Google Cloud Storage
The Director stores uploaded releases, configuration files, logs and other data in a blobstore. A default DAV blobstore is sufficient for most BOSH environments; however, a highly-available external blobstore may be desired.
Included DAV (default)¶
By default the Director is configured to use included DAV blobstore job (see Installing BOSH section for example manifests). Here is how to configure it:
-
Add blobstore release job and make sure that persistent disk is enabled:
jobs: - name: bosh templates: - {name: blobstore, release: bosh} # ... persistent_disk: 25_000 # ... networks: - name: default static_ips: [10.0.0.6]
-
Configure blobstore job. The blobstore's address must be reachable by the Agents:
properties: blobstore: provider: dav address: 10.0.0.6 port: 25250 director: user: director password: DIRECTOR-PASSWORD agent: user: agent password: AGENT-PASSWORD
Above configuration is used by the Director and the Agents.
S3¶
The Director and the Agents can use an S3 compatible blobstore. Here is how to configure it:
-
Create a private S3 bucket
-
Ensure that access to the bucket is protected, as the Director may store sensitive information.
-
Modify deployment manifest for the Director and specify S3 credentials and bucket name:
properties: blobstore: provider: s3 access_key_id: ACCESS-KEY-ID secret_access_key: SECRET-ACCESS-KEY bucket_name: test-bosh-bucket
-
For an S3 compatible blobstore you need to additionally specify the host:
properties: blobstore: provider: s3 access_key_id: ACCESS-KEY-ID secret_access_key: SECRET-ACCESS-KEY bucket_name: test-bosh-bucket host: objects.dreamhost.com
Google Cloud Storage (GCS)¶
Note
Available in bosh release v263+ and Linux stemcells 3450+.
The Director and the Agents can use GCS as a blobstore. Here is how to configure it:
-
Follow the steps on how to create service accounts and configure them with the minimum set of permissions.
-
Ensure that access to the bucket is protected, as the Director may store sensitive information.
-
Modify deployment manifest for the Director and specify GCS credentials and bucket name:
properties: blobstore: provider: gcs credentials_source: static json_key: | DIRECTOR-BLOBSTORE-SERVICE-ACCOUNT-FILE bucket_name: test-bosh-bucket agent: blobstore: json_key: | AGENT-SERVICE-ACCOUNT-BLOBSTORE-FILE
-
To use Customer Supplied Encryption Keys to encrypt blobstore contents instead of server-side encryption keys, specify
encryption_key:properties: blobstore: provider: gcs credentials_source: static json_key: | DIRECTOR-BLOBSTORE-SERVICE-ACCOUNT-FILE bucket_name: test-bosh-bucket encryption_key: BASE64-ENCODED-32-BYTES agent: blobstore: credentials_source: static json_key: | AGENT-SERVICE-ACCOUNT-BLOBSTORE-FILE
-
To use an explicit Storage Class to store blobstore contents instead of the bucket default, specify
storage_class:properties: blobstore: provider: gcs credentials_source: static json_key: | DIRECTOR-BLOBSTORE-SERVICE-ACCOUNT-FILE bucket_name: test-bosh-bucket storage_class: REGIONAL agent: blobstore: credentials_source: static json_key: | AGENT-SERVICE-ACCOUNT-BLOBSTORE-FILE
Azure Storage Account¶
Azure Storage Account is supported from bosh version 278.0.0 and stemcell version 1.199.
The Director and the Agents can use an Azure Storage Account compatible blobstore. Here is how to configure it:
-
Create a private Azure Storage Account and a container
-
Ensure that access to the Account is protected, as the Director may store sensitive information.
-
Modify deployment manifest for the Director and specify Azure Storage Account credentials and container name. The Azure Cloud Name is optional and can be set to target a non-public Azure cloud:
properties: blobstore: provider: azure-storage account_key: ACCOUNT-KEY account_name: ACCOUNT-NAME container_name: CONTAINER azure_cloud_name: AZURE-CLOUD-NAME # Optional, default is AzureCloud agent: env: bosh: blobstores: - options: account_key: ACCOUNT-KEY account_name: ACCOUNT-NAME container_name: CONTAINER provider: azure-storage