Skip to content

shield-daemon job from shield/7.0.1

Github source: 17a8a96 or master branch

Properties

auth

api_keys

Map of API keys to grant script-level access to SHIELD (keys are names of keys, values are keys themselves)

Example
|+
  api_keys:
    my_script: AwB6iMPhTHiE7V2ngLNv
    autoprovision: KTocoRDwtasU22kiA3Go

oauth

authorization
orgs

List of organizations that users must be members of to access SHIELD. This MUST* be specified or no one will be able to access SHIELD.

key

Auth Key/Client ID to use with the OAuth2 provider

provider

OAuth2 provider to use with SHIELD (supported values: ‘github’ and ‘cloudfoundry’)

secret

Auth Secret/Client Secret to use with the OAuth2 provider

sessions
db
host

Hostname or IP address of the database server.

name

Name of the database to use for storing session data.

password

Password to use for accessing the session database.

port

TCP port that the database server is listening on.

username

Username to use for accessing the session database.

max_age

Maximum age for an authenticated session (in seconds).

Default
2.592e+06

password

Password to use with basic auth for SHIELD (disabled if oauth is enabled)

username

Username to use with basic auth for SHIELD (disabled if oauth is enabled)

Default
admin

database

db

Name of the SHIELD database

host

Hostname or IP address of the backend database server.

password

Password to use for accessing the database.

port

TCP port that the database server is listening on.

type

Type of database backend to use (‘postgres’ or ‘mysql’).

username

Username to use for accessing the database.

domain

Fully-qualified domain name (or IP address) of your SHIELD installation

name

The name of your SHIELD installation (to display to `shield status’ calls).

Default
(none)

nginx

keepalive_timeout

Timeout for keep-alive connections

Default
75 20

worker_connections

Number of nginx connections per worker

Default
8192

worker_processes

Number of nginx workers

Default
2

port

Incoming port to bind for HTTPS API and Web UI requests

Default
443

shield

log_level

Log level for shield processes

Default
info

ssh_private_key

SSH private key to use for communicating with the shield-agent.

ssl

crt

TLS Certificate (PEM encoded)

key

TLS private key (PEM encoded)

timeout

Timeout for reusing the previously negotiated cryptographic parameters

Default
7200

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/shield-daemon/ directory (learn more).

  • bin/ctl (from bin/ctl)
  • bin/monit_debugger (from bin/monit_debugger)
  • bin/nginx_ctl (from nginx/bin/ctl)
  • config/shieldd.conf (from config/shieldd.conf)
  • helpers/ctl_setup.sh (from helpers/ctl_setup.sh)
  • helpers/ctl_utils.sh (from helpers/ctl_utils.sh)
  • nginx/config/mime.types (from nginx/config/mime.types)
  • nginx/config/nginx.conf (from nginx/config/nginx.conf)
  • nginx/config/ssl_crt (from nginx/config/ssl_crt)
  • nginx/config/ssl_key (from nginx/config/ssl_key)
  • shared/id_rsa (from shared/id_rsa)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.