The Director stores uploaded releases, configuration files, logs and other data in a blobstore. A default DAV blobstore is sufficient for most BOSH environments; however, a highly-available external blobstore may be desired.

Included DAV (default)

By default the Director is configured to use included DAV blobstore job (see Installing BOSH section for example manifests). Here is how to configure it:

  1. Add blobstore release job and make sure that persistent disk is enabled:

    jobs:
    - name: bosh
      templates:
      - {name: blobstore, release: bosh}
      # ...
      persistent_disk: 25_000
      # ...
      networks:
      - name: default
        static_ips: [10.0.0.6]
    
  2. Configure blobstore job. The blobstore’s address must be reachable by the Agents:

    properties:
      blobstore:
        provider: dav
        address: 10.0.0.6
        port: 25250
        director:
          user: director
          password: DIRECTOR-PASSWORD
        agent:
          user: agent
          password: AGENT-PASSWORD
    

Above configuration is used by the Director and the Agents.


S3

The Director and the Agents can use an S3 compatible blobstore. Here is how to configure it:

  1. Create a private S3 bucket

  2. Ensure that access to the bucket is protected, as the Director may store sensitive information.

  3. Modify deployment manifest for the Director and specify S3 credentials and bucket name:

    properties:
      blobstore:
        provider: s3
        access_key_id: ACCESS-KEY-ID
        secret_access_key: SECRET-ACCESS-KEY
        bucket_name: test-bosh-bucket
    
  4. For an S3 compatible blobstore you need to additionally specify the host:

    properties:
      blobstore:
        provider: s3
        access_key_id: ACCESS-KEY-ID
        secret_access_key: SECRET-ACCESS-KEY
        bucket_name: test-bosh-bucket
        host: objects.dreamhost.com
    

Google Cloud Storage (GCS)

Note: Available in bosh release v263+ and Linux stemcells 3450+.

The Director and the Agents can use GCS as a blobstore. Here is how to configure it:

  1. Create a GCS bucket.

  2. Follow the steps on how to create service accounts and configure them with the minimum set of permissions.

  3. Ensure that access to the bucket is protected, as the Director may store sensitive information.

  4. Modify deployment manifest for the Director and specify GCS credentials and bucket name:

    properties:
      blobstore:
        provider: gcs
        json_key: |
          DIRECTOR-BLOBSTORE-SERVICE-ACCOUNT-FILE
        bucket_name: test-bosh-bucket
      agent:
        blobstore:
          json_key: |
            AGENT-SERVICE-ACCOUNT-BLOBSTORE-FILE
    
  5. To use Customer Supplied Encryption Keys to encrypt blobstore contents instead of server-side encryption keys, specify encryption_key:

    properties:
      blobstore:
        provider: gcs
        json_key: |
          DIRECTOR-BLOBSTORE-SERVICE-ACCOUNT-FILE
        bucket_name: test-bosh-bucket
        encryption_key: BASE64-ENCODED-32-BYTES
      agent:
        blobstore:
          json_key: |
            AGENT-SERVICE-ACCOUNT-BLOBSTORE-FILE
    
  6. To use an explicit Storage Class to store blobstore contents instead of the bucket default, specify storage_class:

    properties:
      blobstore:
        provider: gcs
        json_key: |
          DIRECTOR-BLOBSTORE-SERVICE-ACCOUNT-FILE
        bucket_name: test-bosh-bucket
        storage_class: REGIONAL
      agent:
        blobstore:
          json_key: |
            AGENT-SERVICE-ACCOUNT-BLOBSTORE-FILE
    

Contribute changes to this page