Controller 설치 가이드(vSphere)

1. 개요

1.1. 문서 목적

본 문서(설치가이드)는, 현 시점에서 지원되는 IaaS(Infrastructure as a Service) 중 하나인 vSphere 환경에서 개방형클라우드플랫폼을 설치하기 위한 가이드를 제공하는데 그 목적이 있다.

1.2. 범위

본 문서의 범위는 개방형클라우드플랫폼을 vSphere에 설치하기 데 대한 내용으로 한정되어 있다. OpenStack/AWS와 같은 다른 IaaS 환경에서의 설치는 그에 맞는 가이드 문서를 참고해야 하며, Inception/Bosh 설치 또한 해당 가이드 문서를 별도로 참조해야 한다.

1.3. 참고 자료

2. Prerequisites

2.1. 개요

개방형클라우드플랫폼을 설치하기 전에 IaaS(vSphere) 환경이 정상적으로 구성되어 있고, Bosh Server와 Bosh/CF CLI가 설치되어 있는지를 확인해야 한다.

2.2. vSphere

2.2.1. 데이터센터/클러스터/리소스풀

[그림출처]: Open PaaS 사업단 개발환경
데이터센터 내에 vSphere Server들로 구성된 클러스터가 있어야 하며, 개방형클라우드플랫폼이 설치될 리소스풀이 만들어져 있어야 한다. 리소스풀의 경우는 필수적인 구성은 아니나, 관리의 용이성을 위해서 사용하는 것을 권장한다.

2.3. Bosh Server 및 Bosh CLI

[그림출처]: Open PaaS 사업단 개발환경
“bosh status” 명령을 실행하여 위와 같이 정상적으로 출력되는 지를 확인한다. 만약 문제 발생 시에는 Bosh 설치가이드를 참조하여 정상적으로 Bosh 환경을 구성한 후 이후 작업을 진행한다.

2.4. DNS Server

개방형클라우드플랫폼은 독자적인 Zone을 DNS에 등록해야 한다. 사용 가능한 DNS Server가 존재하지 않는다면, VM 등에 별도로 구축하여야 한다. 예를 들어 Linux의 경우에는 bind9 Package를 설치하고 아래와 같이 Platform Zone을 등록한다.
/etc/bind/named.conf.local\
1
zone "controller.open-paas.com" {
2
type master;
3
file "/etc/bind/db.controller.open-paas.com";
4
};
Copied!
/etc/bind/db.cf-dev.open-paas.com
1
;
2
; BIND data file for local loopback interface
3
;
4
$TTL 604800
5
@ IN SOA ns.controller.open-paas.com. root.controller.open-paas.com. (
6
2 ; Serial
7
604800 ; Refresh
8
86400 ; Retry
9
2419200 ; Expire
10
604800 ) ; Negative Cache TTL
11
;
12
@ IN NS ns.controller.open-paas.com.
13
* IN A 10.30.40.113 <font color="blue"># HA Proxy VM IP 주소</font>
14
@ IN AAAA ::1
Copied!
NSLOOKUP 등으로 DNS Server에 Platform Domain이 정상 등록 되었는지 확인한다.

2.5. OP CLI

Open PaaS 설치 패키지 내에 포함되어 있는 OP CLI 압축 파일을 풀고 명령어 Path Folder에 실행 파일을 복사한다.
sudo tar -xvzf $INSTALL_PACKAGE/OpenPaaS-Dev-Tools/op-CLI/cf-linux-amd64.tgz
$ sudo cp cf /usr/bin
“cf” 명령어를 입력하면 아래와 같은 Help 화면이 출력됨을 확인한다.

3. Open PaaS Controller 설치

3.1. Release Upload

하단 링크로 접속하여 OpenPaaS Controller 릴리즈 파일인 openpaas-controller-1.0.tgz를 다운로드 한다.
다음의 명령어를 이용하여 릴리즈 파일을 bosh에 업로드한다.
$ bosh upload release $INSTALL_PACKAGE/OpenPaaS-Controller/openpaas-controller-1.0.tgz
Release Upload는 상황에 따라 다소 차이는 있으나 보통 20-30분 정도 소요가 되며, 정상 Upload가 되면 아래의 그림과 같은 메시지가 출력된다.
[주의] Release Upload 과정에서 작업장비의 “/tmp” 폴더의 사이즈가 작을 경우 압축파일을 풀거나 묶을 때 에러가 발생할 수 있으므로, 10GB 이상 Free Size가 있는지를 확인해야 한다.
Bosh Sever에 Release가 정상적으로 Upload 되었는지는 “bosh releases” 명령으로 확인한다. $ bosh releases

3.2. Stemcell Upload

하단의 링크로 접속하여 vSphere 용 OpenPaaS-Stemcell인 bosh-stemcell-3147-vsphere-esxi-ubuntu-trusty-go_agent.tgz 파일을 다운로드 한다.
다음의 명령어를 사용하여 Stemcell을 bosh에 업로드 한다.
$ bosh upload stemcell $INSALL_PACKAGE/OpenPaaS-Stemcells/bosh-stemcell-3147-vsphere-esxi-ubuntu-trusty-go_agent.tgz
Stemcell Upload는 상황에 따라 다소 차이는 있으나 보통 5-10분 정도 소요가 되며, 정상 Upload가 되면 아래의 그림과 같은 메시지가 출력된다.
[주의] Stemcell Upload 과정에서 작업장비의 “/tmp” 폴더의 사이즈가 작을 경우 압축파일을 풀거나 묶을 때 에러가 발생할 수 있으므로, 10GB 이상 Free Size가 있는지를 확인해야 한다.
Bosh Sever에 Stemcell이 정상적으로 Upload 되었는지는 “bosh stemcells” 명령으로 확인한다. $ bosh stemcells

3.3. Deployment Manifest

하단의 링크로 접속하여 vSphere 용 Controller Deployment인 openpaas-controller-vsphere-1.0.yml 파일을 다운로드 한다.
하단의 예시(3.3.1 ~ 3.3.7)를 참조하여 사용자의 설치환경에 적합하게 수정한다.

3.3.1. Name & Release

1
name: openpaas-controller # Deployment Name
2
director_uuid: 0bc8d3c2-e032-4c7e-a99c-e23eea7091fc # Bosh Director UUID
3
releases:
4
- name: openpaas-controller # Bosh Release Name
5
version: latest # Bosh Release Version
Copied!
Deployment Name은 설치자가 임의로 부여하는데, IaaS와 Version을 표시할 것을 권장한다. Bosh Director UUID는 “bosh status” 명령을 실행하면 출력되는 UUID 값을 넣고, Release Name과 Version은 “bosh releases” 명령의 결과로 나오는 값들을 입력하도록 한다.

3.3.2. Networks

1
networks:
2
- name: op_network # Open PaaS Controller가 설치될 Network Name
3
subnets:
4
- cloud_properties:
5
name: Internal # Open PaaS Controller가 설치될 Virtual Switch Name
6
dns:
7
- 10.30.20.24 # DNS Server
8
- 8.8.8.8
9
gateway: 10.30.20.23 # Gateway IP Address
10
name: default_unused
11
range: 10.30.0.0/16 # Network CIDR
12
reserved:
13
- 10.30.0.1 - 10.30.20.22
14
- 10.30.20.24 - 10.30.40.9
15
static:
16
- 10.30.40.10 - 10.30.40.40 # VM에 할당될 Static IP 주소 대역
17
type: manual
Copied!
Network Name은 설치자가 임의로 부여 가능하다. Virtual Switch, Gateway, DNS Server, Network CIDR은 vSphere 구성을 직접 확인하거나 인프라 담당자에게 문의하여 정보를 얻도록 한다. Static IP 주소는 Open PaaS Controller를 설치할 때 개별 VM에 할당될 IP의 주소 대역으로 마찬가지로 인프라 담당자에게 할당을 받아야 한다.

3.3.3. Compilation

1
compilation:
2
cloud_properties: # Compile용 VM의 사양
3
cpu: 2
4
disk: 8192
5
ram: 1024
6
network: op_network # Network Name
7
reuse_compilation_vms: true
8
workers: 6 # 동시 동작하는 VM 수
Copied!
Network Name은 3.3.2 Networks에서 정의한 것과 동일한 이름을 줘야 한다. Workers는 동시에 Compile을 수행하는 VM의 개수로 별다른 환경적 특성이 없다면 Default 값을 사용토록 한다.

3.3.4. Resource Pools

1
resource_pools:
2
- cloud_properties:
3
cpu: 1
4
disk: 4096
5
ram: 1024
6
env:
7
bosh:
8
password: $6$4gDD3aV0rdqlrKC$2axHCxGKIObs6tAmMTqYCspcdvQXh3JJcvWOY2WGb4SrdXtnCyNaWlrf3WEqvYR2MYizEGp3kMmbpwBC6jsHt0
9
name: small # Resource Name
10
network: op_network # Network Name
11
stemcell:
12
name: bosh-vsphere-esxi-ubuntu-trusty-go_agent # Stemcell Name
13
version: 3147 # Stemcell Version
14
15
- cloud_properties:
16
cpu: 1
17
disk: 4096
18
ram: 1024
19
env:
20
bosh:
21
password: $6$4gDD3aV0rdqlrKC$2axHCxGKIObs6tAmMTqYCspcdvQXh3JJcvWOY2WGb4SrdXtnCyNaWlrf3WEqvYR2MYizEGp3kMmbpwBC6jsHt0
22
name: medium # Resource Name
23
network: op_network # Network Name
24
stemcell:
25
name: bosh-vsphere-esxi-ubuntu-trusty-go_agent # Stemcell Name
26
version: 3147 # Stemcell Version
27
28
- cloud_properties:
29
cpu: 1
30
disk: 10240
31
ram: 1024
32
env:
33
bosh:
34
password: $6$4gDD3aV0rdqlrKC$2axHCxGKIObs6tAmMTqYCspcdvQXh3JJcvWOY2WGb4SrdXtnCyNaWlrf3WEqvYR2MYizEGp3kMmbpwBC6jsHt0
35
name: large # Resource Name
36
network: op_network # Network Name
37
stemcell:
38
name: bosh-vsphere-esxi-ubuntu-trusty-go_agent # Stemcell Name
39
version: 3147 # Stemcell Version
40
41
- cloud_properties:
42
cpu: 2
43
disk: 32768
44
ram: 16384
45
env:
46
bosh:
47
password: $6$4gDD3aV0rdqlrKC$2axHCxGKIObs6tAmMTqYCspcdvQXh3JJcvWOY2WGb4SrdXtnCyNaWlrf3WEqvYR2MYizEGp3kMmbpwBC6jsHt0
48
name: runner
49
network: op_network
50
stemcell:
51
name: bosh-vsphere-esxi-ubuntu-trusty-go_agent
52
version: 3147
53
54
- cloud_properties:
55
cpu: 1
56
disk: 2048
57
ram: 1024
58
env:
59
bosh:
60
password: $6$4gDD3aV0rdqlrKC$2axHCxGKIObs6tAmMTqYCspcdvQXh3JJcvWOY2WGb4SrdXtnCyNaWlrf3WEqvYR2MYizEGp3kMmbpwBC6jsHt0
61
name: router
62
network: op_network
63
stemcell:
64
name: bosh-vsphere-esxi-ubuntu-trusty-go_agent
65
version: 3147
66
67
- cloud_properties:
68
cpu: 1
69
disk: 2048
70
ram: 1024
71
env:
72
bosh:
73
password: $6$4gDD3aV0rdqlrKC$2axHCxGKIObs6tAmMTqYCspcdvQXh3JJcvWOY2WGb4SrdXtnCyNaWlrf3WEqvYR2MYizEGp3kMmbpwBC6jsHt0
74
name: small_errand
75
network: op_network
76
stemcell:
77
name: bosh-vsphere-esxi-ubuntu-trusty-go_agent
78
version: 3147
79
80
- cloud_properties:
81
cpu: 1
82
disk: 10240
83
ram: 1024
84
env:
85
bosh:
86
password: $6$4gDD3aV0rdqlrKC$2axHCxGKIObs6tAmMTqYCspcdvQXh3JJcvWOY2WGb4SrdXtnCyNaWlrf3WEqvYR2MYizEGp3kMmbpwBC6jsHt0
87
name: xlarge_errand
88
network: op_network
89
stemcell:
90
name: bosh-vsphere-esxi-ubuntu-trusty-go_agent
91
version: 3147
Copied!
각 Resource의 Size는 Jobs에서 해당 Resource를 사용하는 VM 개수와 정확하게 일치해야 한다. Stemcell Name과 Version은 “bosh stemcells” 명령어 결과로 출력되는 값들을 입력하도록 한다.

3.3.5. Update

1
update:
2
canaries: 1
3
canary_watch_time: 30000-600000
4
max_in_flight: 1
5
serial: true # VM의 순차적 Update
6
update_watch_time: 5000-600000
Copied!
Default 값들을 수정 없이 사용한다.

3.3.6. Jobs

아래 Sample Jobs를 참고하여 설치 환경에 맞게 수정한다.
1
jobs:
2
- instances: 1 # VM Instance 개수
3
name: consul
4
networks:
5
- name: op_network # VM이 설치될 Network
6
static_ips:
7
- 10.30.40.16 # Consul에 할당된 IP 주소
8
persistent_disk: 1024
9
properties:
10
consul:
11
agent:
12
mode: server
13
metron_agent:
14
zone: z1
15
deployment: openpaas-controller
16
resource_pool: medium
17
templates:
18
- name: consul_agent
19
release: openpaas-controller
20
- name: metron_agent
21
release: openpaas-controller
22
update:
23
max_in_flight: 1
24
serial: true
25
26
- name: ha_proxy
27
instances: 1
28
networks:
29
- name: op_network
30
static_ips: 10.30.40.13 # HAProxy IP 주소
31
properties:
32
ha_proxy:
33
# SSL Key
34
ssl_pem: |
35
-----BEGIN CERTIFICATE-----
36
MIICzTCCAjYCCQC4Lzsbx+krOjANBgkqhkiG9w0BAQsFADCBqjELMAkGA1UEBhMC
37
S1IxDjAMBgNVBAgMBVNlb3VsMQ8wDQYDVQQHDAZKb25nUm8xEjAQBgNVBAoMCW9w
38
ZW4tcGFhczESMBAGA1UECwwJb3Blbi1wYWFzMSMwIQYDVQQDDBoqLmNvbnRyb2xs
39
ZXIub3Blbi1wYWFzLmNvbTEtMCsGCSqGSIb3DQEJARYeYWRtaW5AY29udHJvbGxl
40
ci5vcGVuLXBhYXMuY29tMB4XDTE1MTIxODAyMzgyNVoXDTE2MDExNzAyMzgyNVow
41
gaoxCzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTZW91bDEPMA0GA1UEBwwGSm9uZ1Jv
42
MRIwEAYDVQQKDAlvcGVuLXBhYXMxEjAQBgNVBAsMCW9wZW4tcGFhczEjMCEGA1UE
43
AwwaKi5jb250cm9sbGVyLm9wZW4tcGFhcy5jb20xLTArBgkqhkiG9w0BCQEWHmFk
44
bWluQGNvbnRyb2xsZXIub3Blbi1wYWFzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
45
jQAwgYkCgYEAs3yC/6FzVq2WSoZUWAYCwPrAOJ3VpN7JMpJ3fulim6MIzzXjhIeq
46
Zl2E10uM9mD0WKWUwTmZcp/a3s+EQZYydgQEY0uQQ1ol/rqnev89PRGu0eAOBKZx
47
/GEYxIkDRDHNNcfGo1lj2Of2sTEFR1FvTPy6X784qqW7afqIpo/86yMCAwEAATAN
48
BgkqhkiG9w0BAQsFAAOBgQAKU8paqctRObRoI+e2I4G7FPev6GVm3otYi/SEs17q
49
LmvMD63QPXEI7r+49FZzaXQtZKALb2NoMJKPO0mhzMJE5GR16f+E8ct1pA6L11t/
50
fqce0/oPC+LcX0D36/J1Bw+PL/qJq5NeCOY1ba6JcBPBtckVfwu8Vm+pm+DKGX3i
51
hw==
52
-----END CERTIFICATE-----
53
-----BEGIN RSA PRIVATE KEY-----
54
MIICXAIBAAKBgQCzfIL/oXNWrZZKhlRYBgLA+sA4ndWk3skyknd+6WKbowjPNeOE
55
h6pmXYTXS4z2YPRYpZTBOZlyn9rez4RBljJ2BARjS5BDWiX+uqd6/z09Ea7R4A4E
56
pnH8YRjEiQNEMc01x8ajWWPY5/axMQVHUW9M/Lpfvziqpbtp+oimj/zrIwIDAQAB
57
AoGAfHDxakcH7qq/rr/frn/MXPv9VcOoonyMRnHiQ62QXpP0waV9Lx/YdsyUE6kf
58
/JpQDz4OGsHSr/RBDYYXDloSdTKx0bBp6xL22SNf0fAkk14biXNc3olc2r5lccPz
59
fbKGEDHAGwcOTNb2zFYCWrn0IDuMjHsX+TejLA0mwOhcxgECQQDiyZfw9cuumDGg
60
rgMqxlX3DxIeOl/XHo0vOobijLnuG7CP7SS/Em38AEu+kTDUItm9SeRYzB2oDWto
61
B1+WSWejAkEAypslTk0Db0gBh9sJbN+4rPJNORvq/2BkXtDGR4WvuDIYvb8q+cYf
62
Og1upgjyVBBYV2b4udbXS4R8B42xwcSmgQJAbHtMD/ozbRfmHVs/rpVjB6QQ4Z7A
63
u5EkrePMI9B3G/vo0F/6hN+W9sVZdhXTipYFG7Od5A/3W6zXpNJqGeSRCwJAK/0V
64
U3PLHB0hH/MBj97fBMWy2IRkOEAgaqmfcyXmafKOhpv747ENVJhX/rqQionl9EwK
65
Eqc/pUjFeQpdnrlogQJBAMrDC4bQZ5igTPEXddDA8VN6qRLFDHFlTo2ulVyQ413Y
66
HmFUIf4BNcRKD3GO24x63L8xK0ArzW4iLlrkwW8A2IE=
67
-----END RSA PRIVATE KEY-----
68
metron_agent:
69
zone: z1
70
deployment: openpaas-controller
71
networks:
72
apps: op_network
73
router:
74
servers:
75
z1:
76
- 10.30.40.15 # Router IP 주소
77
resource_pool: router
78
templates:
79
- name: haproxy
80
release: openpaas-controller
81
- name: metron_agent
82
release: openpaas-controller
83
- name: consul_agent
84
release: openpaas-controller
85
update: {}
86
- instances: 1
87
name: nats
88
networks:
89
- name: op_network
90
static_ips: 10.30.40.11 # NATS IP 주소
91
properties:
92
metron_agent:
93
zone: z1
94
deployment: openpaas-controller
95
networks:
96
apps: op_network
97
resource_pool: medium
98
templates:
99
- name: nats
100
release: openpaas-controller
101
- name: nats_stream_forwarder
102
release: openpaas-controller
103
- name: metron_agent
104
release: openpaas-controller
105
update: {}
106
- instances: 1
107
name: etcd
108
networks:
109
- name: op_network
110
static_ips:
111
- 10.30.40.24 # ETCD IP 주소
112
persistent_disk: 10024
113
properties:
114
metron_agent:
115
zone: z1
116
deployment: openpaas-controller
117
networks:
118
apps: op_network
119
resource_pool: medium
120
templates:
121
- name: etcd
122
release: openpaas-controller
123
- name: etcd_metrics_server
124
release: openpaas-controller
125
- name: metron_agent
126
release: openpaas-controller
127
update:
128
max_in_flight: 1
129
130
- instances: 1
131
name: stats
132
networks:
133
- name: op_network
134
static_ips:
135
- 10.30.40.31 # Stats(Collector) IP 주소
136
properties:
137
metron_agent:
138
zone: z1
139
deployment: openpaas-controller
140
networks:
141
apps: op_network
142
resource_pool: small
143
templates:
144
- name: collector
145
release: openpaas-controller
146
- name: metron_agent
147
release: openpaas-controller
148
update: {}
149
150
- instances: 1
151
name: nfs
152
networks:
153
- name: op_network
154
static_ips: 10.30.40.12 # NFS Server IP 주소
155
persistent_disk: 102400
156
properties:
157
metron_agent:
158
zone: z1
159
deployment: openpaas-controller
160
networks:
161
apps: op_network
162
resource_pool: medium
163
templates:
164
- name: debian_nfs_server
165
release: openpaas-controller
166
- name: metron_agent
167
release: openpaas-controller
168
update: {}
169
170
- instances: 1
171
name: postgres
172
networks:
173
- name: op_network
174
static_ips: 10.30.40.22 # DB Server(PostgreSQL) IP 주소
175
persistent_disk: 4096
176
properties:
177
metron_agent:
178
zone: z1
179
deployment: openpaas-controller
180
networks:
181
apps: op_network
182
resource_pool: medium
183
templates:
184
- name: postgres
185
release: openpaas-controller
186
- name: metron_agent
187
release: openpaas-controller
188
update: {}
189
190
- instances: 1
191
name: uaa
192
networks:
193
- name: op_network
194
static_ips: 10.30.40.32 # UAA IP 주소
195
properties:
196
consul:
197
agent:
198
services:
199
uaa: {}
200
metron_agent:
201
zone: z1
202
deployment: openpaas-controller
203
networks:
204
apps: op_network
205
route_registrar:
206
routes:
207
- name: uaa
208
port: 8080
209
tags:
210
component: uaa
211
uris:
212
- uaa.controller.open-paas.com
213
- '*.uaa.controller.open-paas.com'
214
- login.controller.open-paas.com
215
- '*.login.controller.open-paas.com'
216
uaa:
217
proxy:
218
servers:
219
- 10.30.40.15
220
resource_pool: medium
221
templates:
222
- name: uaa
223
release: openpaas-controller
224
- name: metron_agent
225
release: openpaas-controller
226
- name: consul_agent
227
release: openpaas-controller
228
- name: route_registrar
229
release: openpaas-controller
230
- name: statsd-injector
231
release: openpaas-controller
232
update: {}
233
234
- instances: 1
235
name: api
236
networks:
237
- name: op_network
238
static_ips: 10.30.40.33 # Cloud Controller IP 주소
239
persistent_disk: 8192
240
properties:
241
consul:
242
agent:
243
services:
244
cloud_controller_ng: {}
245
routing-api: {}
246
metron_agent:
247
zone: z1
248
deployment: openpaas-controller
249
networks:
250
apps: op_network
251
nfs_server:
252
address: 10.30.40.12 # NFS Server IP 주소
253
allow_from_entries:
254
- 10.30.0.0/16 # 허용 Network CIDR 값
255
share: null
256
route_registrar:
257
routes:
258
- name: api
259
port: 9022
260
tags:
261
component: CloudController
262
uris:
263
- api.controller.open-paas.com
264
resource_pool: large
265
templates:
266
- name: cloud_controller_ng
267
release: openpaas-controller
268
- name: cloud_controller_clock
269
release: openpaas-controller
270
- name: cloud_controller_worker
271
- name: routing-api
272
release: openpaas-controller
273
- name: metron_agent
274
release: openpaas-controller
275
- name: statsd-injector
276
release: openpaas-controller
277
- name: consul_agent
278
release: openpaas-controller
279
- name: nfs_mounter
280
release: openpaas-controller
281
- name: route_registrar
282
release: openpaas-controller
283
update: {}
284
285
- instances: 1
286
name: clock_global
287
networks:
288
- name: op_network
289
static_ips: 10.30.40.34 # Cloud Controller Clock IP 주소
290
persistent_disk: 4096
291
properties:
292
metron_agent:
293
zone: z1
294
deployment: openpaas-controller
295
networks:
296
apps: op_network
297
resource_pool: medium
298
templates:
299
- name: cloud_controller_clock
300
release: openpaas-controller
301
- name: metron_agent
302
release: openpaas-controller
303
update: {}
304
305
- instances: 1
306
name: api_worker
307
networks:
308
- name: op_network
309
static_ips: 10.30.40.35 # CC Worker IP 주소
310
persistent_disk: 0
311
properties:
312
metron_agent:
313
zone: z1
314
deployment: openpaas-controller
315
networks:
316
apps: op_network
317
nfs_server:
318
address: 10.30.40.12 # NFS Server IP 주소
319
allow_from_entries:
320
- 10.30.0.0/16 # 허용 Network CIDR 값
321
share: null
322
resource_pool: small
323
templates:
324
- name: cloud_controller_worker
325
release: openpaas-controller
326
- name: metron_agent
327
release: openpaas-controller
328
- name: consul_agent
329
release: openpaas-controller
330
- name: nfs_mounter
331
release: openpaas-controller
332
update: {}
333
334
- instances: 0
335
name: hm9000
336
networks:
337
- name: op_network
338
properties:
339
metron_agent:
340
zone: z1
341
deployment: openpaas-controller
342
networks:
343
apps: op_network
344
route_registrar:
345
routes:
346
- name: hm9000
347
port: 5155
348
tags:
349
component: HM9K
350
uris:
351
- hm9000.controller.open-paas.com
352
resource_pool: medium
353
templates:
354
- name: hm9000
355
release: openpaas-controller
356
- name: metron_agent
357
release: openpaas-controller
358
- name: route_registrar
359
release: openpaas-controller
360
update: {}
361
362
- instances: 0
363
name: runner
364
networks:
365
- name: op_network
366
properties:
367
dea_next:
368
zone: z1
369
metron_agent:
370
zone: z1
371
deployment: openpaas-controller
372
networks:
373
apps: op_network
374
resource_pool: runner
375
templates:
376
- name: dea_next
377
release: openpaas-controller
378
- name: dea_logging_agent
379
release: openpaas-controller
380
- name: metron_agent
381
release: openpaas-controller
382
update:
383
max_in_flight: 1
384
385
- instances: 0
386
name: loggregator
387
networks:
388
- name: op_network
389
properties:
390
doppler:
391
zone: z1
392
metron_agent:
393
zone: z1
394
doppler_endpoint:
395
shared_secret: admin
396
resource_pool: medium
397
templates:
398
- name: doppler
399
release: openpaas-controller
400
- name: syslog_drain_binder
401
release: openpaas-controller
402
- name: metron_agent
403
release: openpaas-controller
404
update: {}
405
406
- instances: 1
407
name: doppler
408
networks:
409
- name: op_network
410
static_ips: 10.30.40.38 # Doppler IP 주소
411
properties:
412
doppler:
413
zone: z1
414
metron_agent:
415
zone: z1
416
deployment: openpaas-controller
417
networks:
418
apps: op_network
419
resource_pool: medium
420
templates:
421
- name: doppler
422
release: openpaas-controller
423
- name: syslog_drain_binder
424
release: openpaas-controller
425
- name: metron_agent
426
release: openpaas-controller
427
update: {}
428
429
- instances: 1
430
name: loggregator_trafficcontroller
431
networks:
432
- name: op_network
433
static_ips: 10.30.40.39 # Loggregator Controller IP 주소
434
properties:
435
metron_agent:
436
zone: z1
437
deployment: openpaas-controller
438
networks:
439
apps: op_network
440
route_registrar:
441
routes:
442
- name: doppler
443
port: 8081
444
uris:
445
- doppler.controller.open-paas.com
446
- name: loggregator
447
port: 8080
448
uris:
449
- loggregator.controller.open-paas.com
450
traffic_controller:
451
zone: z1
452
resource_pool: small
453
templates:
454
- name: loggregator_trafficcontroller
455
release: openpaas-controller
456
- name: metron_agent
457
release: openpaas-controller
458
- name: route_registrar
459
release: openpaas-controller
460
update: {}
461
462
- instances: 1
463
name: router
464
networks:
465
- name: op_network
466
static_ips: 10.30.40.15 # Router IP 주소
467
properties:
468
consul:
469
agent:
470
services:
471
gorouter: {}
472
metron_agent:
473
zone: z1
474
deployment: openpaas-controller
475
networks:
476
apps: op_network
477
resource_pool: router
478
templates:
479
- name: gorouter
480
release: openpaas-controller
481
- name: metron_agent
482
release: openpaas-controller
483
- name: consul_agent
484
release: openpaas-controller
485
update: {}
Copied!

3.3.7. Properties

아래 Sample Manifest를 참조하여 설치 환경에 맞게 값을 수정한다.
1
properties:
2
acceptance_tests: null
3
app_domains:
4
- controller.open-paas.com # DNS Server에 등록된 Platform Domain Name
5
app_ssh: # App에 ssh로 접근하기 위한 정보
6
host_key_fingerprint: 89:d3:73:01:f3:10:c4:a7:87:53:54:31:63:ee:ef:51
7
oauth_client_id: ssh-proxy
8
cc: # 여기서부터 Cloud Controller Properties
9
allow_app_ssh_access: true
10
allowed_cors_domains: []
11
app_events:
12
cutoff_age_in_days: 31
13
app_usage_events:
14
cutoff_age_in_days: 31
15
audit_events:
16
cutoff_age_in_days: 31
17
broker_client_default_async_poll_interval_seconds: null
18
broker_client_max_async_poll_duration_minutes: null
19
broker_client_timeout_seconds: 70
20
buildpacks:
21
buildpack_directory_key: controller.open-paas.com-cc-buildpacks
22
cdn: null
23
fog_connection:
24
local_root: /var/vcap/store
25
provider: Local
26
bulk_api_password: admin # Bulk API Password 설정
27
client_max_body_size: 2048M
28
db_encryption_key: db-encryption-key # DB Encryprion Key 지정
29
db_logging_level: debug2
30
default_app_disk_in_mb: 1024
31
default_app_memory: 1024
32
default_buildpacks:
33
- name: java_buildpack_offline
34
package: buildpack_java_offline
35
- name: egov_buildpack
36
package: buildpack_egov
37
- name: java_buildpack
38
package: buildpack_java
39
- name: ruby_buildpack
40
package: buildpack_ruby
41
- name: nodejs_buildpack
42
package: buildpack_nodejs
43
- name: go_buildpack
44
package: buildpack_go
45
- name: python_buildpack
46
package: buildpack_python
47
- name: php_buildpack
48
package: buildpack_php
49
default_health_check_timeout: 60
50
default_quota_definition: default
51
default_running_security_groups:
52
- public_networks
53
- dns
54
- services
55
default_staging_security_groups:
56
- public_networks
57
- dns
58
default_to_diego_backend: true
59
development_mode: false
60
directories: null
61
disable_custom_buildpacks: false
62
droplets:
63
cdn: null
64
droplet_directory_key: controller.open-paas.com-cc-droplets
65
fog_connection:
66
local_root: /var/vcap/store
67
provider: Local
68
max_staged_droplets_stored: null
69
external_host: api
70
external_port: 9022
71
external_protocol: null
72
install_buildpacks:
73
- name: java_buildpack_offline
74
package: buildpack_java_offline
75
- name: egov_buildpack
76
package: buildpack_egov
77
- name: java_buildpack
78
package: buildpack_java
79
- name: ruby_buildpack
80
package: buildpack_ruby
81
- name: nodejs_buildpack
82
package: buildpack_nodejs
83
- name: go_buildpack
84
package: buildpack_go
85
- name: python_buildpack
86
package: buildpack_python
87
- name: php_buildpack
88
package: buildpack_php
89
internal_api_password: admin # Internal API Password
90
internal_api_user: internal_user
91
jobs:
92
app_bits_packer:
93
timeout_in_seconds: null
94
app_events_cleanup:
95
timeout_in_seconds: null
96
app_usage_events_cleanup:
97
timeout_in_seconds: null
98
blobstore_delete:
99
timeout_in_seconds: null
100
blobstore_upload:
101
timeout_in_seconds: null
102
droplet_deletion:
103
timeout_in_seconds: null
104
droplet_upload:
105
timeout_in_seconds: null
106
generic:
107
number_of_workers: null
108
global:
109
timeout_in_seconds: 14400
110
model_deletion:
111
timeout_in_seconds: null
112
logging_level: debug2
113
maximum_app_disk_in_mb: 2048
114
maximum_health_check_timeout: 180
115
min_cli_version: null
116
min_recommended_cli_version: null
117
newrelic:
118
capture_params: false
119
developer_mode: false
120
environment_name: openpaas-controller
121
license_key: null
122
monitor_mode: false
123
transaction_tracer:
124
enabled: true
125
record_sql: obfuscated
126
packages:
127
app_package_directory_key: controller.open-paas.com-cc-packages
128
cdn: null
129
fog_connection:
130
local_root: /var/vcap/store
131
provider: Local
132
max_package_size: 1073741824
133
max_valid_packages_stored: null
134
quota_definitions: # Application Instance Default Quota 값 지정
135
default:
136
memory_limit: 10240
137
non_basic_services_allowed: true
138
total_routes: 1000
139
total_services: 100
140
resource_pool:
141
cdn: null
142
fog_connection:
143
local_root: /var/vcap/store
144
provider: Local
145
resource_directory_key: controller.open-paas.com-cc-resources
146
security_group_definitions:
147
- name: public_networks
148
rules:
149
- destination: 0.0.0.0-9.255.255.255
150
protocol: all
151
- destination: 11.0.0.0-169.253.255.255
152
protocol: all
153
- destination: 169.255.0.0-172.15.255.255
154
protocol: all
155
- destination: 172.32.0.0-192.167.255.255
156
protocol: all
157
- destination: 192.169.0.0-255.255.255.255
158
protocol: all
159
- name: dns
160
rules:
161
- destination: 0.0.0.0/0
162
ports: "53"
163
protocol: tcp
164
- destination: 0.0.0.0/0
165
ports: "53"
166
protocol: udp
167
- name: services
168
rules:
169
- destination: 10.30.0.0/16
170
protocol: all
171
service_usage_events:
172
cutoff_age_in_days: 31
173
srv_api_uri: https://api.controller.open-paas.com # Platform API Target URL
174
stacks: null
175
staging_upload_password: admin # Staging Upload Password
176
staging_upload_user: staging_upload_user
177
system_buildpacks:
178
- name: java_buildpack_offline
179
package: buildpack_java_offline
180
- name: egov_buildpack
181
package: buildpack_egov
182
- name: java_buildpack
183
package: buildpack_java
184
- name: ruby_buildpack
185
package: buildpack_ruby
186
- name: nodejs_buildpack
187
package: buildpack_nodejs
188
- name: go_buildpack
189
package: buildpack_go
190
- name: python_buildpack
191
package: buildpack_python
192
- name: php_buildpack
193
package: buildpack_php
194
#- name: binary_buildpack
195
# package: buildpack_binary
196
thresholds:
197
api:
198
alert_if_above_mb: null
199
restart_if_above_mb: null
200
restart_if_consistently_above_mb: null
201
worker:
202
alert_if_above_mb: null
203
restart_if_above_mb: null
204
restart_if_consistently_above_mb: null
205
user_buildpacks: []
206
users_can_select_backend: false
207
ccdb:
208
address: 10.30.40.22 # DB Server(PostgreSQL) VM IP 주소
209
databases:
210
- citext: true
211
name: ccdb
212
tag: cc
213
db_scheme: postgres
214
port: 5524
215
roles:
216
- name: ccadmin
217
password: admin # ccadmin 계정 Password
218
tag: admin
219
collector: null
220
consul:
221
agent:
222
log_level: null
223
servers:
224
lan:
225
- 10.30.40.16 # Consul VM IP 주소
226
# Consul agent cert 키 값
227
agent_cert: |
228
-----BEGIN CERTIFICATE-----
229
MIIEIjCCAgygAwIBAgIRANVNoOk6A4WIpnRmprN6Ft4wCwYJKoZIhvcNAQELMBMx
230
ETAPBgNVBAMTCGNvbnN1bENBMB4XDTE1MTIxNjA3MjcyN1oXDTE3MTIxNjA3Mjcy
231
OFowFzEVMBMGA1UEAxMMY29uc3VsIGFnZW50MIIBIjANBgkqhkiG9w0BAQEFAAOC
232
AQ8AMIIBCgKCAQEAvJSw9vW2VCtTbMQ02SQ9H+XpJOA6Pm5B/qsWFFc7YePp2FRg
233
CUFO48/SOhKJ99GxdC2io91jmicTMUyHpHjbreohpRlxBpXxlKevPQHY8jVZ1MQ2
234
IRGX4V1bi/cpe0rttEeWEy315xjPDdsEevgyUwJ5/gEYzr0PneAzrDkmnXMGZaAv
235
/EEM/5cj34HVFrkv3WQ/cY2zOOqzs0wsR02SWgt2H6ne4qukOIDgL4QV3/PjDSiE
236
zW7Yta+yxNikwm85BhyGCaucQncOXlNTjJ/a2XDK2FYDzSLm2nNFKLiGqPz6VPgD
237
VpH5G/3/875EoJqDQwaEvLzo2TNU5RIyewmfRwIDAQABo3EwbzAOBgNVHQ8BAf8E
238
BAMCALgwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQr
239
M995lPKvjs4giWC2lz+UksWGoTAfBgNVHSMEGDAWgBRoGRUwOPPgLrI5WCtaB3uj
240
sdjkMDALBgkqhkiG9w0BAQsDggIBACmcL4wkwYU1pjp1/fFuesP4xOvxmrs7VKFY
241
8eT7IIGv7bk4PMH8xR6y57IAq8VQP4iIe91jlyz5APqP86EhnDHemYimaR4V02R5
242
BD5PzN0bDdqpGGAB4oU6OJD5XObEj4yC+0Miy3Mdz5sSmZZ1Tn0o710L4Y+ncjwD
243
vEG3wFkCfe/SU8Fd5vVfM1d6CzFDo+szrcoXR56bGrDKAocH641Z4ofCSDs2pCri
244
BvJ/OWbekktvqvsA2BX6d78k9FX3RIQZzGUciQtIyiWoJMFT7Gf5D+yK1m8F/Ad8
245
ROWL1APXFb/IOjL6K+7E1YIhOpthOYZRtWBp9idhY3/Bzac/cYthOG/mu4YzDf4R
246
eX25OO7C2G818xzVk9zxKKnlWJkpRWa1uYLTb/trW6GT/hFaA0BTX0hVzgdnYs/l
247
NnhVlPk3wTXWhTBzuvWPVEIyblzt7GszMiYrX9Un1meQxDyVs89dLANAr1tocAo9
248
eC98fNpO55RS/mCCzmwtuGO6FL7kGz91BtJRzx+LD9tMyZWWAmjUzR8Ak6iwrHoX
249
wyLWcXomI2INoGkaj2/j/KywyDq6zOhb5nA98nQOIZb4FkHgX5H6jajN4DfurZp1
250
mq6LVQrV5B7yxf4ul3MfOq/HV2eMzyH6uiKXIuwrFU7poUyn4EdXfUHB5Imjlx46
251
ZGkvJ5oM
252
-----END CERTIFICATE-----
253
# Consul agent 키 값
254
agent_key: |
255
-----BEGIN RSA PRIVATE KEY-----
256
MIIEpQIBAAKCAQEAvJSw9vW2VCtTbMQ02SQ9H+XpJOA6Pm5B/qsWFFc7YePp2FRg
257
CUFO48/SOhKJ99GxdC2io91jmicTMUyHpHjbreohpRlxBpXxlKevPQHY8jVZ1MQ2
258
IRGX4V1bi/cpe0rttEeWEy315xjPDdsEevgyUwJ5/gEYzr0PneAzrDkmnXMGZaAv
259
/EEM/5cj34HVFrkv3WQ/cY2zOOqzs0wsR02SWgt2H6ne4qukOIDgL4QV3/PjDSiE
260
zW7Yta+yxNikwm85BhyGCaucQncOXlNTjJ/a2XDK2FYDzSLm2nNFKLiGqPz6VPgD
261
VpH5G/3/875EoJqDQwaEvLzo2TNU5RIyewmfRwIDAQABAoIBAQCM1/TPjbZuaKl3
262
G5do8eLhFwKo8vstM4YAoWDtMjV8qA837dSINQmppcaabswylZ+WaJsHDctdD4AL
263
GuBX25ge7TXRrA25YHW8k/yScPXJ+ESuXxkaW5x2yhYclC2cEts0AR86FeKJhgLm
264
k0RmX0aersPUDJetmJC4VgHhyBFqF301o2BpLQn8nDC5awSqoY6poThELQYkX0s5
265
2mNS1GunESaVtpo/qwbb2sdAhVv1M6HKNkcWBE6DOVMR+QwxoIMVj0mosEJT6jsd
266
NhZE3aRP49Gv82m6aWAuVtEAiZbIsF/xdsw4pRG2BXwwbiAtjUVMK1nmt2BUjXmK
267
ppZbE9ehAoGBAOMn83e3o4IdPhj6Cqs8PPJGOCHRt5hcq66Pkfk2U3fJCONO3ROO
268
GkMY6HMrqvTcUpBeHMm1EZjmvKfvK6wjiVs1KNJXFZvrbOF3KMkqFkxev+38zb7L
269
VF94OPhgvKDLx9KRiMo9m2013npNx9iimXlGQ0pdi6zil87LbfacL7yXAoGBANSG
270
y1eQoMTHS+xxeP5chBxErYaaD40bCCRqQgUuXHxMteltdSR2ChVMIHTHvXgtR6xO
271
8l5I4IXucjjmdr0pLecdc40+5UDvxy1UXYgwQVJzOLZ4L2U1wdu7VXFOgr6/Ehl9
272
vn4ncEgRlFNpxbyIbZIReHkgxjhOzJ0N+50ogZjRAoGAUs+5vqdAAKtQfCKLySlI
273
vrpCtHGUEQOXwyer+8KGY2Dy0ItrpTlk8ZkfBP2icWnw35ivvgk4xRk5Ja/XqAW8
274
iXezzhrZUeJd60RZphylzGmuZsCG8UuHEtbtTf9WRPiFfIp55+DVzNaaqNO6S4vb
275
j47B8VZxGTHyTf1ztTfzXzkCgYEAsO4HGz8smKXSb2WIdTpQQbhrPkPD7pUykh5k
276
GCwgktrKFyso+tHKUzCtVIt1ETehE7Il1JiXUujP7s7uy0wdCutZ550U/pqgFvzF
277
YTvLJfkGneIwkvHOEkBDQbE659HqH46vqBbtQxJfiZHlLK/niFNDGJRQcVAoyBd8
278
AbpXKgECgYEApqgxW3C7CJStKRdvMQeg50PS5oyXSglU8JoACEYDOUoWQZTDUqci
279
CYFJNfdEv/K3AmZH/0hSVuYXhzvdotpWhHvdtmH/YT1bkeoYF5NULyB4VyKOnpyR
280
MS/cy+MIiSuLeKK8dNRy62t5Ugo+mgaxuNt3nTlGW0pIathZ9BZJ4Kc=
281
-----END RSA PRIVATE KEY-----
282
# Consul ca cert 키 값
283
ca_cert: |
284
-----BEGIN CERTIFICATE-----
285
MIIFAzCCAu2gAwIBAgIBATALBgkqhkiG9w0BAQswEzERMA8GA1UEAxMIY29uc3Vs
286
Q0EwHhcNMTUxMjE2MDcyNzA2WhcNMjUxMjE2MDcyNzI1WjATMREwDwYDVQQDEwhj
287
b25zdWxDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKqk/0Lg6fvy
288
PMHs/W1yj9lLxdsbJs7GFdoGOLi99DD3zJxN/t2pskagHYqgdSddGqM/ZVIZ+eB/
289
tvzUcFczvjG36o+5Bsca31Ez/pCS+1sU88tb5XM5UpGZ0hU2ZB5pdZ08hyKsGqgQ
290
dkRLlcq7pCfRs1AHxwUMG34AyvrKwR/uufIDlHm3ChMx7plykeObK5hw6H/ZZDn5
291
uvF6ROtSPEvVvm6i7DC45D+hJSbsZF5U4PnGr6Ez8TWvlhJDln3bFDpKZN8NUig+
292
nOk05JuxmGjWtpFogtsWfrM5iZzo3Wq9ku8CuYw3F0cZl4L6xycCuzVn2oja/FN8
293
wU+0ND2DIntcUbM+CgCrcua+0l1J5ob4JN3TS98mEvO8MeuXIRXVf9EprbGur0YY
294
2rVVQ+DMIsOmbD7MzewBnjy0mrU9fuiTX29BoBTk0y+CZM5VpTUJXvnQ54sDfHSI
295
Ch1DgvmNgYhPBOkzG8Ecm9oaNXdfl1ZTr0EHycI5aNLeZHOI55SkD2UtFEogmcDc
296
wPitTmpVrBNnCnBkWmiqePausRQBJWDvGRKJqWKQmt/hj7X4PrBGE7inPQEFr63A
297
d9N7gceZPfPPYDUiKRtbXOaEK20jzyg5RDK6RPKuwO6tQPwhNKzwmgeVKI1TCfow
298
OOIGl13s48m7JYul6LRaqpla26Y89siLAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIA
299
BjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBRoGRUwOPPgLrI5WCtaB3uj
300
sdjkMDAfBgNVHSMEGDAWgBRoGRUwOPPgLrI5WCtaB3ujsdjkMDALBgkqhkiG9w0B
301
AQsDggIBAKpQwk1sRYfkq5pvVRwnzqSyrdt3tQ9TrtWi15hzucLGQbaPCoCWKmkB
302
N9VkeOWsP/f/q9ptRUBBB+qT1270fmCXiTYMdJAnLers32gomqQmv7H/eI0d3Mzr
303
1PA8P8W5066hqywsBLd4D0lcrCaC5VkvvUIG6RE3sOh5wW1UZxUR52LPLPqiiS8d
304
oU9NXb8BtxW+juj+VypnwisEMXtV4K7Wf0g+05w8PND3PQbzj665em+cCt7sG9Fd
305
EOvxhmqFQhJKfiFZe/uNORrlZBVX8w0M+OLRi99feH93BLnklpH2QYVw9XDUu6gV
306
zzcAMuOuwd75ngHbW5dRiP6hE8Qn10NQf+K6Hq5gXgnGI7r1yic63JeXYqU9N981
307
9krNGikmRYoEAF5Mbind2u8c4ce7/b6TjvsgX2Ddj3nRuPTbg1+9Vl8v7/kQrPaP
308
3jR+X+OJ4qOZH//lIAy99Ifs2EqQh2EdqJXLH3cddWhUtf7UdsMciyYNotswlZxs
309
CNoRpYD795IrQeAmgx3avhdihCUeZRyy5zZgpufkyLJe0CDvH0XRChTZhOSjptDb
310
3LeZoWKxn2G0f9ZL0SasOyU+uLtGSQLpavW22CVwDPvWrxj5BpG3Ulddgh/ysIwN
311
4PFVkjXsY1Ca5mC7mMu0+XSaALaNlXlJ7GuRmf+CU2sWCQOxGvp+
312
-----END CERTIFICATE-----
313
# Consul encrypt 키 값
314
encrypt_keys:
315
- t66mLrBhJ5kpofLwoJpH5A==
316
require_ssl: true # Consul ssl 접속 여부
317
# Consul server cert 키 값
318
server_cert: |
319
-----BEGIN CERTIFICATE-----
320
MIIEKzCCAhWgAwIBAgIQMkaGpfb7hSNQcutiGf4ERjALBgkqhkiG9w0BAQswEzER
321
MA8GA1UEAxMIY29uc3VsQ0EwHhcNMTUxMjE2MDcyNzI2WhcNMTcxMjE2MDcyNzI3
322
WjAhMR8wHQYDVQQDExZzZXJ2ZXIuZGMxLmNmLmludGVybmFsMIIBIjANBgkqhkiG
323
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZvu3TU4dQeh4veVGti3hhYP/7YCbKI8y7q6
324
Qyz7FCvQJSsD0bUXnG6+U7tNHOTRNdBTnQrmZFeWoXXGscqZLwSRnTlG6q28Bfwc
325
imMbnqM1xz/1TlAXsC4NSw4quvoxW+KlWVNM9/srga5+aWJCXOx4ozF770eb82pe
326
8EAGhAHZ2zx1xZ3x8NdQRsOc77pYdXrNjWcxicQzONZ7+DKrhk3Enw7DWZkkUITv
327
1DtHjD6HN3v847ZLS5hk6c8bn2EHGqzvXHFSLXM1hJrom3lhDiaO6tN0lC2EPwSz
328
ogQ8obPy5VHhST3LgpsondqTlZkAVX8UUsmhn7M+vuXdxuD4iQIDAQABo3EwbzAO
329
BgNVHQ8BAf8EBAMCALgwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0G
330
A1UdDgQWBBTnXp73N5Gb7qFeRa66ESaCYCj5azAfBgNVHSMEGDAWgBRoGRUwOPPg
331
LrI5WCtaB3ujsdjkMDALBgkqhkiG9w0BAQsDggIBAFhuxqoVQ66uk07TwJoet8Jr
332
kNtLDPadOlKPBgnOrER8GpNhxg8cet5tWyKD6vPveuzecGKGoXO1EamLdLSmx73m
333
HD/e0uISZ1s/yCVYzRfsCmaFw2hsFQvlUIp0J3KwEpA71sP6jyN+il9cwfR0v9Z+
334
KhrgCVlYlxk+GpXG1mNx908omLydss81OJRuw/VUCi96htH8naur7JCSYUYNmXTU
335
hAPxF3C/uZULGDs/ktJ6orEjybAn0lLFJSJr7FTb2bhmJcxDXnm1B3KU9ggCA9za
336
oRmi53xFVZBa9arYMvnD97T7zwioJVww8u+VVBAuOaeZggliSZL3SfloJ6u8LhWO
337
MObMsNEgl9/IziNEbC3XcjT6rwcepWb4mNCaoEsm3fKAAwjUv2qHy7FslM2O0GDx
338
wgpCCVuG0sN3zYJYr4zCvP3nnir49jZ1gJ1vKikK+Qk72crPEcsWh7/iuWIb0Ir2
339
h2LbwCUsXo1DDptJiDn7FfEX4WW9OStaI4WCgvlcKMlMwcnZIZ3tN7NlNzon8fAV
340
LR0GHcKqvPmPp49zvjXt4BroQPdUgM3WZPpCNtZDqDc9obfS5ap7FAVQWBaPqOu0
341
aMgvXar2LxBuM7JWCorYzztm5sv4NJSjxjDkkybwOImTxZkpLZb2j58TdXQiE1v+
342
fns7uQ9yHVtyl941hRlf
343
-----END CERTIFICATE-----
344
# Consul server 키 값
345
server_key: |
346
-----BEGIN RSA PRIVATE KEY-----
347
MIIEowIBAAKCAQEAqZvu3TU4dQeh4veVGti3hhYP/7YCbKI8y7q6Qyz7FCvQJSsD
348
0bUXnG6+U7tNHOTRNdBTnQrmZFeWoXXGscqZLwSRnTlG6q28BfwcimMbnqM1xz/1
349
TlAXsC4NSw4quvoxW+KlWVNM9/srga5+aWJCXOx4ozF770eb82pe8EAGhAHZ2zx1
350
xZ3x8NdQRsOc77pYdXrNjWcxicQzONZ7+DKrhk3Enw7DWZkkUITv1DtHjD6HN3v8
351
47ZLS5hk6c8bn2EHGqzvXHFSLXM1hJrom3lhDiaO6tN0lC2EPwSzogQ8obPy5VHh
352
ST3LgpsondqTlZkAVX8UUsmhn7M+vuXdxuD4iQIDAQABAoIBAA+UZ0iijuERJmm2
353
3Fdu+My0UhvnGCnqbTM5n8pz40xjCeegH+WvgM+5zHnchqTUz/LlhAi065zj/s4u
354
B2ZledS70rRigoUkGFVkZyq/F9Zmn5YB5gKfkM16LXZrgrlSKh6Kny2pXTSaOdDb
355
unjrsbTfc+Vpsjy0kzq01quy9eZCLvClKjSNG4zc4P1Yxo6ptvkYq6zTv/+CA5dM
356
AKfzB2NHcEu4lAnWS29ps2gDg4mIDs5tUaC5nE4KRXZHo/o7iHBR3KzyR4mFD/n+
357
a5eyjkQFWLOVqBCfseLri8ESmkFZeZJ32td3mUIxokEVuwBdZ7Zb8KKI7QhweVv2
358
WQzzUEECgYEAxkdvVE/sJAeDHs176QquLhCZJ83YFjgxU+FWO9JJuANm3j0CWEqK
359
Rw6mlparltr8lzJhs/lVEhOmfNEMDw3RcF8TBxj9gsZn12To8yh8PzSz0DpjiDAO
360
Osw7iNWy95PvgqQy11+OizUpS5zaVwjc2YByhec0OxzDAUO9D4SLuP0CgYEA2vvl
361
2BLlVxkbz73s36JbXMtL7UvqakbFmbcdQSu07czGbdFtNxNhphKIVBCH4ny2yBxm
362
qEEpuis/fkVzhD02V81dI63PIhRZuFEXnGWhMeY44VmWCmbaoUdZd9Ozna2AnVVN
363
a5Qw1hWHcmfpcILaFgCb/j2XHqveTZ87pMjdyX0CgYA5cbq8V4dXjOGdC/VJN/Hs
364
oJxunsFq9o67+X3NSQhYiovD+TLzt2zGV2VGHZLK2tjxSQRrauINoanLYZk3x04V
365
W0Yc+U2BFNBC5BZlVCZi/XbW7gOmEh4dRMw+wYLfHXn3hHDCWwnmJNm48VGEg6nQ
366
TdlgF/LW6WdJt4FPvJvqVQKBgFs3YFdwD44HTHltcJT7CTmPCVKQM9YPItJT32C9
367
NwFzMhieivLNJPjLcXQq6p9iObUDd5OQiTQePbV4cpTb9p3+UlTBWq2kcnb/eGlS
368
QCIL9xePfJtamqlhkhgC3CfLFO70kGpGcU1L7H6wYCHYr8VIfbIar688Aj6tHGgY
369
r6H1AoGBAK81Evrf729tMezOMoGQKGfZrP9pkh6Bh5ProZFqK5R9GItXdYU4ATvL
370
1/dmdLjPwDpprC90gfjDnvT+rxBJUQmlklRV4YvutaOO25UJQtnLEA7oBmASYGjh
371
QsflMYJj0ytvop7ReDVV6+p6OymS2SBZrdO2AvwRNy6cVSuPjgLn
372
-----END RSA PRIVATE KEY-----
373
databases:
374
additional_config: null
375
address: 10.30.40.22 # DB Server VM IP 주소
376
collect_statement_statistics: null
377
databases:
378
- citext: true
379
name: ccdb
380
tag: cc
381
- citext: true
382
name: uaadb
383
tag: uaa
384
db_scheme: postgres
385
port: 5524
386
roles:
387
- name: ccadmin
388
password: admin
389
tag: admin
390
- name: uaaadmin
391
password: admin
392
tag: admin
393
dea_next:
394
advertise_interval_in_seconds: 5
395
allow_host_access: null
396
allow_networks: []
397
default_health_check_timeout: 60
398
deny_networks: []
399
directory_server_protocol: https
400
disk_mb: 32768
401
disk_overcommit_factor: 3
402
evacuation_bail_out_time_in_seconds: 0
403
heartbeat_interval_in_seconds: 10
404
instance_bandwidth_limit: null
405
instance_disk_inode_limit: 200000
406
kernel_network_tuning_enabled: false
407
logging_level: debug
408
memory_mb: 8192
409
memory_overcommit_factor: null
410
mtu: null
411
rlimit_core: 0
412
staging_bandwidth_limit: null
413
staging_disk_inode_limit: 200000
414
staging_disk_limit_mb: 6144
415
staging_memory_limit_mb: 1024
416
description: Open PaaS sponsored by OCP Team
417
disk_quota_enabled: false
418
domain: controller.open-paas.com
419
doppler:
420
blacklisted_syslog_ranges: null
421
debug: false
422
enable_tls_transport: null
423
maxRetainedLogMessages: 100
424
port: 4443 # Doppler port 번호
425
426
tls_server:
427
cert: null
428
key: null
429
port: null
430
unmarshaller_count: 5
431
doppler_endpoint:
432
shared_secret: admin # Doppler Endpoint Password
433
dropsonde:
434
enabled: true
435
etcd:
436
machines:
437
- 10.30.40.24 # etcd VM IP 주소
438
peer_require_ssl: false
439
require_ssl: false
440
etcd_metrics_server:
441
nats:
442
machines:
443
- 10.30.40.11 # NATS Server VM IP 주소
444
password: admin
445
username: nats
446
hm9000:
447
url: https://hm9000.controller.open-paas.com
448
logger_endpoint:
449
port: 443
450
use_ssl: true
451
loggregator:
452
blacklisted_syslog_ranges: null
453
debug: false
454
etcd:
455
machines:
456
- 10.30.40.24
457
maxRetainedLogMessages: 100
458
outgoing_dropsonde_port: 8081
459
tls:
460
ca: null
461
loggregator_endpoint:
462
shared_secret: admin
463
login:
464
analytics:
465
code: null
466
domain: null
467
asset_base_url: null
468
brand: oss
469
catalina_opts: null
470
enabled: true
471
invitations_enabled: null
472
links:
473
passwd: https://console.controller.open-paas.com/password_resets/new
474
signup: https://console.controller.open-paas.com/register
475
logout: null
476
messages: null
477
notifications:
478
url: null
479
protocol: null
480
restricted_ips_regex: null
481
saml: null
482
self_service_links_enabled: null
483
signups_enabled: null
484
smtp:
485
host: null
486
password: null
487
port: null
488
user: null
489
spring_profiles: null
490
tiles: null
491
uaa_base: null
492
url: null
493
metron_agent:
494
deployment: openpaas-controller
495
preferred_protocol: null
496
tls_client:
497
cert: null
498
key: null
499
metron_endpoint:
500
shared_secret: admin
501
nats:
502
address: 10.30.40.11
503
debug: false
504
machines:
505
- 10.30.40.11
506
monitor_port: 4221
507
password: admin
508
port: 4222
509
prof_port: 0
510
trace: false
511
user: nats
512
nfs_server:
513
address: null
514
allow_from_entries:
515
- 10.30.0.0/16 # NFS Mount 허용 Range 지정
516
share: null
517
request_timeout_in_seconds: 900
518
router:
519
cipher_suites: null
520
debug_addr: null
521
enable_ssl: null
522
extra_headers_to_log: null
523
logrotate: null
524
port: null
525
requested_route_registration_interval_in_seconds: null
526
route_service_timeout: null
527
route_services_secret: admin
528
route_services_secret_decrypt_only: null
529
secure_cookies: null
530
ssl_cert: null
531
ssl_key: null
532
ssl_skip_validation: true
533
status:
534
password: admin
535
port: null
536
user: router
537
smoke_tests: null
538
ssl:
539
skip_cert_verify: true
540
support_address: http://support.cloudfoundry.com
541
syslog_daemon_config: null
542
system_domain: controller.open-paas.com # DNS Server에 등록한 Platform Domain Name
543
system_domain_organization: OCP
544
traffic_controller:
545
outgoing_port: 8080
546
uaa:
547
admin:
548
client_secret: admin # admin 계정 Password
549
authentication:
550
policy:
551
countFailuresWithinSeconds: null
552
lockoutAfterFailures: null
553
lockoutPeriodSeconds: null
554
batch:
555
password: admin
556
username: batchuser
557
catalina_opts: -Xmx768m -XX:MaxPermSize=256m
558
cc:
559
client_secret: admin
560
clients:
561
cc-service-dashboards:
562
authorities: clients.read,clients.write,clients.admin
563
authorized-grant-types: client_credentials
564
scope: openid,cloud_controller_service_permissions.read
565
secret: admin
566
cc_routing:
567
authorities: routing.router_groups.read
568
authorized-grant-types: client_credentials
569
secret: admin
570
cloud_controller_username_lookup:
571
authorities: scim.userids
572
authorized-grant-types: client_credentials
573
secret: admin
574
doppler:
575
authorities: uaa.resource
576
override: true
577
secret: admin
578
gorouter:
579
authorities: clients.read,clients.write,clients.admin,routing.routes.write,routing.routes.read
580
authorized-grant-types: client_credentials,refresh_token
581
scope: openid,cloud_controller_service_permissions.read
582
secret: admin
583
login:
584
authorities: oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write
585
authorized-grant-types: authorization_code,client_credentials,refresh_token
586
override: true
587
redirect-uri: https://login.controller.open-paas.com
588
scope: openid,oauth.approvals
589
secret: admin
590
notifications:
591
authorities: cloud_controller.admin,scim.read
592
authorized-grant-types: client_credentials
593
secret: admin
594
ssh-proxy:
595
authorized-grant-types: authorization_code
596
autoapprove: true
597
override: true
598
redirect-uri: /login
599
scope: openid,cloud_controller.read,cloud_controller.write
600
secret: admin
601
database: null
602
issuer: https://uaa.controller.open-paas.com
603
jwt:
604
signing_key: |
605
-----BEGIN RSA PRIVATE KEY-----
606
MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
607
JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
608
0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
609
AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
610
Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
611
KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
612
duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
613
xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
614
+5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
615
lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
616
jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
617
HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
618
4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
619
-----END RSA PRIVATE KEY-----
620
verification_key: |
621
-----BEGIN PUBLIC KEY-----
622
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
623
KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
624
qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
625
spULZVNRxq7veq/fzwIDAQAB
626
-----END PUBLIC KEY-----
627
628
ldap: null
629
login: null
630
newrelic: null
631
no_ssl: null
632
port: 8080
633
require_https: null
634
restricted_ips_regex: 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
635
scim:
636
external_groups: null
637
groups: null
638
userids_enabled: true
639
users:
640
- admin|admin|scim.write,scim.read,openid,cloud_controller.admin,clients.read,clients.write,doppler.firehose,routing.router_groups.read
641
spring_profiles: null
642
url: https://uaa.controller.open-paas.com
643
user: null
644
zones: null
645
uaadb:
646
address: 10.30.40.22 # DB Server VM IP 주소
647
databases:
648
- citext: true
649
name: uaadb
650
tag: uaa
651
db_scheme: postgresql
652
port: 5524
653
roles:
654
- name: uaaadmin
655
password: admin
656
tag: admin
Copied!

3.4. Bosh Deploy

지금까지 설치를 위한 준비 과정이 정상적으로 수행되었으면, 지금부터 Open PaaS Controller를 IaaS 환경(vSphere)에 아래의 절차로 설치한다.

3.4.1. Deployment Manifest 지정

$ bosh deployment openpaas-vsphere-1.0.yml
“bosh deployment” 명령어로 생성한 Deployment Manifest File을 지정하고, 아래의 그림과 같이 동일한 명령어로 정상 지정 되었는지를 확인한다.

3.4.2. Open PaaS Controller Deploy

“bosh deploy” 명령으로 Open PaaS Controller 설치를 수행한다.
$ bosh deploy
보통 설치 과정은 1-2시간 정도가 소요되며 정상적으로 설치가 완료되면 아래 그림과 같은 메세지를 출력하게 된다.

3.5. 설치형상 확인

설치가 정상적으로 완료된 후 “bosh vms” 명령으로 설치된 Open PaaS Controller의 형상을 확인한다.
$ bosh vms
아래 그림과 같이 Deployment Name, Virtual Machine, IP 주소 등의 정보를 확인할 수 있다.

4. 설치 검증

4.1. CF Login

$ cf api https://api.controller.open-paas.com –skip-ssl-validation
$ cf login
1
Email> admin
2