Skip to content

cloud_controller_worker job from capi/1.125.0

Cloud Controller worker processes background tasks submitted via the.

Github source: fd585164 or master branch

Properties

cc

allow_app_ssh_access

Allow users to change the value of the app-level allow_ssh attribute

Default
true

bits_service

ca_cert

The CA certificate to use when communicating with bits-service endpoints

Default
""
enabled

Enable integration of the bits-service incubator (experimental)

Default
false
password

Password for the bits-service

Default
""
private_endpoint

Private URL for the bits-service service

Default
""
public_endpoint

Public URL for the bits-service service

Default
""
username

Username for the bits-service

Default
""

broker_client_default_async_poll_interval_seconds

Specifies interval on which the CC will poll a service broker for asynchronous actions

Default
60

broker_client_max_async_poll_duration_minutes

The max duration the CC will fetch service instance state from a service broker. Default is 1 week

Default
10080

broker_client_timeout_seconds

For requests to service brokers, this is the HTTP (open and read) timeout setting.

Default
60

buildpacks

blobstore_type

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]

Default
fog
buildpack_directory_key

Directory (bucket) used store buildpacks. It does not have be pre-created.

Default
cc-buildpacks
cdn
key_pair_id

Key pair name for signed download URIs

Default
""
private_key

Private key for signing download URIs

Default
""
uri

URI for a CDN to used for buildpack downloads

Default
""
fog_aws_storage_options

Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].

fog_connection

Fog connection hash

webdav_config
blobstore_timeout

The timeout in seconds for requests to the blobstore

Default
5
ca_cert

The CA certificate to use when communicating with webdav

Default
""
password

The basic auth password that CC uses to connect to the admin endpoint on webdav

Default
""
private_endpoint

The location of the webdav server eg: https://blobstore.internal

Default
https://blobstore.service.cf.internal:4443
public_endpoint

The location of the webdav server eg: https://blobstore.com

Default
""
username

The basic auth user that CC uses to connect to the admin endpoint on webdav

Default
""

credential_references

interpolate_service_bindings

Controls whether CredHub credentials are automatically interpolated in VCAP_SERVICES

Default
true

database_encryption

current_key_label

current key label for encrypting values in the CC database

Default
""
keys

label-key pairs for encrypting sensitive values in the CC database, labels must be < 256 characters long

Default
{}

db_encryption_key

key for encrypting sensitive values in the CC database

Default
""

db_logging_level

Level at which cc database operations will be logged if cc.log_db_queries is set to true.

Default
debug2

default_app_disk_in_mb

The default disk space an app gets

Default
1024

default_app_memory

How much memory given to an app if not specified

Default
1024

default_app_ssh_access

When ssh is allowed and not explicitly set in the application, new applications will start with ssh service enabled

Default
true

default_health_check_timeout

Default health check timeout (in seconds) that can be set for the app

Default
60

default_stack

The default stack name to use if no custom stack is specified by an app.

Default
cflinuxfs3

development_mode

Enable development features for monitoring and insight

Default
false

diego

bbs
connect_timeout

Connect timeout (in seconds) when talking to BBS Server

Default
10
receive_timeout

Receive timeout (in seconds) when talking to BBS Server

Default
10
send_timeout

Send timeout (in seconds) when talking to BBS Server

Default
10
url

URL of the BBS Server

Default
https://bbs.service.cf.internal:8889
cc_uploader_url

URL of cc uploader

Default
http://cc-uploader.service.cf.internal:9090
droplet_destinations

List of destination directories for different stacks

Default
  cflinuxfs3: /home/vcap
  windows: /Users/vcap
  windows2012R2: /
  windows2016: /Users/vcap
enable_declarative_asset_downloads

Enable specifying task and app asset downloads as declarative resources

Default
false
file_server_url

URL of file server

Default
http://file-server.service.cf.internal:8080
lifecycle_bundles

List of lifecycle bundles arguments for different stacks

Default
  buildpack/cflinuxfs3: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz
  buildpack/windows: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz
  buildpack/windows2012R2: windows_app_lifecycle/windows_app_lifecycle.tgz
  buildpack/windows2016: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz
  docker: docker_app_lifecycle/docker_app_lifecycle.tgz
pid_limit

Maximum PID limit for containerized work running user-provided code

Default
1024
temporary_oci_buildpack_mode

Temporary flag to enable OCI buildpack flow. Valid values: ‘oci-phase-1’

use_privileged_containers_for_running

Whether or not to use privileged containers for running buildpack apps and tasks.

Default
false
use_privileged_containers_for_staging

Whether or not to use privileged containers for staging tasks.

Default
false

disable_custom_buildpacks

Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)

Default
false

droplets

blobstore_type

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]

Default
fog
cdn
key_pair_id

Key pair name for signed download URIs

Default
""
private_key

Private key for signing download URIs

Default
""
uri

URI for a CDN to used for droplet downloads

Default
""
droplet_directory_key

Directory (bucket) used store droplets. It does not have be pre-created.

Default
cc-droplets
fog_aws_storage_options

Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].

fog_connection

Fog connection hash

webdav_config
blobstore_timeout

The timeout in seconds for requests to the blobstore

Default
5
ca_cert

The CA certificate to use when communicating with webdav

Default
""
password

The basic auth password that CC uses to connect to the admin endpoint on webdav

Default
""
private_endpoint

The location of the webdav server eg: https://blobstore.internal

Default
https://blobstore.service.cf.internal:4443
public_endpoint

The location of the webdav server eg: https://blobstore.com

Default
""
username

The basic auth user that CC uses to connect to the admin endpoint on webdav

Default
""

external_host

Host part of the cloud_controller api URI, will be joined with value of ‘domain’

Default
api

external_port

External Cloud Controller port

Default
9022

external_protocol

The protocol used to access the CC API from an external entity

Default
https

instance_file_descriptor_limit

The file descriptors made available to each app instance

Default
16384

internal_api_password

Password used by Diego to access internal endpoints

internal_api_user

User name used by Diego to access internal endpoints

Default
internal_user

internal_route_vip_range

The IPv4 CIDR range of virtual IP addresses to be assigned to routes on internal domains. WARNING: Changing this range is not supported, and has undefined behaviors. It is recommended to leave this value as the default. If this range is changed, it is likely the routes on the internal service mesh domain will need to be recreated.

Default
127.128.0.0/9

internal_service_hostname

Internal hostname used to resolve the address of the Cloud Controller

Default
cloud-controller-ng.service.cf.internal

jobs

blobstore_delete
timeout_in_seconds

The longest this job can take before it is cancelled

generic
number_of_workers

Number of generic cloud_controller_worker workers

Default
1
global
timeout_in_seconds

The longest any job can take before it is cancelled unless overriden per job

Default
14400

log_audit_events

Log audit events

Default
false

log_db_queries

Log database queries. WARNING: Setting this to true with cc.db_logging_level >= cc.logging_level will log all field values, including encrypted secrets.

Default
false

log_fog_requests

Log fog requests and responses.

Default
false

logging_level

Log level for cc. Valid levels are listed here: https://github.com/cloudfoundry/steno#log-levels.

Default
info

logging_max_retries

Passthru value for Steno logger

Default
1

loggregator

internal_url

Internal URL used to communicate with traffic_controller

Default
http://loggregator-trafficcontroller.service.cf.internal:8081

maximum_app_disk_in_mb

The maximum amount of disk a user can request

Default
2048

maximum_health_check_timeout

Maximum health check timeout (in seconds) that can be set for the app

Default
180

mutual_tls

ca_cert

PEM-encoded CA certificate for secure, mutually authenticated TLS communication

private_key

PEM-encoded key for secure, mutually authenticated TLS communication

public_cert

PEM-encoded certificate for secure, mutually authenticated TLS communication

newrelic

capture_params

Capture and send query params to NewRelic

Default
false
developer_mode

Activate NewRelic developer mode

Default
false
environment_name

The environment name used by NewRelic

Default
development
license_key

The api key for NewRelic

log_file_path

The location for NewRelic to log to

Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode

Activate NewRelic monitor mode

Default
false
transaction_tracer
enabled

Enable transaction tracing in NewRelic

Default
false
record_sql

NewRelic’s SQL statement recording mode: [off | obfuscated | raw]

Default
"off"

packages

app_package_directory_key

Directory (bucket) used store app packages. It does not have be pre-created.

Default
cc-packages
blobstore_type

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]

Default
fog
cdn
key_pair_id

Key pair name for signed download URIs

Default
""
private_key

Private key for signing download URIs

Default
""
uri

URI for a CDN to used for app package downloads

Default
""
fog_aws_storage_options

Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].

fog_connection

Fog connection hash

max_package_size

Maximum size of application package

Default
1.073741824e+09
webdav_config
blobstore_timeout

The timeout in seconds for requests to the blobstore

Default
5
ca_cert

The CA certificate to use when communicating with webdav

Default
""
password

The basic auth password that CC uses to connect to the admin endpoint on webdav

Default
""
private_endpoint

The location of the webdav server eg: https://blobstore.internal

Default
https://blobstore.service.cf.internal:4443
public_endpoint

The location of the webdav server eg: https://blobstore.com

Default
""
username

The basic auth user that CC uses to connect to the admin endpoint on webdav

Default
""

perform_blob_cleanup

Whether or not to perform the blob cleanup job

Default
true

readiness_port

cloud_controller_worker

Readiness port used in k8s to check that db migrations are complete before component update

Default
9025

resource_pool

blobstore_type

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]

Default
fog
cdn
key_pair_id

Key pair name for signed download URIs

Default
""
private_key

Private key for signing download URIs

Default
""
uri

URI for a CDN to used for resource pool downloads

Default
""
fog_aws_storage_options

Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].

fog_connection

Fog connection hash

maximum_size

Maximum size of a resource to add to the pool

Default
5.36870912e+08
minimum_size

Minimum size of a resource to add to the pool

Default
65536
resource_directory_key

Directory (bucket) used store app resources. It does not have be pre-created.

Default
cc-resources
webdav_config
blobstore_timeout

The timeout in seconds for requests to the blobstore

Default
5
ca_cert

The CA certificate to use when communicating with webdav

Default
""
password

The basic auth password that CC uses to connect to the admin endpoint on webdav

Default
""
private_endpoint

The location of the webdav server eg: https://blobstore.internal

Default
https://blobstore.service.cf.internal:4443
public_endpoint

The location of the webdav server eg: https://blobstore.com

Default
""
username

The basic auth user that CC uses to connect to the admin endpoint on webdav

Default
""

stacks

List of hashes describing stacks intended for developers to choose from when pushing apps. A stack is a prebuilt root file system (rootfs) that supports a specific operating system. Note: removing items in this list will not remove the records in the Cloud Controller’s database.

Default
  - description: Cloud Foundry Linux-based filesystem (Ubuntu 18.04)
    name: cflinuxfs3

staging_timeout_in_seconds

Timeout for staging a droplet

Default
900

staging_upload_password

User’s password used to access internal endpoints of Cloud Controller to upload files when staging

staging_upload_user

User name used to access internal endpoints of Cloud Controller to upload files when staging

thresholds

worker
alert_if_above_mb

The CC will alert if memory remains above this threshold for 3 monit cycles

Default
384
restart_if_above_mb

The CC will restart if memory remains above this threshold for 3 monit cycles

Default
512
restart_if_consistently_above_mb

The CC will restart if memory remains above this threshold for 15 monit cycles

Default
384

tls_port

External Cloud Controller port

Default
9023

uaa

internal_url

The internal URL used by UAA

Default
uaa.service.cf.internal

ccdb

address

The address of the database server

ca_cert

The CA certificate to use when communicating with the database over SSL

connection_expiration_random_delay

The random delay in seconds to the expiration timeout (to prevent all connections being recreated simultaneously), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details

connection_expiration_timeout

The period in seconds after which connections are expired (omit to never expire connections), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details

connection_validation_timeout

The period in seconds after which idle connections are validated, passed directly to the Sequel gem - see http://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_validator_rb.html for details. Note that setting this to -1 results in an additional query whenever connections are checked out from the pool, which can have performance implications

Default
3600

databases

Contains the name of the database on the database server

db_scheme

The type of database being used. mysql or postgres

Default
postgres

max_connections

Maximum connections for Sequel

Default
25

max_migration_duration_in_minutes

the maximum time migrations should be allowed to run before job startup should error

Default
20160

pool_timeout

The timeout for Sequel pooled connections

Default
10

port

The port of the database server

read_timeout

The read timeout in seconds for query responses, passed directly to the Sequel gem - see https://github.com/jeremyevans/sequel/blob/master/doc/opening_databases.rdoc for details

Default
3600

roles

Users to create on the database when seeding

ssl_verify_hostname

Verify that the database SSL certificate matches the host to which the connection is attempted

Default
true

credhub_api

hostname

Hostname used to resolve the address of CredHub

Default
credhub.service.cf.internal

metron_endpoint

host

The host used to emit messages to the Metron agent

Default
127.0.0.1

port

The port used to emit messages to the Metron agent

Default
3457

nfs_server

address

NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)

release_level_backup

Include cloud_controller jobs in backup and restore operations

Default
true

routing_api

enabled

Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API

Default
false

ssl

skip_cert_verify

specifies that the job is allowed to skip ssl cert verification

Default
false

system_domain

Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen

uaa

ca_cert

The certificate authority being used by UAA

clients

cc-service-dashboards
scope

Used to grant scope for SSO clients for service brokers

Default
openid,cloud_controller_service_permissions.read
secret

Used for generating SSO clients for service brokers.

cc_routing
secret

Used for fetching routing information from the Routing API

cc_service_broker_client
scope

(DEPRECATED) - Used to grant scope for SSO clients for service brokers

Default
openid,cloud_controller_service_permissions.read
secret

(DEPRECATED) - Used for generating SSO clients for service brokers.

port

The port used by UAA for non-ssl connections

ssl

port

The port used by UAA for ssl connections

Default
8443

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/cloud_controller_worker/ directory (learn more).

  • bin/bbr/post-backup-unlock (from post-backup-unlock.sh.erb)
  • bin/bbr/post-restore-unlock (from post-restore-unlock.sh.erb)
  • bin/bbr/pre-backup-lock (from pre-backup-lock.sh.erb)
  • bin/bbr/pre-restore-lock (from pre-restore-lock.sh.erb)
  • bin/blobstore_waiter.sh (from blobstore_waiter.sh.erb)
  • bin/cloud_controller_worker (from bin/cloud_controller_worker.erb)
  • bin/cloud_controller_worker_ctl (from cloud_controller_worker_ctl.erb)
  • bin/console (from console.erb)
  • bin/drain (from drain.sh.erb)
  • bin/post-start (from post-start.sh.erb)
  • bin/pre-start (from pre-start.sh.erb)
  • bin/ruby_version.sh (from ruby_version.sh.erb)
  • bin/setup_local_blobstore.sh (from setup_local_blobstore.sh.erb)
  • config/bpm.yml (from bpm.yml.erb)
  • config/certs/bits_service_ca.crt (from bits_service_ca.crt.erb)
  • config/certs/buildpacks_ca_cert.pem (from buildpacks_ca_cert.pem.erb)
  • config/certs/copilot.crt (from copilot.crt.erb)
  • config/certs/copilot.key (from copilot.key.erb)
  • config/certs/copilot_ca.crt (from copilot_ca.crt.erb)
  • config/certs/db_ca.crt (from db_ca.crt.erb)
  • config/certs/droplets_ca_cert.pem (from droplets_ca_cert.pem.erb)
  • config/certs/mutual_tls.crt (from mutual_tls.crt.erb)
  • config/certs/mutual_tls.key (from mutual_tls.key.erb)
  • config/certs/mutual_tls_ca.crt (from mutual_tls_ca.crt.erb)
  • config/certs/opi_tls.crt (from opi_tls.crt.erb)
  • config/certs/opi_tls.key (from opi_tls.key.erb)
  • config/certs/opi_tls_ca.crt (from opi_tls_ca.crt.erb)
  • config/certs/packages_ca_cert.pem (from packages_ca_cert.pem.erb)
  • config/certs/resource_pool_ca_cert.pem (from resource_pool_ca_cert.pem.erb)
  • config/certs/uaa_ca.crt (from uaa_ca.crt.erb)
  • config/cloud_controller_ng.yml (from cloud_controller_ng.yml.erb)
  • config/newrelic.yml (from newrelic.yml.erb)
  • config/stacks.yml (from stacks.yml.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.