service-fabrik-broker job from service-fabrik/3.259.0
Github source:
520c1a45
or
master branch
Properties¶
agent_operation_timeout
¶
(milliseconds) Timeout duration for any operation done on broker agent
- Default
35000
allow_concurrent_binding_operations
¶
When set to true, it will disable the check for parallel binding/unbinding operation during any OSB operation
- Default
true
allow_concurrent_operations
¶
When set to true, it will disable the check for parallel create/update/delete operation of the service instance
- Default
true
backup
¶
abort_time_out
¶Timeout time for abort of backup to complete in ms (defaults to 5 mins)
- Default
300000
backup_restore_status_check_every
¶Status of deployment backup/restore once in every ms
- Default
120000
backup_restore_status_poller_timeout
¶Timeout for backup/restore status checker in ms
- Default
8.64e+07
consecutive_backup_failure_sla_count
¶Max allowed no backup days in a row (defaults to 3 days)
- Default
3
lock_check_delay_on_restart
¶On restart of service fabrik queries all deployments to see if there is a lock on it. This delay ensures each call is spaced with this delay (ms)
- Default
5000
max_num_on_demand_backup
¶Maximum number of on-demand backups
- Default
2
num_of_allowed_restores
¶Number of allowed restore in backup.restore_history_days
- Default
10
provider
¶IaaS-specific backup provider configuration
reschedule_backup_delay_after_restore
¶Delay to reschedule backup after restore in minutes
- Default
3
restore_history_days
¶Number days to consider for restore quota check
- Default
30
retention_period_in_days
¶Scheduled backups are going to be maintained during this period & cannot be deleted. Beyond this period backups are automatically deleted by backup job
- Default
14
retry_delay_on_error
¶In case of unlock failure 3 retry attempts will be done with this configured delay (milliseconds) in exponential manner
- Default
60000
status_check_every
¶Interval in milliseconds to check the status of service fabrik backup
- Default
120000
transaction_logs_delete_buffer_time
¶Delete transaction logs older than latest successful backup + this buffer time in minutes
- Default
30
broker_drain_message
¶
Drain message that is updated into broker maintenance state. If undefined, then during drain maintenance state is not updated
- Default
BROKER_DRAIN_INITIATED
cf
¶
identity_provider
¶Identity provider for the Cloud Foundry cloud controller
password
¶Admin password for the Cloud Foundry cloud controller
url
¶URL of the Cloud Foundry cloud controller
username
¶Admin username for the Cloud Foundry cloud controller
circuit_breaker
¶
Overridden circuit breaker configuration
common
¶
tls_cacert
¶Trust only remotes providing a certificate signed by the CA given here
tls_client_cert
¶TLS certificate file
tls_client_key
¶TLS key file
deployment_action_timeout
¶
Timeout duration for deployment hook actions
- Default
80000
directors
¶
URL of the Bosh directors
docker
¶
allocate_docker_host_ports
¶Allocate Docker host ports when creating a container
- Default
true
job
¶Name of the swarm/docker job
- Default
swarm_manager
skip_ssl_validation
¶Determines whether the broker should verify SSL certificates when communicating with the Swarm Manager
- Default
true
url
¶Docker URL (HTTP address or Unix socket)
- Default
https://10.11.252.10:2376
volume_driver
¶Volume driver used for Docker containers (only local or lvm-volume-driver are currently supported)
- Default
local
enable_bosh_rate_limit
¶
Switch used to turn on/off rate limiting against BOSH director
- Default
false
enable_circuit_breaker
¶
Switch used to turn on/off circuit breaker
- Default
false
enable_cross_organization_sharing
¶
Determines whether instances can be shared across CF organizations
- Default
false
enable_service_fabrik_v2
¶
Determines whether to enable service fabrik v20
- Default
false
enable_swarm_manager
¶
Determines whether the broker has dependency on swarm manager
- Default
true
event
¶
defaults
¶
cf_last_operation
¶Determines if an HTTP operation is to be additionally treated with cf-last operation semantics
- Default
false
http_inprogress_codes
¶Defines the default in progress HTTP status codes
- Default
- 202
http_success_codes
¶Defines the default HTTP success codes
- Default
- 200 - 201
ignore_service_fabrik_operation
¶Determines if a broker API is being invoked via service fabrik API operation
- Default
false
include_response_body
¶Determines wheter HTTP response body is to be logged or not
- Default
false
log_inprogress_state
¶Determines if an in-progress event is to be logged or not
- Default
true
delete
¶
http_success_codes
¶Defines the HTTP success codes for Delete operation
- Default
- 200 - 410
external
¶
api_requires_admin_scope
¶Only Administrators of the Cloud Foundry cloud controller are allowed to use the Service Fabrik API endpoint
- Default
false
cookie_secret
¶Unique secret key, used to sign sessions
host
¶Domain name used for external endpoints such as dashboards or the Service Fabrik API (will be registered at the router)
log_event
¶Determines whether event logging must be enabled or not
- Default
true
port
¶Port used for external endpoints such as dashboards or the Service Fabrik API
- Default
9292
session_expiry
¶Session expiry time of the session in seconds
- Default
86400
ssl
¶Private key used for external communication
trust_proxy
¶This is required when running an Express app behind a proxy (see http://expressjs.com/en/guide/behind-proxies.html)
- Default
2
feature
¶
AllowInstanceSharing
¶Switch used to turn on/off sharing instances on CF
- Default
true
EnableSecurityGroupsOps
¶Switch used to enable security groups related operations
- Default
true
ServiceInstanceAutoUpdate
¶Switch used to turn on/off schedule update feature
- Default
false
ha_enabled
¶
Switch used to turn on/off the HA support
- Default
false
http_timeout
¶
Timeout duration for any request to broker
- Default
175000
internal
¶
domain_socket
¶
path
¶domain socket path used to communicate with broker monitoring agent
- Default
/tmp/sfevents
internal_url
¶Domain name used for internal endpoints such as administration or the service broker API
ip
¶IP address used for internal endpoints such as administration or the service broker API
log_event
¶Determines whether event logging must be enabled or not
- Default
true
port
¶Port used for internal endpoints such as administration or the service broker API
- Default
9443
ssl
¶
ca
¶CA for internal app SSL certificate
cert
¶Signed certificate used for internal communication
key
¶Private key used for internal communication
lockttl
¶
backup
¶LockTTL in seconds for backup operation
- Default
86400
lifecycle
¶LockTTL in seconds for lifecycle operations create, update, delete
- Default
86400
restore
¶LockTTL in seconds for restore operation
- Default
86400
log_level
¶
Log level of the broker
- Default
info
metering
¶
binding
¶
clientid
¶The client id provided by the metering service
clientsecret
¶The client secret provided by the metering service
metering_url
¶The metering url provided by the metering service
region
¶The region provided by the metering binding
token_url
¶The token url provided by the metering service
create_metering_events
¶Create sfevents crds
- Default
true
enabled
¶True if metering in enabled
- Default
false
error_threshold_hours
¶Time in hours after which an error in sending to MaaS is reported to Riemann
mongodb
¶
agent
¶
provider
¶
container
¶S3/Swift container name where service fabrik’s mongodb backup blobs will be stored
backup
¶
schedule_interval
¶Cron expression defining the backup interval for service fabrik’s internal mongodb’s backup job
deployment_name
¶Bosh deployment name of the internal mongo-db
- Default
service-fabrik-mongodb
provision
¶
network_index
¶Network segment index within the service fabrik network where the internal mongodb is to be provisioned
- Default
1
plan_id
¶Mongo Plan Id from the service catalog which is to be used for provisioning internal mongodb by Fabrik
record_max_fetch_count
¶Max number of records that can be fetched at a time from DB
- Default
300
retry_connect
¶
max_attempt
¶Maximum retry attempts for connecting to DB on errors
- Default
8
min_delay
¶Minimum delay before retry attempt to connect to DB
- Default
120000
url
¶MongoDB connection URL for service-fabrik’s internal needs. ex : mongodb://user:pass@localhost:port/database
monitoring
¶
event_name_prefix
¶All riemann events originating from service fabrik will have this prefix
- Default
CF.service-fabrik
events_logged_in_db
¶Comma seperated list of event names that are to be logged in DB
- Default
create_backup, update_instance
include_response_body
¶Determines if the riemann event should contain the HTTP method response while logging
- Default
false
unauthorized
¶
include_response_body
¶Determines if the unauthorized event should contain the HTTP method response while logging
- Default
true
multi_az_enabled
¶
Switch used to turn on/off the multi-az support
- Default
false
name
¶
Name of the service broker as it will be registered at the Cloud Foundry cloud controller
- Default
service-fabrik-broker
password
¶
Broker’s basic auth password
- Default
secret
quota
¶
enabled
¶If Quota Management Service is enabled
- Default
false
oauthDomain
¶Oauth domain for quota service
password
¶Client secret for quota service
serviceDomain
¶Onboarding Service domain for quota service
username
¶clientId for quota service
whitelist
¶List of whitelisted organitions for which quota check should not happen
riemann
¶
enabled
¶Determines whether events should be forwarded to Riemann
- Default
true
host
¶Riemann Host IP
- Default
10.1.3.1
http_status_codes_to_be_skipped
¶Broker events with http response codes matching this list will be skipped from logging to riemann
- Default
- 400 - 409
log_additional_event
¶Boolean configuration to log additional event to Riemann
- Default
true
port
¶Riemann Port
- Default
5555
prefix
¶Riemann Prefix
- Default
CF
show_errors
¶Determines whether Riemann errors are to be logged or not
- Default
true
send_binding_metadata
¶
When set to false, any metadata will be omitted from the create_binding response. To be used when metadata contains sensitive information
- Default
true
service_addon_jobs
¶
Add on jobs that will be added onto the services deployment
- Default
- iptables-manager
services
¶
Services and plans offered by the broker
skip_ssl_validation
¶
Determines whether the broker should verify SSL certificates when communicating with other endpoints such as the cloud controller or the UAA
- Default
true
sys_log_level
¶
Log level of the messages that are to be forwarded to ELK via syslog transport
- Default
info
syslog
¶
host
¶Syslog ingestor host IP of ELK stack
- Default
10.1.4.3
port
¶Syslog ingestor Port
- Default
5514
username
¶
Broker’s basic auth username
- Default
broker
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/service-fabrik-broker/
directory
(learn more).
bin/drain
(frombin/drain.erb
)bin/health_check
(frombin/health_check.erb
)bin/job_properties.sh
(frombin/job_properties.sh.erb
)bin/service-fabrik-broker_ctl
(frombin/service-fabrik-broker_ctl.erb
)config/circuit-breaker-config.yml
(fromconfig/circuit-breaker-config.yml.erb
)config/eventlog-config-internal.yml
(fromconfig/eventlog-config-internal.yml.erb
)config/settings.yml
(fromconfig/settings.yml.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.