Skip to content

director job from bosh/264.1

Github source: 3314948 or master branch

Properties

agent

blobstore

access_key_id

AWS access_key_id for agent used by s3 blobstore plugin

address

Address for agent to connect to blobstore server used by simple blobstore plugin

credentials_source

AWS or GCP Credential Source (static / env_or_profile / none)

Default
static
encryption_key

Customer-Supplied Encryption key used when storing blobs in GCS (Optional - Base64 encoded 32 byte key)

host

Host of blobstore server used by simple blobstore plugin

json_key

Contents of a GCP JSON service account file used for static credentials_source (optional)

port

Port for agent to connect to blobstore server used by simple blobstore plugin

s3_region

AWS region for agent used by s3 blobstore plugin

s3_signature_version

Signature version of the blobstore used by s3 blobstore plugin (optional, if not provided the s3 client decides which version to use)

secret_access_key

AWS secret_access_key for agent used by s3 blobstore plugin

server_side_encryption

Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)

sse_kms_key_id

AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.

ssl_verify_peer

Verify the SSL certificate used on the blobstore?

Default
true
storage_class

Storage Class used when storing blobs in GCS (optional, if not provided uses bucket default)

use_ssl

Whether the simple blobstore plugin should use SSL to connect to the blobstore server

Default
true

nats

address

Address for agent to connect to nats

blobstore

access_key_id

AWS access_key_id used by s3 blobstore plugin

address

Address of blobstore server used by simple blobstore plugin

agent

password

Password agent uses to connect to blobstore used by simple blobstore plugin

user

Username agent uses to connect to blobstore used by simple blobstore plugin

bucket_name

AWS S3 or GCP GCS Bucket used by external blobstore plugin

credentials_source

AWS or GCP Credential Source (static / env_or_profile / none)

Default
static

director

password

Password director uses to connect to blobstore used by simple blobstore plugin

user

Username director uses to connect to blobstore used by simple blobstore plugin

encryption_key

Customer-Supplied Encryption key used when storing blobs in GCS (Optional - Base64 encoded 32 byte key)

host

Host of blobstore server used by simple blobstore plugin

json_key

Contents of a GCP JSON service account file used for static credentials_source (optional)

port

Port of blobstore server used by simple blobstore plugin

Default
25250

provider

Provider of the blobstore used by director and agent (dav|simple|s3|gcs)

Default
dav

s3_port

Port of blobstore server used by s3 blobstore plugin

Default
443

s3_region

Region of the blobstore used by s3 blobstore plugin

s3_signature_version

Signature version of the blobstore used by s3 blobstore plugin (optional, if not provided the s3 client decides which version to use)

secret_access_key

AWS secret_access_key used by s3 blobstore plugin

server_side_encryption

Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)

sse_kms_key_id

AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.

ssl_verify_peer

Verify the SSL certificate used on the blobstore?

Default
true

storage_class

Storage Class used when storing blobs in GCS (optional, if not provided uses bucket default)

use_ssl

Whether the simple blobstore plugin should use SSL to connect to the blobstore server

Default
true

compiled_package_cache

options

access_key_id

AWS access_key_id used for the compiled package cache

bucket_name

AWS S3 Bucket used for the compiled package cache

credentials_source

AWS credentials (static / env_or_profile)

Default
static
host

Host of blobstore server used for compiled package cache

port

Port of blobstore server used for compiled package cache

Default
25250
s3_port

Port of blobstore server used by s3 blobstore plugin

Default
443
s3_signature_version

Signature version of the blobstore used by s3 blobstore plugin (optional, if not provided the s3 client decides which version to use)

secret_access_key

AWS secret_access_key used for the compiled package cache

server_side_encryption

Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)

sse_kms_key_id

AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.

ssl_verify_peer

Verify the SSL certificate used on the blobstore?

Default
true
use_ssl

Whether the simple blobstore plugin should use SSL to connect to the blobstore server

Default
true

provider

Provider of the blobstore used for the compiled package cache

Default
s3

director

auto_fix_stateful_nodes

Enable/Disable auto resolution for stateful nodes for scan_and_fix (true|false)

Default
true

backend_port

Port that the director listens on

Default
25556

backup_destination

Configuration of the blobstore used by director for backups (dav|simple|s3)

Example
options:
  access_key_id: AKIAA1B2C3D4...
  bucket_name: some-bucket-name
  credentials_source: static
  region: eu-central-1
  secret_access_key: a1b2c3d4...
provider: s3

backup_schedule

RufusScheduler cron formatted schedule for backups

config_server

ca_cert

CA cert to trust when communicating with Config Server

enabled

When true, replace substitution values in manifest with values from Config Server

Default
false
uaa
ca_cert

CA cert to trust when communicating with UAA

client_id

UAA client id to access Config Server

client_secret

UAA client secret to access Config Server

url

URL for the UAA server used for authenticating access to Config Server

url

URL for the Config Server

cpi_job

Name of cpi job (null to use bundled cpi gems)

db

adapter

The type of database used (mysql2|postgres|sqlite)

Default
postgres
connection_options

Additional options for the database

Default
  max_connections: 32
  pool_timeout: 10
database

Name of the director database

Default
bosh
host

Address of the director database, for example, in the case of AWS RDS: rds-instance-name.coqxxxxxxxxx.us-east-1.rds.amazonaws.com

Default
127.0.0.1
password

Password used for the director database

port

Port of the director database (e.g, msyql2 adapter would generally use 3306)

Default
5432
user

Username used for the director database

Default
bosh

debug

keep_unreachable_vms

When a bosh deploy fails, the failed VM will be kept instead of destroyed

Default
false

default_ssh_options

gateway_host

Default host to use as ssh gateway with bosh ssh command

gateway_user

Default user to use with bosh ssh command

Default
vcap

disks

cleanup_schedule

RufusScheduler cron formatted schedule for cleanup of orphaned disks and orphaned snapshots

Default
0 0,30 * * * * UTC
max_orphaned_age_in_days

Days to keep orphaned disks and orhaned snapshots before cleanup

Default
5

enable_cpi_resize_disk

Enable/Disable native CPI disk resizing (true|false)

Default
false

enable_dedicated_status_worker

Separate worker for ‘bosh vms’ and ‘bosh ssh’

Default
false

enable_nats_delivered_templates

When true, rendered templates will be sent over NATs

Default
false

enable_post_deploy

When true, all templates will run their post_deploy script once deployment is complete

Default
false

enable_snapshots

Enable/Disable snapshots for persistent disks (true|false)

Default
false

enable_virtual_delete_vms

When true, bosh will not delete vm from cloud when instance update, just destroy vm record in db

Default
false

events

cleanup_schedule

RufusScheduler cron formatted schedule for cleanup of events

Default
0 * * * * UTC
max_events

Max number of events to keep

Default
10000
record_events

Enable recording of events to the database and syslog

Default
false

flush_arp

Clear up arp entries when machines are recreated

Default
false

generate_vm_passwords

When true, a random unique password will be used for each vm if user has not specified a password

Default
false

ignore_missing_gateway

Allow gateway to be omitted from subnet configuration. Boshlite vms(containers) do not require gateway.

Default
false

ipv6_listen

Enable binding to IPv6 addresses

Default
false

local_dns

enabled

Enables local DNS, i.e., sending sync_dns messages with all names/IPs to all agents managed by this director

Default
false
include_index

If local DNS is enabled, then include_index will cause director to propagate dns records with instance index number as well as dns records with instance ID

Default
false
use_dns_addresses

When true, address references in rendered templates will evaluate to DNS entries rather than IP addresses

Default
false

log_access_events_to_syslog

Access to api is logged to the syslog

Default
false

max_tasks

Max number of tasks per each type to keep in disk

Default
2000

max_threads

Max number of director concurrent threads

Default
32

max_upload_size

Max allowed file size for upload

Default
10000m

max_vm_create_tries

Max retries when creating VMs

Default
5

name

Name of the director

nginx

ssl_ciphers

List of SSL ciphers to allow (format: https://www.openssl.org/docs/manmaster/man1/ciphers.html - CIPHER LIST FORMAT section)

Default
DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
ssl_prefer_server_ciphers

Prefer server’s cipher priority instead of client’s (true for On, false for Off)

Default
true
ssl_protocols

SSL/TLS protocols to allow

Default
TLSv1.2
workers

Number of nginx workers for director

Default
2

port

Port that the director nginx listens on

Default
25555

proxy_timeout

Timeout for proxy connection from nginx to director

Default
900

remove_dev_tools

When true, remove dev tool packages from non-compilation VMs

Default
false

self_snapshot_schedule

RufusScheduler cron formatted schedule for self snapshots

Default
0 0 6 * * * UTC

snapshot_schedule

RufusScheduler cron formatted schedule for snapshots

Default
0 0 7 * * * UTC

ssl

cert

SSL Certificate for director (PEM encoded)

key

SSL private key for director (PEM encoded)

timeout

Timeout for connection from bosh CLI to nginx

Default
7200

trusted_certs

Cerfiticates that VMs created by this director should trust in addition to those packaged with the stemcell (PEM encoded; zero or more certs allowed)

Default
""

user_management

local
users

List of users that can authenticate with director in non-Uaa mode

provider

User management implementation (local|uaa)

Default
local
uaa
public_key

Public key to verify Uaa token when token is encoded with asymmetric encryption

symmetric_key

Symmetric key to verify Uaa token

url

Uaa URL, specify either the url or the urls attribute

urls

List of Uaa URLs, specify either the url or the urls attribute

workers

Number of director workers

Default
3

dns

address

Address of the powerdns server

db

adapter

DNS Database adapter

Default
postgres
connection_options

Additional options for the powerdns database

Default
  max_connections: 32
  pool_timeout: 10
database

Name of the powerdns database

Default
bosh
host

DNS Database host

Default
127.0.0.1
password

DNS Database password

port

Port that the powerdns database listens on

Default
5432
user

DNS Database user

Default
bosh

domain_name

TLD of the dns zone used by bosh

Default
bosh

env

http_proxy

HTTP proxy that the director, scheduler and workers should use

https_proxy

HTTPS proxy that the director, scheduler and workers should use

no_proxy

List of comma-separated hosts that should skip connecting to the proxy in the director, scheduler and workers

nats

address

Address of the nats server

port

Port that the nats server listens on

Default
4222

tls

ca

CA cert to trust when communicating with NATS server

client_ca
certificate

Certificate for NATs mutual TLS (Director uses to generate Agent cert)

private_key

Private Key for NATs mutual TLS (Director uses to generate Agent cert)

director
certificate

Certificate for NATs mutual TLS (Director client)

private_key

Private Key for NATs mutual TLS (Director client)

ntp

List of ntp server IPs. pool.ntp.org attempts to return IPs closest to your location, but you can still specify if needed.

Default
  - 0.pool.ntp.org
  - 1.pool.ntp.org

registry

address

Address of the Registry to connect to

password

Password to access the Registry

port

Port of the Registry to connect to

Default
25777

username

User to access the Registry

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/director/ directory (learn more).

  • bin/bbr/backup (from bbr_backup)
  • bin/bbr/restore (from bbr_restore)
  • bin/director_ctl (from director_ctl.erb)
  • bin/drain (from drain)
  • bin/nginx_ctl (from nginx_ctl)
  • bin/pre-start (from pre-start.erb)
  • bin/ps_utils.sh (from ps_utils.sh)
  • bin/restore-db (from restore-db)
  • bin/scheduler_ctl (from scheduler_ctl.erb)
  • bin/stemcell-copy (from stemcell-copy.sh)
  • bin/sync_dns_ctl (from sync_dns_ctl.erb)
  • bin/task_logrotate (from task_logrotate.sh)
  • bin/worker_ctl (from worker_ctl.erb)
  • config/config_server_ca.cert (from config_server_ca.cert.erb)
  • config/director.yml.erb (from director.yml.erb.erb)
  • config/mime.types (from mime.types)
  • config/nats_client_ca_certificate.pem (from nats_client_ca_certificate.pem.erb)
  • config/nats_client_ca_private_key (from nats_client_ca_private_key.erb)
  • config/nats_client_certificate.pem (from nats_client_certificate.pem.erb)
  • config/nats_client_private_key (from nats_client_private_key.erb)
  • config/nats_server_ca.pem (from nats_server_ca.pem.erb)
  • config/nginx.conf (from nginx.conf.erb)
  • config/ssl/director.key (from director.key.erb)
  • config/ssl/director.pem (from director.pem.erb)
  • config/sudoers (from sudoers)
  • config/task_logrotate.cron (from task_logrotate.cron)
  • config/uaa_server_ca.cert (from uaa_server_ca.cert.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.