director job from bosh/257.15
Github source:
fd87fe2d
or
master branch
Properties¶
agent
¶
blobstore
¶
access_key_id
¶AWS access_key_id for agent used by s3 blobstore plugin
address
¶Address for agent to connect to blobstore server used by simple blobstore plugin
credentials_source
¶AWS credentials (static / env_or_profile)
- Default
static
host
¶Host of blobstore server used by simple blobstore plugin
port
¶Port for agent to connect to blobstore server used by simple blobstore plugin
s3_region
¶AWS region for agent used by s3 blobstore plugin
s3_signature_version
¶Signature version of the blobstore used by s3 blobstore plugin (optional, if not provided the s3 client decides which version to use)
secret_access_key
¶AWS secret_access_key for agent used by s3 blobstore plugin
server_side_encryption
¶Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)
sse_kms_key_id
¶AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.
ssl_verify_peer
¶Verify the SSL certificate used on the blobstore?
- Default
true
use_ssl
¶Whether the simple blobstore plugin should use SSL to connect to the blobstore server
- Default
true
nats
¶
address
¶Address for agent to connect to nats
aws
¶
access_key_id
¶AWS access_key_id for aws cpi
credentials_source
¶AWS credentials (static / env_or_profile)
- Default
static
default_iam_instance_profile
¶Default IAM profile to be used by aws cpi
default_key_name
¶Default ssh keypair used by aws cpi when creating vms
default_security_groups
¶Default security group used by aws cpi
ec2_endpoint
¶The service endpoint for Amazon EC2 (optional, if not supplied default region endpoint will be used)
elb_endpoint
¶The service endpoint for Amazon Elastic Load Balancing (optional, if not supplied default region endpoint will be used)
http_read_timeout
¶The number of seconds before the aws cpi should timeout while waiting for response
- Default
60
http_wire_trace
¶When true aws cpi will log all wire traces
- Default
false
max_retries
¶Max number of retries to connect to AWS
- Default
2
region
¶AWS Region used by aws cpi
secret_access_key
¶AWS secret_access_key for aws cpi
ssl_ca_file
¶The path to a CA cert bundle in PEM format
ssl_ca_path
¶The path the a CA cert directory
ssl_verify_peer
¶When true the HTTP handler validate server certificates for HTTPS requests
stemcell
¶
kernel_id
¶AWS kernel id used by aws cpi
blobstore
¶
access_key_id
¶AWS access_key_id used by s3 blobstore plugin
address
¶Address of blobstore server used by simple blobstore plugin
agent
¶
password
¶Password agent uses to connect to blobstore used by simple blobstore plugin
user
¶Username agent uses to connect to blobstore used by simple blobstore plugin
bucket_name
¶AWS S3 Bucket used by s3 blobstore plugin
credentials_source
¶AWS Credential Source (static / env_or_profile)
- Default
static
director
¶
password
¶Password director uses to connect to blobstore used by simple blobstore plugin
user
¶Username director uses to connect to blobstore used by simple blobstore plugin
host
¶Host of blobstore server used by simple blobstore plugin
port
¶Port of blobstore server used by simple blobstore plugin
- Default
25250
provider
¶Provider of the blobstore used by director and agent (dav|simple|s3)
- Default
dav
s3_port
¶Port of blobstore server used by s3 blobstore plugin
- Default
443
s3_region
¶Region of the blobstore used by s3 blobstore plugin
s3_signature_version
¶Signature version of the blobstore used by s3 blobstore plugin (optional, if not provided the s3 client decides which version to use)
secret_access_key
¶AWS secret_access_key used by s3 blobstore plugin
server_side_encryption
¶Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)
sse_kms_key_id
¶AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.
ssl_verify_peer
¶Verify the SSL certificate used on the blobstore?
- Default
true
use_ssl
¶Whether the simple blobstore plugin should use SSL to connect to the blobstore server
- Default
true
compiled_package_cache
¶
options
¶
access_key_id
¶AWS access_key_id used for the compiled package cache
bucket_name
¶AWS S3 Bucket used for the compiled package cache
credentials_source
¶AWS credentials (static / env_or_profile)
- Default
static
host
¶Host of blobstore server used for compiled package cache
port
¶Port of blobstore server used for compiled package cache
- Default
25250
s3_port
¶Port of blobstore server used by s3 blobstore plugin
- Default
443
s3_signature_version
¶Signature version of the blobstore used by s3 blobstore plugin (optional, if not provided the s3 client decides which version to use)
secret_access_key
¶AWS secret_access_key used for the compiled package cache
server_side_encryption
¶Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)
sse_kms_key_id
¶AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.
ssl_verify_peer
¶Verify the SSL certificate used on the blobstore?
- Default
true
use_ssl
¶Whether the simple blobstore plugin should use SSL to connect to the blobstore server
- Default
true
provider
¶Provider of the blobstore used for the compiled package cache
- Default
s3
director
¶
auto_fix_stateful_nodes
¶Enable/Disable auto resolution for stateful nodes for scan_and_fix (true|false)
- Default
true
backend_port
¶Port that the director listens on
- Default
25556
backup_destination
¶Configuration of the blobstore used by director for backups (dav|simple|s3)
backup_schedule
¶RufusScheduler cron formatted schedule for backups
config_server_url
¶URL for the config server
- Default
http://127.0.0.1:8080
cpi_job
¶Name of cpi job (null to use bundled cpi gems)
db
¶
adapter
¶The type of database used (mysql2|postgres|sqlite)
- Default
postgres
connection_options
¶Additional options for the database
- Default
max_connections: 32 pool_timeout: 10
database
¶Name of the director database
- Default
bosh
host
¶Address of the director database, for example, in the case of AWS RDS: rds-instance-name.coqxxxxxxxxx.us-east-1.rds.amazonaws.com
- Default
127.0.0.1
password
¶Password used for the director database
port
¶Port of the director database (e.g, msyql2 adapter would generally use 3306)
- Default
5432
user
¶Username used for the director database
- Default
bosh
debug
¶
keep_unreachable_vms
¶When a bosh deploy fails, the failed VM will be kept instead of destroyed
- Default
false
default_ssh_options
¶
gateway_host
¶Default host to use as ssh gateway with bosh ssh command
gateway_user
¶Default user to use with bosh ssh command
- Default
vcap
disks
¶
cleanup_schedule
¶RufusScheduler cron formatted schedule for cleanup of orphaned disks and orphaned snapshots
- Default
0 0,30 * * * * UTC
max_orphaned_age_in_days
¶Days to keep orphaned disks and orhaned snapshots before cleanup
- Default
5
enable_dedicated_status_worker
¶Separate worker for ‘bosh vms’ and ‘bosh ssh’
- Default
false
enable_post_deploy
¶When true, all templates will run their post_deploy script once deployment is complete
- Default
false
enable_snapshots
¶Enable/Disable snapshots for persistent disks (true|false)
- Default
false
enable_virtual_delete_vms
¶When true, bosh will not delete vm from cloud when instance update, just destroy vm record in db
- Default
false
encryption
¶Enable/Disable agent-director encryption (true|false)
- Default
false
events
¶
cleanup_schedule
¶RufusScheduler cron formatted schedule for cleanup of events
- Default
0 * * * * UTC
max_events
¶Max number of events to keep
- Default
10000
record_events
¶Enable recording of events to the database
- Default
false
flush_arp
¶Clear up arp entries when machines are recreated
- Default
false
generate_vm_passwords
¶When true, a random unique password will be used for each vm if user has not specified a password
- Default
false
ignore_missing_gateway
¶Allow gateway to be omitted from subnet configuration. Boshlite vms(containers) do not require gateway.
- Default
false
log_access_events_to_syslog
¶Access to api is logged to the syslog
- Default
false
max_tasks
¶Max number of tasks per each type to keep in disk
- Default
100
max_threads
¶Max number of director concurrent threads
- Default
32
max_upload_size
¶Max allowed file size for upload
- Default
10000m
max_vm_create_tries
¶Max retries when creating VMs
- Default
5
name
¶Name of the director
nginx
¶
ssl_ciphers
¶List of SSL ciphers to allow (format: https://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT)
- Default
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
ssl_prefer_server_ciphers
¶Prefer server’s cipher priority instead of client’s (true for On, false for Off)
- Default
true
ssl_protocols
¶SSL/TLS protocols to allow
- Default
TLSv1 TLSv1.1 TLSv1.2
workers
¶Number of nginx workers for director
- Default
2
parse_config_values
¶When true, replace substitution values in manifest with values from config server
- Default
false
port
¶Port that the director nginx listens on
- Default
25555
proxy_timeout
¶Timeout for proxy connection from nginx to director
- Default
900
remove_dev_tools
¶When true, remove dev tool packages from non-compilation VMs
- Default
false
self_snapshot_schedule
¶RufusScheduler cron formatted schedule for self snapshots
- Default
0 0 6 * * * UTC
snapshot_schedule
¶RufusScheduler cron formatted schedule for snapshots
- Default
0 0 7 * * * UTC
ssl
¶
cert
¶SSL Certificate for director (PEM encoded)
key
¶SSL private key for director (PEM encoded)
timeout
¶Timeout for connection from bosh CLI to nginx
- Default
7200
trusted_certs
¶Cerfiticates that VMs created by this director should trust in addition to those packaged with the stemcell (PEM encoded; zero or more certs allowed)
- Default
""
user_management
¶
local
¶
users
¶List of users that can authenticate with director in non-Uaa mode
provider
¶User management implementation (local|uaa)
- Default
local
uaa
¶
public_key
¶Public key to verify Uaa token when token is encoded with asymmetric encryption
symmetric_key
¶Symmetric key to verify Uaa token
url
¶Uaa URL, specify either the url or the urls attribute
urls
¶List of Uaa URLs, specify either the url or the urls attribute
workers
¶Number of director workers
- Default
3
dns
¶
address
¶Address of the powerdns server
db
¶
adapter
¶DNS Database adapter
- Default
postgres
connection_options
¶Additional options for the powerdns database
- Default
max_connections: 32 pool_timeout: 10
database
¶Name of the powerdns database
- Default
bosh
host
¶DNS Database host
- Default
127.0.0.1
password
¶DNS Database password
port
¶Port that the powerdns database listens on
- Default
5432
user
¶DNS Database user
- Default
bosh
domain_name
¶TLD of the dns zone used by bosh
- Default
bosh
env
¶
http_proxy
¶HTTP proxy that the director, scheduler and workers should use
https_proxy
¶HTTPS proxy that the director, scheduler and workers should use
no_proxy
¶List of comma-separated hosts that should skip connecting to the proxy in the director, scheduler and workers
nats
¶
address
¶Address of the nats server
password
¶Password to connect to nats with
port
¶Port that the nats server listens on
- Default
4222
user
¶Username to connect to nats with
- Default
nats
ntp
¶
List of ntp server IPs. pool.ntp.org attempts to return IPs closest to your location, but you can still specify if needed.
- Default
- 0.pool.ntp.org - 1.pool.ntp.org
openstack
¶
api_key
¶OpenStack API key
auth_url
¶URL of the OpenStack Identity endpoint to connect to
boot_from_volume
¶Boot from volume (optional, false by default)
- Default
false
boot_volume_cloud_properties
¶
type
¶Volume type for the boot volume (optional)
config_drive
¶Config drive device (cdrom or disk) to use as metadata service on OpenStack (optional, nil by default)
connection_options
¶Hash containing optional connection parameters to the OpenStack API
default_key_name
¶Default OpenStack keypair to use when spinning up new vms
default_security_groups
¶Default OpenStack security groups to use when spinning up new vms
domain
¶OpenStack domain (required for Keystone API version 3)
endpoint_type
¶OpenStack endpoint type (optional, by default publicURL)
- Default
publicURL
ignore_server_availability_zone
¶When creating disks do not use the servers AZ, default to openstack default
- Default
false
project
¶OpenStack project name (required for Keystone API version 3)
region
¶OpenStack region (optional)
state_timeout
¶Timeout (in seconds) for OpenStack resources desired state (optional, by default 300)
- Default
300
stemcell_public_visibility
¶Set public visibility for stemcells (optional, false by default)
- Default
false
tenant
¶OpenStack tenant name (required for Keystone API version 2)
use_dhcp
¶Whether to use DHCP when configuring networking on VM (for both manual and dynamic)
- Default
true
username
¶OpenStack user name
wait_resource_poll_interval
¶Changes the delay (in seconds) between each status check to OpenStack when creating a resource (optional, by default 5)
- Default
5
registry
¶
address
¶Address of the Registry to connect to
http
¶
password
¶Password to access the Registry
port
¶Port of the Registry to connect to
- Default
25777
user
¶User to access the Registry
vcd
¶
entities
¶
description
¶Text associated with the VMs
- Default
vcd-cf
media_catalog
¶The name of the calalog for media files
organization
¶The organization name
vapp_catalog
¶The name of the calalog for vapp template
virtual_datacenter
¶The virtual data center name in vCloud Director
vm_metadata_key
¶The key name of VM metadata
- Default
vcd-cf
password
¶The password of the target vCloud Director
url
¶The endpoint of the target vCloud Director
user
¶The user name of the target vCloud Director
vcenter
¶
address
¶Address of vCenter server used by vsphere cpi
datacenters
¶Datacenters in vCenter to use (value is an array of Hashes representing datacenters and clusters, See director.yml.erb.erb)
password
¶Password to connect to vCenter server used by vspher cpi
user
¶User to connect to vCenter server used by vsphere cpi
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/director/
directory
(learn more).
bin/director_ctl
(fromdirector_ctl.erb
)bin/drain
(fromdrain
)bin/nginx_ctl
(fromnginx_ctl
)bin/ps_utils.sh
(fromps_utils.sh
)bin/restore-db
(fromrestore-db
)bin/scheduler_ctl
(fromscheduler_ctl.erb
)bin/stemcell-copy
(fromstemcell-copy.sh
)bin/task_logrotate
(fromtask_logrotate.sh
)bin/worker_ctl
(fromworker_ctl.erb
)config/director.yml.erb
(fromdirector.yml.erb.erb
)config/mime.types
(frommime.types
)config/nginx.conf
(fromnginx.conf.erb
)config/ssl/director.key
(fromdirector.key.erb
)config/ssl/director.pem
(fromdirector.pem.erb
)config/sudoers
(fromsudoers
)config/task_logrotate.cron
(fromtask_logrotate.cron
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.