cloud_controller_worker job from capi/1.161.0
Cloud Controller worker processes background tasks submitted via the.
Github source:
74a822a4 or
master branch
Properties¶
cc¶
allow_app_ssh_access¶Allow users to change the value of the app-level allow_ssh attribute
- Default
broker_client_async_poll_exponential_backoff_rate¶Exponential backoff for service related polling jobs. Default is 1.0, which means there is no exponential backoff.
- Default
broker_client_default_async_poll_interval_seconds¶Specifies interval on which the CC will poll a service broker for asynchronous actions
- Default
broker_client_max_async_poll_duration_minutes¶The max duration the CC will fetch service instance state from a service broker. Default is 1 week
- Default
broker_client_response_parser¶
log_errors¶Log errors happening when parsing service broker responses.
- Default
log_response_fields¶Specify service broker response fields to be logged. This configuration is a hash, where the key indicates the request type and the value is a list of fields in the response JSON that should be logged. The following request types exist: catalog, provision, update, deprovision, bind, unbind, fetch_service_instance_last_operation, fetch_service_binding_last_operation, fetch_service_instance, fetch_service_binding. The corresponding response fields can be taken from the Open Service Broker API Specification.
- Default
{}
log_validators¶Log the stack of validators used to process the service broker response, e.g. for a 202 response to a ‘provision’ request, the following is logged: [“CommonErrorValidator”, “JsonSchemaValidator[provision_response_schema]“, “SuccessValidator[in progress]“]
- Default
broker_client_timeout_seconds¶For requests to service brokers, this is the HTTP (open and read) timeout setting.
- Default
buildpacks¶
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
buildpack_directory_key¶Directory (bucket) used store buildpacks. It does not have be pre-created.
- Default
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
private_key¶Private key for signing download URIs
- Default
uri¶URI for a CDN to used for buildpack downloads
- Default
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection¶Fog connection hash
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
ca_cert¶The CA certificate to use when communicating with webdav
- Default
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
credential_references¶
interpolate_service_bindings¶Controls whether CredHub credentials are automatically interpolated in VCAP_SERVICES
- Default
database_encryption¶
current_key_label¶current key label for encrypting values in the CC database
- Default
keys¶label-key pairs for encrypting sensitive values in the CC database, labels must be < 256 characters long
- Default
{}
db_encryption_key¶key for encrypting sensitive values in the CC database
- Default
db_logging_level¶Level at which cc database operations will be logged if cc.log_db_queries is set to true.
- Default
default_app_disk_in_mb¶The default disk space an app gets
- Default
default_app_log_rate_limit_in_bytes_per_second¶Default application log rate limit
- Default
default_app_memory¶How much memory given to an app if not specified
- Default
default_app_ssh_access¶When ssh is allowed and not explicitly set in the application, new applications will start with ssh service enabled
- Default
default_health_check_timeout¶Default health check timeout (in seconds) that can be set for the app
- Default
development_mode¶Enable development features for monitoring and insight
- Default
diego¶
bbs¶
connect_timeout¶Connect timeout (in seconds) when talking to BBS Server
- Default
receive_timeout¶Receive timeout (in seconds) when talking to BBS Server
- Default
send_timeout¶Send timeout (in seconds) when talking to BBS Server
- Default
url¶URL of the BBS Server
- Default
cc_uploader_url¶URL of cc uploader
- Default
droplet_destinations¶List of destination directories for different stacks
- Default
enable_declarative_asset_downloads¶Enable specifying task and app asset downloads as declarative resources
- Default
file_server_url¶URL of file server
- Default
lifecycle_bundles¶List of lifecycle bundles arguments for different stacks
- Default
pid_limit¶Maximum PID limit for containerized work running user-provided code
- Default
temporary_oci_buildpack_mode¶Temporary flag to enable OCI buildpack flow. Valid values: ‘oci-phase-1’
use_privileged_containers_for_running¶Whether or not to use privileged containers for running buildpack apps and tasks.
- Default
use_privileged_containers_for_staging¶Whether or not to use privileged containers for staging tasks.
- Default
disable_custom_buildpacks¶Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)
- Default
droplets¶
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
private_key¶Private key for signing download URIs
- Default
uri¶URI for a CDN to used for droplet downloads
- Default
droplet_directory_key¶Directory (bucket) used store droplets. It does not have be pre-created.
- Default
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection¶Fog connection hash
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
ca_cert¶The CA certificate to use when communicating with webdav
- Default
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
external_host¶Host part of the cloud_controller api URI, will be joined with value of ‘domain’
- Default
external_port¶External Cloud Controller port
- Default
external_protocol¶The protocol used to access the CC API from an external entity
- Default
instance_file_descriptor_limit¶The file descriptors made available to each app instance
- Default
internal_route_vip_range¶The IPv4 CIDR range of virtual IP addresses to be assigned to routes on internal domains. WARNING: Changing this range is not supported, and has undefined behaviors. It is recommended to leave this value as the default. If this range is changed, it is likely the routes on the internal service mesh domain will need to be recreated.
- Default
internal_service_hostname¶Internal hostname used to resolve the address of the Cloud Controller
- Default
jobs¶
blobstore_delete¶
timeout_in_seconds¶The longest this job can take before it is cancelled
generic¶
number_of_workers¶Number of generic cloud_controller_worker workers
- Default
global¶
timeout_in_seconds¶The longest any job can take before it is cancelled unless overriden per job
- Default
priorities¶List of hashes containing delayed jobs ‘display_name’ and its desired priority. This will overwrite the default priority of ccng
log_audit_events¶Log audit events
- Default
log_db_queries¶Log database queries. WARNING: Setting this to true with cc.db_logging_level >= cc.logging_level will log all field values, including encrypted secrets.
- Default
log_fog_requests¶Log fog requests and responses.
- Default
logging_level¶Log level for cc. Valid levels are listed here: https://github.com/cloudfoundry/steno#log-levels.
- Default
logging_max_retries¶Passthru value for Steno logger
- Default
loggregator¶
internal_url¶Internal URL used to communicate with traffic_controller
- Default
max_manifest_service_binding_poll_duration_in_seconds¶Max time in seconds to wait for individual asynchronous service binding creation when applying manifests. If a service broker fails to complete a service binding request before the specified duration, the manifest job will fail.
- Default
maximum_app_disk_in_mb¶The maximum amount of disk a user can request
- Default
maximum_health_check_timeout¶Maximum health check timeout (in seconds) that can be set for the app
- Default
mutual_tls¶
ca_cert¶PEM-encoded CA certificate for secure, mutually authenticated TLS communication
private_key¶PEM-encoded key for secure, mutually authenticated TLS communication
public_cert¶PEM-encoded certificate for secure, mutually authenticated TLS communication
newrelic¶
capture_params¶Capture and send query params to NewRelic
- Default
developer_mode¶Activate NewRelic developer mode
- Default
environment_name¶The environment name used by NewRelic
- Default
license_key¶The api key for NewRelic
log_file_path¶The location for NewRelic to log to
- Default
monitor_mode¶Activate NewRelic monitor mode
- Default
transaction_tracer¶
enabled¶Enable transaction tracing in NewRelic
- Default
record_sql¶NewRelic’s SQL statement recording mode: [off | obfuscated | raw]
- Default
packages¶
app_package_directory_key¶Directory (bucket) used store app packages. It does not have be pre-created.
- Default
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
private_key¶Private key for signing download URIs
- Default
uri¶URI for a CDN to used for app package downloads
- Default
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection¶Fog connection hash
max_package_size¶Maximum size of application package
- Default
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
ca_cert¶The CA certificate to use when communicating with webdav
- Default
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
perform_blob_cleanup¶Whether or not to perform the blob cleanup job
- Default
readiness_port¶
cloud_controller_worker¶Readiness port used in k8s to check that db migrations are complete before component update
- Default
resource_pool¶
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
private_key¶Private key for signing download URIs
- Default
uri¶URI for a CDN to used for resource pool downloads
- Default
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection¶Fog connection hash
maximum_size¶Maximum size of a resource to add to the pool
- Default
minimum_size¶Minimum size of a resource to add to the pool
- Default
resource_directory_key¶Directory (bucket) used store app resources. It does not have be pre-created.
- Default
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
ca_cert¶The CA certificate to use when communicating with webdav
- Default
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
staging_timeout_in_seconds¶Timeout for staging a droplet
- Default
staging_upload_password¶User’s password used to access internal endpoints of Cloud Controller to upload files when staging
staging_upload_user¶User name used to access internal endpoints of Cloud Controller to upload files when staging
thresholds¶
worker¶
alert_if_above_mb¶The CC will alert if memory remains above this threshold for 3 monit cycles
- Default
restart_if_above_mb¶The CC will restart if memory remains above this threshold for 3 monit cycles
- Default
restart_if_consistently_above_mb¶The CC will restart if memory remains above this threshold for 15 monit cycles
- Default
tls_port¶External Cloud Controller port
- Default
uaa¶
internal_url¶The internal URL used by UAA
- Default
ccdb¶
address¶The address of the database server
ca_cert¶The CA certificate to use when communicating with the database over SSL
connection_expiration_random_delay¶The random delay in seconds to the expiration timeout (to prevent all connections being recreated simultaneously), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details
connection_expiration_timeout¶The period in seconds after which connections are expired (omit to never expire connections), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details
connection_validation_timeout¶The period in seconds after which idle connections are validated, passed directly to the Sequel gem - see http://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_validator_rb.html for details. Note that setting this to -1 results in an additional query whenever connections are checked out from the pool, which can have performance implications
- Default
databases¶Contains the name of the database on the database server
db_scheme¶The type of database being used. mysql or postgres
- Default
max_connections¶Maximum connections for Sequel
- Default
max_migration_duration_in_minutes¶the maximum time migrations should be allowed to run before job startup should error
- Default
pool_timeout¶The timeout for Sequel pooled connections
- Default
port¶The port of the database server
read_timeout¶The read timeout in seconds for query responses, passed directly to the Sequel gem - see https://github.com/jeremyevans/sequel/blob/master/doc/opening_databases.rdoc for details
- Default
roles¶Users to create on the database when seeding
ssl_verify_hostname¶Verify that the database SSL certificate matches the host to which the connection is attempted
- Default
credhub_api¶
hostname¶Hostname used to resolve the address of CredHub
- Default
metron_endpoint¶
host¶The host used to emit messages to the Metron agent
- Default
port¶The port used to emit messages to the Metron agent
- Default
nfs_server¶
address¶NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)
release_level_backup¶
Include cloud_controller jobs in backup and restore operations
- Default
true
routing_api¶
enabled¶Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API
- Default
ssl¶
skip_cert_verify¶specifies that the job is allowed to skip ssl cert verification
- Default
system_domain¶
Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen
uaa¶
ca_cert¶The certificate authority being used by UAA
clients¶
cc-service-dashboards¶
scope¶Used to grant scope for SSO clients for service brokers
- Default
secret¶Used for generating SSO clients for service brokers.
cc_routing¶
secret¶Used for fetching routing information from the Routing API
port¶The port used by UAA for non-ssl connections
ssl¶
port¶The port used by UAA for ssl connections
- Default
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/cloud_controller_worker/ directory
(learn more).
bin/bbr/post-backup-unlock(frompost-backup-unlock.sh.erb)bin/bbr/post-restore-unlock(frompost-restore-unlock.sh.erb)bin/bbr/pre-backup-lock(frompre-backup-lock.sh.erb)bin/bbr/pre-restore-lock(frompre-restore-lock.sh.erb)bin/blobstore_waiter.sh(fromblobstore_waiter.sh.erb)bin/cloud_controller_worker(frombin/cloud_controller_worker.erb)bin/console(fromconsole.erb)bin/drain(fromdrain.sh.erb)bin/post-start(frompost-start.sh.erb)bin/pre-start(frompre-start.sh.erb)bin/ruby_version.sh(fromruby_version.sh.erb)bin/setup_local_blobstore.sh(fromsetup_local_blobstore.sh.erb)config/bpm.yml(frombpm.yml.erb)config/certs/buildpacks_ca_cert.pem(frombuildpacks_ca_cert.pem.erb)config/certs/copilot.crt(fromcopilot.crt.erb)config/certs/copilot.key(fromcopilot.key.erb)config/certs/copilot_ca.crt(fromcopilot_ca.crt.erb)config/certs/db_ca.crt(fromdb_ca.crt.erb)config/certs/droplets_ca_cert.pem(fromdroplets_ca_cert.pem.erb)config/certs/mutual_tls.crt(frommutual_tls.crt.erb)config/certs/mutual_tls.key(frommutual_tls.key.erb)config/certs/mutual_tls_ca.crt(frommutual_tls_ca.crt.erb)config/certs/packages_ca_cert.pem(frompackages_ca_cert.pem.erb)config/certs/resource_pool_ca_cert.pem(fromresource_pool_ca_cert.pem.erb)config/certs/uaa_ca.crt(fromuaa_ca.crt.erb)config/cloud_controller_ng.yml(fromcloud_controller_ng.yml.erb)config/newrelic.yml(fromnewrelic.yml.erb)config/stacks.yml(fromstacks.yml.erb)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/ directory.