diff --git a/.gitignore b/.gitignore index 5b6f7d4b..881ead69 100644 --- a/.gitignore +++ b/.gitignore @@ -4,7 +4,7 @@ config/settings.yml releases/*.tgz releases/**/*.tgz ci/scripts/stemcell/*.tgz -ci/scripts/stemcell-bionic/*.tgz +ci/scripts/stemcell-jammy/*.tgz dev_releases blobs/* .blobs diff --git a/acceptance-tests/bionic_test.go b/acceptance-tests/jammy_test.go similarity index 73% rename from acceptance-tests/bionic_test.go rename to acceptance-tests/jammy_test.go index 1823cd98..44ffc175 100644 --- a/acceptance-tests/bionic_test.go +++ b/acceptance-tests/jammy_test.go @@ -7,14 +7,14 @@ import ( . "github.com/onsi/ginkgo/v2" ) -var _ = Describe("Bionic", func() { - It("Correctly proxies HTTP requests when using the Bionic stemcell", func() { +var _ = Describe("Jammy", func() { + It("Correctly proxies HTTP requests when using the Jammy stemcell", func() { - opsfileBionic := `--- -# Configure Bionic stemcell + opsfileJammy := `--- +# Configure Jammy stemcell - type: replace path: /stemcells/alias=default/os - value: ubuntu-bionic + value: ubuntu-jammy ` haproxyBackendPort := 12000 @@ -22,7 +22,7 @@ var _ = Describe("Bionic", func() { haproxyBackendPort: haproxyBackendPort, haproxyBackendServers: []string{"127.0.0.1"}, deploymentName: deploymentNameForTestNode(), - }, []string{opsfileBionic}, map[string]interface{}{}, true) + }, []string{opsfileJammy}, map[string]interface{}{}, true) closeLocalServer, localPort := startDefaultTestServer() defer closeLocalServer() diff --git a/acceptance-tests/run-local.sh b/acceptance-tests/run-local.sh index 391a8acd..33946376 100755 --- a/acceptance-tests/run-local.sh +++ b/acceptance-tests/run-local.sh @@ -3,21 +3,27 @@ set -eu REPO_DIR="$(cd "$(dirname "$0")/.." && pwd)" source "${REPO_DIR}/ci/scripts/functions-ci.sh" +FOCUS="" +PARALLELISM="" KEEP_RUNNING="" usage() { - echo -e "Usage: $0 [-F ] [-k] + echo -e "Usage: $0 [-F ] [-P ] [-k] -F Focus on a particular test. Expects a Ginkgo test name. Keep bosh running afterwards. + -P Set Ginkgo parallel node count. Default is '-p' (smart parallelism). -k Keep bosh container running. Useful for debug." 1>&2; exit 1; } -while getopts ":F:k" o; do +while getopts ":F:P:k" o; do case "${o}" in F) FOCUS=${OPTARG} KEEP_RUNNING=true ;; + P) + PARALLELISM=${OPTARG} + ;; k) KEEP_RUNNING=true ;; @@ -35,7 +41,7 @@ docker_mac_check_cgroupsv1() { SETTINGS=~/Library/Group\ Containers/group.com.docker/settings.json cgroupsV1Enabled=$(jq '.deprecatedCgroupv1' "$SETTINGS") - if [ "$cgroupsV1Enabled" != "true" ]; then + if [ "$cgroupsV1Enabled" != "true" ]; then echo "deprecatedCgroupv1 should be enabled in $SETTINGS. Otherwise the acceptance tests will not run on Docker for Mac." echo "Check in the README.md for a convenient script to set deprecatedCgroupv1 and restart Docker." exit 1 @@ -45,8 +51,8 @@ docker_mac_check_cgroupsv1() { check_required_files() { PIDS="" REQUIRED_FILE_PATTERNS=( - ci/scripts/stemcell/bosh-stemcell-*-ubuntu-jammy-*.tgz!https://bosh.io/d/stemcells/bosh-warden-boshlite-ubuntu-jammy-go_agent - ci/scripts/stemcell-bionic/bosh-stemcell-*-ubuntu-bionic-*.tgz!https://bosh.io/d/stemcells/bosh-warden-boshlite-ubuntu-bionic-go_agent + ci/scripts/stemcell/bosh-stemcell-*-ubuntu-noble.tgz!https://bosh.io/d/stemcells/bosh-warden-boshlite-ubuntu-noble + ci/scripts/stemcell-jammy/bosh-stemcell-*-ubuntu-jammy-*.tgz!https://bosh.io/d/stemcells/bosh-warden-boshlite-ubuntu-jammy-go_agent ) for entry in "${REQUIRED_FILE_PATTERNS[@]}"; do @@ -63,9 +69,10 @@ check_required_files() { fi ( - echo "$filepattern not found, downloading latest." + echo "$filepattern not found, downloading." cd "$folder" && \ - resolved=$(curl -s --write-out '\n%{redirect_url}' "$url" | tail -n1) && \ + resolved=$(curl -s --write-out '\n%{redirect_url}' "$url" | tail -n1 | tr -d '\n') && \ + echo "Resolved URL: $resolved" && \ curl -s --remote-name --remote-header-name --location "$resolved" && \ echo "Downloaded '$url' successfully." && \ ls -1lh "$folder/"$filepattern @@ -93,9 +100,9 @@ if [ -n "$KEEP_RUNNING" ] ; then echo echo "*** KEEP_RUNNING enabled. Please clean up docker scratch after removing containers: ${DOCKER_SCRATCH}" echo - docker run --privileged -v "$REPO_DIR":/repo -v "${DOCKER_SCRATCH}":/scratch/docker -e REPO_ROOT=/repo -e FOCUS="$FOCUS" -e KEEP_RUNNING="${KEEP_RUNNING}" haproxy-boshrelease-testflight bash -c "cd /repo/ci/scripts && ./acceptance-tests ; sleep infinity" + docker run --privileged -v "$REPO_DIR":/repo -v "${DOCKER_SCRATCH}":/scratch/docker -e REPO_ROOT=/repo -e FOCUS="${FOCUS}" -e PARALLELISM="${PARALLELISM}" -e KEEP_RUNNING="${KEEP_RUNNING}" haproxy-boshrelease-testflight bash -c "cd /repo/ci/scripts && ./acceptance-tests ; sleep infinity" else - docker run --rm --privileged -v "$REPO_DIR":/repo -v "${DOCKER_SCRATCH}":/scratch/docker -e REPO_ROOT=/repo -e KEEP_RUNNING="" haproxy-boshrelease-testflight bash -c "cd /repo/ci/scripts && ./acceptance-tests" + docker run --rm --privileged -v "$REPO_DIR":/repo -v "${DOCKER_SCRATCH}":/scratch/docker -e REPO_ROOT=/repo -e KEEP_RUNNING="" -e PARALLELISM="${PARALLELISM}" haproxy-boshrelease-testflight bash -c "cd /repo/ci/scripts && ./acceptance-tests" echo "Cleaning up docker scratch: ${DOCKER_SCRATCH}" sudo rm -rf "${DOCKER_SCRATCH}" fi diff --git a/ci/Dockerfile b/ci/Dockerfile index 56c7550b..da6d1ff3 100644 --- a/ci/Dockerfile +++ b/ci/Dockerfile @@ -1,18 +1,24 @@ -FROM bosh/docker-cpi:main +FROM ghcr.io/cloudfoundry/bosh/docker-cpi:latest # Install all necessary tools for haproxy testflight and dependency autobump ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && \ - apt-get install -y wget jq git vim nano python3-pip && \ + apt-get install -y wget jq git vim nano python3-pip python3-venv && \ apt-get clean # Set bosh env at login +RUN echo "source /tmp/local-bosh/director/docker-env" >> /root/.bashrc RUN echo "source /tmp/local-bosh/director/env" >> /root/.bashrc +# Copy ops files +COPY ops/bosh-scaled-out.yml /usr/local/bosh-deployment/bosh-scaled-out.yml + # Install Python libraries needed for scripts +RUN python3 -m venv /opt/venv +ENV PATH="/opt/venv/bin:${PATH}" COPY scripts/requirements.txt /requirements.txt -RUN /usr/bin/python3 -m pip install -r /requirements.txt +RUN pip install -r /requirements.txt # Install go dependencies ENV GOBIN=/usr/local/bin -RUN go install github.com/geofffranks/spruce/cmd/spruce@latest +RUN go install github.com/geofffranks/spruce/cmd/spruce@latest \ No newline at end of file diff --git a/ci/ops/bosh-scaled-out.yml b/ci/ops/bosh-scaled-out.yml new file mode 100644 index 00000000..93937df3 --- /dev/null +++ b/ci/ops/bosh-scaled-out.yml @@ -0,0 +1,3 @@ +- type: replace + path: /instance_groups/name=bosh/properties/director/workers? + value: 12 \ No newline at end of file diff --git a/ci/compilation.yml b/ci/ops/compilation.yml similarity index 100% rename from ci/compilation.yml rename to ci/ops/compilation.yml diff --git a/ci/pipeline.yml b/ci/pipeline.yml index bc374b1f..8b58f69e 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -121,7 +121,7 @@ jobs: - in_parallel: - { get: git, trigger: true, passed: [unit-tests] } - { get: stemcell } - - { get: stemcell-bionic } + - { get: stemcell-jammy } - get: haproxy-boshrelease-testflight - task: acceptance-tests privileged: true @@ -131,7 +131,7 @@ jobs: inputs: - { name: git } - { name: stemcell } - - { name: stemcell-bionic } + - { name: stemcell-jammy } run: path: ./git/ci/scripts/acceptance-tests args: [] @@ -152,7 +152,7 @@ jobs: - do: - { get: git-pull-requests, trigger: true, version: every } - { get: stemcell } - - { get: stemcell-bionic } + - { get: stemcell-jammy } - get: haproxy-boshrelease-testflight - put: git-pull-requests params: @@ -169,7 +169,7 @@ jobs: inputs: - { name: git-pull-requests } - { name: stemcell } - - { name: stemcell-bionic } + - { name: stemcell-jammy } run: path: ./git-pull-requests/ci/scripts/acceptance-tests args: [] @@ -403,15 +403,15 @@ resources: - "dependabot" - "CFN-CI" - - name: stemcell-bionic + - name: stemcell-jammy type: bosh-io-stemcell source: - name: bosh-warden-boshlite-ubuntu-bionic-go_agent + name: bosh-warden-boshlite-ubuntu-jammy-go_agent - name: stemcell type: bosh-io-stemcell source: - name: bosh-warden-boshlite-ubuntu-jammy-go_agent + name: bosh-warden-boshlite-ubuntu-noble - name: version type: semver @@ -453,7 +453,7 @@ resources: - name: docker-cpi-image type: docker-image source: - repository: bosh/docker-cpi + repository: ghcr.io/cloudfoundry/bosh/docker-cpi - name: git-ci type: git diff --git a/ci/scripts/acceptance-tests b/ci/scripts/acceptance-tests index 9cc17e83..589a46d7 100755 --- a/ci/scripts/acceptance-tests +++ b/ci/scripts/acceptance-tests @@ -35,11 +35,29 @@ echo "----- Running tests" export PATH=$PATH:$GOPATH/bin ginkgo version -PARALLELISM="-p" -if [ -n "$FOCUS" ]; then +echo "------------------------------------------------------------------" +if [ -n "${FOCUS:-}" ]; then PARALLELISM="--nodes=1" + echo "FOCUS is set, thus PARALLELISM is set to '$PARALLELISM'" +elif [ -n "${PARALLELISM:-}" ]; then + PARALLELISM="--nodes=$PARALLELISM" + echo "PARALLELISM is set. Will run ginkgo with '$PARALLELISM'" +else + PARALLELISM="-p" + echo "PARALLELISM is not set. Using default '$PARALLELISM'" +fi +echo "------------------------------------------------------------------" + +echo "------------------------------------------------------------------" +if [ "${VERBOSITY:-}" = "vv" ]; then + VERBOSITY_FLAG="-vv" + echo "VERBOSITY is set to 'vv'. Will run ginkgo with '$VERBOSITY_FLAG'" +else + VERBOSITY_FLAG="-v" + echo "VERBOSITY is not set or unrecognised. Using default '$VERBOSITY_FLAG'" fi +echo "------------------------------------------------------------------" -ginkgo -v "$PARALLELISM" -r --trace --show-node-events --randomize-all --flake-attempts 5 "${ADDITIONAL_ARGS[@]}" +ginkgo "$VERBOSITY_FLAG" "$PARALLELISM" -r --trace --show-node-events --randomize-all --flake-attempts 5 "${ADDITIONAL_ARGS[@]}" -keep_running_info +keep_running_info \ No newline at end of file diff --git a/ci/scripts/functions-ci.sh b/ci/scripts/functions-ci.sh index d3e64d50..fa8e5465 100755 --- a/ci/scripts/functions-ci.sh +++ b/ci/scripts/functions-ci.sh @@ -62,18 +62,18 @@ function bosh_release() { } function bosh_assets() { - stemcell_jammy_path="$START_DIR/stemcell/*.tgz" - stemcell_bionic_path="$START_DIR/stemcell-bionic/*.tgz" + stemcell_noble_path="$START_DIR/stemcell/*.tgz" + stemcell_jammy_path="$START_DIR/stemcell-jammy/*.tgz" + + echo "----- Uploading Noble stemcell" + bosh -n upload-stemcell $stemcell_noble_path echo "----- Uploading Jammy stemcell" bosh -n upload-stemcell $stemcell_jammy_path - echo "----- Uploading Bionic stemcell" - bosh -n upload-stemcell $stemcell_bionic_path - echo "----- Uploading os-conf (used for tests only)" - bosh -n upload-release --sha1 386293038ae3d00813eaa475b4acf63f8da226ef \ - https://bosh.io/d/github.com/cloudfoundry/os-conf-release?v=22.1.2 + bosh -n upload-release --sha1 sha256:efcf30754ce4c5f308aedab3329d8d679f5967b2a4c3c453204c7cb10c7c5ed9 \ + https://bosh.io/d/github.com/cloudfoundry/os-conf-release?v=23.0.0 export BOSH_PATH=$(command -v bosh) export BASE_MANIFEST_PATH="$PWD/manifests/haproxy.yml" diff --git a/ci/scripts/start-bosh.sh b/ci/scripts/start-bosh.sh index 3bda28f6..ad6bd418 100755 --- a/ci/scripts/start-bosh.sh +++ b/ci/scripts/start-bosh.sh @@ -6,44 +6,30 @@ function generate_certs() { local certs_dir certs_dir="${1}" - pushd "${certs_dir}" - - jq -ner --arg "ip" "${OUTER_CONTAINER_IP}" '{ - "variables": [ - { - "name": "docker_ca", - "type": "certificate", - "options": { - "is_ca": true, - "common_name": "ca" - } - }, - { - "name": "docker_tls", - "type": "certificate", - "options": { - "extended_key_usage": [ - "server_auth" - ], - "common_name": $ip, - "alternative_names": [ $ip ], - "ca": "docker_ca" - } - }, - { - "name": "client_docker_tls", - "type": "certificate", - "options": { - "extended_key_usage": [ - "client_auth" - ], - "common_name": $ip, - "alternative_names": [ $ip ], - "ca": "docker_ca" - } - } - ] - }' > ./bosh-vars.yml + pushd "${certs_dir}" > /dev/null + cat < ./bosh-vars.yml +--- +variables: +- name: docker_ca + type: certificate + options: + is_ca: true + common_name: ca +- name: docker_tls + type: certificate + options: + extended_key_usage: [server_auth] + common_name: $OUTER_CONTAINER_IP + alternative_names: [$OUTER_CONTAINER_IP] + ca: docker_ca +- name: client_docker_tls + type: certificate + options: + extended_key_usage: [client_auth] + common_name: $OUTER_CONTAINER_IP + alternative_names: [$OUTER_CONTAINER_IP] + ca: docker_ca +EOF bosh int ./bosh-vars.yml --vars-store=./certs.yml bosh int ./certs.yml --path=/docker_ca/ca > ./ca.pem @@ -51,12 +37,13 @@ function generate_certs() { bosh int ./certs.yml --path=/docker_tls/private_key > ./server-key.pem bosh int ./certs.yml --path=/client_docker_tls/certificate > ./cert.pem bosh int ./certs.yml --path=/client_docker_tls/private_key > ./key.pem - # generate certs in json format - # - ruby -e 'puts File.read("./ca.pem").split("\n").join("\\n")' > "$certs_dir/ca_json_safe.pem" - ruby -e 'puts File.read("./cert.pem").split("\n").join("\\n")' > "$certs_dir/client_certificate_json_safe.pem" - ruby -e 'puts File.read("./key.pem").split("\n").join("\\n")' > "$certs_dir/client_private_key_json_safe.pem" - popd + + # generate certs in json format + ruby -e 'puts File.read("./ca.pem").split("\n").join("\\n")' > "${certs_dir}/ca_json_safe.pem" + ruby -e 'puts File.read("./cert.pem").split("\n").join("\\n")' > "${certs_dir}/client_certificate_json_safe.pem" + ruby -e 'puts File.read("./key.pem").split("\n").join("\\n")' > "${certs_dir}/client_private_key_json_safe.pem" + + popd > /dev/null } function sanitize_cgroups() { @@ -64,15 +51,28 @@ function sanitize_cgroups() { mountpoint -q /sys/fs/cgroup || \ mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup + if [ -f /sys/fs/cgroup/cgroup.controllers ]; then + # cgroups v2: enable nesting (based on moby/moby hack/dind) + mkdir -p /sys/fs/cgroup/init + # Loop to handle races from concurrent process creation (e.g. docker exec) + while ! { + xargs -rn1 < /sys/fs/cgroup/cgroup.procs > /sys/fs/cgroup/init/cgroup.procs 2>/dev/null || : + sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \ + > /sys/fs/cgroup/cgroup.subtree_control + }; do true; done + return + fi + mount -o remount,rw /sys/fs/cgroup - sed -e 1d /proc/cgroups | while read sys hierarchy num enabled; do + # shellcheck disable=SC2034 + sed -e 1d /proc/cgroups | while read -r sys hierarchy num enabled; do if [ "$enabled" != "1" ]; then # subsystem disabled; skip continue fi - grouping="$(cat /proc/self/cgroup | cut -d: -f2 | grep "\\<$sys\\>")" + grouping="$(cut -d: -f2 < /proc/self/cgroup | grep "\\<$sys\\>")" if [ -z "$grouping" ]; then # subsystem not mounted anywhere; mount it on its own grouping="$sys" @@ -102,17 +102,32 @@ function sanitize_cgroups() { source "ci/scripts/functions-ci.sh" function start_docker() { - generate_certs "$1" - local mtu + local certs_dir + certs_dir="${1}" + + export DNS_IP="8.8.8.8" + + # docker will fail starting with the new iptables. it throws: + # iptables v1.8.7 (nf_tables): Could not fetch rule set generation id: .... + update-alternatives --set iptables /usr/sbin/iptables-legacy + + generate_certs "${certs_dir}" + mkdir -p /var/log mkdir -p /var/run sanitize_cgroups + echo "Sanitized cgroups for docker" >&2 + + # systemd inside nested Docker containers requires shared mount propagation + mount --make-rshared / - # ensure systemd cgroup is present - mkdir -p /sys/fs/cgroup/systemd - if ! mountpoint -q /sys/fs/cgroup/systemd ; then - mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd + # ensure systemd cgroup is present (cgroups v1 only) + if [ ! -f /sys/fs/cgroup/cgroup.controllers ]; then + mkdir -p /sys/fs/cgroup/systemd + if ! mountpoint -q /sys/fs/cgroup/systemd ; then + mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd + fi fi # check for /proc/sys being mounted readonly, as systemd does @@ -120,12 +135,13 @@ function start_docker() { mount -o remount,rw /proc/sys fi - mtu=$(cat /sys/class/net/$(ip route get 8.8.8.8|awk '{ print $5 }')/mtu) + local mtu + mtu=$(cat "/sys/class/net/$(ip route get ${DNS_IP} | awk '{ print $5 }')/mtu") [[ ! -d /etc/docker ]] && mkdir /etc/docker cat < /etc/docker/daemon.json { - "hosts": ["${DOCKER_HOST}","unix:///var/run/docker.sock"], + "hosts": ["${DOCKER_HOST}"], "tls": true, "tlscert": "${certs_dir}/server-cert.pem", "tlskey": "${certs_dir}/server-key.pem", @@ -137,15 +153,14 @@ function start_docker() { EOF service docker start - - export DOCKER_TLS_VERIFY=1 - export DOCKER_CERT_PATH=$1 + echo "Started docker service" >&2 rc=1 - for i in $(seq 1 10); do - echo waiting for docker to come up... - sleep 10 + for i in $(seq 1 100); do + echo "waiting for docker to come up... (${i})" + sleep 1 set +e + echo "Docker started, checking if it's responsive..." docker info rc=$? set -e @@ -165,66 +180,102 @@ EOF if [ -z "${KEEP_RUNNING}" ] ; then trap stop_docker ERR fi - echo "$certs_dir" + + echo "${certs_dir}" } function main() { - export OUTER_CONTAINER_IP=$(ruby -rsocket -e 'puts Socket.ip_address_list - .reject { |addr| !addr.ip? || addr.ipv4_loopback? || addr.ipv6? } - .map { |addr| addr.ip_address }.first') - - export DOCKER_HOST="tcp://${OUTER_CONTAINER_IP}:4243" + # ".first" - original code could return multiple IPs (e.g., container IP + docker0 bridge IP) + # which breaks the docker_tls JSON variable formatting + OUTER_CONTAINER_IP=$(ruby -rsocket -e 'puts Socket.ip_address_list + .reject { |addr| !addr.ip? || addr.ipv4_loopback? || addr.ipv6? } + .map { |addr| addr.ip_address }.first') + export OUTER_CONTAINER_IP + echo "Determined OUTER_CONTAINER_IP: ${OUTER_CONTAINER_IP}" >&2 local certs_dir certs_dir=$(mktemp -d) - start_docker "${certs_dir}" local local_bosh_dir local_bosh_dir="/tmp/local-bosh/director" + mkdir -p ${local_bosh_dir} + + cat < "${local_bosh_dir}/docker-env" +export DOCKER_HOST="tcp://${OUTER_CONTAINER_IP}:4243" +export DOCKER_TLS_VERIFY=1 +export DOCKER_CERT_PATH="${certs_dir}" +EOF + echo "Source '${local_bosh_dir}/docker-env' to run docker" >&2 + source "${local_bosh_dir}/docker-env" - if ! docker network ls | grep director_network; then - docker network create -d bridge --subnet=10.245.0.0/16 director_network + start_docker "${certs_dir}" + echo "Docker is up and running with TLS configured" >&2 + + local docker_network_name="director_network" + local docker_network_cidr="10.245.0.0/16" + if docker network ls | grep -q "${docker_network_name}"; then + echo "A docker network named '${docker_network_name}' already exists, skipping creation" >&2 + else + docker network create -d bridge --subnet=${docker_network_cidr} "${docker_network_name}" + echo "Created docker network '${docker_network_name}' with subnet '${docker_network_cidr}'" >&2 fi - compilation_ops="$PWD/ci/compilation.yml" pushd "${BOSH_DEPLOYMENT_PATH:-/usr/local/bosh-deployment}" > /dev/null + echo "Current directory: $(pwd)" >&2 + export BOSH_DIRECTOR_IP="10.245.0.3" export BOSH_ENVIRONMENT="docker-director" - mkdir -p ${local_bosh_dir} + cat < "${local_bosh_dir}/docker_tls.json" +{ + "ca": "$(cat "${certs_dir}/ca_json_safe.pem")", + "certificate": "$(cat "${certs_dir}/client_certificate_json_safe.pem")", + "private_key": "$(cat "${certs_dir}/client_private_key_json_safe.pem")" +} +EOF - command bosh int bosh.yml \ + echo "Interpolating BOSH deployment manifest with Docker CPI and TLS configuration..." >&2 + bosh int bosh.yml \ -o docker/cpi.yml \ -o jumpbox-user.yml \ + -o /usr/local/local-releases.yml \ + -o "$PWD/bosh-scaled-out.yml" \ -v director_name=docker \ - -v internal_cidr=10.245.0.0/16 \ + -v internal_cidr=${docker_network_cidr} \ -v internal_gw=10.245.0.1 \ -v internal_ip="${BOSH_DIRECTOR_IP}" \ -v docker_host="${DOCKER_HOST}" \ - -v network=director_network \ - -v docker_tls="{\"ca\": \"$(cat "${certs_dir}"/ca_json_safe.pem)\",\"certificate\": \"$(cat "${certs_dir}"/client_certificate_json_safe.pem)\",\"private_key\": \"$(cat "${certs_dir}"/client_private_key_json_safe.pem)\"}" \ - ${@} > "${local_bosh_dir}/bosh-director.yml" + -v network="${docker_network_name}" \ + -v docker_tls="$(cat "${local_bosh_dir}/docker_tls.json")" \ + "${@}" > "${local_bosh_dir}/bosh-director.yml" - command bosh create-env "${local_bosh_dir}/bosh-director.yml" \ - --vars-store="${local_bosh_dir}/creds.yml" \ - --state="${local_bosh_dir}/state.json" + echo "Creating BOSH director environment..." >&2 + bosh create-env "${local_bosh_dir}/bosh-director.yml" \ + --vars-store="${local_bosh_dir}/creds.yml" \ + --state="${local_bosh_dir}/state.json" + echo "Extracting BOSH director credentials and CA certificate..." >&2 bosh int "${local_bosh_dir}/creds.yml" --path /director_ssl/ca > "${local_bosh_dir}/ca.crt" + bosh_client_secret="$(bosh int "${local_bosh_dir}/creds.yml" --path /admin_password)" + + echo "Setting up BOSH CLI environment..." >&2 bosh -e "${BOSH_DIRECTOR_IP}" --ca-cert "${local_bosh_dir}/ca.crt" alias-env "${BOSH_ENVIRONMENT}" cat < "${local_bosh_dir}/env" + export BOSH_DIRECTOR_IP="${BOSH_DIRECTOR_IP}" export BOSH_ENVIRONMENT="${BOSH_ENVIRONMENT}" export BOSH_CLIENT=admin - export BOSH_CLIENT_SECRET=$(bosh int "${local_bosh_dir}/creds.yml" --path /admin_password) + export BOSH_CLIENT_SECRET=${bosh_client_secret} export BOSH_CA_CERT="${local_bosh_dir}/ca.crt" - EOF + echo "Source '${local_bosh_dir}/env' to run bosh" >&2 source "${local_bosh_dir}/env" - bosh -n update-cloud-config docker/cloud-config.yml -v network=director_network -o "${compilation_ops}" + echo "Updating BOSH cloud config with Docker network..." >&2 + bosh -n update-cloud-config docker/cloud-config.yml -v network="${docker_network_name}" popd > /dev/null } echo "----- Starting BOSH" -main $@ +main "${@}" \ No newline at end of file diff --git a/ci/scripts/stemcell-bionic/.gitkeep b/ci/scripts/stemcell-jammy/.gitkeep similarity index 100% rename from ci/scripts/stemcell-bionic/.gitkeep rename to ci/scripts/stemcell-jammy/.gitkeep diff --git a/manifests/haproxy.yml b/manifests/haproxy.yml index 92a99154..3b09636e 100644 --- a/manifests/haproxy.yml +++ b/manifests/haproxy.yml @@ -31,14 +31,14 @@ update: stemcells: - alias: default - os: ubuntu-jammy + os: ubuntu-noble version: latest releases: - name: bpm - version: 1.2.14 - url: https://bosh.io/d/github.com/cloudfoundry/bpm-release?v=1.2.14 - sha1: 1e357a533654e2067e15231dd8ac5bad2e697dff + version: 1.4.26 + url: https://bosh.io/d/github.com/cloudfoundry/bpm-release?v=1.4.26 + sha1: sha256:40af85114d2a8a67812bf65212076581ea42cefcf67ee6b8d78d778ed1ca2b85 - name: haproxy version: 16.4.0+3.2.13 url: https://github.com/cloudfoundry/haproxy-boshrelease/releases/download/v16.4.0+3.2.13/haproxy-16.4.0+3.2.13.tgz