core job from shield/8.0.12

Github source: 2b0d835 or master branch

Properties¶

agent¶

key¶

RSA private key used for securing communications between SHIELD Agents and the SHIELD Core.

core¶

authentication¶

A list of SHIELD Authentication Provider configurations, to be emitted into the shieldd.conf configuration file as-is (under the auth: key).

color¶

What color should the SHIELD Web UI render the environment tag in.

Default

yellow

env¶

A short tag describing this environment (i.e. ‘prod’, ‘staging’, etc.).

Default

sandbox

fast-loop¶

How frequently should SHIELD check for and execute scheduled jobs.

Default

5s

motd¶

A (perhaps long-form) message of the day, to display on login forms.

Default

Welcome to SHIELD!

session-timeout¶

How long should sessions be valid for.

Default

8h

slow-loop¶

How frequently should SHIELD perform janitorial tasks.

Default

1h

task-timeout¶

How long after start of execution before timing out a running task.

Default

12h

workers¶

Maximum allowable number of running, concurrent tasks.

Default

5

domain¶

Fully-qualified domain name (or IP address) of your SHIELD installation

failsafe¶

password¶

A password for the failsafe user.

Default

shield

username¶

A fallback username for initially accessiong your SHIELD instance.

Default

admin

log-level¶

Log level for the SHIELD Core. One of ‘error’, ‘warning’, or ‘info’.

Default

error

migrate-from¶

dsn¶

The full datasource name of a legacy (pre-v8) database to migrate from.

type¶

What type of legacy (pre-v8) database to migrate from (optional).

nginx¶

connections¶

Number of nginx connections per worker

Default

8192

keepalive¶

Timeout for keep-alive connections

Default

75 20

workers¶

Number of nginx workers

Default

2

port¶

Incoming port to bind for HTTPS API and Web UI

Default

443

tls¶

certificate¶

TLS Certificate (PEM encoded), used for the HTTPS API and Web UI

key¶

TLS private key (PEM encoded), used for the HTTPS API and Web UI

reuse-after¶

How long (in hours) before rotating cryptographic parameters

Default

2

vault¶

tls¶

ca¶

The PEM-encoded certificate of the CA that signed the Vault Certificate. The SHIELD core needs this so that it can trust the Vault certificate.

certificate¶

The PEM-encoded certificate of the Vault itself. This certificate should be issued for the IP SAN 127.0.0.1.

key¶

The PEM-encoded private key for the Vault certificate.

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/core/ directory (learn more).

• bin/nginx (from bin/nginx)
• bin/shieldd (from bin/shieldd)
• bin/vault (from bin/vault)
• config/agent.key (from config/agent.key)
• config/nginx.conf (from config/nginx.conf)
• config/shieldd.conf (from config/shieldd.conf)
• config/tls/nginx.key (from config/tls/nginx.key)
• config/tls/nginx.pub (from config/tls/nginx.pub)
• config/tls/vault.ca (from config/tls/vault.ca)
• config/tls/vault.key (from config/tls/vault.key)
• config/tls/vault.pub (from config/tls/vault.pub)
• config/vault.conf (from config/vault.conf)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• nginx
• shield
• vault