Diego 安装 - 使用 spiff merge 生成清单时出错
Diego Installation - Error when generating manifest with spiff merge
当 "generating manifest" 由 运行:
spiff merge input/config-from-cf.yml input/config-from-cf-internal.yml input/cf-deployment.yml > output/config-from-cf.yml
我收到以下错误。我做错了什么?看起来节点包含在最后一个文件中。他们为什么不解决?
error generating manifest: unresolved nodes:
(( properties.cc.internal_api_password )) in dynaml config_from_cf.cc.internal_api_password ()
(( properties.cc.srv_api_uri )) in dynaml config_from_cf.cc.srv_api_uri ()
(( properties.cc.staging_upload_password )) in dynaml config_from_cf.cc.staging_upload_password ()
(( properties.cc.staging_upload_user )) in dynaml config_from_cf.cc.staging_upload_user ()
(( name )) in dynaml config_from_cf.cf_deployment_name ()
(( properties.consul.agent.servers.lan )) in dynaml config_from_cf.consul.lan_servers ()
(( properties.consul.agent.log_level )) in dynaml config_from_cf.consul.log_level ()
(( properties.etcd.machines )) in dynaml config_from_cf.etcd.machines ()
(( properties.loggregator_endpoint.shared_secret )) in dynaml config_from_cf.loggregator_endpoint.shared_secret ()
(( properties.nats.machines )) in dynaml config_from_cf.nats.machines ()
(( properties.nats.password )) in dynaml config_from_cf.nats.password ()
(( properties.nats.user )) in dynaml config_from_cf.nats.user ()
(( properties.system_domain )) in dynaml config_from_cf.system_domain ()
(( merge )) in input/config-from-cf-internal.yml name (name)
(( merge )) in input/config-from-cf-internal.yml properties.etcd.machines (properties.etcd.machines)
(( merge )) in input/config-from-cf-internal.yml properties.loggregator_endpoint.shared_secret (properties.loggregator_endpoint.shared_secret)
(( merge )) in input/config-from-cf-internal.yml properties.nats.password (properties.nats.password)
(( merge )) in input/config-from-cf-internal.yml properties.nats.user (properties.nats.user)
(( merge )) in input/config-from-cf-internal.yml properties.nats.machines (properties.nats.machines)
(( merge )) in input/config-from-cf-internal.yml properties.system_domain (properties.system_domain)
(( merge )) in input/config-from-cf-internal.yml properties.cc.internal_api_password (properties.cc.internal_api_password)
(( merge )) in input/config-from-cf-internal.yml properties.cc.srv_api_uri (properties.cc.srv_api_uri)
(( merge )) in input/config-from-cf-internal.yml properties.cc.staging_upload_password (properties.cc.staging_upload_password)
(( merge )) in input/config-from-cf-internal.yml properties.cc.staging_upload_user (properties.cc.staging_upload_user)
(( merge )) in input/config-from-cf-internal.yml properties.consul.agent.log_level (properties.consul.agent.log_level)
(( merge )) in input/config-from-cf-internal.yml properties.consul.agent.servers.lan (properties.consul.agent.servers.lan)
我用于 spiff 合并的文件的内容。
config-from-cf.yml:
config_from_cf:
cf_deployment_name: (( merge ))
cc:
internal_api_password: (( merge ))
srv_api_uri: (( merge ))
staging_upload_user: (( merge ))
staging_upload_password: (( merge ))
consul:
log_level: (( merge ))
lan_servers: (( merge ))
ca_cert: (( merge ))
agent_cert: (( merge ))
agent_key: (( merge ))
encrypt_keys: (( merge ))
require_ssl: (( merge ))
server_cert: (( merge ))
server_key: (( merge ))
etcd:
machines: (( merge ))
loggregator_endpoint:
shared_secret: (( merge ))
nats:
user: (( merge ))
password: (( merge ))
port: (( merge ))
machines: (( merge ))
system_domain: (( merge ))
uaa:
clients:
ssh-proxy:
secret: (( merge ))
url: (( merge || nil ))
config-from-cf-internal.yml:
config_from_cf:
cf_deployment_name: (( name ))
cc:
internal_api_password: (( properties.cc.internal_api_password ))
srv_api_uri: (( properties.cc.srv_api_uri ))
staging_upload_user: (( properties.cc.staging_upload_user ))
staging_upload_password: (( properties.cc.staging_upload_password ))
consul:
log_level: (( properties.consul.agent.log_level ))
lan_servers: (( properties.consul.agent.servers.lan ))
ca_cert: (( properties.consul.ca_cert ))
agent_cert: (( properties.consul.agent_cert ))
agent_key: (( properties.consul.agent_key ))
encrypt_keys: (( properties.consul.encrypt_keys ))
require_ssl: (( properties.consul.require_ssl ))
server_cert: (( properties.consul.server_cert ))
server_key: (( properties.consul.server_key ))
etcd:
machines: (( properties.etcd.machines ))
loggregator_endpoint:
shared_secret: (( properties.loggregator_endpoint.shared_secret ))
nats:
user: (( properties.nats.user ))
password: (( properties.nats.password ))
port: 4222
machines: (( properties.nats.machines ))
system_domain: (( properties.system_domain ))
uaa:
url: (( properties.uaa.url ))
clients:
ssh-proxy:
secret: (( properties.uaa.clients.ssh-proxy.secret ))
# The keys below should not be included in the final stub
name: (( merge ))
properties:
cc:
internal_api_password: (( merge ))
srv_api_uri: (( merge ))
staging_upload_user: (( merge ))
staging_upload_password: (( merge ))
consul:
agent:
log_level: (( merge ))
servers:
lan: (( merge ))
ca_cert:
agent_cert:
agent_key:
encrypt_keys:
require_ssl:
server_cert:
server_key:
etcd:
machines: (( merge ))
loggregator_endpoint:
shared_secret: (( merge ))
nats:
user: (( merge ))
password: (( merge ))
machines: (( merge ))
system_domain: (( merge ))
uaa:
clients:
ssh-proxy:
secret: (( merge || nil ))
url: (( merge || nil ))
cf-deployment.yml
#######################################################################
####### VARIABLES
#######################################################################
<%
director_uuid = 'XXX'
static_ip = 'XXX'
root_domain = "#{static_ip}.XXX"
cf_deployment_name = 'XXX'
cf_release_name = 'XXX'
cf_release_version = '0.0.1'
protocol = 'http'
flavorSmall = 'c1.medium'
flavorMedium = 'c1.large'
flavorLarge = 'c1.xlarge'
flavorXlarge = 'c1.xxlarge'
networkInternal = 'XXX'
networkInternalId = 'XXX'
networkInternalCIDR = 'XXX'
networkInternalGateway = 'XXX'
networkInternalSubnetId = 'XXX'
networkInternalDNS = ''
networkExternal = 'XXX'
networkExternalId = 'XXX'
networkExternalSubnetId = 'XXX'
networkExternalCIDR = 'XXX'
networkExternalGateway = 'XXX'
networkExternalDNS = 'XXX, XXX'
networkPublic = 'public'
networkPublicId = 'XXX'
IpInternalPostgres = 'XXX'
IpInternalRouter = 'XXX'
IpInternalNats = 'XXX'
IpInternalEtcd = 'XXX'
IpInternalNfs = 'XXX'
IpInternalConsul1 = 'XXX'
IpInternalConsul2 = 'XXX'
IpInternalConsul3 = 'XXX'
boshStemcell = 'bosh-openstack-kvm-ubuntu-trusty-go_agent-raw'
jobs_doppler_shared_secret = 'XXX'
jobs_uaa_admin_client_secret = 'XXX'
jobs_uaa_batch_password = 'XXX'
jobs_uaa_cc_client_secret = 'XXX'
jobs_uaa_scim_cc_client_secret = 'XXX'
properties_cc_db_encryption_key = 'XXX'
properties_cc_bulk_api_password = 'XXX'
properties_cc_internal_api_password = 'XXX'
properties_cc_staging_upload_password = 'XXX'
uaa_clients_cc_service_dashboards_password = 'XXX'
uaa_clients_cloud_controller_username_lookup_password = 'XXX'
uaa_clients_cc_routing_password = 'XXX'
uaa_clients_gorouter_password = 'XXX'
uaa_clients_login_password = 'XXX'
uaa_clients_servicesmgmt_password = 'XXX'
nats_password = 'XXX'
ccdb_roles_ccadmin_password = 'XXX'
ccdb_roles_uaaadmin_password = 'XXX'
loggregator_endpoint_shared_secret = 'XXX'
metron_endpoint_shared_secret = 'XXX'
%>
---
#######################################################################
####### NETWORK AND MISCELLANEOUS
#######################################################################
name: <%= cf_deployment_name %>
director_uuid: <%= director_uuid %>
releases:
- {name: <%= cf_release_name %>, version: <%= cf_release_version %>}
networks:
- name: <%= networkInternal %>
type: manual
subnets:
- range: <%= networkInternalCIDR %>
gateway: <%= networkInternalGateway %>
dns: [<%= networkInternalDNS %>]
reserved: ["XXX - XXX"]
static: ["XXX - XXX"]
cloud_properties:
net_id: <%= networkInternalId %>
security_groups:
- default
- XXX
- XXX
subnet: networkInternalSubnetId
- name: <%= networkExternal %>
type: manual
subnets:
- range: <%= networkExternalCIDR %>
gateway: <%= networkExternalGateway %>
dns: [<%= networkExternalDNS %>]
reserved: ["XXX - XXX"]
static: ["XXX - XXX"]
cloud_properties:
net_id: <%= networkExternalId %>
security_groups:
- default
- XXX
- XXX
- XXX
subnet: <%= networkExternalSubnetId %>
- name: <%= networkPublic %>
type: vip
cloud_properties:
subnet: []
resource_pools:
- name: common_z1
network: <%= networkInternal %>
stemcell:
name: <%= boshStemcell %>
version: latest
cloud_properties:
instance_type: <%= flavorSmall %>
- name: large_z1
network: <%= networkInternal %>
stemcell:
name: <%= boshStemcell %>
version: latest
cloud_properties:
instance_type: <%= flavorMedium %>
compilation:
workers: 2
network: <%= networkInternal %>
reuse_compilation_vms: true
cloud_properties:
instance_type: <%= flavorMedium %>
update:
canaries: 1
max_in_flight: 32
serial: false
canary_watch_time: 30000-600000
update_watch_time: 30000-600000
#######################################################################
####### JOBS
#######################################################################
jobs:
- name: nats_z1
instances: 1
resource_pool: common_z1
templates:
- {name: nats, release: <%= cf_release_name %>}
- {name: nats_stream_forwarder, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
static_ips: [<%= IpInternalNats %>]
- name: etcd_z1
instances: 1
resource_pool: common_z1
persistent_disk: 102400
templates:
- {name: etcd, release: <%= cf_release_name %>}
- {name: etcd_metrics_server, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
static_ips: [<%= IpInternalEtcd %>]
properties:
etcd_metrics_server:
nats:
machines: [<%= IpInternalNats %>]
password: <%= nats_password %>
username: nats
- name: nfs_z1
instances: 1
persistent_disk: 102400
resource_pool: common_z1
templates:
- {name: debian_nfs_server, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
static_ips: [<%= IpInternalNfs %>]
- name: postgres_z1
instances: 1
persistent_disk: 1024
resource_pool: common_z1
templates:
- {name: postgres, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
static_ips: [<%= IpInternalPostgres %>]
update:
serial: true
- name: api_z1
instances: 1
resource_pool: common_z1
templates:
- {name: cloud_controller_ng, release: <%= cf_release_name %>}
- {name: cloud_controller_worker, release: <%= cf_release_name %>}
- {name: cloud_controller_clock, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
- {name: nfs_mounter, release: <%= cf_release_name %>}
- {name: route_registrar, release: <%= cf_release_name %>}
- {name: consul_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
nfs_server:
address: <%= IpInternalNfs %>
allow_from_entries: [<%= networkInternalCIDR %>]
route_registrar:
routes:
- name: api
port: 9022
uris:
- "api.<%= root_domain %>"
- name: ha_proxy_z1
instances: 1
resource_pool: common_z1
templates:
- {name: haproxy, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkPublic %>
static_ips: [<%= static_ip %>]
- name: <%= networkExternal %>
default: [gateway, dns]
properties:
ha_proxy:
ssl_pem: |
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
XXX
-----END RSA PRIVATE KEY-----
router:
servers:
z1: [<%= IpInternalRouter %>]
- name: hm9000_z1
instances: 1
resource_pool: common_z1
templates:
- {name: hm9000, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
- {name: route_registrar, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
route_registrar:
routes:
- name: hm9000
port: 5155
uris:
- "hm9000.<%= root_domain %>"
- name: doppler_z1
instances: 1
resource_pool: common_z1
templates:
- {name: doppler, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
doppler: {zone: z1}
doppler_endpoint:
shared_secret: <%= jobs_doppler_shared_secret %>
- name: loggregator_trafficcontroller_z1
instances: 1
resource_pool: common_z1
templates:
- {name: loggregator_trafficcontroller, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
- {name: route_registrar, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
traffic_controller: {zone: z1}
route_registrar:
routes:
- name: doppler
port: 8081
uris:
- "doppler.<%= root_domain %>"
- name: loggregator
port: 8080
uris:
- "loggregator.<%= root_domain %>"
- name: uaa_z1
instances: 1
resource_pool: common_z1
templates:
- {name: uaa, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
- {name: route_registrar, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
login:
catalina_opts: -Xmx768m #-XX:MaxPermSize=256m
route_registrar:
routes:
- name: uaa
port: 8080
uris:
- "uaa.<%= root_domain %>"
- "*.uaa.<%= root_domain %>"
- "login.<%= root_domain %>"
- "*.login.<%= root_domain %>"
uaa:
admin:
client_secret: <%= jobs_uaa_admin_client_secret %>
batch:
password: <%= jobs_uaa_batch_password %>
username: batch_user
cc:
client_secret: <%= jobs_uaa_cc_client_secret %>
scim:
userids_enabled: true
users:
- admin|<%= jobs_uaa_scim_cc_client_secret %>|scim.write,scim.read,openid,cloud_controller.admin,doppler.firehose
uaadb:
address: <%= IpInternalPostgres %>
databases:
- {name: uaadb, tag: uaa}
db_scheme: postgresql
port: 5524
roles:
- {name: uaaadmin, password: <%= ccdb_roles_uaaadmin_password %>, tag: admin}
- name: router_z1
instances: 1
resource_pool: common_z1
templates:
- {name: gorouter, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
static_ips: [<%= IpInternalRouter %>]
properties:
dropsonde: {enabled: true}
- name: runner_z1
instances: 1
resource_pool: common_z1
templates:
- {name: dea_next, release: <%= cf_release_name %>}
- {name: dea_logging_agent, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
dea_next: {zone: z1}
- name: stats_z1
instances: 1
resource_pool: common_z1
templates:
- {name: collector, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
collector: {deployment_name: <%= cf_deployment_name %>}
- name: consul_z1
instances: 1
resource_pool: common_z1
networks:
- name: <%= networkInternal %>
static_ips: [<%= IpInternalConsul1 %>]
templates:
- {name: consul_agent, release: <%= cf_release_name %>}
# - name: consul_z2
# instances: 0
# networks:
# - name: <%= networkExternal %>
# static_ips: []
#######################################################################
####### Properties
#######################################################################
properties:
networks: {apps: <%= networkInternal %>}
app_domains: [<%= root_domain %>]
cc:
allow_app_ssh_access: false
bulk_api_password: <%= properties_cc_bulk_api_password %>
db_encryption_key: <%= properties_cc_db_encryption_key %>
default_running_security_groups: [public_networks, dns]
default_staging_security_groups: [public_networks, dns]
install_buildpacks:
- {name: java_buildpack, package: buildpack_java}
- {name: ruby_buildpack, package: buildpack_ruby}
- {name: nodejs_buildpack, package: buildpack_nodejs}
- {name: go_buildpack, package: buildpack_go}
- {name: python_buildpack, package: buildpack_python}
- {name: php_buildpack, package: buildpack_php}
- {name: staticfile_buildpack, package: buildpack_staticfile}
- {name: binary_buildpack, package: buildpack_binary}
internal_api_password: <%= properties_cc_internal_api_password %>
quota_definitions:
default:
memory_limit: 4000 #MB
non_basic_services_allowed: false
total_routes: 20
total_services: -1
iron_quota:
memory_limit: 8000 #MB
non_basic_services_allowed: false
total_routes: 100
total_services: 40
bronze_quota:
memory_limit: 16000 #MB
non_basic_services_allowed: false
total_routes: 300
total_services: 300
silver_quota:
memory_limit: 32000 #MB
non_basic_services_allowed: false
total_routes: 1000
total_services: 1000
gold_quota:
memory_limit: 64000 #MB
non_basic_services_allowed: true
total_routes: 5000
total_services: 2000
trial_db_allowed: true
security_group_definitions:
- name: public_networks
rules:
- {destination: XXX-XXX, protocol: all}
- {destination: XXX-XXX, protocol: all}
- {destination: XXX-XXX, protocol: all}
- {destination: XXX-XXX, protocol: all}
- {destination: XXX-XXX, protocol: all}
- name: dns
rules:
- {destination: XXX, ports: '53', protocol: tcp}
- {destination: XXX, ports: '53', protocol: udp}
srv_api_uri: http://api.<%= root_domain %>
staging_upload_password: <%= properties_cc_staging_upload_password %>
staging_upload_user: staging_upload_user
ccdb:
address: <%= IpInternalPostgres %>
databases:
- {name: ccdb, tag: cc}
db_scheme: postgres
port: 5524
roles:
- {name: ccadmin, password: <%= ccdb_roles_ccadmin_password %>, tag: admin}
databases:
databases:
- {name: ccdb, tag: cc, citext: true}
- {name: uaadb, tag: uaa, citext: true}
port: 5524
roles:
- {name: ccadmin, password: <%= ccdb_roles_ccadmin_password %>, tag: admin}
- {name: uaaadmin, password: <%= ccdb_roles_uaaadmin_password %>, tag: admin}
dea_next:
advertise_interval_in_seconds: 5
heartbeat_interval_in_seconds: 10
memory_mb: 33996
description: XXX
domain: <%= root_domain %>
etcd:
machines: [<%= IpInternalEtcd %>]
hm9000:
url: http://hm9000.<%= root_domain %>
logger_endpoint:
port: 4443
loggregator_endpoint:
shared_secret: <%= loggregator_endpoint_shared_secret %>
login:
protocol: http
metron_agent:
zone: z1
deployment: minimal-aws
metron_endpoint:
shared_secret: <%= metron_endpoint_shared_secret %>
nats:
machines: [<%= IpInternalNats %>]
password: <%= nats_password %>
port: 4222
user: nats
nfs_server:
address: <%= IpInternalNfs %>
allow_from_entries: [<%= networkInternalCIDR %>]
ssl:
skip_cert_verify: true
system_domain: <%= root_domain %>
system_domain_organization: default_organization
uaa:
clients:
cc-service-dashboards:
authorities: clients.read,clients.write,clients.admin
authorized-grant-types: client_credentials
scope: openid,cloud_controller_service_permissions.read
secret: <%= uaa_clients_cc_service_dashboards_password %>
cloud_controller_username_lookup:
authorities: scim.userids
authorized-grant-types: client_credentials
secret: <%= uaa_clients_cloud_controller_username_lookup_password %>
cc_routing:
authorities: routing.router_groups.read
secret: <%= uaa_clients_cc_routing_password %>
authorized-grant-types: client_credentials
gorouter:
authorities: clients.read,clients.write,clients.admin,routing.routes.write,routing.routes.read
authorized-grant-types: client_credentials,refresh_token
scope: openid,cloud_controller_service_permissions.read
secret: <%= uaa_clients_gorouter_password %>
doppler:
authorities: uaa.resource
secret: <%= jobs_doppler_shared_secret %>
login:
authorities: oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write
authorized-grant-types: authorization_code,client_credentials,refresh_token
redirect-uri: http://login.<%= root_domain %>
scope: openid,oauth.approvals
secret: <%= uaa_clients_login_password %>
servicesmgmt:
authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
authorized-grant-types: authorization_code,client_credentials,password,implicit
autoapprove: true
redirect-uri: http://servicesmgmt.<%= root_domain %>/auth/cloudfoundry/callback
scope: openid,cloud_controller.read,cloud_controller.write
secret: <%= uaa_clients_servicesmgmt_password %>
jwt:
signing_key: |
-----BEGIN RSA PRIVATE KEY-----
XXX
-----END RSA PRIVATE KEY-----
verification_key: |
-----BEGIN PUBLIC KEY-----
XXX
-----END PUBLIC KEY-----
no_ssl: true
url: http://uaa.<%= root_domain %>
consul:
encrypt_keys:
- XXX
require_ssl: true
ca_cert: |
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
server_cert: |
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
server_key: |
-----BEGIN RSA PRIVATE KEY-----
XXX
-----END RSA PRIVATE KEY-----
agent_cert: |
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
agent_key: |
-----BEGIN RSA PRIVATE KEY-----
XXX
-----END RSA PRIVATE KEY-----
YAML 与顶部的所有变量混淆,然后是 ---
。它将其视为文档分隔符,因此基本上只读取 ---
上方的内容。您可以阅读有关 YAML 文档分隔符的更多信息 here。
如果删除第一个三重破折号以上的所有内容,您的 spiff 合并会更进一步,但是由于缺少 consul
属性,您仍然会失败。所以你至少需要添加这些。
即便如此,您也会遇到问题,因为您打算将此工具与完全解析的 CF 部署清单一起用作第三个参数,而不是仍然包含 ERB 的东西(您的 input/cf-deployment.yml
不会转移到 output/config-from-cf.yml
。如果您已经对仍然有 ERB 的 CF 清单完成 bosh deploy
,您可以通过执行 bosh download manifest XXX input/resolved-cf-deployment.yml
然后 运行:
spiff merge input/config-from-cf.yml \
input/config-from-cf-internal.yml \
input/resolved-cf-deployment.yml \
> output/config-from-cf.yml
当 "generating manifest" 由 运行:
spiff merge input/config-from-cf.yml input/config-from-cf-internal.yml input/cf-deployment.yml > output/config-from-cf.yml
我收到以下错误。我做错了什么?看起来节点包含在最后一个文件中。他们为什么不解决?
error generating manifest: unresolved nodes:
(( properties.cc.internal_api_password )) in dynaml config_from_cf.cc.internal_api_password ()
(( properties.cc.srv_api_uri )) in dynaml config_from_cf.cc.srv_api_uri ()
(( properties.cc.staging_upload_password )) in dynaml config_from_cf.cc.staging_upload_password ()
(( properties.cc.staging_upload_user )) in dynaml config_from_cf.cc.staging_upload_user ()
(( name )) in dynaml config_from_cf.cf_deployment_name ()
(( properties.consul.agent.servers.lan )) in dynaml config_from_cf.consul.lan_servers ()
(( properties.consul.agent.log_level )) in dynaml config_from_cf.consul.log_level ()
(( properties.etcd.machines )) in dynaml config_from_cf.etcd.machines ()
(( properties.loggregator_endpoint.shared_secret )) in dynaml config_from_cf.loggregator_endpoint.shared_secret ()
(( properties.nats.machines )) in dynaml config_from_cf.nats.machines ()
(( properties.nats.password )) in dynaml config_from_cf.nats.password ()
(( properties.nats.user )) in dynaml config_from_cf.nats.user ()
(( properties.system_domain )) in dynaml config_from_cf.system_domain ()
(( merge )) in input/config-from-cf-internal.yml name (name)
(( merge )) in input/config-from-cf-internal.yml properties.etcd.machines (properties.etcd.machines)
(( merge )) in input/config-from-cf-internal.yml properties.loggregator_endpoint.shared_secret (properties.loggregator_endpoint.shared_secret)
(( merge )) in input/config-from-cf-internal.yml properties.nats.password (properties.nats.password)
(( merge )) in input/config-from-cf-internal.yml properties.nats.user (properties.nats.user)
(( merge )) in input/config-from-cf-internal.yml properties.nats.machines (properties.nats.machines)
(( merge )) in input/config-from-cf-internal.yml properties.system_domain (properties.system_domain)
(( merge )) in input/config-from-cf-internal.yml properties.cc.internal_api_password (properties.cc.internal_api_password)
(( merge )) in input/config-from-cf-internal.yml properties.cc.srv_api_uri (properties.cc.srv_api_uri)
(( merge )) in input/config-from-cf-internal.yml properties.cc.staging_upload_password (properties.cc.staging_upload_password)
(( merge )) in input/config-from-cf-internal.yml properties.cc.staging_upload_user (properties.cc.staging_upload_user)
(( merge )) in input/config-from-cf-internal.yml properties.consul.agent.log_level (properties.consul.agent.log_level)
(( merge )) in input/config-from-cf-internal.yml properties.consul.agent.servers.lan (properties.consul.agent.servers.lan)
我用于 spiff 合并的文件的内容。
config-from-cf.yml:
config_from_cf:
cf_deployment_name: (( merge ))
cc:
internal_api_password: (( merge ))
srv_api_uri: (( merge ))
staging_upload_user: (( merge ))
staging_upload_password: (( merge ))
consul:
log_level: (( merge ))
lan_servers: (( merge ))
ca_cert: (( merge ))
agent_cert: (( merge ))
agent_key: (( merge ))
encrypt_keys: (( merge ))
require_ssl: (( merge ))
server_cert: (( merge ))
server_key: (( merge ))
etcd:
machines: (( merge ))
loggregator_endpoint:
shared_secret: (( merge ))
nats:
user: (( merge ))
password: (( merge ))
port: (( merge ))
machines: (( merge ))
system_domain: (( merge ))
uaa:
clients:
ssh-proxy:
secret: (( merge ))
url: (( merge || nil ))
config-from-cf-internal.yml:
config_from_cf:
cf_deployment_name: (( name ))
cc:
internal_api_password: (( properties.cc.internal_api_password ))
srv_api_uri: (( properties.cc.srv_api_uri ))
staging_upload_user: (( properties.cc.staging_upload_user ))
staging_upload_password: (( properties.cc.staging_upload_password ))
consul:
log_level: (( properties.consul.agent.log_level ))
lan_servers: (( properties.consul.agent.servers.lan ))
ca_cert: (( properties.consul.ca_cert ))
agent_cert: (( properties.consul.agent_cert ))
agent_key: (( properties.consul.agent_key ))
encrypt_keys: (( properties.consul.encrypt_keys ))
require_ssl: (( properties.consul.require_ssl ))
server_cert: (( properties.consul.server_cert ))
server_key: (( properties.consul.server_key ))
etcd:
machines: (( properties.etcd.machines ))
loggregator_endpoint:
shared_secret: (( properties.loggregator_endpoint.shared_secret ))
nats:
user: (( properties.nats.user ))
password: (( properties.nats.password ))
port: 4222
machines: (( properties.nats.machines ))
system_domain: (( properties.system_domain ))
uaa:
url: (( properties.uaa.url ))
clients:
ssh-proxy:
secret: (( properties.uaa.clients.ssh-proxy.secret ))
# The keys below should not be included in the final stub
name: (( merge ))
properties:
cc:
internal_api_password: (( merge ))
srv_api_uri: (( merge ))
staging_upload_user: (( merge ))
staging_upload_password: (( merge ))
consul:
agent:
log_level: (( merge ))
servers:
lan: (( merge ))
ca_cert:
agent_cert:
agent_key:
encrypt_keys:
require_ssl:
server_cert:
server_key:
etcd:
machines: (( merge ))
loggregator_endpoint:
shared_secret: (( merge ))
nats:
user: (( merge ))
password: (( merge ))
machines: (( merge ))
system_domain: (( merge ))
uaa:
clients:
ssh-proxy:
secret: (( merge || nil ))
url: (( merge || nil ))
cf-deployment.yml
#######################################################################
####### VARIABLES
#######################################################################
<%
director_uuid = 'XXX'
static_ip = 'XXX'
root_domain = "#{static_ip}.XXX"
cf_deployment_name = 'XXX'
cf_release_name = 'XXX'
cf_release_version = '0.0.1'
protocol = 'http'
flavorSmall = 'c1.medium'
flavorMedium = 'c1.large'
flavorLarge = 'c1.xlarge'
flavorXlarge = 'c1.xxlarge'
networkInternal = 'XXX'
networkInternalId = 'XXX'
networkInternalCIDR = 'XXX'
networkInternalGateway = 'XXX'
networkInternalSubnetId = 'XXX'
networkInternalDNS = ''
networkExternal = 'XXX'
networkExternalId = 'XXX'
networkExternalSubnetId = 'XXX'
networkExternalCIDR = 'XXX'
networkExternalGateway = 'XXX'
networkExternalDNS = 'XXX, XXX'
networkPublic = 'public'
networkPublicId = 'XXX'
IpInternalPostgres = 'XXX'
IpInternalRouter = 'XXX'
IpInternalNats = 'XXX'
IpInternalEtcd = 'XXX'
IpInternalNfs = 'XXX'
IpInternalConsul1 = 'XXX'
IpInternalConsul2 = 'XXX'
IpInternalConsul3 = 'XXX'
boshStemcell = 'bosh-openstack-kvm-ubuntu-trusty-go_agent-raw'
jobs_doppler_shared_secret = 'XXX'
jobs_uaa_admin_client_secret = 'XXX'
jobs_uaa_batch_password = 'XXX'
jobs_uaa_cc_client_secret = 'XXX'
jobs_uaa_scim_cc_client_secret = 'XXX'
properties_cc_db_encryption_key = 'XXX'
properties_cc_bulk_api_password = 'XXX'
properties_cc_internal_api_password = 'XXX'
properties_cc_staging_upload_password = 'XXX'
uaa_clients_cc_service_dashboards_password = 'XXX'
uaa_clients_cloud_controller_username_lookup_password = 'XXX'
uaa_clients_cc_routing_password = 'XXX'
uaa_clients_gorouter_password = 'XXX'
uaa_clients_login_password = 'XXX'
uaa_clients_servicesmgmt_password = 'XXX'
nats_password = 'XXX'
ccdb_roles_ccadmin_password = 'XXX'
ccdb_roles_uaaadmin_password = 'XXX'
loggregator_endpoint_shared_secret = 'XXX'
metron_endpoint_shared_secret = 'XXX'
%>
---
#######################################################################
####### NETWORK AND MISCELLANEOUS
#######################################################################
name: <%= cf_deployment_name %>
director_uuid: <%= director_uuid %>
releases:
- {name: <%= cf_release_name %>, version: <%= cf_release_version %>}
networks:
- name: <%= networkInternal %>
type: manual
subnets:
- range: <%= networkInternalCIDR %>
gateway: <%= networkInternalGateway %>
dns: [<%= networkInternalDNS %>]
reserved: ["XXX - XXX"]
static: ["XXX - XXX"]
cloud_properties:
net_id: <%= networkInternalId %>
security_groups:
- default
- XXX
- XXX
subnet: networkInternalSubnetId
- name: <%= networkExternal %>
type: manual
subnets:
- range: <%= networkExternalCIDR %>
gateway: <%= networkExternalGateway %>
dns: [<%= networkExternalDNS %>]
reserved: ["XXX - XXX"]
static: ["XXX - XXX"]
cloud_properties:
net_id: <%= networkExternalId %>
security_groups:
- default
- XXX
- XXX
- XXX
subnet: <%= networkExternalSubnetId %>
- name: <%= networkPublic %>
type: vip
cloud_properties:
subnet: []
resource_pools:
- name: common_z1
network: <%= networkInternal %>
stemcell:
name: <%= boshStemcell %>
version: latest
cloud_properties:
instance_type: <%= flavorSmall %>
- name: large_z1
network: <%= networkInternal %>
stemcell:
name: <%= boshStemcell %>
version: latest
cloud_properties:
instance_type: <%= flavorMedium %>
compilation:
workers: 2
network: <%= networkInternal %>
reuse_compilation_vms: true
cloud_properties:
instance_type: <%= flavorMedium %>
update:
canaries: 1
max_in_flight: 32
serial: false
canary_watch_time: 30000-600000
update_watch_time: 30000-600000
#######################################################################
####### JOBS
#######################################################################
jobs:
- name: nats_z1
instances: 1
resource_pool: common_z1
templates:
- {name: nats, release: <%= cf_release_name %>}
- {name: nats_stream_forwarder, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
static_ips: [<%= IpInternalNats %>]
- name: etcd_z1
instances: 1
resource_pool: common_z1
persistent_disk: 102400
templates:
- {name: etcd, release: <%= cf_release_name %>}
- {name: etcd_metrics_server, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
static_ips: [<%= IpInternalEtcd %>]
properties:
etcd_metrics_server:
nats:
machines: [<%= IpInternalNats %>]
password: <%= nats_password %>
username: nats
- name: nfs_z1
instances: 1
persistent_disk: 102400
resource_pool: common_z1
templates:
- {name: debian_nfs_server, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
static_ips: [<%= IpInternalNfs %>]
- name: postgres_z1
instances: 1
persistent_disk: 1024
resource_pool: common_z1
templates:
- {name: postgres, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
static_ips: [<%= IpInternalPostgres %>]
update:
serial: true
- name: api_z1
instances: 1
resource_pool: common_z1
templates:
- {name: cloud_controller_ng, release: <%= cf_release_name %>}
- {name: cloud_controller_worker, release: <%= cf_release_name %>}
- {name: cloud_controller_clock, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
- {name: nfs_mounter, release: <%= cf_release_name %>}
- {name: route_registrar, release: <%= cf_release_name %>}
- {name: consul_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
nfs_server:
address: <%= IpInternalNfs %>
allow_from_entries: [<%= networkInternalCIDR %>]
route_registrar:
routes:
- name: api
port: 9022
uris:
- "api.<%= root_domain %>"
- name: ha_proxy_z1
instances: 1
resource_pool: common_z1
templates:
- {name: haproxy, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkPublic %>
static_ips: [<%= static_ip %>]
- name: <%= networkExternal %>
default: [gateway, dns]
properties:
ha_proxy:
ssl_pem: |
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
XXX
-----END RSA PRIVATE KEY-----
router:
servers:
z1: [<%= IpInternalRouter %>]
- name: hm9000_z1
instances: 1
resource_pool: common_z1
templates:
- {name: hm9000, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
- {name: route_registrar, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
route_registrar:
routes:
- name: hm9000
port: 5155
uris:
- "hm9000.<%= root_domain %>"
- name: doppler_z1
instances: 1
resource_pool: common_z1
templates:
- {name: doppler, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
doppler: {zone: z1}
doppler_endpoint:
shared_secret: <%= jobs_doppler_shared_secret %>
- name: loggregator_trafficcontroller_z1
instances: 1
resource_pool: common_z1
templates:
- {name: loggregator_trafficcontroller, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
- {name: route_registrar, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
traffic_controller: {zone: z1}
route_registrar:
routes:
- name: doppler
port: 8081
uris:
- "doppler.<%= root_domain %>"
- name: loggregator
port: 8080
uris:
- "loggregator.<%= root_domain %>"
- name: uaa_z1
instances: 1
resource_pool: common_z1
templates:
- {name: uaa, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
- {name: route_registrar, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
login:
catalina_opts: -Xmx768m #-XX:MaxPermSize=256m
route_registrar:
routes:
- name: uaa
port: 8080
uris:
- "uaa.<%= root_domain %>"
- "*.uaa.<%= root_domain %>"
- "login.<%= root_domain %>"
- "*.login.<%= root_domain %>"
uaa:
admin:
client_secret: <%= jobs_uaa_admin_client_secret %>
batch:
password: <%= jobs_uaa_batch_password %>
username: batch_user
cc:
client_secret: <%= jobs_uaa_cc_client_secret %>
scim:
userids_enabled: true
users:
- admin|<%= jobs_uaa_scim_cc_client_secret %>|scim.write,scim.read,openid,cloud_controller.admin,doppler.firehose
uaadb:
address: <%= IpInternalPostgres %>
databases:
- {name: uaadb, tag: uaa}
db_scheme: postgresql
port: 5524
roles:
- {name: uaaadmin, password: <%= ccdb_roles_uaaadmin_password %>, tag: admin}
- name: router_z1
instances: 1
resource_pool: common_z1
templates:
- {name: gorouter, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
static_ips: [<%= IpInternalRouter %>]
properties:
dropsonde: {enabled: true}
- name: runner_z1
instances: 1
resource_pool: common_z1
templates:
- {name: dea_next, release: <%= cf_release_name %>}
- {name: dea_logging_agent, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
dea_next: {zone: z1}
- name: stats_z1
instances: 1
resource_pool: common_z1
templates:
- {name: collector, release: <%= cf_release_name %>}
- {name: metron_agent, release: <%= cf_release_name %>}
networks:
- name: <%= networkInternal %>
properties:
collector: {deployment_name: <%= cf_deployment_name %>}
- name: consul_z1
instances: 1
resource_pool: common_z1
networks:
- name: <%= networkInternal %>
static_ips: [<%= IpInternalConsul1 %>]
templates:
- {name: consul_agent, release: <%= cf_release_name %>}
# - name: consul_z2
# instances: 0
# networks:
# - name: <%= networkExternal %>
# static_ips: []
#######################################################################
####### Properties
#######################################################################
properties:
networks: {apps: <%= networkInternal %>}
app_domains: [<%= root_domain %>]
cc:
allow_app_ssh_access: false
bulk_api_password: <%= properties_cc_bulk_api_password %>
db_encryption_key: <%= properties_cc_db_encryption_key %>
default_running_security_groups: [public_networks, dns]
default_staging_security_groups: [public_networks, dns]
install_buildpacks:
- {name: java_buildpack, package: buildpack_java}
- {name: ruby_buildpack, package: buildpack_ruby}
- {name: nodejs_buildpack, package: buildpack_nodejs}
- {name: go_buildpack, package: buildpack_go}
- {name: python_buildpack, package: buildpack_python}
- {name: php_buildpack, package: buildpack_php}
- {name: staticfile_buildpack, package: buildpack_staticfile}
- {name: binary_buildpack, package: buildpack_binary}
internal_api_password: <%= properties_cc_internal_api_password %>
quota_definitions:
default:
memory_limit: 4000 #MB
non_basic_services_allowed: false
total_routes: 20
total_services: -1
iron_quota:
memory_limit: 8000 #MB
non_basic_services_allowed: false
total_routes: 100
total_services: 40
bronze_quota:
memory_limit: 16000 #MB
non_basic_services_allowed: false
total_routes: 300
total_services: 300
silver_quota:
memory_limit: 32000 #MB
non_basic_services_allowed: false
total_routes: 1000
total_services: 1000
gold_quota:
memory_limit: 64000 #MB
non_basic_services_allowed: true
total_routes: 5000
total_services: 2000
trial_db_allowed: true
security_group_definitions:
- name: public_networks
rules:
- {destination: XXX-XXX, protocol: all}
- {destination: XXX-XXX, protocol: all}
- {destination: XXX-XXX, protocol: all}
- {destination: XXX-XXX, protocol: all}
- {destination: XXX-XXX, protocol: all}
- name: dns
rules:
- {destination: XXX, ports: '53', protocol: tcp}
- {destination: XXX, ports: '53', protocol: udp}
srv_api_uri: http://api.<%= root_domain %>
staging_upload_password: <%= properties_cc_staging_upload_password %>
staging_upload_user: staging_upload_user
ccdb:
address: <%= IpInternalPostgres %>
databases:
- {name: ccdb, tag: cc}
db_scheme: postgres
port: 5524
roles:
- {name: ccadmin, password: <%= ccdb_roles_ccadmin_password %>, tag: admin}
databases:
databases:
- {name: ccdb, tag: cc, citext: true}
- {name: uaadb, tag: uaa, citext: true}
port: 5524
roles:
- {name: ccadmin, password: <%= ccdb_roles_ccadmin_password %>, tag: admin}
- {name: uaaadmin, password: <%= ccdb_roles_uaaadmin_password %>, tag: admin}
dea_next:
advertise_interval_in_seconds: 5
heartbeat_interval_in_seconds: 10
memory_mb: 33996
description: XXX
domain: <%= root_domain %>
etcd:
machines: [<%= IpInternalEtcd %>]
hm9000:
url: http://hm9000.<%= root_domain %>
logger_endpoint:
port: 4443
loggregator_endpoint:
shared_secret: <%= loggregator_endpoint_shared_secret %>
login:
protocol: http
metron_agent:
zone: z1
deployment: minimal-aws
metron_endpoint:
shared_secret: <%= metron_endpoint_shared_secret %>
nats:
machines: [<%= IpInternalNats %>]
password: <%= nats_password %>
port: 4222
user: nats
nfs_server:
address: <%= IpInternalNfs %>
allow_from_entries: [<%= networkInternalCIDR %>]
ssl:
skip_cert_verify: true
system_domain: <%= root_domain %>
system_domain_organization: default_organization
uaa:
clients:
cc-service-dashboards:
authorities: clients.read,clients.write,clients.admin
authorized-grant-types: client_credentials
scope: openid,cloud_controller_service_permissions.read
secret: <%= uaa_clients_cc_service_dashboards_password %>
cloud_controller_username_lookup:
authorities: scim.userids
authorized-grant-types: client_credentials
secret: <%= uaa_clients_cloud_controller_username_lookup_password %>
cc_routing:
authorities: routing.router_groups.read
secret: <%= uaa_clients_cc_routing_password %>
authorized-grant-types: client_credentials
gorouter:
authorities: clients.read,clients.write,clients.admin,routing.routes.write,routing.routes.read
authorized-grant-types: client_credentials,refresh_token
scope: openid,cloud_controller_service_permissions.read
secret: <%= uaa_clients_gorouter_password %>
doppler:
authorities: uaa.resource
secret: <%= jobs_doppler_shared_secret %>
login:
authorities: oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write
authorized-grant-types: authorization_code,client_credentials,refresh_token
redirect-uri: http://login.<%= root_domain %>
scope: openid,oauth.approvals
secret: <%= uaa_clients_login_password %>
servicesmgmt:
authorities: uaa.resource,oauth.service,clients.read,clients.write,clients.secret
authorized-grant-types: authorization_code,client_credentials,password,implicit
autoapprove: true
redirect-uri: http://servicesmgmt.<%= root_domain %>/auth/cloudfoundry/callback
scope: openid,cloud_controller.read,cloud_controller.write
secret: <%= uaa_clients_servicesmgmt_password %>
jwt:
signing_key: |
-----BEGIN RSA PRIVATE KEY-----
XXX
-----END RSA PRIVATE KEY-----
verification_key: |
-----BEGIN PUBLIC KEY-----
XXX
-----END PUBLIC KEY-----
no_ssl: true
url: http://uaa.<%= root_domain %>
consul:
encrypt_keys:
- XXX
require_ssl: true
ca_cert: |
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
server_cert: |
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
server_key: |
-----BEGIN RSA PRIVATE KEY-----
XXX
-----END RSA PRIVATE KEY-----
agent_cert: |
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
agent_key: |
-----BEGIN RSA PRIVATE KEY-----
XXX
-----END RSA PRIVATE KEY-----
YAML 与顶部的所有变量混淆,然后是 ---
。它将其视为文档分隔符,因此基本上只读取 ---
上方的内容。您可以阅读有关 YAML 文档分隔符的更多信息 here。
如果删除第一个三重破折号以上的所有内容,您的 spiff 合并会更进一步,但是由于缺少 consul
属性,您仍然会失败。所以你至少需要添加这些。
即便如此,您也会遇到问题,因为您打算将此工具与完全解析的 CF 部署清单一起用作第三个参数,而不是仍然包含 ERB 的东西(您的 input/cf-deployment.yml
不会转移到 output/config-from-cf.yml
。如果您已经对仍然有 ERB 的 CF 清单完成 bosh deploy
,您可以通过执行 bosh download manifest XXX input/resolved-cf-deployment.yml
然后 运行:
spiff merge input/config-from-cf.yml \
input/config-from-cf-internal.yml \
input/resolved-cf-deployment.yml \
> output/config-from-cf.yml