aws_cpi job from bosh-aws-cpi/96
Github source:
8ba863f
or
master branch
Properties¶
agent
¶
blobstore
¶
access_key_id
¶AWS access_key_id for agent used by s3 blobstore plugin (Required when blobstore.credentials_source is set to
static
)
address
¶Address for agent to connect to blobstore server used by dav blobstore plugin
credentials_source
¶Where to get AWS credentials for the aws cpi. This can be set to
static
for to use anaccess_key_id
andsecret_access_key
orenv_or_profile
to get the credentials from environment variables or an EC2 instance profile.
host
¶Host of agent blobstore server used by s3 blobstore plugin
s3_port
¶Port of agent blobstore server used by s3 blobstore plugin
s3_region
¶AWS region for agent used by s3 blobstore plugin (Required when blobstore.credentials_source is set to
static
)
s3_signature_version
¶Signature version used to connect to an s3 blobstore
secret_access_key
¶AWS secret_access_key for agent used by s3 blobstore plugin (Required when blobstore.credentials_source is set to
static
)
server_side_encryption
¶Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)
sse_kms_key_id
¶AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.
ssl_verify_peer
¶Whether the agent blobstore plugin should verify its peer when using SSL
use_ssl
¶Whether the s3 blobstore plugin should use SSL to connect to the blobstore server
mbus
¶Agent mbus
nats
¶
address
¶Address of the nats server
aws
¶
access_key_id
¶AWS access_key_id for the aws cpi (Required when aws.credentials_source is set to
static
)
connection_options
¶
ca_cert
¶All required custom CA certificates
- Example
'-----BEGIN CERTIFICATE----- MII... -----END CERTIFICATE-----'
credentials_source
¶Where to get AWS credentials for the aws cpi. This can be set to
static
to use anaccess_key_id
andsecret_access_key
orenv_or_profile
to get the credentials from environment variables or an EC2 instance profile.
- Default
static
default_iam_instance_profile
¶Default AWS iam_instance_profile for the aws cpi
default_key_name
¶Default SSH keypair used for new VMs
- Example
- bosh
default_security_groups
¶Default security groups for new VMs (required)
- Example
- bosh-grp
ec2_endpoint
¶AWS EC2 service endpoint, without protocol/scheme (Optional: default endpoint will be constructed from region if not specified)
- Example
ec2.us-east-1.amazonaws.com
elb_endpoint
¶AWS ELB service endpoint, without protocol/scheme (Optional: default endpoint will be constructed from region if not specified)
- Example
elasticloadbalancing.us-east-1.amazonaws.com
encrypted
¶Encrypts all instances’ volumes
- Default
false
kms_key_arn
¶Encrypts all instances’ volumes with the given KMS key. (aws.encrypted) should be true
- Example
arn:aws:kms:us-east-1:XXXXXX:key/e1c1f008-779b-4ebe-8116-0a34b77747dd
max_retries
¶The maximum number of times AWS service errors and throttling errors should be retried. There is an exponential backoff in between retries, so the more retries the longer it can take to fail. This only applies to the AWS client passing calls to the AWS API.
- Default
8
metadata_options
¶Metadata configuration options that are set on a VM during creation. These options should be snake-cased properties accepted by the ModifyInstanceMetadataOptions endpoint (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataOptions.html). e.g.
http_put_response_hop_limit
.
region
¶AWS region name (Required unless both ec2_endpoint and elb_endpoint are specified)
- Example
us-east-1
secret_access_key
¶AWS secret_access_key for the aws cpi (Required when aws.credentials_source is set to
static
)
session_token
¶AWS session_token when using STS credentials for the aws cpi (Optional, used when aws.credentials_source is set to
static
)
stemcell
¶
kernel_id
¶AWS kernel id used by aws cpi
blobstore
¶
access_key_id
¶AWS access_key_id used by s3 blobstore plugin (Required when blobstore.credentials_source is set to
static
)
address
¶Address of blobstore server used by dav blobstore plugin
agent
¶
password
¶Password agent uses to connect to blobstore used by dav blobstore plugin (Required only when user is provided)
user
¶Username agent uses to connect to blobstore used by dav blobstore plugin (Optional)
bucket_name
¶AWS S3 Bucket used by s3 blobstore plugin
credentials_source
¶Where to get AWS credentials for the aws cpi. This can be set to
static
for to use anaccess_key_id
andsecret_access_key
orenv_or_profile
to get the credentials from environment variables or an EC2 instance profile.
- Default
static
host
¶Host of blobstore server used by s3 blobstore plugin
path
¶local blobstore path
port
¶Port of blobstore server used by dav blobstore plugin
- Default
25250
provider
¶Provider of the blobstore used by director and agent (dav|local|s3)
- Default
dav
s3_port
¶Port of blobstore server used by s3 blobstore plugin
- Default
443
s3_region
¶AWS region used by s3 blobstore plugin (Required when blobstore.credentials_source is set to
static
)
s3_signature_version
¶Signature version used to connect to an s3 blobstore
secret_access_key
¶AWS secret_access_key used by s3 blobstore plugin (Required when blobstore.credentials_source is set to
static
)
server_side_encryption
¶Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)
sse_kms_key_id
¶AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.
ssl_verify_peer
¶Whether the s3 blobstore plugin should verify its peer when using SSL
use_ssl
¶Whether the s3 blobstore plugin should use SSL to connect to the blobstore server
- Default
true
debug
¶
cpi
¶
api_version
¶api_version supported by cpi (can be used as an override for fallback).
env
¶
http_proxy
¶Http proxy to connect to cloud API’s
https_proxy
¶Https proxy to connect to cloud API’s
no_proxy
¶No proxy environment variable
nats
¶
address
¶Address of the nats server
password
¶Password to connect to nats with
port
¶Port that the nats server listens on
- Default
4222
user
¶Username to connect to nats with
- Default
nats
ntp
¶
List of ntp server IPs. pool.ntp.org attempts to return IPs closest to your location, but you can still specify if needed.
- Default
- 0.pool.ntp.org - 1.pool.ntp.org
registry
¶
host
¶Address of the Registry to connect to
password
¶Password to access the Registry
port
¶Port of the Registry to connect to
- Default
25777
username
¶User to access the Registry
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/aws_cpi/
directory
(learn more).
bin/cpi
(fromcpi.erb
)bin/cpi_ctl
(fromcpi_ctl.erb
)config/cacert.pem
(fromcacert.pem.erb
)config/cpi.json
(fromcpi.json.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.