This is the README for Experimental Ops-files. To learn more about cf-deployment
, go to the main README.
- For general Ops-files, check out the Ops-file README.
- For Legacy Ops-files, check out the Legacy Ops-file README.
- For Community Ops-files, checkout the Community Ops-file README.
- For Addons Ops-files that can be applied to manifests or runtime configs, check out the Addons Ops-file README.
"Experimental" ops-files represent configurations that we expect to promote to blessed configuration eventually, meaning that, once the configurations have been sufficiently validated, they will become part of cf-deployment.yml and the ops-files will be removed.
Name | Purpose | Notes |
add-credhub-lb.yml |
Use load balancer to expose external address for CredHub. | Requires secure-service-credentials.yml . |
add-istio-release.yml |
Add istio instance group for cloud foundry routing tier. Enables communication between capi-release and istio copilot API. | WARNING: Under active development and is hosted for cross-team sharing purposes only. Requires use-bosh-dns.yml . |
bits-service.yml |
Adds the bits-service job and enables it in the cloud-controller. | Also requires one of bits-service-{local,webdav,s3}.yml from the same directory. |
bits-service-local.yml |
Use local storage for the bits-service. | |
bits-service-s3.yml |
Use s3 storage for the bits-service. | use-s3-blobstore.yml from the root operations directory is also required. |
bits-service-webdav.yml |
Use the blobstore 's webdav storage for the bits-service. |
Requires the blobstore job. |
disable-interpolate-service-bindings.yml |
Disables the interpolation of CredHub service credentials by Cloud Controller. | |
disable-consul.yml |
Removes consul instance group and consul_agent jobs and prevents the auctioneer , ssh_proxy , file_server , rep , locket , and bbs jobs from registering as a service with Consul |
Requires skip-consul-cell-registrations.yml , skip-consul-locks.yml , and use-bosh-dns.yml |
disable-consul-bosh-lite.yml |
Compatibility shim for disabling Consul on BOSH-Lite. | Apply disable-consul.yml , bosh-lite.yml , and then disable-consul-bosh-lite.yml , in that order. |
disable-consul-windows.yml |
Removes consul job from windows-cell instance group and prevents the Windows cell rep from registering itself as a service with Consul |
Requires use-bosh-dns.yml and windows-cell.yml |
disable-consul-windows2016.yml |
Removes consul job from windows2016-cell instance group and prevents the Windows 2016 cell rep from registering itself as a service with Consul |
Requires use-bosh-dns.yml and windows2016-cell.yml |
disable-consul-service-registrations-locket.yml |
This file is a no-op and should not be used, but kept for backward compatabilty. Please use disable-consul.yml instead. |
Previously: Prevents the locket server from registering itself as a service with Consul |
disable-consul-service-registrations-windows.yml |
This file is a no-op and should not be used, but kept for backward compatabilty. Please use disable-consul-windows.yml instead. |
Requires windows-cell.yml |
disable-consul-service-registrations.yml |
This file is a no-op and should not be used, but kept for backward compatabilty. Please use disable-consul.yml instead. |
Previously: Prevents the auctioneer , ssh_proxy , file_server , rep , locket , and bbs jobs from registering as a service with Consul |
enable-backup-restore.yml |
Deploy BOSH backup and restore instance and enable release level backup. | |
enable-backup-restore-credhub.yml |
Collocate database-backup-restorer job on the credhub instance. Should be applied after secure-service-credentials.yml Ops-file. |
enable-backup-restore-s3.yml |
Enables the backup and restore of S3 blobstores. | Requires enable-backup-restore.yml and use-s3-blobstore.yml |
enable-bits-service-consul.yml |
Registers the bits-service bits-service job via consul | Requires bits-service.yml from the same directory. |
enable-bits-service-https.yml |
Deprecated and left intentionally blank - the bits service is now https only |
enable-bpm.yml |
Enables the BOSH Process Manager as a BOSH addon. | |
enable-instance-identity-credentials.yml |
Deprecated and left intentionally blank for backward compatibility. | Identity credentials are enabled in cf-deployment.yml by default. |
enable-instance-identity-credentials-windows.yml |
Deprecated and left intentionally blank for backward compatibility. | Identity credentials for windows2012R2 cells are enabled in windows-cell.yml ops file by default. |
enable-instance-identity-credentials-windows2016.yml |
Enables identity credentials on the rep_windows for Windows 2016 cells. |
Requires windows2016-cell.yml |
enable-iptables-logger.yml |
Enables iptables logger. | |
enable-nfs-broker-backup.yml |
Deploy BOSH backup and restore scripts for the NFS service broker. | Requires enable-backup-restore.yml and operations/enable-nfs-volume-service.yml . |
enable-oci-phase-1.yml |
Configure Garden to create OCI compatible images. | |
enable-prefer-declarative-healthchecks.yml |
Configure the Rep on the diego cells to prefer LRP CheckDefinition (a.k.a declarative healthchecks) over the old Monitor action | |
enable-prefer-declarative-healthchecks-windows.yml |
Configure the Rep on the windows 2012 cells to prefer LRP CheckDefinition (a.k.a declarative healthchecks) over the old Monitor action | |
enable-prefer-declarative-healthchecks-windows2016.yml |
Configure the Rep on the windows 2016 cells to prefer LRP CheckDefinition (a.k.a declarative healthchecks) over the old Monitor action | |
enable-routing-integrity.yml |
Enables container proxy on the Diego Cell rep and configures gorouter to opt into TLS-enabled connections to the backend. |
enable-service-discovery.yml |
Enables application service discovery | Requires bosh-dns-release >= 0.2.0, capi-release >= 1.47.0, and use-bosh-dns-for-containers.yml |
enable-traffic-to-internal-networks.yml |
Allows traffic from app containers to internal networks. Required to allow applications to communicate with the running CredHub in non-assisted mode. | |
fast-deploy-with-downtime-and-danger.yml |
Risky, but fast. Disable canaries, increase the max number of vms bosh will update simultaneously, and remove serial: true from most instance groups to enable faster, but probably downtimeful, deploys. |
rootless-containers.yml |
Enable rootless garden-runc containers. | Requires garden-runc 1.9.5 or later and grootfs 0.27.0 or later. |
secure-service-credentials.yml |
Use CredHub for service credentials. | BOSH DNS is required if not using a credhub load balancer. You can add a credhub load balancer with add-credhub-lb.yml . |
secure-service-credentials-windows-cell.yml |
Adds CredHub TLS CA as a trusted cert to the Windows Cell. | Requires secure-service-credentials.yml . |
secure-service-credentials-windows2016-cell.yml |
Adds CredHub TLS CA as a trusted cert to the Windows 2016 Cell. | Requires secure-service-credentials.yml and enable-instance-identity-credentials-windows2016.yml . |
secure-service-credentials-external-db.yml |
Use external database for CredHub data store. | Requires secure-service-credentials.yml and use-external-dbs.yml . |
secure-service-credentials-postgres.yml |
Use local postgres database for CredHub data store. | Requires secure-service-credentials.yml and use-postgres.yml . |
skip-consul-cell-registrations.yml |
Configure the BBS to only use Locket to find registered Diego cells | |
skip-consul-locks.yml |
Prevent several components from also attempting to claim a lock in Consul | |
use-bosh-dns.yml |
Adds bosh-dns job to all instance groups running ubuntu-trusty via Bosh Addon. |
Aliases domains to their bosh-dns equivalents. |
use-bosh-dns-for-containers.yml |
Sets the DNS server of application containers to the address of the local bosh-dns job. |
Requires use-bosh-dns.yml |
use-bosh-dns-for-containers-with-silk-release.yml |
Sets the DNS server of application containers to the address of the local bosh-dns job in case you are using silk-release plugin. |
Requires use-bosh-dns.yml and use-silk-release.yml |
use-bosh-dns-for-windows2016-containers.yml |
Sets the DNS server of application containers (on windows2016 cell) to the address of the local bosh-dns job. |
Requires use-bosh-dns.yml |
use-bosh-dns-rename-network-and-deployment.yml |
Adds bosh-dns job to all instance groups running ubuntu-trusty via Bosh Addon, and renames network and deployment in domain aliases. |
use-grootfs.yml |
Groot is enabled by default. This file is blank to avoid breaking deployment scripts. | |
use-log-cache.yml |
Adds the Log Cache Release for logs and metrics. | |
use-shed.yml |
Enable deprecated garden-shed on diego cells. | |
use-silk-release.yml |
Use Silk Release as the container networking plugin. | |
use-silk-release-external-db.yml |
Use Silk Release with an external database. | Requires use-external-dbs.yml and use-silk-release.yml . |
use-silk-release-postgres.yml |
Use Silk Release with postgres as its data store. | Requires use-postgres.yml and use-silk-release.yml . |
use-latest-windows2016-stemcell.yml |
Use the latest windows2016 stemcell available on your BOSH director instead of the one in windows2016-cell.yml |
Requires windows2016-cell.yml |
use-offline-windows2016fs.yml |
Use the offline version of windows2016fs-release | Requires windows2016-cell.yml . Suitable for environments without internet access. Follow instructions here to upload the release prior to deploying. |
windows2016-cell.yml |
Deploys a windows 2016 diego cell, adds releases necessary for windows. |