cloud_controller_worker job from capi/1.68.0

Cloud Controller worker processes background tasks submitted via the.

Github source: 64cec4c or master branch

Properties¶

`bpm`¶

enabled¶

Experimental feature flag: Enable Bosh Process Manager
Default
false

`cc`¶

allow_app_ssh_access¶

Allow users to change the value of the app-level allow_ssh attribute
Default
true
bits_service¶
ca_cert¶

The ca cert to use when communicating with bits-service endpoints
Default
""
enabled¶

Enable integration of the bits-service incubator (experimental)
Default
false
password¶

Password for the bits-service
Default
""
private_endpoint¶

Private url for the bits-service service
Default
""
public_endpoint¶

Public url for the bits-service service
Default
""
username¶

Username for the bits-service
Default
""
broker_client_default_async_poll_interval_seconds¶

Specifies interval on which the CC will poll a service broker for asynchronous actions
Default
60
broker_client_max_async_poll_duration_minutes¶

The max duration the CC will fetch service instance state from a service broker. Default is 1 week
Default
10080
broker_client_timeout_seconds¶

For requests to service brokers, this is the HTTP (open and read) timeout setting.
Default
60
buildpacks¶
blobstore_type¶

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
Default
fog
buildpack_directory_key¶

Directory (bucket) used store buildpacks. It does not have be pre-created.
Default
cc-buildpacks
cdn¶
key_pair_id¶

Key pair name for signed download URIs
Default
""
private_key¶

Private key for signing download URIs
Default
""
uri¶

URI for a CDN to used for buildpack downloads
Default
""
fog_aws_storage_options¶

Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].

fog_connection¶

Fog connection hash

webdav_config¶
blobstore_timeout¶

The timeout in seconds for requests to the blobstore
Default
5
ca_cert¶

The ca cert to use when communicating with webdav
Default
""
password¶

The basic auth password that CC uses to connect to the admin endpoint on webdav
Default
""
private_endpoint¶

The location of the webdav server eg: https://blobstore.internal
Default
https://blobstore.service.cf.internal:4443
public_endpoint¶

The location of the webdav server eg: https://blobstore.com
Default
""
username¶

The basic auth user that CC uses to connect to the admin endpoint on webdav
Default
""
credential_references¶
interpolate_service_bindings¶

Controls whether CredHub credentials are automatically interpolated in VCAP_SERVICES
Default
true
database_encryption¶
current_key_label¶

current key label for encrypting values in the CC database
Default
""
keys¶

label-key pairs for encrypting sensitive values in the CC database, labels must be < 256 characters long
Default
{}
db_encryption_key¶

key for encrypting sensitive values in the CC database
Default
""
db_logging_level¶

Level at which cc database operations will be logged if cc.log_db_queries is set to true.
Default
debug2
default_app_disk_in_mb¶

The default disk space an app gets
Default
1024
default_app_memory¶

How much memory given to an app if not specified
Default
1024
default_app_ssh_access¶

When ssh is allowed and not explicitly set in the application, new applications will start with ssh service enabled
Default
true
default_health_check_timeout¶

Default health check timeout (in seconds) that can be set for the app
Default
60
default_stack¶

The default stack name to use if no custom stack is specified by an app.
Default
cflinuxfs2
development_mode¶

Enable development features for monitoring and insight
Default
false
diego¶
bbs¶
url¶

URL of the BBS Server
Default
https://bbs.service.cf.internal:8889
cc_uploader_url¶

URL of cc uploader
Default
http://cc-uploader.service.cf.internal:9090
file_server_url¶

URL of file server
Default
http://file-server.service.cf.internal:8080
lifecycle_bundles¶

List of lifecycle bundles arguments for different stacks
Default
  buildpack/cflinuxfs2: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz
  buildpack/cflinuxfs3: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz
  buildpack/windows2012R2: windows_app_lifecycle/windows_app_lifecycle.tgz
  buildpack/windows2016: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz
  docker: docker_app_lifecycle/docker_app_lifecycle.tgz
pid_limit¶

Maximum pid limit for containerized work running user-provided code
Default
1024
temporary_oci_buildpack_mode¶

Temporary flag to enable OCI buildpack flow. Valid values: ‘oci-phase-1’

use_privileged_containers_for_running¶

Whether or not to use privileged containers for running buildpack apps and tasks.
Default
false
use_privileged_containers_for_staging¶

Whether or not to use privileged containers for staging tasks.
Default
false
disable_custom_buildpacks¶

Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)
Default
false
droplets¶
blobstore_type¶

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
Default
fog
cdn¶
key_pair_id¶

Key pair name for signed download URIs
Default
""
private_key¶

Private key for signing download URIs
Default
""
uri¶

URI for a CDN to used for droplet downloads
Default
""
droplet_directory_key¶

Directory (bucket) used store droplets. It does not have be pre-created.
Default
cc-droplets
fog_aws_storage_options¶

Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].

fog_connection¶

Fog connection hash

webdav_config¶
blobstore_timeout¶

The timeout in seconds for requests to the blobstore
Default
5
ca_cert¶

The ca cert to use when communicating with webdav
Default
""
password¶

The basic auth password that CC uses to connect to the admin endpoint on webdav
Default
""
private_endpoint¶

The location of the webdav server eg: https://blobstore.internal
Default
https://blobstore.service.cf.internal:4443
public_endpoint¶

The location of the webdav server eg: https://blobstore.com
Default
""
username¶

The basic auth user that CC uses to connect to the admin endpoint on webdav
Default
""
external_host¶

Host part of the cloud_controller api URI, will be joined with value of ‘domain’
Default
api
external_port¶

External Cloud Controller port
Default
9022
external_protocol¶

The protocol used to access the CC API from an external entity
Default
https
instance_file_descriptor_limit¶

The file descriptors made available to each app instance
Default
16384
internal_api_password¶

Password used by Diego to access internal endpoints

internal_api_user¶

User name used by Diego to access internal endpoints
Default
internal_user
internal_service_hostname¶

Internal hostname used to resolve the address of the Cloud Controller
Default
cloud-controller-ng.service.cf.internal
jobs¶
blobstore_delete¶

timeout_in_seconds¶

The longest this job can take before it is cancelled

generic¶
number_of_workers¶

Number of generic cloud_controller_worker workers
Default
1
global¶
timeout_in_seconds¶

The longest any job can take before it is cancelled unless overriden per job
Default
14400
log_db_queries¶

Log database queries. WARNING: Setting this to true with cc.db_logging_level >= cc.logging_level will log all field values, including encrypted secrets.
Default
false
logging_level¶

Log level for cc. Valid levels are listed here: https://github.com/cloudfoundry/steno#log-levels.
Default
info
logging_max_retries¶

Passthru value for Steno logger
Default
1
loggregator¶
internal_url¶

Internal url used to communicate with traffic_controller
Default
http://loggregator-trafficcontroller.service.cf.internal:8081
maximum_app_disk_in_mb¶

The maximum amount of disk a user can request
Default
2048
maximum_health_check_timeout¶

Maximum health check timeout (in seconds) that can be set for the app
Default
180
mutual_tls¶

ca_cert¶

PEM-encoded CA certificate for secure, mutually authenticated TLS communication

private_key¶

PEM-encoded key for secure, mutually authenticated TLS communication

public_cert¶

PEM-encoded certificate for secure, mutually authenticated TLS communication

newrelic¶
capture_params¶

Capture and send query params to NewRelic
Default
false
developer_mode¶

Activate NewRelic developer mode
Default
false
environment_name¶

The environment name used by NewRelic
Default
development
license_key¶

The api key for NewRelic

log_file_path¶

The location for NewRelic to log to
Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode¶

Activate NewRelic monitor mode
Default
false
transaction_tracer¶
enabled¶

Enable transaction tracing in NewRelic
Default
false
record_sql¶

NewRelic’s SQL statement recording mode: [off | obfuscated | raw]
Default
"off"
packages¶
app_package_directory_key¶

Directory (bucket) used store app packages. It does not have be pre-created.
Default
cc-packages
blobstore_type¶

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
Default
fog
cdn¶
key_pair_id¶

Key pair name for signed download URIs
Default
""
private_key¶

Private key for signing download URIs
Default
""
uri¶

URI for a CDN to used for app package downloads
Default
""
fog_aws_storage_options¶

Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].

fog_connection¶

Fog connection hash

max_package_size¶

Maximum size of application package
Default
1.073741824e+09
webdav_config¶
blobstore_timeout¶

The timeout in seconds for requests to the blobstore
Default
5
ca_cert¶

The ca cert to use when communicating with webdav
Default
""
password¶

The basic auth password that CC uses to connect to the admin endpoint on webdav
Default
""
private_endpoint¶

The location of the webdav server eg: https://blobstore.internal
Default
https://blobstore.service.cf.internal:4443
public_endpoint¶

The location of the webdav server eg: https://blobstore.com
Default
""
username¶

The basic auth user that CC uses to connect to the admin endpoint on webdav
Default
""
perform_blob_cleanup¶

Whether or not to perform the blob cleanup job
Default
true
resource_pool¶
blobstore_type¶

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
Default
fog
cdn¶
key_pair_id¶

Key pair name for signed download URIs
Default
""
private_key¶

Private key for signing download URIs
Default
""
uri¶

URI for a CDN to used for resource pool downloads
Default
""
fog_aws_storage_options¶

Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].

fog_connection¶

Fog connection hash

maximum_size¶

Maximum size of a resource to add to the pool
Default
5.36870912e+08
minimum_size¶

Minimum size of a resource to add to the pool
Default
65536
resource_directory_key¶

Directory (bucket) used store app resources. It does not have be pre-created.
Default
cc-resources
webdav_config¶
blobstore_timeout¶

The timeout in seconds for requests to the blobstore
Default
5
ca_cert¶

The ca cert to use when communicating with webdav
Default
""
password¶

The basic auth password that CC uses to connect to the admin endpoint on webdav
Default
""
private_endpoint¶

The location of the webdav server eg: https://blobstore.internal
Default
https://blobstore.service.cf.internal:4443
public_endpoint¶

The location of the webdav server eg: https://blobstore.com
Default
""
username¶

The basic auth user that CC uses to connect to the admin endpoint on webdav
Default
""
stacks¶

List of hashes describing stacks intended for developers to choose from when pushing apps. A stack is a prebuilt root file system (rootfs) that supports a specific operating system. Note: removing items in this list will not remove the records in the Cloud Controller’s database.
Default
  - description: Cloud Foundry Linux-based filesystem
    name: cflinuxfs2
staging_timeout_in_seconds¶

Timeout for staging a droplet
Default
900
staging_upload_password¶

User’s password used to access internal endpoints of Cloud Controller to upload files when staging

staging_upload_user¶

User name used to access internal endpoints of Cloud Controller to upload files when staging

thresholds¶
worker¶
alert_if_above_mb¶

The cc will alert if memory remains above this threshold for 3 monit cycles
Default
384
restart_if_above_mb¶

The cc will restart if memory remains above this threshold for 3 monit cycles
Default
512
restart_if_consistently_above_mb¶

The cc will restart if memory remains above this threshold for 15 monit cycles
Default
384
tls_port¶

External Cloud Controller port
Default
9023
uaa¶
internal_url¶

The internal url used by UAA
Default
uaa.service.cf.internal

`ccdb`¶

address¶

The address of the database server

ca_cert¶

The ca cert to use when communicating with the database over SSL

connection_validation_timeout¶

The period in seconds after which idle connections are validated, passed directly to the Sequel gem - see http://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_validator_rb.html for details. Note that setting this to -1 results in an additional query whenever connections are checked out from the pool, which can have performance implications
Default
3600
databases¶

Contains the name of the database on the database server

db_scheme¶

The type of database being used. mysql or postgres
Default
postgres
max_connections¶

Maximum connections for Sequel
Default
25
pool_timeout¶

The timeout for Sequel pooled connections
Default
10
port¶

The port of the database server

read_timeout¶

The read timeout in seconds for query responses, passed directly to the Sequel gem - see https://github.com/jeremyevans/sequel/blob/master/doc/opening_databases.rdoc for details
Default
3600
roles¶

Users to create on the database when seeding

ssl_verify_hostname¶

Verify that the database SSL certificate matches the host to which the connection is attempted
Default
true

`credhub_api`¶

hostname¶

Hostname used to resolve the address of CredHub
Default
credhub.service.cf.internal

`metron_endpoint`¶

host¶

The host used to emit messages to the Metron agent
Default
127.0.0.1
port¶

The port used to emit messages to the Metron agent
Default
3457

`nfs_server`¶

address¶

NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)

`release_level_backup`¶

Include cloud_controller jobs in backup and restore operations

Default

true

`routing_api`¶

enabled¶

Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API
Default
false

`ssl`¶

skip_cert_verify¶

specifies that the job is allowed to skip ssl cert verification
Default
false

`system_domain`¶

Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen

`uaa`¶

ca_cert¶

The certificate authority being used by UAA

clients¶
cc-service-dashboards¶
scope¶

Used to grant scope for SSO clients for service brokers
Default
openid,cloud_controller_service_permissions.read
secret¶

Used for generating SSO clients for service brokers.
cc_routing¶

secret¶

Used for fetching routing information from the Routing API

cc_service_broker_client¶
scope¶

(DEPRECATED) - Used to grant scope for SSO clients for service brokers
Default
openid,cloud_controller_service_permissions.read
secret¶

(DEPRECATED) - Used for generating SSO clients for service brokers.
port¶

The port used by UAA for non-ssl connections

ssl¶
port¶

The port used by UAA for ssl connections
Default
8443

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/cloud_controller_worker/ directory (learn more).

bin/bbr/post-backup-unlock (from post-backup-unlock.sh.erb)
bin/bbr/post-restore-unlock (from post-restore-unlock.sh.erb)
bin/bbr/pre-backup-lock (from pre-backup-lock.sh.erb)
bin/bbr/pre-restore-lock (from pre-restore-lock.sh.erb)
bin/blobstore_waiter.sh (from blobstore_waiter.sh.erb)
bin/cloud_controller_worker (from bin/cloud_controller_worker.erb)
bin/cloud_controller_worker_ctl (from cloud_controller_worker_ctl.erb)
bin/console (from console.erb)
bin/drain (from drain.sh.erb)
bin/pre-start (from pre-start.sh.erb)
bin/ruby_version.sh (from ruby_version.sh.erb)
bin/setup_local_blobstore.sh (from setup_local_blobstore.sh.erb)
config/bpm.yml (from bpm.yml.erb)
config/certs/bits_service_ca.crt (from bits_service_ca.crt.erb)
config/certs/buildpacks_ca_cert.pem (from buildpacks_ca_cert.pem.erb)
config/certs/copilot.crt (from copilot.crt.erb)
config/certs/copilot.key (from copilot.key.erb)
config/certs/copilot_ca.crt (from copilot_ca.crt.erb)
config/certs/db_ca.crt (from db_ca.crt.erb)
config/certs/droplets_ca_cert.pem (from droplets_ca_cert.pem.erb)
config/certs/mutual_tls.crt (from mutual_tls.crt.erb)
config/certs/mutual_tls.key (from mutual_tls.key.erb)
config/certs/mutual_tls_ca.crt (from mutual_tls_ca.crt.erb)
config/certs/packages_ca_cert.pem (from packages_ca_cert.pem.erb)
config/certs/resource_pool_ca_cert.pem (from resource_pool_ca_cert.pem.erb)
config/certs/uaa_ca.crt (from uaa_ca.crt.erb)
config/cloud_controller_ng.yml (from cloud_controller_ng.yml.erb)
config/newrelic.yml (from newrelic.yml.erb)
config/stacks.yml (from stacks.yml.erb)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

cloud_controller_worker job from capi/1.68.0

Properties¶

bpm¶

enabled¶

cc¶

allow_app_ssh_access¶

bits_service¶

ca_cert¶

enabled¶

password¶

private_endpoint¶

public_endpoint¶

username¶

broker_client_default_async_poll_interval_seconds¶

broker_client_max_async_poll_duration_minutes¶

broker_client_timeout_seconds¶

buildpacks¶

blobstore_type¶

buildpack_directory_key¶

cdn¶

key_pair_id¶

private_key¶

uri¶

fog_aws_storage_options¶

fog_connection¶

webdav_config¶

blobstore_timeout¶

ca_cert¶

password¶

private_endpoint¶

public_endpoint¶

username¶

credential_references¶

interpolate_service_bindings¶

database_encryption¶

current_key_label¶

keys¶

db_encryption_key¶

db_logging_level¶

default_app_disk_in_mb¶

default_app_memory¶

default_app_ssh_access¶

default_health_check_timeout¶

default_stack¶

development_mode¶

diego¶

bbs¶

url¶

cc_uploader_url¶

file_server_url¶

lifecycle_bundles¶

pid_limit¶

temporary_oci_buildpack_mode¶

use_privileged_containers_for_running¶

use_privileged_containers_for_staging¶

disable_custom_buildpacks¶

droplets¶

blobstore_type¶

cdn¶

key_pair_id¶

private_key¶

uri¶

droplet_directory_key¶

fog_aws_storage_options¶

fog_connection¶

webdav_config¶

blobstore_timeout¶

ca_cert¶

password¶

private_endpoint¶

public_endpoint¶

username¶

external_host¶

external_port¶

external_protocol¶

instance_file_descriptor_limit¶

internal_api_password¶

internal_api_user¶

internal_service_hostname¶

jobs¶

`bpm`¶

`enabled`¶

`cc`¶

`allow_app_ssh_access`¶

`bits_service`¶

`ca_cert`¶

`enabled`¶

`password`¶

`private_endpoint`¶

`public_endpoint`¶

`username`¶

`broker_client_default_async_poll_interval_seconds`¶

`broker_client_max_async_poll_duration_minutes`¶

`broker_client_timeout_seconds`¶

`buildpacks`¶

`blobstore_type`¶

`buildpack_directory_key`¶

`cdn`¶

`key_pair_id`¶

`private_key`¶

`uri`¶

`fog_aws_storage_options`¶

`fog_connection`¶

`webdav_config`¶

`blobstore_timeout`¶

`ca_cert`¶

`password`¶

`private_endpoint`¶

`public_endpoint`¶

`username`¶

`credential_references`¶

`interpolate_service_bindings`¶

`database_encryption`¶

`current_key_label`¶

`keys`¶

`db_encryption_key`¶

`db_logging_level`¶

`default_app_disk_in_mb`¶

`default_app_memory`¶

`default_app_ssh_access`¶

`default_health_check_timeout`¶

`default_stack`¶

`development_mode`¶

`diego`¶

`bbs`¶

`url`¶

`cc_uploader_url`¶

`file_server_url`¶

`lifecycle_bundles`¶

`pid_limit`¶

`temporary_oci_buildpack_mode`¶

`use_privileged_containers_for_running`¶

`use_privileged_containers_for_staging`¶

`disable_custom_buildpacks`¶

`droplets`¶

`blobstore_type`¶

`cdn`¶

`key_pair_id`¶

`private_key`¶

`uri`¶

`droplet_directory_key`¶

`fog_aws_storage_options`¶

`fog_connection`¶

`webdav_config`¶

`blobstore_timeout`¶

`ca_cert`¶

`password`¶

`private_endpoint`¶

`public_endpoint`¶

`username`¶

`external_host`¶

`external_port`¶

`external_protocol`¶

`instance_file_descriptor_limit`¶

`internal_api_password`¶

`internal_api_user`¶

`internal_service_hostname`¶

`jobs`¶

`blobstore_delete`¶

`timeout_in_seconds`¶