Controller 설치 가이드(OpenStack)

1. 개요

1.1. 문서 목적

본 문서(설치가이드)는, 현 시점에서 지원되는 IaaS(Infrastructure as a Service) 중 하나인 OpenStack(Icehouse) 환경에서 Open PaaS Controller를 설치하기 위한 가이드를 제공하는데 그 목적이 있다.

1.2. 범위

본 문서의 범위는 Open PaaS Controller를 OpenStack Icehouse에 설치하기 데 대한 내용으로 한정되어 있다. vSphere/AWS와 같은 다른 IaaS 환경에서의 설치는 그에 맞는 가이드 문서를 참고해야 하며, Bosh 설치 또한 해당 가이드 문서를 별도로 참조해야 한다.

1.3. 참고 자료

2. Prerequisites

2.1. 개요

Open PaaS Controller를 설치하기 전에 IaaS(OpenStack) 환경이 정상적으로 구성되어 있고, Bosh Server와 Bosh/OP CLI가 설치되어 있는지를 확인해야 한다.

2.2. OpenStack

2.2.1. Dashboard(Horizon)

[그림출처]: Open PaaS 사업단 개발환경
OpenStack Dashboard(Horizon)으로 정상 접속되어야 하고, Open PaaS Controller가 설치될 Subnet이 구성되어 있어야 한다. 별도 Subnet 은 필수적인 구성은 아니나, 관리의 용이성을 위해서 사용하는 것을 권장한다.

2.2.2. Security Group

SSH, HTTP, HTTPS, DNS Protocol을 받을 수 있고, 모든 통신 Protocol을 엑세스 할 수 있도록 Security Group을 설정한다.(주의: 내부 네트워크 구간에서는 모든 Procotol이 사용 가능하도록 구성해야 한다.)
PaaS-TA v2.0 이상의 버전에서는 다음을 참조하여 시큐리티 그룹을 설정한다. https://docs.cloudfoundry.org/deploying/openstack/security_group.html

2.3. Bosh Server 및 Bosh CLI

[그림출처]: Open PaaS 사업단 개발환경
“bosh status” 명령을 실행하여 위와 같이 정상적으로 출력되는 지를 확인한다. 만약 문제 발생 시에는 Bosh 설치가이드를 참조하여 정상적으로 Bosh 환경을 구성한 후 이후 작업을 진행한다.

2.4. DNS Server

Open PaaS Controller는 독자적인 Zone을 DNS에 등록해야 한다. 사용 가능한 DNS Server가 존재하지 않는다면, VM 등에 별도로 구축하여야 한다. 예를 들어 Linux의 경우에는 bind9 Package를 설치하고 아래와 같이 Platform Zone을 등록한다.
/etc/bind/named.conf.local
1
zone "controller.open-paas.com" {
2
type master;
3
file "/etc/bind/db.controller.open-paas.com";
4
};
Copied!
/etc/resolv.conf 파일 수정
1
nameserver 10.20.0.3
2
nameserver 8.8.8.8
3
search openstacklocal
Copied!
/etc/bind/db.controller.open-paas.com
1
;
2
; BIND data file for local loopback interface
3
;
4
$TTL 604800
5
@ IN SOA ns.controller.open-paas.com. root.controller.open-paas.com. (
6
2 ; Serial
7
604800 ; Refresh
8
86400 ; Retry
9
2419200 ; Expire
10
604800 ) ; Negative Cache TTL
11
;
12
@ IN NS ns.controller.open-paas.com.
13
* IN A 10.20.10.13 # HA Proxy VM IP 주소
14
@ IN AAAA ::1
Copied!
NSLOOKUP 등으로 DNS Server에 Platform Domain이 정상 등록 되었는지 확인한다.

2.5. OP CLI

Open PaaS 설치 패키지 내에 포함되어 있는 OP CLI 압축 파일을 풀고 명령어 Path Folder에 실행 파일을 복사한다.
$ sudo tar -xvzf $INSTALL_PACKAGE/OpenPaaS-Dev-Tools/op-CLI/cf-linux-amd64.tgz
$ sudo cp cf /usr/bin
“cf” 명령어를 입력하면 아래와 같은 Help 화면이 출력됨을 확인한다.

3. Open PaaS Controller 설치

3.1. Release Upload

하단 링크로 접속하여 OpenPaaS Controller 릴리즈 파일인 openpaas-controller-1.0.tgz를 다운로드 한다.
다음의 명령어를 이용하여 릴리즈 파일을 bosh에 업로드한다.
$ bosh upload release $INSTALL_PACKAGE/OpenPaaS-Controller/openpaas-controller-1.0.tgz
Release Upload는 상황에 따라 다소 차이는 있으나 보통 20-30분 정도 소요가 되며, 정상 Upload가 되면 아래의 그림과 같은 메시지가 출력된다.
[주의] Release Upload 과정에서 작업장비의 “/tmp” 폴더의 사이즈가 작을 경우 압축파일을 풀거나 묶을 때 에러가 발생할 수 있으므로, 10GB 이상 Free Size가 있는지를 확인해야 한다.
Bosh Sever에 Release가 정상적으로 Upload 되었는지는 “bosh releases” 명령으로 확인한다.
$ bosh releases

3.2. Stemcell Upload

하단의 링크로 접속하여 Openstack 용 OpenPaaS-Stemcell인 bosh-stemcell-3147-openstack-kvm-ubuntu-trusty-go_agent.tgz 파알을 다운로드 한다.
다음의 명령어를 사용하여 Stemcell을 bosh에 업로드 한다.
$ bosh upload stemcell $INSALL_PACKAGE/OpenPaaS-Stemcells/bosh-stemcell-3147-openstack-kvm-ubuntu-trusty-go_agent.tgz
Stemcell Upload는 상황에 따라 다소 차이는 있으나 보통 5-10분 정도 소요가 되며, 정상 Upload가 되면 아래의 그림과 같은 메시지가 출력된다.
[주의] Stemcell Upload 과정에서 작업장비의 “/tmp” 폴더의 사이즈가 작을 경우 압축파일을 풀거나 묶을 때 에러가 발생할 수 있으므로, 10GB 이상 Free Size가 있는지를 확인해야 한다.
Bosh Sever에 Stemcell이 정상적으로 Upload 되었는지는 “bosh stemcells” 명령으로 확인한다.
$ bosh stemcells

3.3. Deployment Manifest

하단의 링크로 접속하여 Openstack용 Controller Deployment인 openpaas-controller-openstack-1.0.yml 파일을 다운로드 한다.
하단의 예시(3.3.1 ~ 3.3.7)를 참조하여 사용자의 설치환경에 적합하게 수정한다.

3.3.1. Name & Release

1
name: openpaas-controller # Deployment Name
2
director_uuid: 3475c880-8836-4a73-9309-c65bc9ac20c6 # Bosh Director UUID
3
releases:
4
- name: openpaas-controller # Bosh Release Name
5
version: latest # Bosh Release Version
Copied!
Deployment Name은 설치자가 임의로 부여하는데, IaaS와 Version을 표시할 것을 권장한다. Bosh Director UUID는 “bosh status” 명령을 실행하면 출력되는 UUID 값을 넣고, Release Name과 Version은 “bosh releases” 명령의 결과로 나오는 값들을 입력하도록 한다.

3.3.2. Networks

1
networks:
2
- name: op_network # Open PaaS Controller가 설치될 Network Name
3
subnets:
4
- cloud_properties:
5
net_id: 7b49e746-161a-4f90-9ed6-c93e27122a1a # Neutron Subnet ID
6
security_groups:
7
- cf-security
8
- bosh
9
- default
10
dns:
11
- 10.20.0.3 # DNS Server
12
- 8.8.8.8
13
gateway: 10.20.0.1 # Gateway IP Address
14
range: 10.20.0.0/24 # Network CIDR
15
reserved:
16
- 10.20.0.2 - 10.20.0.9
17
static:
18
- 10.20.0.10 - 10.20.0.40 # VM에 할당될 Static IP 주소 대역
19
type: manual
Copied!
Network Name은 설치자가 임의로 부여 가능하다. Neutron Subnet ID, Gateway, DNS Server, Network CIDR은 OpenStack 구성을 직접 확인하거나 인프라 담당자에게 문의하여 정보를 얻도록 한다. Static IP 주소는 Open PaaS Controller를 설치할 때 개별 VM에 할당될 IP의 주소 대역으로 마찬가지로 인프라 담당자에게 할당을 받아야 한다.

3.3.3. Compilation

1
compilation: # Compile용 VM의 사양
2
cloud_properties:
3
instance_type: m1.medium
4
network: op_network # Network Name
5
reuse_compilation_vms: true
6
workers: 6 # 동시 동작하는 VM 수
Copied!
Network Name은 3.3.2 Networks에서 정의한 것과 동일한 이름을 줘야 한다. Workers는 동시에 Compile을 수행하는 VM의 개수로 별다른 환경적 특성이 없다면 Default 값을 사용토록 한다.

3.3.4. Resource Pools

1
resource_pools:
2
- cloud_properties:
3
instance_type: m1.small
4
env:
5
bosh:
6
password: $6$mwZOg/kA$r64mds4/xoqhW2tR8ck7oxmhqGiCBsDS5SWW/j8vgahvpdHkKJrb25/Wc2..CT3ja02qLgh0JB60RTP2ndjAh0
7
name: small # Resource Name
8
network: op_network # Network Name
9
stemcell:
10
name: bosh-openstack-kvm-ubuntu-trusty-go_agent # Stemcell Name
11
version: 3147 # Stemcell Version
12
13
- cloud_properties:
14
instance_type: m1.small
15
env:
16
bosh:
17
password: $6$mwZOg/kA$r64mds4/xoqhW2tR8ck7oxmhqGiCBsDS5SWW/j8vgahvpdHkKJrb25/Wc2..CT3ja02qLgh0JB60RTP2ndjAh0
18
name: medium # Resource Name
19
network: op_network # Network Name
20
stemcell:
21
name: bosh-openstack-kvm-ubuntu-trusty-go_agent # Stemcell Name
22
version: 3147 # Stemcell Version
23
24
- cloud_properties:
25
instance_type: m1.medium
26
env:
27
bosh:
28
password: $6$mwZOg/kA$r64mds4/xoqhW2tR8ck7oxmhqGiCBsDS5SWW/j8vgahvpdHkKJrb25/Wc2..CT3ja02qLgh0JB60RTP2ndjAh0
29
name: large # Resource Name
30
network: op_network # Network Name
31
stemcell:
32
name: bosh-openstack-kvm-ubuntu-trusty-go_agent # Stemcell Name
33
version: 3147 # Stemcell Version
34
35
- cloud_properties:
36
instance_type: m1.medium
37
env:
38
bosh:
39
password: $6$mwZOg/kA$r64mds4/xoqhW2tR8ck7oxmhqGiCBsDS5SWW/j8vgahvpdHkKJrb25/Wc2..CT3ja02qLgh0JB60RTP2ndjAh0
40
name: runner
41
network: op_network
42
stemcell:
43
name: bosh-openstack-kvm-ubuntu-trusty-go_agent
44
version: 3147
45
46
- cloud_properties:
47
instance_type: m1.small
48
env:
49
bosh:
50
password: $6$mwZOg/kA$r64mds4/xoqhW2tR8ck7oxmhqGiCBsDS5SWW/j8vgahvpdHkKJrb25/Wc2..CT3ja02qLgh0JB60RTP2ndjAh0
51
name: router
52
network: op_network
53
stemcell:
54
name: bosh-openstack-kvm-ubuntu-trusty-go_agent
55
version: 3147
Copied!
Stemcell Name과 Version은 “bosh stemcells” 명령어 결과로 출력되는 값들을 입력하도록 한다.

3.3.5. Update

1
update:
2
canaries: 1
3
canary_watch_time: 30000-600000
4
max_in_flight: 1
5
serial: true # VM의 순차적 Update
6
update_watch_time: 5000-600000
7
`
Copied!
Default 값들을 수정 없이 사용한다.

Jobs

아래 Sample Jobs를 참고하여 설치 환경에 맞게 수정한다.
1
jobs:
2
- instances: 1 # VM Instance 개수
3
name: consul
4
networks:
5
- name: op_network # VM이 설치될 Network
6
static_ips:
7
- 10.20.0.16 # Consul에 할당된 IP 주소
8
persistent_disk: 1024
9
properties:
10
consul:
11
agent:
12
mode: server
13
metron_agent:
14
zone: z1
15
deployment: openpaas-controller
16
resource_pool: medium
17
templates:
18
- name: consul_agent
19
release: openpaas-controller
20
- name: metron_agent
21
release: openpaas-controller
22
update:
23
max_in_flight: 1
24
serial: true
25
- name: ha_proxy
26
instances: 1
27
networks:
28
- name: op_network
29
static_ips: 10.20.0.13 # HAProxy IP 주소
30
properties:
31
ha_proxy:
32
# SSL Key
33
ssl_pem: |
34
-----BEGIN CERTIFICATE-----
35
MIICzTCCAjYCCQC4Lzsbx+krOjANBgkqhkiG9w0BAQsFADCBqjELMAkGA1UEBhMC
36
S1IxDjAMBgNVBAgMBVNlb3VsMQ8wDQYDVQQHDAZKb25nUm8xEjAQBgNVBAoMCW9w
37
ZW4tcGFhczESMBAGA1UECwwJb3Blbi1wYWFzMSMwIQYDVQQDDBoqLmNvbnRyb2xs
38
ZXIub3Blbi1wYWFzLmNvbTEtMCsGCSqGSIb3DQEJARYeYWRtaW5AY29udHJvbGxl
39
ci5vcGVuLXBhYXMuY29tMB4XDTE1MTIxODAyMzgyNVoXDTE2MDExNzAyMzgyNVow
40
gaoxCzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTZW91bDEPMA0GA1UEBwwGSm9uZ1Jv
41
MRIwEAYDVQQKDAlvcGVuLXBhYXMxEjAQBgNVBAsMCW9wZW4tcGFhczEjMCEGA1UE
42
AwwaKi5jb250cm9sbGVyLm9wZW4tcGFhcy5jb20xLTArBgkqhkiG9w0BCQEWHmFk
43
bWluQGNvbnRyb2xsZXIub3Blbi1wYWFzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
44
jQAwgYkCgYEAs3yC/6FzVq2WSoZUWAYCwPrAOJ3VpN7JMpJ3fulim6MIzzXjhIeq
45
Zl2E10uM9mD0WKWUwTmZcp/a3s+EQZYydgQEY0uQQ1ol/rqnev89PRGu0eAOBKZx
46
/GEYxIkDRDHNNcfGo1lj2Of2sTEFR1FvTPy6X784qqW7afqIpo/86yMCAwEAATAN
47
BgkqhkiG9w0BAQsFAAOBgQAKU8paqctRObRoI+e2I4G7FPev6GVm3otYi/SEs17q
48
LmvMD63QPXEI7r+49FZzaXQtZKALb2NoMJKPO0mhzMJE5GR16f+E8ct1pA6L11t/
49
fqce0/oPC+LcX0D36/J1Bw+PL/qJq5NeCOY1ba6JcBPBtckVfwu8Vm+pm+DKGX3i
50
hw==
51
-----END CERTIFICATE-----
52
-----BEGIN RSA PRIVATE KEY-----
53
MIICXAIBAAKBgQCzfIL/oXNWrZZKhlRYBgLA+sA4ndWk3skyknd+6WKbowjPNeOE
54
h6pmXYTXS4z2YPRYpZTBOZlyn9rez4RBljJ2BARjS5BDWiX+uqd6/z09Ea7R4A4E
55
pnH8YRjEiQNEMc01x8ajWWPY5/axMQVHUW9M/Lpfvziqpbtp+oimj/zrIwIDAQAB
56
AoGAfHDxakcH7qq/rr/frn/MXPv9VcOoonyMRnHiQ62QXpP0waV9Lx/YdsyUE6kf
57
/JpQDz4OGsHSr/RBDYYXDloSdTKx0bBp6xL22SNf0fAkk14biXNc3olc2r5lccPz
58
fbKGEDHAGwcOTNb2zFYCWrn0IDuMjHsX+TejLA0mwOhcxgECQQDiyZfw9cuumDGg
59
rgMqxlX3DxIeOl/XHo0vOobijLnuG7CP7SS/Em38AEu+kTDUItm9SeRYzB2oDWto
60
B1+WSWejAkEAypslTk0Db0gBh9sJbN+4rPJNORvq/2BkXtDGR4WvuDIYvb8q+cYf
61
Og1upgjyVBBYV2b4udbXS4R8B42xwcSmgQJAbHtMD/ozbRfmHVs/rpVjB6QQ4Z7A
62
u5EkrePMI9B3G/vo0F/6hN+W9sVZdhXTipYFG7Od5A/3W6zXpNJqGeSRCwJAK/0V
63
U3PLHB0hH/MBj97fBMWy2IRkOEAgaqmfcyXmafKOhpv747ENVJhX/rqQionl9EwK
64
Eqc/pUjFeQpdnrlogQJBAMrDC4bQZ5igTPEXddDA8VN6qRLFDHFlTo2ulVyQ413Y
65
HmFUIf4BNcRKD3GO24x63L8xK0ArzW4iLlrkwW8A2IE=
66
-----END RSA PRIVATE KEY-----
67
metron_agent:
68
zone: z1
69
deployment: openpaas-controller
70
networks:
71
apps: op_network
72
router:
73
servers:
74
z1:
75
- 10.20.0.15 # Router IP 주소
76
resource_pool: router
77
templates:
78
- name: haproxy
79
release: openpaas-controller
80
- name: metron_agent
81
release: openpaas-controller
82
- name: consul_agent
83
release: openpaas-controller
84
update: {}
85
- instances: 1
86
name: nats
87
networks:
88
- name: op_network
89
static_ips: 10.20.0.11 # NATS IP 주소
90
properties:
91
metron_agent:
92
zone: z1
93
deployment: openpaas-controller
94
networks:
95
apps: op_network
96
resource_pool: medium
97
templates:
98
- name: nats
99
release: openpaas-controller
100
- name: nats_stream_forwarder
101
release: openpaas-controller
102
- name: metron_agent
103
release: openpaas-controller
104
update: {}
105
- instances: 1
106
name: etcd
107
networks:
108
- name: op_network
109
static_ips:
110
- 10.20.0.24 # ETCD IP 주소
111
persistent_disk: 10024
112
properties:
113
metron_agent:
114
zone: z1
115
deployment: openpaas-controller
116
networks:
117
apps: op_network
118
resource_pool: medium
119
templates:
120
- name: etcd
121
release: openpaas-controller
122
- name: etcd_metrics_server
123
release: openpaas-controller
124
- name: metron_agent
125
release: openpaas-controller
126
update:
127
max_in_flight: 1
128
129
- instances: 1
130
name: stats
131
networks:
132
- name: op_network
133
static_ips:
134
- 10.20.0.31 # Stats(Collector) IP 주소
135
properties:
136
metron_agent:
137
zone: z1
138
deployment: openpaas-controller
139
networks:
140
apps: op_network
141
resource_pool: small
142
templates:
143
- name: collector
144
release: openpaas-controller
145
- name: metron_agent
146
release: openpaas-controller
147
update: {}
148
149
- instances: 1
150
name: nfs
151
networks:
152
- name: op_network
153
static_ips: 10.20.0.12 # NFS Server IP 주소
154
persistent_disk: 102400
155
properties:
156
metron_agent:
157
zone: z1
158
deployment: openpaas-controller
159
networks:
160
apps: op_network
161
resource_pool: medium
162
templates:
163
- name: debian_nfs_server
164
release: openpaas-controller
165
- name: metron_agent
166
release: openpaas-controller
167
update: {}
168
169
- instances: 1
170
name: postgres
171
networks:
172
- name: op_network
173
static_ips: 10.20.0.22 # DB Server(PostgreSQL) IP 주소
174
persistent_disk: 4096
175
properties:
176
metron_agent:
177
zone: z1
178
deployment: openpaas-controller
179
networks:
180
apps: op_network
181
resource_pool: medium
182
templates:
183
- name: postgres
184
release: openpaas-controller
185
- name: metron_agent
186
release: openpaas-controller
187
update: {}
188
189
- instances: 1
190
name: uaa
191
networks:
192
- name: op_network
193
static_ips: 10.20.0.32 # UAA IP 주소
194
properties:
195
consul:
196
agent:
197
services:
198
uaa: {}
199
metron_agent:
200
zone: z1
201
deployment: openpaas-controller
202
networks:
203
apps: op_network
204
route_registrar:
205
routes:
206
- name: uaa
207
port: 8080
208
tags:
209
component: uaa
210
uris:
211
- uaa.controller.open-paas.com
212
- '*.uaa.controller.open-paas.com'
213
- login.controller.open-paas.com
214
- '*.login.controller.open-paas.com'
215
uaa:
216
proxy:
217
servers:
218
- 10.20.0.15
219
resource_pool: medium
220
templates:
221
- name: uaa
222
release: openpaas-controller
223
- name: metron_agent
224
release: openpaas-controller
225
- name: consul_agent
226
release: openpaas-controller
227
- name: route_registrar
228
release: openpaas-controller
229
- name: statsd-injector
230
release: openpaas-controller
231
update: {}
232
233
- instances: 1
234
name: api
235
networks:
236
- name: op_network
237
static_ips: 10.20.0.33 # Cloud Controller IP 주소
238
persistent_disk: 8192
239
properties:
240
consul:
241
agent:
242
services:
243
cloud_controller_ng: {}
244
routing-api: {}
245
metron_agent:
246
zone: z1
247
deployment: openpaas-controller
248
networks:
249
apps: op_network
250
nfs_server:
251
address: 10.20.0.12 # NFS Server IP 주소
252
allow_from_entries:
253
- 10.20.0.0/24 # 허용 Network CIDR 값
254
share: null
255
route_registrar:
256
routes:
257
- name: api
258
port: 9022
259
tags:
260
component: CloudController
261
uris:
262
- api.controller.open-paas.com
263
resource_pool: large
264
templates:
265
- name: cloud_controller_ng
266
release: openpaas-controller
267
- name: cloud_controller_clock
268
release: openpaas-controller
269
- name: cloud_controller_worker
270
- name: routing-api
271
release: openpaas-controller
272
- name: metron_agent
273
release: openpaas-controller
274
- name: statsd-injector
275
release: openpaas-controller
276
- name: consul_agent
277
release: openpaas-controller
278
- name: nfs_mounter
279
release: openpaas-controller
280
- name: route_registrar
281
release: openpaas-controller
282
update: {}
283
284
- instances: 1
285
name: clock_global
286
networks:
287
- name: op_network
288
static_ips: 10.20.0.34 # Cloud Controller Clock IP 주소
289
persistent_disk: 4096
290
properties:
291
metron_agent:
292
zone: z1
293
deployment: openpaas-controller
294
networks:
295
apps: op_network
296
resource_pool: medium
297
templates:
298
- name: cloud_controller_clock
299
release: openpaas-controller
300
- name: metron_agent
301
release: openpaas-controller
302
update: {}
303
304
- instances: 1
305
name: api_worker
306
networks:
307
- name: op_network
308
static_ips: 10.20.0.35 # CC Worker IP 주소
309
persistent_disk: 0
310
properties:
311
metron_agent:
312
zone: z1
313
deployment: openpaas-controller
314
networks:
315
apps: op_network
316
nfs_server:
317
address: 10.20.0.12 # NFS Server IP 주소
318
allow_from_entries:
319
- 10.20.0.0/24 # 허용 Network CIDR 값
320
share: null
321
resource_pool: small
322
templates:
323
- name: cloud_controller_worker
324
release: openpaas-controller
325
- name: metron_agent
326
release: openpaas-controller
327
- name: consul_agent
328
release: openpaas-controller
329
- name: nfs_mounter
330
release: openpaas-controller
331
update: {}
332
333
- instances: 0
334
name: hm9000
335
networks:
336
- name: op_network
337
properties:
338
metron_agent:
339
zone: z1
340
deployment: openpaas-controller
341
networks:
342
apps: op_network
343
route_registrar:
344
routes:
345
- name: hm9000
346
port: 5155
347
tags:
348
component: HM9K
349
uris:
350
- hm9000.controller.open-paas.com
351
resource_pool: medium
352
templates:
353
- name: hm9000
354
release: openpaas-controller
355
- name: metron_agent
356
release: openpaas-controller
357
- name: route_registrar
358
release: openpaas-controller
359
update: {}
360
361
- instances: 0
362
name: runner
363
networks:
364
- name: op_network
365
properties:
366
dea_next:
367
zone: z1
368
metron_agent:
369
zone: z1
370
deployment: openpaas-controller
371
networks:
372
apps: op_network
373
resource_pool: runner
374
templates:
375
- name: dea_next
376
release: openpaas-controller
377
- name: dea_logging_agent
378
release: openpaas-controller
379
- name: metron_agent
380
release: openpaas-controller
381
update:
382
max_in_flight: 1
383
384
- instances: 0
385
name: loggregator
386
networks:
387
- name: op_network
388
properties:
389
doppler:
390
zone: z1
391
metron_agent:
392
zone: z1
393
doppler_endpoint:
394
shared_secret: admin
395
resource_pool: medium
396
templates:
397
- name: doppler
398
release: openpaas-controller
399
- name: syslog_drain_binder
400
release: openpaas-controller
401
- name: metron_agent
402
release: openpaas-controller
403
update: {}
404
405
- instances: 1
406
name: doppler
407
networks:
408
- name: op_network
409
static_ips: 10.20.0.38 # Doppler IP 주소
410
properties:
411
doppler:
412
zone: z1
413
metron_agent:
414
zone: z1
415
deployment: openpaas-controller
416
networks:
417
apps: op_network
418
resource_pool: medium
419
templates:
420
- name: doppler
421
release: openpaas-controller
422
- name: syslog_drain_binder
423
release: openpaas-controller
424
- name: metron_agent
425
release: openpaas-controller
426
update: {}
427
428
- instances: 1
429
name: loggregator_trafficcontroller
430
networks:
431
- name: op_network
432
static_ips: 10.20.0.39 # Loggregator Controller IP 주소
433
properties:
434
metron_agent:
435
zone: z1
436
deployment: openpaas-controller
437
networks:
438
apps: op_network
439
route_registrar:
440
routes:
441
- name: doppler
442
port: 8081
443
uris:
444
- doppler.controller.open-paas.com
445
- name: loggregator
446
port: 8080
447
uris:
448
- loggregator.controller.open-paas.com
449
traffic_controller:
450
zone: z1
451
resource_pool: small
452
templates:
453
- name: loggregator_trafficcontroller
454
release: openpaas-controller
455
- name: metron_agent
456
release: openpaas-controller
457
- name: route_registrar
458
release: openpaas-controller
459
update: {}
460
461
- instances: 1
462
name: router
463
networks:
464
- name: op_network
465
static_ips: 10.20.0.15 # Router IP 주소
466
properties:
467
consul:
468
agent:
469
services:
470
gorouter: {}
471
metron_agent:
472
zone: z1
473
deployment: openpaas-controller
474
networks:
475
apps: op_network
476
resource_pool: router
477
templates:
478
- name: gorouter
479
release: openpaas-controller
480
- name: metron_agent
481
release: openpaas-controller
482
- name: consul_agent
483
release: openpaas-controller
484
update: {}
Copied!

3.3.7. Properties

아래 Sample Manifest를 참조하여 설치 환경에 맞게 값을 수정한다.
1
properties:
2
acceptance_tests: null
3
app_domains:
4
- controller.open-paas.com # DNS Server에 등록된 Platform Domain Name
5
app_ssh:
6
host_key_fingerprint: 89:d3:73:01:f3:10:c4:a7:87:53:54:31:63:ee:ef:51 # App에 ssh로 접근하기 위한 정보
7
oauth_client_id: ssh-proxy
8
cc: # 여기서부터 Cloud Controller Properties
9
allow_app_ssh_access: true
10
allowed_cors_domains: []
11
app_events:
12
cutoff_age_in_days: 31
13
app_usage_events:
14
cutoff_age_in_days: 31
15
audit_events:
16
cutoff_age_in_days: 31
17
broker_client_default_async_poll_interval_seconds: null
18
broker_client_max_async_poll_duration_minutes: null
19
broker_client_timeout_seconds: 70
20
buildpacks:
21
buildpack_directory_key: controller.open-paas.com-cc-buildpacks
22
cdn: null
23
fog_connection:
24
local_root: /var/vcap/store
25
provider: Local
26
bulk_api_password: admin # Bulk API Password 설정
27
client_max_body_size: 2048M
28
db_encryption_key: db-encryption-key # DB Encryprion Key 지정
29
db_logging_level: debug2
30
default_app_disk_in_mb: 1024
31
default_app_memory: 1024
32
default_buildpacks:
33
- name: java_buildpack_offline
34
package: buildpack_java_offline
35
- name: egov_buildpack
36
package: buildpack_egov
37
- name: staticfile_buildpack
38
package: buildpack_staticfile
39
- name: java_buildpack
40
package: buildpack_java
41
- name: ruby_buildpack
42
package: buildpack_ruby
43
- name: nodejs_buildpack
44
package: buildpack_nodejs
45
- name: go_buildpack
46
package: buildpack_go
47
- name: python_buildpack
48
package: buildpack_python
49
- name: php_buildpack
50
package: buildpack_php
51
- name: binary_buildpack
52
package: buildpack_binary
53
default_health_check_timeout: 60
54
default_quota_definition: default
55
default_running_security_groups:
56
- public_networks
57
- dns
58
- services
59
default_staging_security_groups:
60
- public_networks
61
- dns
62
default_to_diego_backend: true
63
development_mode: false
64
directories: null
65
disable_custom_buildpacks: false
66
droplets:
67
cdn: null
68
droplet_directory_key: controller.open-paas.com-cc-droplets
69
fog_connection:
70
local_root: /var/vcap/store
71
provider: Local
72
max_staged_droplets_stored: null
73
external_host: api
74
external_port: 9022
75
external_protocol: null
76
install_buildpacks:
77
- name: java_buildpack_offline
78
package: buildpack_java_offline
79
- name: egov_buildpack
80
package: buildpack_egov
81
- name: staticfile_buildpack
82
package: buildpack_staticfile
83
- name: java_buildpack
84
package: buildpack_java
85
- name: ruby_buildpack
86
package: buildpack_ruby
87
- name: nodejs_buildpack
88
package: buildpack_nodejs
89
- name: go_buildpack
90
package: buildpack_go
91
- name: python_buildpack
92
package: buildpack_python
93
- name: php_buildpack
94
package: buildpack_php
95
- name: binary_buildpack
96
package: buildpack_binary
97
internal_api_password: admin # Internal API Password
98
internal_api_user: internal_user
99
jobs:
100
app_bits_packer:
101
timeout_in_seconds: null
102
app_events_cleanup:
103
timeout_in_seconds: null
104
app_usage_events_cleanup:
105
timeout_in_seconds: null
106
blobstore_delete:
107
timeout_in_seconds: null
108
blobstore_upload:
109
timeout_in_seconds: null
110
droplet_deletion:
111
timeout_in_seconds: null
112
droplet_upload:
113
timeout_in_seconds: null
114
generic:
115
number_of_workers: null
116
global:
117
timeout_in_seconds: 14400
118
model_deletion:
119
timeout_in_seconds: null
120
logging_level: debug2
121
maximum_app_disk_in_mb: 2048
122
maximum_health_check_timeout: 180
123
min_cli_version: null
124
min_recommended_cli_version: null
125
newrelic:
126
capture_params: false
127
developer_mode: false
128
environment_name: openpaas-controller
129
license_key: null
130
monitor_mode: false
131
transaction_tracer:
132
enabled: true
133
record_sql: obfuscated
134
packages:
135
app_package_directory_key: controller.open-paas.com-cc-packages
136
cdn: null
137
fog_connection:
138
local_root: /var/vcap/store
139
provider: Local
140
max_package_size: 1073741824
141
max_valid_packages_stored: null
142
quota_definitions: # Application Instance Default Quota 값 지정
143
default:
144
memory_limit: 10240
145
non_basic_services_allowed: true
146
total_routes: 1000
147
total_services: 100
148
resource_pool:
149
cdn: null
150
fog_connection:
151
local_root: /var/vcap/store
152
provider: Local
153
resource_directory_key: controller.open-paas.com-cc-resources
154
security_group_definitions:
155
- name: public_networks
156
rules:
157
- destination: 0.0.0.0-9.255.255.255
158
protocol: all
159
- destination: 11.0.0.0-169.253.255.255
160
protocol: all
161
- destination: 169.255.0.0-172.15.255.255
162
protocol: all
163
- destination: 172.32.0.0-192.167.255.255
164
protocol: all
165
- destination: 192.169.0.0-255.255.255.255
166
protocol: all
167
- name: dns
168
rules:
169
- destination: 0.0.0.0/0
170
ports: "53"
171
protocol: tcp
172
- destination: 0.0.0.0/0
173
ports: "53"
174
protocol: udp
175
- name: services
176
rules:
177
- destination: 10.20.0.0/24
178
protocol: all
179
service_usage_events:
180
cutoff_age_in_days: 31
181
srv_api_uri: https://api.controller.open-paas.com # Platform API Target URL
182
stacks: null
183
staging_upload_password: admin # Staging Upload Password
184
staging_upload_user: staging_upload_user
185
system_buildpacks:
186
- name: java_buildpack_offline
187
package: buildpack_java_offline
188
- name: egov_buildpack
189
package: buildpack_egov
190
- name: staticfile_buildpack
191
package: buildpack_staticfile
192
- name: java_buildpack
193
package: buildpack_java
194
- name: ruby_buildpack
195
package: buildpack_ruby
196
- name: nodejs_buildpack
197
package: buildpack_nodejs
198
- name: go_buildpack
199
package: buildpack_go
200
- name: python_buildpack
201
package: buildpack_python
202
- name: php_buildpack
203
package: buildpack_php
204
- name: binary_buildpack
205
package: buildpack_binary
206
thresholds:
207
api:
208
alert_if_above_mb: null
209
restart_if_above_mb: null
210
restart_if_consistently_above_mb: null
211
worker:
212
alert_if_above_mb: null
213
restart_if_above_mb: null
214
restart_if_consistently_above_mb: null
215
user_buildpacks: []
216
users_can_select_backend: false
217
ccdb:
218
address: 10.20.0.22 # DB Server(PostgreSQL) VM IP 주소
219
databases:
220
- citext: true
221
name: ccdb
222
tag: cc
223
db_scheme: postgres
224
port: 5524
225
roles:
226
- name: ccadmin
227
password: admin # ccadmin 계정 Password
228
tag: admin
229
collector: null
230
consul:
231
agent:
232
log_level: null
233
servers:
234
lan:
235
- 10.20.0.16 # Consul VM IP 주소
236
# Consul agent cert 키 값
237
agent_cert: |
238
-----BEGIN CERTIFICATE-----
239
MIIEIjCCAgygAwIBAgIRANVNoOk6A4WIpnRmprN6Ft4wCwYJKoZIhvcNAQELMBMx
240
ETAPBgNVBAMTCGNvbnN1bENBMB4XDTE1MTIxNjA3MjcyN1oXDTE3MTIxNjA3Mjcy
241
OFowFzEVMBMGA1UEAxMMY29uc3VsIGFnZW50MIIBIjANBgkqhkiG9w0BAQEFAAOC
242
AQ8AMIIBCgKCAQEAvJSw9vW2VCtTbMQ02SQ9H+XpJOA6Pm5B/qsWFFc7YePp2FRg
243
CUFO48/SOhKJ99GxdC2io91jmicTMUyHpHjbreohpRlxBpXxlKevPQHY8jVZ1MQ2
244
IRGX4V1bi/cpe0rttEeWEy315xjPDdsEevgyUwJ5/gEYzr0PneAzrDkmnXMGZaAv
245
/EEM/5cj34HVFrkv3WQ/cY2zOOqzs0wsR02SWgt2H6ne4qukOIDgL4QV3/PjDSiE
246
zW7Yta+yxNikwm85BhyGCaucQncOXlNTjJ/a2XDK2FYDzSLm2nNFKLiGqPz6VPgD
247
VpH5G/3/875EoJqDQwaEvLzo2TNU5RIyewmfRwIDAQABo3EwbzAOBgNVHQ8BAf8E
248
BAMCALgwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQr
249
M995lPKvjs4giWC2lz+UksWGoTAfBgNVHSMEGDAWgBRoGRUwOPPgLrI5WCtaB3uj
250
sdjkMDALBgkqhkiG9w0BAQsDggIBACmcL4wkwYU1pjp1/fFuesP4xOvxmrs7VKFY
251
8eT7IIGv7bk4PMH8xR6y57IAq8VQP4iIe91jlyz5APqP86EhnDHemYimaR4V02R5
252
BD5PzN0bDdqpGGAB4oU6OJD5XObEj4yC+0Miy3Mdz5sSmZZ1Tn0o710L4Y+ncjwD
253
vEG3wFkCfe/SU8Fd5vVfM1d6CzFDo+szrcoXR56bGrDKAocH641Z4ofCSDs2pCri
254
BvJ/OWbekktvqvsA2BX6d78k9FX3RIQZzGUciQtIyiWoJMFT7Gf5D+yK1m8F/Ad8
255
ROWL1APXFb/IOjL6K+7E1YIhOpthOYZRtWBp9idhY3/Bzac/cYthOG/mu4YzDf4R
256
eX25OO7C2G818xzVk9zxKKnlWJkpRWa1uYLTb/trW6GT/hFaA0BTX0hVzgdnYs/l
257
NnhVlPk3wTXWhTBzuvWPVEIyblzt7GszMiYrX9Un1meQxDyVs89dLANAr1tocAo9
258
eC98fNpO55RS/mCCzmwtuGO6FL7kGz91BtJRzx+LD9tMyZWWAmjUzR8Ak6iwrHoX
259
wyLWcXomI2INoGkaj2/j/KywyDq6zOhb5nA98nQOIZb4FkHgX5H6jajN4DfurZp1
260
mq6LVQrV5B7yxf4ul3MfOq/HV2eMzyH6uiKXIuwrFU7poUyn4EdXfUHB5Imjlx46
261
ZGkvJ5oM
262
-----END CERTIFICATE-----
263
# Consul agent 키 값
264
agent_key: |
265
-----BEGIN RSA PRIVATE KEY-----
266
MIIEpQIBAAKCAQEAvJSw9vW2VCtTbMQ02SQ9H+XpJOA6Pm5B/qsWFFc7YePp2FRg
267
CUFO48/SOhKJ99GxdC2io91jmicTMUyHpHjbreohpRlxBpXxlKevPQHY8jVZ1MQ2
268
IRGX4V1bi/cpe0rttEeWEy315xjPDdsEevgyUwJ5/gEYzr0PneAzrDkmnXMGZaAv
269
/EEM/5cj34HVFrkv3WQ/cY2zOOqzs0wsR02SWgt2H6ne4qukOIDgL4QV3/PjDSiE
270
zW7Yta+yxNikwm85BhyGCaucQncOXlNTjJ/a2XDK2FYDzSLm2nNFKLiGqPz6VPgD
271
VpH5G/3/875EoJqDQwaEvLzo2TNU5RIyewmfRwIDAQABAoIBAQCM1/TPjbZuaKl3
272
G5do8eLhFwKo8vstM4YAoWDtMjV8qA837dSINQmppcaabswylZ+WaJsHDctdD4AL
273
GuBX25ge7TXRrA25YHW8k/yScPXJ+ESuXxkaW5x2yhYclC2cEts0AR86FeKJhgLm
274
k0RmX0aersPUDJetmJC4VgHhyBFqF301o2BpLQn8nDC5awSqoY6poThELQYkX0s5
275
2mNS1GunESaVtpo/qwbb2sdAhVv1M6HKNkcWBE6DOVMR+QwxoIMVj0mosEJT6jsd
276
NhZE3aRP49Gv82m6aWAuVtEAiZbIsF/xdsw4pRG2BXwwbiAtjUVMK1nmt2BUjXmK
277
ppZbE9ehAoGBAOMn83e3o4IdPhj6Cqs8PPJGOCHRt5hcq66Pkfk2U3fJCONO3ROO
278
GkMY6HMrqvTcUpBeHMm1EZjmvKfvK6wjiVs1KNJXFZvrbOF3KMkqFkxev+38zb7L
279
VF94OPhgvKDLx9KRiMo9m2013npNx9iimXlGQ0pdi6zil87LbfacL7yXAoGBANSG
280
y1eQoMTHS+xxeP5chBxErYaaD40bCCRqQgUuXHxMteltdSR2ChVMIHTHvXgtR6xO
281
8l5I4IXucjjmdr0pLecdc40+5UDvxy1UXYgwQVJzOLZ4L2U1wdu7VXFOgr6/Ehl9
282
vn4ncEgRlFNpxbyIbZIReHkgxjhOzJ0N+50ogZjRAoGAUs+5vqdAAKtQfCKLySlI
283
vrpCtHGUEQOXwyer+8KGY2Dy0ItrpTlk8ZkfBP2icWnw35ivvgk4xRk5Ja/XqAW8
284
iXezzhrZUeJd60RZphylzGmuZsCG8UuHEtbtTf9WRPiFfIp55+DVzNaaqNO6S4vb
285
j47B8VZxGTHyTf1ztTfzXzkCgYEAsO4HGz8smKXSb2WIdTpQQbhrPkPD7pUykh5k
286
GCwgktrKFyso+tHKUzCtVIt1ETehE7Il1JiXUujP7s7uy0wdCutZ550U/pqgFvzF
287
YTvLJfkGneIwkvHOEkBDQbE659HqH46vqBbtQxJfiZHlLK/niFNDGJRQcVAoyBd8
288
AbpXKgECgYEApqgxW3C7CJStKRdvMQeg50PS5oyXSglU8JoACEYDOUoWQZTDUqci
289
CYFJNfdEv/K3AmZH/0hSVuYXhzvdotpWhHvdtmH/YT1bkeoYF5NULyB4VyKOnpyR
290
MS/cy+MIiSuLeKK8dNRy62t5Ugo+mgaxuNt3nTlGW0pIathZ9BZJ4Kc=
291
-----END RSA PRIVATE KEY-----
292
# Consul ca cert 키 값
293
ca_cert: |
294
-----BEGIN CERTIFICATE-----
295
MIIFAzCCAu2gAwIBAgIBATALBgkqhkiG9w0BAQswEzERMA8GA1UEAxMIY29uc3Vs
296
Q0EwHhcNMTUxMjE2MDcyNzA2WhcNMjUxMjE2MDcyNzI1WjATMREwDwYDVQQDEwhj
297
b25zdWxDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKqk/0Lg6fvy
298
PMHs/W1yj9lLxdsbJs7GFdoGOLi99DD3zJxN/t2pskagHYqgdSddGqM/ZVIZ+eB/
299
tvzUcFczvjG36o+5Bsca31Ez/pCS+1sU88tb5XM5UpGZ0hU2ZB5pdZ08hyKsGqgQ
300
dkRLlcq7pCfRs1AHxwUMG34AyvrKwR/uufIDlHm3ChMx7plykeObK5hw6H/ZZDn5
301
uvF6ROtSPEvVvm6i7DC45D+hJSbsZF5U4PnGr6Ez8TWvlhJDln3bFDpKZN8NUig+
302
nOk05JuxmGjWtpFogtsWfrM5iZzo3Wq9ku8CuYw3F0cZl4L6xycCuzVn2oja/FN8
303
wU+0ND2DIntcUbM+CgCrcua+0l1J5ob4JN3TS98mEvO8MeuXIRXVf9EprbGur0YY
304
2rVVQ+DMIsOmbD7MzewBnjy0mrU9fuiTX29BoBTk0y+CZM5VpTUJXvnQ54sDfHSI
305
Ch1DgvmNgYhPBOkzG8Ecm9oaNXdfl1ZTr0EHycI5aNLeZHOI55SkD2UtFEogmcDc
306
wPitTmpVrBNnCnBkWmiqePausRQBJWDvGRKJqWKQmt/hj7X4PrBGE7inPQEFr63A
307
d9N7gceZPfPPYDUiKRtbXOaEK20jzyg5RDK6RPKuwO6tQPwhNKzwmgeVKI1TCfow
308
OOIGl13s48m7JYul6LRaqpla26Y89siLAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIA
309
BjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBRoGRUwOPPgLrI5WCtaB3uj
310
sdjkMDAfBgNVHSMEGDAWgBRoGRUwOPPgLrI5WCtaB3ujsdjkMDALBgkqhkiG9w0B
311
AQsDggIBAKpQwk1sRYfkq5pvVRwnzqSyrdt3tQ9TrtWi15hzucLGQbaPCoCWKmkB
312
N9VkeOWsP/f/q9ptRUBBB+qT1270fmCXiTYMdJAnLers32gomqQmv7H/eI0d3Mzr
313
1PA8P8W5066hqywsBLd4D0lcrCaC5VkvvUIG6RE3sOh5wW1UZxUR52LPLPqiiS8d
314
oU9NXb8BtxW+juj+VypnwisEMXtV4K7Wf0g+05w8PND3PQbzj665em+cCt7sG9Fd
315
EOvxhmqFQhJKfiFZe/uNORrlZBVX8w0M+OLRi99feH93BLnklpH2QYVw9XDUu6gV
316
zzcAMuOuwd75ngHbW5dRiP6hE8Qn10NQf+K6Hq5gXgnGI7r1yic63JeXYqU9N981
317
9krNGikmRYoEAF5Mbind2u8c4ce7/b6TjvsgX2Ddj3nRuPTbg1+9Vl8v7/kQrPaP
318
3jR+X+OJ4qOZH//lIAy99Ifs2EqQh2EdqJXLH3cddWhUtf7UdsMciyYNotswlZxs
319
CNoRpYD795IrQeAmgx3avhdihCUeZRyy5zZgpufkyLJe0CDvH0XRChTZhOSjptDb
320
3LeZoWKxn2G0f9ZL0SasOyU+uLtGSQLpavW22CVwDPvWrxj5BpG3Ulddgh/ysIwN
321
4PFVkjXsY1Ca5mC7mMu0+XSaALaNlXlJ7GuRmf+CU2sWCQOxGvp+
322
-----END CERTIFICATE-----
323
# Consul encrypt 키 값
324
encrypt_keys:
325
- t66mLrBhJ5kpofLwoJpH5A==
326
require_ssl: true # Consul ssl 접속 여부
327
# Consul server cert 키 값
328
server_cert: |
329
-----BEGIN CERTIFICATE-----
330
MIIEKzCCAhWgAwIBAgIQMkaGpfb7hSNQcutiGf4ERjALBgkqhkiG9w0BAQswEzER
331
MA8GA1UEAxMIY29uc3VsQ0EwHhcNMTUxMjE2MDcyNzI2WhcNMTcxMjE2MDcyNzI3
332
WjAhMR8wHQYDVQQDExZzZXJ2ZXIuZGMxLmNmLmludGVybmFsMIIBIjANBgkqhkiG
333
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZvu3TU4dQeh4veVGti3hhYP/7YCbKI8y7q6
334
Qyz7FCvQJSsD0bUXnG6+U7tNHOTRNdBTnQrmZFeWoXXGscqZLwSRnTlG6q28Bfwc
335
imMbnqM1xz/1TlAXsC4NSw4quvoxW+KlWVNM9/srga5+aWJCXOx4ozF770eb82pe
336
8EAGhAHZ2zx1xZ3x8NdQRsOc77pYdXrNjWcxicQzONZ7+DKrhk3Enw7DWZkkUITv
337
1DtHjD6HN3v847ZLS5hk6c8bn2EHGqzvXHFSLXM1hJrom3lhDiaO6tN0lC2EPwSz
338
ogQ8obPy5VHhST3LgpsondqTlZkAVX8UUsmhn7M+vuXdxuD4iQIDAQABo3EwbzAO
339
BgNVHQ8BAf8EBAMCALgwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0G
340
A1UdDgQWBBTnXp73N5Gb7qFeRa66ESaCYCj5azAfBgNVHSMEGDAWgBRoGRUwOPPg
341
LrI5WCtaB3ujsdjkMDALBgkqhkiG9w0BAQsDggIBAFhuxqoVQ66uk07TwJoet8Jr
342
kNtLDPadOlKPBgnOrER8GpNhxg8cet5tWyKD6vPveuzecGKGoXO1EamLdLSmx73m
343
HD/e0uISZ1s/yCVYzRfsCmaFw2hsFQvlUIp0J3KwEpA71sP6jyN+il9cwfR0v9Z+
344
KhrgCVlYlxk+GpXG1mNx908omLydss81OJRuw/VUCi96htH8naur7JCSYUYNmXTU
345
hAPxF3C/uZULGDs/ktJ6orEjybAn0lLFJSJr7FTb2bhmJcxDXnm1B3KU9ggCA9za
346
oRmi53xFVZBa9arYMvnD97T7zwioJVww8u+VVBAuOaeZggliSZL3SfloJ6u8LhWO
347
MObMsNEgl9/IziNEbC3XcjT6rwcepWb4mNCaoEsm3fKAAwjUv2qHy7FslM2O0GDx
348
wgpCCVuG0sN3zYJYr4zCvP3nnir49jZ1gJ1vKikK+Qk72crPEcsWh7/iuWIb0Ir2
349
h2LbwCUsXo1DDptJiDn7FfEX4WW9OStaI4WCgvlcKMlMwcnZIZ3tN7NlNzon8fAV
350
LR0GHcKqvPmPp49zvjXt4BroQPdUgM3WZPpCNtZDqDc9obfS5ap7FAVQWBaPqOu0
351
aMgvXar2LxBuM7JWCorYzztm5sv4NJSjxjDkkybwOImTxZkpLZb2j58TdXQiE1v+
352
fns7uQ9yHVtyl941hRlf
353
-----END CERTIFICATE-----
354
# Consul server 키 값
355
server_key: |
356
-----BEGIN RSA PRIVATE KEY-----
357
MIIEowIBAAKCAQEAqZvu3TU4dQeh4veVGti3hhYP/7YCbKI8y7q6Qyz7FCvQJSsD
358
0bUXnG6+U7tNHOTRNdBTnQrmZFeWoXXGscqZLwSRnTlG6q28BfwcimMbnqM1xz/1
359
TlAXsC4NSw4quvoxW+KlWVNM9/srga5+aWJCXOx4ozF770eb82pe8EAGhAHZ2zx1
360
xZ3x8NdQRsOc77pYdXrNjWcxicQzONZ7+DKrhk3Enw7DWZkkUITv1DtHjD6HN3v8
361
47ZLS5hk6c8bn2EHGqzvXHFSLXM1hJrom3lhDiaO6tN0lC2EPwSzogQ8obPy5VHh
362
ST3LgpsondqTlZkAVX8UUsmhn7M+vuXdxuD4iQIDAQABAoIBAA+UZ0iijuERJmm2
363
3Fdu+My0UhvnGCnqbTM5n8pz40xjCeegH+WvgM+5zHnchqTUz/LlhAi065zj/s4u
364
B2ZledS70rRigoUkGFVkZyq/F9Zmn5YB5gKfkM16LXZrgrlSKh6Kny2pXTSaOdDb
365
unjrsbTfc+Vpsjy0kzq01quy9eZCLvClKjSNG4zc4P1Yxo6ptvkYq6zTv/+CA5dM
366
AKfzB2NHcEu4lAnWS29ps2gDg4mIDs5tUaC5nE4KRXZHo/o7iHBR3KzyR4mFD/n+
367
a5eyjkQFWLOVqBCfseLri8ESmkFZeZJ32td3mUIxokEVuwBdZ7Zb8KKI7QhweVv2
368
WQzzUEECgYEAxkdvVE/sJAeDHs176QquLhCZJ83YFjgxU+FWO9JJuANm3j0CWEqK
369
Rw6mlparltr8lzJhs/lVEhOmfNEMDw3RcF8TBxj9gsZn12To8yh8PzSz0DpjiDAO
370
Osw7iNWy95PvgqQy11+OizUpS5zaVwjc2YByhec0OxzDAUO9D4SLuP0CgYEA2vvl
371
2BLlVxkbz73s36JbXMtL7UvqakbFmbcdQSu07czGbdFtNxNhphKIVBCH4ny2yBxm
372
qEEpuis/fkVzhD02V81dI63PIhRZuFEXnGWhMeY44VmWCmbaoUdZd9Ozna2AnVVN
373
a5Qw1hWHcmfpcILaFgCb/j2XHqveTZ87pMjdyX0CgYA5cbq8V4dXjOGdC/VJN/Hs
374
oJxunsFq9o67+X3NSQhYiovD+TLzt2zGV2VGHZLK2tjxSQRrauINoanLYZk3x04V
375
W0Yc+U2BFNBC5BZlVCZi/XbW7gOmEh4dRMw+wYLfHXn3hHDCWwnmJNm48VGEg6nQ
376
TdlgF/LW6WdJt4FPvJvqVQKBgFs3YFdwD44HTHltcJT7CTmPCVKQM9YPItJT32C9
377
NwFzMhieivLNJPjLcXQq6p9iObUDd5OQiTQePbV4cpTb9p3+UlTBWq2kcnb/eGlS
378
QCIL9xePfJtamqlhkhgC3CfLFO70kGpGcU1L7H6wYCHYr8VIfbIar688Aj6tHGgY
379
r6H1AoGBAK81Evrf729tMezOMoGQKGfZrP9pkh6Bh5ProZFqK5R9GItXdYU4ATvL
380
1/dmdLjPwDpprC90gfjDnvT+rxBJUQmlklRV4YvutaOO25UJQtnLEA7oBmASYGjh
381
QsflMYJj0ytvop7ReDVV6+p6OymS2SBZrdO2AvwRNy6cVSuPjgLn
382
-----END RSA PRIVATE KEY-----
383
databases:
384
additional_config: null
385
address: 10.20.0.22 # DB Server VM IP 주소
386
collect_statement_statistics: null
387
databases:
388
- citext: true
389
name: ccdb
390
tag: cc
391
- citext: true
392
name: uaadb
393
tag: uaa
394
db_scheme: postgres
395
port: 5524
396
roles:
397
- name: ccadmin
398
password: admin
399
tag: admin
400
- name: uaaadmin
401
password: admin
402
tag: admin
403
dea_next:
404
advertise_interval_in_seconds: 5
405
allow_host_access: null
406
allow_networks: []
407
default_health_check_timeout: 60
408
deny_networks: []
409
directory_server_protocol: https
410
disk_mb: 32768
411
disk_overcommit_factor: 3
412
evacuation_bail_out_time_in_seconds: 0
413
heartbeat_interval_in_seconds: 10
414
instance_bandwidth_limit: null
415
instance_disk_inode_limit: 200000
416
kernel_network_tuning_enabled: false
417
logging_level: debug
418
memory_mb: 8192
419
memory_overcommit_factor: null
420
mtu: null
421
rlimit_core: 0
422
staging_bandwidth_limit: null
423
staging_disk_inode_limit: 200000
424
staging_disk_limit_mb: 6144
425
staging_memory_limit_mb: 1024
426
description: Open PaaS sponsored by OCP Team
427
disk_quota_enabled: false
428
domain: controller.open-paas.com
429
doppler:
430
blacklisted_syslog_ranges: null
431
debug: false
432
enable_tls_transport: null
433
maxRetainedLogMessages: 100
434
port: 4443 # Doppler port 번호
435
436
tls_server:
437
cert: null
438
key: null
439
port: null
440
unmarshaller_count: 5
441
doppler_endpoint:
442
shared_secret: admin # Doppler Endpoint Password
443
dropsonde:
444
enabled: true
445
etcd:
446
machines:
447
- 10.20.0.24 # etcd VM IP 주소
448
peer_require_ssl: false
449
require_ssl: false
450
etcd_metrics_server:
451
nats:
452
machines:
453
- 10.20.0.11 # NATS Server VM IP 주소
454
password: admin
455
username: nats
456
457
hm9000:
458
url: https://hm9000.controller.open-paas.com
459
logger_endpoint:
460
port: 443
461
use_ssl: true
462
loggregator:
463
blacklisted_syslog_ranges: null
464
debug: false
465
etcd:
466
machines:
467
- 10.20.0.24
468
maxRetainedLogMessages: 100
469
outgoing_dropsonde_port: 8081
470
tls:
471
ca: null
472
loggregator_endpoint:
473
shared_secret: admin
474
login:
475
analytics:
476
code: null
477
domain: null
478
asset_base_url: null
479
brand: oss
480
catalina_opts: null
481
enabled: true
482
invitations_enabled: null
483
links:
484
passwd: https://console.controller.open-paas.com/password_resets/new
485
signup: https://console.controller.open-paas.com/register
486
logout: null
487
messages: null
488
notifications:
489
url: null
490
protocol: null
491
restricted_ips_regex: null
492
saml: null
493
self_service_links_enabled: null
494
signups_enabled: null
495
smtp:
496
host: null
497
password: null
498
port: null
499
user: null
500
spring_profiles: null
501
tiles: null
502
uaa_base: null
503
url: null
504
metron_agent:
505
deployment: openpaas-controller
506
preferred_protocol: null
507
tls_client:
508
cert: null
509
key: null
510
metron_endpoint:
511
shared_secret: admin
512
nats:
513
address: 10.20.0.11 # NATS Server VM IP 주소
514
debug: false
515
machines:
516
- 10.20.0.11 # NATS Server VM IP 주소
517
monitor_port: 4221
518
password: admin
519
port: 4222
520
prof_port: 0
521
trace: false
522
user: nats
523
nfs_server:
524
address: null
525
allow_from_entries:
526
- 10.20.0.0/24 # NFS Mount 허용 Range 지정
527
share: null
528
request_timeout_in_seconds: 900
529
router:
530
cipher_suites: null
531
debug_addr: null
532
enable_ssl: null
533
extra_headers_to_log: null
534
logrotate: null
535
port: null
536
requested_route_registration_interval_in_seconds: null
537
route_service_timeout: null
538
route_services_secret: admin
539
route_services_secret_decrypt_only: null
540
secure_cookies: null
541
ssl_cert: null
542
ssl_key: null
543
ssl_skip_validation: true
544
status:
545
password: admin
546
port: null
547
user: router
548
smoke_tests: null
549
ssl:
550
skip_cert_verify: true
551
support_address: http://support.cloudfoundry.com
552
syslog_daemon_config: null
553
system_domain: controller.open-paas.com # DNS Server에 등록한 Platform Domain Name
554
system_domain_organization: OCP
555
traffic_controller:
556
outgoing_port: 8080
557
uaa:
558
admin:
559
client_secret: admin # admin 계정 Password
560
authentication:
561
policy:
562
countFailuresWithinSeconds: null
563
lockoutAfterFailures: null
564
lockoutPeriodSeconds: null
565
batch:
566
password: admin
567
username: batchuser
568
catalina_opts: -Xmx768m -XX:MaxPermSize=256m
569
cc:
570
client_secret: admin
571
clients:
572
cc-service-dashboards:
573
authorities: clients.read,clients.write,clients.admin
574
authorized-grant-types: client_credentials
575
scope: openid,cloud_controller_service_permissions.read
576
secret: admin
577
cc_routing:
578
authorities: routing.router_groups.read
579
authorized-grant-types: client_credentials
580
secret: admin
581
cloud_controller_username_lookup:
582
authorities: scim.userids
583
authorized-grant-types: client_credentials
584
secret: admin
585
doppler:
586
authorities: uaa.resource
587
override: true
588
secret: admin
589
gorouter:
590
authorities: clients.read,clients.write,clients.admin,routing.routes.write,routing.routes.read
591
authorized-grant-types: client_credentials,refresh_token
592
scope: openid,cloud_controller_service_permissions.read
593
secret: admin
594
login:
595
authorities: oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write
596
authorized-grant-types: authorization_code,client_credentials,refresh_token
597
override: true
598
redirect-uri: https://login.controller.open-paas.com
599
scope: openid,oauth.approvals
600
secret: admin
601
notifications:
602
authorities: cloud_controller.admin,scim.read
603
authorized-grant-types: client_credentials
604
secret: admin
605
ssh-proxy:
606
authorized-grant-types: authorization_code
607
autoapprove: true
608
override: true
609
redirect-uri: /login
610
scope: openid,cloud_controller.read,cloud_controller.write
611
secret: admin
612
database: null
613
issuer: https://uaa.controller.open-paas.com
614
jwt:
615
signing_key: |
616
-----BEGIN RSA PRIVATE KEY-----
617
MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
618
JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
619
0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
620
AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
621
Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
622
KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
623
duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
624
xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
625
+5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
626
lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
627
jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
628
HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
629
4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
630
-----END RSA PRIVATE KEY-----
631
verification_key: |
632
-----BEGIN PUBLIC KEY-----
633
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
634
KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
635
qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
636
spULZVNRxq7veq/fzwIDAQAB
637
-----END PUBLIC KEY-----
638
639
ldap: null
640
login: null
641
newrelic: null
642
no_ssl: null
643
port: 8080
644
require_https: null
645
restricted_ips_regex: 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
646
scim:
647
external_groups: null
648
groups: null
649
userids_enabled: true
650
users:
651
- admin|admin|scim.write,scim.read,openid,cloud_controller.admin,clients.read,clients.write,doppler.firehose,routing.router_groups.read
652
spring_profiles: null
653
url: https://uaa.controller.open-paas.com
654
user: null
655
zones: null
656
uaadb:
657
address: 10.20.0.22 # DB Server VM IP 주소
658
databases:
659
- citext: true
660
name: uaadb
661
tag: uaa
662
db_scheme: postgresql
663
port: 5524
664
roles:
665
- name: uaaadmin
666
password: admin
667
tag: admin
Copied!

3.4. Bosh Deploy

지금까지 설치를 위한 준비 과정이 정상적으로 수행되었으면, 지금부터 Open PaaS Controller를 IaaS 환경(OpenStack)에 아래의 절차로 설치한다.

3.4.1. Deployment Manifest 지정

$ bosh deployment openpaas-openstack-1.0.yml “bosh deployment” 명령어로 생성한 Deployment Manifest File을 지정하고, 아래의 그림과 같이 동일한 명령어로 정상 지정 되었는지를 확인한다.

3.4.2. Open PaaS Controller Deploy

“bosh deploy” 명령으로 Open PaaS Controller 설치를 수행한다.
$ bosh deploy
보통 설치 과정은 1-2시간 정도가 소요되며 정상적으로 설치가 완료되면 아래 그림과 같은 메세지를 출력하게 된다.

3.5. 설치형상 확인

설치가 정상적으로 완료된 후 “bosh vms” 명령으로 설치된 Open PaaS Controller의 형상을 확인한다.
$ bosh vms
아래 그림과 같이 Deployment Name, Virtual Machine, IP 주소 등의 정보를 확인할 수 있다.

4. 설치 검증

4.1. CF Login

$ cf api https://api.controller.open-paas.com –skip-ssl-validation
$ cf login
1
Email> admin
2
Password> admin
3
OK
Copied!
$ cf create-space dev
$ cf target -o OCP -s dev
CF Target을 지정하고, Login을 수행한다. 이 때 계정은 admin/admin을 사용한다. Application을 Deploy할 ORG(Default: OCP)와 Space를 생성하고, 해당하는 ORG/Space로 Targetting 한다.