func NewTLSUpgradeManifest(config Config, iaasConfig iaas.Config) Manifest {
config = NewConfigWithDefaults(config)
releases := []core.Release{
{
Name: "etcd",
Version: "latest",
},
{
Name: "consul",
Version: "latest",
},
}
compilation := core.Compilation{
Network: "etcd1",
ReuseCompilationVMs: true,
Workers: 3,
CloudProperties: iaasConfig.Compilation("us-east-1a"),
}
update := core.Update{
Canaries: 1,
CanaryWatchTime: "1000-180000",
MaxInFlight: 1,
Serial: true,
UpdateWatchTime: "1000-180000",
}
stemcell := core.ResourcePoolStemcell{
Name: iaasConfig.Stemcell(),
Version: "latest",
}
resourcePools := []core.ResourcePool{
{
Name: "etcd_z1",
Network: "etcd1",
CloudProperties: iaasConfig.ResourcePool(config.IPRange),
Stemcell: stemcell,
},
}
cidr, err := core.ParseCIDRBlock(config.IPRange)
if err != nil {
return Manifest{}
}
networks := []core.Network{
{
Name: "etcd1",
Subnets: []core.NetworkSubnet{{
CloudProperties: iaasConfig.NetworkSubnet(cidr.String()),
Gateway: cidr.GetFirstIP().Add(1).String(),
Range: cidr.String(),
Reserved: []string{cidr.Range(2, 3), cidr.GetLastIP().String()},
Static: []string{cidr.Range(4, cidr.CIDRSize-5)},
}},
Type: "manual",
},
}
staticIPs, err := networks[0].StaticIPsFromRange(24)
if err != nil {
return Manifest{}
}
consulJob := core.Job{
Name: "consul_z1",
Instances: 3,
Networks: []core.JobNetwork{{
Name: "etcd1",
StaticIPs: []string{
staticIPs[5],
staticIPs[6],
staticIPs[7],
},
}},
PersistentDisk: 1024,
ResourcePool: "etcd_z1",
Templates: []core.JobTemplate{
{
Name: "consul_agent",
Release: "consul",
},
},
Properties: &core.JobProperties{
Consul: &core.JobPropertiesConsul{
Agent: core.JobPropertiesConsulAgent{
Mode: "server",
},
},
},
}
etcdTLS := core.Job{
Name: "etcd_tls_z1",
Instances: 3,
Networks: []core.JobNetwork{{
Name: "etcd1",
StaticIPs: []string{
staticIPs[13],
staticIPs[14],
staticIPs[15],
},
}},
PersistentDisk: 1024,
ResourcePool: "etcd_z1",
Templates: []core.JobTemplate{
{
Name: "consul_agent",
Release: "consul",
},
{
Name: "etcd",
Release: "etcd",
},
},
Properties: &core.JobProperties{
Consul: &core.JobPropertiesConsul{
Agent: core.JobPropertiesConsulAgent{
Services: core.JobPropertiesConsulAgentServices{
"etcd": core.JobPropertiesConsulAgentService{},
},
},
},
Etcd: &core.JobPropertiesEtcd{
Cluster: []core.JobPropertiesEtcdCluster{{
Instances: 3,
Name: "etcd_tls_z1",
}},
Machines: []string{
"etcd.service.cf.internal",
},
PeerRequireSSL: true,
RequireSSL: true,
HeartbeatIntervalInMilliseconds: 50,
AdvertiseURLsDNSSuffix: "etcd.service.cf.internal",
CACert: config.Secrets.Etcd.CACert,
ClientCert: config.Secrets.Etcd.ClientCert,
ClientKey: config.Secrets.Etcd.ClientKey,
PeerCACert: config.Secrets.Etcd.PeerCACert,
PeerCert: config.Secrets.Etcd.PeerCert,
PeerKey: config.Secrets.Etcd.PeerKey,
ServerCert: config.Secrets.Etcd.ServerCert,
ServerKey: config.Secrets.Etcd.ServerKey,
},
},
}
etcdNoTLS := core.Job{
Name: "etcd_z1",
Instances: 1,
Networks: []core.JobNetwork{{
Name: "etcd1",
StaticIPs: []string{
staticIPs[0],
},
}},
PersistentDisk: 1024,
ResourcePool: "etcd_z1",
Templates: []core.JobTemplate{
{
Name: "consul_agent",
Release: "consul",
},
{
Name: "etcd_proxy",
Release: "etcd",
},
},
}
testconsumerJob := core.Job{
Name: "testconsumer_z1",
Instances: 5,
Networks: []core.JobNetwork{{
Name: "etcd1",
StaticIPs: []string{
staticIPs[8],
staticIPs[9],
staticIPs[10],
staticIPs[11],
staticIPs[12],
},
}},
PersistentDisk: 1024,
ResourcePool: "etcd_z1",
Templates: []core.JobTemplate{
{
Name: "consul_agent",
Release: "consul",
},
{
Name: "etcd_testconsumer",
Release: "etcd",
},
},
Properties: &core.JobProperties{
EtcdTestConsumer: &core.JobPropertiesEtcdTestConsumer{
Etcd: core.JobPropertiesEtcdTestConsumerEtcd{
Machines: []string{
"etcd.service.cf.internal",
},
RequireSSL: true,
CACert: config.Secrets.Etcd.CACert,
ClientCert: config.Secrets.Etcd.ClientCert,
ClientKey: config.Secrets.Etcd.ClientKey,
},
},
},
}
properties := Properties{
Consul: &consul.PropertiesConsul{
Agent: consul.PropertiesConsulAgent{
Domain: "cf.internal",
Servers: consul.PropertiesConsulAgentServers{
Lan: []string{
staticIPs[5],
staticIPs[6],
staticIPs[7],
},
},
},
CACert: config.Secrets.Consul.CACert,
AgentCert: config.Secrets.Consul.AgentCert,
AgentKey: config.Secrets.Consul.AgentKey,
ServerCert: config.Secrets.Consul.ServerCert,
ServerKey: config.Secrets.Consul.ServerKey,
EncryptKeys: []string{config.Secrets.Consul.EncryptKey},
},
EtcdProxy: &PropertiesEtcdProxy{
Port: 4001,
Etcd: PropertiesEtcdProxyEtcd{
DNSSuffix: "etcd.service.cf.internal",
Port: 4001,
CACert: config.Secrets.Etcd.CACert,
ClientCert: config.Secrets.Etcd.ClientCert,
ClientKey: config.Secrets.Etcd.ClientKey,
},
},
}
return Manifest{
DirectorUUID: config.DirectorUUID,
Name: config.Name,
Releases: releases,
Compilation: compilation,
Update: update,
ResourcePools: resourcePools,
Networks: networks,
Jobs: []core.Job{
consulJob,
etcdTLS,
etcdNoTLS,
testconsumerJob,
},
Properties: properties,
}
}
func NewManifest(config Config, iaasConfig iaas.Config) (Manifest, error) {
config = NewConfigWithDefaults(config)
releases := []core.Release{
{
Name: "etcd",
Version: "latest",
},
}
cidr, err := core.ParseCIDRBlock(config.IPRange)
if err != nil {
return Manifest{}, err
}
etcdNetwork1 := core.Network{
Name: "etcd1",
Subnets: []core.NetworkSubnet{{
CloudProperties: iaasConfig.NetworkSubnet(cidr.String()),
Gateway: cidr.GetFirstIP().Add(1).String(),
Range: cidr.String(),
Reserved: []string{cidr.Range(2, 3), cidr.GetLastIP().String()},
Static: []string{cidr.Range(4, cidr.CIDRSize-5)},
}},
Type: "manual",
}
compilation := core.Compilation{
Network: etcdNetwork1.Name,
ReuseCompilationVMs: true,
Workers: 3,
CloudProperties: iaasConfig.Compilation("us-east-1a"),
}
update := core.Update{
Canaries: 1,
CanaryWatchTime: "1000-180000",
MaxInFlight: 1,
Serial: true,
UpdateWatchTime: "1000-180000",
}
stemcell := core.ResourcePoolStemcell{
Name: iaasConfig.Stemcell(),
Version: "latest",
}
z1ResourcePool := core.ResourcePool{
Name: "etcd_z1",
Network: etcdNetwork1.Name,
Stemcell: stemcell,
CloudProperties: iaasConfig.ResourcePool(etcdNetwork1.Subnets[0].Range),
}
staticIPs, err := etcdNetwork1.StaticIPsFromRange(24)
if err != nil {
return Manifest{}, err
}
etcdZ1JobTemplates := []core.JobTemplate{
{
Name: "etcd",
Release: "etcd",
},
}
etcdZ1Job := core.Job{
Name: "etcd_z1",
Instances: 1,
Networks: []core.JobNetwork{{
Name: etcdNetwork1.Name,
StaticIPs: []string{staticIPs[0]},
}},
PersistentDisk: 1024,
ResourcePool: z1ResourcePool.Name,
Templates: etcdZ1JobTemplates,
}
if config.IPTablesAgent {
etcdZ1Job.Templates = append(etcdZ1Job.Templates, core.JobTemplate{
Name: "iptables_agent",
Release: "etcd",
})
}
testconsumerZ1Job := core.Job{
Name: "testconsumer_z1",
Instances: 1,
Networks: []core.JobNetwork{{
Name: etcdNetwork1.Name,
StaticIPs: []string{staticIPs[8]},
}},
PersistentDisk: 1024,
ResourcePool: z1ResourcePool.Name,
Templates: []core.JobTemplate{
{
Name: "etcd_testconsumer",
Release: "etcd",
},
},
}
globalProperties := Properties{
Etcd: &PropertiesEtcd{
Cluster: []PropertiesEtcdCluster{{
Instances: 1,
Name: "etcd_z1",
}},
Machines: etcdZ1Job.Networks[0].StaticIPs,
PeerRequireSSL: false,
RequireSSL: false,
HeartbeatIntervalInMilliseconds: 50,
},
EtcdTestConsumer: &PropertiesEtcdTestConsumer{
Etcd: PropertiesEtcdTestConsumerEtcd{
Machines: etcdZ1Job.Networks[0].StaticIPs,
},
},
}
if config.TurbulenceHost != "" {
globalProperties.TurbulenceAgent = &core.PropertiesTurbulenceAgent{
API: core.PropertiesTurbulenceAgentAPI{
Host: config.TurbulenceHost,
Password: turbulence.DefaultPassword,
CACert: turbulence.APICACert,
},
}
etcdZ1Job.Templates = append(etcdZ1Job.Templates, core.JobTemplate{
Name: "turbulence_agent",
Release: "turbulence",
})
releases = append(releases, core.Release{
Name: "turbulence",
Version: "latest",
})
}
return Manifest{
DirectorUUID: config.DirectorUUID,
Name: config.Name,
Compilation: compilation,
Jobs: []core.Job{
etcdZ1Job,
testconsumerZ1Job,
},
Networks: []core.Network{
etcdNetwork1,
},
Properties: globalProperties,
Releases: releases,
ResourcePools: []core.ResourcePool{
z1ResourcePool,
},
Update: update,
}, nil
}
func NewManifest(config Config, iaasConfig iaas.Config) (Manifest, error) {
turbulenceRelease := core.Release{
Name: "turbulence",
Version: "latest",
}
cidrBlock, err := core.ParseCIDRBlock(config.IPRange)
if err != nil {
return Manifest{}, err
}
cloudProperties := iaasConfig.NetworkSubnet(config.IPRange)
cpi := iaasConfig.CPI()
cpiRelease := core.Release{
Name: cpi.ReleaseName,
Version: "latest",
}
turbulenceNetwork := core.Network{
Name: "turbulence",
Subnets: []core.NetworkSubnet{{
CloudProperties: cloudProperties,
Gateway: cidrBlock.GetFirstIP().Add(1).String(),
Range: cidrBlock.String(),
Reserved: []string{cidrBlock.Range(2, 3), cidrBlock.GetLastIP().String()},
Static: []string{cidrBlock.Range(4, cidrBlock.CIDRSize-5)},
}},
Type: "manual",
}
update := core.Update{
Canaries: 1,
CanaryWatchTime: "1000-180000",
MaxInFlight: 1,
Serial: true,
UpdateWatchTime: "1000-180000",
}
staticIps, err := turbulenceNetwork.StaticIPsFromRange(17)
if err != nil {
return Manifest{}, err
}
vmType := "default"
if config.BOSH.VMType != "" {
vmType = config.BOSH.VMType
}
persistentDiskType := "default"
if config.BOSH.PersistentDiskType != "" {
persistentDiskType = config.BOSH.PersistentDiskType
}
apiJob := core.InstanceGroup{
Instances: 1,
Name: "api",
AZs: []string{"z1"},
Networks: []core.InstanceGroupNetwork{
{
Name: "private",
StaticIPs: []string{
staticIps[16],
},
},
},
VMType: vmType,
Stemcell: "default",
PersistentDiskType: persistentDiskType,
Jobs: []core.InstanceGroupJob{
{
Name: "turbulence_api",
Release: turbulenceRelease.Name,
},
{
Name: cpi.JobName,
Release: cpiRelease.Name,
},
},
}
directorCACert := BOSHDirectorCACert
if config.BOSH.DirectorCACert != "" {
directorCACert = config.BOSH.DirectorCACert
}
iaasProperties := iaasConfig.Properties(staticIps[16])
turbulenceProperties := Properties{
WardenCPI: iaasProperties.WardenCPI,
AWS: iaasProperties.AWS,
Registry: iaasProperties.Registry,
Blobstore: iaasProperties.Blobstore,
Agent: iaasProperties.Agent,
TurbulenceAPI: &PropertiesTurbulenceAPI{
Certificate: APICertificate,
CPIJobName: cpi.JobName,
Director: PropertiesTurbulenceAPIDirector{
CACert: directorCACert,
Host: config.BOSH.Target,
Password: config.BOSH.Password,
Username: config.BOSH.Username,
},
Password: DefaultPassword,
PrivateKey: APIPrivateKey,
},
}
return Manifest{
DirectorUUID: config.DirectorUUID,
Name: config.Name,
Stemcells: []core.Stemcell{
{
Alias: "default",
Version: "latest",
Name: iaasConfig.Stemcell(),
},
},
Releases: []core.Release{turbulenceRelease, cpiRelease},
Update: update,
InstanceGroups: []core.InstanceGroup{apiJob},
Properties: turbulenceProperties,
}, nil
}
func NewManifest(config Config, iaasConfig iaas.Config) (Manifest, error) {
config.PopulateDefaultConfigNodes()
cidrBlocks, err := config.GetCIDRBlocks()
if err != nil {
return Manifest{}, err
}
consulNetworks := []core.Network{}
for i, cidrBlock := range cidrBlocks {
consulNetwork := core.Network{
Name: fmt.Sprintf("consul%d", i+1),
Subnets: []core.NetworkSubnet{{
CloudProperties: iaasConfig.NetworkSubnet(cidrBlock.String()),
Gateway: cidrBlock.GetFirstIP().Add(1).String(),
Range: cidrBlock.String(),
Reserved: []string{cidrBlock.Range(2, 3), cidrBlock.GetLastIP().String()},
Static: []string{cidrBlock.Range(4, cidrBlock.CIDRSize-5)},
}},
Type: "manual",
}
consulNetworks = append(consulNetworks, consulNetwork)
}
compilation := core.Compilation{
Network: consulNetworks[0].Name,
ReuseCompilationVMs: true,
Workers: 3,
CloudProperties: iaasConfig.Compilation("us-west-2a"),
}
stemcell := core.ResourcePoolStemcell{
Name: iaasConfig.Stemcell(),
Version: "latest",
}
resourcePools := []core.ResourcePool{}
for i, network := range consulNetworks {
resourcePool := core.ResourcePool{
Name: fmt.Sprintf("consul_z%d", i+1),
Network: network.Name,
Stemcell: stemcell,
CloudProperties: iaasConfig.ResourcePool(network.Subnets[0].Range),
}
resourcePools = append(resourcePools, resourcePool)
}
jobs := []core.Job{}
consulClusterStaticIPs := []string{}
for i := range consulNetworks {
instances := config.Networks[i].Nodes
staticIps, err := consulNetworks[i].StaticIPsFromRange(instances)
if err != nil {
return Manifest{}, err
}
job := core.Job{
Name: fmt.Sprintf("consul_z%d", i+1),
Instances: instances,
Networks: []core.JobNetwork{{
Name: consulNetworks[i].Name,
StaticIPs: staticIps,
}},
PersistentDisk: 1024,
Properties: &core.JobProperties{
Consul: &core.JobPropertiesConsul{
Agent: core.JobPropertiesConsulAgent{
Mode: "server",
LogLevel: "info",
Services: core.JobPropertiesConsulAgentServices{
"router": core.JobPropertiesConsulAgentService{
Name: "gorouter",
Check: &core.JobPropertiesConsulAgentServiceCheck{
Name: "router-check",
Script: "/var/vcap/jobs/router/bin/script",
Interval: "1m",
},
Tags: []string{"routing"},
},
"cloud_controller": core.JobPropertiesConsulAgentService{},
},
},
},
},
ResourcePool: resourcePools[i].Name,
Templates: []core.JobTemplate{{
Name: "consul_agent",
Release: "consul",
}},
Update: &core.JobUpdate{
MaxInFlight: 1,
},
}
jobs = append(jobs, job)
consulClusterStaticIPs = append(consulClusterStaticIPs, staticIps...)
}
staticIps, err := consulNetworks[0].StaticIPsFromRange(9)
if err != nil {
return Manifest{}, err
}
jobs = append(jobs, core.Job{
Name: "consul_test_consumer",
Instances: 1,
Networks: []core.JobNetwork{{
Name: consulNetworks[0].Name,
StaticIPs: []string{
staticIps[6],
},
}},
Properties: &core.JobProperties{
Consul: &core.JobPropertiesConsul{
Agent: core.JobPropertiesConsulAgent{
Mode: "client",
LogLevel: "info",
},
},
},
ResourcePool: resourcePools[0].Name,
Templates: []core.JobTemplate{
{
Name: "consul_agent",
Release: "consul",
},
{
Name: "consul-test-consumer",
Release: "consul",
},
},
})
properties := Properties{
Consul: &PropertiesConsul{
Agent: PropertiesConsulAgent{
Domain: "cf.internal",
Servers: PropertiesConsulAgentServers{
Lan: consulClusterStaticIPs,
},
DNSConfig: PropertiesConsulAgentDNSConfig{
RecursorTimeout: "5s",
},
},
EncryptKeys: []string{EncryptKey},
},
}
overrideTLS(properties.Consul, config.DC)
return Manifest{
DirectorUUID: config.DirectorUUID,
Name: config.Name,
Releases: releases(),
Update: update(),
Compilation: compilation,
ResourcePools: resourcePools,
Jobs: jobs,
Networks: consulNetworks,
Properties: properties,
}, nil
}