-
Notifications
You must be signed in to change notification settings - Fork 27
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
All the files I didn't commit already
- Loading branch information
Thomas Mitchell
committed
Feb 1, 2018
1 parent
2b93d98
commit f8be81c
Showing
5 changed files
with
188 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
*.tar.gz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
--- | ||
# This file should abstract out the cert paths in the vault | ||
meta: | ||
certs: | ||
consul: | ||
ca: (( vault meta.vault "/consul/certs/ca:certificate" )) | ||
|
||
server: | ||
server_cert: (( vault meta.vault "/consul/certs/server:certificate" )) | ||
server_key: (( vault meta.vault "/consul/certs/server:key" )) | ||
agent: | ||
agent_cert: (( vault meta.vault "/consul/certs/agent:certificate" )) | ||
agent_key: (( vault meta.vault "/consul/certs/agent:key" )) | ||
|
||
|
||
diego: | ||
ca: (( vault meta.vault "/diego/certs/ca:certificate" )) | ||
|
||
auctioneer: | ||
server: | ||
server_cert: (( vault meta.vault "/diego/certs/auctioneer:certificate" )) | ||
server_key: (( vault meta.vault "/diego/certs/auctioneer:key" )) | ||
client: | ||
client_cert: (( vault meta.vault "/diego/certs/auctioneer_client:certificate" )) | ||
client_key: (( vault meta.vault "/diego/certs/auctioneer_client:key" )) | ||
|
||
bbs: | ||
server: | ||
server_cert: (( vault meta.vault "/diego/certs/bbs:certificate" )) | ||
server_key: (( vault meta.vault "/diego/certs/bbs:key" )) | ||
client: | ||
client_cert: (( vault meta.vault "/diego/certs/bbs_client:certificate" )) | ||
client_key: (( vault meta.vault "/diego/certs/bbs_client:key" )) | ||
|
||
capi: | ||
server: | ||
public_cert: (( vault meta.vault "/diego/certs/capi:certificate" )) | ||
private_key: (( vault meta.vault "/diego/certs/capi:key" )) | ||
|
||
cc_uploader: | ||
server: | ||
server_cert: (( vault meta.vault "/diego/certs/cc_uploader_server:certificate" )) | ||
server_key: (( vault meta.vault "/diego/certs/cc_uploader_server:key" )) | ||
client: | ||
client_cert: (( vault meta.vault "/diego/certs/cc_uploader:certificate" )) | ||
client_key: (( vault meta.vault "/diego/certs/cc_uploader:key" )) | ||
|
||
rep: | ||
server: | ||
server_cert: (( vault meta.vault "/diego/certs/rep:certificate" )) | ||
server_key: (( vault meta.vault "/diego/certs/rep:key" )) | ||
client: | ||
client_cert: (( vault meta.vault "/diego/certs/rep_client:certificate" )) | ||
client_key: (( vault meta.vault "/diego/certs/rep_client:key" )) | ||
|
||
syslogdrainbinder: | ||
server: | ||
cert: (( vault meta.vault "/diego/certs/syslogdrainbinder:certificate" )) | ||
key: (( vault meta.vault "/diego/certs/syslogdrainbinder:key" )) | ||
|
||
tps: | ||
client: | ||
client_cert: (( vault meta.vault "/diego/certs/rep_client:certificate" )) | ||
client_key: (( vault meta.vault "/diego/certs/rep_client:key" )) | ||
|
||
|
||
etcd: | ||
ca: (( vault meta.vault "/etcd/certs/ca:certificate" )) | ||
server: | ||
server_cert: (( vault meta.vault "/etcd/certs/server:certificate" )) | ||
server_key: (( vault meta.vault "/etcd/certs/server:key" )) | ||
client: | ||
client_cert: (( vault meta.vault "/etcd/certs/client:certificate" )) | ||
client_key: (( vault meta.vault "/etcd/certs/client:key" )) | ||
peer: | ||
peer_ca_cert: (( vault meta.vault "/etcd/peer_certs/ca:certificate" )) | ||
peer_cert: (( vault meta.vault "/etcd/peer_certs/peer:certificate" )) | ||
peer_key: (( vault meta.vault "/etcd/peer_certs/peer:key" )) | ||
|
||
|
||
loggregator: | ||
ca: (( vault meta.vault "/loggregator/certs/ca:certificate" )) | ||
|
||
doppler: | ||
server: | ||
cert: (( vault meta.vault "/loggregator/certs/doppler:certificate" )) | ||
key: (( vault meta.vault "/loggregator/certs/doppler:key" )) | ||
|
||
metron: | ||
server: | ||
cert: (( vault meta.vault "/loggregator/certs/metron:certificate" )) | ||
key: (( vault meta.vault "/loggregator/certs/metron:key" )) | ||
|
||
trafficcontroller: | ||
server: | ||
cert: (( vault meta.vault "/loggregator/certs/trafficcontroller:certificate" )) | ||
key: (( vault meta.vault "/loggregator/certs/trafficcontroller:key" )) | ||
|
||
statsdinjector: | ||
server: | ||
cert: (( vault meta.vault "/loggregator/certs/statsdinjector:certificate" )) | ||
key: (( vault meta.vault "/loggregator/certs/statsdinjector:key" )) | ||
|
||
uaa: | ||
ca: (( vault meta.vault "/uaa/certs/ca:certificate" )) | ||
server: | ||
cert: (( vault meta.vault "/uaa/certs/server:certificate" )) | ||
key: (( vault meta.vault "/uaa/certs/server:key" )) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
--- | ||
instance_groups: | ||
- name: consul_etcd | ||
jobs: | ||
- name: consul_agent | ||
release: consul | ||
consumes: | ||
consul: {from: consul_server} | ||
provides: | ||
consul: {as: consul_server} | ||
properties: | ||
consul: | ||
agent: | ||
log_level: (( grab params.log_level )) | ||
mode: server | ||
domain: cf.internal | ||
# etcd is colo'd on this node, so we need a dns name for it | ||
services: | ||
etcd: | ||
name: cf-etcd | ||
|
||
.: (( inject meta.certs.consul.server )) | ||
..: (( inject meta.certs.consul.agent )) | ||
ca_cert: (( grab meta.certs.consul.ca )) | ||
encrypt_keys: | ||
- (( vault meta.vault "/consul/encryption_key:current" )) | ||
|
||
- name: etcd | ||
release: etcd | ||
properties: | ||
etcd: | ||
advertise_urls_dns_suffix: (( grab meta.cf-etcd.dns_suffix )) | ||
cluster: | ||
- instances: (( grab instance_groups.consul_etcd.instances )) | ||
name: consul_etcd | ||
ca_cert: (( grab meta.certs.etcd.ca )) | ||
require_ssl: true | ||
.: (( inject meta.certs.etcd.client )) | ||
..: (( inject meta.certs.etcd.server )) | ||
...: (( inject meta.certs.etcd.peer )) | ||
peer_require_ssl: true | ||
|
||
- name: etcd_metrics_server | ||
release: etcd | ||
properties: | ||
etcd_metrics_server: | ||
etcd: | ||
ca_cert: (( grab meta.certs.etcd.ca )) | ||
.: (( inject meta.certs.etcd.client )) | ||
require_ssl: true | ||
dns_suffix: (( grab meta.cf-etcd.dns_suffix )) | ||
|
||
meta: | ||
cf-etcd: | ||
dns_suffix: cf-etcd.service.cf.internal | ||
machines: | ||
- cf-etcd.service.cf.internal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
addons: | ||
- (( append )) | ||
- name: metron_agent | ||
include: | ||
stemcell: | ||
- os: ubuntu-trusty | ||
exclude: | ||
jobs: | ||
- name: smoke_tests | ||
release: cf-smoke-tests | ||
jobs: | ||
- name: metron_agent | ||
release: loggregator | ||
properties: | ||
loggregator: | ||
tls: | ||
ca_cert: (( grab meta.certs.loggregator.ca )) | ||
metron: (( grab meta.certs.loggregator.metron.server )) | ||
metron_agent: | ||
deployment: (( grab name )) | ||
metron_endpoint: | ||
shared_secret: (( grab meta.loggregator.endpoint_secret )) |
Empty file.