Skip to content

Commit

Permalink
All the files I didn't commit already
Browse files Browse the repository at this point in the history
  • Loading branch information
Thomas Mitchell committed Feb 1, 2018
1 parent 2b93d98 commit f8be81c
Show file tree
Hide file tree
Showing 5 changed files with 188 additions and 0 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*.tar.gz
108 changes: 108 additions & 0 deletions base/certs.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
---
# This file should abstract out the cert paths in the vault
meta:
certs:
consul:
ca: (( vault meta.vault "/consul/certs/ca:certificate" ))

server:
server_cert: (( vault meta.vault "/consul/certs/server:certificate" ))
server_key: (( vault meta.vault "/consul/certs/server:key" ))
agent:
agent_cert: (( vault meta.vault "/consul/certs/agent:certificate" ))
agent_key: (( vault meta.vault "/consul/certs/agent:key" ))


diego:
ca: (( vault meta.vault "/diego/certs/ca:certificate" ))

auctioneer:
server:
server_cert: (( vault meta.vault "/diego/certs/auctioneer:certificate" ))
server_key: (( vault meta.vault "/diego/certs/auctioneer:key" ))
client:
client_cert: (( vault meta.vault "/diego/certs/auctioneer_client:certificate" ))
client_key: (( vault meta.vault "/diego/certs/auctioneer_client:key" ))

bbs:
server:
server_cert: (( vault meta.vault "/diego/certs/bbs:certificate" ))
server_key: (( vault meta.vault "/diego/certs/bbs:key" ))
client:
client_cert: (( vault meta.vault "/diego/certs/bbs_client:certificate" ))
client_key: (( vault meta.vault "/diego/certs/bbs_client:key" ))

capi:
server:
public_cert: (( vault meta.vault "/diego/certs/capi:certificate" ))
private_key: (( vault meta.vault "/diego/certs/capi:key" ))

cc_uploader:
server:
server_cert: (( vault meta.vault "/diego/certs/cc_uploader_server:certificate" ))
server_key: (( vault meta.vault "/diego/certs/cc_uploader_server:key" ))
client:
client_cert: (( vault meta.vault "/diego/certs/cc_uploader:certificate" ))
client_key: (( vault meta.vault "/diego/certs/cc_uploader:key" ))

rep:
server:
server_cert: (( vault meta.vault "/diego/certs/rep:certificate" ))
server_key: (( vault meta.vault "/diego/certs/rep:key" ))
client:
client_cert: (( vault meta.vault "/diego/certs/rep_client:certificate" ))
client_key: (( vault meta.vault "/diego/certs/rep_client:key" ))

syslogdrainbinder:
server:
cert: (( vault meta.vault "/diego/certs/syslogdrainbinder:certificate" ))
key: (( vault meta.vault "/diego/certs/syslogdrainbinder:key" ))

tps:
client:
client_cert: (( vault meta.vault "/diego/certs/rep_client:certificate" ))
client_key: (( vault meta.vault "/diego/certs/rep_client:key" ))


etcd:
ca: (( vault meta.vault "/etcd/certs/ca:certificate" ))
server:
server_cert: (( vault meta.vault "/etcd/certs/server:certificate" ))
server_key: (( vault meta.vault "/etcd/certs/server:key" ))
client:
client_cert: (( vault meta.vault "/etcd/certs/client:certificate" ))
client_key: (( vault meta.vault "/etcd/certs/client:key" ))
peer:
peer_ca_cert: (( vault meta.vault "/etcd/peer_certs/ca:certificate" ))
peer_cert: (( vault meta.vault "/etcd/peer_certs/peer:certificate" ))
peer_key: (( vault meta.vault "/etcd/peer_certs/peer:key" ))


loggregator:
ca: (( vault meta.vault "/loggregator/certs/ca:certificate" ))

doppler:
server:
cert: (( vault meta.vault "/loggregator/certs/doppler:certificate" ))
key: (( vault meta.vault "/loggregator/certs/doppler:key" ))

metron:
server:
cert: (( vault meta.vault "/loggregator/certs/metron:certificate" ))
key: (( vault meta.vault "/loggregator/certs/metron:key" ))

trafficcontroller:
server:
cert: (( vault meta.vault "/loggregator/certs/trafficcontroller:certificate" ))
key: (( vault meta.vault "/loggregator/certs/trafficcontroller:key" ))

statsdinjector:
server:
cert: (( vault meta.vault "/loggregator/certs/statsdinjector:certificate" ))
key: (( vault meta.vault "/loggregator/certs/statsdinjector:key" ))

uaa:
ca: (( vault meta.vault "/uaa/certs/ca:certificate" ))
server:
cert: (( vault meta.vault "/uaa/certs/server:certificate" ))
key: (( vault meta.vault "/uaa/certs/server:key" ))
57 changes: 57 additions & 0 deletions base/consul_etcd.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
---
instance_groups:
- name: consul_etcd
jobs:
- name: consul_agent
release: consul
consumes:
consul: {from: consul_server}
provides:
consul: {as: consul_server}
properties:
consul:
agent:
log_level: (( grab params.log_level ))
mode: server
domain: cf.internal
# etcd is colo'd on this node, so we need a dns name for it
services:
etcd:
name: cf-etcd

.: (( inject meta.certs.consul.server ))
..: (( inject meta.certs.consul.agent ))
ca_cert: (( grab meta.certs.consul.ca ))
encrypt_keys:
- (( vault meta.vault "/consul/encryption_key:current" ))

- name: etcd
release: etcd
properties:
etcd:
advertise_urls_dns_suffix: (( grab meta.cf-etcd.dns_suffix ))
cluster:
- instances: (( grab instance_groups.consul_etcd.instances ))
name: consul_etcd
ca_cert: (( grab meta.certs.etcd.ca ))
require_ssl: true
.: (( inject meta.certs.etcd.client ))
..: (( inject meta.certs.etcd.server ))
...: (( inject meta.certs.etcd.peer ))
peer_require_ssl: true

- name: etcd_metrics_server
release: etcd
properties:
etcd_metrics_server:
etcd:
ca_cert: (( grab meta.certs.etcd.ca ))
.: (( inject meta.certs.etcd.client ))
require_ssl: true
dns_suffix: (( grab meta.cf-etcd.dns_suffix ))

meta:
cf-etcd:
dns_suffix: cf-etcd.service.cf.internal
machines:
- cf-etcd.service.cf.internal
22 changes: 22 additions & 0 deletions base/metron_agent.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
addons:
- (( append ))
- name: metron_agent
include:
stemcell:
- os: ubuntu-trusty
exclude:
jobs:
- name: smoke_tests
release: cf-smoke-tests
jobs:
- name: metron_agent
release: loggregator
properties:
loggregator:
tls:
ca_cert: (( grab meta.certs.loggregator.ca ))
metron: (( grab meta.certs.loggregator.metron.server ))
metron_agent:
deployment: (( grab name ))
metron_endpoint:
shared_secret: (( grab meta.loggregator.endpoint_secret ))
Empty file.

0 comments on commit f8be81c

Please sign in to comment.