From 83d5a68112f23647b02c85f0de13e3d41d46dad5 Mon Sep 17 00:00:00 2001 From: carolmorneau Date: Thu, 5 Nov 2020 13:26:06 -0500 Subject: [PATCH] Adding templates for 2.10 release - upgrading stemcell to 621.51 --- templates/2.10.0/deployment_properties.yml | 211 +++++++++++++++++++++ templates/2.10.0/release-vars.yml | 5 + templates/2.10.0/vars.yml | 148 +++++++++++++++ 3 files changed, 364 insertions(+) create mode 100644 templates/2.10.0/deployment_properties.yml create mode 100644 templates/2.10.0/release-vars.yml create mode 100644 templates/2.10.0/vars.yml diff --git a/templates/2.10.0/deployment_properties.yml b/templates/2.10.0/deployment_properties.yml new file mode 100644 index 0000000..7842e6a --- /dev/null +++ b/templates/2.10.0/deployment_properties.yml @@ -0,0 +1,211 @@ +# Using Remote Server: 10.0.10.20 + +# ------------------------ +# Message Router Config +# ------------------------ +starting_port: 7000 + +log_retention_config: + value: max_size + +# ------------------------ +# TLS Config +# ------------------------ +tls_config: enabled +tls_config.enabled.rsa_server_cert: + private_key_pem: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEA4U3oyVABZuRGJoMzUX4y+KA6ImOucCQQpLK4X3ZQj4cBf3OG + p0Z8eNePgHua2LId7qs4K3R2qWxQy3Mgl23FxO+XKzaEpCP+RjRJAuN51rbrw5eq + SbuNuOFyx6f8VWvxQK44EqqqhDMDPai+RwPZpVvEQ+kR7HTmKrfp/goetgb94DmM + qEJmBHvKWHIJZFC+ulyriX874X0ZIU3+w+3A1YDbv17SKCnU/Oe8OJjMYJWdUEYC + IaxWHzqbiXg5JluiEKx/gJNIJvhtry+kJMHCHR3lPAsG9EWPUzvrjpkyUXbnnv+x + DWFInEeuncpend5dMZlXhx+BXyptRoGjkSNTAQIDAQABAoIBACOGw3Qq922gBSfB + fHAXNDZcHY6apUDtjupJfCUhZOac5TGRp+Psi2gKpYge9XXB8FJYEU1Y2fUxLTRH + fRYjqxG4rd+UgynWuxua1wBrmiSvR1HaMnHZ7yj987lj1bgqgyotzo2y95xM5u/s + EcTk6IbYh4Ql1juw2zJVOcJjGiCdgdvgAcIvjSRT+sbBL4biw4BRajsX8t+xD73f + jOfK6RhroZgRgtYMYNsG4gtPoGErYyqNdsOccr81VDpo2HEcOxk1ymy/bea6hEBd + m3gNA/P23GUxycRcXd4Ki9GfW/XdnHDoGzLVonEJa7xz6uSuw6PhlxVH4+il7PJk + hDzsJqECgYEA9fak4D+0G7mEKDAec052etqPcjzZsPYUWdj2SLeVD/mF6IJDW+KI + efCxbzW53gBR91ugmwPxQ4Ti9CBpRNZlKcAPFEU7/S2Njfdc+i/QuQoZQW5Q1FHT + M70z9WHQFdmWy0D45gndAt9l93ZRRhn32oEsY/OjS6J69ghGOT/ELJ0CgYEA6n91 + UgiBOhg0i/FubstUVbu1xn2XxRgzGpI7ZsrNfxU8jDEwZa9twbhWrUXQhWtq7eWR + mgWfK3usCxoOiXHJFNeN0jkQxiPErNAz4CrvDbUPboqKHXmeP8f2YGVJl5t1oW7P + DVTZaLM5Ss1PMlzqtr7DYkm84u8HBa15biWQaLUCgYEAmmWIG+iBM8IhjmSeSL1h + LD9UOl6uPCJMphXGi+EJpix4/Xn/tIcgKoOHrgqosQ28ZizTRVuVMFATczGBQx/e + AvY3wP6w6H2W1R4I9FfdironHmaUQKNYk6raGdebmouq183iL+zTGoGHbW6NGBcm + +beKWPfQcqL80sJg6oD3sRUCgYEAovjAJaoJfcGSy2uYj2G6k/boBzIEB5Og+KeG + pxLtLJQqx1fsRc9dHVQq0TODDyavYvS4c23SyFqkH/cVAUrWMCj6xI6qbLoxFtWA + KBxOlZ0vQ2j/Qiri43rqbOYX9kixwOcM+Tvt+QkOGUGE+ACBk04S5j1PC/yJSdXd + XcK3kT0CgYEAzle+WKkSCsQPMRcP+pWPBK4YGs/pi3fLYlNFN8dCZctLCVXIgXao + 1CzB8vsEva40zy06xHaqbNNpnH0zI0dcsnRFWUqNilZnEYDYjVb0G8oEcNY9AEXm + P5Z/XHQfurMSM19OUK5EQrSvb7TZKcxV2m3ZBMXg7ccUjh+ZcR3X7rM= + -----END RSA PRIVATE KEY----- + + cert_pem: | + -----BEGIN CERTIFICATE----- + MIIDnzCCAoegAwIBAgIJAKEsd5V3+exFMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNV + BAYTAkNBMQswCQYDVQQIDAJPTjEPMA0GA1UEBwwGS2FuYXRhMQ8wDQYDVQQKDAZT + b2xhY2UxGTAXBgNVBAsMEENsb3VkSW50ZWdyYXRpb24xDDAKBgNVBAMMA1BvQzAg + Fw0xNjEwMjcxNzA3MDRaGA8yMTE2MTAwMzE3MDcwNFowZTELMAkGA1UEBhMCQ0Ex + CzAJBgNVBAgMAk9OMQ8wDQYDVQQHDAZLYW5hdGExDzANBgNVBAoMBlNvbGFjZTEZ + MBcGA1UECwwQQ2xvdWRJbnRlZ3JhdGlvbjEMMAoGA1UEAwwDUG9DMIIBIjANBgkq + hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4U3oyVABZuRGJoMzUX4y+KA6ImOucCQQ + pLK4X3ZQj4cBf3OGp0Z8eNePgHua2LId7qs4K3R2qWxQy3Mgl23FxO+XKzaEpCP+ + RjRJAuN51rbrw5eqSbuNuOFyx6f8VWvxQK44EqqqhDMDPai+RwPZpVvEQ+kR7HTm + Krfp/goetgb94DmMqEJmBHvKWHIJZFC+ulyriX874X0ZIU3+w+3A1YDbv17SKCnU + /Oe8OJjMYJWdUEYCIaxWHzqbiXg5JluiEKx/gJNIJvhtry+kJMHCHR3lPAsG9EWP + UzvrjpkyUXbnnv+xDWFInEeuncpend5dMZlXhx+BXyptRoGjkSNTAQIDAQABo1Aw + TjAdBgNVHQ4EFgQUl58rrahDoyB48RKuOPzwggwdm40wHwYDVR0jBBgwFoAUl58r + rahDoyB48RKuOPzwggwdm40wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC + AQEAFsjDBYpiCNz462duzQdf5ZWXlDfcQ3BDuJe4OD+GlS1abOrwyyhxIcPmiewx + mV6jxfPWAcgr+4RuZ8bpschbKMdOLaBVrt5hMsnFXP32EmDIdZGygUy5ndlvEdtd + 3J/Ct6S/BzhOiJ09DEzaLS4cg0AXIylCnF+gjglxfrn68ci+/dYpQ2IXqxrWpkpc + 5I3CyDMVn5SAHw4WiVol3ZsmnL1IUsBT1NBSXFaCPL+ys5FRjkZbr7uygBaKPu7r + q8cMA/GaUHCCyf4F0DQcOs8HSmNDYVHkgsP1HKUra2dWjZcXwRkzAuoLJgspG1GK + 3PVkdvOXQ9ROEMS+OQw0ubc0mQ== + -----END CERTIFICATE----- + +tls_config.enabled.broker_validate_cert_disabled: true + +# ------------------------ +# Application Access +# ------------------------ +application_access_auth_scheme: vmr_internal + +# These are the current and previous keys used to encrypt password columns in the service broker db. +db_encryption_key: +db_encryption_key_prev: + +# ------------------------ +# Management Access +# ------------------------ +vmr_admin_password: + secret: "admin" + +management_access_auth_scheme: vmr_internal + +# ------------------------ +# LDAP Settings +# ------------------------ +ldap_config: disabled + +# ------------------------ +# LDAP Settings +# ------------------------ +#ldap_config: enabled +#ldap_config.enabled.ldap_server_url: "ldap://__LDAP_SERVER__" +#ldap_config.enabled.ldap_start_tls: disabled +#ldap_config.enabled.ldap_credentials: +# identity: "cn=root,dc=solace,dc=com" +# password: "solace1" +#ldap_config.enabled.ldap_user_search_base: "dc=solace,dc=com" +#ldap_config.enabled.ldap_user_search_filter: "(cn=$CLIENT_USERNAME)" +#ldap_config.enabled.ldap_group_membership_attribute_name: "memberOf" + +# ------------------------ +# System Logging +# ------------------------ +syslog_config: disabled + +# ------------------------ +# System Logging +# ------------------------ +#syslog_config: enabled +#syslog_config.enabled.syslog_hostname: '__REMOTE_TEST_SERVER_MA__' +#syslog_config.enabled.syslog_port: 514 +#syslog_config.enabled.syslog_protocol: 'udp' +#syslog_config.enabled.syslog_vmr_command_logs: true +#syslog_config.enabled.syslog_vmr_event_logs: true +#syslog_config.enabled.syslog_vmr_system_logs: true +#syslog_config.enabled.syslog_broker_and_agent_logs: true + + +# ------------------------ +# TCP Routes +# ------------------------ +tcp_routes_config: disabled +tcp_routes_config.disabled.tcp_route_enabled: 'not_allowed' + +## ------------------------ +## TCP Routes +## ------------------------ +#tcp_routes_config: enabled +#tcp_routes_config.enabled.cf_credentials: +# identity: solace_router +# password: "1234" +#tcp_routes_config.enabled.smf_tcp_route_enabled: enabled_by_default +#tcp_routes_config.enabled.smf_tls_tcp_route_enabled: enabled_by_default +#tcp_routes_config.enabled.smf_zip_tcp_route_enabled: enabled_by_default +#tcp_routes_config.enabled.web_messaging_tcp_route_enabled: enabled_by_default +#tcp_routes_config.enabled.web_messaging_tls_tcp_route_enabled: enabled_by_default +#tcp_routes_config.enabled.amqp_tcp_route_enabled: enabled_by_default +#tcp_routes_config.enabled.amqp_tls_tcp_route_enabled: enabled_by_default +#tcp_routes_config.enabled.mqtt_tcp_route_enabled: enabled_by_default +#tcp_routes_config.enabled.mqtt_tls_tcp_route_enabled: enabled_by_default +#tcp_routes_config.enabled.mqtt_ws_tcp_route_enabled: enabled_by_default +#tcp_routes_config.enabled.mqtt_wss_tcp_route_enabled: enabled_by_default +#tcp_routes_config.enabled.rest_tcp_route_enabled: enabled_by_default +#tcp_routes_config.enabled.rest_tls_tcp_route_enabled: enabled_by_default + +# ----------------------------------- +# Web Hook +# ------------------------------------ +web_hook_config: disabled + +# ----------------------------------- +# Web Hook +# ------------------------------------ +#web_hook_config: enabled +#web_hook_config.enabled.web_hook_credentials: +# identity: +# password: +#web_hook_config.enabled.web_hook_host: test-app +#web_hook_config.enabled.web_hook_port: 8080 +#web_hook_config.enabled.web_hook_path: /service-lifecycle + +# ----------------------------------- +# Secure Service Instance Credentials +# ------------------------------------ +secure_service_credentials: false + + +# job-specific configuration, supported in PCF 1.8+. +jobs: + enterprise-shared: + resource_config: + persistent_disk: + size_mb: automatic + instances: 1 + internet_connected: false + enterprise-large: + resource_config: + persistent_disk: + size_mb: automatic + instances: 0 + internet_connected: false + enterprise-medium-ha: + resource_config: + persistent_disk: + size_mb: automatic + instances: 0 + internet_connected: false + enterprise-large-ha: + resource_config: + persistent_disk: + size_mb: automatic + instances: 0 + internet_connected: false + management: + resource_config: + persistent_disk: + size_mb: automatic + instances: 1 + internet_connected: false + arbitrator: + resource_config: + persistent_disk: + size_mb: automatic + instances: 0 + internet_connected: false + diff --git a/templates/2.10.0/release-vars.yml b/templates/2.10.0/release-vars.yml new file mode 100644 index 0000000..6f093ba --- /dev/null +++ b/templates/2.10.0/release-vars.yml @@ -0,0 +1,5 @@ +bosh_stemcell: "ubuntu-xenial" +bosh_stemcell_version: "621.51" +cf_mysql_version: "36.19.0" +route_registrar_version: "1.1.0" +syslog_version: "11.6.1" diff --git a/templates/2.10.0/vars.yml b/templates/2.10.0/vars.yml new file mode 100644 index 0000000..b9ac635 --- /dev/null +++ b/templates/2.10.0/vars.yml @@ -0,0 +1,148 @@ +# CF Space and Org in which solace messaging service broker to be installed. +solace_broker_cf_organization: solace +solace_broker_cf_space: solace-broker + +# The client secret for the "solace_router" uaa client +solace_router_client_secret: 1234 +solace_router_client_id: solace_router + +# The start port seed from which all ports allocation are based. +starting_port: 7000 + +# Increase security by hiding service instance credentials from VCAP services +secure_service_credentials: false + +# Automatically manage application security groups +application_security_groups: true + +# User controlled upgrades +user_controlled_upgrade_on_demand_instances: false + +# On demand upgrade task timer +on_demand_upgrade_task_timer: 0,15,30,45 * * * * + +## Controls the parallel execution of on demand broker upgrade tasks with BOSH +on_demand_upgrade_canaries: 1 +on_demand_upgrade_max_in_flight: 3 + +# This is the password set for the "admin" user on the VMR +vmr_admin_password: admin1 + +# These are the current and previous keys used to encrypt password columns in the service broker db. +db_encryption_key: +db_encryption_key_prev: + +## +# Control populating each plan with VMRs +# Note that the "HA" Plans need to be provided in groups of 3 +## +shared_plan_instances: 1 +large_plan_instances: 0 +medium_ha_plan_instances: 0 +large_ha_plan_instances: 0 +enterprise_plan_5_instances: 0 +enterprise_plan_6_instances: 0 +standard_medium_plan_instances: 0 +standard_medium_ha_plan_instances: 0 +standard_plan_3_instances: 0 +standard_plan_4_instances: 0 + +# Fill those when using MySQL For PCF tile +mysql_for_pcf_service_name: p-mysql +mysql_for_pcf_service_plan: 100mb + +# Fill those when using an external MySQL +mysql_external_hostname: my_db.us-east-1.rds.amazonaws.com +mysql_external_port: 3306 +mysql_external_dbname: solace +mysql_external_user: solace_mysql_user +mysql_external_password: solace_db_mysql_password + + +## The name of the solace pubsub+ service in the marketplace +solace_service_name: solace-pubsub + +# Whether the solace service is shareable across orgs and spaces or not +is_shareable: true + +# Whether client certificate validation is enabled +enable_client_certificates: true + +## The definition of the plans available for the solace pubsub+ service +plans: + standard_medium: + name: standard-medium + description: "This is a standard-medium service" + point_form_description: [ must be, an array ] + isHA: false + maxVpns: 1 + quota: 1 + standard_medium_ha: + name: standard-medium-ha + description: "This is a standard-medium-ha service" + point_form_description: [ must be, an array ] + isHA: true + maxVpns: 1 + quota: 1 + standard_plan_3: + name: standard-plan-3 + description: "This is a standard service" + point_form_description: [ must be, an array ] + isHA: false + maxVpns: 1 + quota: 1 + standard_plan_4: + name: standard-plan-4 + description: "This is a highly available standard service" + point_form_description: [ must be, an array ] + isHA: true + maxVpns: 1 + quota: 1 + enterprise_shared: + name: enterprise-shared + description: "This is an enterprise-shared service" + point_form_description: [ must be, an array ] + isHA: false + maxVpns: 5 + productKey: "" + quota: 1 + enterprise_large: + name: enterprise-large + description: "This is an enterprise-large service" + point_form_description: [ must be, an array ] + isHA: false + maxVpns: 1 + productKey: "" + quota: 1 + enterprise_medium_ha: + name: enterprise-medium-ha + description: "This is an enterprise-medium-ha service" + point_form_description: [ must be, an array ] + isHA: true + maxVpns: 1 + productKey: "" + quota: 1 + enterprise_large_ha: + name: enterprise-large-ha + description: "This is an enterprise-large-ha service" + point_form_description: [ must be, an array ] + isHA: true + maxVpns: 1 + productKey: "" + quota: 1 + enterprise_plan_5: + name: enterprise-plan-5 + description: "This is an enterprise service" + point_form_description: [ must be, an array ] + isHA: false + maxVpns: 1 + productKey: "" + quota: 1 + enterprise_plan_6: + name: enterprise-plan-6 + description: "This is an enterprise service" + point_form_description: [ must be, an array ] + isHA: true + maxVpns: 1 + productKey: "" + quota: 1