func NewTLSUpgradeManifest(config Config, iaasConfig iaas.Config) Manifest { config = NewConfigWithDefaults(config) releases := []core.Release{ { Name: "etcd", Version: "latest", }, { Name: "consul", Version: "latest", }, } compilation := core.Compilation{ Network: "etcd1", ReuseCompilationVMs: true, Workers: 3, CloudProperties: iaasConfig.Compilation("us-east-1a"), } update := core.Update{ Canaries: 1, CanaryWatchTime: "1000-180000", MaxInFlight: 1, Serial: true, UpdateWatchTime: "1000-180000", } stemcell := core.ResourcePoolStemcell{ Name: iaasConfig.Stemcell(), Version: "latest", } resourcePools := []core.ResourcePool{ { Name: "etcd_z1", Network: "etcd1", CloudProperties: iaasConfig.ResourcePool(config.IPRange), Stemcell: stemcell, }, } cidr, err := core.ParseCIDRBlock(config.IPRange) if err != nil { return Manifest{} } networks := []core.Network{ { Name: "etcd1", Subnets: []core.NetworkSubnet{{ CloudProperties: iaasConfig.NetworkSubnet(cidr.String()), Gateway: cidr.GetFirstIP().Add(1).String(), Range: cidr.String(), Reserved: []string{cidr.Range(2, 3), cidr.GetLastIP().String()}, Static: []string{cidr.Range(4, cidr.CIDRSize-5)}, }}, Type: "manual", }, } staticIPs, err := networks[0].StaticIPsFromRange(24) if err != nil { return Manifest{} } consulJob := core.Job{ Name: "consul_z1", Instances: 3, Networks: []core.JobNetwork{{ Name: "etcd1", StaticIPs: []string{ staticIPs[5], staticIPs[6], staticIPs[7], }, }}, PersistentDisk: 1024, ResourcePool: "etcd_z1", Templates: []core.JobTemplate{ { Name: "consul_agent", Release: "consul", }, }, Properties: &core.JobProperties{ Consul: &core.JobPropertiesConsul{ Agent: core.JobPropertiesConsulAgent{ Mode: "server", }, }, }, } etcdTLS := core.Job{ Name: "etcd_tls_z1", Instances: 3, Networks: []core.JobNetwork{{ Name: "etcd1", StaticIPs: []string{ staticIPs[13], staticIPs[14], staticIPs[15], }, }}, PersistentDisk: 1024, ResourcePool: "etcd_z1", Templates: []core.JobTemplate{ { Name: "consul_agent", Release: "consul", }, { Name: "etcd", Release: "etcd", }, }, Properties: &core.JobProperties{ Consul: &core.JobPropertiesConsul{ Agent: core.JobPropertiesConsulAgent{ Services: core.JobPropertiesConsulAgentServices{ "etcd": core.JobPropertiesConsulAgentService{}, }, }, }, Etcd: &core.JobPropertiesEtcd{ Cluster: []core.JobPropertiesEtcdCluster{{ Instances: 3, Name: "etcd_tls_z1", }}, Machines: []string{ "etcd.service.cf.internal", }, PeerRequireSSL: true, RequireSSL: true, HeartbeatIntervalInMilliseconds: 50, AdvertiseURLsDNSSuffix: "etcd.service.cf.internal", CACert: config.Secrets.Etcd.CACert, ClientCert: config.Secrets.Etcd.ClientCert, ClientKey: config.Secrets.Etcd.ClientKey, PeerCACert: config.Secrets.Etcd.PeerCACert, PeerCert: config.Secrets.Etcd.PeerCert, PeerKey: config.Secrets.Etcd.PeerKey, ServerCert: config.Secrets.Etcd.ServerCert, ServerKey: config.Secrets.Etcd.ServerKey, }, }, } etcdNoTLS := core.Job{ Name: "etcd_z1", Instances: 1, Networks: []core.JobNetwork{{ Name: "etcd1", StaticIPs: []string{ staticIPs[0], }, }}, PersistentDisk: 1024, ResourcePool: "etcd_z1", Templates: []core.JobTemplate{ { Name: "consul_agent", Release: "consul", }, { Name: "etcd_proxy", Release: "etcd", }, }, } testconsumerJob := core.Job{ Name: "testconsumer_z1", Instances: 5, Networks: []core.JobNetwork{{ Name: "etcd1", StaticIPs: []string{ staticIPs[8], staticIPs[9], staticIPs[10], staticIPs[11], staticIPs[12], }, }}, PersistentDisk: 1024, ResourcePool: "etcd_z1", Templates: []core.JobTemplate{ { Name: "consul_agent", Release: "consul", }, { Name: "etcd_testconsumer", Release: "etcd", }, }, Properties: &core.JobProperties{ EtcdTestConsumer: &core.JobPropertiesEtcdTestConsumer{ Etcd: core.JobPropertiesEtcdTestConsumerEtcd{ Machines: []string{ "etcd.service.cf.internal", }, RequireSSL: true, CACert: config.Secrets.Etcd.CACert, ClientCert: config.Secrets.Etcd.ClientCert, ClientKey: config.Secrets.Etcd.ClientKey, }, }, }, } properties := Properties{ Consul: &consul.PropertiesConsul{ Agent: consul.PropertiesConsulAgent{ Domain: "cf.internal", Servers: consul.PropertiesConsulAgentServers{ Lan: []string{ staticIPs[5], staticIPs[6], staticIPs[7], }, }, }, CACert: config.Secrets.Consul.CACert, AgentCert: config.Secrets.Consul.AgentCert, AgentKey: config.Secrets.Consul.AgentKey, ServerCert: config.Secrets.Consul.ServerCert, ServerKey: config.Secrets.Consul.ServerKey, EncryptKeys: []string{config.Secrets.Consul.EncryptKey}, }, EtcdProxy: &PropertiesEtcdProxy{ Port: 4001, Etcd: PropertiesEtcdProxyEtcd{ DNSSuffix: "etcd.service.cf.internal", Port: 4001, CACert: config.Secrets.Etcd.CACert, ClientCert: config.Secrets.Etcd.ClientCert, ClientKey: config.Secrets.Etcd.ClientKey, }, }, } return Manifest{ DirectorUUID: config.DirectorUUID, Name: config.Name, Releases: releases, Compilation: compilation, Update: update, ResourcePools: resourcePools, Networks: networks, Jobs: []core.Job{ consulJob, etcdTLS, etcdNoTLS, testconsumerJob, }, Properties: properties, } }
func NewManifest(config Config, iaasConfig iaas.Config) (Manifest, error) { config = NewConfigWithDefaults(config) releases := []core.Release{ { Name: "etcd", Version: "latest", }, } cidr, err := core.ParseCIDRBlock(config.IPRange) if err != nil { return Manifest{}, err } etcdNetwork1 := core.Network{ Name: "etcd1", Subnets: []core.NetworkSubnet{{ CloudProperties: iaasConfig.NetworkSubnet(cidr.String()), Gateway: cidr.GetFirstIP().Add(1).String(), Range: cidr.String(), Reserved: []string{cidr.Range(2, 3), cidr.GetLastIP().String()}, Static: []string{cidr.Range(4, cidr.CIDRSize-5)}, }}, Type: "manual", } compilation := core.Compilation{ Network: etcdNetwork1.Name, ReuseCompilationVMs: true, Workers: 3, CloudProperties: iaasConfig.Compilation("us-east-1a"), } update := core.Update{ Canaries: 1, CanaryWatchTime: "1000-180000", MaxInFlight: 1, Serial: true, UpdateWatchTime: "1000-180000", } stemcell := core.ResourcePoolStemcell{ Name: iaasConfig.Stemcell(), Version: "latest", } z1ResourcePool := core.ResourcePool{ Name: "etcd_z1", Network: etcdNetwork1.Name, Stemcell: stemcell, CloudProperties: iaasConfig.ResourcePool(etcdNetwork1.Subnets[0].Range), } staticIPs, err := etcdNetwork1.StaticIPsFromRange(24) if err != nil { return Manifest{}, err } etcdZ1JobTemplates := []core.JobTemplate{ { Name: "etcd", Release: "etcd", }, } etcdZ1Job := core.Job{ Name: "etcd_z1", Instances: 1, Networks: []core.JobNetwork{{ Name: etcdNetwork1.Name, StaticIPs: []string{staticIPs[0]}, }}, PersistentDisk: 1024, ResourcePool: z1ResourcePool.Name, Templates: etcdZ1JobTemplates, } if config.IPTablesAgent { etcdZ1Job.Templates = append(etcdZ1Job.Templates, core.JobTemplate{ Name: "iptables_agent", Release: "etcd", }) } testconsumerZ1Job := core.Job{ Name: "testconsumer_z1", Instances: 1, Networks: []core.JobNetwork{{ Name: etcdNetwork1.Name, StaticIPs: []string{staticIPs[8]}, }}, PersistentDisk: 1024, ResourcePool: z1ResourcePool.Name, Templates: []core.JobTemplate{ { Name: "etcd_testconsumer", Release: "etcd", }, }, } globalProperties := Properties{ Etcd: &PropertiesEtcd{ Cluster: []PropertiesEtcdCluster{{ Instances: 1, Name: "etcd_z1", }}, Machines: etcdZ1Job.Networks[0].StaticIPs, PeerRequireSSL: false, RequireSSL: false, HeartbeatIntervalInMilliseconds: 50, }, EtcdTestConsumer: &PropertiesEtcdTestConsumer{ Etcd: PropertiesEtcdTestConsumerEtcd{ Machines: etcdZ1Job.Networks[0].StaticIPs, }, }, } if config.TurbulenceHost != "" { globalProperties.TurbulenceAgent = &core.PropertiesTurbulenceAgent{ API: core.PropertiesTurbulenceAgentAPI{ Host: config.TurbulenceHost, Password: turbulence.DefaultPassword, CACert: turbulence.APICACert, }, } etcdZ1Job.Templates = append(etcdZ1Job.Templates, core.JobTemplate{ Name: "turbulence_agent", Release: "turbulence", }) releases = append(releases, core.Release{ Name: "turbulence", Version: "latest", }) } return Manifest{ DirectorUUID: config.DirectorUUID, Name: config.Name, Compilation: compilation, Jobs: []core.Job{ etcdZ1Job, testconsumerZ1Job, }, Networks: []core.Network{ etcdNetwork1, }, Properties: globalProperties, Releases: releases, ResourcePools: []core.ResourcePool{ z1ResourcePool, }, Update: update, }, nil }
func NewManifest(config Config, iaasConfig iaas.Config) (Manifest, error) { turbulenceRelease := core.Release{ Name: "turbulence", Version: "latest", } cidrBlock, err := core.ParseCIDRBlock(config.IPRange) if err != nil { return Manifest{}, err } cloudProperties := iaasConfig.NetworkSubnet(config.IPRange) cpi := iaasConfig.CPI() cpiRelease := core.Release{ Name: cpi.ReleaseName, Version: "latest", } turbulenceNetwork := core.Network{ Name: "turbulence", Subnets: []core.NetworkSubnet{{ CloudProperties: cloudProperties, Gateway: cidrBlock.GetFirstIP().Add(1).String(), Range: cidrBlock.String(), Reserved: []string{cidrBlock.Range(2, 3), cidrBlock.GetLastIP().String()}, Static: []string{cidrBlock.Range(4, cidrBlock.CIDRSize-5)}, }}, Type: "manual", } update := core.Update{ Canaries: 1, CanaryWatchTime: "1000-180000", MaxInFlight: 1, Serial: true, UpdateWatchTime: "1000-180000", } staticIps, err := turbulenceNetwork.StaticIPsFromRange(17) if err != nil { return Manifest{}, err } vmType := "default" if config.BOSH.VMType != "" { vmType = config.BOSH.VMType } persistentDiskType := "default" if config.BOSH.PersistentDiskType != "" { persistentDiskType = config.BOSH.PersistentDiskType } apiJob := core.InstanceGroup{ Instances: 1, Name: "api", AZs: []string{"z1"}, Networks: []core.InstanceGroupNetwork{ { Name: "private", StaticIPs: []string{ staticIps[16], }, }, }, VMType: vmType, Stemcell: "default", PersistentDiskType: persistentDiskType, Jobs: []core.InstanceGroupJob{ { Name: "turbulence_api", Release: turbulenceRelease.Name, }, { Name: cpi.JobName, Release: cpiRelease.Name, }, }, } directorCACert := BOSHDirectorCACert if config.BOSH.DirectorCACert != "" { directorCACert = config.BOSH.DirectorCACert } iaasProperties := iaasConfig.Properties(staticIps[16]) turbulenceProperties := Properties{ WardenCPI: iaasProperties.WardenCPI, AWS: iaasProperties.AWS, Registry: iaasProperties.Registry, Blobstore: iaasProperties.Blobstore, Agent: iaasProperties.Agent, TurbulenceAPI: &PropertiesTurbulenceAPI{ Certificate: APICertificate, CPIJobName: cpi.JobName, Director: PropertiesTurbulenceAPIDirector{ CACert: directorCACert, Host: config.BOSH.Target, Password: config.BOSH.Password, Username: config.BOSH.Username, }, Password: DefaultPassword, PrivateKey: APIPrivateKey, }, } return Manifest{ DirectorUUID: config.DirectorUUID, Name: config.Name, Stemcells: []core.Stemcell{ { Alias: "default", Version: "latest", Name: iaasConfig.Stemcell(), }, }, Releases: []core.Release{turbulenceRelease, cpiRelease}, Update: update, InstanceGroups: []core.InstanceGroup{apiJob}, Properties: turbulenceProperties, }, nil }
func NewManifest(config Config, iaasConfig iaas.Config) (Manifest, error) { config.PopulateDefaultConfigNodes() cidrBlocks, err := config.GetCIDRBlocks() if err != nil { return Manifest{}, err } consulNetworks := []core.Network{} for i, cidrBlock := range cidrBlocks { consulNetwork := core.Network{ Name: fmt.Sprintf("consul%d", i+1), Subnets: []core.NetworkSubnet{{ CloudProperties: iaasConfig.NetworkSubnet(cidrBlock.String()), Gateway: cidrBlock.GetFirstIP().Add(1).String(), Range: cidrBlock.String(), Reserved: []string{cidrBlock.Range(2, 3), cidrBlock.GetLastIP().String()}, Static: []string{cidrBlock.Range(4, cidrBlock.CIDRSize-5)}, }}, Type: "manual", } consulNetworks = append(consulNetworks, consulNetwork) } compilation := core.Compilation{ Network: consulNetworks[0].Name, ReuseCompilationVMs: true, Workers: 3, CloudProperties: iaasConfig.Compilation("us-west-2a"), } stemcell := core.ResourcePoolStemcell{ Name: iaasConfig.Stemcell(), Version: "latest", } resourcePools := []core.ResourcePool{} for i, network := range consulNetworks { resourcePool := core.ResourcePool{ Name: fmt.Sprintf("consul_z%d", i+1), Network: network.Name, Stemcell: stemcell, CloudProperties: iaasConfig.ResourcePool(network.Subnets[0].Range), } resourcePools = append(resourcePools, resourcePool) } jobs := []core.Job{} consulClusterStaticIPs := []string{} for i := range consulNetworks { instances := config.Networks[i].Nodes staticIps, err := consulNetworks[i].StaticIPsFromRange(instances) if err != nil { return Manifest{}, err } job := core.Job{ Name: fmt.Sprintf("consul_z%d", i+1), Instances: instances, Networks: []core.JobNetwork{{ Name: consulNetworks[i].Name, StaticIPs: staticIps, }}, PersistentDisk: 1024, Properties: &core.JobProperties{ Consul: &core.JobPropertiesConsul{ Agent: core.JobPropertiesConsulAgent{ Mode: "server", LogLevel: "info", Services: core.JobPropertiesConsulAgentServices{ "router": core.JobPropertiesConsulAgentService{ Name: "gorouter", Check: &core.JobPropertiesConsulAgentServiceCheck{ Name: "router-check", Script: "/var/vcap/jobs/router/bin/script", Interval: "1m", }, Tags: []string{"routing"}, }, "cloud_controller": core.JobPropertiesConsulAgentService{}, }, }, }, }, ResourcePool: resourcePools[i].Name, Templates: []core.JobTemplate{{ Name: "consul_agent", Release: "consul", }}, Update: &core.JobUpdate{ MaxInFlight: 1, }, } jobs = append(jobs, job) consulClusterStaticIPs = append(consulClusterStaticIPs, staticIps...) } staticIps, err := consulNetworks[0].StaticIPsFromRange(9) if err != nil { return Manifest{}, err } jobs = append(jobs, core.Job{ Name: "consul_test_consumer", Instances: 1, Networks: []core.JobNetwork{{ Name: consulNetworks[0].Name, StaticIPs: []string{ staticIps[6], }, }}, Properties: &core.JobProperties{ Consul: &core.JobPropertiesConsul{ Agent: core.JobPropertiesConsulAgent{ Mode: "client", LogLevel: "info", }, }, }, ResourcePool: resourcePools[0].Name, Templates: []core.JobTemplate{ { Name: "consul_agent", Release: "consul", }, { Name: "consul-test-consumer", Release: "consul", }, }, }) properties := Properties{ Consul: &PropertiesConsul{ Agent: PropertiesConsulAgent{ Domain: "cf.internal", Servers: PropertiesConsulAgentServers{ Lan: consulClusterStaticIPs, }, DNSConfig: PropertiesConsulAgentDNSConfig{ RecursorTimeout: "5s", }, }, EncryptKeys: []string{EncryptKey}, }, } overrideTLS(properties.Consul, config.DC) return Manifest{ DirectorUUID: config.DirectorUUID, Name: config.Name, Releases: releases(), Update: update(), Compilation: compilation, ResourcePools: resourcePools, Jobs: jobs, Networks: consulNetworks, Properties: properties, }, nil }