Customizing the Cloud Foundry Deployment Manifest Stub for vSphere, vCloud Air, or vCloud Director
Page last updated: December 9, 2015
This topic describes how to customize the Cloud Foundry deployment manifest stub for vSphere, vCloud Air, or vCloud Director. Follow the editing instructions to customize the manifest stub with information about your environment.
Cloud Foundry Deployment Manifest Stub
---
director_uuid: DIRECTOR_UUID
networks:
- name: cf1
subnets:
- cloud_properties:
static:
- 0.0.0.0 - 0.0.0.26
- name: cf2
subnets:
- cloud_properties:
static:
- 0.0.1.0 - 0.0.1.26
jobs:
ha_proxy_z1:
properties:
ha_proxy:
disable_http: true
properties:
cc:
droplets:
droplet_directory_key: the_key
buildpacks:
buildpack_directory_key: bd_key
staging_upload_user: username
staging_upload_password: password
bulk_api_password: password
db_encryption_key: the_key
dea_next:
disk_mb: 2048
memory_mb: 1024
loggregator_endpoint:
shared_secret: LOGGREGATOR_ENDPOINT_SHARED_SECRET
nats:
user: nats_user
password: nats_password
router:
logrotate:
freq_min: 20
rotate: 5
size: 3M
enable_ssl: true
ssl_cert: |
-----BEGIN CERTIFICATE-----
MIIDBjCCAe4CCQCz3nn1SWrDdTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMB4XDTE1MDMwMzE4NTMyNloXDTE2MDMwMjE4NTMyNlowRTELMAkG
A1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0
IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKtTK9xq/ycRO3fWbk1abunYf9CY6sl0Wlqm9UPMkI4j0itY2OyGyn1YuCCiEdM3
b8guGSWB0XSL5PBq33e7ioiaH98UEe+Ai+TBxnJsro5WQ/TMywzRDhZ4E7gxDBav
88ZY+y7ts0HznfxqEIn0Gu/UK+s6ajYcIy7d9L988+hA3K1FSdes8MavXhrI4xA1
fY21gESfFkD4SsqvrkISC012pa7oVw1f94slIVcAG+l9MMAkatBGxgWAQO6kxk5o
oH1Z5q2m0afeQBfFqzu5lCITLfgTWCUZUmbF6UpRhmD850/LqNtryAPrLLqXxdig
OHiWqvFpCusOu/4z1uGC5xECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAV5RAFVQy
8Krs5c9ebYRseXO6czL9/Rfrt/weiC1XLcDkE2i2yYsBXazMYr58o4hACJwe2hoC
bihBZ9XnVpASEYHDLwDj3zxFP/bTuKs7tLhP7wz0lo8i6k5VSPAGBq2kjc/cO9a3
TMmLPks/Xm42MCSWGDnCEX1854B3+JK3CNEGqSY7FYXU4W9pZtHPZ3gBoy0ymSpg
mpleiY1Tbn5I2X7vviMW7jeviB5ivkZaXtObjyM3vtPLB+ILpa15ZhDSE5o71sjA
jXqrE1n5o/GXHX+1M8v3aJc30Az7QAqWohW/tw5SoiSmVQZWd7gFht9vSzaH2WgO
LwcpBC7+cUJEww==
-----END CERTIFICATE-----
ssl_key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAq1Mr3Gr/JxE7d9ZuTVpu6dh/0JjqyXRaWqb1Q8yQjiPSK1jY
7IbKfVi4IKIR0zdvyC4ZJYHRdIvk8Grfd7uKiJof3xQR74CL5MHGcmyujlZD9MzL
DNEOFngTuDEMFq/zxlj7Lu2zQfOd/GoQifQa79Qr6zpqNhwjLt30v3zz6EDcrUVJ
16zwxq9eGsjjEDV9jbWARJ8WQPhKyq+uQhILTXalruhXDV/3iyUhVwAb6X0wwCRq
0EbGBYBA7qTGTmigfVnmrabRp95AF8WrO7mUIhMt+BNYJRlSZsXpSlGGYPznT8uo
22vIA+ssupfF2KA4eJaq8WkK6w67/jPW4YLnEQIDAQABAoIBAQCDVqpcOoZKK9K8
Bt3eXQKEMJ2ji2cKczFFJ5MEm9EBtoJLCryZbqfSue3Fzpj9pBUEkBpk/4VT5F7o
0/Vmc5Y7LHRcbqVlRtV30/lPBPQ4V/eWtly/AZDcNsdfP/J1fgPSvaoqCr2ORLWL
qL/vEfyIeM4GcWy0+JMcPbmABslw9O6Ptc5RGiP98vCLHQh/++sOtj6PH1pt+2X/
Uecv3b1Hk/3Oe+M8ySorJD3KA94QTRnKX+zubkxRg/zCAki+as8rQc/d+BfVG698
ylUT5LVLNuwbWnffY2Zt5x5CDqH01mJnHmxzQEfn68rb3bGFaYPEn9EP+maQijv6
SsUM9A3lAoGBAODRDRn4gEIxjPICp6aawRrMDlRc+k6IWDF7wudjxJlaxFr2t7FF
rFYm+jrcG6qMTyq+teR8uHpcKm9X8ax0L6N6gw5rVzIeIOGma/ZuYIYXX2XJx5SW
SOas1xW6qEIbOMv+Xu9w2SWbhTgyRmtlxxjr2e7gQLz9z/vuTReJpInnAoGBAMMW
sq5lqUfAQzqxlhTobQ7tnB48rUQvkGPE92SlDj2TUt9phek2/TgRJT6mdcozvimt
JPhxKg3ioxG8NPmN0EytjpSiKqlxS1R2po0fb75vputfpw16Z8/2Vik+xYqNMTLo
SpeVkHu7fbtNYEK2qcU44OyOZ/V+5Oo9TuBIFRhHAoGACkqHhwDRHjaWdR2Z/w5m
eIuOvF3lN2MWZm175ouynDKDeoaAsiS2VttB6R/aRFxX42UHfoYXC8LcTmyAK5zF
8X3SMf7H5wtqBepQVt+Gm5zGSSqLcEnQ3H5c+impOh105CGoxt0rk4Ui/AeRIalv
C70AJOcvD3eu5aFq9gDe/1ECgYBAhkVbASzYGnMh+pKVH7rScSxto8v6/XBYT1Ez
7JOlMhD667/qvtFJtgIHkq7qzepbhnTv5x3tscQVnZY34/u9ILpD1s8dc+dibEvx
6S/gYLVorB5ois/DLMqaobRcew6Gs+XX9RPwmLahOJpZ9mh4XrOmCgPAYtP71YM9
ExpHCQKBgQCMMDDWGMRdFMJgXbx1uMere7OoniBdZaOexjbglRh1rMVSXqzBoU8+
yhEuHGAsHGWQdSBHnqRe9O0Bj/Vlw2VVEaJeL1ewRHb+jXSnuKclZOJgMsJAvgGm
SOWIahDrATA4g1T6yLBWQPhj3ZXD3eCMxT1Q3DvpG1DjgvXwmXQJAA==
-----END RSA PRIVATE KEY-----
cipher_suites: TLS_RSA_WITH_RC4_128_SHA:TLS_RSA_WITH_AES_128_CBC_SHA
status:
user: router_user
password: router_password
login:
logout:
redirect:
parameter:
disable: false
uaa:
admin:
client_secret: admin_secret
cc:
client_secret: cc_client_secret
clients:
app-direct:
secret: app-direct_secret
developer_console:
secret: developer_console_secret
login:
secret: login_client_secret
notifications:
secret: notification_secret
doppler:
secret: doppler_secret
cloud_controller_username_lookup:
secret: cloud_controller_username_lookup_secret
cc_routing:
secret: cc_routing_secret
gorouter:
secret: gorouter_secret
jwt:
verification_key: vk
signing_key: sk
scim:
users:
- admin|fakepassword|scim.write,scim.read,openid,cloud_controller.admin,doppler.firehose
groups: additionalgroup1,additionalgroup2
Editing Instructions
| Deployment Manifest Stub Contents | Editing Instructions |
|---|---|
|
Replace DIRECTOR_UUID with the BOSH Director UUID. Use
bosh status to view the BOSH Director UUID. |
|
Replace the cf1 subnets: cloud_properties: static:
0.0.0.0 - 0.0.0.25 IP address range with a range of at least 26
consecutive IP addresses on your private network.
Replace the cf2 subnets: cloud_properties: static: 0.0.1.0 - 0.0.1.25 IP address range with a range of at
least 26 consecutive IP addresses on your private network.
|
|
Do not change the values of the diego: staging or
diego: running keys.
Replace the droplet_directory_key: the key
with the directory (bucket) used to store droplets.
Replace the buildpack_directory_key: bd_key with the directory (bucket) used to store
buildpacks.
Replace the staging_upload_user: username with the account user name used to upload files to
the Cloud Controller.
Replace the staging_upload_password: password with the password of the account used to upload
files to the Cloud Controller.
Replace the bulk_api_password: password
with the password used to access the bulk_api.
Replace the db_encryption_key: the_key
with a secure key you generate to encrypt sensitive values in the Cloud
Controller database.
|
|
Do not change these values. |
|
Replace the share_secret:
loggregator_endpoint_secret with a secure secret.
|
|
Replace nats_user and nats_password with a
secure user name and password for NATS access.
|
|
Replace router_user and router_password with a
secure user name and password for router access.
|
|
Replace batch_username and
batch_password with a secure user name and password.
Generate secure keys for each secret and replace them.
|
|
Replace vk with an RSA Public Key.
Replace sk with an RSA Private Key.
|
|
Replace fakepassword with an admin password. |