-
Notifications
You must be signed in to change notification settings - Fork 361
Configuring local CC to run with an S3 blobstore
Every once in a while, we have interesting scenarios happening on an S3 blobstore, used by our cf deployments on tabasco or A1. It can be useful to configure a local instance of Cloud Controller to point at the blobstore in question. This strategy can be used to:
-
Examine the state of the blobstore using the Cloud Controller console. This can be achieved by running the console directly from the workstation. From the cloud_controller_ng directory, open
config/cloud_controller.yml
and change each of thefog_connection
sections to point at the desired S3. This configuration can be found in thedeployments-runtime
, likely in a stub file. It should look something like:
fog_connection:
provider: "AWS"
aws_access_key_id: <ACCESS KEY>
aws_secret_access_key: <SECRET KEY>
Once this is configured, run bin/console
to start CC. lib/cloud_controller/dependency_locator.rb
contains several examples of initializing the blobstore client, depending on what you'd like to investigate.
-
Deploy to bosh-lite using S3 as the blobstore This can be useful when you want to test a blobstore-related feature by hitting CF from the CLI, or see its state over the course of long operation e.g. app lifecycle. After generating a bosh-lite manifest, replace the
fog_connection
sections to point at the desired S3. This configuration can be found in thedeployments-runtime
, likely in a stub file. It should look something like:
fog_connection:
provider: "AWS"
aws_access_key_id: <ACCESS KEY>
aws_secret_access_key: <SECRET KEY>
Then, deploy to bosh-lite as usual. You should be able to open S3 in the browser and watch as things happen to your buckets.
Set the following property on any of the resources you want encrypted in your manifest:
fog_aws_storage_options:
encryption: 'AES256'
You can verify that the files were encrypted in the AWS Console by checking the 'Properties' of the file in the bucket. For more info on SSE, check out our docs!
-
Pipelines
-
Contributing
- Tips and Tricks
- Cloud Controller API v3 Style Guide
- Playbooks
- Development configuration
- Testing
-
Architectural Details
-
CC Resources
- Apps
- Audit Events
- Deployments
- Labels
- Services
- Sidecars
-
Dependencies
-
Troubleshooting
- Ruby Console Script to Find Fields that Cannot Be Decrypted
- Logging database queries in unit tests
- Inspecting blobstore cc resources and cc packages(webdav)
- How to Use USR1 Trap for Diagnostics
- How to Perf: Finding and Fixing Bottlenecks
- How to get access to mysql database
- How To Get a Ruby Heap Dumps & GC Stats from CC
- How to curl v4 internal endpoints with mtls
- How to access Bosh Director console and restore an outdated Cloud Config
- Analyzing Cloud Controller's NGINX logs using the toplogs script
-
k8s
-
Archive