cloud_controller_clock job from cf/271
The Cloud Controller clock periodically schedules Cloud Controller clean up tasks for app usage events, audit events, failed jobs, and more. Only single instance of this job is necessary.
Github source:
c3d10276
or
master branch
Properties¶
app_domains
¶
Array of domains for user apps (example: ‘user.app.space.foo’, a user app called ‘neat’ will listen at ‘http://neat.user.app.space.foo')
- Example
-
|+ - name: example.com - name: tcp.example.com router_group_name: default-tcp
build
¶
‘build’ attribute in the /v2/info endpoint
- Default
""
cc
¶
allow_app_ssh_access
¶Allow users to change the value of the app-level allow_ssh attribute
- Default
true
app_bits_upload_grace_period_in_seconds
¶Extra token expiry time while uploading big apps.
- Default
1200
app_events
¶
cutoff_age_in_days
¶How old an app event should stay in cloud controller database before being cleaned up
- Default
31
app_usage_events
¶
cutoff_age_in_days
¶How old an app usage event should stay in cloud controller database before being cleaned up
- Default
31
audit_events
¶
cutoff_age_in_days
¶How old an audit event should stay in cloud controller database before being cleaned up
- Default
31
bits_service
¶
enabled
¶Enable integration of the bits-service incubator (experimental)
- Default
false
password
¶Password for the bits-service
- Default
""
private_endpoint
¶Private url for the bits-service service
- Default
""
public_endpoint
¶Public url for the bits-service service
- Default
""
username
¶Username for the bits-service
- Default
""
broker_client_timeout_seconds
¶For requests to service brokers, this is the HTTP (open and read) timeout setting.
- Default
60
buildpacks
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
buildpack_directory_key
¶Directory (bucket) used store buildpacks. It does not have be pre-created.
- Default
cc-buildpacks
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for buildpack downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
bulk_api_password
¶Password used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS
bulk_api_user
¶User used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS
- Default
bulk_api
cc_partition
¶Deprecated. Defines a ‘partition’ for the health_manager job
- Default
default
client_max_body_size
¶Maximum body size for nginx
- Default
1536M
completed_tasks
¶
cutoff_age_in_days
¶How long a completed task will stay in cloud controller database before being cleaned up based on last updated time with success or failure.
- Default
31
db_encryption_key
¶key for encrypting sensitive values in the CC database
- Default
""
db_logging_level
¶Log level for cc database operations
- Default
debug2
default_app_disk_in_mb
¶The default disk space an app gets
- Default
1024
default_app_memory
¶How much memory given to an app if not specified
- Default
1024
default_health_check_timeout
¶Default health check timeout (in seconds) that can be set for the app
- Default
60
default_quota_definition
¶Local to use a local (NFS) file system. AWS to use AWS.
- Default
default
default_running_security_groups
¶The default running security groups that will be seeded in CloudController.
default_stack
¶The default stack to use if no custom stack is specified by an app.
- Default
cflinuxfs2
default_staging_security_groups
¶The default staging security groups that will be seeded in CloudController.
diego
¶
bbs
¶
url
¶URL of the BBS Server
- Default
https://bbs.service.cf.internal:8889
cc_uploader_url
¶URL of cc uploader
- Default
http://cc-uploader.service.cf.internal:9090
file_server_url
¶URL of file server
- Default
http://file-server.service.cf.internal:8080
lifecycle_bundles
¶List of lifecycle bundles arguments for different stacks
- Default
buildpack/cflinuxfs2: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows2012R2: windows_app_lifecycle/windows_app_lifecycle.tgz docker: docker_app_lifecycle/docker_app_lifecycle.tgz
nsync_url
¶URL of the Diego nsync service
- Default
http://nsync.service.cf.internal:8787
pid_limit
¶Maximum pid limit for containerized work running user-provided code
- Default
1024
stager_url
¶URL of the Diego stager service
- Default
http://stager.service.cf.internal:8888
temporary_cc_uploader_mtls
¶Temporary flag to ensure droplet upload callback endpoints require mTLS
- Default
false
temporary_droplet_download_mtls
¶Temporary flag to enable mTLS droplet download to the bbs from cc
- Default
false
temporary_local_apps
¶Temporary flag to manage app state directly to the bbs from cc
- Default
false
temporary_local_staging
¶Temporary flag to enable staging directly to the bbs from cc
- Default
false
temporary_local_sync
¶Temporary flag to manage app state directly to the bbs from cc
- Default
false
temporary_local_tasks
¶Temporary flag to run tasks directly to the bbs from cc
- Default
false
temporary_local_tps
¶Temporary flag to manage app state directly to the bbs from cc
- Default
false
temporary_oci_buildpack_mode
¶Temporary flag to enable OCI buildpack flow. Valid values: ‘oci-phase-1’
tps_url
¶URL of the Diego tps service
- Default
http://tps.service.cf.internal:1518
use_privileged_containers_for_running
¶Whether or not to use privileged containers for running buildpack apps and tasks.
- Default
false
use_privileged_containers_for_staging
¶Whether or not to use privileged containers for staging tasks.
- Default
false
diego_sync
¶
frequency_in_seconds
¶How often to synchronize CC’s database with Diego’s
- Default
30
disable_custom_buildpacks
¶Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)
- Default
false
droplets
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for droplet downloads
- Default
""
droplet_directory_key
¶Directory (bucket) used store droplets. It does not have be pre-created.
- Default
cc-droplets
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
external_host
¶Host part of the cloud_controller api URI, will be joined with value of ‘domain’
- Default
api
external_port
¶External Cloud Controller port
- Default
9022
external_protocol
¶The protocol used to access the CC API from an external entity
- Default
https
failed_jobs
¶
cutoff_age_in_days
¶How old a failed job should stay in cloud controller database before being cleaned up
- Default
31
flapping_crash_count_threshold
¶The threshold of crashes after which the app is marked as flapping
- Default
3
install_buildpacks
¶Set of buildpacks to install during deploy
instance_file_descriptor_limit
¶The file descriptors made available to each app instance
- Default
16384
internal_api_password
¶Password used by Diego to access internal endpoints
internal_api_user
¶User name used by Diego to access internal endpoints
- Default
internal_user
internal_service_hostname
¶Internal hostname used to resolve the address of the Cloud Controller
- Default
cloud-controller-ng.service.cf.internal
jobs
¶
app_bits_packer
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
app_usage_events_cleanup
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
blobstore_delete
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
blobstore_upload
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
diego_sync
¶
timeout_in_seconds
¶The longest the diego sync job can take before another is enqueued
- Default
600
droplet_deletion
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
droplet_upload
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
global
¶
timeout_in_seconds
¶The longest any job can take before it is cancelled unless overriden per job
- Default
14400
logging_level
¶Log level for cc
- Default
info
logging_max_retries
¶Passthru value for Steno logger
- Default
1
maximum_app_disk_in_mb
¶The maximum amount of disk a user can request
- Default
2048
maximum_health_check_timeout
¶Maximum health check timeout (in seconds) that can be set for the app
- Default
180
mutual_tls
¶
ca_cert
¶PEM-encoded CA certificate for secure, mutually authenticated TLS communication
private_key
¶PEM-encoded key for secure, mutually authenticated TLS communication
public_cert
¶PEM-encoded certificate for secure, mutually authenticated TLS communication
newrelic
¶
capture_params
¶Capture and send query params to NewRelic
- Default
false
developer_mode
¶Activate NewRelic developer mode
- Default
false
environment_name
¶The environment name used by NewRelic
- Default
development
license_key
¶The api key for NewRelic
log_file_path
¶The location for NewRelic to log to
- Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode
¶Activate NewRelic monitor mode
- Default
false
transaction_tracer
¶
enabled
¶Enable transaction tracing in NewRelic
- Default
false
record_sql
¶NewRelic’s SQL statement recording mode: [off | obfuscated | raw]
- Default
"off"
packages
¶
app_package_directory_key
¶Directory (bucket) used store app packages. It does not have be pre-created.
- Default
cc-packages
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for app package downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
max_package_size
¶Maximum size of application package
- Default
1.073741824e+09
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
pending_builds
¶
frequency_in_seconds
¶How often the pending builds cleanup job runs
- Default
300
pending_droplets
¶
frequency_in_seconds
¶How often the pending droplets cleanup job runs
- Default
300
quota_definitions
¶Hash of default quota definitions. Overriden by custom quota definitions.
renderer
¶
default_results_per_page
¶Default number of results returned per page if user does not specify
- Default
50
max_inline_relations_depth
¶Maximum depth of inlined relationships in the result
- Default
2
max_results_per_page
¶Maximum number of results returned per page
- Default
100
reserved_private_domains
¶File location of a list of reserved private domains (for file format, see https://publicsuffix.org/)
resource_pool
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for resource pool downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
maximum_size
¶Maximum size of a resource to add to the pool
- Default
5.36870912e+08
minimum_size
¶Minimum size of a resource to add to the pool
- Default
65536
resource_directory_key
¶Directory (bucket) used store app resources. It does not have be pre-created.
- Default
cc-resources
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
security_group_definitions
¶Array of security groups that will be seeded into CloudController.
service_usage_events
¶
cutoff_age_in_days
¶How old a service usage event should stay in cloud controller database before being cleaned up
- Default
31
shared_isolation_segment_name
¶Name of the shared isolation segment created at startup. This field can be updated, but subject to the following caveat: Using the name of an existing IS will cause a deployment to fail. To recover, redeploy using the last valid Shared Isolation Segment name.
- Default
shared
stacks
¶Tag used by the DEA to describe capabilities (i.e. ‘Windows7’, ‘python-linux’). DEA and CC must agree.
- Default
- description: Cloud Foundry Linux-based filesystem name: cflinuxfs2
staging_file_descriptor_limit
¶File descriptor limit for staging tasks
- Default
16384
staging_timeout_in_seconds
¶Timeout for staging a droplet
- Default
900
staging_upload_password
¶User’s password used to access internal endpoints of Cloud Controller to upload files when staging
- Default
""
staging_upload_user
¶User name used to access internal endpoints of Cloud Controller to upload files when staging
- Default
""
system_hostnames
¶List of hostnames for which routes cannot be created on the system domain.
- Default
- api - uaa - login - doppler - loggregator - hm9000
thresholds
¶
api
¶
alert_if_above_mb
¶The cc will alert if memory remains above this threshold for 3 monit cycles
- Default
3500
restart_if_above_mb
¶The cc will restart if memory remains above this threshold for 3 monit cycles
- Default
3750
restart_if_consistently_above_mb
¶The cc will restart if memory remains above this threshold for 15 monit cycles
- Default
3500
tls_port
¶External Cloud Controller port
- Default
9023
uaa
¶
internal_url
¶The internal url used by UAA
- Default
uaa.service.cf.internal
uaa_resource_id
¶Name of service to register to UAA
- Default
cloud_controller,cloud_controller_service_permissions
users_can_select_backend
¶Allow non-admin users to switch their apps between DEA and Diego backends
- Default
true
ccdb
¶
address
¶The address of the database server
ca_cert
¶The ca cert to use when communicating with the database over SSL
databases
¶Contains the name of the database on the database server
db_scheme
¶The type of database being used. mysql or postgres
- Default
postgres
max_connections
¶Maximum connections for Sequel
- Default
25
pool_timeout
¶The timeout for Sequel pooled connections
- Default
10
port
¶The port of the database server
roles
¶Users to create on the database when seeding
ssl_verify_hostname
¶Verify that the database SSL certificate matches the host to which the connection is attempted
- Default
false
dea_next
¶
staging_disk_limit_mb
¶Disk limit in mb for staging tasks
- Default
6144
staging_memory_limit_mb
¶Memory limit in mb for staging tasks
- Default
1024
description
¶
‘description’ attribute in the /v2/info endpoint
- Default
""
domain
¶
Deprecated in favor of system_domain. Domain where cloud_controller will listen (api.domain)
doppler
¶
port
¶Port for doppler_logging_endpoint listed at /v2/info
- Default
443
use_ssl
¶Whether to use ssl for the doppler_logging_endpoint listed at /v2/info
- Default
true
hm9000
¶
port
¶Port of the hm9000 Api Server
- Default
5155
url
¶URL of the hm9000 server
login
¶
enabled
¶whether use login as the authorization endpoint or not
- Default
true
protocol
¶http or https
- Default
https
url
¶URL of the login server
metron_endpoint
¶
host
¶The host used to emit messages to the Metron agent
- Default
127.0.0.1
port
¶The port used to emit messages to the Metron agent
- Default
3457
name
¶
‘name’ attribute in the /v2/info endpoint
- Default
""
request_timeout_in_seconds
¶
Timeout for requests in seconds.
- Default
900
routing_api
¶
enabled
¶Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API
- Default
false
ssl
¶
skip_cert_verify
¶specifies that the job is allowed to skip ssl cert verification
- Default
false
support_address
¶
‘support’ attribute in the /v2/info endpoint
- Default
""
system_domain
¶
Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen
system_domain_organization
¶
An organization that will be created as part of the seeding process. When the system_domain is not shared with (in the list of) app_domains, this is required as the system_domain will be created as a PrivateDomain in this organization.
- Default
system
uaa
¶
ca_cert
¶The certificate authority being used by UAA
cc
¶
token_secret
¶Symmetric secret used to decode uaa tokens. Used for testing.
clients
¶
cc-service-dashboards
¶
scope
¶Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶Used for generating SSO clients for service brokers.
cc_routing
¶
secret
¶Used for fetching routing information from the Routing API
cc_service_broker_client
¶
scope
¶(DEPRECATED) - Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶(DEPRECATED) - Used for generating SSO clients for service brokers.
port
¶The port used by UAA for non-ssl connections
ssl
¶
port
¶The port used by UAA for ssl connections
- Default
8443
url
¶URL of the UAA server
version
¶
‘version’ attribute in the /v2/info endpoint
- Default
0
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/cloud_controller_clock/
directory
(learn more).
bin/cloud_controller_clock_ctl
(fromcloud_controller_clock_ctl.erb
)bin/console
(fromconsole.erb
)bin/drain
(fromdrain.sh
)bin/pre-start
(frompre-start.sh.erb
)bin/ruby_version.sh
(fromruby_version.sh.erb
)config/certs/db_ca.crt
(fromdb_ca.crt.erb
)config/certs/mutual_tls.crt
(frommutual_tls.crt.erb
)config/certs/mutual_tls.key
(frommutual_tls.key.erb
)config/certs/mutual_tls_ca.crt
(frommutual_tls_ca.crt.erb
)config/certs/uaa_ca.crt
(fromuaa_ca.crt.erb
)config/cloud_controller_ng.yml
(fromcloud_controller_clock.yml.erb
)config/newrelic.yml
(fromnewrelic.yml.erb
)config/stacks.yml
(fromstacks.yml.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.