cloudfoundry · qu1queee · Jul 4, 2017 · Jul 4, 2017 · Jul 12, 2017 · Jul 12, 2017
@@ -100,20 +100,20 @@
 
 ## Route Emitter
 
-| Metric                                            | Description                                                                                                                                                                           | Unit             |
-| -------------------------------------------       | ----------------------------------------------------------------------------------------------------------------------------------------------------------                            | ----             |
-| `RoutesTotal`                                     | Number of (http and tcp) route associations (`external routes * backend instances`) in the route-emitter's routing table. Emitted periodically every emit cycle.                      | number           |
-| `HTTPRouteCount`                                  | Number of (http and tcp) route associations (`external routes * backend instances`) in the route-emitter's routing table. Emitted periodically every emit cycle (only in local mode). | number           |
-| `TCPRouteCount`                                   | Number of exposable ports (i.e. container ports) in the routing table. Emitted periodically every emit cycle (only in local mode).                                                    | number           |
-| `AddressCollisions`                               | Number of detected conflicting routes. A conflicting route is a set of two distinct instances with the same IP address on the routing table.                                          | number           |
-| `MessagesEmitted`                                 | Cumulative number of messages the route-emitter sends over NATS to the gorouter.                                                                                                      | number           |
-| `RouteEmitterSyncDuration`                        | Time the route-emitter took to perform its synchronization pass. Emitted periodically.                                                                                                | ns               |
-| `RoutesRegistered`                                | Cumulative number of NATs route registrations emitted from the route-emitter as it reacts to changes to LRPs.                                                                         | number           |
-| `RoutesUnregistered`                              | Cumulative number of NATs route unregistrations emitted from the route-emitter as it reacts to changes to LRPs.                                                                       | number           |
-| `RoutesSynced`                                    | Cumulative number of route **registrations** emitted from the route-emitter during its periodic route-table emission.                                                                 | number           |
-| `ConsulDownMode`                                  | Whether the route-emitter is able to connect with the consul correctly                                                                                                                | 0 or 1 boolean   |
-| `LockHeld.` `v1-locks-route_emitter_lock`         | Whether a route-emitter holds the route-emitter lock: 1 means the lock is held, and 0 means the lock was lost. Emitted periodically by the active route-emitter.                      | 0 or 1 (boolean) |
-| `LockHeldDuration.` `v1-locks-route_emitter_lock` | Time the active route-emitter has held the route-emitter lock. Emitted periodically by the active route-emitter.                                                                      | ns               |
+| Metric                                         | Description                                                                                                                                                      | Unit             |
+| -------------------------------------------    | ----------------------------------------------------------------------------------------------------------------------------------------------------------       | ----             |
+| `AddressCollisions`                            | Number of detected conflicting routes. A conflicting route is a set of two distinct instances with the same IP address on the routing table.                     | number           |
+| `LockHeld.` `v1-locks-route_emitter_lock`         | Whether a route-emitter holds the route-emitter lock: 1 means the lock is held, and 0 means the lock was lost. Emitted periodically by the active route-emitter. | 0 or 1 (boolean) |
+| `LockHeldDuration.` `v1-locks-route_emitter_lock` | Time the active route-emitter has held the route-emitter lock. Emitted periodically by the active route-emitter.                                                 | ns               |
+| `MessagesEmitted`                              | Cumulative number of messages the route-emitter sends over NATS to the gorouter.                                                                                 | number           |
+| `RouteEmitterSyncDuration`                     | Time the active route-emitter took to perform its synchronization pass. Emitted periodically.                                                                    | ns               |
+| `RoutesRegistered`                             | Cumulative number of route registrations emitted from the route-emitter as it reacts to changes to LRPs.                                                         | number           |
+| `RoutesSynced`                                 | Cumulative number of route registrations emitted from the route-emitter during its periodic route-table synchronization.                                         | number           |
+| `RoutesTotal`                                  | Number of routes in the route-emitter's routing table. Emitted periodically.                                                                                     | number           |
+| `RoutesUnregistered`                           | Cumulative number of route unregistrations emitted from the route-emitter as it reacts to changes to LRPs.                                                       | number           |
+| `ConsulDownMode`                               | Whether the route-emitter is able to connect with the consul correctly                                                                                           | 0 or 1 boolean   |
+| `HTTPRouteCount`                               | Number of HTTP Routes in the route-emitter's routing table. Emitted periodically and only on local mode.                                                         | number           |
+| `TCPRouteCount`                                | Number of TCP Routes in the route-emitter's routing table. Emitted periodically and only on local mode and when tcp enabled.                                     | number           |
 
 ## SSH Proxy
 

@@ -12,15 +12,12 @@ the rep servers on the cell vms, via the `diego.rep.require_tls` and
 `false`. When enabled, the operator must provide TLS certificates and keys for
 the rep server and its clients (other components in the Diego deployment).
 
-TLS with mutual authentication can be enabled for communication to the Auctioneer
-server, via the presence of any of the following properties: `diego.auctioneer.ca_cert`,
-`diego.auctioneer.server_cert`, `diego.auctioneer.server_key`. If TLS is enabled for
-the Auctioneer, the operator must also specify the client certificates and keys
-required for mutual authentication in the following properties: `diego.bbs.auctioneer.ca_cert`,
-`diego.bbs.auctioneer.client_cert`, `diego.bbs.auctioneer.client_key`.
-The operator may also set `diego.bbs.auctioneer.require_tls` to `true` to ensure
-that all communication between the BBS and the Auctioneer server is secured using TLS
-with mutual authentication.
+
+TLS with mutual authentication can be enabled for communication to
+the Auctioneer server, via the `diego.auctioneer.require_tls` and
+`diego.bbs.auctioneer.require_tls` BOSH properties. These properties default to
+`false`. When enabled, the operator must provide TLS certificates and keys for
+the Auctioneer server and the BBS client.
 
 TLS with mutual authentication can be enabled for upload and download of assets
 into the containers, via the presence of the following properties:

@@ -21,6 +21,9 @@ packages:
   - auctioneer
 
 properties:
+  diego.auctioneer.require_tls:
+    description: "Whether to require mutual TLS for communication to the securable auctioneer API server"
+    default: false
   diego.auctioneer.ca_cert:
     description: "PEM-encoded CA certificate for the auctioneer API server."
   diego.auctioneer.server_cert:

@@ -2,6 +2,7 @@
   CONF_DIR = "/var/vcap/jobs/auctioneer/config"
 
   config = {
+    require_tls: p("diego.auctioneer.require_tls"),
     dropsonde_port: p("diego.auctioneer.dropsonde_port"),
     consul_cluster: "http://127.0.0.1:8500",
     debug_address: p("diego.auctioneer.debug_addr"),
@@ -37,7 +38,7 @@
     config[:rep_ca_cert] = "#{CONF_DIR}/certs/rep/ca.crt"
   end
 
-  if p("diego.auctioneer.ca_cert", "") != "" || p("diego.auctioneer.server_cert", "") != "" || p("diego.auctioneer.server_key", "") != ""
+  if p("diego.auctioneer.require_tls")
     config[:ca_cert_file] = "#{CONF_DIR}/certs/auctioneer/ca.crt"
     config[:server_cert_file] = "#{CONF_DIR}/certs/auctioneer/server.crt"
     config[:server_key_file] = "#{CONF_DIR}/certs/auctioneer/server.key"

@@ -1,3 +1,7 @@
-<% if_p("diego.auctioneer.ca_cert") do |value| %>
+<% if p("diego.auctioneer.require_tls") %>
+<%= p("diego.auctioneer.ca_cert") %>
+<% else %>
+  <% if_p("diego.auctioneer.ca_cert") do |value| %>
 <%= value %>
+  <% end %>
 <% end %>
@@ -1,3 +1,7 @@
-<% if_p("diego.auctioneer.server_cert") do |value| %>
+<% if p("diego.auctioneer.require_tls") %>
+<%= p("diego.auctioneer.server_cert") %>
+<% else %>
+  <% if_p("diego.auctioneer.server_cert") do |value| %>
 <%= value %>
+  <% end %>
 <% end %>
@@ -1,3 +1,7 @@
-<% if_p("diego.auctioneer.server_key") do |value| %>
+<% if p("diego.auctioneer.require_tls") %>
+<%= p("diego.auctioneer.server_key") %>
+<% else %>
+  <% if_p("diego.auctioneer.server_key") do |value| %>
 <%= value %>
+  <% end %>
 <% end %>
@@ -9,15 +9,13 @@ export PATH=$GOROOT/bin:$PATH
 
 CGO_ENABLED=0 go build -a -installsuffix static code.cloudfoundry.org/healthcheck/cmd/healthcheck
 GOOS=windows CGO_ENABLED=0 go build -a -installsuffix static code.cloudfoundry.org/healthcheck/cmd/healthcheck
-GOOS=windows CGO_ENABLED=0 go build -o healthcheck-external-port.exe -tags=external -a -installsuffix static code.cloudfoundry.org/healthcheck/cmd/healthcheck
 
 for binary in healthcheck; do
     ldd $binary && echo "$binary must be statically linked" && false
 done
 
 cp healthcheck ${BOSH_INSTALL_TARGET}
 cp healthcheck.exe ${BOSH_INSTALL_TARGET}
-cp healthcheck-external-port.exe ${BOSH_INSTALL_TARGET}
 
 # clean up source artifacts
 rm -rf ${BOSH_INSTALL_TARGET}/src ${BOSH_INSTALL_TARGET}/pkg
@@ -3,5 +3,5 @@ set -e
 mkdir -p tmp
 tar -xzf lifecycles/windows_app_lifecycle-*.tgz -C tmp
 tar -xzf /var/vcap/packages/diego-sshd/diego-sshd-windows.tgz -C tmp
-cp /var/vcap/packages/healthcheck/healthcheck-external-port.exe tmp/healthcheck.exe
+cp /var/vcap/packages/healthcheck/healthcheck.exe tmp
 tar -zcf ${BOSH_INSTALL_TARGET}/windows_app_lifecycle.tgz -C tmp .
+0 −5		client.go
+0 −61		cmd/bbs/event_stream_test.go
+3 −9		cmd/bbs/main.go
+15 −46		controllers/task_controller.go
+41 −193		controllers/task_controller_test.go
+109 −159		db/dbfakes/fake_db.go
+109 −159		db/dbfakes/fake_task_db.go
+4 −4		db/etcd/task_convergence.go
+13 −13		db/etcd/task_convergence_test.go
+35 −35		db/etcd/task_db.go
+62 −62		db/etcd/task_db_test.go
+0 −30		db/sqldb/fakesqldriver/bad_connection_test.go
+7 −7		db/sqldb/fakesqldriver/deadlocks_test.go
+2 −14		db/sqldb/helpers/transact.go
+23 −134		db/sqldb/task_convergence.go
+36 −111		db/sqldb/task_convergence_test.go
+45 −103		db/sqldb/task_db.go
+114 −180		db/sqldb/task_db_test.go
+8 −8		db/task_db.go
+6 −44		doc/events.md
+0 −27		events/event_source.go
+0 −96		events/event_source_test.go
+0 −66		fake_bbs/fake_client.go
+0 −66		fake_bbs/fake_internal_client.go
+0 −14		handlers/events_handlers.go
+0 −22		handlers/events_handlers_r0.go
+10 −30		handlers/events_handlers_test.go
+3 −5		handlers/handlers.go
+0 −3		models/actions.pb.go
+0 −43		models/events.go
+38 −670		models/events.pb.go
+0 −14		models/events.proto
+1 −3		routes.go
+7 −10		taskworkpool/taskcallback.go
+9 −62		taskworkpool/taskcallback_test.go
+11 −14		taskworkpool/taskworkpoolfakes/fake_task_completion_client.go
+2 −1		cmd/healthcheck/healthcheck_suite_test.go
+2 −4		cmd/healthcheck/healthcheck_test.go
+5 −11		cmd/healthcheck/helpers_test.go
+2 −12		cmd/healthcheck/helpers_windows_test.go
+1 −1		cmd/healthcheck/main_unix.go
+0 −2		cmd/healthcheck/main_windows.go
+2 −14		routingtable/routingtable.go
+6 −69		routingtable/routingtable_test.go
+3 −0		routingtable/tcp_routing_table_test.go