Skip to content

Commit

Permalink
Consolidate VMs (implements cloudfoundry#173)
Browse files Browse the repository at this point in the history 
- Moves ssh_proxy job to router instance-group
- Moves cc_uploader job to api instance-group
- Moves file_server job to api instance-group
- Consolidates remaining jobs from cc-bridge, cc-clock, and diego-brain instance-groups (cloud_controller_clock; nsync and tps; auctioneer) on new scheduler instance-group
  • Loading branch information
@emalm
emalm committed Sep 15, 2017
1 parent 7d659aa commit 5f06a0a
Show file tree
Hide file tree
Showing 21 changed files with 183 additions and 287 deletions.
237 changes: 101 additions & 136 deletions cf-deployment.yml
View file
Expand Up @@ -784,6 +784,8 @@ instance_groups:
- name: statsd_injector
release: statsd-injector
properties: *statsd_injector_properties
- name: file_server
release: diego
- name: routing-api
release: routing
properties:
Expand Down Expand Up @@ -825,6 +827,27 @@ instance_groups:
ca_cert: ((network_policy_server.ca))
server_cert: ((network_policy_server.certificate))
server_key: ((network_policy_server.private_key))
- name: stager
release: capi
properties:
capi:
stager:
bbs: *diego_bbs_client_properties
cc:
basic_auth_password: "((cc_internal_api_password))"
- name: cc_uploader
release: capi
properties:
capi:
cc_uploader:
cc:
ca_cert: "((cc_bridge_cc_uploader.ca))"
client_cert: "((cc_bridge_cc_uploader.certificate))"
client_key: "((cc_bridge_cc_uploader.private_key))"
mutual_tls:
ca_cert: "((cc_bridge_cc_uploader_server.ca))"
server_cert: "((cc_bridge_cc_uploader_server.certificate))"
server_key: "((cc_bridge_cc_uploader_server.private_key))"
- name: cc-worker
azs:
- z1
Expand Down Expand Up @@ -891,6 +914,7 @@ instance_groups:
vm_type: minimal
vm_extensions:
- cf-router-network-properties
- diego-ssh-proxy-network-properties
stemcell: default
update:
max_in_flight: 1
Expand Down Expand Up @@ -933,6 +957,18 @@ instance_groups:
ca_cert: "((uaa_ssl.ca))"
ssl:
port: 8443
- name: ssh_proxy
release: diego
properties:
diego:
ssh_proxy:
enable_cf_auth: true
host_key: "((diego_ssh_proxy_host_key.private_key))"
uaa_secret: "((uaa_clients_ssh-proxy_secret))"
uaa:
ca_cert: "((uaa_ssl.ca))"
port: 8443
bbs: *diego_bbs_client_properties
- name: metron_agent
release: loggregator
properties: *metron_agent_properties
Expand Down Expand Up @@ -966,14 +1002,16 @@ instance_groups:
- name: metron_agent
release: loggregator
properties: *metron_agent_properties
- name: diego-brain
- name: scheduler
azs:
- z1
- z2
instances: 2
migrated_from:
- {name: cc-bridge}
- {name: cc-clock}
- {name: diego-brain}
vm_type: minimal
vm_extensions:
- diego-ssh-proxy-network-properties
stemcell: default
update:
serial: true
Expand All @@ -992,20 +1030,6 @@ instance_groups:
diego:
cfdot:
bbs: *diego_bbs_client_properties
- name: ssh_proxy
release: diego
properties:
diego:
ssh_proxy:
enable_cf_auth: true
host_key: "((diego_ssh_proxy_host_key.private_key))"
uaa_secret: "((uaa_clients_ssh-proxy_secret))"
uaa:
ca_cert: "((uaa_ssl.ca))"
port: 8443
bbs: *diego_bbs_client_properties
- name: file_server
release: diego
- name: auctioneer
release: diego
properties:
Expand All @@ -1021,9 +1045,69 @@ instance_groups:
client_cert: "((diego_rep_client.certificate))"
client_key: "((diego_rep_client.private_key))"
loggregator: *diego_loggregator_client_properties
- name: cloud_controller_clock
release: capi
properties:
hm9000:
port: -1
cc:
db_encryption_key: "((cc_db_encryption_key))"
default_to_diego_backend: true
install_buildpacks: *cc_install_buildpacks
default_running_security_groups: *cc_default_running_security_groups
default_staging_security_groups: *cc_default_staging_security_groups
security_group_definitions: *cc_security_group_definitions
internal_api_password: "((cc_internal_api_password))"
bulk_api_password: "((cc_bulk_api_password))"
quota_definitions: *quota_definitions
staging_upload_user: staging_user
staging_upload_password: "((cc_staging_upload_password))"
resource_pool: *blobstore-properties
packages: *blobstore-properties
droplets: *blobstore-properties
buildpacks: *blobstore-properties
mutual_tls: *cc_mutual_tls
ccdb: *ccdb
system_domain: "((system_domain))"
app_domains: *app_domains
routing_api: *routing_api
uaa:
ca_cert: "((uaa_ssl.ca))"
clients:
cc-service-dashboards:
secret: "((uaa_clients_cc-service-dashboards_secret))"
cc_routing:
secret: "((uaa_clients_cc-routing_secret))"
url: https://uaa.((system_domain))
ssl:
port: 8443
- name: metron_agent
release: loggregator
properties: *metron_agent_properties
- name: statsd_injector
release: statsd-injector
properties: *statsd_injector_properties
- name: nsync
release: capi
properties:
diego:
ssl: *ssl
capi:
nsync:
bbs: *diego_bbs_client_properties
cc:
basic_auth_password: "((cc_internal_api_password))"
base_url: https://api.((system_domain))
- name: tps
release: capi
properties:
capi:
tps:
bbs: *diego_bbs_client_properties
cc:
ca_cert: "((cc_bridge_tps.ca))"
client_cert: "((cc_bridge_tps.certificate))"
client_key: "((cc_bridge_tps.private_key))"
- name: diego-cell
azs:
- z1
Expand Down Expand Up @@ -1128,125 +1212,6 @@ instance_groups:
client_key: ((silk_daemon.private_key))
- name: cni
release: cf-networking
- name: cc-clock
azs:
- z1
- z2
instances: 2
vm_type: small
stemcell: default
networks:
- name: default
jobs:
- name: consul_agent
release: consul
consumes:
consul_common: {from: consul_common_link}
consul_server: nil
consul_client: {from: consul_client_link}
- name: cloud_controller_clock
release: capi
properties:
hm9000:
port: -1
cc:
db_encryption_key: "((cc_db_encryption_key))"
default_to_diego_backend: true
install_buildpacks: *cc_install_buildpacks
default_running_security_groups: *cc_default_running_security_groups
default_staging_security_groups: *cc_default_staging_security_groups
security_group_definitions: *cc_security_group_definitions
internal_api_password: "((cc_internal_api_password))"
bulk_api_password: "((cc_bulk_api_password))"
quota_definitions: *quota_definitions
staging_upload_user: staging_user
staging_upload_password: "((cc_staging_upload_password))"
resource_pool: *blobstore-properties
packages: *blobstore-properties
droplets: *blobstore-properties
buildpacks: *blobstore-properties
mutual_tls: *cc_mutual_tls
ccdb: *ccdb
system_domain: "((system_domain))"
app_domains: *app_domains
routing_api: *routing_api
uaa:
ca_cert: "((uaa_ssl.ca))"
clients:
cc-service-dashboards:
secret: "((uaa_clients_cc-service-dashboards_secret))"
cc_routing:
secret: "((uaa_clients_cc-routing_secret))"
url: https://uaa.((system_domain))
ssl:
port: 8443
- name: metron_agent
release: loggregator
properties: *metron_agent_properties
- name: statsd_injector
release: statsd-injector
properties: *statsd_injector_properties
- name: cc-bridge
azs:
- z1
- z2
instances: 2
vm_type: minimal
stemcell: default
networks:
- name: default
jobs:
- name: consul_agent
release: consul
consumes:
consul_common: {from: consul_common_link}
consul_server: nil
consul_client: {from: consul_client_link}
- name: stager
release: capi
properties:
capi:
stager:
bbs: *diego_bbs_client_properties
cc:
basic_auth_password: "((cc_internal_api_password))"
- name: nsync
release: capi
properties:
diego:
ssl: *ssl
capi:
nsync:
bbs: *diego_bbs_client_properties
cc:
basic_auth_password: "((cc_internal_api_password))"
base_url: https://api.((system_domain))
- name: tps
release: capi
properties:
capi:
tps:
bbs: *diego_bbs_client_properties
cc:
ca_cert: "((cc_bridge_tps.ca))"
client_cert: "((cc_bridge_tps.certificate))"
client_key: "((cc_bridge_tps.private_key))"
- name: cc_uploader
release: capi
properties:
capi:
cc_uploader:
cc:
ca_cert: "((cc_bridge_cc_uploader.ca))"
client_cert: "((cc_bridge_cc_uploader.certificate))"
client_key: "((cc_bridge_cc_uploader.private_key))"
mutual_tls:
ca_cert: "((cc_bridge_cc_uploader_server.ca))"
server_cert: "((cc_bridge_cc_uploader_server.certificate))"
server_key: "((cc_bridge_cc_uploader_server.private_key))"
- name: metron_agent
release: loggregator
properties: *metron_agent_properties
- name: log-api
azs:
- z1
Expand Down
11 changes: 4 additions & 7 deletions operations/aws.yml
View file
@@ -1,14 +1,11 @@
---
# --- add vm extensions ---
- type: replace
path: /instance_groups/name=diego-brain/vm_extensions
value:
- ssh-proxy-lb
- 10GB_ephemeral_disk
- type: replace
path: /instance_groups/name=router/vm_extensions
value:
- router-lb
- ssh-proxy-lb
- 10GB_ephemeral_disk

# --- changing default ports ---
- type: replace
Expand All @@ -24,8 +21,8 @@
path: /instance_groups/name=cc-worker/jobs/name=cloud_controller_worker/properties/logger_endpoint?/port
value: 4443
- type: replace
path: /instance_groups/name=cc-clock/jobs/name=cloud_controller_clock/properties/doppler?/port
path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/doppler?/port
value: 4443
- type: replace
path: /instance_groups/name=cc-clock/jobs/name=cloud_controller_clock/properties/logger_endpoint?/port
path: /instance_groups/name=scheduler/jobs/name=cloud_controller_clock/properties/logger_endpoint?/port
value: 4443

0 comments on commit 5f06a0a

Please sign in to comment.