policy-server-asg-syncer job from cf-networking/3.21.0
Github source:
d9462457
or
master branch
Properties¶
asg_poll_interval_seconds
¶
Interval in seconds that policy-server will poll CAPI for ASG data. Requires asg_sync_enabled. Must be > 0
- Default
60
cc_hostname
¶
Host name for the Cloud Controller server for connecting to the non-secure api endpoint.
If this value is not provided, policy-server-asg-syncer will obtain the secure api endpoint by consuming
the cloud_controller_https_endpoint
link.
The value supplied to this property must match the value supplied to the Cloud Controller
property cc.internal_service_hostname
.
- Example
-
cloud-controller-ng.service.cf.internal
cc_internal
¶
client_cert
¶Client certificate for cloud controller
client_key
¶Client private key for cloud controller
cc_port
¶
External port of Cloud Controller server for connecting to the non-secure api endpoint.
If this value is not provided, policy-server will obtain the secure api port by consuming
the cloud_controller_https_endpoint
link.
The value supplied to this property must match the value supplied to the Cloud Controller
property cc.external_port
.
- Example
-
9022
database
¶
connect_timeout_seconds
¶Connection timeout between the policy server and its database.
- Default
120
disable
¶
Disable syncing application security groups for dynamic security group updates
- Default
false
locket
¶
address
¶Hostname and port of the Locket server. Must be set when asg_sync_enabled is set to true.
- Default
locket.service.cf.internal:8891
ca_cert
¶The CA certificiate for the CA for Locket.
client_cert
¶The client certificate for Locket.
client_key
¶The private key for Locket.
log_level
¶
Logging level (debug, info, warn, error).
- Default
info
metron_port
¶
Port of metron agent on localhost. This is used to forward metrics.
- Default
3457
retry_deadline_seconds
¶
Maximum amount of time that policy-server-asg-syncer will retry CAPI for when detecting unstable ASG lists
- Default
300
skip_ssl_validation
¶
Skip verifying ssl certs when speaking to UAA or Cloud Controller.
- Default
false
uaa_ca
¶
Trusted CA for UAA server.
uaa_client
¶
UAA client name. Must match the name of a UAA client with the following properties:
authorities: uaa.resource,cloud_controller.admin_read_only
,
authorities: uaa.resource,cloud_controller.admin_read_only
.
- Default
network-policy
uaa_client_secret
¶
UAA client secret. Must match the secret of the above UAA client.
uaa_hostname
¶
Host name for the UAA server. E.g. the service advertised via Consul DNS. Must match common name in the UAA server cert. Must be listed in uaa.zones.internal.hostnames
.
- Default
uaa.service.cf.internal
uaa_port
¶
Port of the UAA server. Must match uaa.ssl.port
.
- Default
8443
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/policy-server-asg-syncer/
directory
(learn more).
config/bpm.yml
(frombpm.yml.erb
)config/certs/cc_ca.crt
(fromcc_ca.crt.erb
)config/certs/cc_internal_ca.crt
(fromcc_internal_ca.crt.erb
)config/certs/cc_internal_client.crt
(fromcc_internal_client.crt.erb
)config/certs/cc_internal_client.key
(fromcc_internal_client.key.erb
)config/certs/database_ca.crt
(fromdatabase_ca.crt.erb
)config/certs/locket.crt
(fromlocket.crt.erb
)config/certs/locket.key
(fromlocket.key.erb
)config/certs/locket_ca.crt
(fromlocket_ca.crt.erb
)config/certs/uaa_ca.crt
(fromuaa_ca.crt.erb
)config/policy-server-asg-syncer.json
(frompolicy-server-asg-syncer.json.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.