What’s new in BOSH — April Issue

It’s all about the little things

As the PM of the Bosh OpenStack CPI I get to play around with Bosh a lot and have fun with its quirks and subtleties. The learning curve is quite interesting, as pointed out by smarter people before me, so I’d like to compile a few things that hopefully can make your life easier.

This is the third post in a series. If you just found this, I recommend to also read the first and the second one.

BOSH can generate vcap and root passwords

If you’re responsible for a production system, chances are that until now you’ve used something like this in your manifests to set the vcap and root passwords to something different than the famous c1oudc0w

resource_pools:
- my_pool:
env:
bosh:
password: <PASSWORD-HASH>

And if you have been forgetting to set this for each and every resource_pool, you might have VMs floating around that still use the default password for root and vcap.

However, this is no longer necessary, as BOSH can generate those passwords for you. Just deploy your Director with this additional properties:

properties:
director:
generate_vm_passwords: true

If you don’t specify a password explicitly like in the above example, it will be generated using ruby’s securerandom.hex with an 8 byte salt. Users typically don’t need to know the password, as bosh ssh should be the canonical way to access VMs deployed with BOSH.

Compilers are evil

Everyone knows that compilers and other dev tools are evil, so removing them from a production system wherever you don’t need them makes sense. BOSH can now do this when booting up a VM if you configure your Director to do so. Deploy your Director with this additional property:

properties:
director:
remove_dev_tools: true

The list of packages to remove is created during building the stemcells. Compilation VMs will still have all necessary packages available.

Hide manifest properties in your CI build

People have come up with very sophisticated solutions to avoid that secrets show up in their deployment logs. Wouldn’t it be nice, if BOSH could do this for you? It can — now even by default! Nowadays, your bosh deploy output looks like this

vcap@jumpbox:~/workspace/dummy-boshrelease$ bosh deploy
Acting as user ‘admin’ on deployment ‘dummy’ on ‘inner-bosh’
Getting deployment properties from director…
Detecting deployment changes
— — — — — — — — — — — — — —
jobs:
- name: dummy_with_package_z1
properties:
network_name: "<redacted>"
some_new_property: "<redacted>"
Please review all changes carefully

This diff is now calculated on the Director, so this is not just a client-side solution. However, when a human being is deploying, this diff is now of very limited use. I’d like to draw your attention to the last line in that output:

please review all changes carefully

So yeah, please go ahead and do, I dare you.

Luckily, there now is a neat option to make diffs great again!

vcap@jumpbox:~/workspace/dummy-boshrelease$ bosh deploy --no-redact

Detecting deployment changes
— — — — — — — — — — — — — —
jobs:
- name: dummy_with_package_z1
properties:
network_name: aslkdflaksdjf
some_new_property: fo_real
Please review all changes carefully

And there you go ;)

There is one more thing: If you’re colorblind or just looking at my copy-pasted console output, or just appreciated the previous diff-style which used pluses and minuses to indicate new and removed properties, you might want to add yet another option

vcap@jumpbox:~/workspace/dummy-boshrelease$ bosh --no-color deploy  --no-redact
Acting as user ‘admin’ on deployment ‘dummy’ on ‘inner-bosh’
Getting deployment properties from director…
Detecting deployment changes
— — — — — — — — — — — — — —
jobs:
— name: dummy_with_package_z1
properties:
- network_name: aslkdflaksdjf
+ some_new_property: fo_real
Please review all changes carefully

One last thing: task filtering

If you’ve ever looked through the output of bosh tasks, you know it can be a pain to find that one task to figure out if the last deployment of your manifest did finish successfully or not. Now you can filter the list of tasks per deployment!

filtering bosh tasks for a deployment

That’s it for today, see you next month!

Show your support

Clapping shows how much you appreciated Marco Völz’s story.