### Deploy BOSH Lite on VirtualBox Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt This command deploys BOSH Lite on VirtualBox, providing a lightweight BOSH Director for local development and testing. It uses the Garden CPI and requires VirtualBox to be installed. After deployment, you may need to add a route to access BOSH Lite containers. ```bash # Deploy BOSH Lite on VirtualBox bosh create-env bosh.yml \ -o virtualbox/cpi.yml \ -o bosh-lite.yml \ -o jumpbox-user.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=vbox \ -v internal_ip=192.168.56.6 \ -v internal_gw=192.168.56.1 \ -v internal_cidr=192.168.56.0/24 ``` ```bash # Add route to BOSH Lite containers sudo route add -net 10.244.0.0/16 192.168.56.6 ``` -------------------------------- ### Deploy BOSH with Multiple CPIs (Hybrid Cloud) Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Configure BOSH Director to manage workloads across different cloud platforms by including multiple CPI ops files. This example shows AWS as primary and Docker as secondary. ```bash # Deploy with AWS as primary and Docker as secondary CPI bosh create-env bosh.yml \ -o aws/cpi.yml \ -o docker/cpi-secondary.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-multi-cpi \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v access_key_id=AKIAIOSFODNN7EXAMPLE \ -v secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \ -v az=us-east-1a \ -v region=us-east-1 \ -v default_key_name=bosh-key \ -v default_security_groups=[bosh-sg] \ -v subnet_id=subnet-12345678 ``` -------------------------------- ### Deploy BOSH with HTTP Proxy Configuration Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Use this command to deploy a BOSH Director with specified HTTP/HTTPS proxy settings for outbound connections in restricted networks. Ensure proxy variables are correctly set. ```bash # Deploy with proxy configuration bosh create-env bosh.yml \ -o aws/cpi.yml \ -o misc/proxy.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-aws \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v access_key_id=AKIAIOSFODNN7EXAMPLE \ -v secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \ -v az=us-east-1a \ -v region=us-east-1 \ -v default_key_name=bosh-key \ -v default_security_groups=[bosh-sg] \ -v subnet_id=subnet-12345678 \ -v http_proxy=http://proxy.example.com:8080 \ -v https_proxy=http://proxy.example.com:8080 \ -v no_proxy=localhost,127.0.0.1,10.0.0.0/8,169.254.169.254 ``` -------------------------------- ### Apply DNS Runtime Config with BOSH DNS Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt This command applies a runtime configuration to enable BOSH DNS across all BOSH-managed VMs, facilitating service discovery. After applying, all deployed VMs will have BOSH DNS enabled. Note the variables generated for DNS TLS certificates. ```bash # Apply DNS runtime config to enable BOSH DNS on all VMs bosh -e bosh-aws update-runtime-config runtime-configs/dns.yml ``` -------------------------------- ### Deploy BOSH with Jumpbox User for SSH Access Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Use this command to deploy BOSH with a jumpbox user, enabling SSH access to the Director VM. Requires an auto-generated SSH key pair. ```bash # Deploy with jumpbox user for SSH access bosh create-env bosh.yml \ -o aws/cpi.yml \ -o jumpbox-user.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-aws \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v access_key_id=AKIAIOSFODNN7EXAMPLE \ -v secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \ -v az=us-east-1a \ -v region=us-east-1 \ -v default_key_name=bosh-key \ -v default_security_groups=[bosh-sg] \ -v subnet_id=subnet-12345678 ``` ```bash # Extract SSH private key and connect bosh int creds.yml --path /jumpbox_ssh/private_key > jumpbox.key chmod 600 jumpbox.key ssh -i jumpbox.key jumpbox@10.0.0.6 ``` -------------------------------- ### Deploy BOSH Lite on GCP Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt This command deploys BOSH Lite on Google Cloud Platform (GCP) for a cloud-based development environment. It requires GCP credentials, project details, and network configuration. Ensure your `service-account.json` file is correctly populated. ```bash # Deploy BOSH Lite on GCP (cloud-based dev environment) bosh create-env bosh.yml \ -o gcp/cpi.yml \ -o bosh-lite.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-lite-gcp \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v gcp_credentials_json="$(cat service-account.json)" \ -v project_id=my-gcp-project \ -v zone=us-central1-a \ -v tags=[internal,no-ip] \ -v network=bosh-network \ -v subnetwork=bosh-subnet ``` -------------------------------- ### Deploy BOSH with BOSH Backup and Restore (BBR) Support Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Enables disaster recovery capabilities for BOSH Director databases and state. Requires BBR CLI for backup and restore operations. ```bash # Deploy with BBR support bosh create-env bosh.yml \ -o aws/cpi.yml \ -o uaa.yml \ -o credhub.yml \ -o bbr.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-aws \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v access_key_id=AKIAIOSFODNN7EXAMPLE \ -v secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \ -v az=us-east-1a \ -v region=us-east-1 \ -v default_key_name=bosh-key \ -v default_security_groups=[bosh-sg] \ -v subnet_id=subnet-12345678 ``` ```bash # Create backup using BBR CLI bbr director \ --host 10.0.0.6 \ --username jumpbox \ --private-key-path jumpbox.key \ backup ``` ```bash # Restore from backup bbr director \ --host 10.0.0.6 \ --username jumpbox \ --private-key-path jumpbox.key \ restore --artifact-path ./bosh-director-backup ``` -------------------------------- ### Deploy BOSH Director on AWS Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Uses the AWS CPI to create a BOSH Director instance with specified VPC, security groups, and IAM credentials. ```bash # Deploy basic BOSH Director on AWS bosh create-env bosh.yml \ -o aws/cpi.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-aws \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v access_key_id=AKIAIOSFODNN7EXAMPLE \ -v secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \ -v az=us-east-1a \ -v region=us-east-1 \ -v default_key_name=bosh-key \ -v default_security_groups=[bosh-sg] \ -v subnet_id=subnet-12345678 ``` -------------------------------- ### Deploy BOSH Director on OpenStack Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Use this command to create a BOSH Director instance on OpenStack with Keystone authentication and Neutron networking. Ensure you replace placeholder values with your specific OpenStack credentials and network details. ```bash # Deploy BOSH Director on OpenStack bosh create-env bosh.yml \ -o openstack/cpi.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-openstack \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v auth_url=https://keystone.example.com:5000/v3 \ -v az=nova \ -v default_key_name=bosh-key \ -v default_security_groups=bosh-sg \ -v net_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ -v openstack_password=your-openstack-password \ -v openstack_username=admin \ -v openstack_domain=Default \ -v openstack_project=bosh-project \ -v region=RegionOne ``` ```bash # Use Keystone v2 API (legacy) bosh create-env bosh.yml \ -o openstack/cpi.yml \ -o openstack/keystone-v2.yml \ --state=state.json \ --vars-store=creds.yml \ # ... same variables as above ``` -------------------------------- ### Deploy and Configure BOSH Director on GCP Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Deploys a BOSH Director on GCP and updates the cloud configuration for network settings. ```bash # Deploy BOSH Director on GCP bosh create-env bosh.yml \ -o gcp/cpi.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-gcp \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v gcp_credentials_json="$(cat service-account.json)" \ -v project_id=my-gcp-project \ -v zone=us-central1-a \ -v tags=[internal,no-ip] \ -v network=bosh-network \ -v subnetwork=bosh-subnet ``` ```bash # Update cloud config for GCP deployments bosh update-cloud-config gcp/cloud-config.yml \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v zone=us-central1-a \ -v network=bosh-network \ -v subnetwork=bosh-subnet \ -v tags=[internal] ``` -------------------------------- ### Deploy BOSH Director on vSphere Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Deploys a BOSH Director instance on VMware vSphere, requiring vCenter integration details. ```bash # Deploy BOSH Director on vSphere bosh create-env bosh.yml \ -o vsphere/cpi.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-vsphere \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v network_name=VM-Network \ -v vcenter_dc=Datacenter \ -v vcenter_ds=datastore1 \ -v vcenter_ip=vcenter.example.com \ -v vcenter_user=administrator@vsphere.local \ -v vcenter_password=your-vcenter-password \ -v vcenter_templates=bosh-templates \ -v vcenter_vms=bosh-vms \ -v vcenter_disks=bosh-disks \ -v vcenter_cluster=Cluster1 ``` -------------------------------- ### Update BOSH Runtime Config Source: https://github.com/cloudfoundry/bosh-deployment/blob/master/README.md Applies a runtime configuration file to all VMs in a BOSH deployment. Ensure the path to the runtime config file is correct. ```bash bosh -n -e bosh-1 update-runtime-config bosh-deployment/runtime-configs/dns.yml ``` -------------------------------- ### Deploy BOSH Director on Azure Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Deploys BOSH Director on Azure using either standard service principal authentication or recommended Managed Identity. ```bash # Deploy BOSH Director on Azure bosh create-env bosh.yml \ -o azure/cpi.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-azure \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.4 \ -v vnet_name=bosh-vnet \ -v subnet_name=bosh-subnet \ -v subscription_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ -v tenant_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ -v client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ -v client_secret=your-client-secret \ -v resource_group_name=bosh-rg \ -v storage_account_name=boshstorage \ -v default_security_group=nsg-bosh ``` ```bash # Deploy with Azure Managed Identity (recommended for production) bosh create-env bosh.yml \ -o azure/cpi.yml \ -o azure/use-managed-identity.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-azure \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.4 \ -v vnet_name=bosh-vnet \ -v subnet_name=bosh-subnet \ -v subscription_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx \ -v azure-managed-identity=my-managed-identity \ -v resource_group_name=bosh-rg \ -v storage_account_name=boshstorage \ -v default_security_group=nsg-bosh ``` -------------------------------- ### Deploy BOSH with Jammy Stemcell on AWS Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Use this command to deploy a BOSH Director on AWS utilizing the Ubuntu Jammy stemcell instead of the default Noble. This is useful for compatibility with older BOSH releases or specific application requirements. ```bash # Deploy with Jammy stemcell on AWS bosh create-env bosh.yml \ -o aws/cpi.yml \ -o aws/use-jammy.yml \ -o misc/source-releases/bosh.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-aws \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v access_key_id=AKIAIOSFODNN7EXAMPLE \ -v secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \ -v az=us-east-1a \ -v region=us-east-1 \ -v default_key_name=bosh-key \ -v default_security_groups=[bosh-sg] \ -v subnet_id=subnet-12345678 ``` -------------------------------- ### Apply Cloud Config for AWS Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Applies the AWS cloud configuration to your BOSH Director. Ensure the specified variables match your AWS environment details. ```bash # Apply cloud config for AWS bosh -e bosh-aws update-cloud-config aws/cloud-config.yml \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v az=us-east-1a \ -v subnet_id=subnet-12345678 ``` -------------------------------- ### Configure BOSH Director for Syslog Forwarding Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Enables centralized logging by forwarding BOSH Director logs to an external syslog server. Can be configured during deployment or applied via runtime config. ```bash # Deploy with syslog forwarding bosh create-env bosh.yml \ -o aws/cpi.yml \ -o syslog.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-aws \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v access_key_id=AKIAIOSFODNN7EXAMPLE \ -v secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \ -v az=us-east-1a \ -v region=us-east-1 \ -v default_key_name=bosh-key \ -v default_security_groups=[bosh-sg] \ -v subnet_id=subnet-12345678 \ -v syslog_address=logs.example.com \ -v syslog_port=514 \ -v syslog_transport=tcp ``` ```bash # Apply syslog forwarding to all deployed VMs via runtime config bosh -e bosh-aws update-runtime-config runtime-configs/syslog.yml \ -v syslog_address=logs.example.com \ -v syslog_port=514 \ -v syslog_transport=tcp ``` -------------------------------- ### Configure BOSH Director with External Database Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Configures BOSH Director to use an external PostgreSQL or MySQL database. Supports separate external databases for UAA and CredHub. ```bash # Deploy with external database bosh create-env bosh.yml \ -o aws/cpi.yml \ -o misc/external-db.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-aws \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v access_key_id=AKIAIOSFODNN7EXAMPLE \ -v secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \ -v az=us-east-1a \ -v region=us-east-1 \ -v default_key_name=bosh-key \ -v default_security_groups=[bosh-sg] \ -v subnet_id=subnet-12345678 \ -v external_db_host=bosh-db.xxxxxxxxxxxx.us-east-1.rds.amazonaws.com \ -v external_db_port=5432 \ -v external_db_user=bosh \ -v external_db_password=db-password \ -v external_db_adapter=postgres \ -v external_db_name=bosh ``` ```bash # With external databases for UAA and CredHub bosh create-env bosh.yml \ -o aws/cpi.yml \ -o uaa.yml \ -o credhub.yml \ -o misc/external-db.yml \ -o misc/external-db-uaa.yml \ -o misc/external-db-credhub.yml \ --state=state.json \ --vars-store=creds.yml \ # ... AWS variables ... \ -v external_db_host=bosh-db.example.com \ -v external_db_port=5432 \ -v external_db_user=bosh \ -v external_db_password=bosh-password \ -v external_db_adapter=postgres \ -v external_db_name=bosh \ -v external_db_host_uaa=uaa-db.example.com \ -v external_db_port_uaa=5432 \ -v external_db_user_uaa=uaa \ -v external_db_password_uaa=uaa-password \ -v external_db_scheme_uaa=postgresql \ -v external_db_name_uaa=uaa \ -v external_db_host_credhub=credhub-db.example.com \ -v external_db_port_credhub=5432 \ -v external_db_user_credhub=credhub \ -v external_db_password_credhub=credhub-password \ -v external_db_adapter_credhub=postgres \ -v external_db_name_credhub=credhub \ -v external_db_require_tls_credhub=false ``` -------------------------------- ### Apply Cloud Config for GCP Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Applies the GCP cloud configuration to your BOSH Director. This command requires specific GCP network and subnetwork details. ```bash # Apply cloud config for GCP bosh -e bosh-gcp update-cloud-config gcp/cloud-config.yml \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v zone=us-central1-a \ -v network=bosh-network \ -v subnetwork=bosh-subnet \ -v tags=[internal] ``` -------------------------------- ### Deploy BOSH Director with UAA on AWS Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt This command deploys a BOSH Director on AWS, integrating with the UAA server for enhanced authentication and access control. It requires AWS credentials and network information. After deployment, you can log in using UAA client credentials. ```bash # Deploy BOSH Director with UAA on AWS bosh create-env bosh.yml \ -o aws/cpi.yml \ -o uaa.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-aws \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v access_key_id=AKIAIOSFODNN7EXAMPLE \ -v secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \ -v az=us-east-1a \ -v region=us-east-1 \ -v default_key_name=bosh-key \ -v default_security_groups=[bosh-sg] \ -v subnet_id=subnet-12345678 ``` ```bash # After deployment, log in using UAA client credentials export BOSH_CLIENT=admin export BOSH_CLIENT_SECRET=$(bosh int creds.yml --path /admin_password) bosh -e bosh-aws alias-env bosh-aws bosh -e bosh-aws login ``` -------------------------------- ### Deploy BOSH Director with UAA and CredHub on AWS Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt This command deploys a BOSH Director on AWS, integrating both UAA for authentication and CredHub for secure secrets management. It requires AWS credentials and network details. After deployment, you can access the CredHub CLI using exported environment variables. ```bash # Deploy BOSH Director with UAA and CredHub bosh create-env bosh.yml \ -o aws/cpi.yml \ -o uaa.yml \ -o credhub.yml \ --state=state.json \ --vars-store=creds.yml \ -v director_name=bosh-aws \ -v internal_cidr=10.0.0.0/24 \ -v internal_gw=10.0.0.1 \ -v internal_ip=10.0.0.6 \ -v access_key_id=AKIAIOSFODNN7EXAMPLE \ -v secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \ -v az=us-east-1a \ -v region=us-east-1 \ -v default_key_name=bosh-key \ -v default_security_groups=[bosh-sg] \ -v subnet_id=subnet-12345678 ``` ```bash # Access CredHub CLI after deployment export CREDHUB_SERVER=https://10.0.0.6:8844 export CREDHUB_CLIENT=credhub-admin export CREDHUB_SECRET=$(bosh int creds.yml --path /credhub_admin_client_secret) export CREDHUB_CA_CERT=$(bosh int creds.yml --path /credhub_tls/ca) credhub login credhub set -n /example/password -t password -w my-secret credhub get -n /example/password ``` -------------------------------- ### BOSH Security Group Rules Source: https://github.com/cloudfoundry/bosh-deployment/blob/master/README.md Essential security group rules for BOSH deployments, covering agent bootstrapping, director API, UAA, CredHub, BOSH SSH, NATS, and Blobstore access. Ensure the source IP addresses and internal CIDRs are correctly configured. ```text Type Protocol Port Range Source Purpose Custom TCP Rule TCP 6868 Agent for bootstrapping Custom TCP Rule TCP 25555 Director API Custom TCP Rule TCP 8443 UAA API (if UAA is used) Custom TCP Rule TCP 8844 CredHub API (if CredHub is used) SSH TCP 22 <((internal_cidr))> BOSH SSH (optional) Custom TCP Rule TCP 4222 <((internal_cidr))> NATS Custom TCP Rule TCP 25250 <((internal_cidr))> Blobstore ``` -------------------------------- ### AWS Cloud Configuration Structure Source: https://context7.com/cloudfoundry/bosh-deployment/llms.txt Defines IaaS-specific settings for AWS, including availability zones, VM types, disk types, and networks. This manifest is applied using `bosh update-cloud-config`. ```yaml # aws/cloud-config.yml structure azs: - name: z1 cloud_properties: availability_zone: ((az)) vm_types: - name: default cloud_properties: instance_type: m5.large ephemeral_disk: {size: 25_000} - name: large cloud_properties: instance_type: m5.xlarge ephemeral_disk: {size: 50_000} disk_types: - name: default disk_size: 3000 - name: large disk_size: 50_000 networks: - name: default type: manual subnets: - range: ((internal_cidr)) gateway: ((internal_gw)) azs: [z1, z2, z3] dns: [8.8.8.8] cloud_properties: subnet: ((subnet_id)) compilation: workers: 5 reuse_compilation_vms: true az: z1 vm_type: default network: default ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.