operations/bosh-lite.yml

---
# --- Set Router Static IP ---
- type: replace
  path: /instance_groups/name=router/networks
  value:
  - name: default
    static_ips: [10.244.0.34]

# --- Add Bosh Lite Security Groups ---
- type: replace
  path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/default_running_security_groups
  value:
  - public_networks
  - dns
  - load_balancer
- type: replace
  path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/security_group_definitions/-
  value:
    name: load_balancer
    rules:
    - destination: 10.244.0.34
      protocol: all

# ----- Combine router VM extensions ----
- type: remove
  path: /instance_groups/name=scheduler/vm_extensions
- type: replace
  path: /instance_groups/name=router/vm_extensions
  value:
  - ssh-proxy-and-router-lb
- type: remove
  path: /instance_groups/name=scheduler/jobs/name=ssh_proxy
- type: replace
  path: /instance_groups/name=router/jobs/-
  value:
    name: ssh_proxy
    release: diego
    properties:
      diego:
        ssh_proxy:
          bbs: &5
            ca_cert: "((diego_bbs_client.ca))"
            client_cert: "((diego_bbs_client.certificate))"
            client_key: "((diego_bbs_client.private_key))"
          disable_healthcheck_server: true
          enable_cf_auth: true
          host_key: "((diego_ssh_proxy_host_key.private_key))"
          uaa_secret: "((uaa_clients_ssh-proxy_secret))"
          uaa:
            ca_cert: "((uaa_ssl.ca))"
      backends:
        tls:
          enabled: true
          ca_certificates:
          - ((diego_instance_identity_ca.ca))
          client_certificate: ((ssh_proxy_backends_tls.certificate))
          client_private_key: ((ssh_proxy_backends_tls.private_key))
      enable_consul_service_registration: false
      logging:
        format:
          timestamp: "rfc3339"
      loggregator: &diego_loggregator_client_properties
        ca_cert: "((loggregator_tls_agent.ca))"
        cert: "((loggregator_tls_agent.certificate))"
        key: "((loggregator_tls_agent.private_key))"
        use_v2_api: true

# ----- Scale Down ------
- type: replace
  path: /instance_groups/name=nats/instances
  value: 1
- type: replace
  path: /instance_groups/name=diego-api/instances
  value: 1
- type: replace
  path: /instance_groups/name=uaa/instances
  value: 1
- type: replace
  path: /instance_groups/name=scheduler/instances
  value: 1
- type: replace
  path: /instance_groups/name=diego-cell/instances
  value: 1
- type: replace
  path: /instance_groups/name=diego-cell/jobs/name=rep/properties/diego/rep/evacuation_timeout_in_seconds?
  value: 0
- type: replace
  path: /instance_groups/name=router/instances
  value: 1
- type: replace
  path: /instance_groups/name=tcp-router/instances
  value: 1
- type: replace
  path: /instance_groups/name=api/instances
  value: 1
- type: replace
  path: /instance_groups/name=cc-worker/instances
  value: 1
- type: replace
  path: /instance_groups/name=doppler/instances
  value: 1
- type: replace
  path: /instance_groups/name=log-api/instances
  value: 1
- type: replace
  path: /instance_groups/name=credhub/instances
  value: 1

# ----- Reduce default app memory to 256M ------
- type: replace
  path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/default_app_memory?
  value: 256

# ----- Disable kernel parameter tuning ------
- type: replace
  path: /instance_groups/name=diego-cell/jobs/name=rep/properties?/set_kernel_parameters
  value: false

- type: replace
  path: /instance_groups/name=diego-api/jobs/name=bbs/properties?/set_kernel_parameters
  value: false

- type: replace
  path: /instance_groups/name=api/jobs/name=file_server/properties?/set_kernel_parameters
  value: false

- type: replace
  path: /instance_groups/name=diego-api/jobs/name=locket/properties?/set_kernel_parameters
  value: false