From ba36085fa844f3aaac5cfada03f9c115304ecaba Mon Sep 17 00:00:00 2001 From: dmitriy kalinin Date: Tue, 13 Oct 2015 12:05:31 -0700 Subject: [PATCH] clean up dev docs Signed-off-by: Marco Voelz --- README.md | 13 +-- docs/cli_workflow.md | 155 ---------------------------------- docs/migrating_from_godeps.md | 56 ------------ docs/uaa.md | 127 ---------------------------- 4 files changed, 4 insertions(+), 347 deletions(-) delete mode 100644 docs/migrating_from_godeps.md delete mode 100644 docs/uaa.md diff --git a/README.md b/README.md index 0e97fb17..93a4d2f5 100644 --- a/README.md +++ b/README.md @@ -18,12 +18,7 @@ Relevant documentation pages from bosh.io: ## Developer Notes -See the [CLI workflow](docs/cli_workflow.md) for more information on creating a manifest. - -To build bosh-init see our [workstation setup docs](https://github.com/cloudfoundry/bosh-init/blob/master/docs/build.md). - -To run bosh-init tests see our [test docs](https://github.com/cloudfoundry/bosh-init/blob/master/docs/test.md). - -To deploy BOSH with UAA using bosh-init see our [UAA docs](https://github.com/cloudfoundry/bosh-init/blob/master/docs/uaa.md). - -To learn more about the bosh-init design see our [architecture docs](https://github.com/cloudfoundry/bosh-init/blob/master/docs/architecture.md). +- [Workstation setup docs](docs/build.md) +- [Test docs](docs/test.md) +- [CLI workflow](docs/cli_workflow.md) + - [Architecture docs](docs/architecture.md) diff --git a/docs/cli_workflow.md b/docs/cli_workflow.md index 23181d42..0e4716d8 100644 --- a/docs/cli_workflow.md +++ b/docs/cli_workflow.md @@ -1,158 +1,3 @@ -# Create deployment manifest - -This file will be used by bosh-init to deploy BOSH on a single VM to AWS. See [the documentation on bosh.io](http://bosh.io/docs/init.html) for additional examples for other infrastructures. - -### Example deployment manifest - -```yaml ---- -name: bosh - -releases: -- name: bosh - url: https://bosh.io/d/github.com/cloudfoundry/bosh?v=206 - sha1: 04649aa32f910f8ff11cc25a38e563d4d1beb6db -- name: bosh-aws-cpi - url: https://bosh.io/d/github.com/cloudfoundry-incubator/bosh-aws-cpi-release?v=30 - sha1: 627f7ab28ca6cc945750eab75cd4eb7e3e335895 - -resource_pools: -- name: vms - network: private - stemcell: - url: https://bosh.io/d/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent?v=3012 - sha1: 3380b55948abe4c437dee97f67d2d8df4eec3fc1 - cloud_properties: - instance_type: m3.xlarge - ephemeral_disk: {size: 25_000, type: gp2} - availability_zone: AVAILABILITY-ZONE # <--- Replace with Availability Zone - -disk_pools: -- name: disks - disk_size: 20_000 - cloud_properties: {type: gp2} - -networks: -- name: private - type: manual - subnets: - - range: 10.0.0.0/24 - gateway: 10.0.0.1 - dns: [10.0.0.2] - cloud_properties: {subnet: SUBNET-ID} # <--- Replace with Subnet ID -- name: public - type: vip - -jobs: -- name: bosh - instances: 1 - - templates: - - {name: nats, release: bosh} - - {name: redis, release: bosh} - - {name: postgres, release: bosh} - - {name: blobstore, release: bosh} - - {name: director, release: bosh} - - {name: health_monitor, release: bosh} - - {name: registry, release: bosh} - - {name: cpi, release: bosh-aws-cpi} - - resource_pool: vms - persistent_disk_pool: disks - - networks: - - name: private - static_ips: [10.0.0.6] - default: [dns, gateway] - - name: public - static_ips: [ELASTIC-IP] # <--- Replace with Elastic IP - - properties: - nats: - address: 127.0.0.1 - user: nats - password: nats-password - - redis: - listen_addresss: 127.0.0.1 - address: 127.0.0.1 - password: redis-password - - postgres: &db - host: 127.0.0.1 - user: postgres - password: postgres-password - database: bosh - adapter: postgres - - registry: - address: 10.0.0.6 - host: 10.0.0.6 - db: *db - http: {user: admin, password: admin, port: 25777} - username: admin - password: admin - port: 25777 - - blobstore: - address: 10.0.0.6 - port: 25250 - provider: dav - director: {user: director, password: director-password} - agent: {user: agent, password: agent-password} - - director: - address: 127.0.0.1 - name: my-bosh - db: *db - cpi_job: cpi - max_threads: 10 - - hm: - director_account: {user: admin, password: admin} - resurrector_enabled: true - - aws: &aws - access_key_id: ACCESS-KEY-ID # <--- Replace with AWS Access Key ID - secret_access_key: SECRET-ACCESS-KEY # <--- Replace with AWS Secret Key - default_key_name: bosh - default_security_groups: [bosh] - region: us-east-1 - - agent: {mbus: "nats://nats:nats-password@10.0.0.6:4222"} - - ntp: &ntp [0.pool.ntp.org, 1.pool.ntp.org] - -cloud_provider: - template: {name: cpi, release: bosh-aws-cpi} - - ssh_tunnel: - host: ELASTIC-IP # <--- Replace with your Elastic IP address - port: 22 - user: vcap - private_key: ./bosh.pem # Path relative to this manifest file - - mbus: "https://mbus:mbus-password@ELASTIC-IP:6868" # <--- Replace with Elastic IP - - properties: - aws: *aws - agent: {mbus: "https://mbus:mbus-password@0.0.0.0:6868"} - blobstore: {provider: local, path: /var/vcap/micro_bosh/data/cache} - ntp: *ntp -``` - -See [https://github.com/cloudfoundry/bosh/tree/master/release/jobs](https://github.com/cloudfoundry/bosh/tree/master/release/jobs) for defaults - -# Deploy VM - -The command below deploys a VM with given releases using CPI release and stemcell. - -``` -bosh-init deploy bosh.yml -``` - ---- - # Deployment Flow This section describes how the CLI works. These steps are performed by the CLI. diff --git a/docs/migrating_from_godeps.md b/docs/migrating_from_godeps.md deleted file mode 100644 index c29f2417..00000000 --- a/docs/migrating_from_godeps.md +++ /dev/null @@ -1,56 +0,0 @@ -# Migrating from Godeps to Vendor - -Restore godeps dependencies into your GOPATH, so that we vendor the same revisions: - -``` -godep restore -``` - -Remove Godeps: - -``` -rm -rf Godeps -``` - -Remove Godeps from GOPATH in bin/env - -Get vendor tool: - -``` -go get github.com/kardianos/vendor -``` - -Vendor everything: - -``` -vendor init -vendor add -status ext -``` - -Disable govet. Since it will govet internal which we don't want. - -Remove internal from test packages in bin/test-unit -skipPackage="acceptance,integration,internal" - -We decided to use vendored ginkgo in our CI, so we vendor it explicitly, and re-vendor gomega so that is updates imports in ginkgo. - -``` -vendor add github.com/onsi/ginkgo/ginkgo -vendor add github.com/onsi/ginkgo/ginkgo/... -vendor add -status ext -``` - -Update install-ginkgo to install from internal dependecy: - -``` -$bin/go install ./internal/github.com/onsi/ginkgo/ginkgo -``` - -Clean everything from GOPATH: - -``` -cd $GOPATH -find src -type d -mindepth 2 -maxdepth 2 | grep -v 'cloudfoundry' | grep -v 'kardianos' | xargs rm -rf -find src -type d -mindepth 3 -maxdepth 3 | grep -v 'cloudfoundry/bosh-init' | grep -v 'kardianos' | xargs rm -rf -``` - -Run `bin/test` \ No newline at end of file diff --git a/docs/uaa.md b/docs/uaa.md deleted file mode 100644 index 238eadd0..00000000 --- a/docs/uaa.md +++ /dev/null @@ -1,127 +0,0 @@ -## Using UAA for authentication - -### 1. Download the UAA BOSH Release. - -Download a release from the releases page of [uaa-release](https://github.com/pivotal-cf-experimental/tmp-bosh-uaa-release/). - -### 2. Add stuff to your manifest. - -Add the `uaa` job to your deployment jobs: - - - { name: uaa, release: uaa } - -Add uaa job properties to either the global properties or the job properties. - -The following is an example property set: - -```yaml -properties: - director: - user_management: - provider: uaa - options: - key: uaa-secret-key - url: https://ADDRESS - uaa: - db: - address: DB-ADDRESS - name: uaadb - db_scheme: mysql - port: 3306 - username: DB-USER - password: DB-PASSWORD - port: 25889 - nginx_port: 443 - admin: {client_secret: PASSWORD} - client: {autoapprove: [bosh_cli]} - clients: - bosh_cli: - id: bosh_cli - override: true - authorized-grant-types: implicit,password,refresh_token - scope: openid - authorities: uaa.none - secret: "" - cc: {token_secret: "uaa-secret-key"} - scim: - users: - - marissa|koala|marissa@test.org|Marissa|Bloggs|uaa.user - userids_enabled: true - url: https://ADDRESS - login: {client_secret: PASSWORD} - ssl: - key: SSL_CERTIFICATE_KEY - cert: SSL_CERTIFICATE - domain: example.com - spring_profiles: mysql,default - login: - url: LOGIN_SERVER_URL - entityBaseURL: LOGIN_SERVER_URL - entityID: ENTITY_ID -``` - -To configure with LDAP add: - -```yaml -properties: - uaa: - ldap: - enabled: true - profile_type: search-and-bind - url: 'ldap://LDAP_HOST:389/' - userDN: 'cn=admin,dc=test,dc=com' - userPassword: 'password' - searchBase: 'dc=test,dc=com' - searchFilter: 'cn={0}' -``` - -to configure with SAML: - -```yaml -properties: - login: - saml: - serviceProviderKey: - serviceProviderKeyPassword: password - serviceProviderCertificate: - nameID: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' - assertionConsumerIndex: 0 - signMetaData: true - signRequest: true - socket: - connectionManagerTimeout: 10000 - soTimeout: 10000 - providers: - okta-local: - idpMetadata: idpMetadata - nameID: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - assertionConsumerIndex: 0 - metadataTrustCheck: true - showSamlLoginLink: true - linkText: 'Okta Preview 1' - iconUrl: 'http://link.to/icon.jpg' -``` - -to configure with client secret: - -```yaml -properties: - uaa: - clients: - test: - id: test - override: true - authorized-grant-types: implicit,password,refresh_token,client_credentials - scope: openid,password - authorities: uaa.none - secret: "secret" -``` - -### Notes - -* uaa.nginx_port must be 443 due to Tomcat redirect which ignores forwarded port -* BOSH director is using UAA with symmetric key encryption. See [UAA docs](https://github.com/cloudfoundry/uaa/blob/master/docs/Sysadmin-Guide.rst) on how to configure UAA with symmetric key. -Currently UAA will be using symmetric key encryption if jwt:token:signing-key and jwt:token:verification-key are the same. Specifying cc:token_secret will render jwt token keys with the same value. -* See UAA logs in `/var/vcap/sys/log/uaa.log` in case of any issues. -* Make sure there is only one UAA service running if there are no logs. -* `spring_profiles` should specify database type that is used by UAA.