Deploying BOSH on GCP
Page last updated:
After completing this topic, you will have the following:
- A BOSH Director instance in the Availability Zone (AZ) of your choice
- A set of randomly generated BOSH Director credentials
- A generated key pair that allows you to SSH into the BOSH Director and any instances that BOSH deploys
- A copy of the manifest you use to deploy the BOSH Director
Note: A manifest is a YAML file that defines the components and properties of a BOSH deployment.
- A basic cloud config
Note: A cloud config is a YAML file that defines IaaS-specific configuration for BOSH.
- A set of load balancers
Note: bosh-bootloader creates the load balancers, but you must still configure DNS to point your domains to the load balancers. See the Setting Up DNS for Your Environment topic for more information.
Perform the following steps to download the required dependencies for bosh-bootloader:
Download Terraform v0.9.1 or later. Unzip the file and move it to somewhere in your PATH:
$ tar xvf ~/Downloads/terraform* $ sudo mv ~/Downloads/terraform /usr/local/bin/terraform
Download the BOSH CLI v2. Make the binary executable and move it to somewhere in your PATH:
$ chmod +x ~/Downloads/bosh-cli-* $ sudo mv ~/Downloads/bosh-cli-* /usr/local/bin/bosh
Perform one of the following procedures to download and install bosh-bootloader:
- On Mac OS X, use Homebrew:
$ brew install cloudfoundry/tap/bbl
- Download the latest bosh-bootloader from GitHub. Make the binary executable and move it to somewhere in your PATH:
$ chmod +x ~/Downloads/bbl-* $ sudo mv ~/Downloads/bbl-* /usr/local/bin/bbl
- On Mac OS X, use Homebrew:
Download and install the gcloud CLI.
Perform the following steps to create the Identity and Access Management (IAM) service account that bosh-bootloader needs to interact with GCP:
If you installed the gcloud CLI for the first time, initialize it:
$ gcloud init
Create the IAM service account for bosh-bootloader with the gcloud CLI:
$ gcloud iam service-accounts create bbl-user --display-name "BBL"
Navigate to the GCP Console and under Project info, retrieve your Project ID.
Create keys for the service account, replacing
YOUR-PROJECT-IDwith the project ID you retrieved in the previous step:
$ gcloud iam service-accounts keys create \ --iam-account='bbl-user@YOUR-PROJECT-ID.iam.gserviceaccount.com' \ bbl-user.key.jsonThis command outputs a
bbl-user.key.jsonfile. Store this file in a safe and secure place.
Add the Editor role to the service account:
$ gcloud projects add-iam-policy-binding YOUR-PROJECT-ID \ --member='serviceAccount:bbl-user@YOUR-PROJECT-ID.iam.gserviceaccount.com' \ --role='roles/editor'
Run the following command to create the required infrastructure and deploy a BOSH Director:
bbl up \ --iaas gcp \ --gcp-service-account-key PATH-TO/bbl-user.key.json \ --gcp-region YOUR-GCP-REGION
Replace the placeholders as follows:
PATH-TOis the path to the
bbl-user.key.jsonfile, created in the previous section.
YOUR-GCP-REGIONis your GCP region, such as
bbl up command takes five to eight minutes to complete. When the process finishes, it outputs a state file,
bbl-state.json, in the present working directory.
bbl-state.json file contains credentials and other metadata related to your BOSH Director and infrastructure. Back up this file and store it in a safe location, and never modify it manually.
To extract information from the
bbl-state.json state file, use bosh-bootloader instead of opening the file. For example, to obtain your BOSH Director address, run the following command:
$ bbl director-address https://YOUR-DIRECTOR-ADDRESS
bbl to see the full list of values from the state file that you can print. You must always run
bbl from the directory that contains
To create your load balancers, run the following command:
$ bbl create-lbs --type cf --cert YOUR-CERT.crt --key YOUR-KEY.key --domain YOUR-SYSTEM-DOMAIN
Replace the placeholders as follows:
YOUR-KEY.keyare the path to your Certificate Authority (CA) certificate and key. This enables SSL/TLS termination at your load balancer.
YOUR-SYSTEM-DOMAINis the DNS domain name for your Cloud Foundry instance. Cloud Foundry uses this domain name when deploying apps. For example, if you select the name
cloud.example.com, Cloud Foundry deploys each of your apps as
For more information about the options for securing HTTP traffic into your Cloud Foundry (CF) deployment with SSL/TLS certificates, see the Securing Traffic into Cloud Foundry topic.
For test and development environments, you can also generate your own CA certificate and key with a tool such as certstrap.
create-lbs command creates an NS record in Google’s CloudDNS. You can view this record by navigating to the [GCP Console and selecting Networking > Cloud DNS.
The data associated with the record will have the following format:
ns-cloud-e1.googledomains.com. ns-cloud-e2.googledomains.com. ...
From your domain registrar, delegate DNS authority for your hosted zone to the four CloudDNS name servers. To do this, replace your registrar’s NS records for the domain with the NS record values listed in CloudDNS.
After a few minutes, your system domain should resolve to your GCP load balancer.
Perform the following steps to connect to the BOSH Director:
Save the Certificate Authority (CA) certificate to a file and set the path as an environment variable:
$ bbl director-ca-cert > bosh.crt $ export BOSH_CA_CERT=bosh.crt
Set your BOSH Director address as an environment variable:
$ export BOSH_ENVIRONMENT=$(bbl director-address)
Obtain your BOSH Director username and password:
$ bbl director-username YOUR-DIRECTOR-USERNAME $ bbl director-password YOUR-DIRECTOR-PASSWORD
Set your target and log in with the BOSH CLI:
$ bosh alias-env YOUR-TARGET-NAME $ bosh log-in Username: YOUR-DIRECTOR-USERNAME Password: YOUR-DIRECTOR-PASSWORDReplace
YOUR-TARGET-NAMEwith a target name to associate with the BOSH Director address, such as
my-bosh. You use this target name to log in to your BOSH Director in the future.
YOUR-DIRECTOR-PASSWORDwith the values you obtained from
bblin the previous step.
You can use
bbl destroy to delete the BOSH Director infrastructure in your GCP environment. Use this command if
bbl up does not complete successfully and you want to reset your environment, or if you want to destroy the resources created by bosh-bootloader for any other reason.
To destroy your BOSH resources, run the following command:
$ bbl destroyCreate a pull request or raise an issue on the source for this page in GitHub