forked from cloudfoundry/docs-bosh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdirector-configure-blobstore.html.md.erb
141 lines (113 loc) · 4.18 KB
/
director-configure-blobstore.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---
title: Connecting the Director to an External Blobstore
---
The Director stores uploaded releases, configuration files, logs and other data in a blobstore. A default DAV blobstore is sufficient for most BOSH environments; however, a highly-available external blobstore may be desired.
## <a id="included"></a> Included DAV (default)
By default the Director is configured to use included DAV blobstore job (see [Installing BOSH section](index.html#install) for example manifests). Here is how to configure it:
1. Add blobstore release job and make sure that persistent disk is enabled:
```yaml
jobs:
- name: bosh
templates:
- {name: blobstore, release: bosh}
# ...
persistent_disk: 25_000
# ...
networks:
- name: default
static_ips: [10.0.0.6]
```
1. Configure blobstore job. The blobstore's address must be reachable by the Agents:
```yaml
properties:
blobstore:
provider: dav
address: 10.0.0.6
port: 25250
director:
user: director
password: DIRECTOR-PASSWORD
agent:
user: agent
password: AGENT-PASSWORD
```
Above configuration is used by the Director and the Agents.
---
## <a id="default"></a> S3
The Director and the Agents can use an S3 compatible blobstore. Here is how to configure it:
1. Create a *private* S3 bucket
1. Ensure that access to the bucket is protected, as the Director may store sensitive information.
1. Modify deployment manifest for the Director and specify S3 credentials and bucket name:
```yaml
properties:
blobstore:
provider: s3
access_key_id: ACCESS-KEY-ID
secret_access_key: SECRET-ACCESS-KEY
bucket_name: test-bosh-bucket
```
1. For an S3 compatible blobstore you need to additionally specify the host:
```yaml
properties:
blobstore:
provider: s3
access_key_id: ACCESS-KEY-ID
secret_access_key: SECRET-ACCESS-KEY
bucket_name: test-bosh-bucket
host: objects.dreamhost.com
```
---
## <a id="gcs"></a> Google Cloud Storage (GCS)
<p class="note">Note: Available in bosh release v263+ and Linux stemcells 3450+.</p>
The Director and the Agents can use GCS as a blobstore. Here is how to configure it:
1. [Create a GCS bucket](https://cloud.google.com/storage/docs/creating-buckets).
1. Follow the steps on how to create service accounts and configure them with the [minimum set of permissions](google-required-permissions.html#director-with-gcs-blobstore).
1. Ensure that access to the bucket is protected, as the Director may store sensitive information.
1. Modify deployment manifest for the Director and specify GCS credentials and bucket name:
```yaml
properties:
blobstore:
provider: gcs
credentials_source: static
json_key: |
DIRECTOR-BLOBSTORE-SERVICE-ACCOUNT-FILE
bucket_name: test-bosh-bucket
agent:
blobstore:
json_key: |
AGENT-SERVICE-ACCOUNT-BLOBSTORE-FILE
```
1. To use [Customer Supplied Encryption Keys](https://cloud.google.com/storage/docs/encryption#customer-supplied)
to encrypt blobstore contents instead of server-side encryption keys, specify `encryption_key`:
```yaml
properties:
blobstore:
provider: gcs
credentials_source: static
json_key: |
DIRECTOR-BLOBSTORE-SERVICE-ACCOUNT-FILE
bucket_name: test-bosh-bucket
encryption_key: BASE64-ENCODED-32-BYTES
agent:
blobstore:
credentials_source: static
json_key: |
AGENT-SERVICE-ACCOUNT-BLOBSTORE-FILE
```
1. To use an explicit [Storage Class](https://cloud.google.com/storage/docs/storage-classes)
to store blobstore contents instead of the bucket default, specify `storage_class`:
```yaml
properties:
blobstore:
provider: gcs
credentials_source: static
json_key: |
DIRECTOR-BLOBSTORE-SERVICE-ACCOUNT-FILE
bucket_name: test-bosh-bucket
storage_class: REGIONAL
agent:
blobstore:
credentials_source: static
json_key: |
AGENT-SERVICE-ACCOUNT-BLOBSTORE-FILE
```