Skip to content
Permalink
main
Go to file
Latest commit 6f586d6 Jan 15, 2021 History
176 contributors

Users who have contributed to this file

@staylor14 @jaresty @davewalter @ChunyiLyu @vitreuz @anEXPer @selzoc @Changdrew @acosta11 @mingxiao @njbennett @ishustava
2805 lines (2771 sloc) 79.6 KB
---
name: cf
manifest_version: v15.6.0
update:
canaries: 1
canary_watch_time: 30000-1200000
max_in_flight: 1
serial: false
update_watch_time: 5000-1200000
addons:
- name: loggregator_agent
include:
stemcell:
- os: ubuntu-xenial
exclude:
jobs:
- name: smoke_tests
release: cf-smoke-tests
jobs:
- name: loggregator_agent
release: loggregator-agent
properties:
grpc_port: 3459
disable_udp: true
loggregator:
tls:
ca_cert: "((loggregator_tls_agent.ca))"
agent:
cert: "((loggregator_tls_agent.certificate))"
key: "((loggregator_tls_agent.private_key))"
metrics:
ca_cert: "((loggregator_agent_metrics_tls.ca))"
cert: "((loggregator_agent_metrics_tls.certificate))"
key: "((loggregator_agent_metrics_tls.private_key))"
server_name: loggregator_agent_metrics
- name: forwarder_agent
include:
stemcell:
- os: ubuntu-xenial
jobs:
- name: loggr-forwarder-agent
release: loggregator-agent
properties:
tls:
ca_cert: "((loggregator_tls_agent.ca))"
cert: "((loggregator_tls_agent.certificate))"
key: "((loggregator_tls_agent.private_key))"
metrics:
ca_cert: "((forwarder_agent_metrics_tls.ca))"
cert: "((forwarder_agent_metrics_tls.certificate))"
key: "((forwarder_agent_metrics_tls.private_key))"
server_name: forwarder_agent_metrics
- name: loggr-syslog-agent
include:
stemcell:
- os: ubuntu-trusty
- os: ubuntu-xenial
exclude:
jobs:
- name: smoke_tests
release: cf-smoke-tests
jobs:
- name: loggr-syslog-agent
release: loggregator-agent
properties:
port: 3460
tls:
ca_cert: "((loggregator_tls_agent.ca))"
cert: "((loggregator_tls_agent.certificate))"
key: "((loggregator_tls_agent.private_key))"
cache:
tls:
ca_cert: "((syslog_agent_api_tls.ca))"
cert: "((syslog_agent_api_tls.certificate))"
key: "((syslog_agent_api_tls.private_key))"
cn: "binding-cache"
metrics:
ca_cert: "((syslog_agent_metrics_tls.ca))"
cert: "((syslog_agent_metrics_tls.certificate))"
key: "((syslog_agent_metrics_tls.private_key))"
server_name: syslog_agent_metrics
- name: prom_scraper
include:
stemcell:
- os: ubuntu-xenial
exclude:
jobs:
- name: smoke_tests
release: cf-smoke-tests
jobs:
- name: prom_scraper
release: loggregator-agent
properties:
scrape_interval: 60s
scrape:
tls:
ca_cert: "((prom_scraper_scrape_tls.ca))"
cert: "((prom_scraper_scrape_tls.certificate))"
key: "((prom_scraper_scrape_tls.private_key))"
metrics:
ca_cert: "((prom_scraper_metrics_tls.ca))"
cert: "((prom_scraper_metrics_tls.certificate))"
key: "((prom_scraper_metrics_tls.private_key))"
server_name: prom_scraper_metrics
- name: metrics-discovery-registrar
exclude:
jobs:
- name: smoke_tests
release: cf-smoke-tests
include:
stemcell:
- os: ubuntu-trusty
- os: ubuntu-xenial
jobs:
- name: metrics-discovery-registrar
properties:
metrics:
ca_cert: ((metrics_discovery_metrics_tls.ca))
cert: ((metrics_discovery_metrics_tls.certificate))
key: ((metrics_discovery_metrics_tls.private_key))
server_name: metrics_discovery_metrics
nats_client:
cert: ((nats_client_cert.certificate))
key: ((nats_client_cert.private_key))
release: metrics-discovery
- name: metrics-agent
exclude:
jobs:
- name: smoke_tests
release: cf-smoke-tests
include:
stemcell:
- os: ubuntu-xenial
jobs:
- name: metrics-agent
properties:
grpc:
ca_cert: ((loggregator_tls_agent.ca))
cert: ((loggregator_tls_agent.certificate))
key: ((loggregator_tls_agent.private_key))
metrics:
ca_cert: ((metrics_agent_tls.ca))
cert: ((metrics_agent_tls.certificate))
key: ((metrics_agent_tls.private_key))
server_name: metrics_agent
scrape:
tls:
ca_cert: ((prom_scraper_scrape_tls.ca))
cert: ((prom_scraper_scrape_tls.certificate))
key: ((prom_scraper_scrape_tls.private_key))
release: metrics-discovery
- name: bpm
include:
stemcell:
- os: ubuntu-xenial
jobs:
- name: bpm
release: bpm
- name: bosh-dns-aliases
jobs:
- name: bosh-dns-aliases
release: bosh-dns-aliases
properties:
aliases:
- domain: '_.cell.service.cf.internal'
targets:
- query: '_'
instance_group: diego-cell
deployment: cf
network: default
domain: bosh
- query: '_'
instance_group: windows2019-cell
deployment: cf
network: default
domain: bosh
- query: '_'
instance_group: isolated-diego-cell
deployment: cf
network: default
domain: bosh
- domain: auctioneer.service.cf.internal
targets:
- query: 'q-s4'
instance_group: scheduler
deployment: cf
network: default
domain: bosh
- domain: bbs.service.cf.internal
targets:
- query: 'q-s4'
instance_group: diego-api
deployment: cf
network: default
domain: bosh
- domain: blobstore.service.cf.internal
targets:
- query: '*'
instance_group: singleton-blobstore
deployment: cf
network: default
domain: bosh
- domain: cc-uploader.service.cf.internal
targets:
- query: '*'
instance_group: api
deployment: cf
network: default
domain: bosh
- domain: cloud-controller-ng.service.cf.internal
targets:
- query: '*'
instance_group: api
deployment: cf
network: default
domain: bosh
- domain: credhub.service.cf.internal
targets:
- query: '*'
instance_group: credhub
deployment: cf
network: default
domain: bosh
- domain: doppler.service.cf.internal
targets:
- query: '*'
instance_group: doppler
deployment: cf
network: default
domain: bosh
- domain: file-server.service.cf.internal
targets:
- query: '*'
instance_group: api
deployment: cf
network: default
domain: bosh
- domain: gorouter.service.cf.internal
targets:
- query: '*'
instance_group: router
deployment: cf
network: default
domain: bosh
- domain: locket.service.cf.internal
targets:
- query: '*'
instance_group: diego-api
deployment: cf
network: default
domain: bosh
- domain: loggregator-trafficcontroller.service.cf.internal
targets:
- query: '*'
instance_group: log-api
deployment: cf
network: default
domain: bosh
- domain: policy-server.service.cf.internal
targets:
- query: '*'
instance_group: api
deployment: cf
network: default
domain: bosh
- domain: reverse-log-proxy.service.cf.internal
targets:
- query: '*'
instance_group: log-api
deployment: cf
network: default
domain: bosh
- domain: routing-api.service.cf.internal
targets:
- query: '*'
instance_group: api
deployment: cf
network: default
domain: bosh
- domain: silk-controller.service.cf.internal
targets:
- query: '*'
instance_group: diego-api
deployment: cf
network: default
domain: bosh
- domain: sql-db.service.cf.internal
targets:
- query: '*'
instance_group: database
deployment: cf
network: default
domain: bosh
- domain: ssh-proxy.service.cf.internal
targets:
- query: '*'
instance_group: scheduler
deployment: cf
network: default
domain: bosh
- domain: tps.service.cf.internal
targets:
- query: '*'
instance_group: scheduler
deployment: cf
network: default
domain: bosh
- domain: uaa.service.cf.internal
targets:
- query: '*'
instance_group: uaa
deployment: cf
network: default
domain: bosh
- domain: nats.service.cf.internal
targets:
- query: '*'
instance_group: nats
deployment: cf
network: default
domain: bosh
- domain: _.nats.service.cf.internal
targets:
- query: '_'
instance_group: nats
deployment: cf
network: default
domain: bosh
instance_groups:
- name: smoke-tests
lifecycle: errand
azs:
- z1
instances: 1
vm_type: minimal
stemcell: default
networks:
- name: default
jobs:
- name: smoke_tests
release: cf-smoke-tests
properties:
bpm:
enabled: true
smoke_tests:
api: "https://api.((system_domain))"
apps_domain: "((system_domain))"
client: cf_smoke_tests
client_secret: "((uaa_clients_cf_smoke_tests_secret))"
org: cf_smoke_tests_org
space: cf_smoke_tests_space
cf_dial_timeout_in_seconds: 300
skip_ssl_validation: true
- name: cf-cli-7-linux
release: cf-cli
- name: nats
azs:
- z1
- z2
instances: 2
vm_type: minimal
stemcell: default
networks:
- name: default
jobs:
- name: nats
release: nats
provides:
nats: {as: nats, shared: true}
properties:
nats:
hostname: nats.service.cf.internal
user: nats
password: "((nats_password))"
internal:
tls:
ca: "((nats_internal_cert.ca))"
certificate: "((nats_internal_cert.certificate))"
enabled: true
private_key: "((nats_internal_cert.private_key))"
- name: nats-tls
release: nats
provides:
nats-tls: {as: nats-tls, shared: true}
properties:
nats:
hostname: nats.service.cf.internal
user: nats
password: "((nats_password))"
internal:
tls:
ca: "((nats_internal_cert.ca))"
private_key: "((nats_internal_cert.private_key))"
certificate: "((nats_internal_cert.certificate))"
enabled: true
external:
tls:
ca: "((nats_client_cert.ca))"
private_key: "((nats_server_cert.private_key))"
certificate: "((nats_server_cert.certificate))"
- name: database
migrated_from:
- name: mysql
- name: singleton-database
azs:
- z1
persistent_disk_type: 10GB
instances: 1
vm_type: small
stemcell: default
update:
serial: true
networks:
- name: default
jobs:
- name: pxc-mysql
release: pxc
properties:
admin_password: ((cf_mysql_mysql_admin_password))
engine_config:
binlog:
enabled: false
galera:
enabled: true
port: 13306
seeded_databases:
- name: cloud_controller
password: ((cc_database_password))
username: cloud_controller
- name: diego
password: ((diego_database_password))
username: diego
- name: network_connectivity
password: ((network_connectivity_database_password))
username: network_connectivity
- name: network_policy
password: ((network_policy_database_password))
username: network_policy
- name: routing-api
password: ((routing_api_database_password))
username: routing-api
- name: uaa
password: ((uaa_database_password))
username: uaa
- name: locket
password: ((locket_database_password))
username: locket
- name: credhub
password: ((credhub_database_password))
username: credhub
tls:
galera: ((galera_server_certificate))
server: ((mysql_server_certificate))
- name: proxy
release: pxc
properties:
api_password: ((cf_mysql_proxy_api_password))
api_port: 8083
api_uri: proxy.((system_domain))
- name: galera-agent
release: pxc
properties:
db_password: ((cf_mysql_mysql_galera_healthcheck_password))
endpoint_password: ((cf_mysql_mysql_galera_healthcheck_endpoint_password))
- name: gra-log-purger
release: pxc
- name: cluster-health-logger
release: pxc
properties:
db_password: ((cf_mysql_mysql_cluster_health_password))
- name: route_registrar
release: routing
properties:
route_registrar:
routes:
- name: cf-mysql-proxy
port: 8083
prepend_instance_index: true
registration_interval: 10s
uris:
- proxy.((system_domain))
- name: cf-mysql-proxy-aggregator
port: 8082
registration_interval: 10s
uris:
- proxy.((system_domain))
- name: bootstrap
release: pxc
- name: diego-api
migrated_from:
- name: diego-bbs
azs:
- z1
- z2
instances: 2
vm_type: small
stemcell: default
networks:
- name: default
jobs:
- name: cfdot
release: diego
properties:
tls: &cfdot_tls_client_properties
ca_certificate: "((diego_rep_client.ca))"
certificate: "((diego_rep_client.certificate))"
private_key: "((diego_rep_client.private_key))"
- name: bbs
release: diego
properties:
bpm:
enabled: true
diego:
bbs:
active_key_label: key-2016-06
detect_consul_cell_registrations: false
encryption_keys:
- label: key-2016-06
passphrase: "((diego_bbs_encryption_keys_passphrase))"
sql:
db_host: sql-db.service.cf.internal
db_port: 3306
db_schema: diego
db_username: diego
db_password: "((diego_database_password))"
db_driver: mysql
ca_cert: "((mysql_server_certificate.ca))"
require_ssl: true
ca_cert: "((diego_bbs_server.ca))"
auctioneer: &diego_auctioneer_client_properties
ca_cert: "((diego_auctioneer_client.ca))"
client_cert: "((diego_auctioneer_client.certificate))"
client_key: "((diego_auctioneer_client.private_key))"
server_cert: "((diego_bbs_server.certificate))"
server_key: "((diego_bbs_server.private_key))"
skip_consul_lock: true
rep:
require_tls: true
ca_cert: "((diego_rep_client.ca))"
client_cert: "((diego_rep_client.certificate))"
client_key: "((diego_rep_client.private_key))"
enable_consul_service_registration: false
loggregator: &diego_loggregator_client_properties
use_v2_api: true
ca_cert: "((loggregator_tls_agent.ca))"
cert: "((loggregator_tls_agent.certificate))"
key: "((loggregator_tls_agent.private_key))"
logging:
format:
timestamp: "rfc3339"
- name: silk-controller
release: silk
properties:
ca_cert: ((silk_controller.ca))
server_cert: ((silk_controller.certificate))
server_key: ((silk_controller.private_key))
database:
type: mysql
username: network_connectivity
password: ((network_connectivity_database_password))
host: sql-db.service.cf.internal
port: 3306
name: network_connectivity
ca_cert: "((mysql_server_certificate.ca))"
require_ssl: true
silk_daemon:
ca_cert: ((silk_daemon.ca))
client_cert: ((silk_daemon.certificate))
client_key: ((silk_daemon.private_key))
- name: locket
release: diego
properties:
bpm:
enabled: true
tls:
ca_cert: "((diego_locket_server.ca))"
cert: "((diego_locket_server.certificate))"
key: "((diego_locket_server.private_key))"
diego:
locket:
sql:
db_host: sql-db.service.cf.internal
db_port: 3306
db_schema: locket
db_username: locket
db_password: "((locket_database_password))"
db_driver: mysql
ca_cert: "((mysql_server_certificate.ca))"
require_ssl: true
enable_consul_service_registration: false
loggregator:
use_v2_api: true
ca_cert: "((loggregator_tls_agent.ca))"
cert: "((loggregator_tls_agent.certificate))"
key: "((loggregator_tls_agent.private_key))"
logging:
format:
timestamp: "rfc3339"
- name: loggr-udp-forwarder
release: loggregator-agent
properties:
loggregator:
tls:
ca: "((loggregator_tls_agent.ca))"
cert: "((loggregator_tls_agent.certificate))"
key: "((loggregator_tls_agent.private_key))"
metrics:
ca_cert: "((loggr_udp_forwarder_tls.ca))"
cert: "((loggr_udp_forwarder_tls.certificate))"
key: "((loggr_udp_forwarder_tls.private_key))"
server_name: loggr_udp_forwarder_metrics
- name: uaa
azs:
- z1
- z2
instances: 2
vm_type: minimal
stemcell: default
networks:
- name: default
jobs:
- name: uaa
release: uaa
properties:
encryption:
active_key_label: default_key
encryption_keys:
- label: default_key
passphrase: ((uaa_default_encryption_passphrase))
login:
saml:
activeKeyId: key-1
keys:
key-1:
key: "((uaa_login_saml.private_key))"
certificate: "((uaa_login_saml.certificate))"
passphrase: ""
uaa:
sslCertificate: "((uaa_ssl.certificate))"
sslPrivateKey: "((uaa_ssl.private_key))"
zones:
internal:
hostnames:
- uaa.service.cf.internal
url: https://uaa.((system_domain))
admin:
client_secret: "((uaa_admin_client_secret))"
logging_level: INFO
scim:
users:
- name: admin
password: "((cf_admin_password))"
groups:
- clients.read
- cloud_controller.admin
- doppler.firehose
- network.admin
- openid
- routing.router_groups.read
- routing.router_groups.write
- scim.read
- scim.write
jwt:
policy:
active_key_id: key-1
keys:
key-1:
signingKey: "((uaa_jwt_signing_key.private_key))"
clients:
cc_routing:
authorities: routing.router_groups.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_cc-routing_secret))"
cc-service-dashboards:
authorities: clients.read,clients.write,clients.admin
authorized-grant-types: client_credentials
scope: openid,cloud_controller_service_permissions.read
secret: "((uaa_clients_cc-service-dashboards_secret))"
cc_service_key_client:
authorities: credhub.read,credhub.write
authorized-grant-types: client_credentials
secret: "((uaa_clients_cc_service_key_client_secret))"
cf:
access-token-validity: 600
authorities: uaa.none
authorized-grant-types: password,refresh_token
override: true
refresh-token-validity: 2592000
scope: network.admin,network.write,cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read,routing.router_groups.write,cloud_controller.admin_read_only,cloud_controller.global_auditor,perm.admin,clients.read
secret: ''
cf_smoke_tests:
authorities: cloud_controller.admin,clients.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_cf_smoke_tests_secret))"
cloud_controller_username_lookup:
authorities: scim.userids
authorized-grant-types: client_credentials
secret: "((uaa_clients_cloud_controller_username_lookup_secret))"
credhub_admin_client:
authorities: credhub.read,credhub.write
authorized-grant-types: client_credentials
secret: ((credhub_admin_client_secret))
doppler:
authorities: uaa.resource
override: true
authorized-grant-types: client_credentials
secret: "((uaa_clients_doppler_secret))"
gorouter:
authorities: routing.routes.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_gorouter_secret))"
ssh-proxy:
authorized-grant-types: authorization_code
autoapprove: true
override: true
redirect-uri: "https://uaa.((system_domain))/login"
scope: openid,cloud_controller.read,cloud_controller.write,cloud_controller.admin
secret: "((uaa_clients_ssh-proxy_secret))"
routing_api_client:
authorities: routing.routes.write,routing.routes.read,routing.router_groups.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_routing_api_client_secret))"
network-policy:
authorities: uaa.resource,cloud_controller.admin_read_only
authorized-grant-types: client_credentials
secret: ((uaa_clients_network_policy_secret))
tcp_emitter:
authorities: routing.routes.write,routing.routes.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_tcp_emitter_secret))"
tcp_router:
authorities: routing.routes.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_tcp_router_secret))"
ca_certs:
- "((mysql_server_certificate.ca))"
uaadb:
address: sql-db.service.cf.internal
databases:
- name: uaa
tag: uaa
db_scheme: mysql
port: 3306
roles:
- name: uaa
password: "((uaa_database_password))"
tag: admin
- name: route_registrar
release: routing
properties:
route_registrar:
routes:
- health_check:
name: uaa-healthcheck
script_path: "/var/vcap/jobs/uaa/bin/dns/healthy"
name: uaa
tls_port: 8443
server_cert_domain_san: "uaa.service.cf.internal"
registration_interval: 10s
tags:
component: uaa
uris:
- uaa.((system_domain))
- "*.uaa.((system_domain))"
- login.((system_domain))
- "*.login.((system_domain))"
- name: statsd_injector
release: statsd-injector
properties: &statsd_injector_properties
loggregator:
tls:
ca_cert: "((loggregator_tls_statsdinjector.ca))"
statsd_injector:
cert: "((loggregator_tls_statsdinjector.certificate))"
key: "((loggregator_tls_statsdinjector.private_key))"
- name: singleton-blobstore
migrated_from:
- name: blobstore
azs:
- z1
instances: 1
vm_type: small
persistent_disk_type: 100GB
stemcell: default
update:
serial: true
networks:
- name: default
jobs:
- name: blobstore
release: capi
properties:
select_directories_to_backup:
- "buildpacks"
- "packages"
- "droplets"
system_domain: "((system_domain))"
blobstore:
admin_users:
- username: blobstore-user
password: "((blobstore_admin_users_password))"
secure_link:
secret: "((blobstore_secure_link_secret))"
tls:
cert: "((blobstore_tls.certificate))"
private_key: "((blobstore_tls.private_key))"
- name: route_registrar
release: routing
properties:
route_registrar:
routes:
- name: blobstore
port: 8080
registration_interval: 20s
tags:
component: blobstore
uris:
- blobstore.((system_domain))
- name: api
azs:
- z1
- z2
instances: 2
vm_type: small
vm_extensions:
- 50GB_ephemeral_disk
stemcell: default
networks:
- name: default
jobs:
- name: cloud_controller_ng
release: capi
provides:
cloud_controller: {as: cloud_controller, shared: true}
properties:
router:
route_services_secret: "((router_route_services_secret))"
system_domain: "((system_domain))"
app_domains:
- "((system_domain))"
- name: apps.internal
internal: true
app_ssh:
host_key_fingerprint: "((diego_ssh_proxy_host_key.public_key_fingerprint))"
routing_api: &routing_api
enabled: true
credhub_api:
ca_cert: ((credhub_tls.ca))
ssl:
skip_cert_verify: true
uaa:
ca_cert: "((uaa_ssl.ca))"
clients:
cc_routing:
secret: "((uaa_clients_cc-routing_secret))"
cloud_controller_username_lookup:
secret: "((uaa_clients_cloud_controller_username_lookup_secret))"
cc-service-dashboards:
secret: "((uaa_clients_cc-service-dashboards_secret))"
cc_service_key_client:
secret: "((uaa_clients_cc_service_key_client_secret))"
url: https://uaa.((system_domain))
cc:
diego:
docker_staging_stack: cflinuxfs3
stacks:
- name: cflinuxfs3
description: Cloud Foundry Linux-based filesystem (Ubuntu 18.04)
default_running_security_groups:
- public_networks
- dns
default_staging_security_groups:
- public_networks
- dns
security_group_definitions:
- name: public_networks
rules:
- destination: 0.0.0.0-9.255.255.255
protocol: all
- destination: 11.0.0.0-169.253.255.255
protocol: all
- destination: 169.255.0.0-172.15.255.255
protocol: all
- destination: 172.32.0.0-192.167.255.255
protocol: all
- destination: 192.169.0.0-255.255.255.255
protocol: all
- name: dns
rules:
- destination: 0.0.0.0/0
ports: '53'
protocol: tcp
- destination: 0.0.0.0/0
ports: '53'
protocol: udp
install_buildpacks:
## Order is important here
- name: staticfile_buildpack
package: staticfile-buildpack-cflinuxfs3
- name: java_buildpack
package: java-buildpack-cflinuxfs3
- name: ruby_buildpack
package: ruby-buildpack-cflinuxfs3
- name: dotnet_core_buildpack
package: dotnet-core-buildpack-cflinuxfs3
- name: nodejs_buildpack
package: nodejs-buildpack-cflinuxfs3
- name: go_buildpack
package: go-buildpack-cflinuxfs3
- name: python_buildpack
package: python-buildpack-cflinuxfs3
- name: php_buildpack
package: php-buildpack-cflinuxfs3
- name: nginx_buildpack
package: nginx-buildpack-cflinuxfs3
- name: r_buildpack
package: r-buildpack-cflinuxfs3
- name: binary_buildpack
package: binary-buildpack-cflinuxfs3
db_encryption_key: "((cc_db_encryption_key))"
database_encryption: &cc-database-encryption
current_key_label: "encryption_key_0"
keys:
encryption_key_0: "((cc_db_encryption_key))"
bulk_api_password: "((cc_bulk_api_password))"
internal_api_password: "((cc_internal_api_password))"
staging_upload_user: staging_user
staging_upload_password: "((cc_staging_upload_password))"
temporary_use_logcache: true
logcache_tls:
private_key: "((cc_logcache_tls.private_key))"
certificate: "((cc_logcache_tls.certificate))"
buildpacks: &blobstore-properties
blobstore_type: webdav
webdav_config:
ca_cert: "((blobstore_tls.ca))"
blobstore_timeout: 5
password: "((blobstore_admin_users_password))"
private_endpoint: https://blobstore.service.cf.internal:4443
public_endpoint: https://blobstore.((system_domain))
username: blobstore-user
resource_pool: *blobstore-properties
packages: *blobstore-properties
droplets: *blobstore-properties
mutual_tls: &cc_mutual_tls
ca_cert: "((cc_tls.ca))"
public_cert: "((cc_tls.certificate))"
private_key: "((cc_tls.private_key))"
public_tls:
ca_cert: "((cc_public_tls.ca))"
certificate: "((cc_public_tls.certificate))"
private_key: "((cc_public_tls.private_key))"
ccdb: &ccdb
address: sql-db.service.cf.internal
databases:
- name: cloud_controller
tag: cc
db_scheme: mysql
port: 3306
roles:
- name: cloud_controller
password: "((cc_database_password))"
tag: admin
ca_cert: "((mysql_server_certificate.ca))"
- name: binary-buildpack
release: binary-buildpack
- name: dotnet-core-buildpack
release: dotnet-core-buildpack
- name: go-buildpack
release: go-buildpack
- name: java-buildpack
release: java-buildpack
- name: nodejs-buildpack
release: nodejs-buildpack
- name: nginx-buildpack
release: nginx-buildpack
- name: r-buildpack
release: r-buildpack
- name: php-buildpack
release: php-buildpack
- name: python-buildpack
release: python-buildpack
- name: ruby-buildpack
release: ruby-buildpack
- name: staticfile-buildpack
release: staticfile-buildpack
- name: route_registrar
release: routing
properties:
route_registrar:
routes:
- name: api
registration_interval: 10s
port: 9022
tls_port: 9024
server_cert_domain_san: "api.((system_domain))"
tags:
component: CloudController
uris:
- api.((system_domain))
health_check:
name: api-health-check
script_path: "/var/vcap/jobs/cloud_controller_ng/bin/cloud_controller_ng_health_check"
timeout: 6s
- name: policy-server
tls_port: 4002
server_cert_domain_san: "api.((system_domain))"
registration_interval: 20s
uris:
- api.((system_domain))/networking
- name: statsd_injector
release: statsd-injector
properties: *statsd_injector_properties
- name: file_server
release: diego
properties:
bpm:
enabled: true
enable_consul_service_registration: false
logging:
format:
timestamp: "rfc3339"
loggregator: *diego_loggregator_client_properties
- name: routing-api
release: routing
properties:
routing_api:
enabled_api_endpoints: "both"
mtls_ca: "((routing_api_tls_client.ca))"
mtls_server_cert: "((routing_api_tls.certificate))"
mtls_server_key: "((routing_api_tls.private_key))"
mtls_client_cert: "((routing_api_tls_client.certificate))"
mtls_client_key: "((routing_api_tls_client.private_key))"
skip_consul_lock: true
system_domain: "((system_domain))"
router_groups:
- name: default-tcp
type: tcp
reservable_ports: 1024-1033
sqldb:
host: sql-db.service.cf.internal
type: mysql
port: 3306
schema: routing-api
username: routing-api
password: "((routing_api_database_password))"
ca_cert: "((mysql_server_certificate.ca))"
locket:
api_location: "locket.service.cf.internal:8891"
ca_cert: "((diego_locket_client.ca))"
client_cert: "((diego_locket_client.certificate))"
client_key: "((diego_locket_client.private_key))"
uaa:
ca_cert: "((uaa_ssl.ca))"
tls_port: 8443
- name: policy-server
release: cf-networking
properties:
uaa_client_secret: ((uaa_clients_network_policy_secret))
uaa_ca: ((uaa_ssl.ca))
enable_space_developer_self_service: true
enable_tls: true
database:
type: mysql
username: network_policy
password: ((network_policy_database_password))
host: sql-db.service.cf.internal
port: 3306
name: network_policy
ca_cert: "((mysql_server_certificate.ca))"
require_ssl: true
server_cert: ((network_policy_server_external.certificate))
server_key: ((network_policy_server_external.private_key))
- name: policy-server-internal
release: cf-networking
properties:
ca_cert: ((network_policy_server.ca))
server_cert: ((network_policy_server.certificate))
server_key: ((network_policy_server.private_key))
- name: cc_uploader
release: capi
properties:
capi:
cc_uploader:
cc:
ca_cert: "((cc_bridge_cc_uploader.ca))"
client_cert: "((cc_bridge_cc_uploader.certificate))"
client_key: "((cc_bridge_cc_uploader.private_key))"
mutual_tls:
ca_cert: "((cc_bridge_cc_uploader_server.ca))"
server_cert: "((cc_bridge_cc_uploader_server.certificate))"
server_key: "((cc_bridge_cc_uploader_server.private_key))"
- name: loggr-udp-forwarder
release: loggregator-agent
properties:
loggregator:
tls:
ca: "((loggregator_tls_agent.ca))"
cert: "((loggregator_tls_agent.certificate))"
key: "((loggregator_tls_agent.private_key))"
metrics:
ca_cert: "((loggr_udp_forwarder_tls.ca))"
cert: "((loggr_udp_forwarder_tls.certificate))"
key: "((loggr_udp_forwarder_tls.private_key))"
server_name: loggr_udp_forwarder_metrics
- name: cc-worker
azs:
- z1
- z2
instances: 2
vm_type: minimal
stemcell: default
networks:
- name: default
jobs:
- name: cloud_controller_worker
release: capi
properties:
cc:
db_encryption_key: "((cc_db_encryption_key))"
database_encryption: *cc-database-encryption
internal_api_password: "((cc_internal_api_password))"
staging_upload_user: staging_user
staging_upload_password: "((cc_staging_upload_password))"
resource_pool: *blobstore-properties
packages: *blobstore-properties
droplets: *blobstore-properties
buildpacks: *blobstore-properties
mutual_tls: *cc_mutual_tls
ccdb: *ccdb
system_domain: "((system_domain))"
routing_api: *routing_api
ssl:
skip_cert_verify: true
uaa:
ca_cert: "((uaa_ssl.ca))"
clients:
cc-service-dashboards:
secret: "((uaa_clients_cc-service-dashboards_secret))"
cc_routing:
secret: "((uaa_clients_cc-routing_secret))"
- name: scheduler
azs:
- z1
- z2
instances: 2
migrated_from:
- {name: cc-bridge}
- {name: cc-clock}
- {name: diego-brain}
vm_type: minimal
vm_extensions:
- diego-ssh-proxy-network-properties
stemcell: default
networks:
- name: default
jobs:
- name: cfdot
release: diego
properties:
tls: *cfdot_tls_client_properties
- name: auctioneer
release: diego
properties:
bpm:
enabled: true
diego:
auctioneer:
bbs: &diego_bbs_client_properties
ca_cert: "((diego_bbs_client.ca))"
client_cert: "((diego_bbs_client.certificate))"
client_key: "((diego_bbs_client.private_key))"
ca_cert: "((diego_auctioneer_server.ca))"
rep:
require_tls: true
ca_cert: "((diego_rep_client.ca))"
client_cert: "((diego_rep_client.certificate))"
client_key: "((diego_rep_client.private_key))"
server_cert: "((diego_auctioneer_server.certificate))"
server_key: "((diego_auctioneer_server.private_key))"
skip_consul_lock: true
enable_consul_service_registration: false
loggregator: *diego_loggregator_client_properties
logging:
format:
timestamp: "rfc3339"
- name: cloud_controller_clock
release: capi
properties:
cc:
db_encryption_key: "((cc_db_encryption_key))"
database_encryption: *cc-database-encryption
internal_api_password: "((cc_internal_api_password))"
staging_upload_user: staging_user
staging_upload_password: "((cc_staging_upload_password))"
resource_pool: *blobstore-properties
packages: *blobstore-properties
droplets: *blobstore-properties
buildpacks: *blobstore-properties
mutual_tls: *cc_mutual_tls
ccdb: *ccdb
system_domain: "((system_domain))"
routing_api: *routing_api
ssl:
skip_cert_verify: true
uaa:
ca_cert: "((uaa_ssl.ca))"
clients:
cc-service-dashboards:
secret: "((uaa_clients_cc-service-dashboards_secret))"
cc_routing:
secret: "((uaa_clients_cc-routing_secret))"
ssl:
port: 8443
- name: cc_deployment_updater
release: capi
properties:
cc:
db_encryption_key: ((cc_db_encryption_key))
mutual_tls:
ca_cert: "((cc_tls.ca))"
private_key: "((cc_tls.private_key))"
public_cert: "((cc_tls.certificate))"
ccdb: *ccdb
- name: service-discovery-controller
properties:
dnshttps:
client:
ca: ((cf_app_sd_server_tls.ca))
server:
tls: ((cf_app_sd_server_tls))
release: cf-networking
- name: statsd_injector
release: statsd-injector
properties: *statsd_injector_properties
- name: tps
release: capi
properties:
capi:
tps:
bbs: *diego_bbs_client_properties
watcher:
locket:
api_location: "locket.service.cf.internal:8891"
skip_consul_lock: true
cc:
ca_cert: "((cc_bridge_tps.ca))"
client_cert: "((cc_bridge_tps.certificate))"
client_key: "((cc_bridge_tps.private_key))"
- name: ssh_proxy
release: diego
properties:
bpm:
enabled: true
diego:
ssh_proxy:
enable_cf_auth: true
host_key: "((diego_ssh_proxy_host_key.private_key))"
uaa_secret: "((uaa_clients_ssh-proxy_secret))"
uaa:
ca_cert: "((uaa_ssl.ca))"
bbs: *diego_bbs_client_properties
disable_healthcheck_server: true
backends:
tls:
enabled: true
ca_certificates:
- ((diego_instance_identity_ca.ca))
client_certificate: ((ssh_proxy_backends_tls.certificate))
client_private_key: ((ssh_proxy_backends_tls.private_key))
enable_consul_service_registration: false
loggregator: *diego_loggregator_client_properties
logging:
format:
timestamp: "rfc3339"
- name: loggr-syslog-binding-cache
release: loggregator-agent
properties:
external_port: 9000
tls:
ca_cert: "((binding_cache_tls.ca))"
cert: "((binding_cache_tls.certificate))"
key: "((binding_cache_tls.private_key))"
cn: "binding-cache"
api:
tls:
ca_cert: "((cc_tls.ca))"
cert: "((binding_cache_api_tls.certificate))"
key: "((binding_cache_api_tls.private_key))"
cn: "cloud-controller-ng.service.cf.internal"
metrics:
ca_cert: "((loggr_syslog_binding_cache_metrics_tls.ca))"
cert: "((loggr_syslog_binding_cache_metrics_tls.certificate))"
key: "((loggr_syslog_binding_cache_metrics_tls.private_key))"
server_name: loggr_syslog_binding_cache_metrics
- name: loggr-udp-forwarder
release: loggregator-agent
properties:
loggregator:
tls:
ca: "((loggregator_tls_agent.ca))"
cert: "((loggregator_tls_agent.certificate))"
key: "((loggregator_tls_agent.private_key))"
metrics:
ca_cert: "((loggr_udp_forwarder_tls.ca))"
cert: "((loggr_udp_forwarder_tls.certificate))"
key: "((loggr_udp_forwarder_tls.private_key))"
server_name: loggr_udp_forwarder_metrics
- name: router
azs:
- z1
- z2
instances: 2
vm_type: minimal
vm_extensions:
- cf-router-network-properties
stemcell: default
update:
serial: true
networks:
- name: default
jobs:
- name: gorouter
release: routing
properties:
router:
enable_ssl: true
tls_pem:
- cert_chain: "((router_ssl.certificate))"
private_key: "((router_ssl.private_key))"
ca_certs: |
((diego_instance_identity_ca.ca))
((cc_tls.ca))
((uaa_ssl.ca))
((network_policy_server_external.ca))
backends:
cert_chain: ((gorouter_backend_tls.certificate))
private_key: ((gorouter_backend_tls.private_key))
status:
password: "((router_status_password))"
user: router-status
route_services_secret: "((router_route_services_secret))"
tracing:
enable_zipkin: true
routing_api:
enabled: true
uaa:
clients:
gorouter:
secret: "((uaa_clients_gorouter_secret))"
ca_cert: "((uaa_ssl.ca))"
ssl:
port: 8443
- name: loggr-udp-forwarder
release: loggregator-agent
properties:
loggregator:
tls:
ca: "((loggregator_tls_agent.ca))"
cert: "((loggregator_tls_agent.certificate))"
key: "((loggregator_tls_agent.private_key))"
metrics:
ca_cert: "((loggr_udp_forwarder_tls.ca))"
cert: "((loggr_udp_forwarder_tls.certificate))"
key: "((loggr_udp_forwarder_tls.private_key))"
server_name: loggr_udp_forwarder_metrics
- name: tcp-router
azs:
- z1
- z2
instances: 2
vm_type: minimal
stemcell: default
vm_extensions:
- cf-tcp-router-network-properties
networks:
- name: default
jobs:
- name: tcp_router
release: routing
properties:
tcp_router:
oauth_secret: "((uaa_clients_tcp_router_secret))"
router_group: default-tcp
uaa:
ca_cert: "((uaa_ssl.ca))"
tls_port: 8443
- name: loggr-udp-forwarder
release: loggregator-agent
properties:
loggregator:
tls:
ca: "((loggregator_tls_agent.ca))"
cert: "((loggregator_tls_agent.certificate))"
key: "((loggregator_tls_agent.private_key))"
metrics:
ca_cert: "((loggr_udp_forwarder_tls.ca))"
cert: "((loggr_udp_forwarder_tls.certificate))"
key: "((loggr_udp_forwarder_tls.private_key))"
server_name: loggr_udp_forwarder_metrics
- name: doppler
azs:
- z1
- z2
instances: 4
vm_type: minimal
stemcell: default
networks:
- name: default
jobs:
- name: doppler
release: loggregator
provides:
doppler: {as: doppler, shared: true}
properties:
loggregator:
tls:
ca_cert: "((loggregator_tls_doppler.ca))"
doppler:
cert: "((loggregator_tls_doppler.certificate))"
key: "((loggregator_tls_doppler.private_key))"
- name: log-cache
provides:
log-cache: {shared: true}
properties:
metrics:
ca_cert: "((log_cache_metrics_tls.ca))"
cert: "((log_cache_metrics_tls.certificate))"
key: "((log_cache_metrics_tls.private_key))"
server_name: log_cache_metrics
health_addr: localhost:6060
tls:
ca_cert: ((log_cache.ca))
cert: ((log_cache.certificate))
key: ((log_cache.private_key))
release: log-cache
- name: log-cache-gateway
properties:
gateway_addr: localhost:8081
proxy_cert: "((log_cache_proxy_tls.certificate))"
proxy_key: "((log_cache_proxy_tls.private_key))"
metrics:
ca_cert: "((log_cache_gateway_metrics_tls.ca))"
cert: "((log_cache_gateway_metrics_tls.certificate))"
key: "((log_cache_gateway_metrics_tls.private_key))"
server_name: log_cache_gateway_metrics
release: log-cache
- consumes:
reverse_log_proxy: {from: reverse_log_proxy}
name: log-cache-nozzle
properties:
logs_provider:
tls:
ca_cert: ((logs_provider.ca))
cert: ((logs_provider.certificate))
key: ((logs_provider.private_key))
release: log-cache
- name: route_registrar
properties:
route_registrar:
routes:
- name: log-cache-reverse-proxy
port: 8083
tls_port: 8083
registration_interval: 20s
server_cert_domain_san: log-cache.((system_domain))
uris:
- log-cache.((system_domain))
- '*.log-cache.((system_domain))'
release: routing
- name: log-cache-cf-auth-proxy
properties:
metrics:
ca_cert: "((log_cache_cf_auth_proxy_metrics_tls.ca))"
cert: "((log_cache_cf_auth_proxy_metrics_tls.certificate))"
key: "((log_cache_cf_auth_proxy_metrics_tls.private_key))"
server_name: log_cache_cf_auth_proxy_metrics
cc:
ca_cert: ((cc_tls.ca))
common_name: cloud-controller-ng.service.cf.internal
proxy_ca_cert: "((log_cache.ca))"
proxy_port: 8083
external_cert: ((logcache_ssl.certificate))
external_key: ((logcache_ssl.private_key))
uaa:
ca_cert: ((uaa_ssl.ca))
client_id: doppler
client_secret: ((uaa_clients_doppler_secret))
internal_addr: https://uaa.service.cf.internal:8443
release: log-cache
- name: diego-cell
azs:
- z1
- z2
instances: 3
vm_type: small-highmem
vm_extensions:
- 100GB_ephemeral_disk
stemcell: default
networks:
- name: default
jobs:
- name: bosh-dns-adapter
properties:
internal_domains: ["apps.internal."]
dnshttps:
client:
tls: ((cf_app_sd_client_tls))
server:
ca: ((cf_app_sd_client_tls.ca))
release: cf-networking
- name: cflinuxfs3-rootfs-setup
release: cflinuxfs3
properties:
cflinuxfs3-rootfs:
trusted_certs:
- ((diego_instance_identity_ca.ca))
- ((credhub_tls.ca))
- ((uaa_ssl.ca))
- name: garden
release: garden-runc
properties:
garden:
containerd_mode: true
cleanup_process_dirs_on_wait: true
debug_listen_address: 127.0.0.1:17019
default_container_grace_time: 0
destroy_containers_on_start: true
deny_networks:
- 0.0.0.0/0
network_plugin: /var/vcap/packages/runc-cni/bin/garden-external-networker
network_plugin_extra_args:
- --configFile=/var/vcap/jobs/garden-cni/config/adapter.json
logging:
format:
timestamp: "rfc3339"
- name: rep
release: diego
properties:
bpm:
enabled: true
diego:
executor:
instance_identity_ca_cert: ((diego_instance_identity_ca.certificate))
instance_identity_key: ((diego_instance_identity_ca.private_key))
rep:
preloaded_rootfses:
- cflinuxfs3:/var/vcap/packages/cflinuxfs3/rootfs.tar
containers:
proxy:
enabled: true
require_and_verify_client_certificates: true
trusted_ca_certificates:
- ((gorouter_backend_tls.ca))
- ((ssh_proxy_backends_tls.ca))
verify_subject_alt_name:
- gorouter.service.cf.internal
- ssh-proxy.service.cf.internal
trusted_ca_certificates:
- ((diego_instance_identity_ca.ca))
- ((credhub_tls.ca))
- ((uaa_ssl.ca))
enable_consul_service_registration: false
enable_declarative_healthcheck: true
loggregator: *diego_loggregator_client_properties
tls:
ca_cert: "((diego_rep_agent_v2.ca))"
cert: "((diego_rep_agent_v2.certificate))"
key: "((diego_rep_agent_v2.private_key))"
logging:
format:
timestamp: "rfc3339"
- name: cfdot
release: diego
properties:
tls: *cfdot_tls_client_properties
- name: route_emitter
release: diego
consumes:
nats:
ip_addresses: false
nats-tls:
ip_addresses: false
properties:
bpm:
enabled: true
loggregator: *diego_loggregator_client_properties
diego:
route_emitter:
local_mode: true
bbs:
ca_cert: "((diego_bbs_client.ca))"
client_cert: "((diego_bbs_client.certificate))"
client_key: "((diego_bbs_client.private_key))"
nats:
tls:
enabled: true
client_cert: "((nats_client_cert.certificate))"
client_key: "((nats_client_cert.private_key))"
tcp:
enabled: true
uaa:
ca_cert: "((uaa_ssl.ca))"
client_secret: "((uaa_clients_tcp_emitter_secret))"
logging:
format:
timestamp: "rfc3339"
internal_routes:
enabled: true
- name: garden-cni
release: cf-networking
properties:
cni_plugin_dir: /var/vcap/packages/silk-cni/bin
cni_config_dir: /var/vcap/jobs/silk-cni/config/cni
- name: netmon
release: silk
- name: vxlan-policy-agent
release: silk
properties:
ca_cert: ((network_policy_client.ca))
client_cert: ((network_policy_client.certificate))
client_key: ((network_policy_client.private_key))
- name: silk-daemon
release: silk
properties:
ca_cert: ((silk_daemon.ca))
client_cert: ((silk_daemon.certificate))
client_key: ((silk_daemon.private_key))
- name: silk-cni
release: silk
properties:
dns_servers:
- 169.254.0.2
- name: loggr-udp-forwarder
release: loggregator-agent
properties:
loggregator:
tls:
ca: "((loggregator_tls_agent.ca))"
cert: "((loggregator_tls_agent.certificate))"
key: "((loggregator_tls_agent.private_key))"
metrics:
ca_cert: "((loggr_udp_forwarder_tls.ca))"
cert: "((loggr_udp_forwarder_tls.certificate))"
key: "((loggr_udp_forwarder_tls.private_key))"
server_name: loggr_udp_forwarder_metrics
- name: log-api
azs:
- z1
- z2
instances: 2
vm_type: minimal
stemcell: default
networks:
- name: default
jobs:
- name: loggregator_trafficcontroller
release: loggregator
consumes:
doppler: {from: doppler}
properties:
uaa:
internal_url: https://uaa.service.cf.internal:8443
ca_cert: "((uaa_ssl.ca))"
loggregator:
outgoing_cert: "((loggregator_trafficcontroller_tls.certificate))"
outgoing_key: "((loggregator_trafficcontroller_tls.private_key))"
tls:
cc_trafficcontroller:
cert: "((loggregator_tls_cc_tc.certificate))"
key: "((loggregator_tls_cc_tc.private_key))"
ca_cert: "((loggregator_tls_tc.ca))"
trafficcontroller:
cert: "((loggregator_tls_tc.certificate))"
key: "((loggregator_tls_tc.private_key))"
uaa:
client_secret: "((uaa_clients_doppler_secret))"
system_domain: "((system_domain))"
ssl:
skip_cert_verify: true
cc:
internal_service_hostname: "cloud-controller-ng.service.cf.internal"
tls_port: 9023
mutual_tls:
ca_cert: "((cc_tls.ca))"
- name: reverse_log_proxy
release: loggregator
provides:
reverse_log_proxy: {as: reverse_log_proxy, shared: true}
properties:
loggregator:
tls:
ca_cert: "((loggregator_tls_rlp.ca))"
reverse_log_proxy:
cert: "((loggregator_tls_rlp.certificate))"
key: "((loggregator_tls_rlp.private_key))"
- name: reverse_log_proxy_gateway
release: loggregator
properties:
http:
address: "0.0.0.0:8088"
cert: "((loggregator_rlp_gateway_tls.certificate))"
key: "((loggregator_rlp_gateway_tls.private_key))"
logs_provider:
ca_cert: "((loggregator_rlp_gateway.ca))"
client_cert: "((loggregator_rlp_gateway.certificate))"
client_key: "((loggregator_rlp_gateway.private_key))"
cc:
capi_internal_addr: https://cloud-controller-ng.service.cf.internal:9023
ca_cert: ((loggregator_rlp_gateway_tls_cc.ca))
cert: ((loggregator_rlp_gateway_tls_cc.certificate))
key: ((loggregator_rlp_gateway_tls_cc.private_key))
common_name: cloud-controller-ng.service.cf.internal
uaa:
ca_cert: ((uaa_ssl.ca))
client_id: doppler
client_secret: ((uaa_clients_doppler_secret))
internal_addr: https://uaa.service.cf.internal:8443
metrics:
ca_cert: "((rlp_gateway_metrics_tls.ca))"
cert: "((rlp_gateway_metrics_tls.certificate))"
key: "((rlp_gateway_metrics_tls.private_key))"
server_name: rlp_gateway_metrics
- name: route_registrar
release: routing
properties:
route_registrar:
routes:
- name: doppler
tls_port: 8081
registration_interval: 20s
server_cert_domain_san: doppler.((system_domain))
uris:
- doppler.((system_domain))
- "*.doppler.((system_domain))"
- name: rlp-gateway
tls_port: 8088
server_cert_domain_san: log-stream.((system_domain))
registration_interval: 20s
uris:
- log-stream.((system_domain))
- "*.log-stream.((system_domain))"
- name: credhub
azs:
- z1
- z2
instances: 2
networks:
- name: default
stemcell: default
vm_type: minimal
jobs:
- name: credhub
properties:
credhub:
authentication:
mutual_tls:
trusted_cas:
- ((diego_instance_identity_ca.ca))
uaa:
ca_certs:
- ((uaa_ssl.ca))
url: https://uaa.service.cf.internal:8443
authorization:
acls:
enabled: true
permissions:
- path: /*
actors: ["uaa-client:credhub_admin_client"]
operations: [read, write, delete, read_acl, write_acl]
- path: /*
actors: ["uaa-client:cc_service_key_client"]
operations: [read]
ca_certificate: |
((credhub_tls.ca))
data_storage:
database: credhub
host: sql-db.service.cf.internal
password: ((credhub_database_password))
port: 3306
type: mysql
username: credhub
tls_ca: "((mysql_server_certificate.ca))"
encryption:
keys:
- active: true
key_properties:
encryption_password: ((credhub_encryption_password))
provider_name: internal-provider
providers:
- name: internal-provider
type: internal
internal_url: https://credhub.service.cf.internal
tls: ((credhub_tls))
release: credhub
- name: rotate-cc-database-key
azs:
- z1
instances: 1
lifecycle: errand
vm_type: minimal
stemcell: default
networks:
- name: default
jobs:
- name: rotate_cc_database_key
release: capi
properties: {}
variables:
- name: blobstore_admin_users_password
type: password
- name: blobstore_secure_link_secret
type: password
- name: cc_bulk_api_password
type: password
- name: cc_db_encryption_key
type: password
- name: cc_internal_api_password
type: password
- name: cc_staging_upload_password
type: password
- name: cf_app_sd_ca
type: certificate
options:
common_name: service-discovery-controller.service.cf.internal
is_ca: true
- name: cf_app_sd_client_tls
type: certificate
update_mode: converge
options:
ca: cf_app_sd_ca
common_name: service-discovery-controller.service.cf.internal
alternative_names:
- service-discovery-controller.service.cf.internal
extended_key_usage:
- client_auth
- name: cf_app_sd_server_tls
type: certificate
update_mode: converge
options:
ca: cf_app_sd_ca
common_name: service-discovery-controller.service.cf.internal
alternative_names:
- service-discovery-controller.service.cf.internal
extended_key_usage:
- server_auth
- name: cf_mysql_mysql_admin_password
type: password
- name: cf_mysql_mysql_cluster_health_password
type: password
- name: cf_mysql_mysql_galera_healthcheck_endpoint_password
type: password
- name: cf_mysql_mysql_galera_healthcheck_password
type: password
- name: cf_mysql_proxy_api_password
type: password
- name: cc_database_password
type: password
- name: credhub_database_password
type: password
- name: diego_database_password
type: password
- name: uaa_database_password
type: password
- name: routing_api_database_password
type: password
- name: network_policy_database_password
type: password
- name: network_connectivity_database_password
type: password
- name: uaa_default_encryption_passphrase
type: password
- name: silk_ca
type: certificate
options:
common_name: silk-ca
is_ca: true
- name: silk_controller
type: certificate
update_mode: converge
options:
ca: silk_ca
common_name: silk-controller.service.cf.internal
alternative_names:
- silk-controller.service.cf.internal
extended_key_usage:
- server_auth
- name: silk_daemon
type: certificate
update_mode: converge
options:
ca: silk_ca
common_name: silk-daemon
alternative_names:
- silk-daemon
extended_key_usage:
- client_auth
- name: network_policy_ca
type: certificate
options:
common_name: networkPolicyCA
is_ca: true
- name: network_policy_server_external
type: certificate
options:
ca: network_policy_ca
common_name: "api.((system_domain))"
alternative_names:
- "api.((system_domain))"
extended_key_usage:
- server_auth
- name: network_policy_server
type: certificate
update_mode: converge
options:
ca: network_policy_ca
common_name: policy-server.service.cf.internal
alternative_names:
- policy-server.service.cf.internal
extended_key_usage:
- server_auth
- name: network_policy_client
type: certificate
update_mode: converge
options:
ca: network_policy_ca
common_name: clientName
alternative_names:
- clientName
extended_key_usage:
- client_auth
- name: uaa_clients_routing_api_client_secret
type: password
- name: uaa_clients_tcp_emitter_secret
type: password
- name: nats_password
type: password
- name: router_status_password
type: password
- name: cf_admin_password
type: password
- name: router_route_services_secret
type: password
- name: uaa_admin_client_secret
type: password
- name: uaa_clients_cc-routing_secret
type: password
- name: uaa_clients_cc-service-dashboards_secret
type: password
- name: uaa_clients_cc_service_key_client_secret
type: password
- name: uaa_clients_cf_smoke_tests_secret
type: password
- name: uaa_clients_cloud_controller_username_lookup_secret
type: password
- name: uaa_clients_doppler_secret
type: password
- name: uaa_clients_gorouter_secret
type: password
- name: uaa_clients_network_policy_secret
type: password
- name: uaa_clients_ssh-proxy_secret
type: password
- name: uaa_clients_tcp_router_secret
type: password
- name: diego_bbs_encryption_keys_passphrase
type: password
- name: credhub_encryption_password
type: password
- name: credhub_admin_client_secret
type: password
- name: diego_ssh_proxy_host_key
type: ssh
- name: uaa_jwt_signing_key
type: rsa
- name: service_cf_internal_ca
type: certificate
options:
common_name: internalCA
is_ca: true
- name: blobstore_tls
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: blobstore.service.cf.internal
alternative_names:
- blobstore.service.cf.internal
- name: diego_auctioneer_client
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: auctioneer-client
alternative_names:
- auctioneer-client
extended_key_usage:
- client_auth
- name: diego_auctioneer_server
type: certificate
options:
ca: service_cf_internal_ca
common_name: auctioneer.service.cf.internal
alternative_names:
- "*.auctioneer.service.cf.internal"
- auctioneer.service.cf.internal
extended_key_usage:
- server_auth
- name: diego_bbs_client
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: bbs-client
alternative_names:
- bbs-client
extended_key_usage:
- client_auth
- name: diego_bbs_server
type: certificate
options:
ca: service_cf_internal_ca
common_name: bbs.service.cf.internal
alternative_names:
- "*.bbs.service.cf.internal"
- bbs.service.cf.internal
extended_key_usage:
- server_auth
- client_auth
- name: diego_rep_client
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: rep-client
alternative_names:
- rep-client
extended_key_usage:
- client_auth
- name: diego_rep_agent_v2
type: certificate
options:
ca: service_cf_internal_ca
common_name: cell.service.cf.internal
alternative_names:
- "*.cell.service.cf.internal"
- cell.service.cf.internal
- 127.0.0.1
- localhost
extended_key_usage:
- client_auth
- server_auth
- name: loggregator_ca
type: certificate
options:
common_name: loggregatorCA
is_ca: true
- name: loggregator_tls_statsdinjector
type: certificate
update_mode: converge
options:
ca: loggregator_ca
common_name: statsdinjector
alternative_names:
- statsdinjector
extended_key_usage:
- client_auth
- name: loggregator_tls_agent
type: certificate
update_mode: converge
options:
ca: loggregator_ca
common_name: metron
alternative_names:
- metron
extended_key_usage:
- client_auth
- server_auth
- name: loggregator_tls_doppler
type: certificate
update_mode: converge
options:
ca: loggregator_ca
common_name: doppler
alternative_names:
- doppler
extended_key_usage:
- client_auth
- server_auth
- name: loggregator_tls_tc
type: certificate
update_mode: converge
options:
ca: loggregator_ca
common_name: trafficcontroller
alternative_names:
- trafficcontroller
extended_key_usage:
- client_auth
- server_auth
- name: loggregator_tls_cc_tc
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: trafficcontroller
alternative_names:
- trafficcontroller
extended_key_usage:
- client_auth
- name: loggregator_rlp_gateway_tls_cc
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: rlp-gateway
alternative_names:
- rlp-gateway
extended_key_usage:
- client_auth
- name: loggregator_tls_rlp
type: certificate
update_mode: converge
options:
ca: loggregator_ca
common_name: reverselogproxy
alternative_names:
- reverselogproxy
extended_key_usage:
- client_auth
- server_auth
- name: loggregator_rlp_gateway
type: certificate
update_mode: converge
options:
ca: loggregator_ca
common_name: rlp_gateway
alternative_names:
- rlp_gateway
extended_key_usage:
- client_auth
- name: logs_provider
type: certificate
update_mode: converge
options:
ca: loggregator_ca
common_name: log-cache
alternative_names:
- log-cache
extended_key_usage:
- client_auth
- server_auth
- name: log_cache_ca
type: certificate
options:
common_name: log-cache
is_ca: true
- name: log_cache
type: certificate
update_mode: converge
options:
ca: log_cache_ca
common_name: log-cache
alternative_names:
- log_cache
- log-cache
- logcache
extended_key_usage:
- client_auth
- server_auth
- name: log_cache_to_loggregator_agent
type: certificate
update_mode: converge
options:
ca: loggregator_ca
common_name: log-cache
alternative_names:
- log-cache
extended_key_usage:
- client_auth
- name: cc_logcache_tls
type: certificate
update_mode: converge
options:
ca: log_cache_ca
common_name: "api.((system_domain))"
alternative_names:
- "api.((system_domain))"
- cloud-controller-ng.service.cf.internal
- name: logcache_ssl
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: log-cache
alternative_names:
- log-cache
- log-cache.((system_domain))
- "*.log-cache.((system_domain))"
- name: log_cache_proxy_tls
type: certificate
update_mode: converge
options:
ca: log_cache_ca
common_name: localhost
alternative_names:
- localhost
- name: router_ca
type: certificate
options:
common_name: routerCA
is_ca: true
- name: router_ssl
type: certificate
options:
ca: router_ca
common_name: routerSSL
alternative_names:
- "((system_domain))"
- "*.((system_domain))"
- name: routing_api_ca
type: certificate
options:
common_name: routing_api
is_ca: true
- name: routing_api_tls
type: certificate
update_mode: converge
options:
ca: routing_api_ca
common_name: routing-api.service.cf.internal
alternative_names:
- routing-api.service.cf.internal
extended_key_usage:
- server_auth
- name: routing_api_tls_client
type: certificate
update_mode: converge
options:
ca: routing_api_ca
common_name: routing-api-client
alternative_names:
- routing-api-client
extended_key_usage:
- client_auth
- name: uaa_ca
type: certificate
options:
common_name: uaaCA
is_ca: true
- name: uaa_ssl
type: certificate
options:
ca: uaa_ca
common_name: uaa.service.cf.internal
alternative_names:
- uaa.service.cf.internal
- name: uaa_login_saml
type: certificate
update_mode: converge
options:
ca: uaa_ca
common_name: uaa_login_saml
alternative_names:
- uaa_login_saml
- name: cc_tls
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: cloud-controller-ng.service.cf.internal
alternative_names:
- cloud-controller-ng.service.cf.internal
extended_key_usage:
- client_auth
- server_auth
- name: cc_public_tls
type: certificate
options:
ca: service_cf_internal_ca
common_name: "api.((system_domain))"
alternative_names:
- "api.((system_domain))"
- cloud-controller-ng.service.cf.internal
- name: cc_bridge_tps
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: tps_watcher
alternative_names:
- tps_watcher
extended_key_usage:
- client_auth
- name: cc_bridge_cc_uploader
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: cc_uploader
alternative_names:
- cc_uploader
extended_key_usage:
- client_auth
- name: cc_bridge_cc_uploader_server
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: cc-uploader.service.cf.internal
alternative_names:
- cc-uploader.service.cf.internal
extended_key_usage:
- server_auth
- name: diego_locket_server
type: certificate
options:
ca: service_cf_internal_ca
common_name: locket.service.cf.internal
alternative_names:
- "*.locket.service.cf.internal"
- locket.service.cf.internal
extended_key_usage:
- server_auth
- name: diego_locket_client
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: locket-client
alternative_names:
- locket-client
extended_key_usage:
- client_auth
- name: locket_database_password
type: password
- name: application_ca
type: certificate
options:
common_name: appRootCA
is_ca: true
- name: diego_instance_identity_ca
type: certificate
options:
ca: application_ca
common_name: instanceIdentityCA
is_ca: true
- name: gorouter_backend_tls
type: certificate
options:
ca: service_cf_internal_ca
common_name: gorouter_backend_tls
alternative_names:
- gorouter.service.cf.internal
extended_key_usage:
- client_auth
- name: credhub_ca
type: certificate
options:
common_name: credhubServerCa
is_ca: true
- name: credhub_tls
type: certificate
options:
ca: credhub_ca
common_name: credhub.((system_domain))
alternative_names:
- credhub.service.cf.internal
- credhub.((system_domain))
- name: ssh_proxy_backends_tls
type: certificate
options:
ca: service_cf_internal_ca
common_name: ssh_proxy_backends_tls
alternative_names:
- ssh-proxy.service.cf.internal
extended_key_usage:
- client_auth
- name: pxc_galera_ca
type: certificate
options:
common_name: pxc_galera_ca
is_ca: true
- name: pxc_server_ca
type: certificate
options:
common_name: pxc_server_ca
is_ca: true
- name: galera_server_certificate
type: certificate
update_mode: converge
options:
ca: pxc_galera_ca
common_name: galera_server_certificate
alternative_names:
- galera_server_certificate
extended_key_usage:
- server_auth
- client_auth
- name: mysql_server_certificate
type: certificate
update_mode: converge
options:
ca: pxc_server_ca
common_name: sql-db.service.cf.internal
alternative_names:
- sql-db.service.cf.internal
- name: loggregator_rlp_gateway_tls
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: log-stream.((system_domain))
alternative_names:
- log-stream.((system_domain))
- log-api.service.cf.internal
- name: loggregator_trafficcontroller_tls
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: doppler.((system_domain))
alternative_names:
- doppler.((system_domain))
- log-api.service.cf.internal
- name: metric_scraper_ca
type: certificate
options:
common_name: metricScraperCA
is_ca: true
- name: metrics_agent_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: metrics_agent
alternative_names:
- metrics_agent
extended_key_usage:
- server_auth
- name: metrics_discovery_metrics_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: metrics_discovery_metrics
alternative_names:
- metrics_discovery_metrics
extended_key_usage:
- server_auth
- name: scrape_config_generator_metrics_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: scrape_config_generator_metrics
alternative_names:
- scrape_config_generator_metrics
extended_key_usage:
- server_auth
- name: log_cache_metrics_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: log_cache_metrics
alternative_names:
- log_cache_metrics
extended_key_usage:
- server_auth
- name: log_cache_cf_auth_proxy_metrics_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: log_cache_cf_auth_proxy_metrics
alternative_names:
- log_cache_cf_auth_proxy_metrics
extended_key_usage:
- server_auth
- name: log_cache_gateway_metrics_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: log_cache_gateway_metrics
alternative_names:
- log_cache_gateway_metrics
extended_key_usage:
- server_auth
- name: forwarder_agent_metrics_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: forwarder_agent_metrics
alternative_names:
- forwarder_agent_metrics
extended_key_usage:
- server_auth
- name: loggregator_agent_metrics_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: loggregator_agent_metrics
alternative_names:
- loggregator_agent_metrics
extended_key_usage:
- server_auth
- name: loggr_udp_forwarder_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: loggr_udp_forwarder_metrics
alternative_names:
- loggr_udp_forwarder_metrics
extended_key_usage:
- server_auth
- name: syslog_agent_api_tls
type: certificate
update_mode: converge
options:
ca: loggregator_ca
common_name: syslog-agent
alternative_names:
- syslog-agent
extended_key_usage:
- client_auth
- name: binding_cache_api_tls
type: certificate
update_mode: converge
options:
ca: service_cf_internal_ca
common_name: binding-cache
alternative_names:
- binding-cache
extended_key_usage:
- client_auth
- name: binding_cache_tls
type: certificate
update_mode: converge
options:
ca: loggregator_ca
common_name: binding-cache
alternative_names:
- binding-cache
extended_key_usage:
- server_auth
- name: syslog_agent_metrics_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: syslog_agent_metrics
alternative_names:
- syslog_agent_metrics
extended_key_usage:
- server_auth
- name: loggr_syslog_binding_cache_metrics_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: loggr_syslog_binding_cache_metrics
alternative_names:
- loggr_syslog_binding_cache_metrics
extended_key_usage:
- server_auth
- name: prom_scraper_scrape_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: prom_scraper
alternative_names:
- prom_scraper
extended_key_usage:
- client_auth
- name: prom_scraper_metrics_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: prom_scraper_metrics
alternative_names:
- prom_scraper_metrics
extended_key_usage:
- server_auth
- name: rlp_gateway_metrics_tls
type: certificate
update_mode: converge
options:
ca: metric_scraper_ca
common_name: rlp_gateway_metrics
alternative_names:
- rlp_gateway_metrics
extended_key_usage:
- server_auth
- name: nats_internal_ca
type: certificate
options:
common_name: nats_internal
is_ca: true
- name: nats_internal_cert
type: certificate
options:
ca: nats_internal_ca
common_name: "*.nats.service.cf.internal"
alternative_names:
- "*.nats.service.cf.internal"
- nats.service.cf.internal
extended_key_usage:
- client_auth
- server_auth
- name: nats_ca
type: certificate
options:
common_name: nats
is_ca: true
- name: nats_client_cert
type: certificate
update_mode: converge
options:
ca: nats_ca
common_name: nats_client
alternative_names:
- nats_client
extended_key_usage:
- client_auth
- name: nats_server_cert
type: certificate
update_mode: converge
options:
ca: nats_ca
common_name: nats.service.cf.internal
alternative_names:
- "*.nats.service.cf.internal"
- nats.service.cf.internal
extended_key_usage:
- server_auth
releases:
- name: binary-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/binary-buildpack-release?v=1.0.36
version: 1.0.36
sha1: 0269a613be68f988682bbf56504b78477965b1c4
- name: bpm
url: https://bosh.io/d/github.com/cloudfoundry/bpm-release?v=1.1.9
version: 1.1.9
sha1: dcf0582d838a73de29da273552ae79ac3098ee8b
- name: capi
url: https://bosh.io/d/github.com/cloudfoundry/capi-release?v=1.103.0
version: 1.103.0
sha1: 0cadac56ab9fb287d2c6e848da476b1ccb3422c6
- name: cf-networking
url: https://bosh.io/d/github.com/cloudfoundry/cf-networking-release?v=2.35.0
version: 2.35.0
sha1: dd902b4a23af60c5a1b314969c6b88aac8b5da7d
- name: cf-smoke-tests
url: https://bosh.io/d/github.com/cloudfoundry/cf-smoke-tests-release?v=41.0.2
version: 41.0.2
sha1: b1eb4efe1f88367708ac8cbb08dc78a09dde9c4b
- name: cflinuxfs3
url: https://bosh.io/d/github.com/cloudfoundry/cflinuxfs3-release?v=0.215.0
version: 0.215.0
sha1: ad3c422a0b8498c1a1f9c0c066b5b6ef6ff9ac75
- name: credhub
url: https://bosh.io/d/github.com/pivotal-cf/credhub-release?v=2.9.0
version: 2.9.0
sha1: 36d3a92588c33bc3a7ce54cd4714c96cc7d1bee2
- name: diego
url: https://bosh.io/d/github.com/cloudfoundry/diego-release?v=2.48.0
version: 2.48.0
sha1: fbf8ebfeda1f326f5d6834b9a621b88a548e06e3
- name: dotnet-core-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/dotnet-core-buildpack-release?v=2.3.19
version: 2.3.19
sha1: 4ac28f2e555e72b4ac854b13f1588657cf48b38c
- name: garden-runc
url: https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.19.18
version: 1.19.18
sha1: 0c6eb93bf23451486166b233a62e4ec46841e6a5
- name: go-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/go-buildpack-release?v=1.9.23
version: 1.9.23
sha1: 2de5c48fac29591fbdbf665bc7c5ff0df473a195
- name: java-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/java-buildpack-release?v=4.35
version: "4.35"
sha1: 44439840cb708454e478c64ca151da9f938521ba
- name: loggregator
url: https://bosh.io/d/github.com/cloudfoundry/loggregator-release?v=106.3.11
version: 106.3.11
sha1: c74c945f313a953664f299af63403aae48bd2051
- name: metrics-discovery
url: https://bosh.io/d/github.com/cloudfoundry/metrics-discovery-release?v=3.0.3
version: 3.0.3
sha1: c414dd33b34231dfb8f655ed77c54a2fc21775fa
- name: nats
url: https://bosh.io/d/github.com/cloudfoundry/nats-release?v=39
version: "39"
sha1: 269e60d95ec9694e6807a7f8e32634c7e2651232
- name: nginx-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/nginx-buildpack-release?v=1.1.19
version: 1.1.19
sha1: 98e56ddbb51231bcc16386f938a44851be61a2d3
- name: r-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/r-buildpack-release?v=1.1.11
version: 1.1.11
sha1: b29eb218c004c36335b073ea03fca5015c434533
- name: nodejs-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/nodejs-buildpack-release?v=1.7.37
version: 1.7.37
sha1: 1869a8eec3f13a95f61e999f6b93ea6dd4af0318
- name: php-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/php-buildpack-release?v=4.4.27
version: 4.4.27
sha1: 4b08e8e661491d7b14645bd004b68c39e11edc64
- name: pxc
url: https://bosh.io/d/github.com/cloudfoundry-incubator/pxc-release?v=0.31.0
version: 0.31.0
sha1: d85b843d3e6e20711a6ca270eb62bad6a16bd22d
- name: python-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/python-buildpack-release?v=1.7.26
version: 1.7.26
sha1: 27fdde52da9963c2791fd8a6ca59fd0d7ccf4690
- name: routing
url: https://bosh.io/d/github.com/cloudfoundry/routing-release?v=0.210.0
version: 0.210.0
sha1: 7bb23954c83db58eb0055431500053bdbb25cbf8
- name: ruby-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/ruby-buildpack-release?v=1.8.27
version: 1.8.27
sha1: 6258eee5c4228649d6b937bbc0339823aadf7012
- name: silk
url: https://bosh.io/d/github.com/cloudfoundry/silk-release?v=2.35.0
version: 2.35.0
sha1: 24e7665076efcf9666962c9c46885f37dfe72b0b
- name: staticfile-buildpack
url: https://bosh.io/d/github.com/cloudfoundry/staticfile-buildpack-release?v=1.5.14
version: 1.5.14
sha1: 88a0882b1b5ada427dfe226084b67b647f3e1c67
- name: statsd-injector
url: https://bosh.io/d/github.com/cloudfoundry/statsd-injector-release?v=1.11.15
version: 1.11.15
sha1: a0a2d33c6ab7d8fec8c017ea6f2c5a344af1407c
- name: uaa
url: https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=74.29.0
version: 74.29.0
sha1: f75cb4967d8373529bf71ccd307a285041079ffb
- name: loggregator-agent
url: https://bosh.io/d/github.com/cloudfoundry/loggregator-agent-release?v=6.1.3
version: 6.1.3
sha1: df5097de1797ef6e6816823625096a7751e031a1
- name: log-cache
url: https://bosh.io/d/github.com/cloudfoundry/log-cache-release?v=2.9.0
version: 2.9.0
sha1: 4fc47bef4dfdb7f9038369d705fe1e90d6d2a344
- name: bosh-dns-aliases
url: https://bosh.io/d/github.com/cloudfoundry/bosh-dns-aliases-release?v=0.0.3
version: 0.0.3
sha1: b0d0a0350ed87f1ded58b2ebb469acea0e026ccc
- name: cf-cli
url: https://bosh.io/d/github.com/bosh-packages/cf-cli-release?v=1.31.0
version: 1.31.0
sha1: 016fdef94f6c7960daaa9f2318653cfa6f033cde
stemcells:
- alias: default
os: ubuntu-xenial
version: "621.97"