The Doomsday Genesis Kit deploys the Doomsday Service using the Doomsday BOSH Release
This Doomsday kit assumes that it is being deployed in a Management environment ("Mgmt")
It will look up the deployments of the BOSH director which deploys it to gather a list of BOSH directors and automatically configure to target each of them to scan certificates within their credhub.
If the ocfp reference architecutre feature flag is being used it will also look up the
terraform environment path mgmt/fqdns and ocf/fqdns and configure to scan their
ceritifcates for each fqdns entry.
It will also look up and scan the vault path certificates, by default using secret/.
If the shareded-vault-paths feature is being used (not recommended), it will
read the configured path prefixes to scan from the vault environment path at /doomsday.
These prefixes are used when the configuration template is rendered telling the specific
doomsday vault configuration entry what vault path to look in for certificates.
-
ip- The static IP address to deploy the Blacksmith broker to. This must exist within the static range of thenetwork. -
fqdn- (Optional) The FQDN DNS Name of the Load Balancer fronting the Blacksmith broker.
-
network- The name of thenetwork(per cloud-config) where the Doomsday Service will be deployed. Defaults todoomsday. -
stemcell_os- The operating system you want to deploy the Blacksmith service broker itself on. This defaults toubuntu-bionic. -
stemcell_version- The version of the stemcell to deploy. Defaults toubuntu-bionic -
vm_type- The name of thevm_type(per cloud-config) that will be used to deploy the blacksmith broker VM. Defaults todoomsday. -
disk_size- How big of a data disk to provide the Doomsday service, for persistent storage. Defaults to20480(20G).