Task Inputs and Outputs

Inputs

These are the inputs that can be provided to the tasks. Each task can only take a specific set, indicated under the inputs property of the YAML.

env

The env input for a task expects to have a env.yml file. This file contains properties for targeting and logging into the Ops Manager API.

basic authentication

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
---
target: https://pcf.example.com
connect-timeout: 30            # default 5
request-timeout: 1800          # default 1800
skip-ssl-validation: false     # default false
username: username
password: password
# decryption-passphrase is optional,
# except for use with `import-installation`.
# OpsMan depends on the passphrase
# to decrypt the imported installation.
# For other commands, providing this key allows
# decryption of the OpsMan VM after reboot,
# which would otherwise need to be done manually.
decryption-passphrase: passphrase

uaa authentication

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
---
target: https://pcf.example.com
connect-timeout: 30          # default 5
request-timeout: 1800        # default 1800
skip-ssl-validation: false   # default false
client-id: client_id
client-secret: client_secret
# decryption-passphrase is optional,
# except for use with `import-installation`.
# OpsMan depends on the passphrase
# to decrypt the imported installation.
# For other commands, providing this key allows
# decryption of the OpsMan VM after reboot,
# which would otherwise need to be done manually.
decryption-passphrase: passphrase
Getting the client-id and client-secret

Ops Manager will by preference use Client ID and Client Secret if provided. To create a Client ID and Client Secret

  1. uaac target https://YOUR_OPSMANAGER/uaa
  2. uaac token sso get if using SAML or uaac token owner get if using basic auth. Specify the Client ID as opsman and leave Client Secret blank.
  3. Generate a client ID and secret
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
uaac client add -i
Client ID:  NEW_CLIENT_NAME
New client secret:  DESIRED_PASSWORD
Verify new client secret:  DESIRED_PASSWORD
scope (list):  opsman.admin
authorized grant types (list):  client_credentials
authorities (list):  opsman.admin
access token validity (seconds):  43200
refresh token validity (seconds):  43200
redirect uri (list):
autoapprove (list):
signup redirect url (url):

Ops Manager config

The config for an Ops Manager described IAAS specific information for creating the VM -- i.e. VM flavor (size), IP addresses

The config input for opsman task expects to have a opsman.yml file. The configuration of the opsman.yml is IAAS specific.

Specific examples for each IaaS are as follows:

AWS

These required properties are adapted from the instructions outlined in Launching an Ops Manager Director Instance on AWS

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
---
opsman-configuration:
  aws:
    region: us-west-2
    vpc_subnet_id: subnet-0292bc845215c2cbf
    security_group_ids: [ sg-0354f804ba7c4bc41 ]
    key_pair_name: ops-manager-key  # used to ssh to VM
    iam_instance_profile_name: env_ops_manager

    # At least one IP address (public or private) needs to be assigned to the
    # VM. It is also permissible to assign both.
    public_ip: 1.2.3.4      # Reserved Elastic IP
    private_ip: 10.0.0.2

    # Optional
    # vm_name: ops-manager-vm    # default - ops-manager-vm
    # boot_disk_size: 100        # default - 200 (GB)
    # instance_type: m5.large    # default - m5.large
                                 # NOTE - not all regions support m5.large
    # assume_role: "arn:aws:iam::..." # necessary if a role is needed to authorize
                                      # the OpsMan VM instance profile

    # Omit if using instance profiles
    # And instance profile OR access_key/secret_access_key is required
    # access_key_id: ((access-key-id))
    # secret_access_key: ((secret-access-key))

    # security_group_id: sg-123  # DEPRECATED - use security_group_ids
    # use_instance_profile: true # DEPRECATED - will use instance profile for
                                 # execution VM if access_key_id and
                                 # secret_access_key are not set

Info

At least one IP address (public or private) must be assigned to the Ops Manager VM. Both can be assigned, too.

Using instance_profile to Avoid Secrets

For authentication you must either set use_instance_profile: true or provide a secret_key_id and secret_access_key. You must remove key information if you're using an instance profile. Using an instance profile allows you to avoid interpolation, as this file then contains no secrets.

Azure

These required properties are adapted from the instructions outlined in Launching an Ops Manager Director Instance on Azure

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
---
opsman-configuration:
  azure:
    tenant_id: 3e52862f-a01e-4b97-98d5-f31a409df682
    subscription_id: 90f35f10-ea9e-4e80-aac4-d6778b995532
    client_id: 5782deb6-9195-4827-83ae-a13fda90aa0d
    client_secret: ((opsman-client-secret))
    location: westus
    resource_group: res-group
    storage_account: opsman                       # account name of container
    ssh_public_key: ssh-rsa AAAAB3NzaC1yc2EAZ...  # ssh key to access VM

    # Note that there are several environment-specific details in this path
    # This path can reach out to other resource groups if necessary
    subnet_id: /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Network/virtualNetworks/<VNET>/subnets/<SUBNET>

    # At least one IP address (public or private) needs to be assigned
    # to the VM. It is also permissible to assign both.
    private_ip: 10.0.0.3
    public_ip: 1.2.3.4

    # Optional
    # cloud_name: AzureCloud          # default - AzureCloud
    # storage_key: ((storage-key))    # only required if your client does not
                                      # have the needed storage permissions
    # container: opsmanagerimage      # storage account container name
                                      # default - opsmanagerimage
    # network_security_group: ops-manager-security-group
    # vm_name: ops-manager-vm         # default - ops-manager-vm
    # boot_disk_size: 200             # default - 200 (GB)
    # use_managed_disk: true          # this flag is only respected by the
                                      # create-vm and upgrade-opsman commands.
                                      # set to false if you want to create
                                      # the new opsman VM with an unmanaged
                                      # disk (not recommended). default - true
    # storage_sku: Premium_LRS        # this sets the SKU of the storage account
                                      # for the disk
                                      # Allowed values: Standard_LRS, Premium_LRS,
                                      # StandardSSD_LRS, UltraSSD_LRS
    # vm_size: Standard_DS1_v2        # the size of the Ops Manager VM
                                      # default - Standard_DS2_v2
                                      # Allowed values: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/sizes-general
    # vpc_subnet: /subscriptions/...  # DEPRECATED - use subnet_id
    # use_unmanaged_disk: false       # DEPRECATED - use use_managed_disk

Info

At least one IP address (public or private) must be assigned to the Ops Manager VM. Both can be assigned, too.

GCP

These required properties are adapted from the instructions outlined in Launching an Ops Manager Director Instance on GCP

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
---
opsman-configuration:
  gcp:
    # Either gcp_service_account_name or gcp_service_account json is required
    # You must remove whichever you don't use
    gcp_service_account_name: user@project-id.iam.gserviceaccount.com
    gcp_service_account: ((gcp-service-account-key-json))

    project: project-id
    region: us-central1
    zone: us-central1-b
    vpc_subnet: infrastructure-subnet

    # At least one IP address (public or private) needs to be assigned to the
    # VM. It is also permissible to assign both.
    public_ip: 1.2.3.4
    private_ip: 10.0.0.2

    ssh_public_key: ssh-rsa some-public-key... # RECOMMENDED, but not required
    tags: ops-manager                          # RECOMMENDED, but not required

    # Optional
    # vm_name: ops-manager-vm  # default - ops-manager-vm
    # custom_cpu: 2            # default - 2
    # custom_memory: 8         # default - 8
    # boot_disk_size: 100      # default - 100
    # scopes: ["my-scope"]

Info

At least one IP address (public or private) must be assigned to the Ops Manager VM. Both can be assigned, too.

Using a Service Account Name to Avoid Secrets

For authentication either gcp_service_account or gcp_service_account_name is required. You must remove the one you are not using note that using gcp_service_account_name allows you to avoid interpolation, as this file then contains no secrets.

Support for Shared VPC is done via configuring the vpc_subnet path to include the host project id, region of the subnet, and the subnet name.

For example:

projects/[HOST_PROJECT_ID]/regions/[REGION]/subnetworks/[SUBNET]

Openstack

These required properties are adapted from the instructions outlined in Launching an Ops Manager Director Instance on Openstack

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
---
opsman-configuration:
  openstack:
    project_name: project
    auth_url: http://os.example.com:5000/v2.0
    username: ((opsman-openstack-username))
    password: ((opsman-openstack-password))
    net_id: 26a13112-b6c2-11e8-96f8-529269fb1459
    security_group_name: opsman-sec-group
    key_pair_name: opsman-keypair

    # At least one IP address (public or private) needs to be assigned to the VM.
    public_ip: 1.2.3.4 # must be an already allocated floating IP
    private_ip: 10.0.0.3

    # Optional
    # availability_zone: zone-01
    # project_domain_name: default
    # user_domain_name: default
    # vm_name: ops-manager-vm       # default - ops-manager-vm
    # flavor: m1.xlarge             # default - m1.xlarge
    # identity_api_version: 2       # default - 3
    # insecure: true                # default - false

Info

At least one IP address (public or private) must be assigned to the Ops Manager VM. Both can be assigned, too.

vSphere

These required properties are adapted from the instructions outlined in Deploying BOSH and Ops Manager to vSphere

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
---
opsman-configuration:
  vsphere:
    vcenter:
      ca_cert: cert                 # REQUIRED if insecure = 0 (secure)
      datacenter: example-dc
      datastore: example-ds-1
      folder: /example-dc/vm/Folder # RECOMMENDED, but not required
      url: vcenter.example.com
      username: ((vcenter-username))
      password: ((vcenter-password))
      resource_pool: /example-dc/host/example-cluster/Resources/example-pool
      # resource_pool can use a cluster - /example-dc/host/example-cluster

      # Optional
      # host: host      # DEPRECATED - Platform Automation cannot guarantee
                        # the location of the VM, given the nature of vSphere
      # insecure: 0     # default - 0 (secure) | 1 (insecure)

    disk_type: thin     # thin|thick
    dns: 8.8.8.8
    gateway: 192.168.10.1
    hostname: ops-manager.example.com
    netmask: 255.255.255.192
    network: example-virtual-network
    ntp: ntp.ubuntu.com
    private_ip: 10.0.0.10
    ssh_public_key: ssh-rsa ......   # REQUIRED Ops Manager >= 2.6

    # Optional
    # cpu: 1                         # default - 1
    # memory: 8                      # default - 8 (GB)
    # ssh_password: ((ssh-password)) # REQUIRED if ssh_public_key not defined
                                     # (Ops Manager < 2.6 ONLY)
    # vm_name: ops-manager-vm        # default - ops-manager-vm

director config

The config director will set the bosh tile (director) on Ops Manager.

The config input for a director task expects to have a director.yml file. The configuration of the director.yml is IAAS specific for some properties -- i.e. networking.

There are two ways to build a director config.

  1. Using an already deployed Ops Manager, you can extract the config using staged-director-config.
  2. Deploying a brand new Ops Manager requires more effort for a director.yml. The configuration of director is variables based on the features enabled. For brevity, this director.yml is a basic example for vsphere.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
---
az-configuration:
- clusters:
  - cluster: cluster-name
    resource_pool: resource-pool-name
  name: AZ01

properties-configuration:
  iaas_configuration:
    vcenter_host: vcenter.example.com
    vcenter_username: admin
    vcenter_password: password
    ......
  director_configuration:
    blobstore_type: local
    bosh_recreate_on_next_deploy: false
    custom_ssh_banner: null
    ......
  security_configuration:
    generate_vm_passwords: true
    trusted_certificates:
  syslog_configuration:
    enabled: false

network-assignment:
  network:
    name: INFRASTRUCTURE
  other_availability_zones: []
  singleton_availability_zone:
    name: AZ01

networks-configuration:
  icmp_checks_enabled: false
  networks:
  - name: NETWORK-NAME
  ......

resource-configuration:
  compilation:
    instance_type:
      id: automatic
    instances: automatic
  ......

The IAAS specific configuration can be found in the Ops Manager API documentation.

Included below is a list of properties that can be set in the director.yml and a link to the API documentation explaining any IAAS specific properties.

  • az-configuration - a list of availability zones Ops Manager API
  • network-assignment - the network the bosh director is deployed to Ops Manager API
  • networks-configuration - a list of named networks Ops Manager API
  • properties-configuration
    • iaas_configuration - configuration for the bosh IAAS CPI Ops Manager API
    • director_configuration - properties for the bosh director Ops Manager API
    • security_configuration - security properties for the bosh director Ops Manager API
    • syslog_configuration - configure the syslog sinks for the bosh director Ops Manager API
  • resource-configuration - IAAS VM flavor for the bosh director Ops Manager API
  • vmextensions-configuration - create/update/delete vm extensions Ops Manager API

GCP Shared VPC

Support for Shared VPC is done via configuring the iaas_identifier path for the infrastructure subnet, which includes the host project id, region of the subnet, and the subnet name.

For example:

[HOST_PROJECT_ID]/[NETWORK]/[SUBNET]/[REGION]

product config

There are two ways to build a product config.

  1. Using an already deployed product (tile), you can extract the config using staged-config.
  2. Use an example and fill in the values based on the meta information from the tile. For brevity, this product.yml is a basic example for healthwatch.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
---
product-properties:
  .healthwatch-forwarder.bosh_taskcheck_username:
    value: admin
  .healthwatch-forwarder.boshhealth_instance_count:
    value: 1
  .healthwatch-forwarder.boshtasks_instance_count:
    value: 2
  .healthwatch-forwarder.canary_instance_count:
    value: 2
  .healthwatch-forwarder.cli_instance_count:
    value: 2
  .healthwatch-forwarder.health_check_az:
    value: AZ01
  .healthwatch-forwarder.ingestor_instance_count:
    value: 4
  .healthwatch-forwarder.opsman_instance_count:
    value: 2
  .healthwatch-forwarder.publish_to_eva:
    value: true
  .healthwatch-forwarder.worker_instance_count:
    value: 4
  .mysql.skip_name_resolve:
    value: true
  .properties.opsman:
    value: enable
  .properties.opsman.enable.url:
    value: https://pcf.example.com/
network-properties:
  network:
    name: DEPLOYMENT
  other_availability_zones:
  - name: AZ01
  - name: AZ02
  service_network:
    name: SERVICES
  singleton_availability_zone:
    name: AZ01
resource-config:
  healthwatch-forwarder:
    instances: automatic
    persistent_disk:
      size_mb: automatic
    instance_type:
      id: automatic
  migrate-v1.1-v1.2:
    instances: automatic
    instance_type:
      id: automatic
  mysql:
    instances: automatic
    persistent_disk:
      size_mb: automatic
    instance_type:
      id: automatic
  redis:
    instances: automatic
    persistent_disk:
      size_mb: automatic
    instance_type:
      id: automatic

Included below is a list of properties that can be set in the product.yml and a link to the API documentation explaining the properties.

state

This file contains that meta-information needed to manage the Ops Manager VM. The state input for a opsman VM task expects to have a state.yml file.

The state.yml file contains two properties:

  1. iaas is the IAAS the ops manager vm is hosted on. (gcp, vsphere, aws, azure, openstack)
  2. vm_id is the VM unique identifier for the VM. For some IAAS, the vm ID is the VM name.

Different IaaS uniquely identify VMs differently; here are examples for what this file should look like, depending on your IAAS:

1
2
3
iaas: aws
# Instance ID of the AWS VM
vm_id: i-12345678987654321
1
2
3
iaas: azure
# Computer Name of the Azure VM
vm_id: vm_name
1
2
3
iaas: gcp
# Name of the VM in GCP
vm_id: vm_name
1
2
3
iaas: openstack
# Instance ID from the OpenStack Overview
vm_id: 12345678-9876-5432-1abc-defghijklmno
1
2
3
iaas: vsphere
# Path to the VM in vCenter
vm_id: /datacenter/vm/folder/vm_name

opsman image

This file is an artifact from Tanzu Network, which contains the VM image for a specific IaaS. For vsphere and openstack, it's a full disk image. For AWS, GCP, and Azure, it's a YAML file listing the location of images that are already available on the IaaS.

These are examples to download the image artifact for each IaaS using the download-product task.

opsman.yml

1
2
3
4
5
---
pivnet-api-token: ((pivnet_token))
pivnet-file-glob: "ops-manager-aws*.yml"
pivnet-product-slug: ops-manager
product-version-regex: ^2\.5\.\d+$
1
2
3
4
5
---
pivnet-api-token: ((pivnet_token))
pivnet-file-glob: "ops-manager-azure*.yml"
pivnet-product-slug: ops-manager
product-version-regex: ^2\.5\.\d+$
1
2
3
4
5
---
pivnet-api-token: ((pivnet_token))
pivnet-file-glob: "ops-manager-gcp*.yml"
pivnet-product-slug: ops-manager
product-version-regex: ^2\.5\.\d+$
1
2
3
4
5
---
pivnet-api-token: ((pivnet_token))
pivnet-file-glob: "ops-manager-openstack*.raw"
pivnet-product-slug: ops-manager
product-version-regex: ^2\.5\.\d+$
1
2
3
4
5
---
pivnet-api-token: ((pivnet_token))
pivnet-file-glob: "ops-manager-vsphere*.ova"
pivnet-product-slug: ops-manager
product-version-regex: ^2\.5\.\d+$

The p-automator CLI includes the ability to extract the Ops Manager VM configuration (GCP, AWS, Azure, and VSphere). This works for Ops Managers that are already running and useful when migrating to automation.

Usage:

  1. Get the Platform Automation Toolkit image from Tanzu Network.
  2. Import that image into docker to run the p-automation locally.
  3. Create a state file that represents your current VM and IAAS.
  4. Invoke the p-automator CLI to get the configuration.

For example, on AWS with an access key and secret key:

1
2
3
4
5
6
docker run -it --rm -v $PWD:/workspace -w /workspace platform-automation-image \
p-automator export-opsman-config \
--state-file=state.yml \
--aws-region=us-west-1 \
--aws-secret-access-key some-secret-key \
--aws-access-key-id some-access-key

The outputted opsman.yml contains the information needed for Platform Automation Toolkit to manage the Ops Manager VM.

download-product task

1
2
3
4
5
- task: download-opsman-image
  image: platform-automation-image
  file: platform-automation-tasks/tasks/download-product.yml
  params:
    CONFIG_FILE: opsman.yml

installation

The file contains the information to restore an Ops Manager VM. The installation input for a opsman VM task expects to have a installation.zip file.

This file can be exported from an Ops Manager VM using the export-installation. This file can be imported to an Ops Manager VM using the import-installation.

Warning

This file cannot be manually created. It is a file that must be generated via the export function of Ops Manager.

stemcell

This stemcell input requires the stemcell tarball (.tgz) as downloaded from Tanzu Network. It must be in the original filename as that is used by Ops Manager to parse metadata. The filename could look like bosh-stemcell-3541.48-vsphere-esxi-ubuntu-trusty-go_agent.tgz.

Warning

This file cannot be manually created. It is a file that must retrieved from Tanzu Network.

Here's an example of how to pull the vSphere stemcell using the download-product task.

stemcell.yml

1
2
3
4
5
---
pivnet-api-token: token
pivnet-file-glob: "bosh-stemcell-*-aws*.tgz"
pivnet-product-slug: stemcells-ubuntu-xenial
product-version-regex: ^170\..*$
1
2
3
4
5
---
pivnet-api-token: token
pivnet-file-glob: "bosh-stemcell-*-azure*.tgz"
pivnet-product-slug: stemcells-ubuntu-xenial
product-version-regex: ^170\..*$
1
2
3
4
5
---
pivnet-api-token: token
pivnet-file-glob: "bosh-stemcell-*-google*.tgz"
pivnet-product-slug: stemcells-ubuntu-xenial
product-version-regex: ^170\..*$
1
2
3
4
5
---
pivnet-api-token: token
pivnet-file-glob: "bosh-stemcell-*-openstack*.tgz"
pivnet-product-slug: stemcells-ubuntu-xenial
product-version-regex: ^170\..*$
1
2
3
4
5
---
pivnet-api-token: token
pivnet-file-glob: "bosh-stemcell-*-vsphere*.tgz"
pivnet-product-slug: stemcells-ubuntu-xenial
product-version-regex: ^170\..*$

download-product task

1
2
3
4
5
- task: download-stemcell
  image: platform-automation-image
  file: platform-automation-tasks/tasks/download-product.yml
  params:
    CONFIG_FILE: stemcell.yml

product

The product input requires a single tile file (.pivotal) as downloaded from Tanzu Network.

Here's an example of how to pull the Tanzu Application Service tile using the download-product task.

product.yml

1
2
3
4
5
---
pivnet-api-token: token
pivnet-file-glob: "cf-*.pivotal"
pivnet-product-slug: elastic-runtime
product-version-regex: ^2\.6\..*$

download-product task

1
2
3
4
5
- task: download-stemcell
  image: platform-automation-image
  file: platform-automation-tasks/tasks/download-product.yml
  params:
    CONFIG_FILE: product.yml

Warning

This file cannot be manually created. It is a file that must retrieved from Tanzu Network.

download-product-config

The config input for a download product task can be used with a download-config.yml file to download a tile. The configuration of the download-config.yml looks like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
---
pivnet-api-token: token
pivnet-file-glob: "*.pivotal"       # must be quoted if starting with a *
pivnet-product-slug: product-slug

# Either product-version OR product-version-regex is required
# product-version-regex: ^1\.2\..*$ # must not be quoted
product-version: 1.2.3

# Optional
# pivnet-disable-ssl: true  # default - false
# stemcell-iaas: google     # aws|azure|google|openstack|vsphere
                            # will attempt to download the latest
                            # stemcell for the product (if available)
# blobstore-bucket: bucket  # if set, product files will have their slug and
                            # version prepended. Set if the product will
                            # ever be stored in a blobstore
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
---
pivnet-file-glob: "*.pivotal"       # must be quoted if starting with a *
pivnet-product-slug: product-slug
blobstore-bucket: bucket-name
s3-region-name: us-west-1           # if NOT using AWS s3, value is 'region'

## Required unless `s3-auth-type: iam`
s3-access-key-id: aws-or-minio-key-id
s3-secret-access-key: aws-or-minio-secret-key

# Optional
# blobstore-product-path: /path/to/product    # default - root path of bucket
# blobstore-stemcell-path: /path/to/stemcell  # default - root path of bucket
# s3-disable-ssl: true                        # default - false
# s3-enable-v2-signing: true                  # available for compatibility
# s3-auth-type: iam                           # default - accesskey
# s3-endpoint: s3.endpoint.com                # required if NOT using AWS S3
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
---
pivnet-file-glob: "*.pivotal"       # must be quoted if starting with a *
pivnet-product-slug: product-slug
blobstore-bucket: bucket-name
gcs-project-id: project-id
gcs-service-account-json: |
  {
    "type": "service_account",
    "project_id": "project-id",
    "private_key_id": "fake-key-id",
    "private_key": "-----BEGIN PRIVATE KEY-----\fake-key-----END PRIVATE KEY-----\n",
    "client_email": "email@project-id.iam.gserviceaccount.com",
    "client_id": "123456789876543212345",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://accounts.google.com/o/oauth2/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/project%40project-id.iam.gserviceaccount.com"
  }

# Optional
# blobstore-product-path: /path/to/product    # default - root path of bucket
# blobstore-stemcell-path: /path/to/stemcell  # default - root path of bucket
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
---
pivnet-file-glob: "*.pivotal"       # must be quoted if starting with a *
pivnet-product-slug: product-slug
blobstore-bucket: container-name
azure-storage-account: 1234567890abcdefghij
azure-storage-key: storage-access-key-from-azure-portal

# Optional
# blobstore-product-path: /path/to/product    # default - root path of bucket
# blobstore-stemcell-path: /path/to/stemcell  # default - root path of bucket

download-stemcell-product-config

The config input for a download product task can be used with a download-config.yml file to download a stemcell. The configuration of the download-config.yml looks like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
---
pivnet-api-token: token
pivnet-file-glob: "*vsphere*"       # must be quoted if starting with a *
pivnet-product-slug: stemcells-ubuntu-xenial

# Either product-version OR product-version-regex is required
# product-version-regex: ^250\..*$  # must not be quoted
product-version: "250.82"

# Optional
# pivnet-disable-ssl: true  # default - false
# blobstore-bucket: bucket  # if set, product files will have their slug and
                            # version prepended. Set if the product will
                            # ever be stored in a blobstore

telemetry

The config input for the collect-telemetry task can be used with a telemetry.yml file to collect data for VMware so they can learn and measure results in order to put customer experience at the forefront of their product decisions. The configuration of the telemetry.yml looks like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
---
env-type: sandbox     # sandbox|development|qa|pre-production|production

# Usage Service (Recommended)
cf-api-url:           # UAA authentication to access Usage Service
usage-service-url:
usage-service-client-id:
usage-service-client-secret:
usage-service-insecure-skip-tls-verify:

# CredHub (Optional)
# with-credhub-info:  # include Credhub certificate expiry information