Deploy many bosh-lites to any infrastructure using normal BOSH

The standard way to deploy bosh-lite is with vagrant up and it starts running on your machine using VirtualBox.

You can also deploy bosh-lite to AWS with vagrant up --provider=aws (instructions).

But what if you want to run bosh-lite on vSphere or GCP or Azure or SoftLayer or any other place for which you have a BOSH CPI?

Or what if you want to be able to upgrade your bosh-lite overtime to newer versions?

It turns out it is possible to deploy bosh-lite just like you can deploy any normal BOSH release. All you are missing is a sample manifest. And here it is (gist)…

---
name: bosh-lite-10-58-111-45
director_uuid: f635b1ba-5000-48e1-92c8-19471d20e0e4
releases:
- name: bosh
  version: "256.2"
  url: https://bosh.io/d/github.com/cloudfoundry/bosh?v=256.2
  sha1: ff2f4e16e02f66b31c595196052a809100cfd5a8
- name: bosh-warden-cpi
  version: 29
  url: https://bosh.io/d/github.com/cppforlife/bosh-warden-cpi-release?v=29
  sha1: 9cc293351744f3892d4a79479cccd3c3b2cf33c7
- name: garden-linux
  version: 0.337.0
  url: https://bosh.io/d/github.com/cloudfoundry-incubator/garden-linux-release?v=0.337.0
  sha1: d1d81d56c3c07f6f9f04ebddc68e51b8a3cf541d
- name: port-forwarding
  version: 1
  sha1: d74d6ecffb3bb451a18ed30a0e5759e9b467accc
  url: https://github.com/cloudfoundry-community/port-forwarding-boshrelease/releases/download/v1/port-forwarding-1.tgz
resource_pools:
- name: default
  network: default
  cloud_properties:
    cpu:  4
    ram:  8192
    disk: 20480
  stemcell:
    name: bosh-vsphere-esxi-ubuntu-trusty-go_agent
    version: "3202"
networks:
- name: default
  subnets:
  - cloud_properties:
      name: net-10-58-111-0
    dns:
    - 10.58.111.31
    - 10.58.111.32
    - 10.58.111.33
    gateway: 10.58.111.1
    range: 10.58.111.0/24
    reserved:
    - 10.58.111.2 - 10.58.111.43
    - 10.58.111.54 - 10.58.111.254
    static:
    - 10.58.111.44 - 10.58.111.50
update:
  canaries: 1
  max_in_flight: 1
  canary_watch_time: 5000 - 600000
  update_watch_time: 5000 - 600000
compilation:
  network: default
  workers: 2
  reuse_compilation_vms: true
  cloud_properties:
    cpu:  2
    disk: 4096
    ram:  3840
jobs:
- name: bosh
  instances: 1
  resource_pool: default
  persistent_disk: 100000
  networks:
  - name: default
    static_ips:
      - 10.58.111.45
  templates:
  - {name: nats, release: bosh}
  - {name: blobstore, release: bosh}
  - {name: postgres, release: bosh}
  - {name: director, release: bosh}
  - {name: health_monitor, release: bosh}
  - {name: warden_cpi, release: bosh-warden-cpi}
  - {name: garden, release: garden-linux}
  - {name: port_forwarding, release: port-forwarding}
  properties:
    port_forwarding:
      rules:
      - internal_port: 80
        external_port: 80
        internal_ip: 10.244.0.34
      - internal_port: 443
        external_port: 443
        internal_ip: 10.244.0.34
      - internal_port: 4443
        external_port: 4443
        internal_ip: 10.244.0.34
properties:
  ntp: ["0.us.pool.ntp.org"]
  compiled_package_cache:
    provider: local
    options: {blobstore_path: /vagrant/tmp/compiled_package_cache}
  nats:
    user: nats
    password: nats-password
    address: 127.0.0.1
    port: 4222
  blobstore:
    address: 127.0.0.1
    port: 25251
    backend_port: 25552
    agent: {user: agent, password: agent-password}
    director: {user: director, password: director-password}
  postgres: &db
    user: bosh
    password: bosh-password
    host: 127.0.0.1
    port: 5432
    database: bosh
  director:
    name: "Bosh Lite Director"
    address: 127.0.0.1
    max_tasks: 100
    cpi_job: warden_cpi
    db: *db
    # Compatibility with current garden networking manifest config
    ignore_missing_gateway: true
    # From https://github.com/cppforlife/turbulence-release/blob/master/ca/generate.sh
    ssl:
      key: |
        -----BEGIN RSA PRIVATE KEY-----
        MIIEpQIBAAKCAQEA6LlOQbGpTRwS1FmFcSpBKReUxeNivKMumRTJjO/Nn9IPSz4a
        zvY9oCk3DcLMHT56T+Ofo2+WPNbq+3w9TCr4OV7W4bqsEQErkCY0C0v5cE/sFQ/v
        gUD5XrOmeWdRhuOuxGZuaUkfrXiePqp2nnC6MbENwKpNGTpHIMr5YsSFMtVZcOXh
        s6D6zx77CDBNtoM45DflBWGIorX5ypZ/wqe0ovbC24qKt/Dobn9ZraSA82iNFMK7
        REfkDw77Xfbjjnc5dmllx8QhOHcA+nSEazGYXgiKBEOifglbu5IuHbqimDz54Q6h
        Knkb8ybHFe80K2Ol2bPYMzcqw6FAlS5dUGUjgwIDAQABAoIBAQDMbeLpYEfo/W0o
        7c6DfuuoTheY0UptjCalwBXgYNJOvvZCUTa5cKLnquy6gNBOLBDDVp9nsODXZq8Z
        5KPv4ZsUwlOeDB2T/mQnBvgWqFFgMESgp9PqxYmIf+UPpgt+o0hlK9l3UQ2rk1Xm
        lFUIjttwRShggvig3YmXq9TvxtN+tzAgvXD1OBQwIIOzWApjV24qiseiVB35gJnG
        jWxmEPiXTnrKL2/7t7ix/eRGRyogdCmK9T3CLgh3TRMO0JNtU9nMNmoIIuvtWIlX
        33512r5TnnB3u5vGAlB193ZselPNVpKpXmPVgZ6vSs3gFXxmqEvZAFXq5yhKsyRh
        3Mu17RBhAoGBAPmcBZ5P92wIQ+zNUMDepADLICxyc8SegBHX4FF4b+jRHaM6LbMd
        DMWWdEM5V6iR3S5kjc0CwIXwIJnAgoIIOQmYHc4R0mDwZEu0gIYKplIDNvgMA4MK
        G9iVziWRIlnqcNF6Xax3HQ5DlcvIJo2U34Vng/UfYkUWkO6RcEyg58exAoGBAO6u
        nOdlBwBzS+Y474GxffpWBN68eOR+Ty0aySEG+uleIvwvoj9pTSRTdCt0uaGBGjKn
        ukQT/DW7sE5qAsI8EYSX+fuw43RIrQBcWRz/GqGUfHvof9ttRBp9bTYraQs9CZBv
        ZwEJX2xeRqXHP1/sMLOqioAm7Q930eCkePxGmB9zAoGBAPYkwHmcW94hzHHRCegX
        5VyO8lxCRR1IO/zch+1vOdQ5muNitLwjUnvqYR4FhwbJSHa+XAMlypqJ8GwOJeR6
        nVxzsDiM5IwJoq3xAqisCdVoLCWxGyl2p30ORSpQk7JdeQFpjMRM9c8iIK7C4hnO
        DBmuubbYSvzcQvGvZDF8nvQRAoGAGJ+I7lI8064RUXHkO4P9FBtVq0jUS/Y/4s5V
        m4Ol1PdyMoQTf+k0HSBC5szG7cNs2Xb2P1m0djKjsKM9H56kzAIFtxJ7lJ5+wn/E
        bbpfm/W+leXZcuCl2vm/j4wQ7Sjh2LW1caTu5DYhoa6ZeiLar15TpX7ei+73hu5Q
        0O3TecMCgYEAj7LQJhRhzl3OI4HWFOZCTjxihqhQOoH5tyNoKxFmw4iBI6O3PTFu
        U+K0cVeS3mmz5BPYFNtOhcE8Olc8MlsHexDPqfVUwLCCA4TZyYI43vYOYUgvF8Xa
        MsiAO/c/aTeUi7bH9LZc900pFXht9zmFI776GroSBQ7fFEe6yEX91Bc=
        -----END RSA PRIVATE KEY-----
      # subject=/C=US/O=BOSH/CN=192.168.50.4
      cert: |
        -----BEGIN CERTIFICATE-----
        MIIDEDCCAfigAwIBAgIJANy2vEpugwXtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
        BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
        aWRnaXRzIFB0eSBMdGQwIBcNMTUwNzEyMDIzNTA4WhgPMjI4OTA0MjUwMjM1MDha
        MDMxCzAJBgNVBAYTAlVTMQ0wCwYDVQQKEwRCT1NIMRUwEwYDVQQDEwwxOTIuMTY4
        LjUwLjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDouU5BsalNHBLU
        WYVxKkEpF5TF42K8oy6ZFMmM782f0g9LPhrO9j2gKTcNwswdPnpP45+jb5Y81ur7
        fD1MKvg5XtbhuqwRASuQJjQLS/lwT+wVD++BQPles6Z5Z1GG467EZm5pSR+teJ4+
        qnaecLoxsQ3Aqk0ZOkcgyvlixIUy1Vlw5eGzoPrPHvsIME22gzjkN+UFYYiitfnK
        ln/Cp7Si9sLbioq38Ohuf1mtpIDzaI0UwrtER+QPDvtd9uOOdzl2aWXHxCE4dwD6
        dIRrMZheCIoEQ6J+CVu7ki4duqKYPPnhDqEqeRvzJscV7zQrY6XZs9gzNyrDoUCV
        Ll1QZSODAgMBAAGjEzARMA8GA1UdEQQIMAaHBMCoMgQwDQYJKoZIhvcNAQEFBQAD
        ggEBAEt472rlr3dDh2zRotqLAGSYn1MlQpqeY1ptvfCFUNlzIibdU+H6lUsX/ZOy
        jzBihUkjXSdwVmbs/sq+wNdW3en10vjlfiPhBaN9j65t7xB+NmrssUGya/6MXcSW
        G1kgleLstp/DuqmiXA51mWbqm67djVcpBLE9nC0OQLCfzRJmceO950z7Ip8zY1mp
        fB72jCN7+fU2pxSacJfrEN+dPE5EP6ACJBUdGPivEDWgfFdy5VjlmBZyOPf87MbK
        HhrbjIgLWhoznfjQkVlHA3tz4Xtu8zpPpalF5tJDV8QpOooJTeBktFT+O3fS9DbR
        juw7YrkZ61ino5Rvd1lQEOQAZJs=
        -----END CERTIFICATE-----
      # Not used by the Director
      ca_cert: |
        -----BEGIN CERTIFICATE-----
        MIIDtzCCAp+gAwIBAgIJAL+XoGqlINOLMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
        BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
        aWRnaXRzIFB0eSBMdGQwIBcNMTUwNzEyMDIzNTA4WhgPMjI4OTA0MjUwMjM1MDha
        MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ
        bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
        ggEKAoIBAQDOGrPb3jitQZBPqJYC2/1rrpXO6cQF4hQV6CPajFnTYI2TmoKVrPpt
        hbJVbcWC4VopmfVrq2YLkP28L25QEtNCg8QBJOa5jLPCDzffasA40YUqrMMWOh0b
        JqzXKgtc4u0FffHBSXq3csyQXNeB/UG6qk/0YuJCFYY5zVAnOmyKdLJjngmUQovx
        ssjfcprkgOMqpPW9BSus4m945OEWqQixk0saxT1MTL3do7oGSacT30jXZV9bowlV
        COsZj+rR6IQkNYaZUWfYBPuHzEP3RN/J21F7T0KCi4q49CnkEwVsf6pnjFhIBuJ7
        u+vKQ3Gq0Yro28SJs0leE8x3OA/WnLiJAgMBAAGjgacwgaQwHQYDVR0OBBYEFNL4
        IU9fUeXBlqKwczeB3Pnup8qeMHUGA1UdIwRuMGyAFNL4IU9fUeXBlqKwczeB3Pnu
        p8qeoUmkRzBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8G
        A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkggkAv5egaqUg04swDAYDVR0T
        BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAMgANBnQbsgs9Yr0wSG1jD4w/pM90
        y7MkLjstmOC5u9kHihWk3KDoI4Bx0fXD9wbyhP/E9AikqG7SglkuViRCrtWDprEp
        8kTGbPG8sPjiu2cnmG19QcmL4HHHaG76r75qEggPu2wRGlEj0BR2zwOuINHCjfgz
        Zi8Gl/4jRAazOcXmFfnNy/RXVOwswWQOG7aKbhHWCODn7jobT95wVTouEppUw7p9
        twzPSzG7vudrmO3PSgAT+db/xrDRoHa3xk5H3fltZi7uxpRaWPqsFDezDYul4C8b
        9JpGUkpLi0wGcVfceVLiZooxVGIQTFJj8Yu6fnTM2ZbD0xwFDyrYM92uWg==
        -----END CERTIFICATE-----
  hm:
    director_account: {user: admin, password: admin}
    resurrector_enabled: true
  # cpi job template
  warden_cpi:
    host_ip: 10.254.50.4
    warden:
      connect_network: tcp
      connect_address: 127.0.0.1:7777
    agent:
      mbus: nats://nats:[email protected]:4222
      blobstore:
        provider: dav
        options:
          endpoint: http://10.254.50.4:25251
          user: agent
          password: agent-password
  # garden job template
  garden:
    listen_network: tcp
    listen_address: 0.0.0.0:7777
    disk_quota_enabled: false
    allow_host_access: true
    default_container_grace_time: 0

The name of the bosh-lite bosh-lite-10-58-111-45 is just to ensure it is unique and to communicate clearly what the IP of the bosh-lite will be: 10.58.111.45. You might come up with a different convention. Let us know in the comments, please.

You’ll need to make all the normal changes to adapt a sample BOSH manifest to your BOSH/CPI/networking.

Over time you will want to specify newer BOSH releases in this manifest. As at writing this is a bit of a task involving you looking at the resources used in the bosh-lite CI pipeline https://bosh-lite.ci.cf-app.com/

To make it easier to auto-upgrade such a manifest in future I’ve created an issue to ask for the various BOSH releases to be uploaded to GitHub releases. cloudfoundry/bosh-lite/issues/372

Spread the word

twitter icon facebook icon linkedin icon