Skip to content

Google Cloud Storage

The Director stores uploaded releases, configuration files, logs and other data in a blobstore. A default DAV blobstore is sufficient for most BOSH environments; however, a highly-available external blobstore may be desired.

Included DAV (default)

By default the Director is configured to use included DAV blobstore job (see Installing BOSH section for example manifests). Here is how to configure it:

  1. Add blobstore release job and make sure that persistent disk is enabled:

    jobs:
    - name: bosh
      templates:
      - {name: blobstore, release: bosh}
      # ...
      persistent_disk: 25_000
      # ...
      networks:
      - name: default
        static_ips: [10.0.0.6]
    
  2. Configure blobstore job. The blobstore's address must be reachable by the Agents:

    properties:
      blobstore:
        provider: dav
        address: 10.0.0.6
        port: 25250
        director:
          user: director
          password: DIRECTOR-PASSWORD
        agent:
          user: agent
          password: AGENT-PASSWORD
    

Above configuration is used by the Director and the Agents.


S3

The Director and the Agents can use an S3 compatible blobstore. Here is how to configure it:

  1. Create a private S3 bucket

  2. Ensure that access to the bucket is protected, as the Director may store sensitive information.

  3. Modify deployment manifest for the Director and specify S3 credentials and bucket name:

    properties:
      blobstore:
        provider: s3
        access_key_id: ACCESS-KEY-ID
        secret_access_key: SECRET-ACCESS-KEY
        bucket_name: test-bosh-bucket
    
  4. For an S3 compatible blobstore you need to additionally specify the host:

    properties:
      blobstore:
        provider: s3
        access_key_id: ACCESS-KEY-ID
        secret_access_key: SECRET-ACCESS-KEY
        bucket_name: test-bosh-bucket
        host: objects.dreamhost.com
    

Google Cloud Storage (GCS)

Note

Available in bosh release v263+ and Linux stemcells 3450+.

The Director and the Agents can use GCS as a blobstore. Here is how to configure it:

  1. Create a GCS bucket.

  2. Follow the steps on how to create service accounts and configure them with the minimum set of permissions.

  3. Ensure that access to the bucket is protected, as the Director may store sensitive information.

  4. Modify deployment manifest for the Director and specify GCS credentials and bucket name:

    properties:
      blobstore:
        provider: gcs
        credentials_source: static
        json_key: |
          DIRECTOR-BLOBSTORE-SERVICE-ACCOUNT-FILE
        bucket_name: test-bosh-bucket
      agent:
        blobstore:
          json_key: |
            AGENT-SERVICE-ACCOUNT-BLOBSTORE-FILE
    
  5. To use Customer Supplied Encryption Keys to encrypt blobstore contents instead of server-side encryption keys, specify encryption_key:

    properties:
      blobstore:
        provider: gcs
        credentials_source: static
        json_key: |
          DIRECTOR-BLOBSTORE-SERVICE-ACCOUNT-FILE
        bucket_name: test-bosh-bucket
        encryption_key: BASE64-ENCODED-32-BYTES
      agent:
        blobstore:
          credentials_source: static
          json_key: |
            AGENT-SERVICE-ACCOUNT-BLOBSTORE-FILE
    
  6. To use an explicit Storage Class to store blobstore contents instead of the bucket default, specify storage_class:

    properties:
      blobstore:
        provider: gcs
        credentials_source: static
        json_key: |
          DIRECTOR-BLOBSTORE-SERVICE-ACCOUNT-FILE
        bucket_name: test-bosh-bucket
        storage_class: REGIONAL
      agent:
        blobstore:
          credentials_source: static
          json_key: |
            AGENT-SERVICE-ACCOUNT-BLOBSTORE-FILE
    

    Azure Storage Account

Azure Storage Account is supported from bosh version 278.0.0 and stemcell version 1.199.

The Director and the Agents can use an Azure Storage Account compatible blobstore. Here is how to configure it:

  1. Create a private Azure Storage Account and a container

  2. Ensure that access to the Account is protected, as the Director may store sensitive information.

  3. Modify deployment manifest for the Director and specify Azure Storage Account credentials and container name:

    properties:
      blobstore:
        provider: azure-storage
        account_key: ACCOUNT-KEY
        account_name: ACCOUNT-NAME
        container_name: CONTAINER
      agent:  
        env:
          bosh:
            blobstores:
            - options: 
                account_key: ACCOUNT-KEY
                account_name: ACCOUNT-NAME
                container_name: CONTAINER
              provider: azure-storage