nats-tls job from nats/56.6.0

TLS-secured NATS server providing a publish-subscribe messaging system for Cloud Foundry components.

Github source: 47e9440 or master branch

Properties¶

nats¶

auth_required¶

Default

true

authorization_timeout¶

After accepting a connection, wait up to this many seconds for credentials.

Default

15

client¶

tls¶

ca¶

Certificate of the CA for verifying the TLS connection to the server. In PEM format.

certificate¶

The PEM-encoded certificate to use for verifying the TLS connection to the server (used for local healthchecks).

private_key¶

The PEM-encoded private key to use for verifying the TLS connection to the server (used for local healthchecks).

cluster_host¶

Clustering listening interface, defaults to spec.address

cluster_port¶

The port for the NATS servers to communicate with other servers in the cluster.

Default

4225

debug¶

Enable debug logging output.

Default

false

external¶

tls¶

ca¶

Certificate of the CA for publisher/subscriber traffic. In PEM format.

certificate¶

Certificate for publisher/subscriber traffic. In PEM format.

private_key¶

Private key for publisher/subscriber traffic. In PEM format.

fail_deployment_if_v1¶

Fail the deployment in post-start if nats instances are on v1.

Default

false

hostname¶

Hostname for nats cluster. Set this to the value of your bosh-dns-alias.

Example

nats.service.cf.internal

internal¶

tls¶

ca¶

Certificate of the CA for cluster-internal traffic. In PEM format.

certificate¶

Certificate for cluster-internal traffic. In PEM format.

enabled¶

Enable mutually authenticated TLS for NATS cluster-internal traffic.

Default

false

private_key¶

Private key for cluster-internal traffic. In PEM format.

machines¶

IP or Domain Name of each NATS cluster member.

migrate_server¶

port¶

Port for endpoint to migrate nats job to nats-server v2. To be removed in a future release.

Default

4243

monitor_port¶

Port for varz and connz monitoring. 0 means disabled.

Default

0

net¶

Client listening interface, defaults to spec.address

no_advertise¶

When configured to true, this nats server will not be advertised to any nats clients.

Default

true

nontls_cluster_port¶

The port for the NATS servers to communicate with other servers in the cluster. No default but usually 4223.

password¶

Password for server authentication.

port¶

The port for the NATS server to listen on.

Default

4224

prof_port¶

Port for pprof. 0 means disabled.

Default

0

trace¶

Enable trace logging output.

Default

false

user¶

Username for server authentication.

write_deadline¶

Maximum number of seconds the server will block when writing. Once this threshold is exceeded the connection will be closed and the client will be considered as Slow Consumer.

Default

2s

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/nats-tls/ directory (learn more).

• bin/post-start (from post-start.erb)
• config/bpm.yml (from bpm.yml.erb)
• config/client_tls/ca.pem (from client_tls/ca.pem.erb)
• config/client_tls/certificate.pem (from client_tls/certificate.pem.erb)
• config/client_tls/private_key.pem (from client_tls/private_key.pem.erb)
• config/external_tls/ca.pem (from external_tls/ca.pem.erb)
• config/external_tls/certificate.pem (from external_tls/certificate.pem.erb)
• config/external_tls/private_key.pem (from external_tls/private_key.pem.erb)
• config/internal_tls/ca.pem (from internal_tls/ca.pem.erb)
• config/internal_tls/certificate.pem (from internal_tls/certificate.pem.erb)
• config/internal_tls/private_key.pem (from internal_tls/private_key.pem.erb)
• config/migrator-config.json (from migrator-config.json.erb)
• config/nats-tls.conf (from nats-tls.conf.erb)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• gnatsd
• nats-server
• nats-tls-healthcheck
• nats-v2-migrate
• pid_utils