Controller 설치 가이드(AWS)

1. 개요

1.1. 문서 목적

본 문서(설치가이드)는, 현 시점에서 지원되는 IaaS(Infrastructure as aService) 중 하나인 AWS 환경에서 Open PaaS Controller를 설치하기 위한 가이드를 제공하는데 그 목적이 있다.

1.2. 범위

본 문서의 범위는 Open PaaS Controller를 AWS에 설치하는 내용으로 한정되어 있다. vSphere/OpenStack과 같은 다른 IaaS 환경에서의 설치는 그에 맞는 가이드 문서를 참고해야 하며, Bosh 설치 또한 해당 가이드 문서를 별도로 참조해야 한다.

1.3. 참고자료

2. Prerequisites

2.1. 개요

Open PaaS Controller를 설치하기 전에 IaaS(AWS) 환경이 정상적으로 구성되어 있고, Bosh Server와 Bosh/OP CLI가 설치되어 있는지를 확인해야 한다.

2.2. AWS

2.2.1. Dashboard(Console)

[그림출처]: Open PaaS 사업단 개발환경
AWS Dashboard(Console)으로 정상 접속되어야 하고, Open PaaS Controller가 설치될 Subnet이 구성되어 있어야 한다. 별도 Subnet 은 필수적인 구성은 아니나, 관리의 용이성을 위해서 사용하는 것을 권장한다.

2.2.2. Security Group

SSH, HTTP, HTTPS, DNS Protocol을 받을 수 있고, 모든 통신 Protocol을 엑세스 할 수 있도록 Security Group을 설정한다.(주의: 내부 네트워크 구간에서는 모든 Procotol이 사용 가능하도록 구성해야 한다.)
PaaS-TA v2.0 이상의 버전에서는 다음을 참조하여 시큐리티 그룹을 설정한다. https://docs.cloudfoundry.org/deploying/openstack/security_group.html

2.3. Bosh Server 및 Bosh CLI

[그림출처]: Open PaaS 사업단 개발환경
“bosh status” 명령을 실행하여 위와 같이 정상적으로 출력되는 지를 확인한다. 만약 문제 발생 시에는 Bosh 설치가이드를 참조하여 정상적으로 Bosh 환경을 구성한 후 이후 작업을 진행한다.

2.4. DNS Server

Open PaaS Controller는 독자적인 Zone을 DNS에 등록해야 한다. 사용 가능한 DNS Server가 존재하지 않는다면, VM 등에 별도로 구축하여야 한다. 예를 들어 Linux의 경우에는 bind9 Package를 설치하고 아래와 같이 Platform Zone을 등록한다.
/etc/bind/named.conf.local
1
zone "controller.open-paas.com" {
2
type master;
3
file "/etc/bind/db.controller.open-paas.com";
4
};
Copied!
/etc/resolv.conf 파일 수정
1
nameserver 10.0.0.6
2
nameserver 8.8.8.8
Copied!
/etc/bind/db.controller.open-paas.com
1
;
2
; BIND data file for local loopback interface
3
;
4
$TTL 604800
5
@ IN SOA ns.controller.open-paas.com. root.controller.open-paas.com. (
6
2 ; Serial
7
604800 ; Refresh
8
86400 ; Retry
9
2419200 ; Expire
10
604800 ) ; Negative Cache TTL
11
;
12
@ IN NS ns.controller.open-paas.com.
13
* IN A 10.0.16.13 # HA Proxy VM IP 주소
14
@ IN AAAA ::1
Copied!
NSLOOKUP 등으로 DNS Server에 Platform Domain이 정상 등록 되었는지 확인한다.

2.5. OP CLI

Open PaaS 설치 패키지 내에 포함되어 있는 OP CLI 압축 파일을 풀고 명령어 Path Folder에 실행 파일을 복사한다.
sudo tar -xvzf$INSTALL_PACKAGE/OpenPaaS-Dev-Tools/op-CLI/cf-linux-amd64.tgz
sudo cp cf /usr/bin
“cf” 명령어를 입력하면 아래와 같은 Help 화면이 출력됨을 확인한다.

3. Open PaaS Controller 설치

3.1 Release Upload

하단 링크로 접속하여 OpenPaaS Controller 릴리즈 파일인 openpaas-controller-1.0.tgz를 다운로드 한다.
다음의 명령어를 이용하여 릴리즈 파일을 bosh에 업로드한다.
bosh upload release $INSTALL_PACKAGE/OpenPaaS-Controller/openpaas-controller-1.0.tgz
Release Upload는 상황에 따라 다소 차이는 있으나 보통 20-30분 정도 소요가 되며, 정상 Upload가 되면 아래의 그림과 같은 메시지가 출력된다.
[주의] Release Upload 과정에서 작업장비의 “/tmp” 폴더의 사이즈가 작을 경우 압축파일을 풀거나 묶을 때 에러가 발생할 수 있으므로, 10GB 이상 Free Size가 있는지를 확인해야 한다.
Bosh Sever에 Release가 정상적으로 Upload 되었는지는 “bosh releases” 명령으로 확인한다.
bosh releases

3.2 Stemcell Upload

하단의 링크로 접속하여 AWS용 OpenPaaS-Stemcell인 bosh-stemcell-3147-aws-xen-ubuntu-trusty-go_agent.tgz 파일을 다운로드 한다.
다음의 명령어를 사용하여 Stemcell을 bosh에 업로드 한다.
bosh upload stemcell$INSALL_PACKAGE/OpenPaaS-Stemcells/bosh-stemcell-3147-aws-xen-ubuntu-trusty-go_agent.tgz
Stemcell Upload는 상황에 따라 다소 차이는 있으나 보통 5-10분 정도 소요가 되며, 정상 Upload가 되면 아래의 그림과 같은 메시지가 출력된다.
[주의] Stemcell Upload 과정에서 작업장비의 “/tmp” 폴더의 사이즈가 작을 경우 압축파일을 풀거나 묶을 때 에러가 발생할 수 있으므로, 10GB 이상 Free Size가 있는지를 확인해야 한다.
Bosh Sever에 Stemcell이 정상적으로 Upload 되었는지는 “bosh stemcells” 명령으로 확인한다.
bosh stemcells

3.3. Deployment Manifest

하단의 링크로 접속하여 AWS용 Controller Deployment인 openpaas-controller-aws-1.0.yml 파일을 다운로드 한다.
하단의 예시(3.3.1 ~ 3.3.7)를 참조하여 사용자의 설치환경에 적합하게 수정한다.

3.3.1. Name & Release

1
name: openpaas-controller # Deployment Name
2
director_uuid: 3d139c62-6669-4804-adb0-990b16446c37
3
releases: # BoshRelease Name
4
- name: openpaas-controller
5
version: latest # BoshRelease Version
Copied!
Deployment Name은 설치자가 임의로 부여하는데, IaaS와 Version을 표시할 것을 권장한다. Bosh Director UUID는 “bosh status” 명령을 실행하면 출력되는 UUID 값을 넣고, Release Name과 Version은 “bosh releases” 명령의 결과로 나오는 값들을 입력하도록 한다.

3.3.2. Networks

1
networks:
2
- name: op_network # Open PaaS Controller가 설치될 Network Name
3
subnets:
4
- cloud_properties:
5
subnet: subnet-71ff185b # AWS Subnet ID
6
security_groups:
7
- cf-security
8
- bosh-security
9
dns:
10
- 10.0.0.6 # DNS Server
11
- 8.8.8.8
12
gateway: 10.0.16.1 # Gateway IP Address
13
range: 10.0.16.0/24 # Network CIDR
14
reserved:
15
- 10.0.16.2 - 10.0.16.9
16
static:
17
- 10.0.16.10 - 10.0.16.40 # VM에 할당될 Static IP 주소 대역
18
type: manual
19
- name: op_public_network
20
type: vip
21
cloud_properties: {}
Copied!
Network Name은 설치자가 임의로 부여 가능하다. Neutron Subnet ID, Gateway, DNS Server, Network CIDR은 AWS 구성을 직접 확인하거나 인프라 담당자에게 문의하여 정보를 얻도록 한다. Static IP 주소는 Open PaaS Controller를 설치할 때 개별 VM에 할당될 IP의 주소 대역으로 마찬가지로 인프라 담당자에게 할당을 받아야 한다.

3.3.3. Compilation

1
compilation:
2
cloud_properties: # Compile용 VM의 사양
3
instance_type: m1.medium
4
network: op_network # Network Name
5
reuse_compilation_vms: true
6
workers: 6 # 동시 동작하는 VM 수
Copied!
Network Name은 3.3.2 Networks에서 정의한 것과 동일한 이름을 줘야 한다. Workers는 동시에 Compile을 수행하는 VM의 개수로 별다른 환경적 특성이 없다면 Default 값을 사용토록 한다.

3.3.4. Resource Pools

1
resource_pools: # Resource Name
2
- cloud_properties:
3
instance_type: m1.small
4
env: $6$mwZOg/kA$r64mds4/xoqhW2tR8ck7oxmhqGiCBsDS5SWW/j8vgahvpdHkKJrb25/Wc2..CT3ja02qLgh0JB60RTP2ndjAh0
5
bosh:
6
password: $6$4gDD3aV0rdqlrKC$2axHCxGKIObs6tAmMTqYCspcdvQXh3JJcvWOY2WGb4SrdXtnCyNaWlrf3WEqvYR2MYizEGp3kMmbpwBC6jsHt0
7
name: small
8
network: op_network # Network Name
9
stemcell:
10
name: bosh-aws-xen-ubuntu-trusty-go_agent # Stemcell Name
11
version: 3147 # Stemcell Version
12
13
- cloud_properties:
14
instance_type: m1.small
15
env: $6$mwZOg/kA$r64mds4/xoqhW2tR8ck7oxmhqGiCBsDS5SWW/j8vgahvpdHkKJrb25/Wc2..CT3ja02qLgh0JB60RTP2ndjAh0
16
bosh:
17
password: $6$4gDD3aV0rdqlrKC$2axHCxGKIObs6tAmMTqYCspcdvQXh3JJcvWOY2WGb4SrdXtnCyNaWlrf3WEqvYR2MYizEGp3kMmbpwBC6jsHt0
18
name: medium
19
network: op_network
20
stemcell:
21
name: bosh-aws-xen-ubuntu-trusty-go_agent
22
version: 3147
23
24
- cloud_properties:
25
#instance_type: t2.large
26
instance_type: m1.small
27
env: $6$mwZOg/kA$r64mds4/xoqhW2tR8ck7oxmhqGiCBsDS5SWW/j8vgahvpdHkKJrb25/Wc2..CT3ja02qLgh0JB60RTP2ndjAh0
28
bosh:
29
password: $6$4gDD3aV0rdqlrKC$2axHCxGKIObs6tAmMTqYCspcdvQXh3JJcvWOY2WGb4SrdXtnCyNaWlrf3WEqvYR2MYizEGp3kMmbpwBC6jsHt0
30
name: large
31
network: op_network
32
stemcell:
33
name: bosh-aws-xen-ubuntu-trusty-go_agent
34
version: 3147
35
36
- cloud_properties:
37
instance_type: m1.medium
38
env: $6$mwZOg/kA$r64mds4/xoqhW2tR8ck7oxmhqGiCBsDS5SWW/j8vgahvpdHkKJrb25/Wc2..CT3ja02qLgh0JB60RTP2ndjAh0
39
bosh:
40
password: $6$4gDD3aV0rdqlrKC$2axHCxGKIObs6tAmMTqYCspcdvQXh3JJcvWOY2WGb4SrdXtnCyNaWlrf3WEqvYR2MYizEGp3kMmbpwBC6jsHt0
41
name: runner
42
network: op_network
43
stemcell:
44
name: bosh-aws-xen-ubuntu-trusty-go_agent
45
version: 3147
46
47
- cloud_properties:
48
instance_type: m1.small
49
env: $6$mwZOg/kA$r64mds4/xoqhW2tR8ck7oxmhqGiCBsDS5SWW/j8vgahvpdHkKJrb25/Wc2..CT3ja02qLgh0JB60RTP2ndjAh0
50
bosh:
51
password: $6$4gDD3aV0rdqlrKC$2axHCxGKIObs6tAmMTqYCspcdvQXh3JJcvWOY2WGb4SrdXtnCyNaWlrf3WEqvYR2MYizEGp3kMmbpwBC6jsHt0
52
name: router
53
network: op_network
54
stemcell:
55
name: bosh-aws-xen-ubuntu-trusty-go_agent
56
version: 3147
Copied!
Stemcell Name과 Version은 “bosh stemcells” 명령어 결과로 출력되는 값들을 입력하도록 한다.

3.3.5 Update

1
update:
2
canaries: 1
3
canary_watch_time: 30000-600000
4
max_in_flight: 1
5
serial: true # VM의 순차적 Update
6
update_watch_time: 5000-600000
Copied!
Default 값들을 수정 없이 사용한다.

3.3.6. Jobs

아래 Sample Jobs를 참고하여 설치 환경에 맞게 수정한다.
1
jobs:
2
- instances: 1 # VM Instance 개수
3
name: consul
4
networks:
5
- name: op_network # VM이 설치될 Network
6
static_ips:
7
- 10.0.16.16 # Consul에 할당된 IP 주소
8
persistent_disk: 1024
9
properties:
10
consul:
11
agent:
12
mode: server
13
metron_agent:
14
zone: z1
15
deployment: openpaas-controller
16
resource_pool: medium
17
templates:
18
- name: consul_agent
19
release: openpaas-controller
20
- name: metron_agent
21
release: openpaas-controller
22
update:
23
max_in_flight: 1
24
serial: true
25
- name: ha_proxy
26
instances: 1
27
networks:
28
- name: op_network
29
default: [dns, gateway]
30
static_ips: 10.0.16.13 # HAProxy IP 주소
31
- name: op_public_network
32
static_ips: 52.71.64.39
33
properties:
34
ha_proxy:
35
# SSL Key
36
ssl_pem: |
37
-----BEGIN CERTIFICATE-----
38
MIICzTCCAjYCCQC4Lzsbx+krOjANBgkqhkiG9w0BAQsFADCBqjELMAkGA1UEBhMC
39
S1IxDjAMBgNVBAgMBVNlb3VsMQ8wDQYDVQQHDAZKb25nUm8xEjAQBgNVBAoMCW9w
40
ZW4tcGFhczESMBAGA1UECwwJb3Blbi1wYWFzMSMwIQYDVQQDDBoqLmNvbnRyb2xs
41
ZXIub3Blbi1wYWFzLmNvbTEtMCsGCSqGSIb3DQEJARYeYWRtaW5AY29udHJvbGxl
42
ci5vcGVuLXBhYXMuY29tMB4XDTE1MTIxODAyMzgyNVoXDTE2MDExNzAyMzgyNVow
43
gaoxCzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTZW91bDEPMA0GA1UEBwwGSm9uZ1Jv
44
MRIwEAYDVQQKDAlvcGVuLXBhYXMxEjAQBgNVBAsMCW9wZW4tcGFhczEjMCEGA1UE
45
AwwaKi5jb250cm9sbGVyLm9wZW4tcGFhcy5jb20xLTArBgkqhkiG9w0BCQEWHmFk
46
bWluQGNvbnRyb2xsZXIub3Blbi1wYWFzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
47
jQAwgYkCgYEAs3yC/6FzVq2WSoZUWAYCwPrAOJ3VpN7JMpJ3fulim6MIzzXjhIeq
48
Zl2E10uM9mD0WKWUwTmZcp/a3s+EQZYydgQEY0uQQ1ol/rqnev89PRGu0eAOBKZx
49
/GEYxIkDRDHNNcfGo1lj2Of2sTEFR1FvTPy6X784qqW7afqIpo/86yMCAwEAATAN
50
BgkqhkiG9w0BAQsFAAOBgQAKU8paqctRObRoI+e2I4G7FPev6GVm3otYi/SEs17q
51
LmvMD63QPXEI7r+49FZzaXQtZKALb2NoMJKPO0mhzMJE5GR16f+E8ct1pA6L11t/
52
fqce0/oPC+LcX0D36/J1Bw+PL/qJq5NeCOY1ba6JcBPBtckVfwu8Vm+pm+DKGX3i
53
hw==
54
-----END CERTIFICATE-----
55
-----BEGIN RSA PRIVATE KEY-----
56
MIICXAIBAAKBgQCzfIL/oXNWrZZKhlRYBgLA+sA4ndWk3skyknd+6WKbowjPNeOE
57
h6pmXYTXS4z2YPRYpZTBOZlyn9rez4RBljJ2BARjS5BDWiX+uqd6/z09Ea7R4A4E
58
pnH8YRjEiQNEMc01x8ajWWPY5/axMQVHUW9M/Lpfvziqpbtp+oimj/zrIwIDAQAB
59
AoGAfHDxakcH7qq/rr/frn/MXPv9VcOoonyMRnHiQ62QXpP0waV9Lx/YdsyUE6kf
60
/JpQDz4OGsHSr/RBDYYXDloSdTKx0bBp6xL22SNf0fAkk14biXNc3olc2r5lccPz
61
fbKGEDHAGwcOTNb2zFYCWrn0IDuMjHsX+TejLA0mwOhcxgECQQDiyZfw9cuumDGg
62
rgMqxlX3DxIeOl/XHo0vOobijLnuG7CP7SS/Em38AEu+kTDUItm9SeRYzB2oDWto
63
B1+WSWejAkEAypslTk0Db0gBh9sJbN+4rPJNORvq/2BkXtDGR4WvuDIYvb8q+cYf
64
Og1upgjyVBBYV2b4udbXS4R8B42xwcSmgQJAbHtMD/ozbRfmHVs/rpVjB6QQ4Z7A
65
u5EkrePMI9B3G/vo0F/6hN+W9sVZdhXTipYFG7Od5A/3W6zXpNJqGeSRCwJAK/0V
66
U3PLHB0hH/MBj97fBMWy2IRkOEAgaqmfcyXmafKOhpv747ENVJhX/rqQionl9EwK
67
Eqc/pUjFeQpdnrlogQJBAMrDC4bQZ5igTPEXddDA8VN6qRLFDHFlTo2ulVyQ413Y
68
HmFUIf4BNcRKD3GO24x63L8xK0ArzW4iLlrkwW8A2IE=
69
-----END RSA PRIVATE KEY-----
70
metron_agent:
71
zone: z1
72
deployment: openpaas-controller
73
networks:
74
apps: op_network
75
router:
76
servers:
77
z1:
78
- 10.0.16.15 # Router IP 주소
79
resource_pool: router
80
templates:
81
- name: haproxy
82
release: openpaas-controller
83
- name: metron_agent
84
release: openpaas-controller
85
- name: consul_agent
86
release: openpaas-controller
87
update: {}
88
- instances: 1
89
name: nats
90
networks:
91
- name: op_network
92
static_ips: 10.0.16.11 # NATS IP 주소
93
properties:
94
metron_agent:
95
zone: z1
96
deployment: openpaas-controller
97
networks:
98
apps: op_network
99
resource_pool: medium
100
templates:
101
- name: nats
102
release: openpaas-controller
103
- name: nats_stream_forwarder
104
release: openpaas-controller
105
- name: metron_agent
106
release: openpaas-controller
107
update: {}
108
- instances: 1
109
name: etcd
110
networks:
111
- name: op_network
112
static_ips:
113
- 10.0.16.24 # ETCD IP 주소
114
persistent_disk: 10024
115
properties:
116
metron_agent:
117
zone: z1
118
deployment: openpaas-controller
119
networks:
120
apps: op_network
121
resource_pool: medium
122
templates:
123
- name: etcd
124
release: openpaas-controller
125
- name: etcd_metrics_server
126
release: openpaas-controller
127
- name: metron_agent
128
release: openpaas-controller
129
update:
130
max_in_flight: 1
131
132
- instances: 1
133
name: stats
134
networks:
135
- name: op_network
136
static_ips:
137
- 10.0.16.31 # Stats(Collector) IP 주소
138
properties:
139
metron_agent:
140
zone: z1
141
deployment: openpaas-controller
142
networks:
143
apps: op_network
144
resource_pool: small
145
templates:
146
- name: collector
147
release: openpaas-controller
148
- name: metron_agent
149
release: openpaas-controller
150
update: {}
151
152
- instances: 1
153
name: nfs
154
networks:
155
- name: op_network
156
static_ips: 10.0.16.12 # NFS Server IP 주소
157
persistent_disk: 102400
158
properties:
159
metron_agent:
160
zone: z1
161
deployment: openpaas-controller
162
networks:
163
apps: op_network
164
resource_pool: medium
165
templates:
166
- name: debian_nfs_server
167
release: openpaas-controller
168
- name: metron_agent
169
release: openpaas-controller
170
update: {}
171
172
- instances: 1
173
name: postgres
174
networks:
175
- name: op_network
176
static_ips: 10.0.16.22 # DB Server(PostgreSQL) IP 주소
177
persistent_disk: 4096
178
properties:
179
metron_agent:
180
zone: z1
181
deployment: openpaas-controller
182
networks:
183
apps: op_network
184
resource_pool: medium
185
templates:
186
- name: postgres
187
release: openpaas-controller
188
- name: metron_agent
189
release: openpaas-controller
190
update: {}
191
192
- instances: 1
193
name: uaa
194
networks:
195
- name: op_network
196
static_ips: 10.0.16.32 # UAA IP 주소
197
properties:
198
consul:
199
agent:
200
services:
201
uaa: {}
202
metron_agent:
203
zone: z1
204
deployment: openpaas-controller
205
networks:
206
apps: op_network
207
route_registrar:
208
routes:
209
- name: uaa
210
port: 8080
211
tags:
212
component: uaa
213
uris:
214
- uaa.controller.open-paas.com
215
- '*.uaa.controller.open-paas.com'
216
- login.controller.open-paas.com
217
- '*.login.controller.open-paas.com'
218
uaa:
219
proxy:
220
servers:
221
- 10.0.16.15
222
resource_pool: medium
223
templates:
224
- name: uaa
225
release: openpaas-controller
226
- name: metron_agent
227
release: openpaas-controller
228
- name: consul_agent
229
release: openpaas-controller
230
- name: route_registrar
231
release: openpaas-controller
232
- name: statsd-injector
233
release: openpaas-controller
234
update: {}
235
236
- instances: 1
237
name: api
238
networks:
239
- name: op_network
240
static_ips: 10.0.16.33 # Cloud Controller IP 주소
241
persistent_disk: 8192
242
properties:
243
consul:
244
agent:
245
services:
246
cloud_controller_ng: {}
247
routing-api: {}
248
metron_agent:
249
zone: z1
250
deployment: openpaas-controller
251
networks:
252
apps: op_network
253
nfs_server:
254
address: 10.0.16.12 # NFS Server IP 주소
255
allow_from_entries:
256
- 10.0.16.0/24 # 허용 Network CIDR 값
257
share: null
258
route_registrar:
259
routes:
260
- name: api
261
port: 9022
262
tags:
263
component: CloudController
264
uris:
265
- api.controller.open-paas.com
266
resource_pool: large
267
templates:
268
- name: cloud_controller_ng
269
release: openpaas-controller
270
- name: cloud_controller_clock
271
release: openpaas-controller
272
- name: cloud_controller_worker
273
- name: routing-api
274
release: openpaas-controller
275
- name: metron_agent
276
release: openpaas-controller
277
- name: statsd-injector
278
release: openpaas-controller
279
- name: consul_agent
280
release: openpaas-controller
281
- name: nfs_mounter
282
release: openpaas-controller
283
- name: route_registrar
284
release: openpaas-controller
285
update: {}
286
287
- instances: 1
288
name: clock_global
289
networks:
290
- name: op_network
291
static_ips: 10.0.16.34 # Cloud Controller Clock IP 주소
292
persistent_disk: 4096
293
properties:
294
metron_agent:
295
zone: z1
296
deployment: openpaas-controller
297
networks:
298
apps: op_network
299
resource_pool: medium
300
templates:
301
- name: cloud_controller_clock
302
release: openpaas-controller
303
- name: metron_agent
304
release: openpaas-controller
305
update: {}
306
307
- instances: 1
308
name: api_worker
309
networks:
310
- name: op_network
311
static_ips: 10.0.16.35 # CC Worker IP 주소
312
persistent_disk: 0
313
properties:
314
metron_agent:
315
zone: z1
316
deployment: openpaas-controller
317
networks:
318
apps: op_network
319
nfs_server:
320
address: 10.0.16.12 # NFS Server IP 주소
321
allow_from_entries:
322
- 10.0.16.0/24 # 허용 Network CIDR 값
323
share: null
324
resource_pool: small
325
templates:
326
- name: cloud_controller_worker
327
release: openpaas-controller
328
- name: metron_agent
329
release: openpaas-controller
330
- name: consul_agent
331
release: openpaas-controller
332
- name: nfs_mounter
333
release: openpaas-controller
334
update: {}
335
336
- instances: 0
337
name: hm9000
338
networks:
339
- name: op_network
340
#static_ips: 10.0.16.36
341
properties:
342
metron_agent:
343
zone: z1
344
deployment: openpaas-controller
345
networks:
346
apps: op_network
347
route_registrar:
348
routes:
349
- name: hm9000
350
port: 5155
351
tags:
352
component: HM9K
353
uris:
354
- hm9000.controller.open-paas.com
355
resource_pool: medium
356
templates:
357
- name: hm9000
358
release: openpaas-controller
359
- name: metron_agent
360
release: openpaas-controller
361
- name: route_registrar
362
release: openpaas-controller
363
update: {}
364
365
- instances: 0
366
name: runner
367
networks:
368
- name: op_network
369
properties:
370
dea_next:
371
zone: z1
372
metron_agent:
373
zone: z1
374
deployment: openpaas-controller
375
networks:
376
apps: op_network
377
resource_pool: runner
378
templates:
379
- name: dea_next
380
release: openpaas-controller
381
- name: dea_logging_agent
382
release: openpaas-controller
383
- name: metron_agent
384
release: openpaas-controller
385
update:
386
max_in_flight: 1
387
388
- instances: 0
389
name: loggregator
390
networks:
391
- name: op_network
392
properties:
393
doppler:
394
zone: z1
395
metron_agent:
396
zone: z1
397
doppler_endpoint:
398
shared_secret: admin
399
resource_pool: medium
400
templates:
401
- name: doppler
402
release: openpaas-controller
403
- name: syslog_drain_binder
404
release: openpaas-controller
405
- name: metron_agent
406
release: openpaas-controller
407
update: {}
408
409
- instances: 1
410
name: doppler
411
networks:
412
- name: op_network
413
static_ips: 10.0.16.38 # Doppler IP 주소
414
properties:
415
doppler:
416
zone: z1
417
metron_agent:
418
zone: z1
419
deployment: openpaas-controller
420
networks:
421
apps: op_network
422
resource_pool: medium
423
templates:
424
- name: doppler
425
release: openpaas-controller
426
- name: syslog_drain_binder
427
release: openpaas-controller
428
- name: metron_agent
429
release: openpaas-controller
430
update: {}
431
432
- instances: 1
433
name: loggregator_trafficcontroller
434
networks:
435
- name: op_network
436
static_ips: 10.0.16.39 # Loggregator Controller IP 주소
437
properties:
438
metron_agent:
439
zone: z1
440
deployment: openpaas-controller
441
networks:
442
apps: op_network
443
route_registrar:
444
routes:
445
- name: doppler
446
port: 8081
447
uris:
448
- doppler.controller.open-paas.com
449
- name: loggregator
450
port: 8080
451
uris:
452
- loggregator.controller.open-paas.com
453
traffic_controller:
454
zone: z1
455
resource_pool: small
456
templates:
457
- name: loggregator_trafficcontroller
458
release: openpaas-controller
459
- name: metron_agent
460
release: openpaas-controller
461
- name: route_registrar
462
release: openpaas-controller
463
update: {}
464
465
- instances: 1
466
name: router
467
networks:
468
- name: op_network
469
static_ips: 10.0.16.15 # Router IP 주소
470
properties:
471
consul:
472
agent:
473
services:
474
gorouter: {}
475
metron_agent:
476
zone: z1
477
deployment: openpaas-controller
478
networks:
479
apps: op_network
480
resource_pool: router
481
templates:
482
- name: gorouter
483
release: openpaas-controller
484
- name: metron_agent
485
release: openpaas-controller
486
- name: consul_agent
487
release: openpaas-controller
488
update: {}
Copied!

3.3.7. Properties

아래 Sample Manifest를 참조하여 설치 환경에 맞게 값을 수정한다.
1
properties:
2
acceptance_tests: null
3
app_domains:
4
- controller.open-paas.com # DNS Server에 등록된 Platform Domain Name
5
app_ssh: # App에 ssh 로 접근하기 위한 정보
6
host_key_fingerprint: 89:d3:73:01:f3:10:c4:a7:87:53:54:31:63:ee:ef:51
7
oauth_client_id: ssh-proxy
8
cc: # 여기서부터 Cloud Controller Properties
9
allow_app_ssh_access: true
10
allowed_cors_domains: []
11
app_events:
12
cutoff_age_in_days: 31
13
app_usage_events:
14
cutoff_age_in_days: 31
15
audit_events:
16
cutoff_age_in_days: 31
17
broker_client_default_async_poll_interval_seconds: null
18
broker_client_max_async_poll_duration_minutes: null
19
broker_client_timeout_seconds: 70
20
buildpacks:
21
buildpack_directory_key: controller.open-paas.com-cc-buildpacks
22
cdn: null
23
fog_connection:
24
local_root: /var/vcap/store
25
provider: Local
26
bulk_api_password: admin # Bulk API Password 설정
27
client_max_body_size: 2048M
28
db_encryption_key: db-encryption-key # DB Encryprion Key 지정
29
db_logging_level: debug2
30
default_app_disk_in_mb: 1024
31
default_app_memory: 1024
32
default_buildpacks:
33
- name: java_buildpack_offline
34
package: buildpack_java_offline
35
- name: egov_buildpack
36
package: buildpack_egov
37
- name: staticfile_buildpack
38
package: buildpack_staticfile
39
- name: java_buildpack
40
package: buildpack_java
41
- name: ruby_buildpack
42
package: buildpack_ruby
43
- name: nodejs_buildpack
44
package: buildpack_nodejs
45
- name: go_buildpack
46
package: buildpack_go
47
- name: python_buildpack
48
package: buildpack_python
49
- name: php_buildpack
50
package: buildpack_php
51
- name: binary_buildpack
52
package: buildpack_binary
53
default_health_check_timeout: 60
54
default_quota_definition: default
55
default_running_security_groups:
56
- public_networks
57
- dns
58
- services
59
default_staging_security_groups:
60
- public_networks
61
- dns
62
default_to_diego_backend: true
63
development_mode: false
64
directories: null
65
disable_custom_buildpacks: false
66
droplets:
67
cdn: null
68
droplet_directory_key: controller.open-paas.com-cc-droplets
69
fog_connection:
70
local_root: /var/vcap/store
71
provider: Local
72
max_staged_droplets_stored: null
73
external_host: api
74
external_port: 9022
75
external_protocol: null
76
install_buildpacks:
77
- name: java_buildpack_offline
78
package: buildpack_java_offline
79
- name: egov_buildpack
80
package: buildpack_egov
81
- name: staticfile_buildpack
82
package: buildpack_staticfile
83
- name: java_buildpack
84
package: buildpack_java
85
- name: ruby_buildpack
86
package: buildpack_ruby
87
- name: nodejs_buildpack
88
package: buildpack_nodejs
89
- name: go_buildpack
90
package: buildpack_go
91
- name: python_buildpack
92
package: buildpack_python
93
- name: php_buildpack
94
package: buildpack_php
95
- name: binary_buildpack
96
package: buildpack_binary
97
internal_api_password: admin # Internal API Password
98
internal_api_user: internal_user
99
jobs:
100
app_bits_packer:
101
timeout_in_seconds: null
102
app_events_cleanup:
103
timeout_in_seconds: null
104
app_usage_events_cleanup:
105
timeout_in_seconds: null
106
blobstore_delete:
107
timeout_in_seconds: null
108
blobstore_upload:
109
timeout_in_seconds: null
110
droplet_deletion:
111
timeout_in_seconds: null
112
droplet_upload:
113
timeout_in_seconds: null
114
generic:
115
number_of_workers: null
116
global:
117
timeout_in_seconds: 14400
118
model_deletion:
119
timeout_in_seconds: null
120
logging_level: debug2
121
maximum_app_disk_in_mb: 2048
122
maximum_health_check_timeout: 180
123
min_cli_version: null
124
min_recommended_cli_version: null
125
newrelic:
126
capture_params: false
127
developer_mode: false
128
environment_name: openpaas-controller
129
license_key: null
130
monitor_mode: false
131
transaction_tracer:
132
enabled: true
133
record_sql: obfuscated
134
packages:
135
app_package_directory_key: controller.open-paas.com-cc-packages
136
cdn: null
137
fog_connection:
138
local_root: /var/vcap/store
139
provider: Local
140
max_package_size: 1073741824
141
max_valid_packages_stored: null
142
quota_definitions: # Application Instance Default Quota 값 지정
143
default:
144
memory_limit: 10240
145
non_basic_services_allowed: true
146
total_routes: 1000
147
total_services: 100
148
resource_pool:
149
cdn: null
150
fog_connection:
151
local_root: /var/vcap/store
152
provider: Local
153
resource_directory_key: controller.open-paas.com-cc-resources
154
security_group_definitions:
155
- name: public_networks
156
rules:
157
- destination: 0.0.0.0-9.255.255.255
158
protocol: all
159
- destination: 11.0.0.0-169.253.255.255
160
protocol: all
161
- destination: 169.255.0.0-172.15.255.255
162
protocol: all
163
- destination: 172.32.0.0-192.167.255.255
164
protocol: all
165
- destination: 192.169.0.0-255.255.255.255
166
protocol: all
167
- name: dns
168
rules:
169
- destination: 0.0.0.0/0
170
ports: "53"
171
protocol: tcp
172
- destination: 0.0.0.0/0
173
ports: "53"
174
protocol: udp
175
- name: services
176
rules:
177
- destination: 10.0.16.0/24
178
protocol: all
179
service_usage_events:
180
cutoff_age_in_days: 31
181
srv_api_uri: https://api.controller.open-paas.com # Platform API Target URL
182
stacks: null
183
staging_upload_password: admin # Staging Upload Password
184
staging_upload_user: staging_upload_user
185
system_buildpacks:
186
- name: java_buildpack_offline
187
package: buildpack_java_offline
188
- name: egov_buildpack
189
package: buildpack_egov
190
- name: staticfile_buildpack
191
package: buildpack_staticfile
192
- name: java_buildpack
193
package: buildpack_java
194
- name: ruby_buildpack
195
package: buildpack_ruby
196
- name: nodejs_buildpack
197
package: buildpack_nodejs
198
- name: go_buildpack
199
package: buildpack_go
200
- name: python_buildpack
201
package: buildpack_python
202
- name: php_buildpack
203
package: buildpack_php
204
- name: binary_buildpack
205
package: buildpack_binary
206
thresholds:
207
api:
208
alert_if_above_mb: null
209
restart_if_above_mb: null
210
restart_if_consistently_above_mb: null
211
worker:
212
alert_if_above_mb: null
213
restart_if_above_mb: null
214
restart_if_consistently_above_mb: null
215
user_buildpacks: []
216
users_can_select_backend: false
217
ccdb:
218
address: 10.0.16.22 # DB Server(PostgreSQL) VM IP 주소
219
databases:
220
- citext: true
221
name: ccdb
222
tag: cc
223
db_scheme: postgres
224
port: 5524
225
roles:
226
- name: ccadmin
227
password: admin # ccadmin 계정 Password
228
tag: admin
229
collector: null
230
consul:
231
agent:
232
log_level: null
233
servers:
234
lan:
235
- 10.0.16.16 # Consul VM IP 주소
236
# Consul agent cert 키 값
237
agent_cert: |
238
-----BEGIN CERTIFICATE-----
239
MIIEIjCCAgygAwIBAgIRANVNoOk6A4WIpnRmprN6Ft4wCwYJKoZIhvcNAQELMBMx
240
ETAPBgNVBAMTCGNvbnN1bENBMB4XDTE1MTIxNjA3MjcyN1oXDTE3MTIxNjA3Mjcy
241
OFowFzEVMBMGA1UEAxMMY29uc3VsIGFnZW50MIIBIjANBgkqhkiG9w0BAQEFAAOC
242
AQ8AMIIBCgKCAQEAvJSw9vW2VCtTbMQ02SQ9H+XpJOA6Pm5B/qsWFFc7YePp2FRg
243
CUFO48/SOhKJ99GxdC2io91jmicTMUyHpHjbreohpRlxBpXxlKevPQHY8jVZ1MQ2
244
IRGX4V1bi/cpe0rttEeWEy315xjPDdsEevgyUwJ5/gEYzr0PneAzrDkmnXMGZaAv
245
/EEM/5cj34HVFrkv3WQ/cY2zOOqzs0wsR02SWgt2H6ne4qukOIDgL4QV3/PjDSiE
246
zW7Yta+yxNikwm85BhyGCaucQncOXlNTjJ/a2XDK2FYDzSLm2nNFKLiGqPz6VPgD
247
VpH5G/3/875EoJqDQwaEvLzo2TNU5RIyewmfRwIDAQABo3EwbzAOBgNVHQ8BAf8E
248
BAMCALgwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQr
249
M995lPKvjs4giWC2lz+UksWGoTAfBgNVHSMEGDAWgBRoGRUwOPPgLrI5WCtaB3uj
250
sdjkMDALBgkqhkiG9w0BAQsDggIBACmcL4wkwYU1pjp1/fFuesP4xOvxmrs7VKFY
251
8eT7IIGv7bk4PMH8xR6y57IAq8VQP4iIe91jlyz5APqP86EhnDHemYimaR4V02R5
252
BD5PzN0bDdqpGGAB4oU6OJD5XObEj4yC+0Miy3Mdz5sSmZZ1Tn0o710L4Y+ncjwD
253
vEG3wFkCfe/SU8Fd5vVfM1d6CzFDo+szrcoXR56bGrDKAocH641Z4ofCSDs2pCri
254
BvJ/OWbekktvqvsA2BX6d78k9FX3RIQZzGUciQtIyiWoJMFT7Gf5D+yK1m8F/Ad8
255
ROWL1APXFb/IOjL6K+7E1YIhOpthOYZRtWBp9idhY3/Bzac/cYthOG/mu4YzDf4R
256
eX25OO7C2G818xzVk9zxKKnlWJkpRWa1uYLTb/trW6GT/hFaA0BTX0hVzgdnYs/l
257
NnhVlPk3wTXWhTBzuvWPVEIyblzt7GszMiYrX9Un1meQxDyVs89dLANAr1tocAo9
258
eC98fNpO55RS/mCCzmwtuGO6FL7kGz91BtJRzx+LD9tMyZWWAmjUzR8Ak6iwrHoX
259
wyLWcXomI2INoGkaj2/j/KywyDq6zOhb5nA98nQOIZb4FkHgX5H6jajN4DfurZp1
260
mq6LVQrV5B7yxf4ul3MfOq/HV2eMzyH6uiKXIuwrFU7poUyn4EdXfUHB5Imjlx46
261
ZGkvJ5oM
262
-----END CERTIFICATE-----
263
# Consul agent 키 값
264
agent_key: |
265
-----BEGIN RSA PRIVATE KEY-----
266
MIIEpQIBAAKCAQEAvJSw9vW2VCtTbMQ02SQ9H+XpJOA6Pm5B/qsWFFc7YePp2FRg
267
CUFO48/SOhKJ99GxdC2io91jmicTMUyHpHjbreohpRlxBpXxlKevPQHY8jVZ1MQ2
268
IRGX4V1bi/cpe0rttEeWEy315xjPDdsEevgyUwJ5/gEYzr0PneAzrDkmnXMGZaAv
269
/EEM/5cj34HVFrkv3WQ/cY2zOOqzs0wsR02SWgt2H6ne4qukOIDgL4QV3/PjDSiE
270
zW7Yta+yxNikwm85BhyGCaucQncOXlNTjJ/a2XDK2FYDzSLm2nNFKLiGqPz6VPgD
271
VpH5G/3/875EoJqDQwaEvLzo2TNU5RIyewmfRwIDAQABAoIBAQCM1/TPjbZuaKl3
272
G5do8eLhFwKo8vstM4YAoWDtMjV8qA837dSINQmppcaabswylZ+WaJsHDctdD4AL
273
GuBX25ge7TXRrA25YHW8k/yScPXJ+ESuXxkaW5x2yhYclC2cEts0AR86FeKJhgLm
274
k0RmX0aersPUDJetmJC4VgHhyBFqF301o2BpLQn8nDC5awSqoY6poThELQYkX0s5
275
2mNS1GunESaVtpo/qwbb2sdAhVv1M6HKNkcWBE6DOVMR+QwxoIMVj0mosEJT6jsd
276
NhZE3aRP49Gv82m6aWAuVtEAiZbIsF/xdsw4pRG2BXwwbiAtjUVMK1nmt2BUjXmK
277
ppZbE9ehAoGBAOMn83e3o4IdPhj6Cqs8PPJGOCHRt5hcq66Pkfk2U3fJCONO3ROO
278
GkMY6HMrqvTcUpBeHMm1EZjmvKfvK6wjiVs1KNJXFZvrbOF3KMkqFkxev+38zb7L
279
VF94OPhgvKDLx9KRiMo9m2013npNx9iimXlGQ0pdi6zil87LbfacL7yXAoGBANSG
280
y1eQoMTHS+xxeP5chBxErYaaD40bCCRqQgUuXHxMteltdSR2ChVMIHTHvXgtR6xO
281
8l5I4IXucjjmdr0pLecdc40+5UDvxy1UXYgwQVJzOLZ4L2U1wdu7VXFOgr6/Ehl9
282
vn4ncEgRlFNpxbyIbZIReHkgxjhOzJ0N+50ogZjRAoGAUs+5vqdAAKtQfCKLySlI
283
vrpCtHGUEQOXwyer+8KGY2Dy0ItrpTlk8ZkfBP2icWnw35ivvgk4xRk5Ja/XqAW8
284
iXezzhrZUeJd60RZphylzGmuZsCG8UuHEtbtTf9WRPiFfIp55+DVzNaaqNO6S4vb
285
j47B8VZxGTHyTf1ztTfzXzkCgYEAsO4HGz8smKXSb2WIdTpQQbhrPkPD7pUykh5k
286
GCwgktrKFyso+tHKUzCtVIt1ETehE7Il1JiXUujP7s7uy0wdCutZ550U/pqgFvzF
287
YTvLJfkGneIwkvHOEkBDQbE659HqH46vqBbtQxJfiZHlLK/niFNDGJRQcVAoyBd8
288
AbpXKgECgYEApqgxW3C7CJStKRdvMQeg50PS5oyXSglU8JoACEYDOUoWQZTDUqci
289
CYFJNfdEv/K3AmZH/0hSVuYXhzvdotpWhHvdtmH/YT1bkeoYF5NULyB4VyKOnpyR
290
MS/cy+MIiSuLeKK8dNRy62t5Ugo+mgaxuNt3nTlGW0pIathZ9BZJ4Kc=
291
-----END RSA PRIVATE KEY-----
292
# Consul ca cert 키 값
293
ca_cert: |
294
-----BEGIN CERTIFICATE-----
295
MIIFAzCCAu2gAwIBAgIBATALBgkqhkiG9w0BAQswEzERMA8GA1UEAxMIY29uc3Vs
296
Q0EwHhcNMTUxMjE2MDcyNzA2WhcNMjUxMjE2MDcyNzI1WjATMREwDwYDVQQDEwhj
297
b25zdWxDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKqk/0Lg6fvy
298
PMHs/W1yj9lLxdsbJs7GFdoGOLi99DD3zJxN/t2pskagHYqgdSddGqM/ZVIZ+eB/
299
tvzUcFczvjG36o+5Bsca31Ez/pCS+1sU88tb5XM5UpGZ0hU2ZB5pdZ08hyKsGqgQ
300
dkRLlcq7pCfRs1AHxwUMG34AyvrKwR/uufIDlHm3ChMx7plykeObK5hw6H/ZZDn5
301
uvF6ROtSPEvVvm6i7DC45D+hJSbsZF5U4PnGr6Ez8TWvlhJDln3bFDpKZN8NUig+
302
nOk05JuxmGjWtpFogtsWfrM5iZzo3Wq9ku8CuYw3F0cZl4L6xycCuzVn2oja/FN8
303
wU+0ND2DIntcUbM+CgCrcua+0l1J5ob4JN3TS98mEvO8MeuXIRXVf9EprbGur0YY
304
2rVVQ+DMIsOmbD7MzewBnjy0mrU9fuiTX29BoBTk0y+CZM5VpTUJXvnQ54sDfHSI
305
Ch1DgvmNgYhPBOkzG8Ecm9oaNXdfl1ZTr0EHycI5aNLeZHOI55SkD2UtFEogmcDc
306
wPitTmpVrBNnCnBkWmiqePausRQBJWDvGRKJqWKQmt/hj7X4PrBGE7inPQEFr63A
307
d9N7gceZPfPPYDUiKRtbXOaEK20jzyg5RDK6RPKuwO6tQPwhNKzwmgeVKI1TCfow
308
OOIGl13s48m7JYul6LRaqpla26Y89siLAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIA
309
BjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBRoGRUwOPPgLrI5WCtaB3uj
310
sdjkMDAfBgNVHSMEGDAWgBRoGRUwOPPgLrI5WCtaB3ujsdjkMDALBgkqhkiG9w0B
311
AQsDggIBAKpQwk1sRYfkq5pvVRwnzqSyrdt3tQ9TrtWi15hzucLGQbaPCoCWKmkB
312
N9VkeOWsP/f/q9ptRUBBB+qT1270fmCXiTYMdJAnLers32gomqQmv7H/eI0d3Mzr
313
1PA8P8W5066hqywsBLd4D0lcrCaC5VkvvUIG6RE3sOh5wW1UZxUR52LPLPqiiS8d
314
oU9NXb8BtxW+juj+VypnwisEMXtV4K7Wf0g+05w8PND3PQbzj665em+cCt7sG9Fd
315
EOvxhmqFQhJKfiFZe/uNORrlZBVX8w0M+OLRi99feH93BLnklpH2QYVw9XDUu6gV
316
zzcAMuOuwd75ngHbW5dRiP6hE8Qn10NQf+K6Hq5gXgnGI7r1yic63JeXYqU9N981
317
9krNGikmRYoEAF5Mbind2u8c4ce7/b6TjvsgX2Ddj3nRuPTbg1+9Vl8v7/kQrPaP
318
3jR+X+OJ4qOZH//lIAy99Ifs2EqQh2EdqJXLH3cddWhUtf7UdsMciyYNotswlZxs
319
CNoRpYD795IrQeAmgx3avhdihCUeZRyy5zZgpufkyLJe0CDvH0XRChTZhOSjptDb
320
3LeZoWKxn2G0f9ZL0SasOyU+uLtGSQLpavW22CVwDPvWrxj5BpG3Ulddgh/ysIwN
321
4PFVkjXsY1Ca5mC7mMu0+XSaALaNlXlJ7GuRmf+CU2sWCQOxGvp+
322
-----END CERTIFICATE-----
323
# Consul encrypt 키 값
324
encrypt_keys:
325
- t66mLrBhJ5kpofLwoJpH5A==
326
require_ssl: true # Consul ssl 접속 여부
327
# Consul server cert 키 값
328
server_cert: |
329
-----BEGIN CERTIFICATE-----
330
MIIEKzCCAhWgAwIBAgIQMkaGpfb7hSNQcutiGf4ERjALBgkqhkiG9w0BAQswEzER
331
MA8GA1UEAxMIY29uc3VsQ0EwHhcNMTUxMjE2MDcyNzI2WhcNMTcxMjE2MDcyNzI3
332
WjAhMR8wHQYDVQQDExZzZXJ2ZXIuZGMxLmNmLmludGVybmFsMIIBIjANBgkqhkiG
333
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZvu3TU4dQeh4veVGti3hhYP/7YCbKI8y7q6
334
Qyz7FCvQJSsD0bUXnG6+U7tNHOTRNdBTnQrmZFeWoXXGscqZLwSRnTlG6q28Bfwc
335
imMbnqM1xz/1TlAXsC4NSw4quvoxW+KlWVNM9/srga5+aWJCXOx4ozF770eb82pe
336
8EAGhAHZ2zx1xZ3x8NdQRsOc77pYdXrNjWcxicQzONZ7+DKrhk3Enw7DWZkkUITv
337
1DtHjD6HN3v847ZLS5hk6c8bn2EHGqzvXHFSLXM1hJrom3lhDiaO6tN0lC2EPwSz
338
ogQ8obPy5VHhST3LgpsondqTlZkAVX8UUsmhn7M+vuXdxuD4iQIDAQABo3EwbzAO
339
BgNVHQ8BAf8EBAMCALgwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0G
340
A1UdDgQWBBTnXp73N5Gb7qFeRa66ESaCYCj5azAfBgNVHSMEGDAWgBRoGRUwOPPg
341
LrI5WCtaB3ujsdjkMDALBgkqhkiG9w0BAQsDggIBAFhuxqoVQ66uk07TwJoet8Jr
342
kNtLDPadOlKPBgnOrER8GpNhxg8cet5tWyKD6vPveuzecGKGoXO1EamLdLSmx73m
343
HD/e0uISZ1s/yCVYzRfsCmaFw2hsFQvlUIp0J3KwEpA71sP6jyN+il9cwfR0v9Z+
344
KhrgCVlYlxk+GpXG1mNx908omLydss81OJRuw/VUCi96htH8naur7JCSYUYNmXTU
345
hAPxF3C/uZULGDs/ktJ6orEjybAn0lLFJSJr7FTb2bhmJcxDXnm1B3KU9ggCA9za
346
oRmi53xFVZBa9arYMvnD97T7zwioJVww8u+VVBAuOaeZggliSZL3SfloJ6u8LhWO
347
MObMsNEgl9/IziNEbC3XcjT6rwcepWb4mNCaoEsm3fKAAwjUv2qHy7FslM2O0GDx
348
wgpCCVuG0sN3zYJYr4zCvP3nnir49jZ1gJ1vKikK+Qk72crPEcsWh7/iuWIb0Ir2
349
h2LbwCUsXo1DDptJiDn7FfEX4WW9OStaI4WCgvlcKMlMwcnZIZ3tN7NlNzon8fAV
350
LR0GHcKqvPmPp49zvjXt4BroQPdUgM3WZPpCNtZDqDc9obfS5ap7FAVQWBaPqOu0
351
aMgvXar2LxBuM7JWCorYzztm5sv4NJSjxjDkkybwOImTxZkpLZb2j58TdXQiE1v+
352
fns7uQ9yHVtyl941hRlf
353
-----END CERTIFICATE-----
354
# Consul server 키 값
355
server_key: |
356
-----BEGIN RSA PRIVATE KEY-----
357
MIIEowIBAAKCAQEAqZvu3TU4dQeh4veVGti3hhYP/7YCbKI8y7q6Qyz7FCvQJSsD
358
0bUXnG6+U7tNHOTRNdBTnQrmZFeWoXXGscqZLwSRnTlG6q28BfwcimMbnqM1xz/1
359
TlAXsC4NSw4quvoxW+KlWVNM9/srga5+aWJCXOx4ozF770eb82pe8EAGhAHZ2zx1
360
xZ3x8NdQRsOc77pYdXrNjWcxicQzONZ7+DKrhk3Enw7DWZkkUITv1DtHjD6HN3v8
361
47ZLS5hk6c8bn2EHGqzvXHFSLXM1hJrom3lhDiaO6tN0lC2EPwSzogQ8obPy5VHh
362
ST3LgpsondqTlZkAVX8UUsmhn7M+vuXdxuD4iQIDAQABAoIBAA+UZ0iijuERJmm2
363
3Fdu+My0UhvnGCnqbTM5n8pz40xjCeegH+WvgM+5zHnchqTUz/LlhAi065zj/s4u
364
B2ZledS70rRigoUkGFVkZyq/F9Zmn5YB5gKfkM16LXZrgrlSKh6Kny2pXTSaOdDb
365
unjrsbTfc+Vpsjy0kzq01quy9eZCLvClKjSNG4zc4P1Yxo6ptvkYq6zTv/+CA5dM
366
AKfzB2NHcEu4lAnWS29ps2gDg4mIDs5tUaC5nE4KRXZHo/o7iHBR3KzyR4mFD/n+
367
a5eyjkQFWLOVqBCfseLri8ESmkFZeZJ32td3mUIxokEVuwBdZ7Zb8KKI7QhweVv2
368
WQzzUEECgYEAxkdvVE/sJAeDHs176QquLhCZJ83YFjgxU+FWO9JJuANm3j0CWEqK
369
Rw6mlparltr8lzJhs/lVEhOmfNEMDw3RcF8TBxj9gsZn12To8yh8PzSz0DpjiDAO
370
Osw7iNWy95PvgqQy11+OizUpS5zaVwjc2YByhec0OxzDAUO9D4SLuP0CgYEA2vvl
371
2BLlVxkbz73s36JbXMtL7UvqakbFmbcdQSu07czGbdFtNxNhphKIVBCH4ny2yBxm
372
qEEpuis/fkVzhD02V81dI63PIhRZuFEXnGWhMeY44VmWCmbaoUdZd9Ozna2AnVVN
373
a5Qw1hWHcmfpcILaFgCb/j2XHqveTZ87pMjdyX0CgYA5cbq8V4dXjOGdC/VJN/Hs
374
oJxunsFq9o67+X3NSQhYiovD+TLzt2zGV2VGHZLK2tjxSQRrauINoanLYZk3x04V
375
W0Yc+U2BFNBC5BZlVCZi/XbW7gOmEh4dRMw+wYLfHXn3hHDCWwnmJNm48VGEg6nQ
376
TdlgF/LW6WdJt4FPvJvqVQKBgFs3YFdwD44HTHltcJT7CTmPCVKQM9YPItJT32C9
377
NwFzMhieivLNJPjLcXQq6p9iObUDd5OQiTQePbV4cpTb9p3+UlTBWq2kcnb/eGlS
378
QCIL9xePfJtamqlhkhgC3CfLFO70kGpGcU1L7H6wYCHYr8VIfbIar688Aj6tHGgY
379
r6H1AoGBAK81Evrf729tMezOMoGQKGfZrP9pkh6Bh5ProZFqK5R9GItXdYU4ATvL
380
1/dmdLjPwDpprC90gfjDnvT+rxBJUQmlklRV4YvutaOO25UJQtnLEA7oBmASYGjh
381
QsflMYJj0ytvop7ReDVV6+p6OymS2SBZrdO2AvwRNy6cVSuPjgLn
382
-----END RSA PRIVATE KEY-----
383
databases:
384
additional_config: null
385
address: 10.0.16.22 # DB Server VM IP 주소
386
collect_statement_statistics: null
387
databases:
388
- citext: true
389
name: ccdb
390
tag: cc
391
- citext: true
392
name: uaadb
393
tag: uaa
394
db_scheme: postgres
395
port: 5524
396
roles:
397
- name: ccadmin
398
password: admin
399
tag: admin
400
- name: uaaadmin
401
password: admin
402
tag: admin
403
dea_next:
404
advertise_interval_in_seconds: 5
405
allow_host_access: null
406
allow_networks: []
407
default_health_check_timeout: 60
408
deny_networks: []
409
directory_server_protocol: https
410
disk_mb: 32768
411
disk_overcommit_factor: 3
412
evacuation_bail_out_time_in_seconds: 0
413
heartbeat_interval_in_seconds: 10
414
instance_bandwidth_limit: null
415
instance_disk_inode_limit: 200000
416
kernel_network_tuning_enabled: false
417
logging_level: debug
418
memory_mb: 8192
419
memory_overcommit_factor: null
420
mtu: null
421
rlimit_core: 0
422
staging_bandwidth_limit: null
423
staging_disk_inode_limit: 200000
424
staging_disk_limit_mb: 6144
425
staging_memory_limit_mb: 1024
426
description: Open PaaS sponsored by OCP Team
427
disk_quota_enabled: false
428
domain: controller.open-paas.com
429
doppler:
430
blacklisted_syslog_ranges: null
431
debug: false
432
enable_tls_transport: null
433
maxRetainedLogMessages: 100
434
port: 4443 # Doppler port 번호
435
tls_server:
436
cert: null
437
key: null
438
port: null
439
unmarshaller_count: 5
440
doppler_endpoint:
441
shared_secret: admin # Doppler Endpoint Password
442
dropsonde:
443
enabled: true
444
etcd:
445
machines:
446
- 10.0.16.24 # etcd VM IP 주소
447
peer_require_ssl: false
448
require_ssl: false
449
etcd_metrics_server:
450
nats:
451
machines:
452
- 10.0.16.11 # NATS Server VM IP 주소
453
password: admin
454
username: nats
455
hm9000:
456
url: https://hm9000.controller.open-paas.com
457
logger_endpoint:
458
port: 443
459
use_ssl: true
460
loggregator:
461
blacklisted_syslog_ranges: null
462
debug: false
463
etcd:
464
machines:
465
- 10.0.16.24
466
maxRetainedLogMessages: 100
467
outgoing_dropsonde_port: 8081
468
tls:
469
ca: null
470
loggregator_endpoint:
471
shared_secret: admin
472
login:
473
analytics:
474
code: null
475
domain: null
476
asset_base_url: null
477
brand: oss
478
catalina_opts: null
479
enabled: true
480
invitations_enabled: null
481
links:
482
passwd: https://console.controller.open-paas.com/password_resets/new
483
signup: https://console.controller.open-paas.com/register
484
logout: null
485
messages: null
486
notifications:
487
url: null
488
protocol: null
489
restricted_ips_regex: null
490
saml: null
491
self_service_links_enabled: null
492
signups_enabled: null
493
smtp:
494
host: null
495
password: null
496
port: null
497
user: null
498
spring_profiles: null
499
tiles: null
500
uaa_base: null
501
url: null
502
metron_agent:
503
deployment: openpaas-controller
504
preferred_protocol: null
505
tls_client:
506
cert: null
507
key: null
508
metron_endpoint:
509
shared_secret: admin
510
nats:
511
address: 10.0.16.11 # NATS Server VM IP 주소
512
debug: false
513
machines:
514
- 10.0.16.11 # NATS Server VM IP 주소
515
monitor_port: 4221
516
password: admin
517
port: 4222
518
prof_port: 0
519
trace: false
520
user: nats
521
nfs_server:
522
address: null
523
allow_from_entries:
524
- 10.0.16.0/24 # NFS Mount 허용 Range 지정
525
share: null
526
request_timeout_in_seconds: 900
527
router:
528
cipher_suites: null
529
debug_addr: null
530
enable_ssl: null
531
extra_headers_to_log: null
532
logrotate: null
533
port: null
534
requested_route_registration_interval_in_seconds: null
535
route_service_timeout: null
536
route_services_secret: admin
537
route_services_secret_decrypt_only: null
538
secure_cookies: null
539
ssl_cert: null
540
ssl_key: null
541
ssl_skip_validation: true
542
status:
543
password: admin
544
port: null
545
user: router
546
smoke_tests: null
547
ssl:
548
skip_cert_verify: true
549
support_address: http://support.cloudfoundry.com
550
syslog_daemon_config: null
551
system_domain: controller.open-paas.com # DNS Server에 등록한 Platform Domain Name
552
system_domain_organization: OCP
553
traffic_controller:
554
outgoing_port: 8080
555
uaa:
556
admin:
557
client_secret: admin # admin 계정 Password
558
authentication:
559
policy:
560
countFailuresWithinSeconds: null
561
lockoutAfterFailures: null
562
lockoutPeriodSeconds: null
563
batch:
564
password: admin
565
username: batchuser
566
catalina_opts: -Xmx768m -XX:MaxPermSize=256m
567
cc:
568
client_secret: admin
569
clients:
570
cc-service-dashboards:
571
authorities: clients.read,clients.write,clients.admin
572
authorized-grant-types: client_credentials
573
scope: openid,cloud_controller_service_permissions.read
574
secret: admin
575
cc_routing:
576
authorities: routing.router_groups.read
577
authorized-grant-types: client_credentials
578
secret: admin
579
cloud_controller_username_lookup:
580
authorities: scim.userids
581
authorized-grant-types: client_credentials
582
secret: admin
583
doppler:
584
authorities: uaa.resource
585
override: true
586
secret: admin
587
gorouter:
588
authorities: clients.read,clients.write,clients.admin,routing.routes.write,routing.routes.read
589
authorized-grant-types: client_credentials,refresh_token
590
scope: openid,cloud_controller_service_permissions.read
591
secret: admin
592
login:
593
authorities: oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write
594
authorized-grant-types: authorization_code,client_credentials,refresh_token
595
override: true
596
redirect-uri: https://login.controller.open-paas.com
597
scope: openid,oauth.approvals
598
secret: admin
599
notifications:
600
authorities: cloud_controller.admin,scim.read
601
authorized-grant-types: client_credentials
602
secret: admin
603
ssh-proxy:
604
authorized-grant-types: authorization_code
605
autoapprove: true
606
override: true
607
redirect-uri: /login
608
scope: openid,cloud_controller.read,cloud_controller.write
609
secret: admin
610
database: null
611
issuer: https://uaa.controller.open-paas.com
612
jwt:
613
signing_key: |
614
-----BEGIN RSA PRIVATE KEY-----
615
MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
616
JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
617
0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
618
AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
619
Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
620
KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
621
duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
622
xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
623
+5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
624
lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
625
jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
626
HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
627
4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
628
-----END RSA PRIVATE KEY-----
629
verification_key: |
630
-----BEGIN PUBLIC KEY-----
631
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
632
KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
633
qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
634
spULZVNRxq7veq/fzwIDAQAB
635
-----END PUBLIC KEY-----
636
637
ldap: null
638
login: null
639
newrelic: null
640
no_ssl: null
641
port: 8080
642
require_https: null
643
restricted_ips_regex: 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
644
scim:
645
external_groups: null
646
groups: null
647
userids_enabled: true
648
users:
649
- admin|admin|scim.write,scim.read,openid,cloud_controller.admin,clients.read,clients.write,doppler.firehose,routing.router_groups.read
650
spring_profiles: null
651
url: https://uaa.controller.open-paas.com
652
user: null
653
zones: null
654
uaadb:
655
address: 10.0.16.22 # DB Server VM IP 주소
656
databases:
657
- citext: true
658
name: uaadb
659
tag: uaa
660
db_scheme: postgresql
661
port: 5524
662
roles:
663
- name: uaaadmin
664
password: admin
665
tag: admin
Copied!

3.4. Bosh Deploy

지금까지 설치를 위한 준비 과정이 정상적으로 수행되었으면, 지금부터 Open PaaS Controller를 IaaS 환경(AWS)에 아래의 절차로 설치한다.

3.4.1. Deployment Manifest 지정

bosh deployment openpaas-controller-aws-1.0.yml
“bosh deployment” 명령어로 생성한 Deployment Manifest File을 지정하고, 아래의 그림과 같이 동일한 명령어로 정상 지정 되었는지를 확인한다.

3.4.2. Open PaaS Controller Deploy

“bosh deploy” 명령으로 Open PaaS Controller 설치를 수행한다.
bosh deploy
보통 설치 과정은 1-2시간 정도가 소요되며 정상적으로 설치가 완료되면 아래 그림과 같은 메세지를 출력하게 된다.

3.5. 설치형상 확인

설치가 정상적으로 완료된 후 “bosh vms” 명령으로 설치된 Open PaaS Controller의 형상을 확인한다.
bosh vms
아래 그림과 같이 Deployment Name, Virtual Machine, IP 주소 등의 정보를 확인할 수 있다.

4. 설치 검증

4.1. CF Login

$ cf api https://api.controller.open-paas.com –skip-ssl-validation
$ cf login
1
Email> admin