Skip to content

worker job from concourse/7.11.0

The 'worker' nodes are what actually run Concourse workloads (builds, resource checking, etc). They register with Concourse via the SSH worker gateway running on the 'web' nodes.

Github source: 68bdc34 or master branch

Properties

baggageclaim

bind_ip

IP on which Baggageclaim should listen for HTTP traffic. When p2p is enabled this needs to be set to 0.0.0.0

Default
127.0.0.1

bind_port

Port on which Baggageclaim should listen for HTTP traffic.

Default
7788

disable_user_namespaces

Disable remapping of user/group IDs in unprivileged volumes.

For use in combination with ‘runtime.type=houdini’.

Default
false

driver

Driver to use for the volume store. One of detect, overlay, btrfs, or naive.

Default
detect

p2p

interface_family

Interface family to use for peer-to-peer volume streaming.

Set 4 for IPv4 or 6 for IPv6.

Example
4
interface_name_pattern

Regex for determining the network interface to use for peer-to-peer volume streaming.

Example
eth0

certs_path

A path to a directory on the instance to create the resource certificates volume from.

Default
/etc/ssl/certs

connection_drain_timeout

Duration after which a worker should give up draining forwarded connections on shutdown.

Default
1h

container_sweeper_max_in_flight

Maximum number of containers which can be swept in parallel.

containerd

allow_host_access

Allows containers to reach host network

bin

Path to a containerd executable (non-absolute names get resolved from $PATH).

cni_bin

Path to CNI network plugins. For BOSH this defaults to /var/vcap/packages/concourse/bin when containerd is selected as the runtime.

config

Path to a config file to use for the Containerd daemon.

dns_proxy_enable

Enable a proxy DNS server for Garden. Note: this implicitly turns on container access to host network.

dns_servers

List of DNS server IP addresses to use instead of automatically determined servers.

external_ip

IP address to use to reach container’s mapped ports. Autodetected if not specified.

init_bin

Path to an init executable. For BOSH this defaults to /var/vcap/packages/concourse/bin/init when containerd is selected as the runtime.

max_containers

Maximum container capacity. 0 means no limit. Defaults to 250.

mtu

MTU size for container network interfaces. Defaults to the MTU of the interface used for outbound access by the host.

network_pool

Network range to use for dynamically allocated container subnets. Defaults to “10.80.0.0/16”.

oci_hooks_dir

Path to the oci hooks dir. By default none is provided.

request_timeout

Time to wait for requests to Containerd to complete. 0 means no timeout.

restricted_networks

List of network ranges to which traffic from containers will be restricted.

seccomp_profile

Path to a seccomp filter override. By default will use a restrictive default set.

debug

bind_ip

IP address on which to listen for the pprof debugger endpoints.

Default
127.0.0.1

bind_port

Port on which to listen for the pprof debugger endpoints.

Default
7776

drain_timeout

Maximum wait time in Go duration format (1m = 1 minute) for worker drain to be finished. Only applies when worker is getting shutdown.

Default
1h

ephemeral

If set, the worker will immediately disappear upon stalling.

Default
false

external_garden_url

API endpoint of an externally managed Garden server to use instead of running the embedded Garden server.

garden

allow_host_access

Allow containers to reach the worker VM’s network.

bin

Path to a gdn executable (non-absolute names get resolved from $PATH).

config_ini

Contents of the Garden configuration. Use to customize the container runtime. This may over-ride any other environment variables specified. See: https://concourse-ci.org/concourse-worker.html#configuring-gdn-server

deny_networks

Network ranges to which traffic from containers will be denied.

Example
[]

dns_servers

DNS servers IP addresses to use instead of automatically propagating the host’s DNS configuration.

Example
[]

max_containers

Maximum container capacity to advertise. 0 means no limit. Defaults to 250.

network_pool

Network range to use for dynamically allocated container subnets. Defaults to “10.80.0.0/16”.

request_timeout

How long to wait for requests to Garden to complete, in Go duration format (48h = 48 hours). 0 means no timeout.

Example
5m

healthcheck

bind_ip

IP address on which to listen for health checking requests.

bind_port

Port on which to listen for health checking requests.

timeout

HTTP timeout for the full duration of health checking.

http_proxy_url

Proxy to use for outgoing http requests from containers.

https_proxy_url

Proxy to use for outgoing https requests from containers.

log_level

The log level for the worker. When set to debug, you’ll see a lot more information.

Default
info

no_proxy

A list domains and IPs with optional port for which the proxy should be bypassed.

Example
- localhost
- 127.0.0.1
- example.com
- domain.com:8080

runtime

Container runtime for worker. Possible values are “guardian”, “containerd”, and “houdini”. Please note that Houdini is insecure and does not run tasks in containers.

Example
guardian

sweep_interval

Interval on which to destroy containers and volumes marked for garbage collection.

Default
30s

tags

An array of tags to advertise for each worker.

Example
- special

team

Register the worker for a single team.

If not specified, the worker will be shared across all teams.

tracing

attributes

Attributes to attach to traces as metadata.

Example
environment: ci

honeycomb_api_key

Honeycomb.io API Key.

honeycomb_dataset

Name of dataset.

Example
web

jaeger_endpoint

jaeger HTTP-based Thrift collector.

Example
http://jaeger:14268/api/traces

jaeger_service

Name of the service being traced.

Example
web

jaeger_tags

Tags to include in components.

Example
foo:bar,caz:zaz

otlp_address

OTLP address to send traces to.

Example
otel-collector:55860

otlp_headers

Headers to attach to each tracing message.

Example
lightstep-access-token: mysecrettoken

otlp_use_tls

Whether to use TLS for the OTLP connection.

service_name

Service name to attach to traces as metadata.

Example
concourse-web

stackdriver_projectid

GCP’s Project ID

Example
my-projectid

volume_sweeper_max_in_flight

Maximum number of volumes which can be swept in parallel.

worker_gateway

host_public_key

Public key to verify for the TSA server. If not specified, the web link is used.

Example
ssh-rsa ...

hosts

Addresses (host:port) of TSA servers to register with.

If not specified, the web link is used.

rebalance_interval

The interval on which the worker will connect to a new SSH gateway and drain the old connection. This has the effect of rebalancing the forwarded workers across the SSH gateways over time.

Example
4h

worker_key

SSH key to use when authenticating with the TSA.

Example
private_key: |+
  -----BEGIN RSA PRIVATE KEY-----
  ...
  -----END RSA PRIVATE KEY-----
public_key: ssh-rsa ...

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/worker/ directory (learn more).

  • bin/concourse_start (from concourse_start.erb)
  • bin/concourse_stop (from concourse_stop.erb)
  • bin/ctl (from ctl.erb)
  • bin/drain (from drain.erb)
  • bin/pre_start (from pre_start.erb)
  • config/concourse.service (from concourse.service)
  • config/env.sh (from env.sh.erb)
  • config/garden.ini (from garden.ini.erb)
  • config/worker_gateway_host_key.pub (from worker_gateway_host_key.pub.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.