cloud_controller_clock job from capi/1.124.0
The Cloud Controller Clock runs the Diego Sync job to keep the actual state of running processes in Diego in sync with Cloud Controller's desired state. Additionally, the Clock schedules periodic clean up jobs to prune app usage events, audit events, failed jobs, and more.
Github source:
f4e8e40e
or
master branch
Properties¶
cc
¶
allow_app_ssh_access
¶Allow users to change the value of the app-level allow_ssh attribute
- Default
true
app_usage_events
¶
cutoff_age_in_days
¶How old an app usage event should stay in cloud controller database before being cleaned up
- Default
31
audit_events
¶
cutoff_age_in_days
¶How old an audit event should stay in cloud controller database before being cleaned up
- Default
31
bits_service
¶
enabled
¶Enable integration of the bits-service incubator (experimental)
- Default
false
password
¶Password for the bits-service
- Default
""
private_endpoint
¶Private URL for the bits-service service
- Default
""
public_endpoint
¶Public URL for the bits-service service
- Default
""
username
¶Username for the bits-service
- Default
""
buildpacks
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
buildpack_directory_key
¶Directory (bucket) used store buildpacks. It does not have be pre-created.
- Default
cc-buildpacks
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for buildpack downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
completed_tasks
¶
cutoff_age_in_days
¶How long a completed task will stay in cloud controller database before being cleaned up based on last updated time with success or failure.
- Default
31
credential_references
¶
interpolate_service_bindings
¶Controls whether CredHub credentials are automatically interpolated in VCAP_SERVICES
- Default
true
database_encryption
¶
current_key_label
¶current key label for encrypting values in the CC database
- Default
""
keys
¶label-key pairs for encrypting sensitive values in the CC database; labels must be < 256 characters long
- Default
{}
db_encryption_key
¶key for encrypting sensitive values in the CC database
- Default
""
db_logging_level
¶Level at which cc database operations will be logged if cc.log_db_queries is set to true.
- Default
debug2
default_app_disk_in_mb
¶The default disk space an app gets
- Default
1024
default_app_memory
¶How much memory given to an app if not specified
- Default
1024
default_app_ssh_access
¶When ssh is allowed and not explicitly set in the application, new applications will start with ssh service enabled
- Default
true
default_health_check_timeout
¶Default health check timeout (in seconds) that can be set for the app
- Default
60
default_stack
¶The default stack name to use if no custom stack is specified by an app.
- Default
cflinuxfs3
diego
¶
bbs
¶
connect_timeout
¶Connect timeout (in seconds) when talking to BBS Server
- Default
10
receive_timeout
¶Receive timeout (in seconds) when talking to BBS Server
- Default
10
send_timeout
¶Send timeout (in seconds) when talking to BBS Server
- Default
10
url
¶URL of the BBS Server
- Default
https://bbs.service.cf.internal:8889
cc_uploader_url
¶URL of cc uploader
- Default
http://cc-uploader.service.cf.internal:9090
droplet_destinations
¶List of destination directories for different stacks
- Default
cflinuxfs3: /home/vcap windows: /Users/vcap windows2012R2: / windows2016: /Users/vcap
enable_declarative_asset_downloads
¶Enable specifying task and app asset downloads as declarative resources
- Default
false
file_server_url
¶URL of file server
- Default
http://file-server.service.cf.internal:8080
lifecycle_bundles
¶List of lifecycle bundles arguments for different stacks
- Default
buildpack/cflinuxfs3: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows2012R2: windows_app_lifecycle/windows_app_lifecycle.tgz buildpack/windows2016: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz docker: docker_app_lifecycle/docker_app_lifecycle.tgz
pid_limit
¶Maximum pid limit for containerized work running user-provided code
- Default
1024
temporary_oci_buildpack_mode
¶Temporary flag to enable OCI buildpack flow. Valid values: ‘oci-phase-1’
use_privileged_containers_for_running
¶Whether or not to use privileged containers for running buildpack apps and tasks.
- Default
false
use_privileged_containers_for_staging
¶Whether or not to use privileged containers for staging tasks.
- Default
false
diego_sync
¶
frequency_in_seconds
¶How often to synchronize CC’s database with Diego’s
- Default
30
droplets
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for droplet downloads
- Default
""
droplet_directory_key
¶Directory (bucket) used store droplets. It does not have be pre-created.
- Default
cc-droplets
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
external_host
¶Host part of the cloud_controller api URI, will be joined with value of ‘domain’
- Default
api
external_port
¶External Cloud Controller port
- Default
9022
external_protocol
¶The protocol used to access the CC API from an external entity
- Default
https
failed_jobs
¶
cutoff_age_in_days
¶How old a failed job should stay in cloud controller database before being cleaned up
- Default
31
instance_file_descriptor_limit
¶The file descriptors made available to each app instance
- Default
16384
internal_api_password
¶Password used by Diego to access internal endpoints
internal_api_user
¶User name used by Diego to access internal endpoints
- Default
internal_user
internal_service_hostname
¶Internal hostname used to resolve the address of the Cloud Controller
- Default
cloud-controller-ng.service.cf.internal
jobs
¶
app_usage_events_cleanup
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
blobstore_delete
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
diego_sync
¶
timeout_in_seconds
¶The longest the diego sync job can take before another is enqueued
- Default
600
global
¶
timeout_in_seconds
¶The longest any job can take before it is cancelled unless overriden per job
- Default
14400
log_audit_events
¶Log audit events
- Default
false
log_db_queries
¶Log database queries. WARNING: Setting this to true with cc.db_logging_level >= cc.logging_level will log all field values, including encrypted secrets.
- Default
false
logging_level
¶Log level for cc. Valid levels are listed here: https://github.com/cloudfoundry/steno#log-levels.
- Default
info
logging_max_retries
¶Passthru value for Steno logger
- Default
1
max_retained_builds_per_app
¶The number of inactive builds to keep for each app
- Default
100
max_retained_deployments_per_app
¶The number of inactive deployments to keep for each app
- Default
100
max_retained_revisions_per_app
¶The number of associated revisions to keep for each app
- Default
100
maximum_app_disk_in_mb
¶The maximum amount of disk a user can request
- Default
2048
mutual_tls
¶
ca_cert
¶PEM-encoded CA certificate for secure, mutually authenticated TLS communication
private_key
¶PEM-encoded key for secure, mutually authenticated TLS communication
public_cert
¶PEM-encoded certificate for secure, mutually authenticated TLS communication
newrelic
¶
capture_params
¶Capture and send query params to NewRelic
- Default
false
developer_mode
¶Activate NewRelic developer mode
- Default
false
environment_name
¶The environment name used by NewRelic
- Default
development
license_key
¶The api key for NewRelic
log_file_path
¶The location for NewRelic to log to
- Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode
¶Activate NewRelic monitor mode
- Default
false
transaction_tracer
¶
enabled
¶Enable transaction tracing in NewRelic
- Default
false
record_sql
¶NewRelic’s SQL statement recording mode: [off | obfuscated | raw]
- Default
"off"
packages
¶
app_package_directory_key
¶Directory (bucket) used store app packages. It does not have be pre-created.
- Default
cc-packages
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for app package downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
max_package_size
¶Maximum size of application package
- Default
1.073741824e+09
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
pending_builds
¶
frequency_in_seconds
¶How often the pending builds cleanup job runs
- Default
300
pending_droplets
¶
frequency_in_seconds
¶How often the pending droplets cleanup job runs
- Default
300
readiness_port
¶
clock
¶Readiness port used in k8s to check that db migrations are complete before component update
- Default
-1
resource_pool
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for resource pool downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
maximum_size
¶Maximum size of a resource to add to the pool
- Default
5.36870912e+08
minimum_size
¶Minimum size of a resource to add to the pool
- Default
65536
resource_directory_key
¶Directory (bucket) used store app resources. It does not have be pre-created.
- Default
cc-resources
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
service_usage_events
¶
cutoff_age_in_days
¶How old a service usage event should stay in cloud controller database before being cleaned up
- Default
31
stacks
¶List of hashes describing stacks intended for developers to choose from when pushing apps. A stack is a prebuilt root file system (rootfs) that supports a specific operating system. Note: removing items in this list will not remove the records in the Cloud Controller’s database.
- Default
- description: Cloud Foundry Linux-based filesystem (Ubuntu 18.04) name: cflinuxfs3
staging_timeout_in_seconds
¶Timeout for staging a droplet
- Default
900
staging_upload_password
¶User’s password used to access internal endpoints of Cloud Controller to upload files when staging
staging_upload_user
¶User name used to access internal endpoints of Cloud Controller to upload files when staging
thresholds
¶
api
¶
alert_if_above_mb
¶The cc will alert if memory remains above this threshold for 3 monit cycles
- Default
3500
restart_if_above_mb
¶The cc will restart if memory remains above this threshold for 3 monit cycles
- Default
3750
restart_if_consistently_above_mb
¶The cc will restart if memory remains above this threshold for 15 monit cycles
- Default
3500
tls_port
¶External Cloud Controller port
- Default
9023
uaa
¶
internal_url
¶The internal URL used by UAA
- Default
uaa.service.cf.internal
ccdb
¶
address
¶The address of the database server
ca_cert
¶The ca cert to use when communicating with the database over SSL
connection_expiration_random_delay
¶The random delay in seconds to the expiration timeout (to prevent all connections being recreated simultaneously), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details
connection_expiration_timeout
¶The period in seconds after which connections are expired (omit to never expire connections), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details
connection_validation_timeout
¶The period in seconds after which idle connections are validated, passed directly to the Sequel gem - see http://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_validator_rb.html for details. Note that setting this to -1 results in an additional query whenever connections are checked out from the pool, which can have performance implications
- Default
3600
databases
¶Contains the name of the database on the database server
db_scheme
¶The type of database being used. mysql or postgres
- Default
postgres
max_connections
¶Maximum connections for Sequel
- Default
25
max_migration_duration_in_minutes
¶the maximum time migrations should be allowed to run before job startup should error
- Default
20160
pool_timeout
¶The timeout for Sequel pooled connections
- Default
10
port
¶The port of the database server
read_timeout
¶The read timeout in seconds for query responses, passed directly to the Sequel gem - see https://github.com/jeremyevans/sequel/blob/master/doc/opening_databases.rdoc for details
- Default
3600
roles
¶Users to create on the database when seeding
ssl_verify_hostname
¶Verify that the database SSL certificate matches the host to which the connection is attempted
- Default
true
credhub_api
¶
ca_cert
¶The certificate authority being used by CredHub
hostname
¶Hostname used to resolve the address of CredHub
- Default
credhub.service.cf.internal
metron_endpoint
¶
host
¶The host used to emit messages to the Metron agent
- Default
127.0.0.1
port
¶The port used to emit messages to the Metron agent
- Default
3457
release_level_backup
¶
Include cloud_controller jobs in backup and restore operations
- Default
true
routing_api
¶
enabled
¶Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API
- Default
false
ssl
¶
skip_cert_verify
¶specifies that the job is allowed to skip ssl cert verification
- Default
false
system_domain
¶
Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen
uaa
¶
ca_cert
¶The certificate authority being used by UAA
clients
¶
cc-service-dashboards
¶
scope
¶Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶Used for generating SSO clients for service brokers.
cc_routing
¶
secret
¶Used for fetching routing information from the Routing API
cc_service_broker_client
¶
scope
¶(DEPRECATED) - Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶(DEPRECATED) - Used for generating SSO clients for service brokers.
port
¶The port used by UAA for non-ssl connections
ssl
¶
port
¶The port used by UAA for ssl connections
- Default
8443
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/cloud_controller_clock/
directory
(learn more).
bin/bbr/post-backup-unlock
(frompost-backup-unlock.sh.erb
)bin/bbr/post-restore-unlock
(frompost-restore-unlock.sh.erb
)bin/bbr/pre-backup-lock
(frompre-backup-lock.sh.erb
)bin/bbr/pre-restore-lock
(frompre-restore-lock.sh.erb
)bin/cloud_controller_clock
(frombin/cloud_controller_clock.erb
)bin/cloud_controller_clock_ctl
(fromcloud_controller_clock_ctl.erb
)bin/console
(fromconsole.erb
)bin/drain
(fromdrain.sh.erb
)bin/post-start
(frompost-start.sh.erb
)bin/pre-start
(frompre-start.sh.erb
)bin/ruby_version.sh
(fromruby_version.sh.erb
)config/bpm.yml
(frombpm.yml.erb
)config/certs/credhub_ca.crt
(fromcredhub_ca.crt.erb
)config/certs/db_ca.crt
(fromdb_ca.crt.erb
)config/certs/mutual_tls.crt
(frommutual_tls.crt.erb
)config/certs/mutual_tls.key
(frommutual_tls.key.erb
)config/certs/mutual_tls_ca.crt
(frommutual_tls_ca.crt.erb
)config/certs/opi_tls.crt
(fromopi_tls.crt.erb
)config/certs/opi_tls.key
(fromopi_tls.key.erb
)config/certs/opi_tls_ca.crt
(fromopi_tls_ca.crt.erb
)config/certs/uaa_ca.crt
(fromuaa_ca.crt.erb
)config/cloud_controller_ng.yml
(fromcloud_controller_ng.yml.erb
)config/newrelic.yml
(fromnewrelic.yml.erb
)config/stacks.yml
(fromstacks.yml.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.