nikhilsuvarna/bosh2.md

## bosh2.md

      
    Raw
  

              bosh2.md
            
          
    v1 vs v2 https://bosh.io/docs/cli-v2-diff.html
bosh2 is strict about SSL certs. If a director has been initialized using bosh1 cli, connecting to the director via bosh2 cli will throw the folowing error :
ubuntu@bosh-stemcell:~$ bosh2 alias-env dev -e 10.193.72.9 
Fetching info:
  Performing request GET 'https://10.193.72.9:25555/info':
    Performing GET request:
      Retry: Get https://10.193.72.9:25555/info: x509: cannot validate certificate for 10.193.72.9 because it doesn't contain any IP SANs

To fix this issue, follow the reference doc here : http://bosh.io/docs/director-certs bosh2 is used as a cert generator here.

create a template file :

variables:
- name: default_ca
  type: certificate
  options:
    is_ca: true
    common_name: bosh_ca
- name: director_ssl
  type: certificate
  options:
    ca: default_ca
    common_name: ((internal_ip))
    alternative_names: [((internal_ip))]
- name: uaa_ssl
  type: certificate
  options:
    ca: default_ca
    common_name: ((internal_ip))
    alternative_names: [((internal_ip))]
- name: uaa_service_provider_ssl
  type: certificate
  options:
    ca: default_ca
    common_name: ((internal_ip))
    alternative_names: [((internal_ip))]


run the following command :

bosh2 interpolate tpl.yml -v internal_ip=<director_ip> --vars-store certs.yml

This will generate a certs.yml with root_ca, cert and private key in  director_ssl section.

edit the yml file to update the following sections :

...
jobs:
- name: bosh
 properties:
   director:
     ssl:
       key: |
         -----BEGIN RSA PRIVATE KEY-----
         MII...
         -----END RSA PRIVATE KEY-----
       cert: |
         -----BEGIN CERTIFICATE-----
         MII...
         -----END CERTIFICATE-----
...
hm:
     
     director_account:
       
       ca_cert: |
         -----BEGIN CERTIFICATE-----
        
         -----END CERTIFICATE-----


If there is an existing director, detach the persistent disk and delete the vm from vSphere. Update the bosh-state.json so that new VM is created upon the next director deploy command


deploy director with the new updated certs.


bosh2 create-env bosh.yml


create an alias for a new "env" (equiv of a bosh target)

ubuntu@bosh-stemcell:~$ bosh2 alias-env dev -e 10.193.72.9 --ca-cert <(bosh2 int certs.yml --path /director_ssl/ca)
Using environment '10.193.72.9' as anonymous user

Name      enaml-bosh
UUID      7c7bec21-5387-4409-815f-79faa47d9294
Version   1.3232.2.0 (00000000)
CPI       vsphere_cpi
Features  compiled_package_cache: disabled
         dns: disabled
         snapshots: disabled
User      (not logged in)

Succeeded


login to the director (equiv of bosh login)

ubuntu@bosh-stemcell:~$ bosh2 log-in -e dev
Username (): director
Password ():

Using environment '10.193.72.9' as client 'director'

Logged in to '10.193.72.9'

Succeeded
ubuntu@bosh-stemcell:~$ bosh2 -e dev env
Using environment '10.193.72.9' as client 'director'

Name      enaml-bosh
UUID      7c7bec21-5387-4409-815f-79faa47d9294
Version   1.3232.2.0 (00000000)
CPI       vsphere_cpi
Features  compiled_package_cache: disabled
          dns: disabled
          snapshots: disabled
User      director

Succeeded


bosh status

ubuntu@bosh-stemcell:~$ bosh2 -e dev env
Using environment '10.193.72.9' as client 'director'

Name      enaml-bosh
UUID      7c7bec21-5387-4409-815f-79faa47d9294
Version   1.3232.2.0 (00000000)
CPI       vsphere_cpi
Features  compiled_package_cache: disabled
          dns: disabled
          snapshots: disabled
User      director


list aliased environments

ubuntu@bosh-stemcell:~$ bosh2 envs
URL          Alias
10.193.72.9  dev

1 environments

Succeeded


upload a release

bosh2 -e dev  ur nginx-1.11.7.tgz


upload stemcell

bosh2 -e dev  us https://s3.amazonaws.com/bosh-core-stemcells/vsphere/bosh-stemcell-3421.4-vsphere-esxi-ubuntu-trusty-go_agent.tgz


create a deployment

bosh2 -e dev -d nginx deploy nginx.yml