cgrant/about.md

## about.md

      
    Raw
  

              about.md
            
          
    These scripts are meant to be run using the Google Cloud Shell
$ curl -o install-director-infrastructure.sh https://gist.githubusercontent.com/raw/2818bdb9ee660d1928c011ac019878a9/install-director-infrastructure.sh && . ./install-director-infrastructure.sh

$ gcloud compute ssh bosh-bastion "curl -o install-director.sh https://gist.githubusercontent.com/raw/2818bdb9ee660d1928c011ac019878a9/install-director.sh && . ./install-director.sh"

then clean up with
$ curl -o destroy-director.sh https://gist.githubusercontent.com/raw/2818bdb9ee660d1928c011ac019878a9/destroy-director.sh && . ./destroy-director.sh


## destroy-director.sh
#
# Destroy
#
./terraform destroy -force
gcloud iam service-accounts delete terraform-bosh@${projectid}.iam.gserviceaccount.com -q
export projectid=
export region=
export zone=
rm ./terraform*
rm install-director-infrastructure.sh
rm main.tf
rm parse.sh
rm project-info.yml
rm destroy-director.sh

## install-director-infrastructure.sh
#!/bin/bash

# Set your project ID:
curl -o parse.sh https://gist.githubusercontent.com/raw/2818bdb9ee660d1928c011ac019878a9/parse.sh && . ./parse.sh
gcloud compute project-info describe > project-info.yml
eval $(parse_yaml project-info.yml "projectinfo_")
export projectid=$projectinfo_name

# Export your preferred compute region and zone:
export region=us-east1
export zone=us-east1-d

# Configure gcloud:
gcloud config set project ${projectid}
gcloud config set compute/zone ${zone}
gcloud config set compute/region ${region}


# Create a service account and key:
gcloud iam service-accounts create terraform-bosh
gcloud iam service-accounts keys create /tmp/terraform-bosh.key.json \
    --iam-account terraform-bosh@${projectid}.iam.gserviceaccount.com

# Grant the new service account editor access to your project:
gcloud projects add-iam-policy-binding ${projectid} \
    --member serviceAccount:terraform-bosh@${projectid}.iam.gserviceaccount.com \
    --role roles/editor

# Make your service account's key available in an environment variable to be used by terraform:
export GOOGLE_CREDENTIALS=$(cat /tmp/terraform-bosh.key.json)


# Get Terraform
curl -o terraform.zip https://releases.hashicorp.com/terraform/0.6.16/terraform_0.6.16_linux_amd64.zip
unzip -o terraform.zip

# Get terraform template
curl -o main.tf https://raw.githubusercontent.com/cloudfoundry-incubator/bosh-google-cpi-release/master/docs/bosh/main.tf

# Update main.tf with your Google Cloud Project ID
sed -i s#REPLACE-WITH-YOUR-GOOGLE-PROJECT-ID#$projectid# main.tf

# view the Terraform execution plan to see the resources that will be created:
./terraform plan -var region=${region} -var zone=${zone}

# Create the resources:
./terraform apply -var region=${region} -var zone=${zone}


## install-director.sh
zone=$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/zone)
zone=${zone##*/}
region=${zone%-*}
gcloud config set compute/zone ${zone}
gcloud config set compute/region ${region}

ssh-keygen -t rsa -f ~/.ssh/bosh -C bosh -N ""

sshpubfile=$(cat ~/.ssh/bosh.pub)&&echo -en "bosh:$sshpubfile" >~/.ssh/bosh.pub.temp
gcloud compute project-info add-metadata --metadata-from-file sshKeys=~/.ssh/bosh.pub.temp
rm ~/.ssh/bosh.pub.temp && sshpubfile=


# remove project wide ssh keys
# need better pattern to remove just the one
# gcloud compute project-info remove-metadata --keys sshKeys


mkdir google-bosh-director
cd google-bosh-director


cat >manifest.yml <<EOL
---
  name: bosh

  releases:
    - name: bosh
      url: https://bosh.io/d/github.com/cloudfoundry/bosh?v=256.2
      sha1: ff2f4e16e02f66b31c595196052a809100cfd5a8
    - name: bosh-google-cpi
      url: https://storage.googleapis.com/bosh-cpi-artifacts/bosh-google-cpi-20.tgz
      sha1: 9b4ada4267f1523f5d278e0813eb055e91ea15ed

  resource_pools:
    - name: vms
      network: private
      stemcell:
        url: https://storage.googleapis.com/bosh-cpi-artifacts/light-bosh-stemcell-3218-google-kvm-ubuntu-trusty-go_agent.tgz
        sha1: 0dc6993b093030cf20d309b065a45336272c9c08
      cloud_properties:
        machine_type: n1-standard-4
        root_disk_size_gb: 40
        root_disk_type: pd-standard
        service_scopes:
          - compute
          - devstorage.full_control

  disk_pools:
    - name: disks
      disk_size: 32_768
      cloud_properties:
        type: pd-standard

  networks:
    - name: vip
      type: vip
    - name: private
      type: manual
      subnets:
      - range: 10.0.0.0/29
        gateway: 10.0.0.1
        static: [10.0.0.3-10.0.0.7]
        cloud_properties:
          network_name: cf
          subnetwork_name: bosh-{{REGION}}
          ephemeral_external_ip: true
          tags:
            - bosh-internal

  jobs:
    - name: bosh
      instances: 1

      templates:
        - name: nats
          release: bosh
        - name: postgres
          release: bosh
        - name: powerdns
          release: bosh
        - name: blobstore
          release: bosh
        - name: director
          release: bosh
        - name: health_monitor
          release: bosh
        - name: google_cpi
          release: bosh-google-cpi

      resource_pool: vms
      persistent_disk_pool: disks

      networks:
        - name: private
          static_ips: [10.0.0.6]
          default:
            - dns
            - gateway

      properties:
        nats:
          address: 127.0.0.1
          user: nats
          password: nats-password

        postgres: &db
          listen_address: 127.0.0.1
          host: 127.0.0.1
          user: postgres
          password: postgres-password
          database: bosh
          adapter: postgres

        dns:
          address: 10.0.0.6
          domain_name: microbosh
          db: *db
          recursor: 169.254.169.254

        blobstore:
          address: 10.0.0.6
          port: 25250
          provider: dav
          director:
            user: director
            password: director-password
          agent:
            user: agent
            password: agent-password

        director:
          address: 127.0.0.1
          name: micro-google
          db: *db
          cpi_job: google_cpi
          user_management:
            provider: local
            local:
              users:
                - name: admin
                  password: admin
                - name: hm
                  password: hm-password
        hm:
          director_account:
            user: hm
            password: hm-password
          resurrector_enabled: true

        google: &google_properties
          project: {{PROJECT_ID}}
          default_zone: {{ZONE}}

        agent:
          mbus: nats://nats:nats-password@10.0.0.6:4222
          ntp: *ntp
          blobstore:
             options:
               endpoint: http://10.0.0.6:25250
               user: agent
               password: agent-password

        ntp: &ntp
          - 169.254.169.254

  cloud_provider:
    template:
      name: google_cpi
      release: bosh-google-cpi

    ssh_tunnel:
      host: 10.0.0.6
      port: 22
      user: bosh
      private_key: {{SSH_KEY_PATH}}

    mbus: https://mbus:mbus-password@10.0.0.6:6868

    properties:
      google: *google_properties
      agent:
        mbus: https://mbus:mbus-password@0.0.0.0:6868
        blobstore:
          provider: local
          options:
            blobstore_path: /var/vcap/micro_bosh/data/cache
        ntp: *ntp
EOL

sed -i s#{{PROJECT_ID}}#`curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/project/project-id`# manifest.yml
sed -i s#{{SSH_KEY_PATH}}#$HOME/.ssh/bosh# manifest.yml
sed -i s#{{REGION}}#$region# manifest.yml
sed -i s#{{ZONE}}#$zone# manifest.yml

until bosh-init -v | grep -m 1 "version"; do echo "Waiting for bosh-init to be available"; done

bosh-init deploy manifest.yml
#bosh-init delete manifest.yml

## parse.sh
# borrowed from https://gist.github.com/pkuczynski/8665367
parse_yaml() {
   local prefix=$2
   local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
   sed -ne "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \
        -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p"  $1 |
   awk -F$fs '{
      indent = length($1)/2;
      vname[indent] = $2;
      for (i in vname) {if (i > indent) {delete vname[i]}}
      if (length($3) > 0) {
         vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("_")}
         printf("%s%s%s=\"%s\"\n", "'$prefix'",vn, $2, $3);
      }
   }'
}
	#
	# Destroy
	#
	./terraform destroy -force
	gcloud iam service-accounts delete terraform-bosh@${projectid}.iam.gserviceaccount.com -q
	export projectid=
	export region=
	export zone=
	rm ./terraform*
	rm install-director-infrastructure.sh
	rm main.tf
	rm parse.sh
	rm project-info.yml
	rm destroy-director.sh
	#!/bin/bash

	# Set your project ID:
	curl -o parse.sh https://gist.githubusercontent.com/raw/2818bdb9ee660d1928c011ac019878a9/parse.sh && . ./parse.sh
	gcloud compute project-info describe > project-info.yml
	eval $(parse_yaml project-info.yml "projectinfo_")
	export projectid=$projectinfo_name

	# Export your preferred compute region and zone:
	export region=us-east1
	export zone=us-east1-d

	# Configure gcloud:
	gcloud config set project ${projectid}
	gcloud config set compute/zone ${zone}
	gcloud config set compute/region ${region}


	# Create a service account and key:
	gcloud iam service-accounts create terraform-bosh
	gcloud iam service-accounts keys create /tmp/terraform-bosh.key.json \
	--iam-account terraform-bosh@${projectid}.iam.gserviceaccount.com

	# Grant the new service account editor access to your project:
	gcloud projects add-iam-policy-binding ${projectid} \
	--member serviceAccount:terraform-bosh@${projectid}.iam.gserviceaccount.com \
	--role roles/editor

	# Make your service account's key available in an environment variable to be used by terraform:
	export GOOGLE_CREDENTIALS=$(cat /tmp/terraform-bosh.key.json)


	# Get Terraform
	curl -o terraform.zip https://releases.hashicorp.com/terraform/0.6.16/terraform_0.6.16_linux_amd64.zip
	unzip -o terraform.zip

	# Get terraform template
	curl -o main.tf https://raw.githubusercontent.com/cloudfoundry-incubator/bosh-google-cpi-release/master/docs/bosh/main.tf

	# Update main.tf with your Google Cloud Project ID
	sed -i s#REPLACE-WITH-YOUR-GOOGLE-PROJECT-ID#$projectid# main.tf

	# view the Terraform execution plan to see the resources that will be created:
	./terraform plan -var region=${region} -var zone=${zone}

	# Create the resources:
	./terraform apply -var region=${region} -var zone=${zone}
	zone=$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/zone)
	zone=${zone##*/}
	region=${zone%-*}
	gcloud config set compute/zone ${zone}
	gcloud config set compute/region ${region}

	ssh-keygen -t rsa -f ~/.ssh/bosh -C bosh -N ""

	sshpubfile=$(cat ~/.ssh/bosh.pub)&&echo -en "bosh:$sshpubfile" >~/.ssh/bosh.pub.temp
	gcloud compute project-info add-metadata --metadata-from-file sshKeys=~/.ssh/bosh.pub.temp
	rm ~/.ssh/bosh.pub.temp && sshpubfile=


	# remove project wide ssh keys
	# need better pattern to remove just the one
	# gcloud compute project-info remove-metadata --keys sshKeys


	mkdir google-bosh-director
	cd google-bosh-director


	cat >manifest.yml <<EOL
	---
	name: bosh

	releases:
	- name: bosh
	url: https://bosh.io/d/github.com/cloudfoundry/bosh?v=256.2
	sha1: ff2f4e16e02f66b31c595196052a809100cfd5a8
	- name: bosh-google-cpi
	url: https://storage.googleapis.com/bosh-cpi-artifacts/bosh-google-cpi-20.tgz
	sha1: 9b4ada4267f1523f5d278e0813eb055e91ea15ed

	resource_pools:
	- name: vms
	network: private
	stemcell:
	url: https://storage.googleapis.com/bosh-cpi-artifacts/light-bosh-stemcell-3218-google-kvm-ubuntu-trusty-go_agent.tgz
	sha1: 0dc6993b093030cf20d309b065a45336272c9c08
	cloud_properties:
	machine_type: n1-standard-4
	root_disk_size_gb: 40
	root_disk_type: pd-standard
	service_scopes:
	- compute
	- devstorage.full_control

	disk_pools:
	- name: disks
	disk_size: 32_768
	cloud_properties:
	type: pd-standard

	networks:
	- name: vip
	type: vip
	- name: private
	type: manual
	subnets:
	- range: 10.0.0.0/29
	gateway: 10.0.0.1
	static: [10.0.0.3-10.0.0.7]
	cloud_properties:
	network_name: cf
	subnetwork_name: bosh-{{REGION}}
	ephemeral_external_ip: true
	tags:
	- bosh-internal

	jobs:
	- name: bosh
	instances: 1

	templates:
	- name: nats
	release: bosh
	- name: postgres
	release: bosh
	- name: powerdns
	release: bosh
	- name: blobstore
	release: bosh
	- name: director
	release: bosh
	- name: health_monitor
	release: bosh
	- name: google_cpi
	release: bosh-google-cpi

	resource_pool: vms
	persistent_disk_pool: disks

	networks:
	- name: private
	static_ips: [10.0.0.6]
	default:
	- dns
	- gateway

	properties:
	nats:
	address: 127.0.0.1
	user: nats
	password: nats-password

	postgres: &db
	listen_address: 127.0.0.1
	host: 127.0.0.1
	user: postgres
	password: postgres-password
	database: bosh
	adapter: postgres

	dns:
	address: 10.0.0.6
	domain_name: microbosh
	db: *db
	recursor: 169.254.169.254

	blobstore:
	address: 10.0.0.6
	port: 25250
	provider: dav
	director:
	user: director
	password: director-password
	agent:
	user: agent
	password: agent-password

	director:
	address: 127.0.0.1
	name: micro-google
	db: *db
	cpi_job: google_cpi
	user_management:
	provider: local
	local:
	users:
	- name: admin
	password: admin
	- name: hm
	password: hm-password
	hm:
	director_account:
	user: hm
	password: hm-password
	resurrector_enabled: true

	google: &google_properties
	project: {{PROJECT_ID}}
	default_zone: {{ZONE}}

	agent:
	mbus: nats://nats:nats-password@10.0.0.6:4222
	ntp: *ntp
	blobstore:
	options:
	endpoint: http://10.0.0.6:25250
	user: agent
	password: agent-password

	ntp: &ntp
	- 169.254.169.254

	cloud_provider:
	template:
	name: google_cpi
	release: bosh-google-cpi

	ssh_tunnel:
	host: 10.0.0.6
	port: 22
	user: bosh
	private_key: {{SSH_KEY_PATH}}

	mbus: https://mbus:mbus-password@10.0.0.6:6868

	properties:
	google: *google_properties
	agent:
	mbus: https://mbus:mbus-password@0.0.0.0:6868
	blobstore:
	provider: local
	options:
	blobstore_path: /var/vcap/micro_bosh/data/cache
	ntp: *ntp
	EOL

	sed -i s#{{PROJECT_ID}}#`curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/project/project-id`# manifest.yml
	sed -i s#{{SSH_KEY_PATH}}#$HOME/.ssh/bosh# manifest.yml
	sed -i s#{{REGION}}#$region# manifest.yml
	sed -i s#{{ZONE}}#$zone# manifest.yml

	until bosh-init -v \| grep -m 1 "version"; do echo "Waiting for bosh-init to be available"; done

	bosh-init deploy manifest.yml
	#bosh-init delete manifest.yml
	# borrowed from https://gist.github.com/pkuczynski/8665367
	parse_yaml() {
	local prefix=$2
	local s='[[:space:]]' w='[a-zA-Z0-9_]' fs=$(echo @\|tr @ '\034')
	sed -ne "s\|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$\|\1$fs\2$fs\3\|p" \
	-e "s\|^\($s\)\($w\)$s:$s\(.*\)$s\$\|\1$fs\2$fs\3\|p" $1 \|
	awk -F$fs '{
	indent = length($1)/2;
	vname[indent] = $2;
	for (i in vname) {if (i > indent) {delete vname[i]}}
	if (length($3) > 0) {
	vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("_")}
	printf("%s%s%s=\"%s\"\n", "'$prefix'",vn, $2, $3);
	}
	}'
	}