service-fabrik-broker job from service-fabrik/3.219.0

Github source: 60a10501 or master branch

Properties¶

agent_operation_timeout¶

(milliseconds) Timeout duration for any operation done on broker agent

Default

35000

allow_concurrent_binding_operations¶

When set to true, it will disable the check for parallel binding/unbinding operation during any OSB operation

Default

true

allow_concurrent_operations¶

When set to true, it will disable the check for parallel create/update/delete operation of the service instance

Default

true

backup¶

abort_time_out¶

Timeout time for abort of backup to complete in ms (defaults to 5 mins)

Default

300000

backup_restore_status_check_every¶

Status of deployment backup/restore once in every ms

Default

120000

backup_restore_status_poller_timeout¶

Timeout for backup/restore status checker in ms

Default

8.64e+07

consecutive_backup_failure_sla_count¶

Max allowed no backup days in a row (defaults to 3 days)

Default

3

lock_check_delay_on_restart¶

On restart of service fabrik queries all deployments to see if there is a lock on it. This delay ensures each call is spaced with this delay (ms)

Default

5000

max_num_on_demand_backup¶

Maximum number of on-demand backups

Default

2

num_of_allowed_restores¶

Number of allowed restore in backup.restore_history_days

Default

10

provider¶

IaaS-specific backup provider configuration

reschedule_backup_delay_after_restore¶

Delay to reschedule backup after restore in minutes

Default

3

restore_history_days¶

Number days to consider for restore quota check

Default

30

retention_period_in_days¶

Scheduled backups are going to be maintained during this period & cannot be deleted. Beyond this period backups are automatically deleted by backup job

Default

14

retry_delay_on_error¶

In case of unlock failure 3 retry attempts will be done with this configured delay (milliseconds) in exponential manner

Default

60000

status_check_every¶

Interval in milliseconds to check the status of service fabrik backup

Default

120000

transaction_logs_delete_buffer_time¶

Delete transaction logs older than latest successful backup + this buffer time in minutes

Default

30

broker_drain_message¶

Drain message that is updated into broker maintenance state. If undefined, then during drain maintenance state is not updated

Default

BROKER_DRAIN_INITIATED

cf¶

identity_provider¶

Identity provider for the Cloud Foundry cloud controller

password¶

Admin password for the Cloud Foundry cloud controller

url¶

URL of the Cloud Foundry cloud controller

username¶

Admin username for the Cloud Foundry cloud controller

circuit_breaker¶

Overridden circuit breaker configuration

common¶

tls_cacert¶

Trust only remotes providing a certificate signed by the CA given here

tls_client_cert¶

TLS certificate file

tls_client_key¶

TLS key file

deployment_action_timeout¶

Timeout duration for deployment hook actions

Default

80000

directors¶

URL of the Bosh directors

docker¶

allocate_docker_host_ports¶

Allocate Docker host ports when creating a container

Default

true

job¶

Name of the swarm/docker job

Default

swarm_manager

skip_ssl_validation¶

Determines whether the broker should verify SSL certificates when communicating with the Swarm Manager

Default

true

url¶

Docker URL (HTTP address or Unix socket)

Default

https://10.11.252.10:2376

volume_driver¶

Volume driver used for Docker containers (only local or lvm-volume-driver are currently supported)

Default

local

enable_bosh_rate_limit¶

Switch used to turn on/off rate limiting against BOSH director

Default

false

enable_circuit_breaker¶

Switch used to turn on/off circuit breaker

Default

false

enable_cross_organization_sharing¶

Determines whether instances can be shared across CF organizations

Default

false

enable_service_fabrik_v2¶

Determines whether to enable service fabrik v20

Default

false

enable_swarm_manager¶

Determines whether the broker has dependency on swarm manager

Default

true

event¶

defaults¶

cf_last_operation¶

Determines if an HTTP operation is to be additionally treated with cf-last operation semantics

Default

false

http_inprogress_codes¶

Defines the default in progress HTTP status codes

Default

- 202

http_success_codes¶

Defines the default HTTP success codes

Default

  - 200
  - 201

ignore_service_fabrik_operation¶

Determines if a broker API is being invoked via service fabrik API operation

Default

false

include_response_body¶

Determines wheter HTTP response body is to be logged or not

Default

false

log_inprogress_state¶

Determines if an in-progress event is to be logged or not

Default

true

delete¶

http_success_codes¶

Defines the HTTP success codes for Delete operation

Default

  - 200
  - 410

external¶

api_requires_admin_scope¶

Only Administrators of the Cloud Foundry cloud controller are allowed to use the Service Fabrik API endpoint

Default

false

cookie_secret¶

Unique secret key, used to sign sessions

host¶

Domain name used for external endpoints such as dashboards or the Service Fabrik API (will be registered at the router)

log_event¶

Determines whether event logging must be enabled or not

Default

true

port¶

Port used for external endpoints such as dashboards or the Service Fabrik API

Default

9292

session_expiry¶

Session expiry time of the session in seconds

Default

86400

ssl¶

Private key used for external communication

trust_proxy¶

This is required when running an Express app behind a proxy (see http://expressjs.com/en/guide/behind-proxies.html)

Default

2

feature¶

AllowInstanceSharing¶

Switch used to turn on/off sharing instances on CF

Default

true

EnableSecurityGroupsOps¶

Switch used to enable security groups related operations

Default

true

ServiceInstanceAutoUpdate¶

Switch used to turn on/off schedule update feature

Default

false

ha_enabled¶

Switch used to turn on/off the HA support

Default

false

http_timeout¶

Timeout duration for any request to broker

Default

175000

internal¶

domain_socket¶

path¶

domain socket path used to communicate with broker monitoring agent

Default

/tmp/sfevents

internal_url¶

Domain name used for internal endpoints such as administration or the service broker API

ip¶

IP address used for internal endpoints such as administration or the service broker API

log_event¶

Determines whether event logging must be enabled or not

Default

true

port¶

Port used for internal endpoints such as administration or the service broker API

Default

9443

ssl¶

ca¶

CA for internal app SSL certificate

cert¶

Signed certificate used for internal communication

key¶

Private key used for internal communication

lockttl¶

backup¶

LockTTL in seconds for backup operation

Default

86400

lifecycle¶

LockTTL in seconds for lifecycle operations create, update, delete

Default

86400

restore¶

LockTTL in seconds for restore operation

Default

86400

log_level¶

Log level of the broker

Default

info

metering¶

binding¶

clientid¶

The client id provided by the metering service

clientsecret¶

The client secret provided by the metering service

metering_url¶

The metering url provided by the metering service

region¶

The region provided by the metering binding

token_url¶

The token url provided by the metering service

create_metering_events¶

Create sfevents crds

Default

true

enabled¶

True if metering in enabled

Default

false

error_threshold_hours¶

Time in hours after which an error in sending to MaaS is reported to Riemann

mongodb¶

agent¶

provider¶

container¶

S3/Swift container name where service fabrik’s mongodb backup blobs will be stored

backup¶

schedule_interval¶

Cron expression defining the backup interval for service fabrik’s internal mongodb’s backup job

deployment_name¶

Bosh deployment name of the internal mongo-db

Default

service-fabrik-mongodb

provision¶

network_index¶

Network segment index within the service fabrik network where the internal mongodb is to be provisioned

Default

1

plan_id¶

Mongo Plan Id from the service catalog which is to be used for provisioning internal mongodb by Fabrik

record_max_fetch_count¶

Max number of records that can be fetched at a time from DB

Default

300

retry_connect¶

max_attempt¶

Maximum retry attempts for connecting to DB on errors

Default

8

min_delay¶

Minimum delay before retry attempt to connect to DB

Default

120000

url¶

MongoDB connection URL for service-fabrik’s internal needs. ex : mongodb://user:pass@localhost:port/database

monitoring¶

event_name_prefix¶

All riemann events originating from service fabrik will have this prefix

Default

CF.service-fabrik

events_logged_in_db¶

Comma seperated list of event names that are to be logged in DB

Default

create_backup, update_instance

include_response_body¶

Determines if the riemann event should contain the HTTP method response while logging

Default

false

unauthorized¶

include_response_body¶

Determines if the unauthorized event should contain the HTTP method response while logging

Default

true

multi_az_enabled¶

Switch used to turn on/off the multi-az support

Default

false

name¶

Name of the service broker as it will be registered at the Cloud Foundry cloud controller

Default

service-fabrik-broker

password¶

Broker’s basic auth password

Default

secret

quota¶

enabled¶

If Quota Management Service is enabled

Default

false

oauthDomain¶

Oauth domain for quota service

password¶

Client secret for quota service

serviceDomain¶

Onboarding Service domain for quota service

username¶

clientId for quota service

whitelist¶

List of whitelisted organitions for which quota check should not happen

riemann¶

enabled¶

Determines whether events should be forwarded to Riemann

Default

true

host¶

Riemann Host IP

Default

10.1.3.1

http_status_codes_to_be_skipped¶

Broker events with http response codes matching this list will be skipped from logging to riemann

Default

  - 400
  - 409

log_additional_event¶

Boolean configuration to log additional event to Riemann

Default

true

port¶

Riemann Port

Default

5555

prefix¶

Riemann Prefix

Default

CF

show_errors¶

Determines whether Riemann errors are to be logged or not

Default

true

send_binding_metadata¶

When set to false, any metadata will be omitted from the create_binding response. To be used when metadata contains sensitive information

Default

true

service_addon_jobs¶

Add on jobs that will be added onto the services deployment

Default

- iptables-manager

services¶

Services and plans offered by the broker

skip_ssl_validation¶

Determines whether the broker should verify SSL certificates when communicating with other endpoints such as the cloud controller or the UAA

Default

true

sys_log_level¶

Log level of the messages that are to be forwarded to ELK via syslog transport

Default

info

syslog¶

host¶

Syslog ingestor host IP of ELK stack

Default

10.1.4.3

port¶

Syslog ingestor Port

Default

5514

username¶

Broker’s basic auth username

Default

broker

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/service-fabrik-broker/ directory (learn more).

• bin/drain (from bin/drain.erb)
• bin/health_check (from bin/health_check.erb)
• bin/job_properties.sh (from bin/job_properties.sh.erb)
• bin/service-fabrik-broker_ctl (from bin/service-fabrik-broker_ctl.erb)
• config/circuit-breaker-config.yml (from config/circuit-breaker-config.yml.erb)
• config/eventlog-config-internal.yml (from config/eventlog-config-internal.yml.erb)
• config/settings.yml (from config/settings.yml.erb)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• bosh-helpers
• jq
• node
• service-fabrik-broker
• yaml2json