API server job is configured to serve over SSL (required) on two ports (listen_port and agent_listen_port properties) for operator and agent APIs.
Currently basic auth is used for UI and API access by an operator and agents, but we have plans to secure it via UAA integration (todo).
API server uses Director API to find all instances in all deployments. It also can issue delete VM API calls (equivalent to bosh delete-vm VMCID command) when Kill task is requested. It's recommend to configure API server with a didicated Director user so that it's easier to see its activity via events command (i.e. bosh events --user turbulence).
Director UAA integration is supported.
$ bosh -n -d turbulence deploy ./manifests/example.yml \
-v turbulence_api_ip=10.244.0.34 \
-v director_ip=192.168.50.6 \
-v director_client=turbulence \
-v director_client_secret=... \
--var-file director_ssl.ca=/tmp/director-ca \
--vars-store /tmp/turbulence.yml
$ bosh int /tmp/turbulence.yml --path /turbulence_api_password
...
Events emitted (found via bosh events):
- actions:
startorend, object type:turbulence-incident, object name:<incident id> - actions:
startorend, object type:turbulence-event, object name:<event id>
Agent job is configured to communicate with the API server. Communication is done over SSL with basic auth.
instance_groups:
- name: cell
azs: [z1, z2]
instances: 10
jobs:
- name: executor
release: diego
- name: turbulence_agent
release: turbulence
consumes:
api: {from: api, deployment: turbulence}
vm_type: default
stemcell: default
networks:
- name: defaultAPI server can be configured to post events to Datadog for easier event correlation.
$ bosh -n -d turbulence deploy ./manifests/example.yml \
-o ./manifests/datadog.yml \
-v datadog_app_key=... \
-v datadog_api_key=... \
...