Skip to content

shield-agent job from shield/8.0.16

Github source: 10bcc88 or master branch

Properties

agent

key

SSH public key used for securing communications between SHIELD Agents and the SHIELD Core.

core

ca

The PEM-encoded certificate of the CA that signed the Shield Certificate. The SHIELD agent needs this so that it can trust the Shield-Core certificate.

env

auto

Augment the plugin environment with the appropriate bin/, sbin/, and lib/ directories from all BOSH packages named ‘shield-addon-*’

Default
true

http_proxy

The URL of an upstream HTTP proxy for proxying all unencrypted web communications (pursuant to env.no_proxy).

https_proxy

The URL of an upstream HTTP proxy for proxying all encrypted web communications (pursuant to env.no_proxy).

libs

A list of paths to append to $LD_LIBRARY_PATH, so that plugins can use tools and utilities when they run.

no_proxy

A list of domains, partial domains (i.e. “.example.com”), and IP addresses that should not be routed through env.http_proxy and env.https_proxy.

path

A list of paths to append to $PATH, so that plugins can find tools and utilities when they run.

log-level

Log level for shield-agent processes

Default
error

name

Name of the agent, used for registration. The placeholders ‘(deployment)’, ‘(name)’, ‘(index)’, and ‘(az)’ can be used, to pull information from the BOSH deployment.

Default
(deployment)/(name)@(az)/(index)

plugin_paths

Map of paths that the binary of the plugins can be found

Example
|+
  plugin_paths:
    atmos: /var/vcap/packages/atmos-plugin/bin

port

port to run agent

Default
5444

require-shield-core

Require the SHIELD Core (via the ‘shield’ link, or at shield-url) to be up when we provision. This is on by default, but can be disabled if the operator needs a deployment to continue on even in the event of agent / core miscommunication.

Default
true

shield-url

The URL of the SHIELD core that this agent should register with. If you use the ‘shield’ link, this property will be ignored.

ulimit

fds

The maximum number of open files (including sockets) that the shield-agent process can have.

Default
default

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/shield-agent/ directory (learn more).

  • bin/shield-agent (from bin/shield-agent)
  • config/agent.conf (from config/agent.conf)
  • config/agent.key (from config/agent.key)
  • config/tls/shield.ca (from config/tls/shield.ca)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.