This document describes how to use the internal-pcf repository to:
- Provision a Concourse installation that prioritizes private networking. A NAT VM is the only resource that has a public address.
- Deploy a Pivotal Cloud Foundry installation (via a Concourse pipeline) that prioritizes private networking. A trio of NAT VMs is the only resources that has a public address.
- This project is focused on deploying into an existing networking environment and assumes that a VPC network and 5 subnetworks already exist. No new network or subnetworks will be created.
- Really important: There is no external ingress configured for this installation. You will either need an existing VPN tunnel/gateway configured into your VPC, or perform all of the below instructions from an accessible jumpbox in one of the existing subnetworks. Note that the jumpbox created by
bbldoes not have a public address.
- If you will be using existing subnetworks that are smaller than
/16, you will need a patched version ofbbluntil this PR is merged. Download here: Linux(bf23eb4f95e07392858613809a0796bb1caf97d5) or Mac(d76f510decf402ea873f014449131590220374ae). - Install
bbl's dependencies. - Install
direnv - Clone this repository
-
Create a new directory with the structure required to apply customizations:
mkdir env-stage-internal-pcf && cd !$ export BBL_DIR=$(pwd) -
Initialize the directory as a git repository:
git init -
From the directory where you cloned this repository, run the following command to copy the customizations in:
cd bbl-overlays cp .envrc ${BBL_DIR} cp byo-network/*.sh ${BBL_DIR} cp byo-network/*.yml ${BBL_DIR} for dir in byo-network internal-tcp-lb nat jumpbox_private_ip; do pushd ${dir} rsync -avzh --ignore-errors terraform ${BBL_DIR} rsync -avzh --ignore-errors vars ${BBL_DIR} rsync -avzh --ignore-errors cloud-config ${BBL_DIR} popd done -
Go to ${BBL_DIR/vars and edit
.envrc -
Go to ${BBL_DIR}/vars and edit
byo_network.tfvars. You must specify a subnet that is just for Concourse - the upcoming PCF installation can not use this subnet. -
Use
bblto provision a BOSH director:cd ${BBL_DIR} bbl plan --name <CHANGE> bbl up -
Load the creds and upload a stemcell:
eval "$(bbl print-env)" bosh upload-stemcell --sha1 7333cc0d2042cd7b167a7d57c03f38562cd4e01c \ https://bosh.io/d/stemcells/bosh-google-kvm-ubuntu-trusty-go_agent?v=3586.24
-
In the original cloned repo, navigate to
concourse-bosh-deployment/cluster, edit values indeploy.sh, then run it. -
Once Concourse has been deployed, locate its load balancer's private address and use
flyto target the installation.
-
In the original cloned repo, navigate to
pcf-pipelines/install-pcf/gcpand edit the values inparams.yml. -
Edit
pipeline.ymlas follows:
-
set
source.uriin thepcf-pipelinesresource tohttps://github.com/evandbrown/pcf-pipelines.git, -
set
source.branchin thepcf-pipelinesresource tointernal-pipelines -
remove
source.private_key -
the
pcf-pipelinesresource in your `pipelines.yml should look something like:... resources: - name: pcf-pipelines type: git source: uri: https://github.com/evandbrown/pcf-pipelines.git branch: internal-pipelines ...
-
Apply the pipeline with something like
fly -t your-team set-pipeline -p your-pipeline-name -c pipeline.yml -l params.yml -
Navigate to your pipeline's webpage, unpause it, then manually trigger the
bootstrap-terraform-statetask, then manually trigger every task sequentially starting withupload-opsman-image