Skip to content

aws_cpi job from bosh-aws-cpi/96

Github source: 8ba863f or master branch

Properties

agent

blobstore

access_key_id

AWS access_key_id for agent used by s3 blobstore plugin (Required when blobstore.credentials_source is set to static)

address

Address for agent to connect to blobstore server used by dav blobstore plugin

credentials_source

Where to get AWS credentials for the aws cpi. This can be set to static for to use an access_key_id and secret_access_key or env_or_profile to get the credentials from environment variables or an EC2 instance profile.

host

Host of agent blobstore server used by s3 blobstore plugin

s3_port

Port of agent blobstore server used by s3 blobstore plugin

s3_region

AWS region for agent used by s3 blobstore plugin (Required when blobstore.credentials_source is set to static)

s3_signature_version

Signature version used to connect to an s3 blobstore

secret_access_key

AWS secret_access_key for agent used by s3 blobstore plugin (Required when blobstore.credentials_source is set to static)

server_side_encryption

Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)

sse_kms_key_id

AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.

ssl_verify_peer

Whether the agent blobstore plugin should verify its peer when using SSL

use_ssl

Whether the s3 blobstore plugin should use SSL to connect to the blobstore server

mbus

Agent mbus

nats

address

Address of the nats server

aws

access_key_id

AWS access_key_id for the aws cpi (Required when aws.credentials_source is set to static)

connection_options

ca_cert

All required custom CA certificates

Example
'-----BEGIN CERTIFICATE----- MII... -----END CERTIFICATE-----'

credentials_source

Where to get AWS credentials for the aws cpi. This can be set to static to use an access_key_id and secret_access_key or env_or_profile to get the credentials from environment variables or an EC2 instance profile.

Default
static

default_iam_instance_profile

Default AWS iam_instance_profile for the aws cpi

default_key_name

Default SSH keypair used for new VMs

Example
- bosh

default_security_groups

Default security groups for new VMs (required)

Example
- bosh-grp

ec2_endpoint

AWS EC2 service endpoint, without protocol/scheme (Optional: default endpoint will be constructed from region if not specified)

Example
ec2.us-east-1.amazonaws.com

elb_endpoint

AWS ELB service endpoint, without protocol/scheme (Optional: default endpoint will be constructed from region if not specified)

Example
elasticloadbalancing.us-east-1.amazonaws.com

encrypted

Encrypts all instances’ volumes

Default
false

kms_key_arn

Encrypts all instances’ volumes with the given KMS key. (aws.encrypted) should be true

Example
arn:aws:kms:us-east-1:XXXXXX:key/e1c1f008-779b-4ebe-8116-0a34b77747dd

max_retries

The maximum number of times AWS service errors and throttling errors should be retried. There is an exponential backoff in between retries, so the more retries the longer it can take to fail. This only applies to the AWS client passing calls to the AWS API.

Default
8

metadata_options

Metadata configuration options that are set on a VM during creation. These options should be snake-cased properties accepted by the ModifyInstanceMetadataOptions endpoint (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataOptions.html). e.g. http_put_response_hop_limit.

region

AWS region name (Required unless both ec2_endpoint and elb_endpoint are specified)

Example
us-east-1

secret_access_key

AWS secret_access_key for the aws cpi (Required when aws.credentials_source is set to static)

session_token

AWS session_token when using STS credentials for the aws cpi (Optional, used when aws.credentials_source is set to static)

stemcell

kernel_id

AWS kernel id used by aws cpi

blobstore

access_key_id

AWS access_key_id used by s3 blobstore plugin (Required when blobstore.credentials_source is set to static)

address

Address of blobstore server used by dav blobstore plugin

agent

password

Password agent uses to connect to blobstore used by dav blobstore plugin (Required only when user is provided)

user

Username agent uses to connect to blobstore used by dav blobstore plugin (Optional)

bucket_name

AWS S3 Bucket used by s3 blobstore plugin

credentials_source

Where to get AWS credentials for the aws cpi. This can be set to static for to use an access_key_id and secret_access_key or env_or_profile to get the credentials from environment variables or an EC2 instance profile.

Default
static

host

Host of blobstore server used by s3 blobstore plugin

path

local blobstore path

port

Port of blobstore server used by dav blobstore plugin

Default
25250

provider

Provider of the blobstore used by director and agent (dav|local|s3)

Default
dav

s3_port

Port of blobstore server used by s3 blobstore plugin

Default
443

s3_region

AWS region used by s3 blobstore plugin (Required when blobstore.credentials_source is set to static)

s3_signature_version

Signature version used to connect to an s3 blobstore

secret_access_key

AWS secret_access_key used by s3 blobstore plugin (Required when blobstore.credentials_source is set to static)

server_side_encryption

Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)

sse_kms_key_id

AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.

ssl_verify_peer

Whether the s3 blobstore plugin should verify its peer when using SSL

use_ssl

Whether the s3 blobstore plugin should use SSL to connect to the blobstore server

Default
true

debug

cpi

api_version

api_version supported by cpi (can be used as an override for fallback).

env

http_proxy

Http proxy to connect to cloud API’s

https_proxy

Https proxy to connect to cloud API’s

no_proxy

No proxy environment variable

nats

address

Address of the nats server

password

Password to connect to nats with

port

Port that the nats server listens on

Default
4222

user

Username to connect to nats with

Default
nats

ntp

List of ntp server IPs. pool.ntp.org attempts to return IPs closest to your location, but you can still specify if needed.

Default
  - 0.pool.ntp.org
  - 1.pool.ntp.org

registry

host

Address of the Registry to connect to

password

Password to access the Registry

port

Port of the Registry to connect to

Default
25777

username

User to access the Registry

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/aws_cpi/ directory (learn more).

  • bin/cpi (from cpi.erb)
  • bin/cpi_ctl (from cpi_ctl.erb)
  • config/cacert.pem (from cacert.pem.erb)
  • config/cpi.json (from cpi.json.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.