cloud_controller_worker job from capi/1.52.0
Cloud Controller worker processes background tasks submitted via the.
Github source:
f8e0e20
or
master branch
Properties¶
bpm
¶
enabled
¶Experimental feature flag: Enable Bosh Process Manager
- Default
false
cc
¶
allow_app_ssh_access
¶Allow users to change the value of the app-level allow_ssh attribute
- Default
true
bits_service
¶
ca_cert
¶The ca cert to use when communicating with bits-service endpoints
- Default
""
enabled
¶Enable integration of the bits-service incubator (experimental)
- Default
false
password
¶Password for the bits-service
- Default
""
private_endpoint
¶Private url for the bits-service service
- Default
""
public_endpoint
¶Public url for the bits-service service
- Default
""
username
¶Username for the bits-service
- Default
""
broker_client_default_async_poll_interval_seconds
¶Specifies interval on which the CC will poll a service broker for asynchronous actions
- Default
60
broker_client_max_async_poll_duration_minutes
¶The max duration the CC will fetch service instance state from a service broker. Default is 1 week
- Default
10080
broker_client_timeout_seconds
¶For requests to service brokers, this is the HTTP (open and read) timeout setting.
- Default
60
buildpacks
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
buildpack_directory_key
¶Directory (bucket) used store buildpacks. It does not have be pre-created.
- Default
cc-buildpacks
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for buildpack downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
credential_references
¶
interpolate_service_bindings
¶Controls whether CredHub credentials are automatically interpolated in VCAP_SERVICES
- Default
true
database_encryption
¶
current_key_label
¶current key label for encrypting values in the CC database
- Default
""
keys
¶label-key pairs for encrypting sensitive values in the CC database, labels must be < 256 characters long
- Default
{}
db_encryption_key
¶key for encrypting sensitive values in the CC database
- Default
""
db_logging_level
¶Level at which cc database operations will be logged if cc.log_db_queries is set to true.
- Default
debug2
default_app_disk_in_mb
¶The default disk space an app gets
- Default
1024
default_app_memory
¶How much memory given to an app if not specified
- Default
1024
default_app_ssh_access
¶When ssh is allowed and not explicitly set in the application, new applications will start with ssh service enabled
- Default
true
default_health_check_timeout
¶Default health check timeout (in seconds) that can be set for the app
- Default
60
default_stack
¶The default stack to use if no custom stack is specified by an app.
- Default
cflinuxfs2
development_mode
¶Enable development features for monitoring and insight
- Default
false
diego
¶
bbs
¶
url
¶URL of the BBS Server
- Default
https://bbs.service.cf.internal:8889
cc_uploader_url
¶URL of cc uploader
- Default
http://cc-uploader.service.cf.internal:9090
file_server_url
¶URL of file server
- Default
http://file-server.service.cf.internal:8080
lifecycle_bundles
¶List of lifecycle bundles arguments for different stacks
- Default
buildpack/cflinuxfs2: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/cflinuxfs3: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows2012R2: windows_app_lifecycle/windows_app_lifecycle.tgz buildpack/windows2016: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz docker: docker_app_lifecycle/docker_app_lifecycle.tgz
nsync_url
¶URL of the Diego nsync service
- Default
http://nsync.service.cf.internal:8787
pid_limit
¶Maximum pid limit for containerized work running user-provided code
- Default
1024
stager_url
¶URL of the Diego stager service
- Default
http://stager.service.cf.internal:8888
temporary_cc_uploader_mtls
¶Temporary flag to ensure droplet upload callback endpoints require mTLS
- Default
true
temporary_droplet_download_mtls
¶Temporary flag to enable mTLS droplet download to the bbs from cc
- Default
true
temporary_local_apps
¶Temporary flag to manage app state directly to the bbs from cc
- Default
true
temporary_local_staging
¶Temporary flag to enable staging directly to the bbs from cc
- Default
true
temporary_local_sync
¶Temporary flag to run sync job between cc and bbs
- Default
true
temporary_local_tasks
¶Temporary flag to run tasks directly to the bbs from cc
- Default
true
temporary_local_tps
¶Temporary flag to manage app state directly to the bbs from cc
- Default
true
temporary_oci_buildpack_mode
¶Temporary flag to enable OCI buildpack flow. Valid values: ‘oci-phase-1’
tps_url
¶URL of the Diego tps service
- Default
http://tps.service.cf.internal:1518
use_privileged_containers_for_running
¶Whether or not to use privileged containers for running buildpack apps and tasks.
- Default
false
use_privileged_containers_for_staging
¶Whether or not to use privileged containers for staging tasks.
- Default
false
disable_custom_buildpacks
¶Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)
- Default
false
droplets
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for droplet downloads
- Default
""
droplet_directory_key
¶Directory (bucket) used store droplets. It does not have be pre-created.
- Default
cc-droplets
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
external_host
¶Host part of the cloud_controller api URI, will be joined with value of ‘domain’
- Default
api
external_port
¶External Cloud Controller port
- Default
9022
external_protocol
¶The protocol used to access the CC API from an external entity
- Default
https
instance_file_descriptor_limit
¶The file descriptors made available to each app instance
- Default
16384
internal_api_password
¶Password used by Diego to access internal endpoints
internal_api_user
¶User name used by Diego to access internal endpoints
- Default
internal_user
internal_service_hostname
¶Internal hostname used to resolve the address of the Cloud Controller
- Default
cloud-controller-ng.service.cf.internal
jobs
¶
blobstore_delete
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
generic
¶
number_of_workers
¶Number of generic cloud_controller_worker workers
- Default
1
global
¶
timeout_in_seconds
¶The longest any job can take before it is cancelled unless overriden per job
- Default
14400
log_db_queries
¶Log database queries. WARNING: Setting this to true with cc.db_logging_level >= cc.logging_level will log all field values, including encrypted secrets.
- Default
false
logging_level
¶Log level for cc. Valid levels are listed here: https://github.com/cloudfoundry/steno#log-levels.
- Default
info
logging_max_retries
¶Passthru value for Steno logger
- Default
1
loggregator
¶
internal_url
¶Internal url used to communicate with traffic_controller
- Default
http://loggregator-trafficcontroller.service.cf.internal:8081
maximum_app_disk_in_mb
¶The maximum amount of disk a user can request
- Default
2048
mutual_tls
¶
ca_cert
¶PEM-encoded CA certificate for secure, mutually authenticated TLS communication
private_key
¶PEM-encoded key for secure, mutually authenticated TLS communication
public_cert
¶PEM-encoded certificate for secure, mutually authenticated TLS communication
newrelic
¶
capture_params
¶Capture and send query params to NewRelic
- Default
false
developer_mode
¶Activate NewRelic developer mode
- Default
false
environment_name
¶The environment name used by NewRelic
- Default
development
license_key
¶The api key for NewRelic
log_file_path
¶The location for NewRelic to log to
- Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode
¶Activate NewRelic monitor mode
- Default
false
transaction_tracer
¶
enabled
¶Enable transaction tracing in NewRelic
- Default
false
record_sql
¶NewRelic’s SQL statement recording mode: [off | obfuscated | raw]
- Default
"off"
packages
¶
app_package_directory_key
¶Directory (bucket) used store app packages. It does not have be pre-created.
- Default
cc-packages
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for app package downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
max_package_size
¶Maximum size of application package
- Default
1.073741824e+09
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
perform_blob_cleanup
¶Whether or not to perform the blob cleanup job
- Default
true
resource_pool
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for resource pool downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
maximum_size
¶Maximum size of a resource to add to the pool
- Default
5.36870912e+08
minimum_size
¶Minimum size of a resource to add to the pool
- Default
65536
resource_directory_key
¶Directory (bucket) used store app resources. It does not have be pre-created.
- Default
cc-resources
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
stacks
¶Tag used by the DEA to describe capabilities (i.e. ‘Windows7’, ‘python-linux’). DEA and CC must agree.
- Default
- description: Cloud Foundry Linux-based filesystem name: cflinuxfs2
staging_timeout_in_seconds
¶Timeout for staging a droplet
- Default
900
staging_upload_password
¶User’s password used to access internal endpoints of Cloud Controller to upload files when staging
staging_upload_user
¶User name used to access internal endpoints of Cloud Controller to upload files when staging
temporary_create_internal_domain
¶Create the apps.internal domain so that it is reserved for use by platform service discovery
- Default
false
thresholds
¶
worker
¶
alert_if_above_mb
¶The cc will alert if memory remains above this threshold for 3 monit cycles
- Default
384
restart_if_above_mb
¶The cc will restart if memory remains above this threshold for 3 monit cycles
- Default
512
restart_if_consistently_above_mb
¶The cc will restart if memory remains above this threshold for 15 monit cycles
- Default
384
tls_port
¶External Cloud Controller port
- Default
9023
uaa
¶
internal_url
¶The internal url used by UAA
- Default
uaa.service.cf.internal
ccdb
¶
address
¶The address of the database server
ca_cert
¶The ca cert to use when communicating with the database over SSL
connection_validation_timeout
¶The period in seconds after which idle connections are validated, passed directly to the Sequel gem - see http://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_validator_rb.html for details. Note that setting this to -1 results in an additional query whenever connections are checked out from the pool, which can have performance implications
- Default
3600
databases
¶Contains the name of the database on the database server
db_scheme
¶The type of database being used. mysql or postgres
- Default
postgres
max_connections
¶Maximum connections for Sequel
- Default
25
pool_timeout
¶The timeout for Sequel pooled connections
- Default
10
port
¶The port of the database server
read_timeout
¶The read timeout in seconds for query responses, passed directly to the Sequel gem - see https://github.com/jeremyevans/sequel/blob/master/doc/opening_databases.rdoc for details
- Default
3600
roles
¶Users to create on the database when seeding
ssl_verify_hostname
¶Verify that the database SSL certificate matches the host to which the connection is attempted
- Default
true
credhub_api
¶
hostname
¶Hostname used to resolve the address of CredHub
- Default
credhub.service.cf.internal
metron_endpoint
¶
host
¶The host used to emit messages to the Metron agent
- Default
127.0.0.1
port
¶The port used to emit messages to the Metron agent
- Default
3457
nfs_server
¶
address
¶NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)
share_path
¶The location at which to mount the nfs share
- Default
/var/vcap/nfs
release_level_backup
¶
Include cloud_controller jobs in backup and restore operations
- Default
true
routing_api
¶
enabled
¶Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API
- Default
false
ssl
¶
skip_cert_verify
¶specifies that the job is allowed to skip ssl cert verification
- Default
false
system_domain
¶
Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen
uaa
¶
ca_cert
¶The certificate authority being used by UAA
clients
¶
cc-service-dashboards
¶
scope
¶Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶Used for generating SSO clients for service brokers.
cc_routing
¶
secret
¶Used for fetching routing information from the Routing API
cc_service_broker_client
¶
scope
¶(DEPRECATED) - Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶(DEPRECATED) - Used for generating SSO clients for service brokers.
port
¶The port used by UAA for non-ssl connections
ssl
¶
port
¶The port used by UAA for ssl connections
- Default
8443
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/cloud_controller_worker/
directory
(learn more).
bin/bbr/post-backup-unlock
(frompost-backup-unlock.sh.erb
)bin/bbr/post-restore-unlock
(frompost-restore-unlock.sh.erb
)bin/bbr/pre-backup-lock
(frompre-backup-lock.sh.erb
)bin/bbr/pre-restore-lock
(frompre-restore-lock.sh.erb
)bin/blobstore_waiter.sh
(fromblobstore_waiter.sh.erb
)bin/cloud_controller_worker
(frombin/cloud_controller_worker.erb
)bin/cloud_controller_worker_ctl
(fromcloud_controller_worker_ctl.erb
)bin/console
(fromconsole.erb
)bin/drain
(fromdrain.sh.erb
)bin/pre-start
(frompre-start.sh.erb
)bin/ruby_version.sh
(fromruby_version.sh.erb
)bin/setup_local_blobstore.sh
(fromsetup_local_blobstore.sh.erb
)config/bpm.yml
(frombpm.yml.erb
)config/certs/bits_service_ca.crt
(frombits_service_ca.crt.erb
)config/certs/buildpacks_ca_cert.pem
(frombuildpacks_ca_cert.pem.erb
)config/certs/copilot.crt
(fromcopilot.crt.erb
)config/certs/copilot.key
(fromcopilot.key.erb
)config/certs/copilot_ca.crt
(fromcopilot_ca.crt.erb
)config/certs/db_ca.crt
(fromdb_ca.crt.erb
)config/certs/droplets_ca_cert.pem
(fromdroplets_ca_cert.pem.erb
)config/certs/mutual_tls.crt
(frommutual_tls.crt.erb
)config/certs/mutual_tls.key
(frommutual_tls.key.erb
)config/certs/mutual_tls_ca.crt
(frommutual_tls_ca.crt.erb
)config/certs/packages_ca_cert.pem
(frompackages_ca_cert.pem.erb
)config/certs/resource_pool_ca_cert.pem
(fromresource_pool_ca_cert.pem.erb
)config/certs/uaa_ca.crt
(fromuaa_ca.crt.erb
)config/cloud_controller_ng.yml
(fromcloud_controller_ng.yml.erb
)config/newrelic.yml
(fromnewrelic.yml.erb
)config/stacks.yml
(fromstacks.yml.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.