Skip to content

broker job from on-demand-service-broker/0.49.0

Github source: 2dfb584b or master branch

Properties

bosh

authentication

basic
password

BOSH director password

username

BOSH director username

uaa
client_id

UAA client ID

client_secret

UAA client secret

root_ca_cert

Bosh Director Root CA certificate for broker to trust (optional)

url

BOSH URL

bosh_credhub_api

authentication

uaa
client_credentials
client_id

ID of UAA client with permissions to read and write to BOSH CredHub

client_secret

Secret of UAA client with permissions to read and write to BOSH CredHub

root_ca_cert

Public certificate of root certificate authority used to sign BOSH CredHub’s certificate. Used to authenticate the service.

url

Full URL of BOSH CredHub service

cf

authentication

(Deprecated) UAA authentication object. See cf.uaa.

root_ca_cert

CF Root CA certificate for broker to trust (optional)

uaa

authentication
client_credentials
client_id

UAA client ID with cloud_controller.read authority

client_secret

UAA client secret

user_credentials
password

CF Admin password

username

CF Admin username

client_definition

Client to be created by the broker during provision. See example below for valid fields.

Example
|+
  scopes: <comma separated list of scopes>
  resource_ids: <comma separated list of resource ids>
  authorized_grant_types: <comma separated list of grant types>
  authorities: <comma separated list of authorities>
  name: <name>
url

UAA URL for Cloud Foundry

url

CF API URL

disable_bosh_configs

Deactivate the feature where when a service adapter returns BOSH configs, ODB applies the configs to BOSH

Default
false

disable_cf_startup_checks

Default
false

disable_ssl_cert_verification

Disable SSL certificate verification by the broker when communicating with any CF component. DO NOT USE IN PRODUCTION

Default
false

enable_plan_schemas

If the service adapter supports service plan schemas and you would like the schema to appear in the service catalog, set this flag to true

Default
false

enable_secure_manifests

Allow ODB to read and write service instance secrets using the BOSH CredHub. Required for removing plain text secrets from service instance manifests.

Default
false

enable_telemetry

Enables telemetry logging when set to true. If true, broker id must be set.

Default
false

expose_operational_errors

The On Demand Broker will return BOSH errors to the platform when a failure occurs

Default
false

password

Broker basic auth password

port

Port for the broker

Default
8080

secure_binding_credentials

authentication

uaa
ca_cert

Internal UAA certificate

client_id

UAA client id for secure binding credential authentication

client_secret

UAA client secret for secure binding credential authentication

enabled

Flag to activate secure binding

Default
false

service_adapter

mount_paths

Filesystem paths to be mounted for use by the service adapter. This should include the paths to any config files.

Default
[]

path

The path to the service adapter binary located on the host with the broker

Default
/var/vcap/packages/odb-service-adapter/bin/service-adapter

service_catalog

bindable

is service bindable?

dashboard_client

client ID for dashboard

global_properties

properties applied to every plan. if in conflict, plan properties take precedence

global_quotas

resource_limits

deprecated property

Default
{}
resources

hash of resources that will be verified when provisioned by on-demand broker. A resource object contains “limit” as integer.

Default
{}
Example
global_quotas:
  resources:
    any_resource_name:
      limit: 10
service_instance_limit

the maximum number of instances that may be provisioned by on-demand broker

id

service ID for CF marketplace

maintenance_info

description

maintenance information description of the impact of the maintenance update for all plans. See https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md#maintenance-info-object

private

maintenance information to be returned as a single hashed string in the service catalog for all plans

Default
{}
public

maintenance information to be returned as plain text in the service catalog for all plans

Default
{}
version

maintenance information version for all plans. See https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md#maintenance-info-object

Example
1.2.3

metadata

service metadata - accepts arbitrary key / value pairs

display_name

apps manager display name

Default
""
documentation_url

apps manager documentation url

Default
""
image_url

apps manager image url

Default
""
long_description

apps manager long description

Default
""
provider_display_name

apps manager provider display name

Default
""
shareable

is service shareable?

Default
false
support_url

apps manager support url

Default
""

plan_updatable

are plan migrations allowed?

plans

the service plans to be presented to Cloud Foundry

requires

string array of permissions required by broker

Default
[]

service_description

service description for CF marketplace

service_name

service offering for CF marketplace

tags

string array of tags for catalog

Default
[]

service_deployment

releases

releases to deploy for each instance

stemcell

name

stemcell name to use for every job in the service deployment

os

stemcell OS to use for every job in the service deployment

version

stemcell version to use for every job in the service deployment

stemcells

stemcells to deploy for each instance

Default
[]
Example
- os: ubuntu
  version: 1234

service_instances_api

authentication

basic
password

HTTP basic auth password for connections to service instances API provider

username

HTTP basic auth username for connections to service instances API provider

disable_ssl_cert_verification

Disable SSL certificate verification by the broker when communicating with Service Instances API.

Default
false

root_ca_cert

root CA cert to validate TLS connection to service instances API provider

url

service instances API provider URL

shutdown_timeout_in_seconds

In seconds, allow the broker to close open connections before shutting down

Default
60

skip_check_for_pending_changes

If true, the broker will allow updates to a service instance with pending changes that would otherwise require an upgrade. This enables cf update-service -c '{}' to effectively update an instance even if the current manifest does not match the view of the service adapter. When false (the default), attempts to update a service instance whose manifest would change results in an error: “The service broker has been updated, and this service instance is out of date. Please contact your operator”

Default
false

startup_banner

Default
false

support_backup_agent_binding

If the service adapter supports backup agent URL bindings, set this flag to true

Default
false

tls

certificate

a server certificate for the broker to use

private_key

the matching private key

use_stdin

Pass arguments to service adapter over standard input instead of as command line arguments. Requires a compatible service adapter.

Default
true

username

Broker basic auth username

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/broker/ directory (learn more).

  • bin/drain (from drain.sh.erb)
  • bin/post-start (from post-start.erb)
  • config/bpm.yml (from bpm.yml.erb)
  • config/broker.yml (from broker.yml.erb)
  • config/indicators.yml (from indicators.yml.erb)
  • certs/broker.crt (from broker.crt.erb)
  • certs/broker.key (from broker.key.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.