This repository is intended to serve as a reference and starting point for developer-friendly configuration of the Bosh Director. Consume the master
branch. Any changes should be made against the develop
branch (it will be automatically promoted once it passes tests).
As of Bosh DNS version 1.28, Bosh DNS is now built with Go 1.15. This version of Go demands that TLS certificates be created with a SAN field, in addition to the usual CN field.
The following certificates are affected by this change and will need to be regenerated:
/dns_healthcheck_server_tls
/dns_healthcheck_client_tls
/dns_api_server_tls
/dns_api_client_tls
If you're using Credhub or another external variable store, then you will need to use update_mode: converge
as documented here: https://bosh.io/docs/manifest-v2/#variables.
If you are not using Credhub or another external variable store, then you will need to follow the usual procedure for regenerating your certificates.
We deploy using Jammy stemcells; however, if you would prefer to use the Bionic stemcells, append the ops files [IAAS]/use-bionic.yml
and misc/source-releases/bosh.yml
after the ops file [IAAS]/cpi.yml
.
An automatic process updates Bosh, and other releases within bosh-deployment
develop
with a compiled bosh release.create-env
works with this potential collection of resources and the new release.master
is made.Other releases such as UAA, CredHub, and various CPIs are also updated automatically.
Access your BOSH director
bosh.yml
: Base manifest that is meant to be used with different CPI configurations[alicloud|aws|azure|docker|gcp|openstack|softlayer|vcloud|vsphere|virtualbox]/cpi.yml
: CPI configuration[alicloud|aws|azure|docker|gcp|openstack|softlayer|vcloud|vsphere|virtualbox]/cloud-config.yml
: Simple cloud configs[alicloud|aws|azure|docker|gcp|openstack|vcloud|virtualbox|vsphere|warden]/use-bionic.yml
: use Bionic stemcell instead of Jammy stemcelljumpbox-user.yml
: Adds user jumpbox
for SSH-ing into the Director (see Jumpbox User)uaa.yml
: Deploys UAA and enables UAA user management in the Directorcredhub.yml
: Deploys CredHub and enables CredHub integration in the Directorbosh-lite.yml
: Configures Director to use Garden CPI within the Director VM (see BOSH Lite)syslog.yml
: Configures syslog to forward logs to some destinationlocal-dns.yml
: Enables Director DNS beta functionalitymisc/config-server.yml
: Deploys config-server (see credhub.yml
)misc/proxy.yml
: Configure HTTP proxy for Director and CPImisc/dns.yml
: Configure your upstream DNS (NOTE: by default bosh-deployment uses Google DNS: 8.8.8.8)misc/ntp.yml
: Configure your NTP Servers (NOTE: by default bosh-deployment uses Google NTP servers: time{1-4}.google.comruntime-configs/syslog.yml
: Runtime config to enable syslog forwardingSee tests/run-checks.sh for example usage of different ops files.
The director can optionally add configuration to all VMs in all deployments. The YAML defines an IaaS agnostic configuration that applies to all deployments. (See Director Runtime Config.)
dns.yml
: Install bosh defined dns release in every deployed VM. This allows bosh VMs to use the VM name as a FQDN. It is extremely common for deployments require this addon. (eg concourse-ci with UAA). For more information see Native DNS Support.bpm.yml
: Install bosh process manager on every VM (see BPM-Release)syslog.yml
: Install a syslog forwarder agent in every VM.Runtime config files are applied after bosh director has been deployed:
bosh -n -e bosh-1 update-runtime-config bosh-deployment/runtime-configs/dns.yml
See runtime-configs/ for examples of different runtime configs. Other uses include installation of prometheus exporters, os-conf (to modify os level configurations), virus scanning, compliance agents.
Please ensure you have security groups setup correctly. i.e:
Type Protocol Port Range Source Purpose
Custom TCP Rule TCP 6868 <IP you run bosh CLI from> Agent for bootstrapping
Custom TCP Rule TCP 25555 <IP you run bosh CLI from> Director API
Custom TCP Rule TCP 8443 <IP you run bosh CLI from> UAA API (if UAA is used)
Custom TCP Rule TCP 8844 <IP you run bosh CLI from> CredHub API (if CredHub is used)
SSH TCP 22 <((internal_cidr))> BOSH SSH (optional)
Custom TCP Rule TCP 4222 <((internal_cidr))> NATS
Custom TCP Rule TCP 25250 <((internal_cidr))> Blobstore