Skip to content

Commit

Permalink
Ocfp Feature (#3)
Browse files Browse the repository at this point in the history 
Net new supporting ocf app scheduler leveraging `ocfp`.

`ocfp` feature encodes the opensource cloud foundry platform reference architecture. `ocfp` specifies that **inputs for features come from vault**.

The reference architecture specifies the `network`, `vm_type`, `disk_type`, and `azs` based on `dev` vs `prod` environment scales.

Naming scheme is entirely based on environment name, and is designed to work with the `ocfp-ops-scripts` `ocfp` cli in order to generate configs, initialize and test environments.

Co-authored-by: Wayne E. Seguin <wayneeseguin@gmail.com>
Co-authored-by: ChrisMcGowan <cmcgowan279@gmail.com>
  • Loading branch information
@dennisjbell @wayneeseguin @ChrisMcGowan
3 people authored Dec 19, 2022
1 parent 028f996 commit 9fb3ba4
Show file tree
Hide file tree
Showing 9 changed files with 200 additions and 94 deletions.
30 changes: 13 additions & 17 deletions hooks/addon
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,24 +84,20 @@ bind_scheduler() {
exit 0
}

case $GENESIS_ADDON_SCRIPT in
(list)
list
;;

(setup-cf-plugin)
add_plugin "$@"
;;

(bind|bind-scheduler)
bind_scheduler
;;
smoke::tests() {
genesis "$GENESIS_ENVIRONMENT" bosh run-errand smoke-tests
}

(*)
describe >&2 "" "#R{[ERROR]} No such addon: $GENESIS_ADDON_SCRIPT"
list
exit 1
;;
case $GENESIS_ADDON_SCRIPT in
(list) list ;;
(smoke-tests) smoke::tests ;;
(setup-cf-plugin) add_plugin "$@" ;;
(bind|bind-scheduler) bind_scheduler ;;
(*)
describe >&2 "" "#R{[ERROR]} No such addon: $GENESIS_ADDON_SCRIPT"
list
exit 1
;;
esac

exit 0
34 changes: 26 additions & 8 deletions hooks/blueprint
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,17 @@ set -eu

declare -a manifests

manifests+=( manifests/scheduler.yml manifests/releases/scheduler.yml )
manifests+=(
"manifests/scheduler.yml"
"manifests/releases/scheduler.yml"
)

if want_feature "external-postgres" ; then
manifests+=( manifests/external-postgres.yml )
manifests+=( "manifests/external-postgres.yml" )
elif want_feature "external-postgres-vault" ; then
manifests+=( manifests/external-postgres-vault.yml )
manifests+=( "manifests/external-postgres-vault.yml" )
else
manifests+=( manifests/releases/postgres.yml )
manifests+=( "manifests/releases/postgres.yml" )
fi

for want in $GENESIS_REQUESTED_FEATURES; do
Expand All @@ -20,12 +23,17 @@ for want in $GENESIS_REQUESTED_FEATURES; do
true
;;
(cf-route-registrar)
manifests+=( manifests/releases/routing.yml manifests/cf-route-registrar.yml )
manifests+=(
"manifests/releases/routing.yml"
"manifests/cf-route-registrar.yml"
)
;;
(ocfp)
true
;;
(*)
if [[ -f "$GENESIS_ROOT/ops/$want.yml" ]] ; then
manifests+=( "$GENESIS_ROOT/ops/$want.yml" )
else
if ! [[ -f "$GENESIS_ROOT/ops/$want.yml" ]]
then
abort=1
describe >&2 \
"#R{[ERROR]} The #c{$want} feature is invalid. See the manual for list of valid features."
Expand All @@ -34,4 +42,14 @@ for want in $GENESIS_REQUESTED_FEATURES; do
esac
done

if want_feature "ocfp" ; then # Merged last to ensure overrides all others.
manifests+=( "ocfp/ocfp.yml" )
fi

for want in $GENESIS_REQUESTED_FEATURES; do
if [[ -f "$GENESIS_ROOT/ops/$want.yml" ]] ; then
manifests+=( "$GENESIS_ROOT/ops/$want.yml" )
fi
done

echo ${manifests[@]}
11 changes: 8 additions & 3 deletions hooks/features
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,13 @@

echo "$GENESIS_REQUESTED_FEATURES"

want_feature external-postgres ||
want_feature external-postgres-vault ||
echo "+internal-postgres"
if want_feature "ocfp"; then
echo "external-postgres-vault"
echo "cf-route-registrar"
else
want_feature external-postgres ||
want_feature external-postgres-vault ||
echo "+internal-postgres"
fi

exit 0
6 changes: 3 additions & 3 deletions kit.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: ocf-scheduler
version: 0.0.16
version: 0.0.17
author: Wayne E. Seguin <wayneeseguin@starkandwayne.com>
docs: https://github.com/cloudfoundry-community/scheduler-boshrelease
code: https://github.com/genesis-community/scheduler-genesis-kit
Expand All @@ -13,13 +13,13 @@ credentials:

provided:
external-postgres:
db:
db/scheduler:
keys:
password:
prompt: "Password for the external Postgresql Database"

external-postgres-vault: # feature
db: # vault suffix path
db/scheduler: # vault suffix path
keys: # vault keys hash
username: # vault key name & value
prompt: "Username for the external Postgresql Database"
Expand Down
18 changes: 9 additions & 9 deletions manifests/cf-route-registrar.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,17 @@ addons:
aliases:
- domain: nats.service.cf.internal
targets:
- deployment: (( grab meta.cf_deployment_name ))
- deployment: (( grab meta.cf.deployment_name ))
domain: bosh
instance_group: nats
network: (( grab params.cf_core_network ))
network: (( grab meta.cf.core_network ))
query: '*'
- domain: _.nats.service.cf.internal
targets:
- deployment: (( grab meta.cf_deployment_name ))
- deployment: (( grab meta.cf.deployment_name ))
domain: bosh
instance_group: nats
network: (( grab params.cf_core_network ))
network: (( grab meta.cf.core_network ))
query: _
---
- type: replace
Expand All @@ -33,21 +33,21 @@ addons:
consumes:
nats-tls:
from: nats-tls
deployment: (( grab meta.cf_deployment_name ))
deployment: (( grab meta.cf.deployment_name ))
properties:
nats:
tls:
enabled: true
client_cert: (( grab params.nats_client_cert ))
client_key: (( grab params.nats_client_key ))
client_cert: (( grab meta.cf.nats.client_cert ))
client_key: (( grab meta.cf.nats.client_key ))
route_registrar:
routes:
- name: scheduler
port: 8000 # Scheduler API Port
registration_interval: 10s
uris:
- (( grab params.scheduler_domain ))
host: (( grab params.cf_system_domain ))
- (( grab meta.scheduler.domain ))
host: (( grab meta.cf.system.domain ))
- type: replace
path: /instance_groups/0/jobs/name=bpm?
value:
Expand Down
24 changes: 17 additions & 7 deletions manifests/external-postgres-vault.yml
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,22 @@
---
meta:
db:
scheme: (( vault meta.vault "/db/scheduler:scheme" ))
username: (( vault meta.vault "/db/scheduler:username" ))
password: (( vault meta.vault "/db/scheduler:password" ))
hostname: (( vault meta.vault "/db/scheduler:hostname" ))
port: (( vault meta.vault "/db/scheduler:port" ))
database: (( vault meta.vault "/db/scheduler:database" ))
sslmode: "verify-ca"

params:
pg_scheme: (( vault meta.vault "/db:scheme" ))
pg_username: (( vault meta.vault "/db:username" ))
pg_password: (( vault meta.vault "/db:password" ))
pg_hostname: (( vault meta.vault "/db:hostname" ))
pg_port: (( vault meta.vault "/db:port" ))
pg_sslmode: (( vault meta.vault "/db:sslmode" ))
pg_database: (( vault meta.vault "/db:database" ))
pg_scheme: (( grab meta.db.scheme ))
pg_username: (( grab meta.db.username ))
pg_password: (( grab meta.db.password ))
pg_hostname: (( grab meta.db.hostname ))
pg_port: (( grab meta.db.port ))
pg_sslmode: (( grab meta.db.sslmode ))
pg_database: (( grab meta.db.database ))

instance_groups:
- name: scheduler
Expand Down
9 changes: 7 additions & 2 deletions manifests/external-postgres.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
---
params:
pg_username: (( vault meta.vault "/db:username" ))
pg_password: (( vault meta.vault "/db:password" ))
pg_scheme: (( grab params.db.scheme || meta.db.scheme ))
pg_username: (( grab params.db.username || meta.db.username ))
pg_password: (( grab params.db.password || meta.db.password ))
pg_hostname: (( grab params.db.hostname || meta.db.hostname ))
pg_port: (( grab params.db.port || meta.db.port ))
pg_database: (( grab params.db.database || meta.db.database ))
pg_sslmode: (( grab params.db.sslmode || meta.db.sslmode ))

instance_groups:
- name: scheduler
Expand Down
115 changes: 70 additions & 45 deletions manifests/scheduler.yml
View file
Original file line number Diff line number Diff line change
@@ -1,43 +1,69 @@
---
meta:
default:
azs: [z1]
cf:
exodus_path: (( concat $GENESIS_EXODUS_MOUNT genesis.env "/cf" ))
deployment_name: (( concat genesis.env "-cf" ))
core_network: (( vault meta.cf.exodus_path ":core_network" ))

cf_exodus_path: (( concat $GENESIS_EXODUS_MOUNT params.cf_deployment_env "/" params.cf_deployment_type ))
cf_deployment_name: (( concat params.cf_deployment_env "-" params.cf_deployment_type ))
cf_system_domain: (( vault "secret/exodus/" params.cf_deployment_env "/cf:system_domain" ))
admin:
username: (( vault meta.cf.exodus_path ":admin_username" ))
password: (( vault meta.cf.exodus_path ":admin_password" ))

system:
domain: (( vault meta.cf.exodus_path ":system_domain" ))
org: (( vault meta.cf.exodus_path ":system_org" ))
space: (( vault meta.cf.exodus_path ":system_space" ))
api: (( concat "https://api." meta.cf.system.domain ))

nats:
client_cert: (( vault meta.cf.exodus_path ":nats_client_cert" ))
client_key: (( vault meta.cf.exodus_path ":nats_client_key" ))

uaa:
client_id: (( vault meta.cf.exodus_path ":app_scheduler_client" ))
client_secret: (( vault meta.cf.exodus_path ":app_scheduler_secret" ))
endpoint: (( concat "https://uaa." meta.cf.system.domain ))

scheduler:
domain: (( concat "scheduler." meta.cf.system.domain ))

networks:
- name: (( grab params.network || "default" ))

azs:
- (( grab params.availability_zones || "z1"))

vm_type: (( grab params.vm_type || "default" ))

smoke-tests:
vm_type: (( grab params.vm_type || "errand" ))

db:
scheme: "postgres"
username: "scheduler"
password: "scheduler"
hostname: "127.0.0.1"
port: "5432"
sslmode: "disable"
database: "scheduler"

params: # NOTE: Contract with kit & genesis is that params are flat for kits.
cf_deployment_env: (( grab genesis.env )) # assume the same env name as cf env
cf_deployment_type: cf # for crazy people using an non-"cf" cf deployment name
cf_core_network: (( vault meta.cf_exodus_path ":core_network" ))
cf_system_domain: (( vault meta.cf_exodus_path ":system_domain" ))
cf_system_org: (( vault meta.cf_exodus_path ":system_org" ))
cf_system_space: (( vault meta.cf_exodus_path ":system_space" ))
cf_username: (( vault meta.cf_exodus_path ":admin_username" ))
cf_password: (( vault meta.cf_exodus_path ":admin_password" ))
network: (( grab params.cf_core_network ))
nats_client_cert: (( vault meta.cf_exodus_path ":nats_client_cert" ))
nats_client_key: (( vault meta.cf_exodus_path ":nats_client_key" ))
uaa_client_id: (( vault meta.cf_exodus_path ":app_scheduler_client" ))
uaa_client_secret: (( vault meta.cf_exodus_path ":app_scheduler_secret" ))
scheduler_domain: (( concat "scheduler." meta.cf_system_domain ))
pg_scheme: "postgres"
pg_username: "ocf-scheduler"
pg_password: "ocf-scheduler"
pg_hostname: "127.0.0.1"
pg_port: "5432"
pg_sslmode: "disable"
pg_database: "ocf-scheduler"
pg_scheme: (( grab meta.db.scheme ))
pg_username: (( grab meta.db.username ))
pg_password: (( grab meta.db.password ))
pg_hostname: (( grab meta.db.hostname ))
pg_port: (( grab meta.db.port ))
pg_sslmode: (( grab meta.db.sslmode ))
pg_database: (( grab meta.db.database ))
pg_uri: (( concat "postgres://" params.pg_username ":" params.pg_password "@" params.pg_hostname ":" params.pg_port "/" params.pg_database "?sslmode=" params.pg_sslmode ))

instance_groups:
- name: scheduler
instances: 1
azs: (( grab params.availability_zones || meta.default.azs ))
stemcell: default
networks:
- name: (( grab params.network || "default" ))
vm_type: (( grab params.vm_type || "default" ))
azs: (( grab meta.scheduler.azs ))
stemcell: (( grab meta.scheduler.stemcell.name ))
networks: (( grab meta.scheduler.networks ))
vm_type: (( grab meta.scheduler.vm_type ))

jobs:
- name: scheduler
Expand All @@ -49,13 +75,13 @@ instance_groups:
properties:
scheduler:
uaa:
client_id: (( grab params.uaa_client_id ))
client_secret: (( grab params.uaa_client_secret ))
endpoint: (( concat "https://uaa." params.cf_system_domain ))
client_id: (( grab meta.cf.uaa.client_id ))
client_secret: (( grab meta.cf.uaa.client_secret ))
endpoint: (( grab meta.cf.uaa.endpoint ))
cf:
api: (( concat "https://api." params.cf_system_domain ))
api: (( grab meta.cf.system.api ))
postgres:
uri: (( concat "postgres://" params.pg_username ":" params.pg_password "@" params.pg_hostname ":" params.pg_port "/" params.pg_database "?sslmode=" params.pg_sslmode ))
uri: (( grab params.pg_uri ))

- name: postgres
properties:
Expand All @@ -73,23 +99,22 @@ instance_groups:

- name: smoke-tests
instances: 1
azs: (( grab params.availability_zones || meta.default.azs ))
azs: (( grab meta.scheduler.azs ))
stemcell: default
networks:
- name: (( grab params.network || "default" ))
vm_type: (( grab params.vm_type || "default" ))
networks: (( grab meta.scheduler.networks ))
vm_type: (( grab meta.scheduler.smoke-tests.vm_type ))
lifecycle: errand

jobs:
- name: smoke-tests
release: ocf-scheduler
properties:
cf:
username: (( grab params.cf_username ))
password: (( grab params.cf_password ))
api: (( concat "https://api." params.cf_system_domain ))
organization: (( grab params.cf_system_org ))
space: (( grab params.cf_system_space ))
username: (( grab meta.cf.admin.username ))
password: (( grab meta.cf.admin.password ))
api: (( grab meta.cf.system.api ))
organization: (( grab meta.cf.system.org ))
space: (( grab meta.cf.system.space ))

name: scheduler

Expand Down
Loading

0 comments on commit 9fb3ba4

Please sign in to comment.