BOSH-Lite and Cloud Foundry on AWS

This tutorial walks through the steps to install bosh-lite director using bosh cli v2 and Cloud Foundry using cf-deployment on a single AWS EC2 instance. Once the platform deployment is successful, we will push a sample app using the Cloud Foundry cf cli.

Please note that this is ONLY for demo and development purposes only and reach out to Pivotal for production releases.

Setup your AWS account with..

https://bosh.io/docs/init-aws/
Fig. 1 Architectural topology of bosh-lite on AWS

Prerequisites

The libraries needed for compiling packages used to deploy BOSH-Lite

sudo apt-get install zip
sudo apt-get install unzip
sudo apt-get install ruby
sudo apt-get install libssl-dev
sudo apt-get install zlib1g-dev
sudo apt-get install build-essential
sudo apt-get update

Install Utilities

You will want to install these utilities to assist in your workflow before moving forward. Spiff is useful for yaml comparisons and yq is a yaml parser in the same spirit as jq for json which goes beyond “bosh interpolate” by allowing merge and write operations.

You will want to install these utilities to assist in your workflow before moving forward. Spiff is useful for yaml comparisons and yq is a yaml parser in the same spirit as jq for json which goes beyond “bosh interpolate” by allowing merge and write operations.

Install Spiff

$ wget https://github.com/cloudfoundry-incubator/spiff/releases/download/v1.0.8/spiff_linux_amd64.zip
$ sudo unzip spiff_linux_amd64.zip -d /usr/local/bin

Install yq

Source, download page, and docs.

$ wget https://github.com/mikefarah/yq/releases/download/1.14.0/yq_linux_amd64
$ sudo chown root:root yq_linux_amd64
$ sudo chmod ugo+r+x yq_linux_amd64
$ sudo mv yq_linux_amd64 /usr/local/bin/yq

Deploy a bosh-lite director

  1. Install bosh cli v2 OR
$ wget https://s3.amazonaws.com/bosh-cli-artifacts/bosh-cli-2.0.48-linux-amd64
$ sudo chown root:root bosh-cli-*
$ sudo chmod ugo+r+x bosh-cli-*
$ sudo cp bosh-cli-* /usr/local/bin/bosh
$ bosh --version

Check BOSH status 
$ bosh env
Expected non-empty Director URL
Exit code 1

2. Clone bosh-deployment repo

# Clone Director templates
$ git clone https://github.com/cloudfoundry/bosh-deployment

3. In a scratch pad, copy the following command options and fill in the appropriate variables specific to your installation and run the “bosh create-env” command.

$ bosh create-env bosh-deployment/bosh.yml \
--state=state.json \
--vars-store=creds.yml \
-o bosh-deployment/aws/cpi.yml \
-o bosh-deployment/bosh-lite.yml \
-o bosh-deployment/bosh-lite-runc.yml \
-o bosh-deployment/jumpbox-user.yml \
-o bosh-deployment/external-ip-with-registry-not-recommended.yml \
-v director_name=bosh-1 \
-v internal_cidr=10.0.0.0/24 \
-v internal_gw=10.0.0.1 \
-v internal_ip=10.0.0.6 \
-v access_key_id=<your access key >\
-v secret_access_key=<Your Secret>\
-v region=us-east-1 \
-v az=us-east-1a \
-v default_key_name=boshdemo \
-v default_security_groups=[boshdemo] \
--var-file private_key=~/Downloads/boshdemo.pem \
-v subnet_id=subnet-ait8g34t \
-v external_ip=<elastic_ip>
Tips
internal_cidr: public subnet CIDR range from step (2)
region: AWS region eg: us-east-1
az: Availability Zone from step (2) eg: us-east-1a
subnet_id: public subnet name associated with the VPC
default_security_groups: security group name from step (4) eg: [boshdemo]
external_ip: elastic IP from step (3)
default_key_name: key name from step (5)
var-file private_key: location of private key file path from step (5)

The above command deploys the bosh-lite director on AWS as a EC2 instance. Check the AWS console for an EC2 instance created inside of the assigned VPC.

Connecting to the director

1. Set the bosh director env alias.

bosh alias-env bosh-lite -e <elastic_ip> --ca-cert <(bosh int ./creds.yml — path /director_ssl/ca)

2. Set the following bosh environment variables.

$ export BOSH_CLIENT=admin
$ export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password`
$ export BOSH_ENVIRONMENT=<bosh-director ip>
$ export BOSH_CA_CERT=`bosh int ./creds.yml --path /director_ssl/ca`

3. Setup ssh tunnel so that bosh cli can access components inside of the 10.0.0.0/24 subnet.

$ bosh int ./creds.yml --path=/jumpbox_ssh/private_key  > jumpbox.key
$ chmod 600 jumpbox.key


The “jumpbox” user and “jumpbox.key” can now be used to ssh to the bosh-director if need be.

$ ssh -i jumpbox.key jumpbox@<elastic-ip>

4. Verify you can access bosh director.

$ bosh -e vbox env

Deploying cloud foundry using cf-deployment

In order to deploy Cloud Foundry we must download the project, get the necessary stemcells, and then have BOSH build all the CF components.

Get CF project from github

Retrieve the Cloud Foundry project from github.

$ sudo apt-get install git curl -y
$ git clone https://github.com/cloudfoundry/cf-deployment.git
$ cd cf-deployment

2. Upload the bosh cloud-config.

bosh -e vbox update-cloud-config iaas-support/bosh-lite/cloud-config.yml

3. Upload a stemcell.

$ export STEMCELL_VERSION=$(bosh int cf-deployment.yml --path /stemcells/alias=default/version)

$ bosh -e vbox upload-stemcell https://bosh.io/d/stemcells/bosh-warden-boshlite-ubuntu-trusty-go_agent?v=$STEMCELL_VERSION

4. Update local DNS

bosh update-runtime-config bosh-deployment/runtime-configs/dns.yml — name dns — vars-store dns-vars-store.yml

5. Deploy Cloud Foundry (“cf”).

In order to configure a “system domain” , we will use sslip.io or xip.io which will give a magic domain based on the public IP address assigned to the director. Substitute <elastic_ip> for the public IP in the command below :

$ bosh -e vbox -d cf deploy cf-deployment/cf-deployment.yml -o cf-deployment/operations/bosh-lite.yml --vars-store deployment-vars.yml -v system_domain=<elastic_ip>.sslip.io

This will take a while as packages are compiled and releases built.

Alternatively, the cf-deployment repo provides with pre compiled releases which we can use that to save time.

https://github.com/cloudfoundry/cf-deployment/blob/f07be213c84472d5bf4486e8d383cf696606122f/operations/use-compiled-releases.yml

After this is done verify the BOSH deployments and vms, which are now populated with CF releases and VMs for the various CF components (diego, router, database, etc.)

$ bosh -e vbox -d cf deployments
...
cf binary-buildpack/1.0.17 bosh-warden-boshlite-ubuntu-trusty-go_agent/3541.5
...

$ bosh -e vbox -d cf vms
...
router/fd5ee37f-63d7-40f0-bc4b-10200d3c6ce1 running z1 10.244.0.34
...

Cloud Foundry Validation

Install CF CLI tool

$ wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo apt-key add -
$ echo "deb http://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list
$ sudo apt-get update
$ sudo apt-get install cf-cli curl -y

Then verify the CLI version, which should look similar to below:

$ cf --version
cf version 6.31.0+b35df905d.2017-09-15
  1. Connect to cloud controller api
cf api api.<elastic_ip>.sslip.io --skip-ssl-validation

2. Extract cloud controller admin password.

bosh int cf-deployment/deployment-vars.yml --path /cf_admin_password

3. Login to cloud controller using using cf cli.

cf login -u admin -p < (bosh int cf-deployment/deployment-vars.yml --path /cf_admin_password)

4. Create an org called “dev”.

cf create-org dev
cf target -o dev

5. Create a space called “prg1”.

cf create-space prg1

Push a sample app to cloud foundry

1. Git clone a sample app.

git clone https://github.com/svennela/spring-music-only-war

2. Target the org and space and push the sample app.

cf target -o dev -s prg1
cd spring-music-only-war
cf push

3. Once the app is pushed successfully, the url for accessing the app is now available using the “cf apps” command.

$ cf apps
Getting apps in org foo / space bar as admin…
OK

4. Launch the app with https://<elastic_ip>.sslip.io

For additional reading, check out the Cloud Foundry documentation

Troubleshooting tips:

Certificate related issues (like below)

Retry: Get https://52.71.100.101:25555/info: x509: certificate is valid for 10.0.0.112, not 52.71.100.101

Resolution —

Check the certs in the creds.yml. Refer to https://bosh.io/docs/director-certs-openssl/ for detailed setup — it is very easy.

For Cf-deployment failures (like below)

L Error: ‘diego-api/37b56829–4885–41b8-b0c0–622f434cb94e (0)’ is not running after update. Review logs for failed jobs: bbs, silk-controller, locket
Task 68 | 16:38:50 | Error: ‘diego-api/37b56829–4885–41b8-b0c0–622f434cb94e (0)’ is not running after update. Review logs for failed jobs: bbs, silk-controller, locket

Resolution -

https://github.com/cloudfoundry/cf-deployment/issues/648

References used

https://github.com/cloudfoundry/cf-deployment/blob/master/deployment-guide.md

https://bosh.io/docs/quick-start/