This repo is a demonstration of:
- using Cloud Foundry multi-buildpack to install external dependencies without forking normal buildpacks
- using Cloud Foundry apt-buildpack to install Debian packages from custom repositories (
apt-get install bosh-cli
comes from https://apt.starkandwayne.com) - building web apps that talk to a BOSH environment using the
bosh
CLI
An example from staging this app will show a custom Debian repository being used:
Staging package for app bosh-cli-web-demo in org system / space dev as admin...
-----> Running go build supply
-----> Apt Buildpack version 0.0.2
-----> Updating apt cache
Installing custom repository key from https://raw.githubusercontent.com/starkandwayne/homebrew-cf/master/public.key
gpg: key 535EAEC4: public key "Stark & Wayne Bot (Created by CI) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
-----> Downloading apt packages
-----> Installing apt packages
This example screenshot shows the bosh
CLI being used directly. Configuration for the CLI is done via environment variables.
The template for this page directly runs bosh
CLI commands; see app/views/help/version.html.erb:
<pre>
$ bosh -v
<%= `bosh -v || echo "ERROR: bosh CLI missing, install it using multi-buildpack/apt-buildpack"` %>
$ bosh env --tty
<%= `bosh env --tty` %>
$ bosh deployments
<%= `bosh deployments` %>
</pre>
The bosh
CLI can be completely configured to target and authenticate against a BOSH environment via environment variables. See the deployment instructions for how to set these for a Cloud Foundry application.
You can deploy this demo, or in general use multi-buildpack, on any Cloud Foundry. If you have a newer Cloud Foundry then you can try the cf v3-push
method which brings multi-buildpack as a first-class citizen of the cf
CLI.
You will probably need to open a new Cloud Foundry Security Group to allow this application to access your BOSH director. The following will create a new security group that only allows access to your BOSH director over ports 25555 and 22 (for ssh tunnels).
export BOSH_ENVIRONMENT=<alias>
cf create-security-group boshenv-$BOSH_ENVIRONMENT <(./bin/bosh-security-group)
current_org_name=$(bosh int ~/.cf/config.json --path /OrganizationFields/Name)
current_space_name=$(bosh int ~/.cf/config.json --path /SpaceFields/Name)
cf bind-security-group boshenv-$BOSH_ENVIRONMENT $current_org_name $current_space_name
export BOSH_ENVIRONMENT=<alias>
cf push --no-start
cf set-env bosh-cli-web-demo BOSH_ENVIRONMENT $(bosh int ~/.bosh/config --path /environments/alias=$BOSH_ENVIRONMENT/url)
cf set-env bosh-cli-web-demo BOSH_CA_CERT "$(bosh int ~/.bosh/config --path /environments/alias=$BOSH_ENVIRONMENT/ca_cert)"
cf set-env bosh-cli-web-demo BOSH_CLIENT $(bosh int ~/.bosh/config --path /environments/alias=$BOSH_ENVIRONMENT/username)
cf set-env bosh-cli-web-demo BOSH_CLIENT_SECRET "$(bosh int ~/.bosh/config --path /environments/alias=$BOSH_ENVIRONMENT/password)"
cf restart bosh-cli-web-demo
Note, if your BOSH environment is using UAA, rather than basic auth, then will need to explicitly set BOSH_CLIENT
and BOSH_CLIENT_SECRET
variables as they won't be stored in ~/.bosh/config
. For example:
cf set-env bosh-cli-web-demo BOSH_CLIENT "$BOSH_CLIENT"
cf set-env bosh-cli-web-demo BOSH_CLIENT_SECRET "$BOSH_CLIENT_SECRET"
NOTE: at the time of writing I wasn't having success with v3 apps and security groups. This means that whilst bosh
CLI is installed, it probably cannot connect outside of Cloud Foundry to your BOSH environment. Hopefully this issue is resolved in future and this section will work as expected.
Using new cf v3-push
commands we can provide multiple -b buildpack
flags. The final buildpack must be the runtime language buildpack. This application is a Ruby application, so -b ruby_buildpack
is the last buildpack.
export BOSH_ENVIRONMENT=<alias>
cf v3-push bosh-cli-web-demo \
-b https://github.com/cloudfoundry/apt-buildpack \
-b ruby_buildpack
cf v3-set-env bosh-cli-web-demo BOSH_ENVIRONMENT $(bosh int ~/.bosh/config --path /environments/alias=$BOSH_ENVIRONMENT/url)
cf v3-set-env bosh-cli-web-demo BOSH_CLIENT $(bosh int ~/.bosh/config --path /environments/alias=$BOSH_ENVIRONMENT/username)
cf v3-set-env bosh-cli-web-demo BOSH_CLIENT_SECRET "$(bosh int ~/.bosh/config --path /environments/alias=$BOSH_ENVIRONMENT/password)"
cf v3-set-env bosh-cli-web-demo BOSH_CA_CERT "$(bosh int ~/.bosh/config --path /environments/alias=$BOSH_ENVIRONMENT/ca_cert)"
cf v3-restart bosh-cli-web-demo