
{
"boot": true,
"model": "virtio",
"size": 10240
}
]
}
2.2) Customise the VM
We will add SmartOS init script into the running VM. The stemcells have the ssh login disabled for root, lets temporary enable it.
Login as root into the machines via FiFo UI or VNC, password is c1oudc0w. Change the last two lines of /etc/ssh/sshd_config to yes, and then service sshd restart
In your notebook:
$ git clone https://github.com/killfill/smartos-ize $ cd ubuntu; deploy.sh $IP_OF_THE_VM (It will ask you for password more than ones...)
Close the ssh access for root that was opened with VNC above.
2.3) Generating the Stemcell
We should be ready now to transform the created VM running from the OpenStack Bosh stemcell with the above changes, into a stemcell.
- Power off the VM
- Snapshot the VM
- Create an Dataset based on the snapshot. (Imaging tab on the UI of FiFo)
- Check the Datasets page and confirm that the dataset is available and ready.
Now that the dataset is ready, we can proceed to pack it into a stemcell archive:
- Dump the dataset into a file, using nfifo:
- Get the UUID of the created dataset
nfifo --json false datasets <uuid> dataset.gz > bosh-dataset.zvol.gz
- Pack up the Bosh stemcell archive
- Put the same bosh openstack stemcell we downloaded at the beginning, into a dir
mkdir tmp; cd tmp- Modify the file apply_spec.json so it contains:
{"external_cpi": {"enabled": true, "name": "fifo-cpi"}}- This way the file
/var/vcap/micro/apply_spec.jsonin the micro bosh VM gets written that way so bosh-director uses our external CPI instead of the build in OpenStack CPI.
-
$ sed -i.bak "s|openstack|fifo|g" stemcell.MF; rm stemcell.MF.bak $ cp ../bosh-dataset.zvol.gz ./image $ tar -zcf ../bosh-stemcell-[version]-fifo-kvm-ubuntu.tgz *
3) Deploy Micro Bosh
This is pretty much following the existing bosh micro deployment documentation
$ gem install bosh_cli_plugin_micro $ mkdir -p ~/deployments/microbosh-fifo $ cd ~/deployments/microbosh-fifo
We will need to patch the micro and cpi plugin. Do it as described at the bottom.
Then, create a bosh micro deployment manifest file like this one. Check that the net_id, instance_type and cpi_path matches yours.
Trigger the deployment:
$ git clone https://github.com/killfill/bosh-fifo-cpi.git /path/to/bosh-fifo-cpi $ bosh micro deployment ~/deployments/microbosh-fifo/micro_bosh.yml $ bosh micro deploy bosh-stemcell-[version]-fifo-kvm-ubuntu.tgz
That will take the stemcell, upload it to FiFo, create a VM based on it, apply bosh specs, and wait for the components to start.
Logs will be written in ~/deployments/microbosh-fifo/bosh_micro_deploy.log
Now lets put the bosh-fifo-cpi inside just created micro bosh VM, so it can interact with our Cloud. There is a deployment script of bosh-fifo-cpi that does it:
$ ./bin/deploy.sh $ip_of_microbosh
Some of the below checks should now work:
$ bosh micro status $ bosh micro agent ping $ bosh target $ip_of_microbosh #user: admin, password: admin $ bosh status
In case you want to delete the micro bosh vm, bosh micro delete
4) Using the deployed Micro Bosh instance
What makes Bosh interesting is that its not only a configuration management tool like Chef or Puppet, but a service deployment tool. This means that you describe the deployment of the complete service(s) in one manifest file.
Bosh knows exactly how the service is setup, so for example if we have a Redis cluster running and one of the VM dies, Bosh will automatically recreate another one to maintain the desire state of the deployment. The scale of the service is pretty trivial too.
So, lets deploy Redis. First we need to have a stemcell available to use:
$ bosh upload stemcell /path/to/bosh-stemcell-2657-fifo-kvm-ubuntu-go_agent.tgz
Verifying stemcell...
File exists and readable OK
Verifying tarball...
Read tarball OK
Manifest exists OK
Stemcell image file OK
Stemcell properties OK
Stemcell info
-------------
Name: bosh-fifo-kvm-ubuntu-go_agent
Version: 2657
Checking if stemcell already exists...
No
Uploading stemcell...
bosh-stemcell: 20% |ooooooooooooooooooooooooooooooooooooooo| 549.4MB 2.6MB/s Time: 00:03:31
Director task 2
Started update stemcell
Started update stemcell > Extracting stemcell archive. Done (00:00:11)
Started update stemcell > Verifying stemcell manifest. Done (00:00:00)
Started update stemcell > Checking if this stemcell already exists. Done (00:00:00)
Started update stemcell > Uploading stemcell bosh-fifo-kvm-ubuntu-go_agent/2657 to the cloud. Done (00:00:00)
Started update stemcell > Save stemcell bosh-fifo-kvm-ubuntu-go_agent/2657 (8f38dca2-9497-4807-a5f1-62aa1d6a7728). Done (00:00:00)
Done update stemcell (00:00:11)
Task 2 done
Started 2014-08-11 01:19:03 UTC
Finished 2014-08-11 01:19:14 UTC
Duration 00:00:11
Stemcell uploaded and created.
bosh stemcells should list the just uploaded stemcell.
Create a redis deployment manifest like this one. It can be simplified but just let use it:
compilation:
cloud_properties:
instance_type: 8ade6653-86ac-4777-82a3-728ac5751142
network: redis1
reuse_compilation_vms: true
workers: 6
director_uuid: 51c09760-514c-4353-8a8a-4e8c3b4019fb
jobs:
- instances: 1
name: redis_leader_z1
networks:
- name: redis1
static_ips: null
persistent_disk: 0
resource_pool: small_z1
templates:
- name: redis
release: redis
- instances: 2
name: redis_z1
networks:
- name: redis1
static_ips: null
persistent_disk: 0
properties:
redis:
master: 0.redis-leader-z1.redis1.a-redis-cluster.microbosh
resource_pool: small_z1
templates:
- name: redis
release: redis
update:
canaries: 10
meta:
environment: a-redis-cluster-huh
stemcell:
name: bosh-fifo-kvm-ubuntu-go_agent
version: latest
name: a-redis-cluster
networks:
- cloud_properties: {}
name: floating
type: vip
- cloud_properties:
net_id: c0c15666-0b72-4998-aaf2-2bb40e71b799
security_groups:
- default
name: redis1
type: dynamic
properties:
consul: null
releases:
- name: redis
version: latest
resource_pools:
- cloud_properties:
instance_type: 0a827ade-f24c-4cb3-9df4-3ad35561fa9c
name: small_z1
network: redis1
size: 3
stemcell:
name: bosh-fifo-kvm-ubuntu-go_agent
version: latest
update:
canaries: 1
canary_watch_time: 1000-30000
max_in_flight: 50
update_watch_time: 1000-30000
Then run:
bosh deployment redis-fifo-manifest.yml bosh upload release https://redis-boshrelease.s3.amazonaws.com/boshrelease-redis-5.tgz bosh -n deploy
Done!
Here is a video that goes throw the process of the Redis deployment and then scale it.
Lets try something a little more complex. Wipe out the Redis cluster just deployed, create a Cloud Foundry manifest like this one. Again, this is not the simplest manifest, but it can be simplified.
compilation:
cloud_properties:
instance_type: 716a4b06-7031-4066-aab0-31758baf2808
network: cf1
reuse_compilation_vms: true
workers: 6
director_uuid: d1581edd-b03b-4486-b417-0d24a7e4cd25
jobs:
- instances: 1
name: nats_z1
networks:
- name: cf1
static_ips: null
properties:
networks:
apps: cf1
resource_pool: medium_z1
templates:
- name: nats
release: cf
- name: nats_stream_forwarder
release: cf
- instances: 0
name: nats_z2
networks:
- name: cf2
static_ips: []
properties:
networks:
apps: cf2
resource_pool: medium_z2
templates:
- name: nats
release: cf
- name: nats_stream_forwarder
release: cf
- instances: 1
name: etcd_z1
networks:
- name: cf1
static_ips: null
persistent_disk: 0
properties:
networks:
apps: cf1
resource_pool: medium_z1
templates:
- name: etcd
release: cf
- name: etcd_metrics_server
release: cf
- instances: 0
name: etcd_z2
networks:
- name: cf2
static_ips: []
persistent_disk: 0
properties:
networks:
apps: cf2
resource_pool: medium_z2
templates:
- name: etcd
release: cf
- name: etcd_metrics_server
release: cf
- instances: 0
name: logs_z1
networks:
- name: cf1
static_ips: null
persistent_disk: 0
properties:
networks:
apps: cf1
resource_pool: medium_z1
templates:
- name: syslog_aggregator
release: cf
- instances: 0
name: logs_z2
networks:
- name: cf2
static_ips: []
persistent_disk: 0
properties:
networks:
apps: cf2
resource_pool: medium_z2
templates:
- name: syslog_aggregator
release: cf
- instances: 0
name: stats_z1
networks:
- name: cf1
properties:
networks:
apps: cf1
resource_pool: small_z1
templates:
- name: collector
release: cf
- instances: 1
name: nfs_z1
networks:
- name: cf1
static_ips: null
persistent_disk: 0
resource_pool: medium_z1
templates:
- name: debian_nfs_server
release: cf
- instances: 1
name: postgres_z1
networks:
- name: cf1
static_ips: null
persistent_disk: 0
resource_pool: medium_z1
templates:
- name: postgres
release: cf
- instances: 1
name: uaa_z1
networks:
- name: cf1
properties:
networks:
apps: cf1
resource_pool: medium_z1
templates:
- name: uaa
release: cf
- instances: 0
name: uaa_z2
networks:
- name: cf2
properties:
networks:
apps: cf2
resource_pool: medium_z2
templates:
- name: uaa
release: cf
- instances: 1
name: login_z1
networks:
- name: cf1
properties:
networks:
apps: cf1
resource_pool: medium_z1
templates:
- name: login
release: cf
- instances: 0
name: login_z2
networks:
- name: cf2
properties:
networks:
apps: cf2
resource_pool: medium_z2
templates:
- name: login
release: cf
- instances: 1
name: api_z1
networks:
- name: cf1
persistent_disk: 0
properties:
metron_agent:
zone: z1
networks:
apps: cf1
nfs_server:
address: 0.nfs-z1.cf1.cf-baby.microbosh
allow_from_entries:
- 10.0.0.0/24
- null
- null
share: null
resource_pool: large_z1
templates:
- name: cloud_controller_ng
release: cf
- name: metron_agent
release: cf
- instances: 0
name: api_z2
networks:
- name: cf2
persistent_disk: 0
properties:
metron_agent:
zone: z2
networks:
apps: cf2
nfs_server:
address: 0.nfs-z1.cf1.cf-baby.microbosh
allow_from_entries:
- 10.0.0.0/24
- null
- null
share: null
resource_pool: large_z2
templates:
- name: cloud_controller_ng
release: cf
- name: metron_agent
release: cf
- instances: 1
name: clock_global
networks:
- name: cf1
persistent_disk: 0
properties:
metron_agent:
zone: z1
networks:
apps: cf1
resource_pool: medium_z1
templates:
- name: cloud_controller_clock
release: cf
- name: metron_agent
release: cf
- instances: 1
name: api_worker_z1
networks:
- name: cf1
persistent_disk: 0
properties:
metron_agent:
zone: z1
networks:
apps: cf1
nfs_server:
address: 0.nfs-z1.cf1.cf-baby.microbosh
allow_from_entries:
- 10.0.0.0/24
- null
- null
share: null
resource_pool: small_z1
templates:
- name: cloud_controller_worker
release: cf
- name: metron_agent
release: cf
- instances: 0
name: api_worker_z2
networks:
- name: cf2
persistent_disk: 0
properties:
metron_agent:
zone: z2
networks:
apps: cf2
nfs_server:
address: 0.nfs-z1.cf1.cf-baby.microbosh
allow_from_entries:
- 10.0.0.0/24
- null
- null
share: null
resource_pool: small_z2
templates:
- name: cloud_controller_worker
release: cf
- name: metron_agent
release: cf
- instances: 1
name: hm9000_z1
networks:
- name: cf1
properties:
networks:
apps: cf1
resource_pool: medium_z1
templates:
- name: hm9000
release: cf
- instances: 0
name: hm9000_z2
networks:
- name: cf2
properties:
networks:
apps: cf2
resource_pool: medium_z2
templates:
- name: hm9000
release: cf
- instances: 1
name: runner_z1
networks:
- name: cf1
static_ips: null
properties:
metron_agent:
zone: z1
networks:
apps: cf1
resource_pool: runner_z1
templates:
- name: dea_next
release: cf
- name: dea_logging_agent
release: cf
- name: metron_agent
release: cf
update:
max_in_flight: 1
- instances: 0
name: runner_z2
networks:
- name: cf2
static_ips: null
properties:
metron_agent:
zone: z2
networks:
apps: cf2
resource_pool: runner_z2
templates:
- name: dea_next
release: cf
- name: dea_logging_agent
release: cf
- name: metron_agent
release: cf
update:
max_in_flight: 1
- instances: 1
name: loggregator_z1
networks:
- name: cf1
static_ips: null
properties:
loggregator:
zone: z1
networks:
apps: cf1
resource_pool: medium_z1
templates:
- name: loggregator
release: cf
- instances: 0
name: loggregator_z2
networks:
- name: cf2
static_ips: []
properties:
loggregator:
zone: z2
networks:
apps: cf2
resource_pool: medium_z2
templates:
- name: loggregator
release: cf
- instances: 1
name: loggregator_trafficcontroller_z1
networks:
- name: cf1
static_ips: null
properties:
networks:
apps: cf1
traffic_controller:
zone: z1
resource_pool: small_z1
templates:
- name: loggregator_trafficcontroller
release: cf
- instances: 0
name: loggregator_trafficcontroller_z2
networks:
- name: cf2
static_ips: []
properties:
networks:
apps: cf2
traffic_controller:
zone: z2
resource_pool: small_z2
templates:
- name: loggregator_trafficcontroller
release: cf
- instances: 1
name: router_z1
networks:
- name: cf1
static_ips: null
properties:
metron_agent:
zone: z1
networks:
apps: cf1
resource_pool: router_z1
templates:
- name: gorouter
release: cf
- name: metron_agent
release: cf
- instances: 0
name: router_z2
networks:
- name: cf2
static_ips: []
properties:
metron_agent:
zone: z2
networks:
apps: cf2
resource_pool: router_z2
templates:
- name: gorouter
release: cf
- name: metron_agent
release: cf
- default_networks:
- name: cf1
static_ips: null
instances: 1
name: ha_proxy_z1
networks:
- default:
- dns
- gateway
name: cf1
static_ips: null
properties:
ha_proxy:
ssl_pem: '-----BEGIN CERTIFICATE-----
MIIDYTCCAkmgAwIBAgIJAOQy8l+wDKK9MA0GCSqGSIb3DQEBBQUAMCkxDTALBgNV
BAoTBEJvc2gxGDAWBgNVBAMUDyouaG9sYS52aXJ0dS5jbDAeFw0xNDA4MjAwMTMx
NTdaFw0yMDAyMTAwMTMxNTdaMCkxDTALBgNVBAoTBEJvc2gxGDAWBgNVBAMUDyou
aG9sYS52aXJ0dS5jbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMzt
DfGw/sM6oF4hBkLnp0yXaq9XbnC8lt4VpRUatnt+TXsV6Dc2bEQN9qsf/xs2Ocpc
6eRHT2PLkpNKPVg9q3FDLUhaHT7eoHihgAJzpqXvz9jkra3CvdDrabPKi+Ym5iiG
BJPJ0hOs8jGRFIEFiEob3kk07sAN9ekh8LJJ5uZrveJfnn9CGyVr2h907AwEESuk
jWw/gY1n4RBIMUDhv66FIK2N/hxcgwdyQJKpRJMpsEB+Y/rPMZ3mN8/hY2pJn+Qv
dXF7RNzDYpNbbJ+n22e+whbv38ETMGnfd2KMMX+MisKFYSLGMWxBnmXaEqc+JVhK
DNd/ozOfnRCAv8nsNEkCAwEAAaOBizCBiDAdBgNVHQ4EFgQUxsxwoXBIYOscHlJU
Gl0g1o/vo+kwWQYDVR0jBFIwUIAUxsxwoXBIYOscHlJUGl0g1o/vo+mhLaQrMCkx
DTALBgNVBAoTBEJvc2gxGDAWBgNVBAMUDyouaG9sYS52aXJ0dS5jbIIJAOQy8l+w
DKK9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAD3sOQa+ux5qGhfx
TbWmDMGYITO7W/4PSiaoOP9dDqOeAREy8I+S0TWKZD8eibiCSTIEIrEzd+fVaQzd
+QYCQ/7fIGx+UProqN0I0CD8tNa268AwhvD2HFApZ3D1L45WKZJwjovrH36a9TWz
Eqh3zwAjVBVAieu6FcDRK6AW4pY/P2CYI2dst4WJ6UI6LDVWbQgjl7K6j4tIqaqH
RFZd3ws8w/LivBALDYwiLI7RZ60cZf5FrsD+3wz8fzXqzgdd1GPFGS0R3E0evn6k
/deo/FfZ7p5PbBT6gi2tFMnM7yelfhDWhtuEPaQHzg4ZvXMQ8uXdM7h1wETJtvkN
Zy1oiEQ=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAzO0N8bD+wzqgXiEGQuenTJdqr1ducLyW3hWlFRq2e35NexXo
NzZsRA32qx//GzY5ylzp5EdPY8uSk0o9WD2rcUMtSFodPt6geKGAAnOmpe/P2OSt
rcK90Otps8qL5ibmKIYEk8nSE6zyMZEUgQWIShveSTTuwA316SHwsknm5mu94l+e
f0IbJWvaH3TsDAQRK6SNbD+BjWfhEEgxQOG/roUgrY3+HFyDB3JAkqlEkymwQH5j
+s8xneY3z+Fjakmf5C91cXtE3MNik1tsn6fbZ77CFu/fwRMwad93Yowxf4yKwoVh
IsYxbEGeZdoSpz4lWEoM13+jM5+dEIC/yew0SQIDAQABAoIBAA3KHdgXqu0EMupi
moNCB1X2Em2+GmZnqldDaZpj88eXliskLD4a4Woq7mBRhN8V5Qmi+vIrgkIa3sAe
jMY1UCYM+S0XM0SZwn6bj3uawKoF2xyjNrSsmA1I6hH5HTTdhTtQ2VoAiKxeROXk
91Y/Qw6JlYmjkDVIOzX23LWCl5EFrCAMzu7g3u0penvKF8FPFiwdX7W2XuovZhdF
5cFDBZElrjZEPLKUaFp+glUhRh7O2ywhCCSziqI8YDIvB9JidmQV7K9GI/z5jAyM
xQXQd2f7UqzKd5YhuQ9FGmKxHdgv/5AMjVVC3m8s1qbrr+zLCK2u0X1E6XfyaxOV
kus5hAECgYEA8g9OrxEAJ/DlC1meyyNspkGhsC74b5+6+0N2gj+j0EpirdMtt3MC
LA5SIC0LWxx8e/513X7/dcxN2q2dgRS7f9iTdRCrF/F0obJLuJrRa7XVhL4Qs6KD
0gXZx3fTPDm1RM0qcx0x+E6Veh9dPV5R6TaMrnt3vg+5yRxZtZurXQkCgYEA2LpI
X7ek4NwI+eNojoqeLnj004o/QUPNnywjPfj0KeVH/G8wnoBr7seANYxNCLCNvgLc
+Nt+94HGqZxycJcikl8u0q5vn4+dpFAfDZ0wsOrB9bT9Gqtt3OG/svKHs15Y2ulj
58Nj8XrToCrzyUx3WmRpAxmZNYwpdGdJJNZXLUECgYAZwxVNvpJ0rcfCyHwFBLUo
kK2jsawRPT/KRCjVve4yWehctbAU6TGe/Lsy33ho7wQ0siVbOIv5vo++qWGs/kbi
WWuANxDukG0oVHCIqjmFrCmYYh4m8DH1ZVgDSbZ6n22yb9+HtuC9m6d/At2KjYJM
PtkELPHWkZflVpYZpQK8+QKBgGd3x8WqrxSK994VK32hwBL/vCKiBcDq1ef/8nNL
v4Wg6NUjYFrLhLviktr9uGlFoOXuCADnCZ6wXl/rSNdn0CGBP6FllfTfY6tmdOzS
9sP/z8m2Nn/dB/5D6HlOQGrpyBH7Cq9DIRvQP+hfmTOpRfHprhjEx9hAqinghZMI
oWYBAoGAShB1ebq0IlIHizbHNZfWSt143cSYLaxS/kxhMp5gLQRnokAeXZ8jMlOj
tkr6YK8KXI4ueTfvNckHFqGeny134zo487CP/Z68o2mTJTvzbLB8etV1mXuQ3QJN
4knZIM/OXK56ae5ydydaYcAWTo3LV8VvqJIhyoWFryLM4oSSud4=
-----END RSA PRIVATE KEY-----
'
networks:
apps: cf1
router:
servers:
z1:
- 0.router-z1.cf1.cf-baby.microbosh
z2: []
resource_pool: router_z1
templates:
- name: haproxy
release: cf
- instances: 0
lifecycle: errand
name: acceptance_tests
networks:
- name: cf1
resource_pool: small_errand
templates:
- name: acceptance-tests
release: cf
- instances: 0
lifecycle: errand
name: smoke_tests
networks:
- name: cf1
resource_pool: small_errand
templates:
- name: smoke-tests
release: cf
meta:
environment: cf-baby
releases:
- name: cf
version: latest
stemcell:
name: bosh-fifo-kvm-ubuntu-trusty-go_agent
version: latest
name: cf-baby
networks:
- cloud_properties:
net_id: c0c15666-0b72-4998-aaf2-2bb40e71b799
name: cf1
type: dynamic
- cloud_properties:
net_id: c0c15666-0b72-4998-aaf2-2bb40e71b799
name: cf2
type: dynamic
properties:
acceptance_tests: null
app_domains:
- hola.virtu.cl
cc:
app_events:
cutoff_age_in_days: 31
app_usage_events:
cutoff_age_in_days: 31
audit_events:
cutoff_age_in_days: 31
billing_event_writing_enabled: true
broker_client_timeout_seconds: 70
buildpacks:
buildpack_directory_key: hola.virtu.cl-cc-buildpacks
cdn: null
fog_connection: null
bulk_api_password: password
client_max_body_size: 1536M
db_encryption_key: password
default_app_disk_in_mb: 1024
default_app_memory: 1024
default_buildpacks:
- name: java_buildpack
package: buildpack_java
- name: ruby_buildpack
package: buildpack_ruby
- name: nodejs_buildpack
package: buildpack_nodejs
- name: go_buildpack
package: buildpack_go
- name: python_buildpack
package: buildpack_python
- name: php_buildpack
package: buildpack_php
default_quota_definition: default
default_running_security_groups:
- public_networks
- dns
default_staging_security_groups:
- public_networks
- dns
development_mode: false
diego: false
directories: null
disable_custom_buildpacks: false
droplets:
cdn: null
droplet_directory_key: hola.virtu.cl-cc-droplets
fog_connection: null
external_host: api
install_buildpacks:
- name: java_buildpack
package: buildpack_java
- name: ruby_buildpack
package: buildpack_ruby
- name: nodejs_buildpack
package: buildpack_nodejs
- name: go_buildpack
package: buildpack_go
- name: python_buildpack
package: buildpack_python
- name: php_buildpack
package: buildpack_php
jobs:
app_bits_packer:
timeout_in_seconds: null
app_events_cleanup:
timeout_in_seconds: null
app_usage_events_cleanup:
timeout_in_seconds: null
blobstore_delete:
timeout_in_seconds: null
blobstore_upload:
timeout_in_seconds: null
droplet_deletion:
timeout_in_seconds: null
droplet_upload:
timeout_in_seconds: null
global:
timeout_in_seconds: 14400
model_deletion:
timeout_in_seconds: null
maximum_app_disk_in_mb: 2048
newrelic:
capture_params: false
developer_mode: false
environment_name: cf-baby
license_key: null
monitor_mode: false
transaction_tracer:
enabled: true
record_sql: obfuscated
packages:
app_package_directory_key: hola.virtu.cl-cc-packages
cdn: null
fog_connection: null
max_package_size: 1073741824
quota_definitions:
default:
memory_limit: 10240
non_basic_services_allowed: true
total_routes: 1000
total_services: 100
resource_pool:
cdn: null
fog_connection: null
resource_directory_key: hola.virtu.cl-cc-resources
security_group_definitions:
- name: public_networks
rules:
- destination: 0.0.0.0-9.255.255.255
protocol: all
- destination: 11.0.0.0-169.253.255.255
protocol: all
- destination: 169.255.0.0-172.15.255.255
protocol: all
- destination: 172.32.0.0-192.167.255.255
protocol: all
- destination: 192.169.0.0-255.255.255.255
protocol: all
- name: dns
rules:
- destination: 0.0.0.0/0
ports: "53"
protocol: tcp
- destination: 0.0.0.0/0
ports: "53"
protocol: udp
srv_api_uri: https://api.hola.virtu.cl
stacks: null
staging_upload_password: upload-password
staging_upload_user: upload-user
system_buildpacks:
- name: java_buildpack
package: buildpack_java
- name: ruby_buildpack
package: buildpack_ruby
- name: nodejs_buildpack
package: buildpack_nodejs
- name: go_buildpack
package: buildpack_go
- name: python_buildpack
package: buildpack_python
- name: php_buildpack
package: buildpack_php
user_buildpacks: []
ccdb:
address: 0.postgres-z1.cf1.cf-baby.microbosh
databases:
- name: ccdb
tag: cc
db_scheme: postgres
port: 5524
roles:
- name: ccadmin
password: ccadmin
tag: admin
collector: null
databases:
address: 0.postgres-z1.cf1.cf-baby.microbosh
databases:
- citext: true
name: ccdb
tag: cc
- citext: true
name: uaadb
tag: uaa
db_scheme: postgres
port: 5524
roles:
- name: ccadmin
password: ccadmin
tag: admin
- name: uaaadmin
password: uaaadmin
tag: admin
dea_next:
allow_networks: null
deny_networks: null
directory_server_protocol: https
disk_mb: 10000
disk_overcommit_factor: 2
evacuation_bail_out_time_in_seconds: 600
instance_disk_inode_limit: 200000
kernel_network_tuning_enabled: true
logging_level: debug
memory_mb: 1024
memory_overcommit_factor: 3
staging_disk_inode_limit: 200000
staging_disk_limit_mb: 4096
staging_memory_limit_mb: 1024
description: La Nube
disk_quota_enabled: true
domain: hola.virtu.cl
dropsonde:
enabled: true
etcd:
machines:
- 0.etcd-z1.cf1.cf-baby.microbosh
etcd_metrics_server:
nats:
machines:
- 0.nats-z1.cf1.cf-baby.microbosh
password: nats
username: nats
logger_endpoint:
port: 4443
loggregator:
blacklisted_syslog_ranges: []
debug: false
maxRetainedLogMessages: 100
loggregator_endpoint:
shared_secret: password
login:
analytics:
code: null
domain: null
asset_base_url: null
brand: oss
catalina_opts: -Xmx768m -XX:MaxPermSize=256m
links:
home: https://console.hola.virtu.cl
network: null
passwd: https://console.hola.virtu.cl/password_resets/new
signup: https://console.hola.virtu.cl/register
signup-network: null
protocol: https
smtp:
host: null
password: null
port: null
user: null
tiles: null
uaa_base: null
uaa_certificate: '-----BEGIN CERTIFICATE-----
MIIDYTCCAkmgAwIBAgIJAOQy8l+wDKK9MA0GCSqGSIb3DQEBBQUAMCkxDTALBgNV
BAoTBEJvc2gxGDAWBgNVBAMUDyouaG9sYS52aXJ0dS5jbDAeFw0xNDA4MjAwMTMx
NTdaFw0yMDAyMTAwMTMxNTdaMCkxDTALBgNVBAoTBEJvc2gxGDAWBgNVBAMUDyou
aG9sYS52aXJ0dS5jbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMzt
DfGw/sM6oF4hBkLnp0yXaq9XbnC8lt4VpRUatnt+TXsV6Dc2bEQN9qsf/xs2Ocpc
6eRHT2PLkpNKPVg9q3FDLUhaHT7eoHihgAJzpqXvz9jkra3CvdDrabPKi+Ym5iiG
BJPJ0hOs8jGRFIEFiEob3kk07sAN9ekh8LJJ5uZrveJfnn9CGyVr2h907AwEESuk
jWw/gY1n4RBIMUDhv66FIK2N/hxcgwdyQJKpRJMpsEB+Y/rPMZ3mN8/hY2pJn+Qv
dXF7RNzDYpNbbJ+n22e+whbv38ETMGnfd2KMMX+MisKFYSLGMWxBnmXaEqc+JVhK
DNd/ozOfnRCAv8nsNEkCAwEAAaOBizCBiDAdBgNVHQ4EFgQUxsxwoXBIYOscHlJU
Gl0g1o/vo+kwWQYDVR0jBFIwUIAUxsxwoXBIYOscHlJUGl0g1o/vo+mhLaQrMCkx
DTALBgNVBAoTBEJvc2gxGDAWBgNVBAMUDyouaG9sYS52aXJ0dS5jbIIJAOQy8l+w
DKK9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAD3sOQa+ux5qGhfx
TbWmDMGYITO7W/4PSiaoOP9dDqOeAREy8I+S0TWKZD8eibiCSTIEIrEzd+fVaQzd
+QYCQ/7fIGx+UProqN0I0CD8tNa268AwhvD2HFApZ3D1L45WKZJwjovrH36a9TWz
Eqh3zwAjVBVAieu6FcDRK6AW4pY/P2CYI2dst4WJ6UI6LDVWbQgjl7K6j4tIqaqH
RFZd3ws8w/LivBALDYwiLI7RZ60cZf5FrsD+3wz8fzXqzgdd1GPFGS0R3E0evn6k
/deo/FfZ7p5PbBT6gi2tFMnM7yelfhDWhtuEPaQHzg4ZvXMQ8uXdM7h1wETJtvkN
Zy1oiEQ=
-----END CERTIFICATE-----
'
url: null
metron_endpoint:
shared_secret: password
nats:
address: 0.nats-z1.cf1.cf-baby.microbosh
debug: false
machines:
- 0.nats-z1.cf1.cf-baby.microbosh
monitor_port: 0
password: nats
port: 4222
prof_port: 0
trace: false
user: nats
nfs_server:
address: 0.nfs-z1.cf1.cf-baby.microbosh
allow_from_entries:
- 10.0.0.0/24
- null
- null
share: null
request_timeout_in_seconds: 300
router:
status:
password: router
user: router
smoke_tests: null
ssl:
skip_cert_verify: true
support_address: http://www.virtualizado.cl
syslog_aggregator: null
system_domain: hola.virtu.cl
system_domain_organization: null
uaa:
admin:
client_secret: password
authentication:
policy:
countFailuresWithinSeconds: null
lockoutAfterFailures: null
lockoutPeriodSeconds: null
batch:
password: password
username: batch
catalina_opts: -Xmx768m -XX:MaxPermSize=256m
cc:
client_secret: password
clients:
app-direct:
access-token-validity: 1209600
authorities: app_direct_invoice.write
authorized-grant-types: authorization_code,client_credentials,password,refresh_token,implicit
override: true
redirect-uri: https://console.hola.virtu.cl
refresh-token-validity: 1209600
secret: password
developer_console:
access-token-validity: 1209600
authorities: scim.write,scim.read,cloud_controller.read,cloud_controller.write,password.write,uaa.admin,uaa.resource,cloud_controller.admin,billing.admin
authorized-grant-types: authorization_code,client_credentials
override: true
redirect-uri: https://console.hola.virtu.cl/oauth/callback
refresh-token-validity: 1209600
scope: openid,cloud_controller.read,cloud_controller.write,password.write,console.admin,console.support
secret: password
login:
authorities: oauth.login
authorized-grant-types: authorization_code,client_credentials,refresh_token
override: true
redirect-uri: https://login.hola.virtu.cl
scope: openid,oauth.approvals
secret: password
notifications:
secret: password
servicesmgmt:
secret: password
space-mail:
secret: password
support-services:
secret: password
jwt:
signing_key: '-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAz4OguciBpCHUcYvK0BPYIyVyWyUG2jXG2QhHG0kV3pxInsei
joVelvwJnmBIxSTwgAoOiLH/ECoyRsNWL8eDfldIwOHmC/HOeQ16nCAXOcm4Oan+
bz6loZ4szLNVnTucUlAFR8nLTUQDLtJvzcCdh0dEJOJAVJqucUfeKm/LxH+TfW0J
WlqY2ezwlW7P3wQtD4gAAkWHl0IUdAp5Uv+GbeBiQ80n9DwE821Ih5exKsjZWyaC
wQAaSMJ/EZhLnF1bH9qXnxz+Y+CL259MRE/gbAGkGTcwUvSMVAJW5P+sdmoACerK
6nxbtmSv3IUtzOs7nQex1Wh0xNFyyiBAWYdRFQIDAQABAoIBAQCPPxXcKYUUgCXe
m9lM+eXhnR/ruwuX5jd16jjrpO/r04Zt1PFp4LcDEsixA1Y4gN9kA40032prBjXe
k0kTgm5K8IXQYCAlbq5Q8fUJgT2HLrB1Xdu9f0lm34GdbM5U06l9SK/cdnhYxfJM
iAeVyLj1gUSREX3G6WAx4qKCONo4sXl5iYMMm8q/sf5mYu3T249gshZCHscyxhZ2
Ckhvq8bIEeCkZ35oaFRCT6ZX9FblsMKCDQRlbDvxpKTvf6dJmHpFaIkKGV6HlV5C
lBNXdZ+xi6ZRemDDebbRDo0GZRk5Emuzn3UNlfAuqOd3KWtFSevS4l2XSX2gEIQB
eWvE99MBAoGBAPZ1oiJ4HgfUKwJKOuDahi9ZL+ah8uoZSLl/yaPYmiYT7DdAFGok
V3aEr35I/N32W8K2MmTnGOis8bAWFUoWOYAhvSsM7sQZazY/41AltLqQ14OKmuBt
OBdVQpGUR2WalP7c3eQtWkLpdBFGzBrklTppALmY6/pg7Buscv7kcXFdAoGBANeM
Db0/C8T4610Fb026g37jSePvKlFW94makeAPZmGNSS4xcXiYZjpC5fDFcq1ko+iu
ApyXq4VHbf4s3/8ps2I5oPD4S5qqIukY5Elf+FFR17y1W4S9QETyxH1ak5xK/mY6
nQlAQzOek99dicxuFBX0bv8nNvYaep3cdS6iYUsZAoGBAJl6b9lfS/Q8H/xxFXFp
JB7gP4A0Yf1+eVdrSLqL7JLB3Vwav5vJvd3EizTtZusiu8nphEBp2Y0sBeZOGjvk
0zID0LW6fAYKfkVuS7RhhsaX5F26NvCDk2aUZbwaxstzFE4SZOvvgkIg93K6z+f/
aR7SvOzXWjy1ltM09PfecvbRAoGBAMjGxo1/SoFBtEtDorfugkoRgWR2BR8bORzO
BA+HiMBZkM8ccyv4GVEvu2wZH4bv9dXpMLmYdcaCEKzwM/5EY7mdIJMVVadNz5L9
ArhuUqm86I35CLSObG1NDUYOtuyg1nN3KYvSdkaA8hDf2lm4N7FzrGizqHh5lbmx
/t1fl+0RAoGBAMaU4lfXY1d6pzLvUUU+lb6l5DOsX9vUCuzZgARmkY7LvK88wZMF
laTUXazGZAmlRUeKftqK9SEZ/e5s53B5JSdE3rVKMLH6sPxkybbUzIdyeU4RMMcS
GNvX8WEVeFFRbS3x3QffJhoCQyWK+DBBuNPfxC3Kaq/CUAqIswcq3Vr/
-----END RSA PRIVATE KEY-----
'
verification_key: '-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4OguciBpCHUcYvK0BPY
IyVyWyUG2jXG2QhHG0kV3pxInseijoVelvwJnmBIxSTwgAoOiLH/ECoyRsNWL8eD
fldIwOHmC/HOeQ16nCAXOcm4Oan+bz6loZ4szLNVnTucUlAFR8nLTUQDLtJvzcCd
h0dEJOJAVJqucUfeKm/LxH+TfW0JWlqY2ezwlW7P3wQtD4gAAkWHl0IUdAp5Uv+G
beBiQ80n9DwE821Ih5exKsjZWyaCwQAaSMJ/EZhLnF1bH9qXnxz+Y+CL259MRE/g
bAGkGTcwUvSMVAJW5P+sdmoACerK6nxbtmSv3IUtzOs7nQex1Wh0xNFyyiBAWYdR
FQIDAQAB
-----END PUBLIC KEY-----
'
ldap: null
login:
client_secret: null
no_ssl: false
scim:
external_groups: null
userids_enabled: false
users:
- admin|admin|scim.write,scim.read,openid,cloud_controller.admin,uaa.admin,password.write
- services|password|scim.write,scim.read,openid,cloud_controller.admin
spring_profiles: null
url: https://uaa.hola.virtu.cl
uaadb:
address: 0.postgres-z1.cf1.cf-baby.microbosh
databases:
- name: uaadb
tag: uaa
db_scheme: postgresql
port: 5524
roles:
- name: uaaadmin
password: uaaadmin
tag: admin
releases:
- name: cf
version: latest
resource_pools:
- cloud_properties:
instance_type: 0a827ade-f24c-4cb3-9df4-3ad35561fa9c
name: small_z1
network: cf1
size: 2
stemcell:
name: bosh-fifo-kvm-ubuntu-trusty-go_agent
version: latest
- cloud_properties:
instance_type: m1.small
name: small_z2
network: cf2
size: 0
stemcell:
name: bosh-fifo-kvm-ubuntu-trusty-go_agent
version: latest
- cloud_properties:
instance_type: 0a827ade-f24c-4cb3-9df4-3ad35561fa9c
name: medium_z1
network: cf1
size: 9
stemcell:
name: bosh-fifo-kvm-ubuntu-trusty-go_agent
version: latest
- cloud_properties:
instance_type: m1.medium
name: medium_z2
network: cf2
size: 0
stemcell:
name: bosh-fifo-kvm-ubuntu-trusty-go_agent
version: latest
- cloud_properties:
instance_type: 8ade6653-86ac-4777-82a3-728ac5751142
name: large_z1
network: cf1
size: 1
stemcell:
name: bosh-fifo-kvm-ubuntu-trusty-go_agent
version: latest
- cloud_properties:
instance_type: m1.large
name: large_z2
network: cf2
size: 0
stemcell:
name: bosh-fifo-kvm-ubuntu-trusty-go_agent
version: latest
- cloud_properties:
instance_type: 8ade6653-86ac-4777-82a3-728ac5751142
name: runner_z1
network: cf1
size: 1
stemcell:
name: bosh-fifo-kvm-ubuntu-trusty-go_agent
version: latest
- cloud_properties:
instance_type: m1.large
name: runner_z2
network: cf2
size: 0
stemcell:
name: bosh-fifo-kvm-ubuntu-trusty-go_agent
version: latest
- cloud_properties:
instance_type: 0a827ade-f24c-4cb3-9df4-3ad35561fa9c
name: router_z1
network: cf1
size: 2
stemcell:
name: bosh-fifo-kvm-ubuntu-trusty-go_agent
version: latest
- cloud_properties:
instance_type: m1.medium
name: router_z2
network: cf2
size: 0
stemcell:
name: bosh-fifo-kvm-ubuntu-trusty-go_agent
version: latest
- cloud_properties:
instance_type: 0a827ade-f24c-4cb3-9df4-3ad35561fa9c
name: small_errand
network: cf1
size: 0
stemcell:
name: bosh-fifo-kvm-ubuntu-trusty-go_agent
version: latest
update:
canaries: 0
canary_watch_time: 30000-600000
max_in_flight: 1
serial: true
update_watch_time: 5000-600000
Then deploy Cloud Foundry on FiFo/SmartOS:
$ bosh delete deployment a-redis-cluster $ bosh upload release https://community-shared-boshreleases.s3.amazonaws.com/boshrelease-cf-178.tgz $ bosh deployment cf-baby-178.yml $ bosh -n deploy
The output can be seen in this boring video
Note: After uploading the video i realize that is has no FiFo/SmartOS specific output.Well thats a Bosh feature after all.. Cloud independant…
Patch the micro and cpi plugin
As of this writing, the latest bosh version is 1.2671.0. This version need to be changed in a few places to make bosh actually work with the external cpi. Discussion here
The diff is here
What i actually do, is clone the bosh repo, apply that diff, and:
$ export VER="1.2671.0" $ export BOSH_REPO="/Users/killfill/Public/bosh-master" $ cd ~/.rvm/gems/ruby-1.9.3-p484/gems $ LIST=bosh_cli_plugin_micro bosh_cpi $ for i in $LIST; do mv $i-$VER $i-$VER.orig; ln -s $BOSH_REPO/$i $i-$VER; done
If anyone is actually trying these changes, successfully or not, please let me know!
Conclusion
- Its possible to integrate Bosh with any Cloud infrastructure that manages Linux VMs and provides an API using external CPI like was described here.
- Using an external CPI on Bosh require some modifications, it is not fully supported yet, but hopefully will be in the near future.
- Cloud Foundry runs on FiFo / SmartOS just fine
- Bosh should be capable of handling deployments of different Operating Systems.
- It may be not very exiting to deploy Linux VMs for the SmartOS fan, but with some modifications it should handle SmartOS zones just fine.
Jan 12, 2015 @ 16:00:40
dear Neumann
I want to install cloudfoundry on azure(microsoft azure). But you know the current cloufoundry can only be deployed in AWS, openstack or VMware cloud platform.
I want to ask you a question.
BOSH is suitable for cluster installation
But in your doc, i just see only a single server.
Jan 13, 2015 @ 22:21:22
Hi Jerry,
Yes, i don’t think they officially support deploying on Azure jet, but there are some efforts from the community to make that happen.
Bosh micro, the deployment tool to bootstrap Cloud Foundry installations, is getting refactoring in a way that it will be much easier to make it deploy on other infrastructure providers, so hacks like the one i describe here, or the one Nick had to do in the above link, are not necessary anymore.
Your right, im using only 1 server, but thats just my test environment. Fifo works very well with multiple servers and it has some nice features like cluster and stacks, topology setup, or characteristics which lets you specify the way how fifo selects in which server a VM will be created in.