cloudfoundry · andyliuliming · Mar 30, 2018
@@ -40,6 +40,7 @@ diego-certs/
 src/code.google.com/p/go.tools/
 src/code.google.com/p/goplan9/
 src/code.google.com/p/rog-go/
+src/github.com/acroca
 src/github.com/bradfitz/goimports
 src/github.com/cloudfoundry-incubator/fezzik
 src/github.com/cloudfoundry-incubator/spiff
@@ -50,11 +51,16 @@ src/github.com/jstemmer/
 src/github.com/kisielk/errcheck
 src/github.com/kisielk/gotool
 src/github.com/mdempsky/
+src/github.com/MichaelTJones/
 src/github.com/nsf/
 src/github.com/onsi/grace
 src/github.com/pivotal-cf-experimental
+src/github.com/ramya-rao-a/
 src/github.com/rogpeppe/
+src/github.com/sqs/
 src/github.com/square
+src/github.com/uudashr/
+src/sourcegraph.com/
 
 # gosub and friends
 src/github.com/vito/gosub

@@ -406,3 +406,34 @@
 	path = src/github.com/cyphar/filepath-securejoin
 	url = https://github.com/cyphar/filepath-securejoin
 	branch = master
+[submodule "src/github.com/virtualcloudfoundry/goaci"]
+	path = src/github.com/virtualcloudfoundry/goaci
+	url = https://github.com/virtualcloudfoundry/goaci
+	branch = master
+[submodule "src/github.com/dimchansky/utfbom"]
+	path = src/github.com/dimchansky/utfbom
+	url = https://github.com/dimchansky/utfbom
+	branch = master
+[submodule "src/github.com/Azure/go-autorest"]
+	path = src/github.com/Azure/go-autorest
+	url = https://github.com/Azure/go-autorest
+	branch = master
+[submodule "src/github.com/Azure/azure-sdk-for-go"]
+	path = src/github.com/Azure/azure-sdk-for-go
+	url = https://github.com/Azure/azure-sdk-for-go
+	branch = master
+[submodule "src/github.com/satori/go.uuid"]
+	path = src/github.com/satori/go.uuid
+	url = https://github.com/satori/go.uuid
+[submodule "src/github.com/marstr/guid"]
+	path = src/github.com/marstr/guid
+	url = https://github.com/marstr/guid
+[submodule "src/github.com/virtualcloudfoundry/vcontainer"]
+	path = src/github.com/virtualcloudfoundry/vcontainer
+	url = https://github.com/virtualcloudfoundry/vcontainer.git
+[submodule "src/github.com/virtualcloudfoundry/vcontainercommon"]
+	path = src/github.com/virtualcloudfoundry/vcontainercommon
+	url = https://github.com/virtualcloudfoundry/vcontainercommon.git
+[submodule "src/github.com/virtualcloudfoundry/vcontainerclient"]
+	path = src/github.com/virtualcloudfoundry/vcontainerclient
+	url = https://github.com/virtualcloudfoundry/vcontainerclient.git
@@ -1,3 +1,12 @@
+autoconf-2.69.tar.gz:
+  size: 1927468
+  sha: 562471cbcb0dd0fa42a76665acf0dbb68479b78a
+automake-1.15.tar.gz:
+  size: 2244206
+  sha: b5a840c7ec4321e78fdc9472e476263fa6614ca1
+cifs-utils-6.7.tar.bz2:
+  size: 363647
+  sha: 9ba5091d7c2418a90773c861f04a3f4a36854c14
 golang/go1.9.6.linux-amd64.tar.gz:
   size: 118279574
   object_id: 0cd93afd-1f2a-48d4-6f1c-3d17e33c2e8e
@@ -10,10 +19,19 @@ jq/jq-1.5-linux64:
   size: 3027945
   object_id: b78765c7-2ce1-4a12-7a1d-6378a93af246
   sha: d8e36831c3c94bb58be34dd544f44a6c6cb88568
+libtool-2.4.6.tar.gz:
+  size: 1806697
+  sha: 25b6931265230a06f0fc2146df64c04e5ae6ec33
+pkg-config-0.29.2.tar.gz:
+  size: 2016830
+  sha: 76e501663b29cb7580245720edfb6106164fad2b
 proxy/envoy-872728d4ad50acececaeae389da59cb72846cf89.tgz:
   size: 4611870
   object_id: 80d18d06-45c1-4f07-62e7-119dc21e5134
   sha: f691efcd25c7761383b114e332099be8a08f5c71
+talloc-2.1.9.tar.gz:
+  size: 440335
+  sha: e1e79fec4c0b6bd92be904a9c03b0a168478711a
 tar/tar-1503683828.tgz:
   size: 452214
   object_id: 2f1b2152-b17a-40d5-70f5-a4069c80ae8f

@@ -0,0 +1,10 @@
+---
+name: cifs-utils
+
+templates:
+  bin/pre-start.erb: bin/pre-start
+
+packages:
+- cifs-utils
+
+properties: {}
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e -x
+
+echo "Installing mount.cifs"
+pushd /var/vcap/packages/cifs-utils/
+  cp mount.cifs /sbin/
+popd
+
+echo "Installed mount.cifs"
+exit 0
@@ -24,6 +24,9 @@ templates:
   tls.crt.erb: config/certs/tls.crt
   tls.key.erb: config/certs/tls.key
   tls_ca.crt.erb: config/certs/tls_ca.crt
+  vcontainer_client_tls.crt.erb: config/certs/vcontainer_client_tls.crt
+  vcontainer_client_tls.key.erb: config/certs/vcontainer_client_tls.key
+  vcontainer_client_tls_ca.crt.erb: config/certs/vcontainer_client_tls_ca.crt
 
 packages:
   - pid_utils
@@ -223,6 +226,22 @@ properties:
     description: "Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API instead of in the Consul key-value store."
     default: locket.service.cf.internal:8891
 
+  diego.rep.use_vcontainer:
+    description: "Indicates whether this is a virtual rep."
+    default: false
+  diego.rep.vcontainer.api_location:
+    description: "Hostname and port of the VContainer server."
+    default: vcontainer.service.cf.internal:8892
+  diego.rep.vcontainer.ca_cert:
+    description: "PEM-encoded CA certificate"
+    default: null
+  diego.rep.vcontainer.client_cert:
+    description: "PEM-encoded client certificate"
+    default: null
+  diego.rep.vcontainer.client_key:
+    description: "PEM-encoded client key"
+    default: null
+
   enable_consul_service_registration:
     description: "Enable the cell rep to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
     default: true

@@ -186,5 +186,13 @@
     config[:loggregator][:loggregator_instance_id] = spec.id
   end
 
+  if p("diego.rep.use_vcontainer") == true
+    config[:use_vcontainer] = true
+    config[:vcontainer_address] = p("diego.rep.vcontainer.api_location")
+    config[:vcontainer_ca_cert_file] = "#{conf_dir}/certs/vcontainer_client_tls_ca.crt"
+    config[:vcontainer_client_cert_file] = "#{conf_dir}/certs/vcontainer_client_tls.crt"
+    config[:vcontainer_client_key_file] = "#{conf_dir}/certs/vcontainer_client_tls.key"
+  end
+
   config.to_json
 %>
@@ -0,0 +1 @@
+<%= p("diego.rep.vcontainer.client_cert") %>
@@ -0,0 +1 @@
+<%= p("diego.rep.vcontainer.client_key") %>
@@ -0,0 +1 @@
+<%= p("diego.rep.vcontainer.ca_cert") %>
@@ -18,6 +18,9 @@ templates:
   tls.crt.erb: config/certs/tls.crt
   tls.key.erb: config/certs/tls.key
   tls_ca.crt.erb: config/certs/tls_ca.crt
+  vcontainer_client_tls.crt.erb: config/certs/vcontainer_client_tls.crt
+  vcontainer_client_tls.key.erb: config/certs/vcontainer_client_tls.key
+  vcontainer_client_tls_ca.crt.erb: config/certs/vcontainer_client_tls_ca.crt
 
 packages:
   - rep_windows
@@ -213,6 +216,7 @@ properties:
     description: "Array of optional tags used for scheduling Tasks and LRPs"
     default: []
 
+
   syslog_daemon_config.address:
     description: "Syslog host"
     default: ""
@@ -231,6 +235,19 @@ properties:
     description: "Hostname and port of the locket server"
     default: locket.service.cf.internal:8891
 
+  diego.rep.use_vcontainer:
+    description: "Indicates whether this is a virtual rep."
+    default: false
+  diego.rep.vcontainer.api_location:
+    description: "Hostname and port of the VContainer server."
+    default: vcontainer.service.cf.internal:8892
+  diego.rep.vcontainer.ca_cert:
+    description: "PEM-encoded CA certificate"
+  diego.rep.vcontainer.client_cert:
+    description: "PEM-encoded client certificate"
+  diego.rep.vcontainer.client_key:
+    description: "PEM-encoded client key"
+
   enable_consul_service_registration:
     description: "Enable the cell rep to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
     default: true

@@ -186,5 +186,13 @@
     config[:loggregator][:loggregator_instance_id] = spec.id
   end
 
+  if p("diego.rep.use_vcontainer") == true
+    config[:use_vcontainer] = true
+    config[:vcontainer_address] = p("diego.rep.vcontainer.api_location")
+    config[:vcontainer_ca_cert_file] = "#{conf_dir}/certs/vcontainer_client_tls_ca.crt"
+    config[:vcontainer_client_cert_file] = "#{conf_dir}/certs/vcontainer_client_tls.crt"
+    config[:vcontainer_client_key_file] = "#{conf_dir}/certs/vcontainer_client_tls.key"
+  end
+
   config.to_json
 %>
@@ -0,0 +1 @@
+<%= p("diego.rep.vcontainer.client_cert") %>
@@ -0,0 +1 @@
+<%= p("diego.rep.vcontainer.client_key") %>
@@ -0,0 +1 @@
+<%= p("diego.rep.vcontainer.ca_cert") %>
@@ -0,0 +1,13 @@
+<% if p("bpm.enabled") %>
+check process vcontainer
+  with pidfile /var/vcap/sys/run/bpm/vcontainer/vcontainer.pid
+  start program "/var/vcap/jobs/bpm/bin/bpm start vcontainer"
+  stop program "/var/vcap/jobs/bpm/bin/bpm stop vcontainer"
+  group vcap
+<% else %>
+check process vcontainer
+  with pidfile /var/vcap/sys/run/vcontainer/vcontainer.pid
+  start program "/var/vcap/jobs/vcontainer/bin/vcontainer_ctl start"
+  stop program "/var/vcap/jobs/vcontainer/bin/vcontainer_ctl stop"
+  group vcap
+<% end %>
@@ -0,0 +1,67 @@
+---
+name: vcontainer
+
+templates:
+  vcontainer.erb: bin/vcontainer
+  vcontainer_ctl.erb: bin/vcontainer_ctl
+  vcontainer_as_vcap.erb: bin/vcontainer_as_vcap
+  vcontainer.json.erb: config/vcontainer.json
+  vcontainer_server_ca.crt.erb: config/certs/ca.crt
+  vcontainer_server.crt.erb: config/certs/server.crt
+  vcontainer_server.key.erb: config/certs/server.key
+
+packages:
+  - vcontainer
+
+properties:
+  bpm.enabled:
+    description: "Experimental: use the BOSH Process Manager to manage the cell rep process."
+    default: false
+  diego.vcontainer.job_name:
+    description: "The name of the Diego job referenced by this spec (DO NOT override)"
+    default: "vcontainer"
+  diego.vcontainer.ca_cert:
+    description: "ca cert for vcontainer server mutual auth tls"
+  diego.vcontainer.server_cert:
+    description: "server cert for vcontainer server mutual auth tls"
+  diego.vcontainer.server_key:
+    description: "server key for vcontainer server mutual auth tls"
+  diego.vcontainer.api_location:
+    description: "address at which to serve API requests"
+    default: "0.0.0.0:8892"
+
+  diego.vcontainer.container_service_provider:
+    description: "Indicates whether this diego cell uses the azure container instances, 'garden', 'aci' or 'eci'"
+    default: "garden"
+  diego.vcontainer.azure_container_provider_cfg.location:
+    description: "Indicates which region will diego cell will use. storage account should also be in the same region."
+    default: null
+  diego.vcontainer.azure_container_provider_cfg.subscription_id:
+    description: "Indicates the subscription to use."
+    default: null
+  diego.vcontainer.azure_container_provider_cfg.container_id:
+    description: "service principal id for managing azure container instances"
+    default: null
+  diego.vcontainer.azure_container_provider_cfg.container_secret:
+    description: "service principal secret for managing azure container instances"
+    default: null
+  diego.vcontainer.azure_container_provider_cfg.optional_param_1:
+    description: "tenant of service principal for managing azure container instances"
+    default: null
+  diego.vcontainer.azure_container_provider_cfg.resource_group:
+    description: "resource group which the container would be created in."
+    default: null
+  diego.vcontainer.azure_container_provider_cfg.storage_id:
+    description: "storage id"
+    default: null
+  diego.vcontainer.azure_container_provider_cfg.storage_secret:
+    description: "storage secret"
+    default: null
+  diego.vcontainer.smb_proxy.ip:
+    default: null
+  diego.vcontainer.smb_proxy.port:
+    default: null
+
+  enable_consul_service_registration:
+    description: "Enable the vcontainer to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
+    default: true
@@ -0,0 +1,6 @@
+#!/bin/bash -e
+
+conf_dir=/var/vcap/jobs/vcontainer/config
+
+exec /var/vcap/packages/vcontainer/bin/vcontainer \
+      -config=$conf_dir/vcontainer.json
@@ -0,0 +1,27 @@
+<%=
+  conf_dir = "/var/vcap/jobs/#{p("diego.vcontainer.job_name")}/config"
+  config = {
+    cell_id: spec.id,
+    container_service_provider: p("diego.vcontainer.container_service_provider"),
+  }
+
+  if_p("diego.vcontainer.api_location") do |value|
+    config[:vcontainer_address] = value
+  end
+
+  if config[:container_service_provider] == "aci"
+    config[:azure_container_provider_cfg] = p("diego.vcontainer.azure_container_provider_cfg")
+  end
+
+  if_p("diego.vcontainer.smb_proxy") do |value|
+    config[:smb_proxy] = value
+  end
+
+  config[:listen_address] = p("diego.vcontainer.api_location")
+  config[:ca_file]     = "#{conf_dir}/certs/ca.crt"
+  config[:cert_file] = "#{conf_dir}/certs/server.crt"
+  config[:key_file]  = "#{conf_dir}/certs/server.key"
+  config[:enable_consul_service_registration] = p("enable_consul_service_registration")
+  config[:consul_cluster] = "http://127.0.0.1:8500"
+  config.to_json
+%>
@@ -0,0 +1,13 @@
+#!/bin/bash -e
+
+run_dir=/var/vcap/sys/run/vcontainer
+log_dir=/var/vcap/sys/log/vcontainer
+conf_dir=/var/vcap/jobs/vcontainer/config
+pidfile=$run_dir/vcontainer.pid
+
+echo $$ > $pidfile
+
+exec /var/vcap/packages/vcontainer/bin/vcontainer \
+      -config=$conf_dir/vcontainer.json \
+  2> >(tee -a $log_dir/vcontainer.stderr.log | logger -p user.error -t vcap.vcontainer) \
+  1> >(tee -a $log_dir/vcontainer.stdout.log | logger -t vcap.vcontainer)