Latest commit 36a1574 Oct 18, 2018
Permalink
..
Failed to load latest commit information.
addons GA bits-service ops files Oct 2, 2018
backup-and-restore GA bits-service ops files Oct 2, 2018
bits-service GA bits-service ops files Oct 2, 2018
community GA bits-service ops files Oct 2, 2018
example-vars-files Provide ops-files for more Bits-Service backends Sep 25, 2018
experimental Updated ops file(s) with garden-runc-release 1.16.7 Oct 18, 2018
legacy GA bits-service ops files Oct 2, 2018
test Disable consul service registrations on the isolated diego cell [#160… Oct 3, 2018
workaround Remove use-*-azs workarounds since we're moving to regional load bala… Sep 27, 2018
README.md Fix typo Oct 12, 2018
aws.yml Give AWS LBs more time to declare router instance healthy [#160210931] Sep 1, 2018
azure.yml [Finishes #151414736] Set gorouter frontend_idle_timeout on Azure Sep 29, 2017
bosh-lite.yml Disable components from registering as Consul services Sep 28, 2018
cf-syslog-skip-cert-verify.yml Break out cf-syslog-drain adapters by default Nov 8, 2017
configure-confab-timeout.yml [#160663517] deprecated ops files/tests that reference consul Sep 25, 2018
configure-default-router-group.yml Add opsfile which configures reservable ports for default router group Jun 7, 2017
disable-log-cache.yml [#160640177] warning operators that log-cache is no longer optional Sep 26, 2018
disable-router-tls-termination.yml [#150042089] Update ops-file to reference tls_pem since that is now t… Aug 15, 2017
enable-cc-rate-limiting.yml Add optional cc rate-limiting ops-file [Finishes #150120740] Aug 10, 2017
enable-nfs-ldap.yml Disallow uid and gid bindings Jul 25, 2018
enable-nfs-volume-service.yml Updated ops file(s) with nfs-volume-release 1.6.0 Oct 11, 2018
enable-privileged-container-support.yml CAPI no longer uses the bridge by default Sep 22, 2017
enable-service-discovery.yml Seed apps.interal domain through manifest props Aug 1, 2018
enable-uniq-consul-node-name.yml [#160663517] deprecated ops files/tests that reference consul Sep 25, 2018
migrate-cf-mysql-to-pxc.yml Promote PXC ops files into standard operations [Finishes #159483953] Sep 26, 2018
openstack.yml TCP routing is default, openstack ops-file restructure Sep 22, 2017
override-app-domains.yml Operator can optionally configure app domains Oct 23, 2017
rename-network-and-deployment.yml Rename instance group from 'windows-cell' to 'windows2012R2-cell' to … Sep 26, 2018
scale-database-cluster.yml Merge branch 'develop' into pr/mysql-bosh-dns-shutdown-delay Jan 5, 2018
scale-to-one-az.yml [#160663517] deprecated ops files/tests that reference consul Sep 25, 2018
set-bbs-active-key.yml [#152301031] Add ops file for setting the bbs active key label Oct 30, 2017
set-router-static-ips.yml Add set-router-static-ips ops file [#150206053] Dec 28, 2017
stop-skipping-tls-validation.yml [#152445788, #152566275] Remove removal of ssl_skip_validation on gor… Nov 3, 2017
use-alicloud-oss-blobstore.yml Add support for alicloud blobstore Jun 26, 2018
use-azure-storage-blobstore.yml Update error messages in external blobstore ops files [#158228022] Jun 11, 2018
use-blobstore-cdn.yml Consolidate VMs (implements #173) Sep 19, 2017
use-compiled-releases.yml Updated ops file(s) with garden-runc-release 1.16.7 Oct 18, 2018
use-external-blobstore.yml Remove extraneous webdav_config from external blobstore configuration… Jun 5, 2018
use-external-dbs.yml Enable secure service credentials by default [#159376243] Aug 28, 2018
use-gcs-blobstore-access-key.yml Update error messages in external blobstore ops files [#158228022] Jun 11, 2018
use-gcs-blobstore-service-account.yml Use consistent names for YAML anchors in blobstore files [#158228022] Jun 11, 2018
use-haproxy-public-network.yml Add use-haproxy-public-network.yml [#154000923] Jan 22, 2018
use-haproxy.yml Updated opsfile with haproxy-release 9.3.0 Aug 24, 2018
use-latest-stemcell.yml [#143906715] Add ops file for using latest version of stemcell for de… May 2, 2017
use-latest-windows-stemcell.yml Rename instance group from 'windows-cell' to 'windows2012R2-cell' to … Sep 26, 2018
use-latest-windows2012R2-stemcell.yml Rename instance group from 'windows-cell' to 'windows2012R2-cell' to … Sep 26, 2018
use-latest-windows2016-stemcell.yml Promote windows2016 opsfiles out of experimental Feb 28, 2018
use-offline-windows2016fs.yml Revert "Revert "Make `bosh int` fail without required `windows2016-ce… Oct 18, 2018
use-postgres.yml Add experimental ops-files for enabling cc_deployment_updater Oct 12, 2018
use-pxc-for-nfs-volume-service.yml [Finishes #160694850] Align pull request to state of develop Oct 4, 2018
use-pxc.yml Promote PXC ops files into standard operations [Finishes #159483953] Sep 26, 2018
use-s3-blobstore.yml Update error messages in external blobstore ops files [#158228022] Jun 11, 2018
use-swift-blobstore.yml Update error messages in external blobstore ops files [#158228022] Jun 11, 2018
use-trusted-ca-cert-for-apps.yml Improve unit test for the use-trusted-ca-cert-for-apps.yml ops file Sep 14, 2018
windows-cell.yml Re-introduce windows-cell.yml as a symlink Oct 4, 2018
windows2012R2-cell.yml Updated ops file(s) with hwc-buildpack-release 3.0.3 Oct 17, 2018
windows2016-cell.yml Updated ops file(s) with hwc-buildpack-release 3.0.3 Oct 17, 2018

README.md

Ops-files

This is the README for Ops-files. To learn more about cf-deployment, go to the main README.

IaaS-required Ops-files

Name Purpose Notes
Alibaba Cloud
use-alicloud-oss-blobstore.yml Configures external blobstore to use Alibaba Cloud OSS blobstore. Requires use-external-blobstore.yml. Introduces new variables for oss credentials and bucket names.
AWS
aws.yml Overrides the loggregator endpoint port to 4443. It is required to have a separate port from the standard HTTPS port (443) for loggregator traffic in order to use "classic" AWS ELBs. Newer Application Load Balancers should not require this port override, so no need to use this ops-file if you're using the newer load balancer.
use-s3-blobstore.yml Configures external blobstore to use Amazon S3. Requires use-external-blobstore.yml. Introduces new variables for s3 credentials and bucket names.
Azure
azure.yml Sets gorouter's frontend_idle_timeout to value appropriate for Azure load balancers. Any value below 240 should work.
use-azure-storage-blobstore.yml Configures external blobstore to use Azure Storage. Requires use-external-blobstore.yml. Introduces new variables for Azure credentials and container names.
GCP
use-gcs-blobstore-service-account.yml Enables service account credentials for Google blobstore. Requires use-external-blobstore.yml. Introduces new variables for gcp service account email/json-key and bucket names.
use-gcs-blobstore-access-key.yml Enables access key credentials for Google blobstore. Requires use-external-blobstore.yml. Introduces new variables for access key/secret and bucket names.
Openstack
openstack.yml Used for deploying Cloud Foundry on OpenStack with BOSH See OpenStack documentation.
use-swift-blobstore.yml Replaces local WebDAV blobstore with OpenStack swift blobstore. Used for deploying Cloud Foundry on OpenStack with BOSH Requires use-external-blobstore.yml. Introduces new variables for OpenStack credentials and directory names. If you plan using the Swift ops file to enable Swift as blobstore for the Cloud Controller, you should also run the Swift extension.

Feature-based Ops-files

Name Purpose Notes
bosh-lite.yml Enables cf-deployment to be deployed on bosh-lite. See bosh-lite documentation.
cf-syslog-skip-cert-verify.yml This disables TLS verification when connecting to a HTTPS syslog drain.
configure-confab-timeout.yml DEPRECATED: Consul has been removed from cf-deployment Allows deployer to configure consul_agent Confab startup timeout on consul instances. Adds new variable confab_timeout in seconds, must be at least 60.
configure-default-router-group.yml Allows deployer to configure reservable ports for default tcp router group by passing variable default_router_group_reservable_ports.
disable-log-cache.yml DEPRECATED: log-cache is non-optional and this file will be deleted in cf-deployment v6.0.0. Removes Log Cache and associated jobs from doppler VMs.
disable-router-tls-termination.yml Eliminates keys related to performing TLS termination within the gorouter job. Useful for deployments where TLS termination is performed prior to the gorouter - for instance, on AWS, such termination is commonly done at the ELB. This also eliminates the need to specify ((router_ssl.certificate)) and ((router_ssl.private_key)) in the var files.
enable-cc-rate-limiting.yml Enable rate limiting for UAA-authenticated endpoints. Introduces variables cc_rate_limiter_general_limit and cc_rate_limiter_unauthenticated_limit
enable-nfs-ldap.yml Enables LDAP authentication for NFS volume services Requires enable-nfs-volume-service.yml. Introduces new variables
enable-nfs-volume-service.yml Enables volume support and deploys an NFS broker and volume driver As of cf-deployment v2, you must use the nfsbrokerpush errand to cf push the nfs broker after bosh deploy completes.
enable-privileged-container-support.yml Enables Diego privileged container support.
enable-service-discovery.yml Enables application service discovery
enable-uniq-consul-node-name.yml DEPRECATED: Consul has been removed from cf-deployment Configure Diego cell consul_agent jobs to have a unique id per instance.
migrate-cf-mysql-to-pxc.yml Migrates from an existing cf-mysql database to pxc-release. After the migration is complete, switch to the use-pxc.yml operations file.
override-app-domains.yml Switches from using the system domain as a shared app domain; allows the configuration of one or more shared app domains instead. Adds new variables.
CAUTION: Seeding domains with a router group name (including TCP domains) may cause problems deploying. Please use the cf CLI to add shared domains with router group names.
rename-network-and-deployment.yml Allows a deployer to rename the network and deployment by passing a variables network_name and deployment_name CAUTION: If you are using this ops file along with another ops file that increases the number of instance groups (e.g. windows2012R2-cell.yml or perm-services.yml), this ops file will not rename the network for those instance groups.
scale-database-cluster.yml Scales cf-deployment database to 3 nodes across 3 zones (z1, z2, z3). Cannot be used with postgres as it will not scale.
scale-to-one-az.yml Scales cf-deployment down to a single instance per instance group, placing them all into a single AZ. Effectively halves the deployment's footprint. Should be applied before other ops files.
set-bbs-active-key.yml Allows a deployer to set the bbs active key label by passing a variable diego_bbs_active_key_label
set-router-static-ips.yml Allows a deployer to set the static IPs for the router VMs by passing a variable router_static_ips router_static_ips variable must be provided as a compacted YAML array, e.g. -v router_static_ips=[10.0.16.4,10.0.47.5]
stop-skipping-tls-validation.yml Enforces TLS validation for all components which skip it in the base cf-deployment.yml manifest. See the base README for details.
use-blobstore-cdn.yml Adds support for accessing the droplets and resource_pool blobstore buckets via signed urls over a cdn. This assumes that you are using the same keypair for both buckets. Introduces new variables
use-compiled-releases.yml Instead of having your BOSH Director compile each release, use this ops-file to use pre-compiled releases for a deployment speed improvement. These releases are compiled against a specific stemcell version that is listed in the opsfile. Note that no Windows releases are currently compiled.
use-external-blobstore.yml Removes the singleton-blobstore instance group, and adds fog_connection properties for components that use the blobstore. Warning: this does not migrate data, and will delete any existing singleton-blobstore groups. This requires an external data store. Introduces new variables for blobstore connection details which will need to be provided at deploy time.
use-external-dbs.yml Removes the MySQL instance group, cf-mysql release, and all cf-mysql variables. Warning: this does not migrate data, and will delete existing database instance groups. This requires an external data store. Introduces new variables for DB connection details which will need to be provided at deploy time. This must be applied before any ops files that removes jobs that use a database, such as the ops file to remove the routing API.
use-haproxy.yml Deploys a single haproxy instance to be used as a load balancer. This opsfile doesn't depend on use of an IaaS VIP and doesn't use keepalived property of the haproxy-boshrelease.
use-haproxy-public-network.yml Puts haproxy instance on a public network with a static IP assigned to it. Requires use-haproxy.yml. This ops file also requires your BOSH cloud-config to have a vm_extension called cf-haproxy-network-properties, which configures firewall rules to allow public traffic on the necessary ports (You will need to allow at least the default HTTP and HTTPS ports (80 and 443), port 4443 for doppler, as well as the port range configured for the TCP Routing).
use-latest-stemcell.yml Use the latest stemcell available on your BOSH director instead of the one in cf-deployment.yml. Caution: This ops-file should not be used in conjunction with use-compiled-releases.yml, since the latter relies on a specific stemcell version being used.
use-latest-windows-stemcell.yml DEPRECATED Use use-latest-windows2012R2-stemcell.yml instead.
use-latest-windows2012R2-stemcell.yml Use the latest windows2012R2 stemcell available on your BOSH director instead of the one in windows2012R2-cell.yml Requires windows2012R2-cell.yml
use-postgres.yml Replaces the MySQL instance group with a postgres instance group. Warning: this will lead to total data loss if applied to an existing deployment with MySQL or removed from an existing deployment with postgres.
use-pxc.yml Uses the pxc-release instead of the cf-mysql-release as the internal mysql database. This ops-file is for clean-installs of CF or for redeploying CF already running pxc. If migrating, please use migrate-cf-mysql-to-pxc.yml.
use-pxc-for-nfs-volume-service.yml Use pxc-release as data store for NFS volume services. Requires enable-nfs-volume-service.yml and use-pxc.yml.
use-trusted-ca-cert-for-apps.yml Injects the CA specified with trusted_cert_for_apps into the Diego rep job's trust store and cf-deployment's default root filesystem Applications that explicitly look in the canonical location (/etc/cf-system-certificates) will trust certificates signed by the given CA, regardless of filesystem. Applications that use the default root filesystem will trust certificates signed by the given CA implicitly.
Please see the documentation for information about configuring additional trusted CA certificates.
windows-cell.yml DEPRECATED Use windows2012R2-cell.yml instead.
windows2012R2-cell.yml Deploys a Windows 2012R2 Diego cell and adds releases necessary for Windows. Known issue: Windows cells deployed to AWS will likely have their disks fill up after ~9 days (depending on load). The bosh-windows team is actively working on a fix for this. Operators who want to deploy windows cells to AWS anyway may want to recreate those cells periodically.
use-latest-windows2016-stemcell.yml Use the latest windows2016 stemcell available on your BOSH director instead of the one in windows2016-cell.yml Requires windows2016-cell.yml
use-offline-windows2016fs.yml Use the offline version of windows2016fs-release Requires windows2016-cell.yml. Suitable for environments without internet access. Follow instructions here to upload the release prior to deploying.
windows2016-cell.yml Deploys a windows 2016 diego cell, adds releases necessary for windows. Windows2016 stemcell is currently only supported on GCP and Azure. AWS support is currently under development.