Last active
December 19, 2017 11:22
-
-
Save jacopen/e447fb3f409ae5935c9e69c27dcae531 to your computer and use it in GitHub Desktop.
Collocate UAA and API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Remove api and uaa | |
- type: remove | |
path: /instance_groups/name=api | |
- type: remove | |
path: /instance_groups/name=uaa | |
# Almost same as operations/scale-one-az.yml | |
- type: replace | |
path: /instance_groups/name=consul/instances | |
value: 1 | |
- type: replace | |
path: /instance_groups/name=nats/instances | |
value: 1 | |
- type: replace | |
path: /instance_groups/name=diego-api/instances | |
value: 1 | |
- type: replace | |
path: /instance_groups/name=consul/instances | |
value: 1 | |
- type: replace | |
path: /instance_groups/name=scheduler/instances | |
value: 1 | |
- type: replace | |
path: /instance_groups/name=diego-cell/instances | |
value: 2 | |
- type: replace | |
path: /instance_groups/name=router/instances | |
value: 1 | |
- type: replace | |
path: /instance_groups/name=cc-worker/instances | |
value: 1 | |
- type: replace | |
path: /instance_groups/name=adapter/instances | |
value: 1 | |
- type: replace | |
path: /instance_groups/name=doppler/instances | |
value: 1 | |
- type: replace | |
path: /instance_groups/name=log-api/instances | |
value: 1 | |
- type: replace | |
path: /instance_groups/name=tcp-router/instances | |
value: 1 | |
- type: replace | |
path: /instance_groups/name=consul/azs | |
value: [ z1 ] | |
- type: replace | |
path: /instance_groups/name=nats/azs | |
value: [ z1 ] | |
- type: replace | |
path: /instance_groups/name=diego-api/azs | |
value: [ z1 ] | |
- type: replace | |
path: /instance_groups/name=consul/azs | |
value: [ z1 ] | |
- type: replace | |
path: /instance_groups/name=scheduler/azs | |
value: [ z1 ] | |
- type: replace | |
path: /instance_groups/name=diego-cell/azs | |
value: [ z1 ] | |
- type: replace | |
path: /instance_groups/name=router/azs | |
value: [ z1 ] | |
- type: replace | |
path: /instance_groups/name=cc-worker/azs | |
value: [ z1 ] | |
- type: replace | |
path: /instance_groups/name=adapter/azs | |
value: [ z1 ] | |
- type: replace | |
path: /instance_groups/name=doppler/azs | |
value: [ z1 ] | |
- type: replace | |
path: /instance_groups/name=log-api/azs | |
value: [ z1 ] | |
- type: replace | |
path: /instance_groups/name=tcp-router/azs | |
value: [ z1 ] | |
# Almost same as operations/rename-network.yml | |
- type: replace | |
path: /instance_groups/name=smoke-tests/networks/name=default/name | |
value: ((network_name)) | |
- type: replace | |
path: /instance_groups/name=consul/networks/name=default/name | |
value: ((network_name)) | |
- type: replace | |
path: /instance_groups/name=nats/networks/name=default/name | |
value: ((network_name)) | |
- type: replace | |
path: /instance_groups/name=doppler/networks/name=default/name | |
value: ((network_name)) | |
- type: replace | |
path: /instance_groups/name=database/networks/name=default/name | |
value: ((network_name)) | |
- type: replace | |
path: /instance_groups/name=diego-api/networks/name=default/name | |
value: ((network_name)) | |
- type: replace | |
path: /instance_groups/name=singleton-blobstore/networks/name=default/name | |
value: ((network_name)) | |
- type: replace | |
path: /instance_groups/name=cc-worker/networks/name=default/name | |
value: ((network_name)) | |
- type: replace | |
path: /instance_groups/name=router/networks/name=default/name | |
value: ((network_name)) | |
- type: replace | |
path: /instance_groups/name=scheduler/networks/name=default/name | |
value: ((network_name)) | |
- type: replace | |
path: /instance_groups/name=diego-cell/networks/name=default/name | |
value: ((network_name)) | |
- type: replace | |
path: /instance_groups/name=log-api/networks/name=default/name | |
value: ((network_name)) | |
- type: replace | |
path: /instance_groups/name=tcp-router/networks/name=default/name | |
value: ((network_name)) | |
- type: replace | |
path: /instance_groups/name=adapter/networks/name=default/name | |
value: ((network_name)) | |
# Control VM | |
- type: replace | |
path: /instance_groups/name=router:before | |
value: | |
name: control | |
azs: | |
- z1 | |
instances: 1 | |
vm_type: small | |
stemcell: default | |
networks: | |
- name: bosh-network | |
jobs: | |
- name: consul_agent | |
release: consul | |
consumes: | |
consul_common: {from: consul_common_link} | |
consul_server: nil | |
consul_client: {from: consul_client_link} | |
properties: | |
consul: | |
agent: | |
services: | |
cloud_controller_ng: {} | |
routing-api: {} | |
policy-server-internal: | |
name: policy-server | |
uaa: {} | |
- name: cloud_controller_ng | |
release: capi | |
provides: | |
cloud_controller: {as: cloud_controller, shared: true} | |
properties: | |
router: | |
route_services_secret: "((router_route_services_secret))" | |
system_domain: "((system_domain))" | |
app_domains: | |
- "((system_domain))" | |
app_ssh: | |
host_key_fingerprint: "((diego_ssh_proxy_host_key.public_key_fingerprint))" | |
routing_api: &routing_api | |
enabled: true | |
ssl: | |
skip_cert_verify: true | |
uaa: | |
ca_cert: "((uaa_ssl.ca))" | |
clients: | |
cc_routing: | |
secret: "((uaa_clients_cc-routing_secret))" | |
cloud_controller_username_lookup: | |
secret: "((uaa_clients_cloud_controller_username_lookup_secret))" | |
cc-service-dashboards: | |
secret: "((uaa_clients_cc-service-dashboards_secret))" | |
cc_service_key_client: | |
secret: "((uaa_clients_cc_service_key_client_secret))" | |
url: https://uaa.((system_domain)) | |
cc: | |
stacks: | |
- name: cflinuxfs2 | |
description: Cloud Foundry Linux-based filesystem | |
default_running_security_groups: | |
- public_networks | |
- dns | |
default_staging_security_groups: | |
- public_networks | |
- dns | |
security_group_definitions: | |
- name: public_networks | |
rules: | |
- destination: 0.0.0.0-9.255.255.255 | |
protocol: all | |
- destination: 11.0.0.0-169.253.255.255 | |
protocol: all | |
- destination: 169.255.0.0-172.15.255.255 | |
protocol: all | |
- destination: 172.32.0.0-192.167.255.255 | |
protocol: all | |
- destination: 192.169.0.0-255.255.255.255 | |
protocol: all | |
- name: dns | |
rules: | |
- destination: 0.0.0.0/0 | |
ports: '53' | |
protocol: tcp | |
- destination: 0.0.0.0/0 | |
ports: '53' | |
protocol: udp | |
install_buildpacks: | |
## Order is important here | |
- name: staticfile_buildpack | |
package: staticfile-buildpack | |
- name: java_buildpack | |
package: java-buildpack | |
- name: ruby_buildpack | |
package: ruby-buildpack | |
- name: dotnet_core_buildpack | |
package: dotnet-core-buildpack | |
- name: nodejs_buildpack | |
package: nodejs-buildpack | |
- name: go_buildpack | |
package: go-buildpack | |
- name: python_buildpack | |
package: python-buildpack | |
- name: php_buildpack | |
package: php-buildpack | |
- name: binary_buildpack | |
package: binary-buildpack | |
diego: &bypass_bridge | |
temporary_cc_uploader_mtls: true | |
temporary_droplet_download_mtls: true | |
temporary_local_apps: true | |
temporary_local_staging: true | |
temporary_local_sync: true | |
temporary_local_tasks: true | |
temporary_local_tps: true | |
db_encryption_key: "((cc_db_encryption_key))" | |
bulk_api_password: "((cc_bulk_api_password))" | |
internal_api_password: "((cc_internal_api_password))" | |
staging_upload_user: staging_user | |
staging_upload_password: "((cc_staging_upload_password))" | |
buildpacks: &blobstore-properties | |
blobstore_type: webdav | |
webdav_config: | |
ca_cert: "((blobstore_tls.ca))" | |
blobstore_timeout: 5 | |
password: "((blobstore_admin_users_password))" | |
private_endpoint: https://blobstore.service.cf.internal:4443 | |
public_endpoint: https://blobstore.((system_domain)) | |
username: blobstore-user | |
resource_pool: *blobstore-properties | |
packages: *blobstore-properties | |
droplets: *blobstore-properties | |
mutual_tls: &cc_mutual_tls | |
ca_cert: "((cc_tls.ca))" | |
public_cert: "((cc_tls.certificate))" | |
private_key: "((cc_tls.private_key))" | |
ccdb: &ccdb | |
databases: | |
- name: cloud_controller | |
tag: cc | |
db_scheme: mysql | |
port: 3306 | |
roles: | |
- name: cloud_controller | |
password: "((cc_database_password))" | |
tag: admin | |
- name: binary-buildpack | |
release: binary-buildpack | |
- name: dotnet-core-buildpack | |
release: dotnet-core-buildpack | |
- name: go-buildpack | |
release: go-buildpack | |
- name: java-buildpack | |
release: java-buildpack | |
- name: nodejs-buildpack | |
release: nodejs-buildpack | |
- name: php-buildpack | |
release: php-buildpack | |
- name: python-buildpack | |
release: python-buildpack | |
- name: ruby-buildpack | |
release: ruby-buildpack | |
- name: staticfile-buildpack | |
release: staticfile-buildpack | |
- name: route_registrar #hoge | |
release: routing | |
properties: | |
route_registrar: | |
routes: | |
- health_check: | |
name: uaa-healthcheck | |
script_path: "/var/vcap/jobs/uaa/bin/health_check" | |
name: uaa | |
port: 8081 | |
registration_interval: 10s | |
tags: | |
component: uaa | |
uris: | |
- uaa.((system_domain)) | |
- "*.uaa.((system_domain))" | |
- login.((system_domain)) | |
- "*.login.((system_domain))" | |
- name: api | |
registration_interval: 20s | |
port: 9022 | |
tags: | |
component: CloudController | |
uris: | |
- api.((system_domain)) | |
health_check: | |
name: api-health-check | |
script_path: "/var/vcap/jobs/cloud_controller_ng/bin/cloud_controller_ng_health_check" | |
timeout: 3s | |
- name: policy-server | |
port: 4002 | |
registration_interval: 20s | |
uris: | |
- api.((system_domain))/networking | |
- name: statsd_injector | |
release: statsd-injector | |
properties: &statsd_injector_properties | |
loggregator: | |
tls: | |
ca_cert: "((loggregator_tls_statsdinjector.ca))" | |
statsd_injector: | |
cert: "((loggregator_tls_statsdinjector.certificate))" | |
key: "((loggregator_tls_statsdinjector.private_key))" | |
- name: file_server | |
release: diego | |
- name: routing-api | |
release: routing | |
properties: | |
routing_api: | |
system_domain: "((system_domain))" | |
router_groups: | |
- name: default-tcp | |
type: tcp | |
reservable_ports: 1024-1123 | |
sqldb: | |
host: sql-db.service.cf.internal | |
type: mysql | |
port: 3306 | |
schema: routing-api | |
username: routing-api | |
password: "((routing_api_database_password))" | |
locket: | |
api_location: "locket.service.cf.internal:8891" | |
ca_cert: "((diego_locket_client.ca))" | |
client_cert: "((diego_locket_client.certificate))" | |
client_key: "((diego_locket_client.private_key))" | |
uaa: | |
ca_cert: "((uaa_ca.certificate))" | |
tls_port: 8443 | |
- name: policy-server | |
release: cf-networking | |
properties: | |
cf_networking: | |
policy_server: | |
uaa_client_secret: ((uaa_clients_network_policy_secret)) | |
uaa_ca: ((uaa_ssl.ca)) | |
database: | |
type: mysql | |
username: network_policy | |
password: ((network_policy_database_password)) | |
host: sql-db.service.cf.internal | |
port: 3306 | |
name: network_policy | |
- name: policy-server-internal | |
release: cf-networking | |
properties: | |
cf_networking: | |
policy_server_internal: | |
ca_cert: ((network_policy_server.ca)) | |
server_cert: ((network_policy_server.certificate)) | |
server_key: ((network_policy_server.private_key)) | |
- name: cc_uploader | |
release: capi | |
properties: | |
capi: | |
cc_uploader: | |
cc: | |
ca_cert: "((cc_bridge_cc_uploader.ca))" | |
client_cert: "((cc_bridge_cc_uploader.certificate))" | |
client_key: "((cc_bridge_cc_uploader.private_key))" | |
mutual_tls: | |
ca_cert: "((cc_bridge_cc_uploader_server.ca))" | |
server_cert: "((cc_bridge_cc_uploader_server.certificate))" | |
server_key: "((cc_bridge_cc_uploader_server.private_key))" | |
- name: uaa | |
release: uaa | |
properties: | |
login: | |
saml: | |
serviceProviderKey: "((uaa_login_saml.private_key))" | |
serviceProviderCertificate: "((uaa_login_saml.certificate))" | |
uaa: | |
port: 8081 | |
sslCertificate: "((uaa_ssl.certificate))" | |
sslPrivateKey: "((uaa_ssl.private_key))" | |
zones: | |
internal: | |
hostnames: | |
- uaa.service.cf.internal | |
url: https://uaa.((system_domain)) | |
admin: | |
client_secret: "((uaa_admin_client_secret))" | |
logging_level: INFO | |
scim: | |
users: | |
- name: admin | |
password: "((cf_admin_password))" | |
groups: | |
- cloud_controller.admin | |
- doppler.firehose | |
- network.admin | |
- openid | |
- routing.router_groups.read | |
- routing.router_groups.write | |
- scim.read | |
- scim.write | |
- name: bosh | |
password: "((cf_bosh_password))" | |
groups: | |
- cloud_controller.admin | |
- doppler.firehose | |
- openid | |
- routing.router_groups.read | |
- routing.router_groups.write | |
- scim.read | |
- scim.write | |
jwt: | |
policy: | |
active_key_id: key-1 | |
keys: | |
key-1: | |
signingKey: "((uaa_jwt_signing_key.private_key))" | |
clients: | |
cc_routing: | |
authorities: routing.router_groups.read | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_cc-routing_secret))" | |
cc-service-dashboards: | |
authorities: clients.read,clients.write,clients.admin | |
authorized-grant-types: client_credentials | |
scope: openid,cloud_controller_service_permissions.read | |
secret: "((uaa_clients_cc-service-dashboards_secret))" | |
cc_service_key_client: | |
authorities: credhub.read,credhub.write | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_cc_service_key_client_secret))" | |
cf: | |
access-token-validity: 600 | |
authorities: uaa.none | |
authorized-grant-types: password,refresh_token | |
override: true | |
refresh-token-validity: 2592000 | |
scope: network.admin,network.write,cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read,routing.router_groups.write,cloud_controller.admin_read_only,cloud_controller.global_auditor | |
secret: '' | |
cloud_controller_username_lookup: | |
authorities: scim.userids | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_cloud_controller_username_lookup_secret))" | |
doppler: | |
authorities: uaa.resource | |
override: true | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_doppler_secret))" | |
gorouter: | |
authorities: routing.routes.read | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_gorouter_secret))" | |
ssh-proxy: | |
authorized-grant-types: authorization_code | |
autoapprove: true | |
override: true | |
redirect-uri: "https://uaa.((system_domain))/login" | |
scope: openid,cloud_controller.read,cloud_controller.write | |
secret: "((uaa_clients_ssh-proxy_secret))" | |
routing_api_client: | |
authorities: routing.routes.write,routing.routes.read,routing.router_groups.read | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_routing_api_client_secret))" | |
network-policy: | |
authorities: uaa.resource,cloud_controller.admin_read_only | |
authorized-grant-types: client_credentials | |
secret: ((uaa_clients_network_policy_secret)) | |
tcp_emitter: | |
authorities: routing.routes.write,routing.routes.read | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_tcp_emitter_secret))" | |
tcp_router: | |
authorities: routing.routes.read | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_tcp_router_secret))" | |
uaadb: | |
databases: | |
- name: uaa | |
tag: uaa | |
db_scheme: mysql | |
port: 3306 | |
roles: | |
- name: uaa | |
password: "((uaa_database_password))" | |
tag: admin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: control | |
azs: | |
- z1 | |
instances: 1 | |
vm_type: small | |
vm_extensions: | |
- 50GB_ephemeral_disk | |
stemcell: default | |
networks: | |
- name: default | |
jobs: | |
- name: consul_agent | |
release: consul | |
consumes: | |
consul_common: {from: consul_common_link} | |
consul_server: nil | |
consul_client: {from: consul_client_link} | |
properties: | |
consul: | |
agent: | |
services: | |
cloud_controller_ng: {} | |
routing-api: {} | |
policy-server-internal: | |
name: policy-server | |
- name: cloud_controller_ng | |
release: capi | |
provides: | |
cloud_controller: {as: cloud_controller, shared: true} | |
properties: | |
router: | |
route_services_secret: "((router_route_services_secret))" | |
system_domain: "((system_domain))" | |
app_domains: | |
- "((system_domain))" | |
app_ssh: | |
host_key_fingerprint: "((diego_ssh_proxy_host_key.public_key_fingerprint))" | |
routing_api: &routing_api | |
enabled: true | |
ssl: | |
skip_cert_verify: true | |
uaa: | |
ca_cert: "((uaa_ssl.ca))" | |
clients: | |
cc_routing: | |
secret: "((uaa_clients_cc-routing_secret))" | |
cloud_controller_username_lookup: | |
secret: "((uaa_clients_cloud_controller_username_lookup_secret))" | |
cc-service-dashboards: | |
secret: "((uaa_clients_cc-service-dashboards_secret))" | |
cc_service_key_client: | |
secret: "((uaa_clients_cc_service_key_client_secret))" | |
url: https://uaa.((system_domain)) | |
cc: | |
stacks: | |
- name: cflinuxfs2 | |
description: Cloud Foundry Linux-based filesystem | |
default_running_security_groups: | |
- public_networks | |
- dns | |
default_staging_security_groups: | |
- public_networks | |
- dns | |
security_group_definitions: | |
- name: public_networks | |
rules: | |
- destination: 0.0.0.0-9.255.255.255 | |
protocol: all | |
- destination: 11.0.0.0-169.253.255.255 | |
protocol: all | |
- destination: 169.255.0.0-172.15.255.255 | |
protocol: all | |
- destination: 172.32.0.0-192.167.255.255 | |
protocol: all | |
- destination: 192.169.0.0-255.255.255.255 | |
protocol: all | |
- name: dns | |
rules: | |
- destination: 0.0.0.0/0 | |
ports: '53' | |
protocol: tcp | |
- destination: 0.0.0.0/0 | |
ports: '53' | |
protocol: udp | |
install_buildpacks: | |
## Order is important here | |
- name: staticfile_buildpack | |
package: staticfile-buildpack | |
- name: java_buildpack | |
package: java-buildpack | |
- name: ruby_buildpack | |
package: ruby-buildpack | |
- name: dotnet_core_buildpack | |
package: dotnet-core-buildpack | |
- name: nodejs_buildpack | |
package: nodejs-buildpack | |
- name: go_buildpack | |
package: go-buildpack | |
- name: python_buildpack | |
package: python-buildpack | |
- name: php_buildpack | |
package: php-buildpack | |
- name: binary_buildpack | |
package: binary-buildpack | |
diego: &bypass_bridge | |
temporary_cc_uploader_mtls: true | |
temporary_droplet_download_mtls: true | |
temporary_local_apps: true | |
temporary_local_staging: true | |
temporary_local_sync: true | |
temporary_local_tasks: true | |
temporary_local_tps: true | |
db_encryption_key: "((cc_db_encryption_key))" | |
bulk_api_password: "((cc_bulk_api_password))" | |
internal_api_password: "((cc_internal_api_password))" | |
staging_upload_user: staging_user | |
staging_upload_password: "((cc_staging_upload_password))" | |
buildpacks: &blobstore-properties | |
blobstore_type: webdav | |
webdav_config: | |
ca_cert: "((blobstore_tls.ca))" | |
blobstore_timeout: 5 | |
password: "((blobstore_admin_users_password))" | |
private_endpoint: https://blobstore.service.cf.internal:4443 | |
public_endpoint: https://blobstore.((system_domain)) | |
username: blobstore-user | |
resource_pool: *blobstore-properties | |
packages: *blobstore-properties | |
droplets: *blobstore-properties | |
mutual_tls: &cc_mutual_tls | |
ca_cert: "((cc_tls.ca))" | |
public_cert: "((cc_tls.certificate))" | |
private_key: "((cc_tls.private_key))" | |
ccdb: &ccdb | |
databases: | |
- name: cloud_controller | |
tag: cc | |
db_scheme: mysql | |
port: 3306 | |
roles: | |
- name: cloud_controller | |
password: "((cc_database_password))" | |
tag: admin | |
- name: binary-buildpack | |
release: binary-buildpack | |
- name: dotnet-core-buildpack | |
release: dotnet-core-buildpack | |
- name: go-buildpack | |
release: go-buildpack | |
- name: java-buildpack | |
release: java-buildpack | |
- name: nodejs-buildpack | |
release: nodejs-buildpack | |
- name: php-buildpack | |
release: php-buildpack | |
- name: python-buildpack | |
release: python-buildpack | |
- name: ruby-buildpack | |
release: ruby-buildpack | |
- name: staticfile-buildpack | |
release: staticfile-buildpack | |
- name: route_registrar | |
release: routing | |
properties: | |
route_registrar: | |
routes: | |
- name: api | |
registration_interval: 20s | |
port: 9022 | |
tags: | |
component: CloudController | |
uris: | |
- api.((system_domain)) | |
health_check: | |
name: api-health-check | |
script_path: "/var/vcap/jobs/cloud_controller_ng/bin/cloud_controller_ng_health_check" | |
timeout: 3s | |
- name: policy-server | |
port: 4002 | |
registration_interval: 20s | |
uris: | |
- api.((system_domain))/networking | |
- name: statsd_injector | |
release: statsd-injector | |
properties: *statsd_injector_properties | |
- name: file_server | |
release: diego | |
- name: routing-api | |
release: routing | |
properties: | |
routing_api: | |
system_domain: "((system_domain))" | |
router_groups: | |
- name: default-tcp | |
type: tcp | |
reservable_ports: 1024-1123 | |
sqldb: | |
host: sql-db.service.cf.internal | |
type: mysql | |
port: 3306 | |
schema: routing-api | |
username: routing-api | |
password: "((routing_api_database_password))" | |
locket: | |
api_location: "locket.service.cf.internal:8891" | |
ca_cert: "((diego_locket_client.ca))" | |
client_cert: "((diego_locket_client.certificate))" | |
client_key: "((diego_locket_client.private_key))" | |
uaa: | |
ca_cert: "((uaa_ca.certificate))" | |
tls_port: 8443 | |
- name: policy-server | |
release: cf-networking | |
properties: | |
cf_networking: | |
policy_server: | |
uaa_client_secret: ((uaa_clients_network_policy_secret)) | |
uaa_ca: ((uaa_ssl.ca)) | |
database: | |
type: mysql | |
username: network_policy | |
password: ((network_policy_database_password)) | |
host: sql-db.service.cf.internal | |
port: 3306 | |
name: network_policy | |
- name: policy-server-internal | |
release: cf-networking | |
properties: | |
cf_networking: | |
policy_server_internal: | |
ca_cert: ((network_policy_server.ca)) | |
server_cert: ((network_policy_server.certificate)) | |
server_key: ((network_policy_server.private_key)) | |
- name: cc_uploader | |
release: capi | |
properties: | |
capi: | |
cc_uploader: | |
cc: | |
ca_cert: "((cc_bridge_cc_uploader.ca))" | |
client_cert: "((cc_bridge_cc_uploader.certificate))" | |
client_key: "((cc_bridge_cc_uploader.private_key))" | |
mutual_tls: | |
ca_cert: "((cc_bridge_cc_uploader_server.ca))" | |
server_cert: "((cc_bridge_cc_uploader_server.certificate))" | |
server_key: "((cc_bridge_cc_uploader_server.private_key))" | |
- name: consul_agent | |
release: consul | |
consumes: | |
consul_common: {from: consul_common_link} | |
consul_server: nil | |
consul_client: {from: consul_client_link} | |
properties: | |
consul: | |
agent: | |
services: | |
uaa: {} | |
- name: uaa | |
release: uaa | |
properties: | |
login: | |
saml: | |
serviceProviderKey: "((uaa_login_saml.private_key))" | |
serviceProviderCertificate: "((uaa_login_saml.certificate))" | |
uaa: | |
sslCertificate: "((uaa_ssl.certificate))" | |
sslPrivateKey: "((uaa_ssl.private_key))" | |
zones: | |
internal: | |
hostnames: | |
- uaa.service.cf.internal | |
url: https://uaa.((system_domain)) | |
admin: | |
client_secret: "((uaa_admin_client_secret))" | |
logging_level: INFO | |
scim: | |
users: | |
- name: admin | |
password: "((cf_admin_password))" | |
groups: | |
- cloud_controller.admin | |
- doppler.firehose | |
- network.admin | |
- openid | |
- routing.router_groups.read | |
- routing.router_groups.write | |
- scim.read | |
- scim.write | |
- name: bosh | |
password: "((cf_bosh_password))" | |
groups: | |
- cloud_controller.admin | |
- doppler.firehose | |
- openid | |
- routing.router_groups.read | |
- routing.router_groups.write | |
- scim.read | |
- scim.write | |
jwt: | |
policy: | |
active_key_id: key-1 | |
keys: | |
key-1: | |
signingKey: "((uaa_jwt_signing_key.private_key))" | |
clients: | |
cc_routing: | |
authorities: routing.router_groups.read | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_cc-routing_secret))" | |
cc-service-dashboards: | |
authorities: clients.read,clients.write,clients.admin | |
authorized-grant-types: client_credentials | |
scope: openid,cloud_controller_service_permissions.read | |
secret: "((uaa_clients_cc-service-dashboards_secret))" | |
cc_service_key_client: | |
authorities: credhub.read,credhub.write | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_cc_service_key_client_secret))" | |
cf: | |
access-token-validity: 600 | |
authorities: uaa.none | |
authorized-grant-types: password,refresh_token | |
override: true | |
refresh-token-validity: 2592000 | |
scope: network.admin,network.write,cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read,routing.router_groups.write,cloud_controller.admin_read_only,cloud_controller.global_auditor | |
secret: '' | |
cloud_controller_username_lookup: | |
authorities: scim.userids | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_cloud_controller_username_lookup_secret))" | |
doppler: | |
authorities: uaa.resource | |
override: true | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_doppler_secret))" | |
gorouter: | |
authorities: routing.routes.read | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_gorouter_secret))" | |
ssh-proxy: | |
authorized-grant-types: authorization_code | |
autoapprove: true | |
override: true | |
redirect-uri: "https://uaa.((system_domain))/login" | |
scope: openid,cloud_controller.read,cloud_controller.write | |
secret: "((uaa_clients_ssh-proxy_secret))" | |
routing_api_client: | |
authorities: routing.routes.write,routing.routes.read,routing.router_groups.read | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_routing_api_client_secret))" | |
network-policy: | |
authorities: uaa.resource,cloud_controller.admin_read_only | |
authorized-grant-types: client_credentials | |
secret: ((uaa_clients_network_policy_secret)) | |
tcp_emitter: | |
authorities: routing.routes.write,routing.routes.read | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_tcp_emitter_secret))" | |
tcp_router: | |
authorities: routing.routes.read | |
authorized-grant-types: client_credentials | |
secret: "((uaa_clients_tcp_router_secret))" | |
uaadb: | |
databases: | |
- name: uaa | |
tag: uaa | |
db_scheme: mysql | |
port: 3306 | |
roles: | |
- name: uaa | |
password: "((uaa_database_password))" | |
tag: admin | |
- name: route_registrar | |
release: routing | |
properties: | |
route_registrar: | |
routes: | |
- health_check: | |
name: uaa-healthcheck | |
script_path: "/var/vcap/jobs/uaa/bin/health_check" | |
name: uaa | |
port: 8080 | |
registration_interval: 10s | |
tags: | |
component: uaa | |
uris: | |
- uaa.((system_domain)) | |
- "*.uaa.((system_domain))" | |
- login.((system_domain)) | |
- "*.login.((system_domain))" | |
- name: statsd_injector | |
release: statsd-injector | |
properties: &statsd_injector_properties | |
loggregator: | |
tls: | |
ca_cert: "((loggregator_tls_statsdinjector.ca))" | |
statsd_injector: | |
cert: "((loggregator_tls_statsdinjector.certificate))" | |
key: "((loggregator_tls_statsdinjector.private_key))" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment