director job from bosh/263.7.0
Github source:
96c8c25
or
master branch
Properties¶
agent
¶
blobstore
¶
access_key_id
¶AWS access_key_id for agent used by s3 blobstore plugin
address
¶Address for agent to connect to blobstore server used by simple blobstore plugin
credentials_source
¶AWS or GCP Credential Source (static / env_or_profile / none)
- Default
static
encryption_key
¶Customer-Supplied Encryption key used when storing blobs in GCS (Optional - Base64 encoded 32 byte key)
host
¶Host of blobstore server used by simple blobstore plugin
json_key
¶Contents of a GCP JSON service account file used for static credentials_source (optional)
port
¶Port for agent to connect to blobstore server used by simple blobstore plugin
s3_region
¶AWS region for agent used by s3 blobstore plugin
s3_signature_version
¶Signature version of the blobstore used by s3 blobstore plugin (optional, if not provided the s3 client decides which version to use)
secret_access_key
¶AWS secret_access_key for agent used by s3 blobstore plugin
server_side_encryption
¶Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)
sse_kms_key_id
¶AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.
ssl_verify_peer
¶Verify the SSL certificate used on the blobstore?
- Default
true
storage_class
¶Storage Class used when storing blobs in GCS (optional, if not provided uses bucket default)
use_ssl
¶Whether the simple blobstore plugin should use SSL to connect to the blobstore server
- Default
true
nats
¶
address
¶Address for agent to connect to nats
blobstore
¶
access_key_id
¶AWS access_key_id used by s3 blobstore plugin
address
¶Address of blobstore server used by simple blobstore plugin
agent
¶
password
¶Password agent uses to connect to blobstore used by simple blobstore plugin
user
¶Username agent uses to connect to blobstore used by simple blobstore plugin
bucket_name
¶AWS S3 or GCP GCS Bucket used by external blobstore plugin
credentials_source
¶AWS or GCP Credential Source (static / env_or_profile / none)
- Default
static
director
¶
password
¶Password director uses to connect to blobstore used by simple blobstore plugin
user
¶Username director uses to connect to blobstore used by simple blobstore plugin
encryption_key
¶Customer-Supplied Encryption key used when storing blobs in GCS (Optional - Base64 encoded 32 byte key)
host
¶Host of blobstore server used by simple blobstore plugin
json_key
¶Contents of a GCP JSON service account file used for static credentials_source (optional)
port
¶Port of blobstore server used by simple blobstore plugin
- Default
25250
provider
¶Provider of the blobstore used by director and agent (dav|simple|s3|gcs)
- Default
dav
s3_port
¶Port of blobstore server used by s3 blobstore plugin
- Default
443
s3_region
¶Region of the blobstore used by s3 blobstore plugin
s3_signature_version
¶Signature version of the blobstore used by s3 blobstore plugin (optional, if not provided the s3 client decides which version to use)
secret_access_key
¶AWS secret_access_key used by s3 blobstore plugin
server_side_encryption
¶Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)
sse_kms_key_id
¶AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.
ssl_verify_peer
¶Verify the SSL certificate used on the blobstore?
- Default
true
storage_class
¶Storage Class used when storing blobs in GCS (optional, if not provided uses bucket default)
use_ssl
¶Whether the simple blobstore plugin should use SSL to connect to the blobstore server
- Default
true
compiled_package_cache
¶
options
¶
access_key_id
¶AWS access_key_id used for the compiled package cache
bucket_name
¶AWS S3 Bucket used for the compiled package cache
credentials_source
¶AWS credentials (static / env_or_profile)
- Default
static
host
¶Host of blobstore server used for compiled package cache
port
¶Port of blobstore server used for compiled package cache
- Default
25250
s3_port
¶Port of blobstore server used by s3 blobstore plugin
- Default
443
s3_signature_version
¶Signature version of the blobstore used by s3 blobstore plugin (optional, if not provided the s3 client decides which version to use)
secret_access_key
¶AWS secret_access_key used for the compiled package cache
server_side_encryption
¶Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)
sse_kms_key_id
¶AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.
ssl_verify_peer
¶Verify the SSL certificate used on the blobstore?
- Default
true
use_ssl
¶Whether the simple blobstore plugin should use SSL to connect to the blobstore server
- Default
true
provider
¶Provider of the blobstore used for the compiled package cache
- Default
s3
director
¶
auto_fix_stateful_nodes
¶Enable/Disable auto resolution for stateful nodes for scan_and_fix (true|false)
- Default
true
backend_port
¶Port that the director listens on
- Default
25556
backup_destination
¶Configuration of the blobstore used by director for backups (dav|simple|s3)
- Example
options: access_key_id: AKIAA1B2C3D4... bucket_name: some-bucket-name credentials_source: static region: eu-central-1 secret_access_key: a1b2c3d4... provider: s3
backup_schedule
¶RufusScheduler cron formatted schedule for backups
config_server
¶
ca_cert
¶CA cert to trust when communicating with Config Server
enabled
¶When true, replace substitution values in manifest with values from Config Server
- Default
false
uaa
¶
ca_cert
¶CA cert to trust when communicating with UAA
client_id
¶UAA client id to access Config Server
client_secret
¶UAA client secret to access Config Server
url
¶URL for the UAA server used for authenticating access to Config Server
url
¶URL for the Config Server
cpi_job
¶Name of cpi job (null to use bundled cpi gems)
db
¶
adapter
¶The type of database used (mysql2|postgres|sqlite)
- Default
postgres
connection_options
¶Additional options for the database
- Default
max_connections: 32 pool_timeout: 10
database
¶Name of the director database
- Default
bosh
host
¶Address of the director database, for example, in the case of AWS RDS: rds-instance-name.coqxxxxxxxxx.us-east-1.rds.amazonaws.com
- Default
127.0.0.1
password
¶Password used for the director database
port
¶Port of the director database (e.g, msyql2 adapter would generally use 3306)
- Default
5432
user
¶Username used for the director database
- Default
bosh
debug
¶
keep_unreachable_vms
¶When a bosh deploy fails, the failed VM will be kept instead of destroyed
- Default
false
default_ssh_options
¶
gateway_host
¶Default host to use as ssh gateway with bosh ssh command
gateway_user
¶Default user to use with bosh ssh command
- Default
vcap
disks
¶
cleanup_schedule
¶RufusScheduler cron formatted schedule for cleanup of orphaned disks and orphaned snapshots
- Default
0 0,30 * * * * UTC
max_orphaned_age_in_days
¶Days to keep orphaned disks and orhaned snapshots before cleanup
- Default
5
enable_cpi_resize_disk
¶Enable/Disable native CPI disk resizing (true|false)
- Default
false
enable_dedicated_status_worker
¶Separate worker for ‘bosh vms’ and ‘bosh ssh’
- Default
false
enable_nats_delivered_templates
¶When true, rendered templates will be sent over NATs
- Default
false
enable_post_deploy
¶When true, all templates will run their post_deploy script once deployment is complete
- Default
false
enable_snapshots
¶Enable/Disable snapshots for persistent disks (true|false)
- Default
false
enable_virtual_delete_vms
¶When true, bosh will not delete vm from cloud when instance update, just destroy vm record in db
- Default
false
encryption
¶Enable/Disable agent-director encryption (true|false)
- Default
false
events
¶
cleanup_schedule
¶RufusScheduler cron formatted schedule for cleanup of events
- Default
0 * * * * UTC
max_events
¶Max number of events to keep
- Default
10000
record_events
¶Enable recording of events to the database and syslog
- Default
false
flush_arp
¶Clear up arp entries when machines are recreated
- Default
false
generate_vm_passwords
¶When true, a random unique password will be used for each vm if user has not specified a password
- Default
false
ignore_missing_gateway
¶Allow gateway to be omitted from subnet configuration. Boshlite vms(containers) do not require gateway.
- Default
false
local_dns
¶
enabled
¶Enables local DNS, i.e., sending sync_dns messages with all names/IPs to all agents managed by this director
- Default
false
include_index
¶If local DNS is enabled, then include_index will cause director to propagate dns records with instance index number as well as dns records with instance ID
- Default
false
use_dns_addresses
¶When true, address references in rendered templates will evaluate to DNS entries rather than IP addresses
- Default
false
log_access_events_to_syslog
¶Access to api is logged to the syslog
- Default
false
max_tasks
¶Max number of tasks per each type to keep in disk
- Default
100
max_threads
¶Max number of director concurrent threads
- Default
32
max_upload_size
¶Max allowed file size for upload
- Default
10000m
max_vm_create_tries
¶Max retries when creating VMs
- Default
5
name
¶Name of the director
nginx
¶
ssl_ciphers
¶List of SSL ciphers to allow (format: https://www.openssl.org/docs/manmaster/man1/ciphers.html - CIPHER LIST FORMAT section)
- Default
DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
ssl_prefer_server_ciphers
¶Prefer server’s cipher priority instead of client’s (true for On, false for Off)
- Default
true
ssl_protocols
¶SSL/TLS protocols to allow
- Default
TLSv1.2
workers
¶Number of nginx workers for director
- Default
2
port
¶Port that the director nginx listens on
- Default
25555
proxy_timeout
¶Timeout for proxy connection from nginx to director
- Default
900
remove_dev_tools
¶When true, remove dev tool packages from non-compilation VMs
- Default
false
self_snapshot_schedule
¶RufusScheduler cron formatted schedule for self snapshots
- Default
0 0 6 * * * UTC
snapshot_schedule
¶RufusScheduler cron formatted schedule for snapshots
- Default
0 0 7 * * * UTC
ssl
¶
cert
¶SSL Certificate for director (PEM encoded)
key
¶SSL private key for director (PEM encoded)
timeout
¶Timeout for connection from bosh CLI to nginx
- Default
7200
trusted_certs
¶Cerfiticates that VMs created by this director should trust in addition to those packaged with the stemcell (PEM encoded; zero or more certs allowed)
- Default
""
user_management
¶
local
¶
users
¶List of users that can authenticate with director in non-Uaa mode
provider
¶User management implementation (local|uaa)
- Default
local
uaa
¶
public_key
¶Public key to verify Uaa token when token is encoded with asymmetric encryption
symmetric_key
¶Symmetric key to verify Uaa token
url
¶Uaa URL, specify either the url or the urls attribute
urls
¶List of Uaa URLs, specify either the url or the urls attribute
workers
¶Number of director workers
- Default
3
dns
¶
address
¶Address of the powerdns server
db
¶
adapter
¶DNS Database adapter
- Default
postgres
connection_options
¶Additional options for the powerdns database
- Default
max_connections: 32 pool_timeout: 10
database
¶Name of the powerdns database
- Default
bosh
host
¶DNS Database host
- Default
127.0.0.1
password
¶DNS Database password
port
¶Port that the powerdns database listens on
- Default
5432
user
¶DNS Database user
- Default
bosh
domain_name
¶TLD of the dns zone used by bosh
- Default
bosh
env
¶
http_proxy
¶HTTP proxy that the director, scheduler and workers should use
https_proxy
¶HTTPS proxy that the director, scheduler and workers should use
no_proxy
¶List of comma-separated hosts that should skip connecting to the proxy in the director, scheduler and workers
nats
¶
address
¶Address of the nats server
password
¶Password to connect to nats with
port
¶Port that the nats server listens on
- Default
4222
user
¶Username to connect to nats with
- Default
nats
ntp
¶
List of ntp server IPs. pool.ntp.org attempts to return IPs closest to your location, but you can still specify if needed.
- Default
- 0.pool.ntp.org - 1.pool.ntp.org
registry
¶
address
¶Address of the Registry to connect to
password
¶Password to access the Registry
port
¶Port of the Registry to connect to
- Default
25777
username
¶User to access the Registry
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/director/
directory
(learn more).
bin/bbr/backup
(frombbr_backup
)bin/bbr/restore
(frombbr_restore
)bin/director_ctl
(fromdirector_ctl.erb
)bin/drain
(fromdrain
)bin/nginx_ctl
(fromnginx_ctl
)bin/pre-start
(frompre-start.erb
)bin/ps_utils.sh
(fromps_utils.sh
)bin/restore-db
(fromrestore-db
)bin/scheduler_ctl
(fromscheduler_ctl.erb
)bin/stemcell-copy
(fromstemcell-copy.sh
)bin/sync_dns_ctl
(fromsync_dns_ctl.erb
)bin/task_logrotate
(fromtask_logrotate.sh
)bin/worker_ctl
(fromworker_ctl.erb
)config/config_server_ca.cert
(fromconfig_server_ca.cert.erb
)config/director.yml.erb
(fromdirector.yml.erb.erb
)config/mime.types
(frommime.types
)config/nginx.conf
(fromnginx.conf.erb
)config/ssl/director.key
(fromdirector.key.erb
)config/ssl/director.pem
(fromdirector.pem.erb
)config/sudoers
(fromsudoers
)config/task_logrotate.cron
(fromtask_logrotate.cron
)config/uaa_server_ca.cert
(fromuaa_server_ca.cert.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.