Task inputs and outputs

This topic describes the inputs that can be provided to the tasks, and their outputs. Each task can only take a specific set of inputs, indicated under the inputs property of the YAML.

To get the slug needed for many of the procedures on this page, go to My Dashboard on the Broadcom Support Portal. This site requires you to log in.

director config

The config director sets the BOSH tile (director) on Tanzu Operations Manager.

The config input for a director task expects to have a director.yml file. The configuration of the director.yml is IAAS specific for some properties; that is, networking.

There are two ways to build a director config.

  1. Using an already deployed Tanzu Operations Manager, you can extract the config using staged-director-config.

  2. Deploying a new Tanzu Operations Manager requires more effort for a director.yml. The configuration of director is variables, based on the features enabled. This director.yml is a very basic example for vSphere.

    ---
    az-configuration:
    - clusters:
      - cluster: cluster-name
        resource_pool: resource-pool-name
      name: AZ01
    
    properties-configuration:
      iaas_configuration:
        vcenter_host: vcenter.example.com
        vcenter_username: admin
        vcenter_password: password
        ......
      director_configuration:
        blobstore_type: local
        bosh_recreate_on_next_deploy: false
        custom_ssh_banner: null
        ......
      security_configuration:
        generate_vm_passwords: true
        trusted_certificates:
      syslog_configuration:
        enabled: false
    
    network-assignment:
      network:
        name: INFRASTRUCTURE
      other_availability_zones: []
      singleton_availability_zone:
        name: AZ01
    
    networks-configuration:
      icmp_checks_enabled: false
      networks:
      - name: NETWORK-NAME
      ......
    
    resource-configuration:
      compilation:
        instance_type:
          id: automatic
        instances: automatic
      ......
    

The IAAS-specific configuration can be found in the Tanzu Operations Manager API documentation.

What follows is a list of properties that can be set in the director.yml and a link to the API documentation explaining any IAAS specific properties.

GCP Shared VPC

Support for Shared VPC is done by configuring the iaas_identifier path for the infrastructure subnet, which includes the host project ID, region of the subnet, and the subnet name.

For example:

[HOST_PROJECT_ID]/[NETWORK]/[SUBNET]/[REGION]

download-product-config

The config input for a download product task can be used with a download-config.yml file to download a tile. Here are examples of the configuration of the download-config.yml:

Broadcom Support Portal (formerly Tanzu Network)

---
pivnet-api-token: token
pivnet-file-glob: "*.pivotal"       # must be quoted if starting with a *
pivnet-product-slug: product-slug

# Either product-version OR product-version-regex is required
# product-version-regex: ^1\.2\..*$ # must not be quoted
product-version: 1.2.3

# Optional
# pivnet-disable-ssl: true  # default - false
# stemcell-iaas: aws        # aws|azure|google|openstack|vsphere
                            # will attempt to download the latest stemcell
                            # associated with a product by default
# stemcell-version: 90.90   # specific stemcell version to download
# stemcell-heavy: true      # will force download of heavy stemcell
                            # not available on all IaaSes
# blobstore-bucket: bucket  # if set, product files will have their slug and
                            # version prepended. Set if the product will
                            # ever be stored in a blobstore

S3

---
pivnet-file-glob: "*.pivotal"       # must be quoted if starting with a *
pivnet-product-slug: product-slug
blobstore-bucket: bucket-name
s3-region-name: us-west-1           # if NOT using AWS s3, value is 'region'

# Required unless `s3-auth-type: iam`
s3-access-key-id: aws-or-minio-key-id
s3-secret-access-key: aws-or-minio-secret-key

# Optional
# blobstore-product-path: /path/to/product    # default - root path of bucket
# blobstore-stemcell-path: /path/to/stemcell  # default - root path of bucket
# s3-disable-ssl: true                        # default - false
# s3-enable-v2-signing: true                  # available for compatibility
# s3-auth-type: iam                           # default - accesskey
# s3-endpoint: s3.endpoint.com                # required if NOT using AWS S3

GCS

---
pivnet-file-glob: "*.pivotal"       # must be quoted if starting with a *
pivnet-product-slug: product-slug
blobstore-bucket: bucket-name
gcs-project-id: project-id
gcs-service-account-json: |
  {
    "type": "service_account",
    "project_id": "project-id",
    "private_key_id": "fake-key-id",
    "private_key": "-----BEGIN PRIVATE KEY-----\fake-key-----END PRIVATE KEY-----\n",
    "client_email": "[email protected]",
    "client_id": "123456789876543212345",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://accounts.google.com/o/oauth2/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/project%40project-id.iam.gserviceaccount.com"
  }

# Optional
# blobstore-product-path: /path/to/product    # default - root path of bucket
# blobstore-stemcell-path: /path/to/stemcell  # default - root path of bucket

Azure

---
pivnet-file-glob: "*.pivotal"       # must be quoted if starting with a *
pivnet-product-slug: product-slug
blobstore-bucket: container-name
azure-storage-account: 1234567890abcdefghij
azure-storage-key: storage-access-key-from-azure-portal

# Optional
# blobstore-product-path: /path/to/product    # default - root path of bucket
# blobstore-stemcell-path: /path/to/stemcell  # default - root path of bucket

download-stemcell-product-config

The config input for a download product task can be used with a download-config.yml file to download a stemcell. The configuration of the download-config.yml looks like this:


---
pivnet-api-token: token
pivnet-file-glob: "*vsphere*"       # must be quoted if starting with a *
pivnet-product-slug: stemcells-ubuntu-xenial

# Either product-version OR product-version-regex is required
# product-version-regex: ^250\..*$  # must not be quoted
product-version: "250.82"

# Optional
# pivnet-disable-ssl: true  # default - false
# blobstore-bucket: bucket  # if set, product files will have their slug and
                            # version prepended. Set if the product will
                            # ever be stored in a blobstore

env

The env input for a task expects to have a env.yml file. This file contains properties for targeting and logging into the Tanzu Operations Manager API.

basic auth


    ---
    target: https://pcf.example.com
    connect-timeout: 30            # default 5
    request-timeout: 1800          # default 1800
    skip-ssl-validation: false     # default false
    username: username
    password: password
    # decryption-passphrase is optional,
    # except for use with `import-installation`.
    # OpsMan depends on the passphrase
    # to decrypt the imported installation.
    # For other commands, providing this key allows
    # decryption of the OpsMan VM after reboot,
    # which would otherwise need to be done manually.
    decryption-passphrase: passphrase

uaa auth


    ---
    target: https://pcf.example.com
    connect-timeout: 30          # default 5
    request-timeout: 1800        # default 1800
    skip-ssl-validation: false   # default false
    client-id: client_id
    client-secret: client_secret
    # decryption-passphrase is optional,
    # except for use with `import-installation`.
    # OpsMan depends on the passphrase
    # to decrypt the imported installation.
    # For other commands, providing this key allows
    # decryption of the OpsMan VM after reboot,
    # which would otherwise need to be done manually.
    decryption-passphrase: passphrase

Getting the client-id and client-secret

Tanzu Operations Manager, by preference, uses Client ID and Client Secret, if these are provided. To create a Client ID and Client Secret:

  1. Add uaac target https://YOUR_OPSMANAGER/uaa.
  2. If you are using SAML, uaac token sso get.
  3. If you are using basic auth, add uaac token owner get.
  4. Specify the Client ID as opsman and leave Client Secret blank.
  5. Generate a client ID and secret.
uaac client add -i
Client ID:  NEW_CLIENT_NAME
New client secret:  DESIRED_PASSWORD
Verify new client secret:  DESIRED_PASSWORD
scope (list):  opsman.admin
authorized grant types (list):  client_credentials
authorities (list):  opsman.admin
access token validity (seconds):  43200
refresh token validity (seconds):  43200
redirect uri (list):
autoapprove (list):
signup redirect url (url):

errand config

The ERRAND_CONFIG_FILE input is used in the apply-changes task. This file contains properties for enabling and disabling errands for a particular run of apply-changes.

To retrieve the default configuration of your product's errands, you can use staged-config.

The expected format for this errand config is:

errands:
  sample-product-1:
    run_post_deploy:
      smoke_tests: default
      push-app: false
    run_pre_delete:
      smoke_tests: true
  sample-product-2:
    run_post_deploy:
      smoke_tests: default

installation

The file contains the information to restore a Tanzu Operations Manager VM. The installation input for a opsman VM task expects to have a installation.zip file.

This file can be exported from a Tanzu Operations Manager VM using the export-installation task. This file can be imported to a Tanzu Operations Manager VM using the import-installation task.

This file cannot be manually created. It is a file that must be generated using the export function of Tanzu Operations Manager.

Tanzu Operations Manager config

The config for a Tanzu Operations Manager described IAAS specific information for creating the VM; that is, VM flavor (size) and IP addresses.

The config input for opsman task expects to have a opsman.yml file. The configuration of the opsman.yml is IAAS specific.

AWS


---
opsman-configuration:
  aws:
    region: us-west-2
    vpc_subnet_id: subnet-0292bc845215c2cbf
    security_group_ids: [ sg-0354f804ba7c4bc41 ]
    key_pair_name: ops-manager-key  # used to SSH to VM
    iam_instance_profile_name: env_ops_manager

    # At least one IP address (public or private) needs to be assigned to the
    # VM. It is also permissible to assign both.
    public_ip: 1.2.3.4      # Reserved Elastic IP
    private_ip: 10.0.0.2

    # Optional
    # vm_name: ops-manager-vm    # default - ops-manager-vm
    # boot_disk_size: 100        # default - 200 (GB)
    # instance_type: m5.large    # default - m5.large
                                 # NOTE - not all regions support m5.large
    # assume_role: "arn:aws:iam::..." # necessary if a role is needed to authorize
                                      # the OpsMan VM instance profile
    # tags: {key: value}              # key-value pair of tags assigned to the
    #                                 # Ops Manager VM
    # Omit if using instance profiles
    # And instance profile OR access_key/secret_access_key is required
    # access_key_id: ((access-key-id))
    # secret_access_key: ((secret-access-key))

    # security_group_id: sg-123  # DEPRECATED - use security_group_ids
    # use_instance_profile: true # DEPRECATED - will use instance profile for
                                 # execution VM if access_key_id and
                                 # secret_access_key are not set

  # Optional Ops Manager UI Settings for upgrade-opsman
  # ssl-certificate: ...
  # pivotal-network-settings: ...
  # banner-settings: ...
  # syslog-settings: ...
  # rbac-settings: ...

Azure


---
opsman-configuration:
  azure:
    tenant_id: 3e52862f-a01e-4b97-98d5-f31a409df682
    subscription_id: 90f35f10-ea9e-4e80-aac4-d6778b995532
    client_id: 5782deb6-9195-4827-83ae-a13fda90aa0d
    client_secret: ((opsman-client-secret))
    location: westus
    resource_group: res-group
    storage_account: opsman                       # account name of container
    ssh_public_key: ssh-rsa AAAAB3NzaC1yc2EAZ...  # ssh key to access VM

    # Note that there are several environment-specific details in this path
    # This path can reach out to other resource groups if necessary
    subnet_id: /subscriptions/
  
   /resourceGroups/
   
    /providers/Microsoft.Network/virtualNetworks/
    
     /subnets/
     
       # At least one IP address (public or private) needs to be assigned # to the VM. It is also permissible to assign both. private_ip: 10.0.0.3 public_ip: 1.2.3.4 # Optional # cloud_name: AzureCloud # default - AzureCloud # storage_key: ((storage-key)) # only required if your client does not # have the needed storage permissions # container: opsmanagerimage # storage account container name # default - opsmanagerimage # network_security_group: ops-manager-security-group # vm_name: ops-manager-vm # default - ops-manager-vm # boot_disk_size: 200 # default - 200 (GB) # use_managed_disk: true # this flag is only respected by the # create-vm and upgrade-opsman commands. # set to false if you want to create # the new opsman VM with an unmanaged # disk (not recommended). default - true # storage_sku: Premium_LRS # this sets the SKU of the storage account # for the disk # Allowed values: Standard_LRS, Premium_LRS, # StandardSSD_LRS, UltraSSD_LRS # vm_size: Standard_DS1_v2 # the size of the Ops Manager VM # default - Standard_DS2_v2 # Allowed values: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/sizes-general # tags: Project=ECommerce # Space-separated tags: key[=value] [key[=value] ...]. Use '' to # clear existing tags. # vpc_subnet: /subscriptions/... # DEPRECATED - use subnet_id # use_unmanaged_disk: false # DEPRECATED - use use_managed_disk # Optional Ops Manager UI Settings for upgrade-opsman # ssl-certificate: ... # pivotal-network-settings: ... # banner-settings: ... # syslog-settings: ... # rbac-settings: ... 
     
    
   
  

GCP


---
opsman-configuration:
  gcp:
    # Either gcp_service_account_name or gcp_service_account json is required
    # You must remove whichever you don't use
    gcp_service_account_name: [email protected]
    gcp_service_account: ((gcp-service-account-key-json))

    project: project-id
    region: us-central1
    zone: us-central1-b
    vpc_subnet: infrastructure-subnet

    # At least one IP address (public or private) needs to be assigned to the
    # VM. It is also permissible to assign both.
    public_ip: 1.2.3.4
    private_ip: 10.0.0.2

    ssh_public_key: ssh-rsa some-public-key... # RECOMMENDED, but not required
    tags: ops-manager                          # RECOMMENDED, but not required

    # Optional
    # vm_name: ops-manager-vm  # default - ops-manager-vm
    # custom_cpu: 2            # default - 2
    # custom_memory: 8         # default - 8
    # boot_disk_size: 100      # default - 100
    # scopes: ["my-scope"]
    # hostname: custom.hostname # info: https://cloud.google.com/compute/docs/instances/custom-hostname-vm

  # Optional Ops Manager UI Settings for upgrade-opsman
  # ssl-certificate: ...
  # pivotal-network-settings: ...
  # banner-settings: ...
  # syslog-settings: ...
  # rbac-settings: ...

Openstack


---
opsman-configuration:
  openstack:
    project_name: project
    auth_url: http://os.example.com:5000/v2.0
    username: ((opsman-openstack-username))
    password: ((opsman-openstack-password))
    net_id: 26a13112-b6c2-11e8-96f8-529269fb1459
    security_group_name: opsman-sec-group
    key_pair_name: opsman-keypair

    # At least one IP address (public or private) needs to be assigned to the VM.
    public_ip: 1.2.3.4 # must be an already allocated floating IP
    private_ip: 10.0.0.3

    # Optional
    # availability_zone: zone-01
    # project_domain_name: default
    # user_domain_name: default
    # vm_name: ops-manager-vm       # default - ops-manager-vm
    # flavor: m1.xlarge             # default - m1.xlarge
    # identity_api_version: 2       # default - 3
    # insecure: true                # default - false

  # Optional Ops Manager UI Settings for upgrade-opsman
  # ssl-certificate: ...
  # pivotal-network-settings: ...
  # banner-settings: ...
  # syslog-settings: ...
  # rbac-settings: ...

vSphere


---
opsman-configuration:
  vsphere:
    vcenter:
      ca_cert: cert                 # REQUIRED if insecure = 0 (secure)
      datacenter: example-dc
      datastore: example-ds-1
      folder: /example-dc/vm/Folder # RECOMMENDED, but not required
      url: vcenter.example.com
      username: ((vcenter-username))
      password: ((vcenter-password))
      resource_pool: /example-dc/host/example-cluster/Resources/example-pool
      # resource_pool can use a cluster - /example-dc/host/example-cluster

      # Optional
      # host: host      # DEPRECATED - Platform Automation cannot guarantee
                        # the location of the VM, given the nature of vSphere
      # insecure: 0     # default - 0 (secure) | 1 (insecure)

    disk_type: thin     # thin|thick
    dns: 8.8.8.8
    gateway: 192.168.10.1
    hostname: ops-manager.example.com
    netmask: 255.255.255.192
    network: example-virtual-network
    ntp: ntp.ubuntu.com
    private_ip: 10.0.0.10
    ssh_public_key: ssh-rsa ......   # REQUIRED Ops Manager >= 2.6

    # Optional
    # cpu: 1                         # default - 1
    # memory: 8                      # default - 8 (GB)
    # ssh_password: ((ssh-password)) # REQUIRED if ssh_public_key not defined
                                     # (Ops Manager < 2.6 ONLY)
    # vm_name: ops-manager-vm        # default - ops-manager-vm
    # disk_size: 200                 # default - 160 (GB), only larger values allowed

  # Optional Ops Manager UI Settings for upgrade-opsman
  # ssl-certificate: ...
  # pivotal-network-settings: ...
  # banner-settings: ...
  # syslog-settings: ...
  # rbac-settings: ...

Additional settings


# These are OPTIONAL settings that can exist in your opsman.yml
# When upgrading an Ops Manager, these are configurations
# that can be updated on the Settings page in the Ops Manager UI.
# These settings can be updated with the upgrade-opsman command
# even if the Ops Manager VM is not recreated.
ssl-certificate:
  certificate: |
    -----BEGIN CERTIFICATE-----
    certificate
    -----END CERTIFICATE-----
  private_key:
    ----BEGIN RSA PRIVATE KEY-----
    private-key
    -----END RSA PRIVATE KEY-----
pivotal-network-settings:
  api_token: your-pivnet-token
banner-settings:
  ui_banner_contents: UI Banner Contents
  ssh_banner_contents: SSH Banner Contents
syslog-settings:
  enabled: true
  address: 1.2.3.4
  port: 999
  transport_protocol: tcp
  tls_enabled: true
  permitted_peer: "*.example.com"
  ssl_ca_certificate: |
    -----BEGIN CERTIFICATE-----
    certificate
    -----END CERTIFICATE-----
  queue_size: 100000
  forward_debug_logs: false
  custom_rsyslog_configuration: if $message contains 'test' then stop
rbac-settings: # if your RBAC is SAML, use these settings
  rbac_saml_admin_group: example_group_name
  rbac_saml_groups_attribute: example_attribute_name
#rbac-settings: # if your RBAC is LDAP, replace the above
#  ldap_rbac_admin_group_name: cn=opsmgradmins,ou=groups,dc=mycompany,dc=com
opsman-configuration:
  aws: # azure, gcp, openstack, vsphere
    ...

Specific advice and features for the different IaaSs are documented below.

AWS

These required properties are adapted from the instructions outlined in Requirements and prerequisites for Tanzu Operations Manager on AWS.

At least one IP address (public or private) must be assigned to the Tanzu Operations Manager VM. Both can be assigned, if required.

For authentication, you must either set use_instance_profile: true or provide a secret_key_id and secret_access_key. You must remove key information if you're using an instance profile. Using an instance profile allows you to avoid interpolation because this file then contains no secrets.

Azure

The required properties are adapted from the instructions outlined in Requirements and prerequisites for Tanzu Operations Manager on Azure.

At least one IP address (public or private) must be assigned to the Tanzu Operations Manager VM. Both can be assigned, if required.

GCP

The required properties are adapted from the instructions outlined in Requirements and prerequisites for Tanzu Operations Manager on GCP

At least one IP address (public or private) must be assigned to the Tanzu Operations Manager VM. Both can be assigned, if required.

For authentication either gcp_service_account or gcp_service_account_name is required. You must remove the one you are not using. Note that using gcp_service_account_name allows you to avoid interpolation, because this file then contains no secrets.

Support for Shared VPC is done using configuring the vpc_subnet path to include the host project id, region of the subnet, and the subnet name.

For example:

projects/[HOST_PROJECT_ID]/regions/[REGION]/subnetworks/[SUBNET]

OpenStack

The required properties are adapted from the instructions in Installing and configuring Tanzu Operations Manager on OpenStack

At least one IP address (public or private) must be assigned to the Tanzu Operations Manager VM. Both can be assigned, if required.

vSphere

The required properties are adapted from the instructions in Installing and configuring Tanzu Operations Manager on vSphere

opsman image

This file is an artifact from the Broadcom Support portal, which contains the VM image for a specific IaaS. For vSphere and OpenStack, it's a full disk image. For AWS, GCP, and Azure, it's a YAML file that lists the location of images that are already available on the IaaS.

These are examples to download the image artifact for each IaaS using the download-product task.

opsman.yml

AWS

---
pivnet-api-token: ((pivnet_token))
pivnet-file-glob: "ops-manager-aws*.yml"
pivnet-product-slug: ops-manager
product-version-regex: ^2\.5\.\d+$

Azure

---
pivnet-api-token: ((pivnet_token))
pivnet-file-glob: "ops-manager-azure*.yml"
pivnet-product-slug: ops-manager
product-version-regex: ^2\.5\.\d+$

GCP

---
pivnet-api-token: ((pivnet_token))
pivnet-file-glob: "ops-manager-gcp*.yml"
pivnet-product-slug: ops-manager
product-version-regex: ^2\.5\.\d+$

OpenStack

---
pivnet-api-token: ((pivnet_token))
pivnet-file-glob: "ops-manager-openstack*.raw"
pivnet-product-slug: ops-manager
product-version-regex: ^2\.5\.\d+$

vSphere

---
pivnet-api-token: ((pivnet_token))
pivnet-file-glob: "ops-manager-vsphere*.ova"
pivnet-product-slug: ops-manager
product-version-regex: ^2\.5\.\d+$

The p-automator CLI includes the ability to extract the Tanzu Operations Manager VM configuration (GCP, AWS, Azure, and VSphere). This works for Tanzu Operations Managers that are already running. It is useful when migrating to automation.

Usage:

  1. Get the Platform Automation Toolkit image from the Broadcom Support portal.
  2. Import the image into docker to run the p-automation locally. See Running commands locally.
  3. Create a state file that represents your current VM and IAAS.
  4. Invoke the p-automator CLI to get the configuration.

For example, on AWS with an access key and secret key:

docker run -it --rm -v $PWD:/workspace -w /workspace platform-automation-image \
p-automator export-opsman-config \
--state-file=state.yml \
--aws-region=us-west-1 \
--aws-secret-access-key some-secret-key \
--aws-access-key-id some-access-key

The outputted opsman.yml contains the information needed for Platform Automation Toolkit to manage the Tanzu Operations Manager VM.

download-product task

- task: download-opsman-image
  image: platform-automation-image
  file: platform-automation-tasks/tasks/download-product.yml
  params:
    CONFIG_FILE: opsman.yml

product

The product input requires a single tile file (.pivotal) as downloaded from the Broadcom Support portal.

Here's an example of how to pull the Tanzu Application Service tile using the download-product task.

product.yml

---
pivnet-api-token: token
pivnet-file-glob: "cf-*.pivotal"
pivnet-product-slug: elastic-runtime
product-version-regex: ^2\.6\..*$

download-product task

- task: download-stemcell
  image: platform-automation-image
  file: platform-automation-tasks/tasks/download-product.yml
  params:
    CONFIG_FILE: product.yml

This file cannot be manually created. This file must retrieved from the Broadcom Support portal.

product config

There are two ways to build a product config.

  1. Using an already deployed product (tile), you can extract the config using staged-config.
  2. Use an example and fill in the values based on the meta information from the tile. This product.yml is a very basic example for healthwatch.

---
product-properties:
  .healthwatch-forwarder.bosh_taskcheck_username:
    value: admin
  .healthwatch-forwarder.boshhealth_instance_count:
    value: 1
  .healthwatch-forwarder.boshtasks_instance_count:
    value: 2
  .healthwatch-forwarder.canary_instance_count:
    value: 2
  .healthwatch-forwarder.cli_instance_count:
    value: 2
  .healthwatch-forwarder.health_check_az:
    value: AZ01
  .healthwatch-forwarder.ingestor_instance_count:
    value: 4
  .healthwatch-forwarder.opsman_instance_count:
    value: 2
  .healthwatch-forwarder.publish_to_eva:
    value: true
  .healthwatch-forwarder.worker_instance_count:
    value: 4
  .mysql.skip_name_resolve:
    value: true
  .properties.opsman:
    value: enable
  .properties.opsman.enable.url:
    value: https://pcf.example.com/
network-properties:
  network:
    name: DEPLOYMENT
  other_availability_zones:
  - name: AZ01
  - name: AZ02
  service_network:
    name: SERVICES
  singleton_availability_zone:
    name: AZ01
resource-config:
  healthwatch-forwarder:
    instances: automatic
    persistent_disk:
      size_mb: automatic
    instance_type:
      id: automatic
  migrate-v1.1-v1.2:
    instances: automatic
    instance_type:
      id: automatic
  mysql:
    instances: automatic
    persistent_disk:
      size_mb: automatic
    instance_type:
      id: automatic
  redis:
    instances: automatic
    persistent_disk:
      size_mb: automatic
    instance_type:
      id: automatic

The following is a list of properties that can be set in the product.yml and a link to the API documentation explaining the properties.

state

This file contains the meta-information needed to manage the Tanzu Operations Manager VM. The state input for a opsman VM task expects to have a state.yml file.

The state.yml file contains two properties:

  1. iaas is the IAAS the Tanzu Operations Manager VM is hosted on. (gcp, vsphere, aws, azure, openstack)

  2. vm_id is the VM unique identifier for the VM. For some IAAS, the VM ID is the VM name.

    Different IaaS uniquely identify VMs differently; here are examples for what this file should look like, depending on your IAAS:

    AWS

    
         iaas: aws
         # Instance ID of the AWS VM
         vm_id: i-12345678987654321
     

    Azure

    
         iaas: azure
         # Computer Name of the Azure VM
         vm_id: vm_name
     

    GCP

    
         iaas: gcp
         # Name of the VM in GCP
         vm_id: vm_name
     

    OpenStack

    
         iaas: openstack
         # Instance ID from the OpenStack Overview
         vm_id: 12345678-9876-5432-1abc-defghijklmno
     

    vSphere

    
         iaas: vsphere
         # Path to the VM in vCenter
         vm_id: /datacenter/vm/folder/vm_name
     

stemcell

This stemcell input requires the stemcell tarball (.tgz) as downloaded from the Broadcom Support portal. It must be in the original filename as that is used by Tanzu Operations Manager to parse metadata. The filename might look something like bosh-stemcell-621.76-vsphere-esxi-ubuntu-xenial-go_agent.tgz.

This file cannot be manually created. This file must retrieved from the Broadcom Support portal.

Here's an example of how to pull the vSphere stemcell using the download-product task.

stemcell.yml

AWS

---
pivnet-api-token: token
pivnet-file-glob: "bosh-stemcell-*-aws*.tgz"
pivnet-product-slug: stemcells-ubuntu-xenial
product-version-regex: ^170\..*$

Azure

---
pivnet-api-token: token
pivnet-file-glob: "bosh-stemcell-*-azure*.tgz"
pivnet-product-slug: stemcells-ubuntu-xenial
product-version-regex: ^170\..*$

GCP

---
pivnet-api-token: token
pivnet-file-glob: "bosh-stemcell-*-google*.tgz"
pivnet-product-slug: stemcells-ubuntu-xenial
product-version-regex: ^170\..*$

OpenStack

---
pivnet-api-token: token
pivnet-file-glob: "bosh-stemcell-*-openstack*.tgz"
pivnet-product-slug: stemcells-ubuntu-xenial
product-version-regex: ^170\..*$

vSphere

---
pivnet-api-token: token
pivnet-file-glob: "bosh-stemcell-*-vsphere*.tgz"
pivnet-product-slug: stemcells-ubuntu-xenial
product-version-regex: ^170\..*$

download-product task

- task: download-stemcell
  image: platform-automation-image
  file: platform-automation-tasks/tasks/download-product.yml
  params:
    CONFIG_FILE: stemcell.yml

assign-stemcell-task

This artifact is an output of download-product located in the assign-stemcell-config output directory.

This file should resemble the following:

product: cf
stemcell: "97.190"

telemetry

The config input for the collect-telemetry task can be used with a telemetry.yml file to collect data for VMware so that VMware staff can learn and measure results to help put customer experience at the forefront of their product decisions. The configuration of the telemetry.yml looks like this:


---
env-type: sandbox     # sandbox|development|qa|pre-production|production

# Usage Service (Recommended)
cf-api-url:           # UAA authentication to access Usage Service
usage-service-url:
usage-service-client-id:
usage-service-client-secret:
usage-service-insecure-skip-tls-verify:

# CredHub (Optional)
# with-credhub-info:  # include CredHub certificate expiry information

check-circle-line exclamation-circle-line close-line
Scroll to top icon