Skip to content
/ deployments Public

A place to store reproducible deployment configs.

6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ljfranklin/deployments

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

243 Commits
bosh
bosh
 
 
ci
ci
 
 
concourse
concourse
 
 
metal
metal
 
 
terraform
terraform
 
 
vault
vault
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

No Snowflakes !

A place to store reproducible deployment configs.

Director setup

Login to GCP:

export GCE_PROJECT_ID=<YOUR_PROJECT_ID>
gcloud init
gcloud iam service-accounts create terraform-bosh
gcloud projects add-iam-policy-binding ${GCE_PROJECT_ID} \
  --member serviceAccount:terraform-bosh@${GCE_PROJECT_ID}.iam.gserviceaccount.com \
  --role roles/editor
gcloud iam service-accounts keys create ./tmp/terraform-bosh.key.json \
  --iam-account terraform-bosh@${GCE_PROJECT_ID}.iam.gserviceaccount.com
export GOOGLE_CREDENTIALS=$(cat ./tmp/terraform-bosh.key.json)

Add SSH key:

ssh-keygen -t rsa -b 4096 -C "<YOUR_EMAIL>" -N "" -f ./tmp/vcap.pem
mv ./tmp/vcap.pem.pub ./tmp/vcap.pub

Manually add a public wide SSH key with username vcap: https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#project-wide

Enable GCS Interoperability:

Allow access to your Google Cloud Storage buckets via S3-compatible API: https://cloud.google.com/storage/docs/interoperability

Create a new "Interoperable storage access key" and keep it somewhere safe.

Terraform environment:

terraform apply -var projectid=${GCE_PROJECT_ID}

Generate an SSL cert:

Self-signed:

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 30 -nodes -subj "/C=US/ST=CA/O=YOUR_NAME/CN=YOUR_BOSH_DOMAIN"

OR

Let's Encrypt via CloudFlare:

go get -u github.com/xenolf/lego
CLOUDFLARE_API_KEY=<YOUR_API_KEY> CLOUDFLARE_EMAIL=<YOUR_EMAIL> lego --accept-tos --email="<YOUR_EMAIL>" --domains="<YOUR_BOSH_DOMAIN>" --dns="cloudflare" run

Deploy director:

bosh create-env ./bosh/director.yml -l ./tmp/bosh-director-creds.yml
bosh upload-cloud-config ./bosh/cloud-config.yml
bosh upload-stemcell https://storage.googleapis.com/bosh-cpi-artifacts/light-bosh-stemcell-3262.12-google-kvm-ubuntu-trusty-go_agent.tgz

Concourse Setup

Setup GitHub OAuth:

http://concourse.ci/teams.html#github-auth

BOSH deploy:

bosh upload-release http://bosh.io/d/github.com/concourse/concourse
bosh upload-release http://bosh.io/d/github.com/cloudfoundry/garden-runc-release
bosh deploy -d concourse -l ./tmp/concourse-creds.yml ./concourse/concourse.yml

Vault Setup

Generate consul certs:

wget https://raw.githubusercontent.com/cloudfoundry-incubator/consul-release/master/scripts/generate-certs
chmod +x ./generate-certs
./generate-certs

Generate consul encryption key:

brew install consul
consul keygen

About

A place to store reproducible deployment configs.

Resources

Readme
Activity

Stars

6 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages