shield-agent job from shield/8.8.2

Github source: 6854a7c or master branch

Properties¶

`agent`¶

key¶

SSH public key used for securing communications between SHIELD Agents and the SHIELD Core.

macs¶

List of message authentication code implementations to allow when negotiating SSH with the core.
Default
  - [email protected]
  - hmac-sha2-256
  - hmac-sha1

`core`¶

ca¶

The PEM-encoded certificate of the CA that signed the Shield Certificate. The SHIELD agent needs this so that it can trust the Shield-Core certificate.

`env`¶

auto¶

Augment the plugin environment with the appropriate bin/, sbin/, and lib/ directories from all BOSH packages named ‘shield-addon-*’
Default
true
http_proxy¶

The URL of an upstream HTTP proxy for proxying all unencrypted web communications (pursuant to env.no_proxy).

https_proxy¶

The URL of an upstream HTTP proxy for proxying all encrypted web communications (pursuant to env.no_proxy).

libs¶

A list of paths to append to $LD_LIBRARY_PATH, so that plugins can use tools and utilities when they run.

no_proxy¶

A list of domains, partial domains (i.e. “.example.com”), and IP addresses that should not be routed through env.http_proxy and env.https_proxy.

path¶

A list of paths to append to $PATH, so that plugins can find tools and utilities when they run.

`log-level`¶

Log level for shield-agent processes

Default

error

`name`¶

Name of the agent, used for registration. The placeholders ‘(deployment)’, ‘(name)’, ‘(index)’, and ‘(az)’ can be used, to pull information from the BOSH deployment.

Default

(deployment)/(name)@(az)/(index)

`plugin_paths`¶

Map of paths that the binary of the plugins can be found

Example

|+
  plugin_paths:
    atmos: /var/vcap/packages/atmos-plugin/bin

`port`¶

port to run agent

Default

`require-shield-core`¶

Require the SHIELD Core (via the ‘shield’ link, or at shield-url) to be up when we provision. This is on by default, but can be disabled if the operator needs a deployment to continue on even in the event of agent / core miscommunication.

Default

true

`shield-url`¶

The URL of the SHIELD core that this agent should register with. If you use the ‘shield’ link, this property will be ignored.

`ulimit`¶

fds¶

The maximum number of open files (including sockets) that the shield-agent process can have.
Default
default

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/shield-agent/ directory (learn more).

bin/shield-agent (from bin/shield-agent)
config/agent.conf (from config/agent.conf)
config/agent.key (from config/agent.key)
config/tls/shield.ca (from config/tls/shield.ca)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

shield

shield-agent job from shield/8.8.2

Properties¶

`agent`¶

`key`¶

`macs`¶

`core`¶

`ca`¶

`env`¶

`auto`¶

`http_proxy`¶

`https_proxy`¶

`libs`¶

`no_proxy`¶

`path`¶

`log-level`¶

`name`¶

`plugin_paths`¶

`port`¶

`require-shield-core`¶

`shield-url`¶

`ulimit`¶

`fds`¶

Templates¶

Packages¶

shield-agent job from shield/8.8.2

Properties¶

agent¶

key¶

macs¶

core¶

ca¶

env¶

auto¶

http_proxy¶

https_proxy¶

libs¶

no_proxy¶

path¶

log-level¶

name¶

plugin_paths¶

port¶

require-shield-core¶

shield-url¶

ulimit¶

fds¶

Templates¶

Packages¶

`agent`¶

`key`¶

`macs`¶

`core`¶

`ca`¶

`env`¶

`auto`¶

`http_proxy`¶

`https_proxy`¶

`libs`¶

`no_proxy`¶

`path`¶

`log-level`¶

`name`¶

`plugin_paths`¶

`port`¶

`require-shield-core`¶

`shield-url`¶

`ulimit`¶

`fds`¶