

Alibaba Cloud

This document shows how to set up new environment on Alibaba Cloud (AliCloud)

Step 1: Prepare an Alibaba Cloud Account

If you do not have an Alibaba Cloud account, create one.

To configure your Alibaba Cloud account:

• Obtain Alibaba Cloud credentials
• Create a Virtual Private Cloud (VPC)
• Create an Elastic IP
• Create a Key Pair
• Create and Configure Security Group

---

Obtain Alibaba Cloud Credentials

Your Alibaba Cloud credentials consist of an Access Key ID and a Secret Access Key. Follow Creating RAM Users to create a new RAM user.

---

Create a Virtual Private Cloud (VPC)

1. Log on to the VPC console.

2. Select the region of the VPC. The VPC and the cloud resources to deploy must be in the same region.

3. Click Create VPC, configure the VPC and the VSwitch according to the following information, and click OK.

See Create a VPC.

---

Create an Elastic IP

1. On the VPC Dashboard, click Elastic IPs and click Create EIP.

2. Configure the EIP according to the following information, and then click Buy Now to complete the payment.

See Create an EIP.

---

Create a Key Pair

1. Log on to the ECS console.

2. In the left-side navigation pane, choose Networks & Security > Key Pairs.

3. On the Key Pairs page, select a region, and click Create Key Pair.

4. On the Create Key Pair page, enter a name for the key pair, and select Automatically Create a Key Pair.

5. Save private key to ~/Downloads/bosh.pem.

See Create an SSH key pair

---

Create and Configure Security Group

Log on to the ECS console. In the left-side navigation pane, select Networks & Security > > Security group.

1. On the ECS Dashboard, select Networks & Security and then select Security group.

2. Select a region and then click Create Security Group.

3. Complete the Create Security Group form with the following information:

   • Security group name: bosh
   • Description: BOSH deployed VMs
   • VPC: Select the "bosh" VPC that you created in Create a Virtual Private Cloud.

4. Select the created security group with group name "bosh", in the Actions column click Configure Rules.

5. On the Security Group Rules page, click Add Security Group Rules.

6. Fill out the Edit inbound rules form and click Save.

   Note

   It highly discouraged to run any production environment with 0.0.0.0/0 source or to make any BOSH management ports publicly accessible.

   Type	Port Range	Source	Purpose
   Custom TCP Rule	22	(My IP)	SSH access from CLI
   Custom TCP Rule	6868	(My IP)	BOSH Agent access from CLI
   Custom TCP Rule	25555	(My IP)	BOSH Director access from CLI
   All TCP	0 - 65535	ID of this security group	Management and data access
   All UDP	0 - 65535	ID of this security group	Management and data access

See Creating a Security Group

See Add security group rules

---

Step 2: Deploy

1. Install CLI v2.

2. Use bosh create-env command to deploy the Director.

   # Create directory to keep state
   $ mkdir bosh-1 && cd bosh-1
   
   # Clone Director templates
   $ git clone https://github.com/cloudfoundry/bosh-deployment
   
   # Fill below variables (replace example values) and deploy the Director
   $ bosh create-env bosh-deployment/bosh.yml \
       --state=state.json \
       --vars-store=creds.yml \
       -o bosh-deployment/alicloud/cpi.yml \
       -o bosh-deployment/jumpbox-user.yml \
       -o bosh-deployment/credhub.yml \
       -o bosh-deployment/uaa.yml \
       -v director_name=bosh-1 \
       -v internal_cidr=10.0.0.0/24 \
       -v internal_gw=10.0.0.1 \
       -v internal_ip=10.0.0.6 \
       -v access_key_id=AKI... \
       -v secret_access_key=wfh28... \
       -v region=us-east-1 \
       -v zone=us-east-1a \
       -v vswitch_id=vsw-rj9rio... \
       -v security_group_id=sg-rj9dtcbw... \
       -v key_pair_name=bosh \
       -v private_key=~/Downloads/bosh.pem
   

   If running above commands outside of an Alibaba Cloud VPC, refer to Exposing environment on a public IP for additional CLI flags.

   See Alibaba Cloud CPI errors for list of common errors and resolutions.

3. Connect to the Director.

   # Configure local alias
   $ bosh alias-env bosh-1 -e 10.0.0.6 --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
   
   # Log in to the Director
   $ export BOSH_CLIENT=admin
   $ export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password`
   
   # Query the Director for more info
   $ bosh -e bosh-1 env
   

4. Save the deployment state files left in your deployment directory bosh-1 so you can later update/delete your Director. See Deployment state for details.