diff --git a/README.md b/README.md index de2fdffe4e..72881fc7a5 100644 --- a/README.md +++ b/README.md @@ -16,48 +16,6 @@ Install and start [BOSH-Deployment](https://github.com/cloudfoundry/bosh-deploym Install [CF-deployment](https://github.com/cloudfoundry/cf-deployment/blob/master/cf-deployment.yml) -Create and upload release - -```sh -git clone https://github.com/cloudfoundry-incubator/app-autoscaler-release -cd app-autoscaler-release -./scripts/update -bosh create-release -bosh -e YOUR_ENV upload-release -``` - -Deploy app-autoscaler - -```sh -bosh -e YOUR_ENV -d app-autoscaler \ - deploy templates/app-autoscaler-deployment.yml \ - --vars-store=bosh-lite/deployments/vars/autoscaler-deployment-vars.yml \ - -v system_domain=bosh-lite.com \ - -v cf_admin_password= \ - -v skip_ssl_validation=true -``` -To deploy app-autoscaler with density, use `app-autoscaler-deployment-fewer.yml` -```sh -bosh -e YOUR_ENV -d app-autoscaler \ - deploy templates/app-autoscaler-deployment-fewer.yml \ - --vars-store=bosh-lite/deployments/vars/autoscaler-deployment-vars.yml \ - -v system_domain=bosh-lite.com \ - -v cf_admin_password= \ - -v skip_ssl_validation=true -``` -Alternatively you can use cf-deployment vars file to provide the cf_admin_password - -```sh -bosh -e YOUR_ENV -d app-autoscaler \ - deploy templates/app-autoscaler-deployment.yml \ - --vars-store=bosh-lite/deployments/vars/autoscaler-deployment-vars.yml \ - -v system_domain=bosh-lite.com \ - -v skip_ssl_validation=true \ - --vars-file= -``` - -#### Deploy autoscaler with `client_credentials` flow - Install the UAA CLI, `uaac`. ```sh @@ -82,21 +40,51 @@ Create a new autoscaler client ```sh uaac client add "autoscaler_client_id" \ --authorized_grant_types "client_credentials" \ - --authorities "cloud_controller.read,cloud_controller.admin" \ + --authorities "cloud_controller.read,cloud_controller.admin,uaa.resource" \ --secret "autoscaler_client_secret" ``` -Deploy autoscaler with the newly created autoscaler client +Create and upload release + +```sh +git clone https://github.com/cloudfoundry-incubator/app-autoscaler-release +cd app-autoscaler-release +./scripts/update +bosh create-release +bosh -e YOUR_ENV upload-release +``` + +Deploy app-autoscaler with the newly created autoscaler client + +```sh +bosh -e YOUR_ENV -d app-autoscaler \ + deploy templates/app-autoscaler-deployment.yml \ + --vars-store=bosh-lite/deployments/vars/autoscaler-deployment-vars.yml \ + -v system_domain=bosh-lite.com \ + -v cf_client_id=autoscaler_client_id \ + -v cf_client_secret=autoscaler_client_secret \ + -v skip_ssl_validation=true +``` +To deploy app-autoscaler with density, use `app-autoscaler-deployment-fewer.yml` +```sh +bosh -e YOUR_ENV -d app-autoscaler \ + deploy templates/app-autoscaler-deployment-fewer.yml \ + --vars-store=bosh-lite/deployments/vars/autoscaler-deployment-vars.yml \ + -v system_domain=bosh-lite.com \ + -v cf_client_id=autoscaler_client_id \ + -v cf_client_secret=autoscaler_client_secret \ + -v skip_ssl_validation=true + +``` +Alternatively you can use cf-deployment vars file to provide the cf_client_id and cf_client_secret ```sh bosh -e YOUR_ENV -d app-autoscaler \ deploy templates/app-autoscaler-deployment.yml \ --vars-store=bosh-lite/deployments/vars/autoscaler-deployment-vars.yml \ -v system_domain=bosh-lite.com \ - -v autoscaler_client_id=autoscaler_client_id \ - -v autoscaler_client_secret=autoscaler_client_secret \ -v skip_ssl_validation=true \ - -o example/operation/client-credentials.yml + --vars-file= ``` #### Deploy autoscaler with external postgres database @@ -106,7 +94,8 @@ bosh -e YOUR_ENV -d app-autoscaler \ deploy templates/app-autoscaler-deployment.yml \ --vars-store=bosh-lite/deployments/vars/autoscaler-deployment-vars.yml \ -v system_domain=bosh-lite.com \ - -v cf_admin_password= \ + -v cf_client_id=autoscaler_client_id \ + -v cf_client_secret=autoscaler_client_secret \ -v skip_ssl_validation=true \ -v database_host= \ -v database_port= \ @@ -124,7 +113,8 @@ bosh -e YOUR_ENV -d app-autoscaler \ --vars-store=bosh-lite/deployments/vars/autoscaler-deployment-vars.yml \ -o example/operation/bosh-dns.yml \ -v system_domain=bosh-lite.com \ - -v cf_admin_password= \ + -v cf_client_id=autoscaler_client_id \ + -v cf_client_secret=autoscaler_client_secret \ -v skip_ssl_validation=true ``` For density deployment @@ -134,7 +124,8 @@ bosh -e YOUR_ENV -d app-autoscaler \ --vars-store=bosh-lite/deployments/vars/autoscaler-deployment-vars.yml \ -o example/operation/bosh-dns-fewer.yml \ -v system_domain=bosh-lite.com \ - -v cf_admin_password= \ + -v cf_client_id=autoscaler_client_id \ + -v cf_client_secret=autoscaler_client_secret \ -v skip_ssl_validation=true ``` >** It's advised not to make skip_ssl_validation=true for non-development environment diff --git a/example/operation/bosh-dns-fewer.yml b/example/operation/bosh-dns-fewer.yml index 87e1430e90..8ec27415f8 100644 --- a/example/operation/bosh-dns-fewer.yml +++ b/example/operation/bosh-dns-fewer.yml @@ -6,7 +6,8 @@ url: https://bosh.io/d/github.com/cloudfoundry/bosh-dns-aliases-release?v=0.0.3 version: '0.0.3' sha1: b0d0a0350ed87f1ded58b2ebb469acea0e026ccc - +- type: remove + path: /releases/name=consul #add bosh-dns-aliases add-on - type: replace path: /addons?/- @@ -15,6 +16,7 @@ include: stemcell: - os: ubuntu-trusty + - os: ubuntu-xenial jobs: - name: bosh-dns-aliases release: bosh-dns-aliases diff --git a/example/operation/bosh-dns.yml b/example/operation/bosh-dns.yml index b030977499..dcd48d3c26 100644 --- a/example/operation/bosh-dns.yml +++ b/example/operation/bosh-dns.yml @@ -6,7 +6,9 @@ url: https://bosh.io/d/github.com/cloudfoundry/bosh-dns-aliases-release?v=0.0.3 version: '0.0.3' sha1: b0d0a0350ed87f1ded58b2ebb469acea0e026ccc - +- type: remove + path: /releases/name=consul + #add bosh-dns-aliases add-on - type: replace path: /addons?/- @@ -15,6 +17,7 @@ include: stemcell: - os: ubuntu-trusty + - os: ubuntu-xenial jobs: - name: bosh-dns-aliases release: bosh-dns-aliases diff --git a/example/operation/client-credentials.yml b/example/operation/client-credentials.yml deleted file mode 100644 index e50d68e76a..0000000000 --- a/example/operation/client-credentials.yml +++ /dev/null @@ -1,33 +0,0 @@ -# Use client_credential flow - -- type: replace - path: /instance_groups/name=metricscollector/jobs/name=metricscollector/properties/autoscaler/cf/grant_type - value: client_credentials - -- type: replace - path: /instance_groups/name=metricscollector/jobs/name=metricscollector/properties/autoscaler/cf/client_id - value: ((autoscaler_client_id)) - -- type: replace - path: /instance_groups/name=metricscollector/jobs/name=metricscollector/properties/autoscaler/cf/secret - value: ((autoscaler_client_secret)) - -- type: replace - path: /instance_groups/name=metricscollector/jobs/name=metricscollector/properties/autoscaler/cf/password - value: "" - -- type: replace - path: /instance_groups/name=scalingengine/jobs/name=scalingengine/properties/autoscaler/cf/grant_type - value: client_credentials - -- type: replace - path: /instance_groups/name=scalingengine/jobs/name=scalingengine/properties/autoscaler/cf/client_id - value: ((autoscaler_client_id)) - -- type: replace - path: /instance_groups/name=scalingengine/jobs/name=scalingengine/properties/autoscaler/cf/secret - value: ((autoscaler_client_secret)) - -- type: replace - path: /instance_groups/name=scalingengine/jobs/name=scalingengine/properties/autoscaler/cf/password - value: "" diff --git a/jobs/apiserver/spec b/jobs/apiserver/spec index 33e560592e..ea29601510 100644 --- a/jobs/apiserver/spec +++ b/jobs/apiserver/spec @@ -61,6 +61,9 @@ properties: description: "PEM-encoded server certificate for public api" autoscaler.api_server.public_server_key: description: "PEM-encoded server key for public api" + autoscaler.api_server.http_client_timeout: + description: "Http client imeout for apiserver to communicate with other autoscaler components, in milliseconds" + default: 60000 autoscaler.api_server.scheduler.host: description: "Host where scheduler is running" @@ -165,6 +168,10 @@ properties: autoscaler.cf.api: description: "the Cloud Foundry API endpoint" + autoscaler.cf.client_id: + description: "the client id to log in cf" + autoscaler.cf.secret: + description: "the secret to log in cf" autoscaler.cf.skip_ssl_validation: description: "Flag to skip ssl validation to connect to CC and UAA" default: false diff --git a/jobs/apiserver/templates/config.json.erb b/jobs/apiserver/templates/config.json.erb index eca6beeac4..04c7d82aff 100644 --- a/jobs/apiserver/templates/config.json.erb +++ b/jobs/apiserver/templates/config.json.erb @@ -24,8 +24,11 @@ 'publicPort' => p('autoscaler.api_server.publicPort'), 'infoFilePath' => "/var/vcap/jobs/apiserver/bin/info.json", 'cfApi' => p('autoscaler.cf.api'), + 'cfClientId' => p('autoscaler.cf.client_id'), + 'cfClientSecret' => p('autoscaler.cf.secret'), 'skipSSLValidation' => p('autoscaler.cf.skip_ssl_validation'), 'cacheTTL' => p('autoscaler.api_server.cache_ttl'), + 'httpClientTimeout' => p('autoscaler.api_server.http_client_timeout'), 'db' => { 'maxConnections' => p('autoscaler.api_server.db_config.max_connections'), 'minConnections' => p('autoscaler.api_server.db_config.min_connections'), diff --git a/jobs/eventgenerator/spec b/jobs/eventgenerator/spec index ee69eaff1f..dd4db22f45 100644 --- a/jobs/eventgenerator/spec +++ b/jobs/eventgenerator/spec @@ -79,6 +79,9 @@ properties: autoscaler.eventgenerator.server.port: description: "the listening port of server" default: 6105 + autoscaler.eventgenerator.http_client_timeout: + description: "Http client imeout for eventgenerator to communicate with other autoscaler components" + default: 60s autoscaler.eventgenerator.ca_cert: description: "PEM-encoded CA certificate" @@ -170,4 +173,6 @@ properties: description: "Number of consecutive failure to trip the circuit down" default: 3 - + autoscaler.eventgenerator.health.port: + description: "the listening port of health endpoint" + default: 6204 diff --git a/jobs/eventgenerator/templates/eventgenerator.yml.erb b/jobs/eventgenerator/templates/eventgenerator.yml.erb index 4f6442d5f1..deacf998d2 100644 --- a/jobs/eventgenerator/templates/eventgenerator.yml.erb +++ b/jobs/eventgenerator/templates/eventgenerator.yml.erb @@ -37,6 +37,9 @@ server: logging: level: <%= p("autoscaler.eventgenerator.logging.level") %> +http_client_timeout: <%= p("autoscaler.eventgenerator.http_client_timeout") %> +health: + port: <%= p("autoscaler.eventgenerator.health.port") %> db: policy_db: diff --git a/jobs/metricscollector/spec b/jobs/metricscollector/spec index 4d45b5ab28..5c1ad073a4 100644 --- a/jobs/metricscollector/spec +++ b/jobs/metricscollector/spec @@ -68,10 +68,6 @@ properties: description: "the Cloud Foundry API endpoint" autoscaler.cf.grant_type: description: "the grant type to log in cf" - autoscaler.cf.username: - description: "the user name to log in cf" - autoscaler.cf.password: - description: "the password to log in cf" autoscaler.cf.client_id: description: "the client id to log in cf" autoscaler.cf.secret: @@ -89,6 +85,9 @@ properties: autoscaler.metricscollector.server.port: description: "the listening port of server" default: 6103 + autoscaler.metricscollector.http_client_timeout: + description: "Http client imeout for metricscollector to communicate with other autoscaler components" + default: 60s autoscaler.metricscollector.ca_cert: description: "PEM-encoded CA certificate" autoscaler.metricscollector.server_cert: @@ -108,3 +107,6 @@ properties: description: "the method to collect metrics from loggregator" default: "streaming" + autoscaler.metricscollector.health.port: + description: "the listening port of health endpoint" + default: 6203 diff --git a/jobs/metricscollector/templates/metricscollector.yml.erb b/jobs/metricscollector/templates/metricscollector.yml.erb index 18e9000b09..c9b302070c 100644 --- a/jobs/metricscollector/templates/metricscollector.yml.erb +++ b/jobs/metricscollector/templates/metricscollector.yml.erb @@ -28,8 +28,6 @@ cf: api: <%= p("autoscaler.cf.api") %> grant_type: <%= p("autoscaler.cf.grant_type") %> - username: <%= p("autoscaler.cf.username") %> - password: <%= p("autoscaler.cf.password") %> client_id: <%= p("autoscaler.cf.client_id") %> secret: <%= p("autoscaler.cf.secret") %> skip_ssl_validation: <%= p("autoscaler.cf.skip_ssl_validation") %> @@ -45,6 +43,9 @@ server: logging: level: <%= p("autoscaler.metricscollector.logging.level") %> +http_client_timeout: <%= p("autoscaler.metricscollector.http_client_timeout") %> +health: + port: <%= p("autoscaler.metricscollector.health.port") %> db: policy_db: @@ -61,4 +62,5 @@ db: collector: refresh_interval: <%= p("autoscaler.metricscollector.collector.refresh_interval") %> collect_interval: <%= p("autoscaler.metricscollector.collector.collect_interval") %> - collect_method: <%= p("autoscaler.metricscollector.collector.collect_method") %> \ No newline at end of file + collect_method: <%= p("autoscaler.metricscollector.collector.collect_method") %> + save_interval: <%= p("autoscaler.metricscollector.collector.save_interval") %> \ No newline at end of file diff --git a/jobs/operator/spec b/jobs/operator/spec index 9ae960e5ba..300bdcd387 100644 --- a/jobs/operator/spec +++ b/jobs/operator/spec @@ -22,10 +22,6 @@ properties: description: "the Cloud Foundry API endpoint" autoscaler.cf.grant_type: description: "the grant type to log in cf" - autoscaler.cf.username: - description: "the user name to log in cf" - autoscaler.cf.password: - description: "the password to log in cf" autoscaler.cf.client_id: description: "the client id to log in cf" autoscaler.cf.secret: @@ -117,7 +113,9 @@ properties: autoscaler.operator.logging.level: description: "the leve of logging" default: "info" - + autoscaler.operator.http_client_timeout: + description: "Http client imeout for operator to communicate with other autoscaler components" + default: 60s autoscaler.operator.app_sync_interval: description: "the time interval to sync applications" default: 24h @@ -125,23 +123,23 @@ properties: autoscaler.operator.instance_metrics_db.refresh_interval: description: "the time interval to prune the instancemetrics database" default: 24h - autoscaler.operator.instance_metrics_db.cutoff_days: + autoscaler.operator.instance_metrics_db.cutoff_duration: description: "the cutoff days when pruning instancemetrics database" - default: 30 + default: 24h autoscaler.operator.app_metrics_db.refresh_interval: description: "the time interval to prune the appmetrics database" default: 24h - autoscaler.operator.app_metrics_db.cutoff_days: + autoscaler.operator.app_metrics_db.cutoff_duration: description: "the cutoff days when pruning appmetrics database" - default: 30 + default: 48h autoscaler.operator.scaling_engine_db.refresh_interval: description: "the time interval to prune the scalingengine database" default: 24h - autoscaler.operator.scaling_engine_db.cutoff_days: + autoscaler.operator.scaling_engine_db.cutoff_duration: description: "the cutoff days when pruning scalingengine database" - default: 30 + default: 240h autoscaler.operator.scaling_engine.host: description: "Host where the scaling engine is running" @@ -224,5 +222,7 @@ properties: autoscaler.operator.enable_db_lock: description: "Enable database lock flag" default: false - - \ No newline at end of file + + autoscaler.operator.health.port: + description: "the listening port of health endpoint" + default: 6208 \ No newline at end of file diff --git a/jobs/operator/templates/operator.yml.erb b/jobs/operator/templates/operator.yml.erb index 8c2e7f927b..bc8d2f1e10 100644 --- a/jobs/operator/templates/operator.yml.erb +++ b/jobs/operator/templates/operator.yml.erb @@ -42,8 +42,6 @@ cf: api: <%= p("autoscaler.cf.api") %> grant_type: <%= p("autoscaler.cf.grant_type") %> - username: <%= p("autoscaler.cf.username") %> - password: <%= p("autoscaler.cf.password") %> client_id: <%= p("autoscaler.cf.client_id") %> secret: <%= p("autoscaler.cf.secret") %> skip_ssl_validation: <%= p("autoscaler.cf.skip_ssl_validation") %> @@ -51,7 +49,9 @@ cf: logging: level: <%= p("autoscaler.operator.logging.level") %> - +health: + port: <%= p("autoscaler.operator.health.port") %> +http_client_timeout: <%= p("autoscaler.operator.http_client_timeout") %> instance_metrics_db: db: url: <%= instance_metrics_db_url %> @@ -59,7 +59,7 @@ instance_metrics_db: max_idle_connections: <%= p("autoscaler.instancemetrics_db_connection_config.max_idle_connections") %> connection_max_lifetime: <%= p("autoscaler.instancemetrics_db_connection_config.connection_max_lifetime") %> refresh_interval: <%= p("autoscaler.operator.instance_metrics_db.refresh_interval") %> - cutoff_days: <%= p("autoscaler.operator.instance_metrics_db.cutoff_days") %> + cutoff_duration: <%= p("autoscaler.operator.instance_metrics_db.cutoff_duration") %> app_metrics_db: db: @@ -68,7 +68,7 @@ app_metrics_db: max_idle_connections: <%= p("autoscaler.appmetrics_db_connection_config.max_idle_connections") %> connection_max_lifetime: <%= p("autoscaler.appmetrics_db_connection_config.connection_max_lifetime") %> refresh_interval: <%= p("autoscaler.operator.app_metrics_db.refresh_interval") %> - cutoff_days: <%= p("autoscaler.operator.app_metrics_db.cutoff_days") %> + cutoff_duration: <%= p("autoscaler.operator.app_metrics_db.cutoff_duration") %> scaling_engine_db: db: @@ -77,7 +77,7 @@ scaling_engine_db: max_idle_connections: <%= p("autoscaler.scalingengine_db_connection_config.max_idle_connections") %> connection_max_lifetime: <%= p("autoscaler.scalingengine_db_connection_config.connection_max_lifetime") %> refresh_interval: <%= p("autoscaler.operator.scaling_engine_db.refresh_interval") %> - cutoff_days: <%= p("autoscaler.operator.scaling_engine_db.cutoff_days") %> + cutoff_duration: <%= p("autoscaler.operator.scaling_engine_db.cutoff_duration") %> scaling_engine: scaling_engine_url: https://<%= p("autoscaler.operator.scaling_engine.host") %>:<%= p("autoscaler.operator.scaling_engine.port") %> diff --git a/jobs/scalingengine/spec b/jobs/scalingengine/spec index 8751325ae2..01591975a0 100644 --- a/jobs/scalingengine/spec +++ b/jobs/scalingengine/spec @@ -76,10 +76,6 @@ properties: description: "the Cloud Foundry API endpoint" autoscaler.cf.grant_type: description: "the grant type to log in cf" - autoscaler.cf.username: - description: "the user name to log in cf" - autoscaler.cf.password: - description: "the password to log in cf" autoscaler.cf.client_id: description: "the client id to log in cf" autoscaler.cf.secret: @@ -94,6 +90,9 @@ properties: autoscaler.scalingengine.logging.level: description: "the level of logging" default: "info" + autoscaler.scalingengine.http_client_timeout: + description: "Http client imeout for scalingengine to communicate with other autoscaler components" + default: 60s autoscaler.scalingengine.server.port: description: "the listening port of server" default: 6104 @@ -107,10 +106,7 @@ properties: autoscaler.scalingengine.health.port: description: "the listening port of health endpoint" - default: 8081 - autoscaler.scalingengine.health.emit_interval: - description: "the time interval to emit health metrics" - default: 15s + default: 6204 autoscaler.scalingengine.consul.cluster: description: "Consul Cluster configuration. If not specified, scaling engine will not register itself with consul." diff --git a/jobs/scalingengine/templates/scalingengine.yml.erb b/jobs/scalingengine/templates/scalingengine.yml.erb index ac09979093..cc73b8d21a 100644 --- a/jobs/scalingengine/templates/scalingengine.yml.erb +++ b/jobs/scalingengine/templates/scalingengine.yml.erb @@ -32,8 +32,6 @@ cf: api: <%= p("autoscaler.cf.api") %> grant_type: <%= p("autoscaler.cf.grant_type") %> - username: <%= p("autoscaler.cf.username") %> - password: <%= p("autoscaler.cf.password") %> client_id: <%= p("autoscaler.cf.client_id") %> secret: <%= p("autoscaler.cf.secret") %> skip_ssl_validation: <%= p("autoscaler.cf.skip_ssl_validation") %> @@ -47,10 +45,9 @@ server: logging: level: <%= p("autoscaler.scalingengine.logging.level") %> - +http_client_timeout: <%= p("autoscaler.scalingengine.http_client_timeout") %> health: port: <%= p("autoscaler.scalingengine.health.port") %> - emit_interval: <%= p("autoscaler.scalingengine.health.emit_interval") %> db: policy_db: diff --git a/jobs/scheduler/spec b/jobs/scheduler/spec index 6db1d21429..aa4b8be685 100644 --- a/jobs/scheduler/spec +++ b/jobs/scheduler/spec @@ -26,6 +26,9 @@ properties: autoscaler.scheduler.port: description: "Scheduler's port" default: 6102 + autoscaler.scheduler.http_client_timeout: + description: "Http client imeout for scheduler to communicate with other autoscaler components, in seconds" + default: 60 autoscaler.scheduler.ca_cert: description: "PEM-encoded CA certificate" autoscaler.scheduler.server_cert: @@ -80,5 +83,8 @@ properties: autoscaler.policy_db.roles: description: "The list of database roles used in policydb database including name/password" + autoscaler.scheduler.health.port: + description: "the listening port of health endpoint" + default: 6204 \ No newline at end of file diff --git a/jobs/scheduler/templates/application.properties.erb b/jobs/scheduler/templates/application.properties.erb index 42e6f5ca7d..d8a69d5132 100644 --- a/jobs/scheduler/templates/application.properties.erb +++ b/jobs/scheduler/templates/application.properties.erb @@ -43,6 +43,10 @@ server.ssl.key-store-password=123456 server.ssl.key-store-type=PKCS12 server.ssl.trust-store=/var/vcap/data/certs/scheduler/cacerts server.ssl.trust-store-password=123456 +#to prevent logjam vulnerability +server.ssl.enabled-protocols[3]=TLSv1,TLSv1.1,TLSv1.2 +server.ssl.ciphers[23]=TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA + # Client key and trust store for communication with the scaling engine. client.ssl.key-store=/var/vcap/data/certs/scalingengine/client.p12 @@ -51,6 +55,7 @@ client.ssl.key-store-type=PKCS12 client.ssl.trust-store=/var/vcap/data/certs/scalingengine/cacerts client.ssl.trust-store-password=123456 client.ssl.protocol=TLSv1.2 +client.httpClientTimeout=<%=p('autoscaler.scheduler.http_client_timeout') %> #Quartz org.quartz.scheduler.instanceName=app-autoscaler @@ -58,6 +63,7 @@ org.quartz.scheduler.instanceId=<%= spec.id %> # scheduler port server.port=<%=p('autoscaler.scheduler.port') %> +scheduler.healthserver.port=<%=p('autoscaler.scheduler.health.port') %> spring.application.name=scheduler spring.mvc.servlet.load-on-startup=1 diff --git a/packages/eventgenerator/spec b/packages/eventgenerator/spec index ed5ff9131d..30d476bd26 100644 --- a/packages/eventgenerator/spec +++ b/packages/eventgenerator/spec @@ -10,7 +10,6 @@ files: - app-autoscaler/src/autoscaler/db/sqldb/*.go # gosub - app-autoscaler/src/autoscaler/eventgenerator/*.go # gosub - app-autoscaler/src/autoscaler/eventgenerator/aggregator/*.go # gosub -- app-autoscaler/src/autoscaler/eventgenerator/aggregator/fakes/*.go # gosub - app-autoscaler/src/autoscaler/eventgenerator/cmd/eventgenerator/*.go # gosub - app-autoscaler/src/autoscaler/eventgenerator/config/*.go # gosub - app-autoscaler/src/autoscaler/eventgenerator/generator/*.go # gosub diff --git a/packages/metricscollector/spec b/packages/metricscollector/spec index c5b1e7cc69..7cb68ed1a4 100644 --- a/packages/metricscollector/spec +++ b/packages/metricscollector/spec @@ -15,12 +15,12 @@ files: - app-autoscaler/src/autoscaler/metricscollector/cmd/metricscollector/*.go # gosub - app-autoscaler/src/autoscaler/metricscollector/collector/*.go # gosub - app-autoscaler/src/autoscaler/metricscollector/config/*.go # gosub -- app-autoscaler/src/autoscaler/metricscollector/fakes/*.go # gosub - app-autoscaler/src/autoscaler/metricscollector/noaa/*.go # gosub - app-autoscaler/src/autoscaler/metricscollector/server/*.go # gosub - app-autoscaler/src/autoscaler/metricscollector/testhelpers/*.go # gosub - app-autoscaler/src/autoscaler/models/*.go # gosub - app-autoscaler/src/autoscaler/routes/*.go # gosub +- app-autoscaler/src/autoscaler/collection/*.go # gosub - app-autoscaler/src/code.cloudfoundry.org/cfhttp/*.go # gosub - app-autoscaler/src/code.cloudfoundry.org/cfhttp/handlers/*.go # gosub - app-autoscaler/src/code.cloudfoundry.org/cfhttp/unix_transport/*.go # gosub diff --git a/packages/operator/spec b/packages/operator/spec index 5c0fe59fa1..ade45bcdc8 100644 --- a/packages/operator/spec +++ b/packages/operator/spec @@ -15,7 +15,6 @@ files: - app-autoscaler/src/autoscaler/operator/*.go # gosub - app-autoscaler/src/autoscaler/operator/cmd/operator/*.go # gosub - app-autoscaler/src/autoscaler/operator/config/*.go # gosub -- app-autoscaler/src/autoscaler/operator/fakes/*.go # gosub - app-autoscaler/src/autoscaler/routes/*.go # gosub - app-autoscaler/src/autoscaler/sync/*.go # gosub - app-autoscaler/src/code.cloudfoundry.org/cfhttp/*.go # gosub diff --git a/packages/scalingengine/spec b/packages/scalingengine/spec index a629e0b7a7..9acd8dec44 100644 --- a/packages/scalingengine/spec +++ b/packages/scalingengine/spec @@ -16,7 +16,6 @@ files: - app-autoscaler/src/autoscaler/scalingengine/*.go # gosub - app-autoscaler/src/autoscaler/scalingengine/cmd/scalingengine/*.go # gosub - app-autoscaler/src/autoscaler/scalingengine/config/*.go # gosub -- app-autoscaler/src/autoscaler/scalingengine/fakes/*.go # gosub - app-autoscaler/src/autoscaler/scalingengine/schedule/*.go # gosub - app-autoscaler/src/autoscaler/scalingengine/server/*.go # gosub - app-autoscaler/src/code.cloudfoundry.org/cfhttp/*.go # gosub diff --git a/src/app-autoscaler b/src/app-autoscaler index 65f3d81212..7cb1703092 160000 --- a/src/app-autoscaler +++ b/src/app-autoscaler @@ -1 +1 @@ -Subproject commit 65f3d812122c0539ba81456148a41a7d467218ef +Subproject commit 7cb170309297eaa63de1eb3592dcff220f8f1188 diff --git a/templates/app-autoscaler-deployment-fewer.yml b/templates/app-autoscaler-deployment-fewer.yml index d298efd94c..d9362bcce2 100644 --- a/templates/app-autoscaler-deployment-fewer.yml +++ b/templates/app-autoscaler-deployment-fewer.yml @@ -20,7 +20,7 @@ releases: # Stemcell details stemcells: - alias: default - os: ubuntu-trusty + os: ubuntu-xenial version: latest # Canary details @@ -124,20 +124,18 @@ instance_groups: policy_db_connection_config: *databaseConnectionConfig cf: &cf_credentials api: "https://api.((system_domain))" - grant_type: password - username: admin - password: "((cf_admin_password))" - client_id: "" - secret: "" + grant_type: client_credentials + client_id: "((cf_client_id))" + secret: "((cf_client_secret))" skip_ssl_validation: "((skip_ssl_validation))" scalingengine: logging: level: debug + http_client_timeout: 60s server: port: &scalingEnginePort 6104 health: port: &scalingEngineHealthPort 6204 - emit_interval: 15s defaultCoolDownSecs: 300 lockSize: 32 ca_cert: ((scalingengine_ca.ca)) @@ -150,6 +148,9 @@ instance_groups: autoscaler: scheduler: port: &schedulerPort 6102 + health: + port: &schedulerHealthPort 6202 + http_client_timeout: 60 job_reschedule_interval_millisecond: 10000 job_reschedule_maxcount: 6 notification_reschedule_maxcount: 3 @@ -195,6 +196,9 @@ instance_groups: enable_db_lock: false logging: level: debug + http_client_timeout: 60s + health: + port: &operatorHealthPort 6208 require_consul: false # asapi Instance Group : apiserver&servicebroker @@ -228,6 +232,7 @@ instance_groups: autoscaler: api_server: cache_ttl: 600 + http_client_timeout: 60000 service_offering_enabled: true db_config: &db_config idle_timeout: 1000 @@ -260,9 +265,7 @@ instance_groups: client_key: ((servicebroker_client.private_key)) require_consul: true policy_db: *database - cf: - api: "https://api.((system_domain))" - skip_ssl_validation: "((skip_ssl_validation))" + cf: *cf_credentials - name: servicebroker release: app-autoscaler properties: @@ -365,8 +368,11 @@ instance_groups: metricscollector: logging: level: debug + http_client_timeout: 60s server: port: &metricsCollectorPort 6103 + health: + port: &metricsCollectorHealthPort 6203 collector: refresh_interval: 60s collect_interval: 30s @@ -386,8 +392,11 @@ instance_groups: eventgenerator: logging: level: debug + http_client_timeout: 60s server: port: &eventGeneratorPort 6105 + health: + port: &eventGeneratorHealthPort 6205 ca_cert: ((eventgenerator_ca.ca)) server_cert: ((eventgenerator_server.certificate)) server_key: ((eventgenerator_server.private_key)) @@ -402,8 +411,8 @@ instance_groups: evaluation_manager_execute_interval: 40s evaluator_count: 20 trigger_array_channel_size: 200 - defaultStatWindowSecs: 300 - defaultBreachDurationSecs: 300 + defaultStatWindowSecs: 120 + defaultBreachDurationSecs: 120 circuitBreaker: back_off_initial_interval: 5m back_off_max_interval: 120m @@ -420,7 +429,7 @@ instance_groups: ca_cert: ((metricscollector_ca.ca)) client_cert: ((metricscollector_client.certificate)) client_key: ((metricscollector_client.private_key)) - require_consul: true + require_consul: false diff --git a/templates/app-autoscaler-deployment.yml b/templates/app-autoscaler-deployment.yml index e1eab2f7c0..c5a0eade98 100644 --- a/templates/app-autoscaler-deployment.yml +++ b/templates/app-autoscaler-deployment.yml @@ -20,7 +20,7 @@ releases: # Stemcell details stemcells: - alias: default - os: ubuntu-trusty + os: ubuntu-xenial version: latest # Canary details @@ -104,6 +104,7 @@ instance_groups: autoscaler: api_server: cache_ttl: 600 + http_client_timeout: 60000 service_offering_enabled: true db_config: &db_config idle_timeout: 1000 @@ -135,8 +136,11 @@ instance_groups: client_cert: ((servicebroker_client.certificate)) client_key: ((servicebroker_client.private_key)) policy_db: *database - cf: + cf: &cf_credentials api: "https://api.((system_domain))" + grant_type: client_credentials + client_id: "((cf_client_id))" + secret: "((cf_client_secret))" skip_ssl_validation: "((skip_ssl_validation))" - name: route_registrar release: routing @@ -184,6 +188,9 @@ instance_groups: autoscaler: scheduler: port: &schedulerPort 6102 + health: + port: &schedulerHealthPort 6202 + http_client_timeout: 60 job_reschedule_interval_millisecond: 10000 job_reschedule_maxcount: 6 notification_reschedule_maxcount: 3 @@ -217,7 +224,7 @@ instance_groups: consul: agent: services: - scalingengine: + scalingengine: check: tcp: 127.0.0.1:6104 interval: 30s @@ -232,22 +239,15 @@ instance_groups: scalingengine_db_connection_config: *databaseConnectionConfig scheduler_db_connection_config: *databaseConnectionConfig policy_db_connection_config: *databaseConnectionConfig - cf: &cf_credentials - api: "https://api.((system_domain))" - grant_type: password - username: admin - password: "((cf_admin_password))" - client_id: "" - secret: "" - skip_ssl_validation: "((skip_ssl_validation))" + cf: *cf_credentials scalingengine: logging: level: debug + http_client_timeout: 60s server: port: &scalingEnginePort 6104 health: port: &scalingEngineHealthPort 6204 - emit_interval: 15s defaultCoolDownSecs: 300 lockSize: 32 ca_cert: ((scalingengine_ca.ca)) @@ -361,8 +361,11 @@ instance_groups: metricscollector: logging: level: debug + http_client_timeout: 60s server: port: &metricsCollectorPort 6103 + health: + port: &metricsCollectorHealthPort 6203 collector: refresh_interval: 60s collect_interval: 30s @@ -407,8 +410,11 @@ instance_groups: eventgenerator: logging: level: debug + http_client_timeout: 60s server: port: &eventGeneratorPort 6105 + health: + port: &eventGeneratorHealthPort 6205 ca_cert: ((eventgenerator_ca.ca)) server_cert: ((eventgenerator_server.certificate)) server_key: ((eventgenerator_server.private_key)) @@ -479,6 +485,7 @@ instance_groups: scalingengine_db_connection_config: *databaseConnectionConfig lock_db: *database operator: + http_client_timeout: 60s app_sync_interval: 24h scaling_engine: port: *scalingEnginePort @@ -496,6 +503,8 @@ instance_groups: enable_db_lock: false logging: level: debug + health: + port: &operatorHealthPort 6208