core job from shield/8.6.0
Github source:
10b2449 or
master branch
Properties¶
agent¶
dial-timeout¶Duration timespec for how long to allow for an TCP connection to an agent to establish. Longer values may effectively get overridden by the system’s TCP timeout
- Default
key¶RSA private key used for securing communications between SHIELD Agents and the SHIELD Core.
macs¶List of message authentication code implementations to allow when negotiating SSH with agents.
- Default
core¶
authentication¶A list of SHIELD Authentication Provider configurations, to be emitted into the shieldd.conf configuration file as-is (under the
auth:key).
color¶What color should the SHIELD Web UI render the environment tag in.
- Default
env¶A short tag describing this environment (i.e. ‘prod’, ‘staging’, etc.).
- Default
fast-loop¶How frequently should SHIELD check for and execute scheduled jobs.
- Default
mbus¶
backlog¶The maximum number of events that the message bus will keep for a client before dropping the client. If this is set too low, then clients may be dropped sporadically. If this is set higher, it will take more memory per client.
- Default
max-slots¶The maximum number of clients that can hook up to the message bus at once. Limits the number of websocket clients.
- Default
motd¶A (perhaps long-form) message of the day, to display on login forms.
- Default
session-timeout¶How long should sessions be valid for.
- Default
slow-loop¶How frequently should SHIELD perform janitorial tasks.
- Default
task-timeout¶How long after start of execution before timing out a running task.
- Default
workers¶Maximum allowable number of running, concurrent tasks.
- Default
domain¶
Fully-qualified domain name (or IP address) of your SHIELD installation
failsafe¶
password¶A password for the failsafe user.
- Default
username¶A fallback username for initially accessiong your SHIELD instance.
- Default
log-level¶
Log level for the SHIELD Core. One of ‘error’, ‘warning’, or ‘info’.
- Default
error
nginx¶
connections¶Number of nginx connections per worker
- Default
keepalive¶Timeout for keep-alive connections
- Default
workers¶Number of nginx workers
- Default
plugin_paths¶
Map of paths that the binary of the plugins can be found
- Example
-
|+ plugin_paths: atmos: /var/vcap/packages/atmos-plugin/bin
port¶
Incoming port to bind for HTTPS API and Web UI
- Default
443
tls¶
certificate¶TLS Certificate (PEM encoded), used for the HTTPS API and Web UI
ciphers¶Which SSL/TLS ciphers to allow, used for the HTTPS API and Web UI
- Default
key¶TLS private key (PEM encoded), used for the HTTPS API and Web UI
protocols¶Which SSL/TLS protocols to allow, used for the HTTPS API and Web UI
- Default
reuse-after¶How long (in hours) before rotating cryptographic parameters
- Default
vault¶
tls¶
ca¶The PEM-encoded certificate of the CA that signed the Vault Certificate. The SHIELD core needs this so that it can trust the Vault certificate.
certificate¶The PEM-encoded certificate of the Vault itself. This certificate should be issued for the IP SAN 127.0.0.1.
key¶The PEM-encoded private key for the Vault certificate.
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/core/ directory
(learn more).
bin/nginx(frombin/nginx)bin/shieldd(frombin/shieldd)bin/vault(frombin/vault)config/agent.key(fromconfig/agent.key)config/nginx.conf(fromconfig/nginx.conf)config/shieldd.conf(fromconfig/shieldd.conf)config/tls/nginx.key(fromconfig/tls/nginx.key)config/tls/nginx.pub(fromconfig/tls/nginx.pub)config/tls/vault.ca(fromconfig/tls/vault.ca)config/tls/vault.key(fromconfig/tls/vault.key)config/tls/vault.pub(fromconfig/tls/vault.pub)config/vault.conf(fromconfig/vault.conf)envrc(fromenvrc)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/ directory.