Skip to content

Instantly share code, notes, and snippets.

@jacopen

jacopen/collocate.yml

Last active December 19, 2017 11:22
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jacopen/e447fb3f409ae5935c9e69c27dcae531 to your computer and use it in GitHub Desktop.
Save jacopen/e447fb3f409ae5935c9e69c27dcae531 to your computer and use it in GitHub Desktop.
Download ZIP
Collocate UAA and API
Raw
collocate.yml
# Remove api and uaa
- type: remove
path: /instance_groups/name=api
- type: remove
path: /instance_groups/name=uaa
# Almost same as operations/scale-one-az.yml
- type: replace
path: /instance_groups/name=consul/instances
value: 1
- type: replace
path: /instance_groups/name=nats/instances
value: 1
- type: replace
path: /instance_groups/name=diego-api/instances
value: 1
- type: replace
path: /instance_groups/name=consul/instances
value: 1
- type: replace
path: /instance_groups/name=scheduler/instances
value: 1
- type: replace
path: /instance_groups/name=diego-cell/instances
value: 2
- type: replace
path: /instance_groups/name=router/instances
value: 1
- type: replace
path: /instance_groups/name=cc-worker/instances
value: 1
- type: replace
path: /instance_groups/name=adapter/instances
value: 1
- type: replace
path: /instance_groups/name=doppler/instances
value: 1
- type: replace
path: /instance_groups/name=log-api/instances
value: 1
- type: replace
path: /instance_groups/name=tcp-router/instances
value: 1
- type: replace
path: /instance_groups/name=consul/azs
value: [ z1 ]
- type: replace
path: /instance_groups/name=nats/azs
value: [ z1 ]
- type: replace
path: /instance_groups/name=diego-api/azs
value: [ z1 ]
- type: replace
path: /instance_groups/name=consul/azs
value: [ z1 ]
- type: replace
path: /instance_groups/name=scheduler/azs
value: [ z1 ]
- type: replace
path: /instance_groups/name=diego-cell/azs
value: [ z1 ]
- type: replace
path: /instance_groups/name=router/azs
value: [ z1 ]
- type: replace
path: /instance_groups/name=cc-worker/azs
value: [ z1 ]
- type: replace
path: /instance_groups/name=adapter/azs
value: [ z1 ]
- type: replace
path: /instance_groups/name=doppler/azs
value: [ z1 ]
- type: replace
path: /instance_groups/name=log-api/azs
value: [ z1 ]
- type: replace
path: /instance_groups/name=tcp-router/azs
value: [ z1 ]
# Almost same as operations/rename-network.yml
- type: replace
path: /instance_groups/name=smoke-tests/networks/name=default/name
value: ((network_name))
- type: replace
path: /instance_groups/name=consul/networks/name=default/name
value: ((network_name))
- type: replace
path: /instance_groups/name=nats/networks/name=default/name
value: ((network_name))
- type: replace
path: /instance_groups/name=doppler/networks/name=default/name
value: ((network_name))
- type: replace
path: /instance_groups/name=database/networks/name=default/name
value: ((network_name))
- type: replace
path: /instance_groups/name=diego-api/networks/name=default/name
value: ((network_name))
- type: replace
path: /instance_groups/name=singleton-blobstore/networks/name=default/name
value: ((network_name))
- type: replace
path: /instance_groups/name=cc-worker/networks/name=default/name
value: ((network_name))
- type: replace
path: /instance_groups/name=router/networks/name=default/name
value: ((network_name))
- type: replace
path: /instance_groups/name=scheduler/networks/name=default/name
value: ((network_name))
- type: replace
path: /instance_groups/name=diego-cell/networks/name=default/name
value: ((network_name))
- type: replace
path: /instance_groups/name=log-api/networks/name=default/name
value: ((network_name))
- type: replace
path: /instance_groups/name=tcp-router/networks/name=default/name
value: ((network_name))
- type: replace
path: /instance_groups/name=adapter/networks/name=default/name
value: ((network_name))
# Control VM
- type: replace
path: /instance_groups/name=router:before
value:
name: control
azs:
- z1
instances: 1
vm_type: small
stemcell: default
networks:
- name: bosh-network
jobs:
- name: consul_agent
release: consul
consumes:
consul_common: {from: consul_common_link}
consul_server: nil
consul_client: {from: consul_client_link}
properties:
consul:
agent:
services:
cloud_controller_ng: {}
routing-api: {}
policy-server-internal:
name: policy-server
uaa: {}
- name: cloud_controller_ng
release: capi
provides:
cloud_controller: {as: cloud_controller, shared: true}
properties:
router:
route_services_secret: "((router_route_services_secret))"
system_domain: "((system_domain))"
app_domains:
- "((system_domain))"
app_ssh:
host_key_fingerprint: "((diego_ssh_proxy_host_key.public_key_fingerprint))"
routing_api: &routing_api
enabled: true
ssl:
skip_cert_verify: true
uaa:
ca_cert: "((uaa_ssl.ca))"
clients:
cc_routing:
secret: "((uaa_clients_cc-routing_secret))"
cloud_controller_username_lookup:
secret: "((uaa_clients_cloud_controller_username_lookup_secret))"
cc-service-dashboards:
secret: "((uaa_clients_cc-service-dashboards_secret))"
cc_service_key_client:
secret: "((uaa_clients_cc_service_key_client_secret))"
url: https://uaa.((system_domain))
cc:
stacks:
- name: cflinuxfs2
description: Cloud Foundry Linux-based filesystem
default_running_security_groups:
- public_networks
- dns
default_staging_security_groups:
- public_networks
- dns
security_group_definitions:
- name: public_networks
rules:
- destination: 0.0.0.0-9.255.255.255
protocol: all
- destination: 11.0.0.0-169.253.255.255
protocol: all
- destination: 169.255.0.0-172.15.255.255
protocol: all
- destination: 172.32.0.0-192.167.255.255
protocol: all
- destination: 192.169.0.0-255.255.255.255
protocol: all
- name: dns
rules:
- destination: 0.0.0.0/0
ports: '53'
protocol: tcp
- destination: 0.0.0.0/0
ports: '53'
protocol: udp
install_buildpacks:
## Order is important here
- name: staticfile_buildpack
package: staticfile-buildpack
- name: java_buildpack
package: java-buildpack
- name: ruby_buildpack
package: ruby-buildpack
- name: dotnet_core_buildpack
package: dotnet-core-buildpack
- name: nodejs_buildpack
package: nodejs-buildpack
- name: go_buildpack
package: go-buildpack
- name: python_buildpack
package: python-buildpack
- name: php_buildpack
package: php-buildpack
- name: binary_buildpack
package: binary-buildpack
diego: &bypass_bridge
temporary_cc_uploader_mtls: true
temporary_droplet_download_mtls: true
temporary_local_apps: true
temporary_local_staging: true
temporary_local_sync: true
temporary_local_tasks: true
temporary_local_tps: true
db_encryption_key: "((cc_db_encryption_key))"
bulk_api_password: "((cc_bulk_api_password))"
internal_api_password: "((cc_internal_api_password))"
staging_upload_user: staging_user
staging_upload_password: "((cc_staging_upload_password))"
buildpacks: &blobstore-properties
blobstore_type: webdav
webdav_config:
ca_cert: "((blobstore_tls.ca))"
blobstore_timeout: 5
password: "((blobstore_admin_users_password))"
private_endpoint: https://blobstore.service.cf.internal:4443
public_endpoint: https://blobstore.((system_domain))
username: blobstore-user
resource_pool: *blobstore-properties
packages: *blobstore-properties
droplets: *blobstore-properties
mutual_tls: &cc_mutual_tls
ca_cert: "((cc_tls.ca))"
public_cert: "((cc_tls.certificate))"
private_key: "((cc_tls.private_key))"
ccdb: &ccdb
databases:
- name: cloud_controller
tag: cc
db_scheme: mysql
port: 3306
roles:
- name: cloud_controller
password: "((cc_database_password))"
tag: admin
- name: binary-buildpack
release: binary-buildpack
- name: dotnet-core-buildpack
release: dotnet-core-buildpack
- name: go-buildpack
release: go-buildpack
- name: java-buildpack
release: java-buildpack
- name: nodejs-buildpack
release: nodejs-buildpack
- name: php-buildpack
release: php-buildpack
- name: python-buildpack
release: python-buildpack
- name: ruby-buildpack
release: ruby-buildpack
- name: staticfile-buildpack
release: staticfile-buildpack
- name: route_registrar #hoge
release: routing
properties:
route_registrar:
routes:
- health_check:
name: uaa-healthcheck
script_path: "/var/vcap/jobs/uaa/bin/health_check"
name: uaa
port: 8081
registration_interval: 10s
tags:
component: uaa
uris:
- uaa.((system_domain))
- "*.uaa.((system_domain))"
- login.((system_domain))
- "*.login.((system_domain))"
- name: api
registration_interval: 20s
port: 9022
tags:
component: CloudController
uris:
- api.((system_domain))
health_check:
name: api-health-check
script_path: "/var/vcap/jobs/cloud_controller_ng/bin/cloud_controller_ng_health_check"
timeout: 3s
- name: policy-server
port: 4002
registration_interval: 20s
uris:
- api.((system_domain))/networking
- name: statsd_injector
release: statsd-injector
properties: &statsd_injector_properties
loggregator:
tls:
ca_cert: "((loggregator_tls_statsdinjector.ca))"
statsd_injector:
cert: "((loggregator_tls_statsdinjector.certificate))"
key: "((loggregator_tls_statsdinjector.private_key))"
- name: file_server
release: diego
- name: routing-api
release: routing
properties:
routing_api:
system_domain: "((system_domain))"
router_groups:
- name: default-tcp
type: tcp
reservable_ports: 1024-1123
sqldb:
host: sql-db.service.cf.internal
type: mysql
port: 3306
schema: routing-api
username: routing-api
password: "((routing_api_database_password))"
locket:
api_location: "locket.service.cf.internal:8891"
ca_cert: "((diego_locket_client.ca))"
client_cert: "((diego_locket_client.certificate))"
client_key: "((diego_locket_client.private_key))"
uaa:
ca_cert: "((uaa_ca.certificate))"
tls_port: 8443
- name: policy-server
release: cf-networking
properties:
cf_networking:
policy_server:
uaa_client_secret: ((uaa_clients_network_policy_secret))
uaa_ca: ((uaa_ssl.ca))
database:
type: mysql
username: network_policy
password: ((network_policy_database_password))
host: sql-db.service.cf.internal
port: 3306
name: network_policy
- name: policy-server-internal
release: cf-networking
properties:
cf_networking:
policy_server_internal:
ca_cert: ((network_policy_server.ca))
server_cert: ((network_policy_server.certificate))
server_key: ((network_policy_server.private_key))
- name: cc_uploader
release: capi
properties:
capi:
cc_uploader:
cc:
ca_cert: "((cc_bridge_cc_uploader.ca))"
client_cert: "((cc_bridge_cc_uploader.certificate))"
client_key: "((cc_bridge_cc_uploader.private_key))"
mutual_tls:
ca_cert: "((cc_bridge_cc_uploader_server.ca))"
server_cert: "((cc_bridge_cc_uploader_server.certificate))"
server_key: "((cc_bridge_cc_uploader_server.private_key))"
- name: uaa
release: uaa
properties:
login:
saml:
serviceProviderKey: "((uaa_login_saml.private_key))"
serviceProviderCertificate: "((uaa_login_saml.certificate))"
uaa:
port: 8081
sslCertificate: "((uaa_ssl.certificate))"
sslPrivateKey: "((uaa_ssl.private_key))"
zones:
internal:
hostnames:
- uaa.service.cf.internal
url: https://uaa.((system_domain))
admin:
client_secret: "((uaa_admin_client_secret))"
logging_level: INFO
scim:
users:
- name: admin
password: "((cf_admin_password))"
groups:
- cloud_controller.admin
- doppler.firehose
- network.admin
- openid
- routing.router_groups.read
- routing.router_groups.write
- scim.read
- scim.write
- name: bosh
password: "((cf_bosh_password))"
groups:
- cloud_controller.admin
- doppler.firehose
- openid
- routing.router_groups.read
- routing.router_groups.write
- scim.read
- scim.write
jwt:
policy:
active_key_id: key-1
keys:
key-1:
signingKey: "((uaa_jwt_signing_key.private_key))"
clients:
cc_routing:
authorities: routing.router_groups.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_cc-routing_secret))"
cc-service-dashboards:
authorities: clients.read,clients.write,clients.admin
authorized-grant-types: client_credentials
scope: openid,cloud_controller_service_permissions.read
secret: "((uaa_clients_cc-service-dashboards_secret))"
cc_service_key_client:
authorities: credhub.read,credhub.write
authorized-grant-types: client_credentials
secret: "((uaa_clients_cc_service_key_client_secret))"
cf:
access-token-validity: 600
authorities: uaa.none
authorized-grant-types: password,refresh_token
override: true
refresh-token-validity: 2592000
scope: network.admin,network.write,cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read,routing.router_groups.write,cloud_controller.admin_read_only,cloud_controller.global_auditor
secret: ''
cloud_controller_username_lookup:
authorities: scim.userids
authorized-grant-types: client_credentials
secret: "((uaa_clients_cloud_controller_username_lookup_secret))"
doppler:
authorities: uaa.resource
override: true
authorized-grant-types: client_credentials
secret: "((uaa_clients_doppler_secret))"
gorouter:
authorities: routing.routes.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_gorouter_secret))"
ssh-proxy:
authorized-grant-types: authorization_code
autoapprove: true
override: true
redirect-uri: "https://uaa.((system_domain))/login"
scope: openid,cloud_controller.read,cloud_controller.write
secret: "((uaa_clients_ssh-proxy_secret))"
routing_api_client:
authorities: routing.routes.write,routing.routes.read,routing.router_groups.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_routing_api_client_secret))"
network-policy:
authorities: uaa.resource,cloud_controller.admin_read_only
authorized-grant-types: client_credentials
secret: ((uaa_clients_network_policy_secret))
tcp_emitter:
authorities: routing.routes.write,routing.routes.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_tcp_emitter_secret))"
tcp_router:
authorities: routing.routes.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_tcp_router_secret))"
uaadb:
databases:
- name: uaa
tag: uaa
db_scheme: mysql
port: 3306
roles:
- name: uaa
password: "((uaa_database_password))"
tag: admin
Raw
first.yml
- name: control
azs:
- z1
instances: 1
vm_type: small
vm_extensions:
- 50GB_ephemeral_disk
stemcell: default
networks:
- name: default
jobs:
- name: consul_agent
release: consul
consumes:
consul_common: {from: consul_common_link}
consul_server: nil
consul_client: {from: consul_client_link}
properties:
consul:
agent:
services:
cloud_controller_ng: {}
routing-api: {}
policy-server-internal:
name: policy-server
- name: cloud_controller_ng
release: capi
provides:
cloud_controller: {as: cloud_controller, shared: true}
properties:
router:
route_services_secret: "((router_route_services_secret))"
system_domain: "((system_domain))"
app_domains:
- "((system_domain))"
app_ssh:
host_key_fingerprint: "((diego_ssh_proxy_host_key.public_key_fingerprint))"
routing_api: &routing_api
enabled: true
ssl:
skip_cert_verify: true
uaa:
ca_cert: "((uaa_ssl.ca))"
clients:
cc_routing:
secret: "((uaa_clients_cc-routing_secret))"
cloud_controller_username_lookup:
secret: "((uaa_clients_cloud_controller_username_lookup_secret))"
cc-service-dashboards:
secret: "((uaa_clients_cc-service-dashboards_secret))"
cc_service_key_client:
secret: "((uaa_clients_cc_service_key_client_secret))"
url: https://uaa.((system_domain))
cc:
stacks:
- name: cflinuxfs2
description: Cloud Foundry Linux-based filesystem
default_running_security_groups:
- public_networks
- dns
default_staging_security_groups:
- public_networks
- dns
security_group_definitions:
- name: public_networks
rules:
- destination: 0.0.0.0-9.255.255.255
protocol: all
- destination: 11.0.0.0-169.253.255.255
protocol: all
- destination: 169.255.0.0-172.15.255.255
protocol: all
- destination: 172.32.0.0-192.167.255.255
protocol: all
- destination: 192.169.0.0-255.255.255.255
protocol: all
- name: dns
rules:
- destination: 0.0.0.0/0
ports: '53'
protocol: tcp
- destination: 0.0.0.0/0
ports: '53'
protocol: udp
install_buildpacks:
## Order is important here
- name: staticfile_buildpack
package: staticfile-buildpack
- name: java_buildpack
package: java-buildpack
- name: ruby_buildpack
package: ruby-buildpack
- name: dotnet_core_buildpack
package: dotnet-core-buildpack
- name: nodejs_buildpack
package: nodejs-buildpack
- name: go_buildpack
package: go-buildpack
- name: python_buildpack
package: python-buildpack
- name: php_buildpack
package: php-buildpack
- name: binary_buildpack
package: binary-buildpack
diego: &bypass_bridge
temporary_cc_uploader_mtls: true
temporary_droplet_download_mtls: true
temporary_local_apps: true
temporary_local_staging: true
temporary_local_sync: true
temporary_local_tasks: true
temporary_local_tps: true
db_encryption_key: "((cc_db_encryption_key))"
bulk_api_password: "((cc_bulk_api_password))"
internal_api_password: "((cc_internal_api_password))"
staging_upload_user: staging_user
staging_upload_password: "((cc_staging_upload_password))"
buildpacks: &blobstore-properties
blobstore_type: webdav
webdav_config:
ca_cert: "((blobstore_tls.ca))"
blobstore_timeout: 5
password: "((blobstore_admin_users_password))"
private_endpoint: https://blobstore.service.cf.internal:4443
public_endpoint: https://blobstore.((system_domain))
username: blobstore-user
resource_pool: *blobstore-properties
packages: *blobstore-properties
droplets: *blobstore-properties
mutual_tls: &cc_mutual_tls
ca_cert: "((cc_tls.ca))"
public_cert: "((cc_tls.certificate))"
private_key: "((cc_tls.private_key))"
ccdb: &ccdb
databases:
- name: cloud_controller
tag: cc
db_scheme: mysql
port: 3306
roles:
- name: cloud_controller
password: "((cc_database_password))"
tag: admin
- name: binary-buildpack
release: binary-buildpack
- name: dotnet-core-buildpack
release: dotnet-core-buildpack
- name: go-buildpack
release: go-buildpack
- name: java-buildpack
release: java-buildpack
- name: nodejs-buildpack
release: nodejs-buildpack
- name: php-buildpack
release: php-buildpack
- name: python-buildpack
release: python-buildpack
- name: ruby-buildpack
release: ruby-buildpack
- name: staticfile-buildpack
release: staticfile-buildpack
- name: route_registrar
release: routing
properties:
route_registrar:
routes:
- name: api
registration_interval: 20s
port: 9022
tags:
component: CloudController
uris:
- api.((system_domain))
health_check:
name: api-health-check
script_path: "/var/vcap/jobs/cloud_controller_ng/bin/cloud_controller_ng_health_check"
timeout: 3s
- name: policy-server
port: 4002
registration_interval: 20s
uris:
- api.((system_domain))/networking
- name: statsd_injector
release: statsd-injector
properties: *statsd_injector_properties
- name: file_server
release: diego
- name: routing-api
release: routing
properties:
routing_api:
system_domain: "((system_domain))"
router_groups:
- name: default-tcp
type: tcp
reservable_ports: 1024-1123
sqldb:
host: sql-db.service.cf.internal
type: mysql
port: 3306
schema: routing-api
username: routing-api
password: "((routing_api_database_password))"
locket:
api_location: "locket.service.cf.internal:8891"
ca_cert: "((diego_locket_client.ca))"
client_cert: "((diego_locket_client.certificate))"
client_key: "((diego_locket_client.private_key))"
uaa:
ca_cert: "((uaa_ca.certificate))"
tls_port: 8443
- name: policy-server
release: cf-networking
properties:
cf_networking:
policy_server:
uaa_client_secret: ((uaa_clients_network_policy_secret))
uaa_ca: ((uaa_ssl.ca))
database:
type: mysql
username: network_policy
password: ((network_policy_database_password))
host: sql-db.service.cf.internal
port: 3306
name: network_policy
- name: policy-server-internal
release: cf-networking
properties:
cf_networking:
policy_server_internal:
ca_cert: ((network_policy_server.ca))
server_cert: ((network_policy_server.certificate))
server_key: ((network_policy_server.private_key))
- name: cc_uploader
release: capi
properties:
capi:
cc_uploader:
cc:
ca_cert: "((cc_bridge_cc_uploader.ca))"
client_cert: "((cc_bridge_cc_uploader.certificate))"
client_key: "((cc_bridge_cc_uploader.private_key))"
mutual_tls:
ca_cert: "((cc_bridge_cc_uploader_server.ca))"
server_cert: "((cc_bridge_cc_uploader_server.certificate))"
server_key: "((cc_bridge_cc_uploader_server.private_key))"
- name: consul_agent
release: consul
consumes:
consul_common: {from: consul_common_link}
consul_server: nil
consul_client: {from: consul_client_link}
properties:
consul:
agent:
services:
uaa: {}
- name: uaa
release: uaa
properties:
login:
saml:
serviceProviderKey: "((uaa_login_saml.private_key))"
serviceProviderCertificate: "((uaa_login_saml.certificate))"
uaa:
sslCertificate: "((uaa_ssl.certificate))"
sslPrivateKey: "((uaa_ssl.private_key))"
zones:
internal:
hostnames:
- uaa.service.cf.internal
url: https://uaa.((system_domain))
admin:
client_secret: "((uaa_admin_client_secret))"
logging_level: INFO
scim:
users:
- name: admin
password: "((cf_admin_password))"
groups:
- cloud_controller.admin
- doppler.firehose
- network.admin
- openid
- routing.router_groups.read
- routing.router_groups.write
- scim.read
- scim.write
- name: bosh
password: "((cf_bosh_password))"
groups:
- cloud_controller.admin
- doppler.firehose
- openid
- routing.router_groups.read
- routing.router_groups.write
- scim.read
- scim.write
jwt:
policy:
active_key_id: key-1
keys:
key-1:
signingKey: "((uaa_jwt_signing_key.private_key))"
clients:
cc_routing:
authorities: routing.router_groups.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_cc-routing_secret))"
cc-service-dashboards:
authorities: clients.read,clients.write,clients.admin
authorized-grant-types: client_credentials
scope: openid,cloud_controller_service_permissions.read
secret: "((uaa_clients_cc-service-dashboards_secret))"
cc_service_key_client:
authorities: credhub.read,credhub.write
authorized-grant-types: client_credentials
secret: "((uaa_clients_cc_service_key_client_secret))"
cf:
access-token-validity: 600
authorities: uaa.none
authorized-grant-types: password,refresh_token
override: true
refresh-token-validity: 2592000
scope: network.admin,network.write,cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read,routing.router_groups.write,cloud_controller.admin_read_only,cloud_controller.global_auditor
secret: ''
cloud_controller_username_lookup:
authorities: scim.userids
authorized-grant-types: client_credentials
secret: "((uaa_clients_cloud_controller_username_lookup_secret))"
doppler:
authorities: uaa.resource
override: true
authorized-grant-types: client_credentials
secret: "((uaa_clients_doppler_secret))"
gorouter:
authorities: routing.routes.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_gorouter_secret))"
ssh-proxy:
authorized-grant-types: authorization_code
autoapprove: true
override: true
redirect-uri: "https://uaa.((system_domain))/login"
scope: openid,cloud_controller.read,cloud_controller.write
secret: "((uaa_clients_ssh-proxy_secret))"
routing_api_client:
authorities: routing.routes.write,routing.routes.read,routing.router_groups.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_routing_api_client_secret))"
network-policy:
authorities: uaa.resource,cloud_controller.admin_read_only
authorized-grant-types: client_credentials
secret: ((uaa_clients_network_policy_secret))
tcp_emitter:
authorities: routing.routes.write,routing.routes.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_tcp_emitter_secret))"
tcp_router:
authorities: routing.routes.read
authorized-grant-types: client_credentials
secret: "((uaa_clients_tcp_router_secret))"
uaadb:
databases:
- name: uaa
tag: uaa
db_scheme: mysql
port: 3306
roles:
- name: uaa
password: "((uaa_database_password))"
tag: admin
- name: route_registrar
release: routing
properties:
route_registrar:
routes:
- health_check:
name: uaa-healthcheck
script_path: "/var/vcap/jobs/uaa/bin/health_check"
name: uaa
port: 8080
registration_interval: 10s
tags:
component: uaa
uris:
- uaa.((system_domain))
- "*.uaa.((system_domain))"
- login.((system_domain))
- "*.login.((system_domain))"
- name: statsd_injector
release: statsd-injector
properties: &statsd_injector_properties
loggregator:
tls:
ca_cert: "((loggregator_tls_statsdinjector.ca))"
statsd_injector:
cert: "((loggregator_tls_statsdinjector.certificate))"
key: "((loggregator_tls_statsdinjector.private_key))"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment