The standard way to deploy bosh-lite is with vagrant up
and it starts running on your machine using VirtualBox.
You can also deploy bosh-lite to AWS with vagrant up --provider=aws
(instructions).
But what if you want to run bosh-lite on vSphere or GCP or Azure or SoftLayer or any other place for which you have a BOSH CPI?
Or what if you want to be able to upgrade your bosh-lite overtime to newer versions?
It turns out it is possible to deploy bosh-lite just like you can deploy any normal BOSH release. All you are missing is a sample manifest. And here it is (gist)…
---
name: bosh-lite-10-58-111-45
director_uuid: f635b1ba-5000-48e1-92c8-19471d20e0e4
releases:
- name: bosh
version: "256.2"
url: https://bosh.io/d/github.com/cloudfoundry/bosh?v=256.2
sha1: ff2f4e16e02f66b31c595196052a809100cfd5a8
- name: bosh-warden-cpi
version: 29
url: https://bosh.io/d/github.com/cppforlife/bosh-warden-cpi-release?v=29
sha1: 9cc293351744f3892d4a79479cccd3c3b2cf33c7
- name: garden-linux
version: 0.337.0
url: https://bosh.io/d/github.com/cloudfoundry-incubator/garden-linux-release?v=0.337.0
sha1: d1d81d56c3c07f6f9f04ebddc68e51b8a3cf541d
- name: port-forwarding
version: 1
sha1: d74d6ecffb3bb451a18ed30a0e5759e9b467accc
url: https://github.com/cloudfoundry-community/port-forwarding-boshrelease/releases/download/v1/port-forwarding-1.tgz
resource_pools:
- name: default
network: default
cloud_properties:
cpu: 4
ram: 8192
disk: 20480
stemcell:
name: bosh-vsphere-esxi-ubuntu-trusty-go_agent
version: "3202"
networks:
- name: default
subnets:
- cloud_properties:
name: net-10-58-111-0
dns:
- 10.58.111.31
- 10.58.111.32
- 10.58.111.33
gateway: 10.58.111.1
range: 10.58.111.0/24
reserved:
- 10.58.111.2 - 10.58.111.43
- 10.58.111.54 - 10.58.111.254
static:
- 10.58.111.44 - 10.58.111.50
update:
canaries: 1
max_in_flight: 1
canary_watch_time: 5000 - 600000
update_watch_time: 5000 - 600000
compilation:
network: default
workers: 2
reuse_compilation_vms: true
cloud_properties:
cpu: 2
disk: 4096
ram: 3840
jobs:
- name: bosh
instances: 1
resource_pool: default
persistent_disk: 100000
networks:
- name: default
static_ips:
- 10.58.111.45
templates:
- {name: nats, release: bosh}
- {name: blobstore, release: bosh}
- {name: postgres, release: bosh}
- {name: director, release: bosh}
- {name: health_monitor, release: bosh}
- {name: warden_cpi, release: bosh-warden-cpi}
- {name: garden, release: garden-linux}
- {name: port_forwarding, release: port-forwarding}
properties:
port_forwarding:
rules:
- internal_port: 80
external_port: 80
internal_ip: 10.244.0.34
- internal_port: 443
external_port: 443
internal_ip: 10.244.0.34
- internal_port: 4443
external_port: 4443
internal_ip: 10.244.0.34
properties:
ntp: ["0.us.pool.ntp.org"]
compiled_package_cache:
provider: local
options: {blobstore_path: /vagrant/tmp/compiled_package_cache}
nats:
user: nats
password: nats-password
address: 127.0.0.1
port: 4222
blobstore:
address: 127.0.0.1
port: 25251
backend_port: 25552
agent: {user: agent, password: agent-password}
director: {user: director, password: director-password}
postgres: &db
user: bosh
password: bosh-password
host: 127.0.0.1
port: 5432
database: bosh
director:
name: "Bosh Lite Director"
address: 127.0.0.1
max_tasks: 100
cpi_job: warden_cpi
db: *db
# Compatibility with current garden networking manifest config
ignore_missing_gateway: true
# From https://github.com/cppforlife/turbulence-release/blob/master/ca/generate.sh
ssl:
key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA6LlOQbGpTRwS1FmFcSpBKReUxeNivKMumRTJjO/Nn9IPSz4a
zvY9oCk3DcLMHT56T+Ofo2+WPNbq+3w9TCr4OV7W4bqsEQErkCY0C0v5cE/sFQ/v
gUD5XrOmeWdRhuOuxGZuaUkfrXiePqp2nnC6MbENwKpNGTpHIMr5YsSFMtVZcOXh
s6D6zx77CDBNtoM45DflBWGIorX5ypZ/wqe0ovbC24qKt/Dobn9ZraSA82iNFMK7
REfkDw77Xfbjjnc5dmllx8QhOHcA+nSEazGYXgiKBEOifglbu5IuHbqimDz54Q6h
Knkb8ybHFe80K2Ol2bPYMzcqw6FAlS5dUGUjgwIDAQABAoIBAQDMbeLpYEfo/W0o
7c6DfuuoTheY0UptjCalwBXgYNJOvvZCUTa5cKLnquy6gNBOLBDDVp9nsODXZq8Z
5KPv4ZsUwlOeDB2T/mQnBvgWqFFgMESgp9PqxYmIf+UPpgt+o0hlK9l3UQ2rk1Xm
lFUIjttwRShggvig3YmXq9TvxtN+tzAgvXD1OBQwIIOzWApjV24qiseiVB35gJnG
jWxmEPiXTnrKL2/7t7ix/eRGRyogdCmK9T3CLgh3TRMO0JNtU9nMNmoIIuvtWIlX
33512r5TnnB3u5vGAlB193ZselPNVpKpXmPVgZ6vSs3gFXxmqEvZAFXq5yhKsyRh
3Mu17RBhAoGBAPmcBZ5P92wIQ+zNUMDepADLICxyc8SegBHX4FF4b+jRHaM6LbMd
DMWWdEM5V6iR3S5kjc0CwIXwIJnAgoIIOQmYHc4R0mDwZEu0gIYKplIDNvgMA4MK
G9iVziWRIlnqcNF6Xax3HQ5DlcvIJo2U34Vng/UfYkUWkO6RcEyg58exAoGBAO6u
nOdlBwBzS+Y474GxffpWBN68eOR+Ty0aySEG+uleIvwvoj9pTSRTdCt0uaGBGjKn
ukQT/DW7sE5qAsI8EYSX+fuw43RIrQBcWRz/GqGUfHvof9ttRBp9bTYraQs9CZBv
ZwEJX2xeRqXHP1/sMLOqioAm7Q930eCkePxGmB9zAoGBAPYkwHmcW94hzHHRCegX
5VyO8lxCRR1IO/zch+1vOdQ5muNitLwjUnvqYR4FhwbJSHa+XAMlypqJ8GwOJeR6
nVxzsDiM5IwJoq3xAqisCdVoLCWxGyl2p30ORSpQk7JdeQFpjMRM9c8iIK7C4hnO
DBmuubbYSvzcQvGvZDF8nvQRAoGAGJ+I7lI8064RUXHkO4P9FBtVq0jUS/Y/4s5V
m4Ol1PdyMoQTf+k0HSBC5szG7cNs2Xb2P1m0djKjsKM9H56kzAIFtxJ7lJ5+wn/E
bbpfm/W+leXZcuCl2vm/j4wQ7Sjh2LW1caTu5DYhoa6ZeiLar15TpX7ei+73hu5Q
0O3TecMCgYEAj7LQJhRhzl3OI4HWFOZCTjxihqhQOoH5tyNoKxFmw4iBI6O3PTFu
U+K0cVeS3mmz5BPYFNtOhcE8Olc8MlsHexDPqfVUwLCCA4TZyYI43vYOYUgvF8Xa
MsiAO/c/aTeUi7bH9LZc900pFXht9zmFI776GroSBQ7fFEe6yEX91Bc=
-----END RSA PRIVATE KEY-----
# subject=/C=US/O=BOSH/CN=192.168.50.4
cert: |
-----BEGIN CERTIFICATE-----
MIIDEDCCAfigAwIBAgIJANy2vEpugwXtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwIBcNMTUwNzEyMDIzNTA4WhgPMjI4OTA0MjUwMjM1MDha
MDMxCzAJBgNVBAYTAlVTMQ0wCwYDVQQKEwRCT1NIMRUwEwYDVQQDEwwxOTIuMTY4
LjUwLjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDouU5BsalNHBLU
WYVxKkEpF5TF42K8oy6ZFMmM782f0g9LPhrO9j2gKTcNwswdPnpP45+jb5Y81ur7
fD1MKvg5XtbhuqwRASuQJjQLS/lwT+wVD++BQPles6Z5Z1GG467EZm5pSR+teJ4+
qnaecLoxsQ3Aqk0ZOkcgyvlixIUy1Vlw5eGzoPrPHvsIME22gzjkN+UFYYiitfnK
ln/Cp7Si9sLbioq38Ohuf1mtpIDzaI0UwrtER+QPDvtd9uOOdzl2aWXHxCE4dwD6
dIRrMZheCIoEQ6J+CVu7ki4duqKYPPnhDqEqeRvzJscV7zQrY6XZs9gzNyrDoUCV
Ll1QZSODAgMBAAGjEzARMA8GA1UdEQQIMAaHBMCoMgQwDQYJKoZIhvcNAQEFBQAD
ggEBAEt472rlr3dDh2zRotqLAGSYn1MlQpqeY1ptvfCFUNlzIibdU+H6lUsX/ZOy
jzBihUkjXSdwVmbs/sq+wNdW3en10vjlfiPhBaN9j65t7xB+NmrssUGya/6MXcSW
G1kgleLstp/DuqmiXA51mWbqm67djVcpBLE9nC0OQLCfzRJmceO950z7Ip8zY1mp
fB72jCN7+fU2pxSacJfrEN+dPE5EP6ACJBUdGPivEDWgfFdy5VjlmBZyOPf87MbK
HhrbjIgLWhoznfjQkVlHA3tz4Xtu8zpPpalF5tJDV8QpOooJTeBktFT+O3fS9DbR
juw7YrkZ61ino5Rvd1lQEOQAZJs=
-----END CERTIFICATE-----
# Not used by the Director
ca_cert: |
-----BEGIN CERTIFICATE-----
MIIDtzCCAp+gAwIBAgIJAL+XoGqlINOLMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwIBcNMTUwNzEyMDIzNTA4WhgPMjI4OTA0MjUwMjM1MDha
MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ
bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDOGrPb3jitQZBPqJYC2/1rrpXO6cQF4hQV6CPajFnTYI2TmoKVrPpt
hbJVbcWC4VopmfVrq2YLkP28L25QEtNCg8QBJOa5jLPCDzffasA40YUqrMMWOh0b
JqzXKgtc4u0FffHBSXq3csyQXNeB/UG6qk/0YuJCFYY5zVAnOmyKdLJjngmUQovx
ssjfcprkgOMqpPW9BSus4m945OEWqQixk0saxT1MTL3do7oGSacT30jXZV9bowlV
COsZj+rR6IQkNYaZUWfYBPuHzEP3RN/J21F7T0KCi4q49CnkEwVsf6pnjFhIBuJ7
u+vKQ3Gq0Yro28SJs0leE8x3OA/WnLiJAgMBAAGjgacwgaQwHQYDVR0OBBYEFNL4
IU9fUeXBlqKwczeB3Pnup8qeMHUGA1UdIwRuMGyAFNL4IU9fUeXBlqKwczeB3Pnu
p8qeoUmkRzBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8G
A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkggkAv5egaqUg04swDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAMgANBnQbsgs9Yr0wSG1jD4w/pM90
y7MkLjstmOC5u9kHihWk3KDoI4Bx0fXD9wbyhP/E9AikqG7SglkuViRCrtWDprEp
8kTGbPG8sPjiu2cnmG19QcmL4HHHaG76r75qEggPu2wRGlEj0BR2zwOuINHCjfgz
Zi8Gl/4jRAazOcXmFfnNy/RXVOwswWQOG7aKbhHWCODn7jobT95wVTouEppUw7p9
twzPSzG7vudrmO3PSgAT+db/xrDRoHa3xk5H3fltZi7uxpRaWPqsFDezDYul4C8b
9JpGUkpLi0wGcVfceVLiZooxVGIQTFJj8Yu6fnTM2ZbD0xwFDyrYM92uWg==
-----END CERTIFICATE-----
hm:
director_account: {user: admin, password: admin}
resurrector_enabled: true
# cpi job template
warden_cpi:
host_ip: 10.254.50.4
warden:
connect_network: tcp
connect_address: 127.0.0.1:7777
agent:
mbus: nats://nats:[email protected]:4222
blobstore:
provider: dav
options:
endpoint: http://10.254.50.4:25251
user: agent
password: agent-password
# garden job template
garden:
listen_network: tcp
listen_address: 0.0.0.0:7777
disk_quota_enabled: false
allow_host_access: true
default_container_grace_time: 0
The name of the bosh-lite bosh-lite-10-58-111-45
is just to ensure it is unique and to communicate clearly what the IP of the bosh-lite will be: 10.58.111.45
. You might come up with a different convention. Let us know in the comments, please.
You’ll need to make all the normal changes to adapt a sample BOSH manifest to your BOSH/CPI/networking.
Over time you will want to specify newer BOSH releases in this manifest. As at writing this is a bit of a task involving you looking at the resources used in the bosh-lite CI pipeline https://bosh-lite.ci.cf-app.com/
To make it easier to auto-upgrade such a manifest in future I’ve created an issue to ask for the various BOSH releases to be uploaded to GitHub releases.