Skip to content

policy-server job from cf-networking/0.20.0

Github source: a8a2e3c or master branch

Properties

cf_networking

policy_server

ca_cert

Trusted CA certificate for clients

cc_url

Address of Cloud Controller server

Default
http://cloud-controller-ng.service.cf.internal:9022
cleanup_interval

Clean up stale policies on this interval, in minutes

Default
60
database
host

Host (IP or DNS name) for database server

Default
""
name

Name of logical database to use

Default
""
password

Password for database connection

Default
""
port

Port for database server

Default
""
type

Type of database: postgres or mysql

Default
postgres
username

Username for database connection

Default
""
debug_server_host

Host for the debug server

Default
127.0.0.1
debug_server_port

Port for the debug server

Default
22222
internal_listen_port

Port where the policy server will serve its internal API

Default
4003
listen_host

Host where the policy server will serve its API

Default
0.0.0.0
listen_port

Port where the policy server will serve its external API

Default
4002
log_level

Logging level (debug, info, warn, error)

Default
info
metron_address

Forward metrics to this metron agent

Default
127.0.0.1:3457
server_cert

Server certificate for TLS

server_key

Server key for TLS

skip_ssl_validation

Skip verifying ssl certs when speaking to UAA or Cloud Controller

Default
false
tag_length

Length in bytes of the packet tags to generate for policy sources and destinations. Must be greater than 0 and less than 4.

Default
2
uaa_ca

Trusted CA for UAA server

uaa_client

UAA client name

Default
network-policy
uaa_client_secret

UAA client secret

Default
network-policy-secret
uaa_port

Port of the UAA server

Default
8443
uaa_url

Address of UAA server

Default
https://uaa.service.cf.internal

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/policy-server/ directory (learn more).

  • bin/policy-server_as_vcap (from policy-server_as_vcap.erb)
  • bin/policy-server_ctl (from policy-server_ctl.erb)
  • bin/pre-start (from pre-start.erb)
  • config/certs/ca.crt (from ca.crt.erb)
  • config/certs/server.crt (from server.crt.erb)
  • config/certs/server.key (from server.key.erb)
  • config/certs/uaa_ca.crt (from uaa_ca.crt.erb)
  • config/policy-server.json (from policy-server.json.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.