worker job from concourse/7.10.0
The 'worker' nodes are what actually run Concourse workloads (builds, resource checking, etc). They register with Concourse via the SSH worker gateway running on the 'web' nodes.
Github source:
9243682
or
master branch
Properties¶
baggageclaim
¶
bind_ip
¶IP on which Baggageclaim should listen for HTTP traffic. When p2p is enabled this needs to be set to 0.0.0.0
- Default
127.0.0.1
bind_port
¶Port on which Baggageclaim should listen for HTTP traffic.
- Default
7788
disable_user_namespaces
¶Disable remapping of user/group IDs in unprivileged volumes.
For use in combination with ‘runtime.type=houdini’.
- Default
false
driver
¶Driver to use for the volume store. One of detect, overlay, btrfs, or naive.
- Default
detect
p2p
¶
interface_family
¶Interface family to use for peer-to-peer volume streaming.
Set 4 for IPv4 or 6 for IPv6.
- Example
4
interface_name_pattern
¶Regex for determining the network interface to use for peer-to-peer volume streaming.
- Example
eth0
certs_path
¶
A path to a directory on the instance to create the resource certificates volume from.
- Default
/etc/ssl/certs
connection_drain_timeout
¶
Duration after which a worker should give up draining forwarded connections on shutdown.
- Default
1h
container_sweeper_max_in_flight
¶
Maximum number of containers which can be swept in parallel.
containerd
¶
allow_host_access
¶Allows containers to reach host network
bin
¶Path to a containerd executable (non-absolute names get resolved from $PATH).
cni_bin
¶Path to CNI network plugins. For BOSH this defaults to /var/vcap/packages/concourse/bin when containerd is selected as the runtime.
config
¶Path to a config file to use for the Containerd daemon.
dns_proxy_enable
¶Enable a proxy DNS server for Garden. Note: this implicitly turns on container access to host network.
dns_servers
¶List of DNS server IP addresses to use instead of automatically determined servers.
external_ip
¶IP address to use to reach container’s mapped ports. Autodetected if not specified.
init_bin
¶Path to an init executable. For BOSH this defaults to /var/vcap/packages/concourse/bin/init when containerd is selected as the runtime.
max_containers
¶Maximum container capacity. 0 means no limit. Defaults to 250.
mtu
¶MTU size for container network interfaces. Defaults to the MTU of the interface used for outbound access by the host.
network_pool
¶Network range to use for dynamically allocated container subnets. Defaults to “10.80.0.0/16”.
oci_hooks_dir
¶Path to the oci hooks dir. By default none is provided.
request_timeout
¶Time to wait for requests to Containerd to complete. 0 means no timeout.
restricted_networks
¶List of network ranges to which traffic from containers will be restricted.
seccomp_profile
¶Path to a seccomp filter override. By default will use a restrictive default set.
debug
¶
bind_ip
¶IP address on which to listen for the pprof debugger endpoints.
- Default
127.0.0.1
bind_port
¶Port on which to listen for the pprof debugger endpoints.
- Default
7776
drain_timeout
¶
Maximum wait time in Go duration format (1m = 1 minute) for worker drain to be finished. Only applies when worker is getting shutdown.
- Default
1h
ephemeral
¶
If set, the worker will immediately disappear upon stalling.
- Default
false
external_garden_url
¶
API endpoint of an externally managed Garden server to use instead of running the embedded Garden server.
garden
¶
allow_host_access
¶Allow containers to reach the worker VM’s network.
bin
¶Path to a gdn executable (non-absolute names get resolved from $PATH).
config_ini
¶Contents of the Garden configuration. Use to customize the container runtime. This may over-ride any other environment variables specified. See: https://concourse-ci.org/concourse-worker.html#configuring-gdn-server
deny_networks
¶Network ranges to which traffic from containers will be denied.
- Example
[]
dns_servers
¶DNS servers IP addresses to use instead of automatically propagating the host’s DNS configuration.
- Example
[]
max_containers
¶Maximum container capacity to advertise. 0 means no limit. Defaults to 250.
network_pool
¶Network range to use for dynamically allocated container subnets. Defaults to “10.80.0.0/16”.
request_timeout
¶How long to wait for requests to Garden to complete, in Go duration format (48h = 48 hours). 0 means no timeout.
- Example
5m
healthcheck
¶
bind_ip
¶IP address on which to listen for health checking requests.
bind_port
¶Port on which to listen for health checking requests.
timeout
¶HTTP timeout for the full duration of health checking.
http_proxy_url
¶
Proxy to use for outgoing http requests from containers.
https_proxy_url
¶
Proxy to use for outgoing https requests from containers.
log_level
¶
The log level for the worker. When set to debug, you’ll see a lot more information.
- Default
info
no_proxy
¶
A list domains and IPs with optional port for which the proxy should be bypassed.
- Example
-
- localhost - 127.0.0.1 - example.com - domain.com:8080
runtime
¶
Container runtime for worker. Possible values are “guardian”, “containerd”, and “houdini”. Please note that Houdini is insecure and does not run tasks in containers.
- Example
-
guardian
sweep_interval
¶
Interval on which to destroy containers and volumes marked for garbage collection.
- Default
30s
tags
¶
An array of tags to advertise for each worker.
- Example
-
- special
team
¶
Register the worker for a single team.
If not specified, the worker will be shared across all teams.
tracing
¶
attributes
¶Attributes to attach to traces as metadata.
- Example
environment: ci
honeycomb_api_key
¶Honeycomb.io API Key.
honeycomb_dataset
¶Name of dataset.
- Example
web
jaeger_endpoint
¶jaeger HTTP-based Thrift collector.
- Example
http://jaeger:14268/api/traces
jaeger_service
¶Name of the service being traced.
- Example
web
jaeger_tags
¶Tags to include in components.
- Example
foo:bar,caz:zaz
otlp_address
¶OTLP address to send traces to.
- Example
otel-collector:55860
otlp_headers
¶Headers to attach to each tracing message.
- Example
lightstep-access-token: mysecrettoken
otlp_use_tls
¶Whether to use TLS for the OTLP connection.
service_name
¶Service name to attach to traces as metadata.
- Example
concourse-web
stackdriver_projectid
¶GCP’s Project ID
- Example
my-projectid
volume_sweeper_max_in_flight
¶
Maximum number of volumes which can be swept in parallel.
worker_gateway
¶
host_public_key
¶Public key to verify for the TSA server. If not specified, the
web
link is used.
- Example
ssh-rsa ...
hosts
¶Addresses (host:port) of TSA servers to register with.
If not specified, the
web
link is used.
rebalance_interval
¶The interval on which the worker will connect to a new SSH gateway and drain the old connection. This has the effect of rebalancing the forwarded workers across the SSH gateways over time.
- Example
4h
worker_key
¶SSH key to use when authenticating with the TSA.
- Example
private_key: |+ -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- public_key: ssh-rsa ...
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/worker/
directory
(learn more).
bin/concourse_start
(fromconcourse_start.erb
)bin/concourse_stop
(fromconcourse_stop.erb
)bin/ctl
(fromctl.erb
)bin/drain
(fromdrain.erb
)bin/pre_start
(frompre_start.erb
)config/concourse.service
(fromconcourse.service
)config/env.sh
(fromenv.sh.erb
)config/garden.ini
(fromgarden.ini.erb
)config/worker_gateway_host_key.pub
(fromworker_gateway_host_key.pub.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.