Skip to content

policy-server-internal job from cf-networking/1.13.0

Github source: e773941b or master branch

Properties

cf_networking

disable

Disable container to container networking.

Default
false

policy_server_internal

ca_cert

Trusted CA certificate that was used to sign the vxlan policy agent’s client cert and key.

connect_timeout_seconds

Connection timeout between the policy server and its database. Also used by Consul DNS health check.

Default
120
debug_port

Port for the debug server. Use this to adjust log level at runtime or dump process stats.

Default
31945
health_check_port

Port for the debug server. Use this to adjust log level at runtime or dump process stats.

Default
31946
internal_listen_port

Port where the policy server will serve its internal API.

Default
4003
listen_ip

IP address where the policy server will serve its API.

Default
0.0.0.0
log_level

Logging level (debug, info, warn, error).

Default
info
metron_port

Port of metron agent on localhost. This is used to forward metrics.

Default
3457
server_cert

Server certificate for TLS. Must have common name that matches the Consul DNS name of the policy server, eg policy-server.service.cf.internal.

server_key

Server key for TLS.

tag_length

Length in bytes of the packet tags to generate for policy sources and destinations. Must be greater than 0 and less than or equal to 4. If using VXLAN GBP, must be less than or equal to 2.

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/policy-server-internal/ directory (learn more).

  • bin/dns_health_check (from dns_health_check.erb)
  • bin/policy-server-internal_as_vcap (from policy-server-internal_as_vcap.erb)
  • bin/policy-server-internal_ctl (from policy-server-internal_ctl.erb)
  • bin/pre-start (from pre-start.erb)
  • config/certs/ca.crt (from ca.crt.erb)
  • config/certs/server.crt (from server.crt.erb)
  • config/certs/server.key (from server.key.erb)
  • config/policy-server-internal.json (from policy-server-internal.json.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.