(*yes*, the whole enchilada)

You’ve probably read much recently about SAP adding Cloud Foundry in Cloud Platform. There’s a lot to like about Cloud Foundry as an application platform – its support for more languages and runtimes, its community open source approach – and, for SAP Cloud Platform, it runs as a true Platform as a Service.

I tend to learn things by tearing them apart.  I was pleased to learn that Cloud Foundry has a capability to basically run the entire Cloud Foundry infrastructure on a single laptop.

Normally Cloud Foundry will run atop a full-blown IaaS infrastructure: AWS, Azure, GCP or OpenStack. There’s an abstraction layer call the Cloud Provider Interface (CPI) that drives that freedom of choice.  The developer configuration of Cloud Foundry is known as BOSH-Lite and it, well, crams all the runtime components of CF into a single virtual machine.

Why bother when you could do this in the cloud in the first place? For me, it’s a learning choice. PaaS is great; I mean really, really great, but to truly grok something we often need to get a really deep look. Deploying CF on your own machine gives you a pathway to do that without a significant time investment or the cost of running multiple VMs in the cloud.

It’s worth saying that this installation is by no means a production configuration. A fully scalable and hardened Cloud Foundry installation takes a fair investment in time and hardware – that said, this is still a great way to get acquainted with CF components at a very deep level.

Lets get started

Cloud Foundry installation is highly scripted. You will find that you don’t have to do too many steps manually to get this running.  You’ll only need a system with these resources:

• A Mac or Linux machine
• 16GB main memory (we’re going to build an 8GB VM)
• A live network connection (at least for general programming, you can’t run disconnected)
• VirtualBox 5.1.x or later (download from here)
• Roughly 40GB free disk space

The procedure to get this running has evolved over the past six months. The most recent (and accurate) blog I have encountered was this article, authored by Christopher Banck.  There’s a few crucial spots where I deviate from the procedure he described, so I’ll list everything here.

Step 1. Verify your VirtualBox installation

vboxmanage –v

you should see something like this::

5.1.28r117968

Ensure your version is 5.1 or later. If not, you will need to upgrade.

Step 2. Download, install and verify the latest version of the BOSH2 CLI

Use the instructions at this web site: https://bosh.io/docs/cli-v2.html

Step 3. Download and install the cf command line

You can follow this guide.

Step 4. Clone BOSH Deployment and install BOSH Lite.

mkdir ~/workspace

mkdir ~/deployments

git clone https://github.com/cloudfoundry/bosh-deployment ~/workspace/bosh-deployment

mkdir -p ~/deployments/vbox

cd ~/deployments/vbox

In order to configure BOSH-lite to give you an 8GB VM, you will need to edit the file ~/workspace/bosh-deployment/virtualbox/cpi.yml  ; change the 4096 MB memory specification to 8192:

-    memory: 4096

+    memory: 8192

You can now install the BOSH-lite Director into a VM

bosh create-env ~/workspace/bosh-deployment/bosh.yml \
--state ~/deployments/vbox/state.json \
-o ~/workspace/bosh-deployment/virtualbox/cpi.yml \
-o ~/workspace/bosh-deployment/virtualbox/outbound-network.yml \
-o ~/workspace/bosh-deployment/bosh-lite.yml \
-o ~/workspace/bosh-deployment/bosh-lite-runc.yml \
-o ~/workspace/bosh-deployment/jumpbox-user.yml \
--vars-store ~/deployments/vbox/creds.yml \
-v director_name="Bosh Lite Director" \
-v internal_ip=192.168.50.6 \
-v internal_gw=192.168.50.1 \
-v internal_cidr=192.168.50.0/24 \
-v outbound_network_name=NatNetwork

We then use BOSH to alias the environment we just created. We also save some environment variables for later use.

bosh -e 192.168.50.6 --ca-cert <(bosh int ~/deployments/vbox/creds.yml \
--path /director_ssl/ca) alias-env vbox

export BOSH_CA_CERT=$(bosh int ~/deployments/vbox/creds.yml --path /director_ssl/ca)

export BOSH_CLIENT=admin

export BOSH_CLIENT_SECRET=$(bosh int ~/deployments/vbox/creds.yml --path /admin_password)

export BOSH_ENVIRONMENT=vbox

Step 4. Clone and Configure Cloud Foundry

git clone https://github.com/cloudfoundry/cf-deployment ~/workspace/cf-deployment
cd ~/workspace/cf-deployment

upload the appropriate bosh stemcell:

export STEMCELL_VERSION=$(bosh int ~/workspace/cf-deployment/cf-deployment.yml \
--path /stemcells/alias=default/version)

bosh upload-stemcell \
https://bosh.io/d/stemcells/bosh-warden-boshlite-ubuntu-trusty-go_agent?v=$STEMCELL_VERSION

Update the cloud configuration to reflect that we’ll be running in BOSH-lite:

bosh update-cloud-config ~/workspace/cf-deployment/iaas-support/bosh-lite/cloud-config.yml

Step 5. Install Cloud Foundry

The default cf deployment will have a baked-in OAuth2 problem with HTTPS. It turns out that the UAA authentication server – the authentication server that you’ll likely use to issue OAuth2 tickets – will not be trusted by any client application using HTTPS.  That’s because the host certificate is self-signed.  This issue is easy enough to fix. Download the specific patch script I created.  We’ll use it in the actual deployment.

pushd operations/experimental/

wget https://raw.githubusercontent.com/rrainey/cf-local-tools/master/cf-deployment/operations/experimental/trust-route-ca.yml

popd

Now execute the deployment; the reference to trust-route-ca.yml patches the deployment to install the Router CA certificate, thus allowing HTTPS client access to UAA to be trusted:

bosh -e vbox -d cf deploy cf-deployment.yml \
-o operations/bosh-lite.yml \
--vars-store deployment-vars.yml \
-v system_domain=bosh-lite.com \
-o operations/experimental/enable-instance-identity-credentials.yml \
-o operations/experimental/trust-route-ca.yml \
-o ~/workspace/cf-deployment/operations/use-compiled-releases.yml

Step 6. Verify that all the expected processes are running

bosh -e vbox -d cf instances

Step 7. Update network routing

You must now add a route to allow your machine to communicate with the BOSH-lite VM containers.

sudo route add -net 10.244.0.0/16 192.168.50.6

Step 8. Create an Organization and Space

We can now switch over to communicating via the cf command line. Note that the target domain, bosh-lite.com, actually resolves to an IP address inside your VirtualBox VM. Also note that the deployment scripts have auto-generated passwords for your use.  The following commands grab those passwords as environment variables — depending on your inclination, you might consider deleting those environment variables when you are done using them here.

cd ~/workspace/cf-deployment

cf api https://api.bosh-lite.com --skip-ssl-validation 

export CF_ADMIN_PASSWORD=$(bosh int ./deployment-vars.yml --path /cf_admin_password) 

cf auth admin $CF_ADMIN_PASSWORD

export UAA_PASSWORD=$(bosh int ./deployment-vars.yml --path /uaa_admin_client_secret)



cf create-org "mycloud"

cf target -o "mycloud"

cf create-space dev

cf target -o "mycloud" -s "dev"

Step 9. Deploy and run a sample application

cd ~

git clone https://github.com/vchrisb/cf-helloworld ~/workspace/cf-helloworld

cd ~/workspace/cf-helloworld

cf push

Once the push operation completes, you will be able to access the application at the url http://cf-helloworld.bosh-lite.com/

Where to from here?

At this point you have a verified operational Cloud Foundry instance running on your machine. In the next article, I’ll show some examples of working with UAA, OAuth2, and Spring Boot in this environment.  In the meantime, feel free to start your own experimenting.

An important postscript

If you are disconnecting your laptop from a network, I’ve found that it is generally a good idea to pause the BOSH-lite VM.  You can do this either from the VirtualBox UI or from the command line:

vboxmanage controlvm $(bosh int ~/deployments/vbox/state.json –path /current_vm_cid) savestate

You can restart it once your reconnect to a new network using this command:

vboxmanage startvm $(bosh int ~/deployments/vbox/state.json --path /current_vm_cid) --type headless

In this article, we deployed the latest versions of both bosh-lite and cf.  I point this out to say that what worked for me when I wrote this blog might potentially not work for you.  These repositories use git tags to mark official releases. Although I didn’t reference tags, the ‘latest’ commits on master branches that I ended up deploying were:

bosh-deployment 5217f1a18461a4249fdac878b8a5a5efee8a7894

cf-deployment   77c48d298d9e7c8495cfe3464979d1a450ddfe62

In a future article, I’ll get into some specifics about how to match up the version you run with the version of Cloud Foundry we’re running in SAP Cloud Platform.