No instructions for deploying to BOSH on AWS #71
Comments
|
We have created an issue in Pivotal Tracker to manage this. You can view the current status of your issue at: https://www.pivotaltracker.com/story/show/100895292. |
|
Hey @camelpunch, You're right, the manifest generation should be better documented in general, and in particular as it pertains to other infrastructures. In the mean time, here's what the BOSH-Lite instructions are, and I'll explain what needs to change: cd ~/workspace/diego-release
./scripts/generate-deployment-manifest \
~/deployments/bosh-lite/director.yml \
manifest-generation/bosh-lite-stubs/property-overrides.yml \
manifest-generation/bosh-lite-stubs/instance-count-overrides.yml \
manifest-generation/bosh-lite-stubs/persistent-disk-overrides.yml \
manifest-generation/bosh-lite-stubs/iaas-settings.yml \
manifest-generation/bosh-lite-stubs/additional-jobs.yml \
~/deployments/bosh-liteThe first argument to the script is just a stub with the director UUID: ---
director_uuid: YOUR_DIRECTOR_UUIDThe second is a property overrides stub. You can see a full list of overridable properties with this command: Your manifest will "compile" with out overriding any properties, but there are some that you need to override for your cluster to work, and it's impossible to have a sane default for them because it depends a lot on things like your networking setup. Probably the simplest thing you can do to start for this stub is something like this: property_overrides:
etcd:
require_ssl: false
executor:
allow_privileged: true
garden-linux:
allow_networks: ["10.10.0.2/32"] # This is the DNS for your AWS VPC; it depends on your CIDR range.
btrfs_store_size_mb: 25000
skip_cert_verify: trueThis is similar to how it's deployed in the test environment, but a few key things will be missing:
The third, fourth, and sixth arguments allow you to override instance counts for jobs, persistent disk settings for jobs (specifically etcd), and colocate additional templates from additional releases. You probably don't need to modify these to get started, and can just use the relevant BOSH-Lite stubs. The final (seventh) argument is a directory where you need to have a file called The third argument is an IaaS settings stub. Here's a quick way to see what it requires: grep '(( iaas_settings' manifest-generation/diego.yml | cut -d'(' -f3- | cut -d' ' -f2 | sort | uniqHere's an example that works assuming your VPC has been set up accordingly (with some names/IDs you'll have to change to match your IaaS configuration): iaas_settings:
compilation_cloud_properties:
availability_zone: us-east-1b
instance_type: c3.large
resource_pool_cloud_properties:
- cloud_properties:
availability_zone: us-east-1b
elbs:
- NAME_OF_ELB_FOR_DIEGO_CONTAINER_SSH_ACCESS
name: access_z1
- cloud_properties:
availability_zone: us-east-1c
elbs:
- NAME_OF_ELB_FOR_DIEGO_CONTAINER_SSH_ACCESS
name: access_z2
- cloud_properties:
availability_zone: us-east-1d
elbs:
- NAME_OF_ELB_FOR_DIEGO_CONTAINER_SSH_ACCESS
name: access_z3
- cloud_properties:
availability_zone: us-east-1b
name: brain_z1
- cloud_properties:
availability_zone: us-east-1c
name: brain_z2
- cloud_properties:
availability_zone: us-east-1d
name: brain_z3
- cloud_properties:
availability_zone: us-east-1b
name: cc_bridge_z1
- cloud_properties:
availability_zone: us-east-1c
name: cc_bridge_z2
- cloud_properties:
availability_zone: us-east-1d
name: cc_bridge_z3
- cloud_properties:
availability_zone: us-east-1b
ephemeral_disk:
size: 174080
type: gp2
name: cell_z1
- cloud_properties:
availability_zone: us-east-1c
ephemeral_disk:
size: 174080
type: gp2
name: cell_z2
- cloud_properties:
availability_zone: us-east-1d
ephemeral_disk:
size: 174080
type: gp2
name: cell_z3
- cloud_properties:
availability_zone: us-east-1b
name: database_z1
- cloud_properties:
availability_zone: us-east-1c
name: database_z2
- cloud_properties:
availability_zone: us-east-1d
name: database_z3
- cloud_properties:
availability_zone: us-east-1b
name: route_emitter_z1
- cloud_properties:
availability_zone: us-east-1c
name: route_emitter_z2
- cloud_properties:
availability_zone: us-east-1d
name: route_emitter_z3
stemcell:
name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
version: latest
subnet_configs:
- name: diego1
subnets:
- cloud_properties:
security_groups:
- SOME_SECURITY_GROUP
subnet: SOME_SUBNET_ID
dns:
- 10.10.0.2
gateway: 10.10.50.1
name: default_unused
range: 10.10.50.0/25
reserved:
- 10.10.50.2 - 10.10.50.9
static:
- 10.10.50.10 - 10.10.50.31
- name: diego2
subnets:
- cloud_properties:
security_groups:
- SOME_SECURITY_GROUP
subnet: SOME_OTHER_SUBNET_ID
dns:
- 10.10.0.2
gateway: 10.10.114.1
name: default_unused
range: 10.10.114.0/25
reserved:
- 10.10.114.2 - 10.10.114.9
static:
- 10.10.114.10 - 10.10.114.31
- name: diego3
subnets:
- cloud_properties:
security_groups:
- SOME_SECURITY_GROUP
subnet: YET_ANOTHER_SUBNET_ID
dns:
- 10.10.0.2
gateway: 10.10.178.1
name: default_unused
range: 10.10.178.0/25
reserved:
- 10.10.178.2 - 10.10.178.9
static:
- 10.10.178.10 - 10.10.178.31The hardest part is setting up AWS with the correct VPC, CIDRs, subnets, ELBs, security groups, and AZs. However, you may be able to piggyback off of an existing setup for CF on AWS if you have one. Especially if you're using a tool like CloudFormation to automate setting up your AWS environment, it might not be that bad. |
|
Thanks @Amit-PivotalLabs! I do need to have the receptor register a route with the gorouter, as I'm doing this just to test that https://github.com/pivotal-cf-experimental/diegotaskscheduler (submits tasks and monitors them) is possible to deploy in a CF instance. Great detail though, I'll have a play with this. |
|
Combine this with your property overrides: |
|
Cheers. I was hoping to get away with YOUR_DOMAIN being an IP. I guess I don't know it up front, though? |
|
There's numerous options here. On one end of the spectrum, you're deploying alongside a full CF, and you have an ELB balancing traffic in front of your routers with wildcard DNS pointing at your ELB. In that case, you use the domain from your wildcard record. This is the type of solution you'd use in a production setting. On the other end, you could just spin up a jumpbox behind the firewall and work from there, and target the IP of one of the access VMs (where the receptor processes live). If you want to know up front, you could configure one of the access VMs to use a static IP, and make sure to allocate one for it in your deployment manifest that falls within the appropriate CIDR and doesn't clash with any other static IPs (e.g. the ones used for the database jobs). There's all sorts of options in the middle, depending on how/whether you have DNS, an ELB, any HA Proxies, static IPs for the gorouters, etc. |
|
Hi, @camelpunch, Yes, we'd like to improve documentation about the AWS-specific information to supply for a Diego deployment. As @Amit-PivotalLabs pointed out, this information is primarily concentrated in the Thanks, |
|
Great. I'll close this then. Sorry for going silent on it: it turned out not to be worth the effort for what I was doing. |
Submodule src/github.com/square/certstrap b61237589..bd8b02aa8: > Bump Go to 1.13 > Merge pull request #85 from square/mbyczkowski/better-versioning > Merge pull request #81 from square/mbyczkowski/option-for-output > Merge pull request #80 from square/dependabot/go_modules/github.com/urfave/cli-1.21.0 > Merge pull request #79 from square/mbyczkowski/godoc-badge > Merge pull request #71 from julianedwards/extractname > Merge pull request #77 from julianedwards/newtemplates > Merge pull request #73 from defer/ft-text-fixes > Merge pull request #69 from square/cs/dockerfile > Merge pull request #68 from square/cs/update-cli > Merge pull request #67 from square/cs/mod Co-authored-by: Edwin Xie <exie@pivotal.io>
…credhub-cli diego-ssh dockerapplifecycle ecrhelper executor fileserver healthcheck inigo localdriver locket operationq rep route-emitter routing-api routing-info systemcerts vizzini volman workpool garden grootfs guardian idmapper Submodule src/code.cloudfoundry.org/auction 46a89db7a..4c03ffcd7: > Add CODEOWNERS file in preparation for branch protection rules (#16) Submodule src/code.cloudfoundry.org/auctioneer be803dc1e..ec7efd6f7: > Add CODEOWNERS file in preparation for branch protection rules (#14) Submodule src/code.cloudfoundry.org/buildpackapplifecycle 717bad3b1..cb243e1d2: > Merge pull request #48 from Infra-Red/staging-error > Merge pull request #62 from geofffranks/main Submodule src/code.cloudfoundry.org/cacheddownloader a005bb235..2caa6ca34: > Add CODEOWNERS file in preparation for branch protection rules (#25) Submodule src/code.cloudfoundry.org/cfdot ef69fb66b..4d194a115: > Add CODEOWNERS file in preparation for branch protection rules (#8) Submodule src/code.cloudfoundry.org/credhub-cli a97b4319d..aa8fc4e79: > Bump go modules Submodule src/code.cloudfoundry.org/diego-ssh 1bdd96ca0..7461829a9: > Add CODEOWNERS file in preparation for branch protection rules (#49) Submodule src/code.cloudfoundry.org/dockerapplifecycle 0e49eedc7..93dcb397b: > Add CODEOWNERS file in preparation for branch protection rules (#12) Submodule src/code.cloudfoundry.org/ecrhelper 3949c0207..56a9cdc53: > Add CODEOWNERS file in preparation for branch protection rules (#3) Submodule src/code.cloudfoundry.org/executor d6dd1132b..2c29c7e2f: > Add CODEOWNERS file in preparation for branch protection rules (#81) Submodule src/code.cloudfoundry.org/fileserver f3dfda90a..ddeb9bd6d: > Add CODEOWNERS file in preparation for branch protection rules (#8) Submodule src/code.cloudfoundry.org/healthcheck ba40fd720..6587beaf1: > Add CODEOWNERS file in preparation for branch protection rules (#10) Submodule src/code.cloudfoundry.org/inigo 8e5bf0cc7..b300679e6: > Add CODEOWNERS file in preparation for branch protection rules (#27) Submodule src/code.cloudfoundry.org/localdriver bfbf40217..6d5a2bf56: > Add CODEOWNERS file in preparation for branch protection rules (#3) Submodule src/code.cloudfoundry.org/locket 6cd541649..08e003863: > Add CODEOWNERS file in preparation for branch protection rules (#15) Submodule src/code.cloudfoundry.org/operationq 4522d0860..b625ea3c1: > Add CODEOWNERS file in preparation for branch protection rules (#3) Submodule src/code.cloudfoundry.org/rep 8550a6340..192ca3a5a: > Add CODEOWNERS file in preparation for branch protection rules (#43) Submodule src/code.cloudfoundry.org/route-emitter b5abb628c..a17e814f0: > Add CODEOWNERS file in preparation for branch protection rules (#25) Submodule src/code.cloudfoundry.org/routing-api 9592985dc..b9e9e0b90: > Add CODEOWNERS file in preparation for branch protection rules Submodule src/code.cloudfoundry.org/routing-info c6998d604..079a27345: > Add CODEOWNERS file in preparation for branch protection rules Submodule src/code.cloudfoundry.org/systemcerts 221d6f2ae..10f68b45f: > Add CODEOWNERS file in preparation for branch protection rules (#2) Submodule src/code.cloudfoundry.org/vizzini 906e23011..5a2ef7822: > Add CODEOWNERS file in preparation for branch protection rules (#6) Submodule src/code.cloudfoundry.org/volman 76091d503..b60663cd4: > Add CODEOWNERS file in preparation for branch protection rules (#6) Submodule src/code.cloudfoundry.org/workpool 2e26d5d93..b93da105e: > Add CODEOWNERS file in preparation for branch protection rules (#3) Submodule src/garden ac53c57dc..2d96d2498: > Bump lager to v3.0.2 > Update go.mod dependencies Submodule src/grootfs 9ea0d4bb9..f8dceb408: > Bump lager to v3.0.2 > Update go.mod dependencies > Merge pull request #217 from geofffranks/main Submodule src/guardian fac28108a..809884ce5: > Bump lager to v3.0.2 > Update go.mod dependencies > Merge pull request #402 from geofffranks/main Submodule src/idmapper a41052025..39b35b84a: > Merge pull request #71 from geofffranks/main
I've tried to convert the BOSH Lite instructions, but end up lost because some stubs assume BOSH Lite. Some instructions for deploying a Diego CF to BOSH on AWS would make me happy.
The text was updated successfully, but these errors were encountered: