cloud_controller_ng job from cf/217
The Cloud Controller provides primary Cloud Foundry API that is by the CF CLI. The Cloud Controller uses a database to keep tables for organizations, spaces, apps, services, service instances, user roles, and more. Typically multiple instances of Cloud Controller are load balanced.
Github source:
68a2ec67
or
master branch
Properties¶
app_domains
¶
Array of domains for user apps (example: ‘user.app.space.foo’, a user app called ‘neat’ will listen at ‘http://neat.user.app.space.foo')
app_ssh
¶
host_key_fingerprint
¶Fingerprint of the host key of the SSH proxy that brokers connections to application instances
port
¶External port for SSH access to application instances
- Default
2222
build
¶
- Default
"2222"
cc
¶
allow_app_ssh_access
¶Allow users to change the value of the app-level allow_ssh attribute
- Default
true
allowed_cors_domains
¶List of domains (including scheme) from which Cross-Origin requests will be accepted, a * can be used as a wildcard for any part of a domain
- Default
[]
app_bits_max_body_size
¶Maximum body size for nginx bits uploads
- Default
1536M
app_bits_upload_grace_period_in_seconds
¶Extra token expiry time while uploading big apps.
- Default
1200
app_events
¶
cutoff_age_in_days
¶How old an app event should stay in cloud controller database before being cleaned up
- Default
31
app_usage_events
¶
cutoff_age_in_days
¶How old an app usage event should stay in cloud controller database before being cleaned up
- Default
31
audit_events
¶
cutoff_age_in_days
¶How old an audit event should stay in cloud controller database before being cleaned up
- Default
31
broker_client_default_async_poll_interval_seconds
¶Specifies interval on which the CC will poll a service broker for asynchronous actions. If the service broker provides a value, this value is the minimum accepted value the broker can provide.
- Default
60
broker_client_max_async_poll_duration_minutes
¶The max duration the CC will fetch service instance state from a service broker (in minutes). Default is 1 week
- Default
10080
broker_client_timeout_seconds
¶For requests to service brokers, this is the HTTP (open and read) timeout setting.
- Default
60
buildpacks
¶
buildpack_directory_key
¶Directory (bucket) used store buildpacks. It does not have be pre-created.
- Default
cc-buildpacks
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for buildpack downloads
- Default
""
fog_connection
¶Fog connection hash
bulk_api_password
¶Password used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS
bulk_api_user
¶User used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS
- Default
bulk_api
cc_partition
¶Deprecated. Defines a ‘partition’ for the health_manager job
- Default
default
client_max_body_size
¶Maximum body size for nginx
- Default
15M
db_encryption_key
¶key for encrypting sensitive values in the CC database
- Default
""
db_logging_level
¶Log level for cc database operations
- Default
debug2
default_app_disk_in_mb
¶The default disk space an app gets
- Default
1024
default_app_memory
¶How much memory given to an app if not specified
- Default
1024
default_fog_connection
¶
local_root
¶Local root when fog provider is not overridden (should be an NFS mount if using more than one cloud controller)
- Default
/var/vcap/nfs/shared
provider
¶Local fog provider (should always be ‘Local’), used if fog_connection hash is not provided in the manifest
- Default
Local
default_health_check_timeout
¶Default health check timeout (in seconds) that can be set for the app
- Default
60
default_quota_definition
¶Local to use a local (NFS) file system. AWS to use AWS.
- Default
default
default_running_security_groups
¶The default running security groups that will be seeded in CloudController.
default_stack
¶The default stack to use if no custom stack is specified by an app.
- Default
cflinuxfs2
default_staging_security_groups
¶The default staging security groups that will be seeded in CloudController.
default_to_diego_backend
¶Use Diego backend by default for new apps
- Default
false
development_mode
¶Enable development features for monitoring and insight
- Default
false
diego
¶
nsync_url
¶URL of the Diego nsync service
- Default
http://nsync.service.cf.internal:8787
stager_url
¶URL of the Diego stager service
- Default
http://stager.service.cf.internal:8888
tps_url
¶URL of the Diego tps service
- Default
http://tps.service.cf.internal:1518
directories
¶
diagnostics
¶The directory where operator requested diagnostic files should be placed
- Default
/var/vcap/data/cloud_controller_ng/diagnostics
tmpdir
¶The directory to use for temporary files
- Default
/var/vcap/data/cloud_controller_ng/tmp
disable_custom_buildpacks
¶Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)
- Default
false
droplets
¶
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for droplet downloads
- Default
""
droplet_directory_key
¶Directory (bucket) used store droplets. It does not have be pre-created.
- Default
cc-droplets
fog_connection
¶Fog connection hash
external_host
¶Host part of the cloud_controller api URI, will be joined with value of ‘domain’
- Default
api
external_port
¶External Cloud Controller port
- Default
9022
external_protocol
¶The protocol used to access the CC API from an external entity
- Default
http
failed_jobs
¶
cutoff_age_in_days
¶How old a failed job should stay in cloud controller database before being cleaned up
- Default
31
feature_disabled_message
¶Custom message to use for a disabled feature.
flapping_crash_count_threshold
¶The threshold of crashes after which the app is marked as flapping
- Default
3
info
¶
build
¶build attribute in the /info endpoint
custom
¶Custom values for /v2/info endpoint
description
¶free form description for attribute in the /info endpoint
name
¶name attribute in the /info endpoint
version
¶version attribute in the /info endpoint
install_buildpacks
¶Set of buildpacks to install during deploy
instance_file_descriptor_limit
¶The file descriptors made available to each app instance
- Default
16384
internal_api_password
¶Password used by Diego to access internal endpoints
internal_api_user
¶User name used by Diego to access internal endpoints
- Default
internal_user
jobs
¶
app_bits_packer
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
app_events_cleanup
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
app_usage_events_cleanup
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
blobstore_delete
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
blobstore_upload
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
droplet_deletion
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
droplet_upload
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
global
¶
timeout_in_seconds
¶The longest any job can take before it is cancelled unless overriden per job
- Default
14400
local
¶
number_of_workers
¶Number of local cloud_controller_worker workers
- Default
2
logging_level
¶Log level for cc
- Default
debug2
logging_max_retries
¶Passthru value for Steno logger
- Default
1
maximum_app_disk_in_mb
¶The maximum amount of disk a user can request
- Default
2048
maximum_health_check_timeout
¶Maximum health check timeout (in seconds) that can be set for the app
- Default
180
min_cli_version
¶Minimum version of the CF CLI to work with the API.
min_recommended_cli_version
¶Minimum recommended version of the CF CLI.
newrelic
¶
capture_params
¶Capture and send query params to NewRelic
- Default
false
developer_mode
¶Activate NewRelic developer mode
- Default
false
environment_name
¶The environment name used by NewRelic
- Default
development
license_key
¶The api key for NewRelic
log_file_path
¶The location for NewRelic to log to
- Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode
¶Activate NewRelic monitor mode
- Default
false
transaction_tracer
¶
enabled
¶Enable transaction tracing in NewRelic
- Default
false
record_sql
¶NewRelic’s SQL statement recording mode: [off | obfuscated | raw]
- Default
"off"
packages
¶
app_package_directory_key
¶Directory (bucket) used store app packages. It does not have be pre-created.
- Default
cc-packages
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for app package downloads
- Default
""
fog_connection
¶Fog connection hash
max_package_size
¶Maximum size of application package
- Default
1.073741824e+09
quota_definitions
¶Hash of default quota definitions. Overriden by custom quota definitions.
renderer
¶
default_results_per_page
¶Default number of results returned per page if user does not specify
- Default
50
max_inline_relations_depth
¶Maximum depth of inlined relationships in the result
- Default
2
max_results_per_page
¶Maximum number of results returned per page
- Default
100
resource_pool
¶
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for resource pool downloads
- Default
""
fog_connection
¶Fog connection hash
maximum_size
¶Maximum size of a resource to add to the pool
- Default
5.36870912e+08
minimum_size
¶Minimum size of a resource to add to the pool
- Default
65536
resource_directory_key
¶Directory (bucket) used store app resources. It does not have be pre-created.
- Default
cc-resources
security_group_definitions
¶Array of security groups that will be seeded into CloudController.
stacks
¶Tag used by the DEA to describe capabilities (i.e. ‘Windows7’, ‘python-linux’). DEA and CC must agree.
- Default
- description: Cloud Foundry Linux-based filesystem name: cflinuxfs2
staging_file_descriptor_limit
¶File descriptor limit for staging tasks
- Default
16384
staging_timeout_in_seconds
¶Timeout for staging a droplet
- Default
900
staging_upload_password
¶S3 Secure Access Key for staging droplets on AWS installs; Blobstore password for other IaaSs
- Default
""
staging_upload_user
¶S3 Access key for staging droplets on AWS installs; Blobstore user for other IaaSs
- Default
""
statsd_host
¶The host for the statsd server, defaults to the local metron agent
- Default
127.0.0.1
statsd_port
¶The port for the statsd server, defaults to the local metron agent
- Default
8125
thresholds
¶
api
¶
alert_if_above_mb
¶The cc will alert if memory remains above this threshold for 3 monit cycles
- Default
2250
restart_if_above_mb
¶The cc will restart if memory remains above this threshold for 3 monit cycles
- Default
2450
restart_if_consistently_above_mb
¶The cc will restart if memory remains above this threshold for 15 monit cycles
- Default
2250
uaa_resource_id
¶Name of service to register to UAA
- Default
cloud_controller,cloud_controller_service_permissions
users_can_select_backend
¶Allow non-admin users to switch their apps between DEA and Diego backends
- Default
true
ccdb
¶
address
¶
databases
¶
db_scheme
¶
- Default
postgres
max_connections
¶Maximum connections for Sequel
- Default
25
pool_timeout
¶
- Default
10
port
¶
roles
¶
dea_next
¶
advertise_interval_in_seconds
¶Advertise interval for DEAs
- Default
5
staging_disk_limit_mb
¶Disk limit in mb for staging tasks
- Default
6144
staging_memory_limit_mb
¶Memory limit in mb for staging tasks
- Default
1024
description
¶
- Default
Cloud Foundry sponsored by Pivotal
domain
¶
domain where cloud_controller will listen (api.domain) often the same as the system domain
doppler
¶
enabled
¶Whether to expose the doppler_logging_endpoint listed at /v2/info
- Default
true
port
¶Port for doppler_logging_endpoint listed at /v2/info
- Default
443
use_ssl
¶Whether to use ssl for the doppler_logging_endpoint listed at /v2/info
- Default
true
hm9000
¶
url
¶
logger_endpoint
¶
port
¶Port for logger endpoint listed at /v2/info
- Default
443
use_ssl
¶Whether to use ssl for logger endpoint listed at /v2/info
- Default
true
login
¶
enabled
¶whether use login as the authorization endpoint or not
- Default
true
url
¶
metron_endpoint
¶
host
¶The host used to emit messages to the Metron agent
- Default
127.0.0.1
port
¶The port used to emit messages to the Metron agent
- Default
3456
shared_secret
¶The key used to sign log messages
name
¶
- Default
vcap
nats
¶
machines
¶IP of each NATS cluster member.
password
¶Password for cc client to connect to NATS
port
¶IP port of Cloud Foundry NATS server
user
¶Username for cc client to connect to NATS
nfs_server
¶
address
¶NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)
share_path
¶The location at which to mount the nfs share
request_timeout_in_seconds
¶
Timeout for requests in seconds.
- Default
900
ssl
¶
skip_cert_verify
¶specifies that the job is allowed to skip ssl cert verification
- Default
false
support_address
¶
system_domain
¶
Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen
system_domain_organization
¶
The User Org that owns the system_domain, required if system_domain is defined
- Default
""
uaa
¶
cc
¶
token_secret
¶
clients
¶
cc-service-dashboards
¶
scope
¶Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶Used for generating SSO clients for service brokers.
cc_service_broker_client
¶
scope
¶(DEPRECATED) - Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶(DEPRECATED) - Used for generating SSO clients for service brokers.
cloud_controller_username_lookup
¶
secret
¶Used for fetching usernames from UAA.
jwt
¶
verification_key
¶ssl cert defined in the manifest by the UAA, required by the cc to communicate with UAA
- Default
""
no_ssl
¶when true, uaa uses http, otherwise it uses https
- Default
false
url
¶
version
¶
- Default
"2"
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/cloud_controller_ng/
directory
(learn more).
bin/cloud_controller_migration_ctl
(fromcloud_controller_api_migration_ctl.erb
)bin/cloud_controller_ng_ctl
(fromcloud_controller_api_ctl.erb
)bin/cloud_controller_worker_ctl
(fromcloud_controller_api_worker_ctl.erb
)bin/console
(fromconsole.erb
)bin/dns_health_check
(fromdns_health_check.erb
)bin/drain
(fromdrain.rb
)bin/handle_local_blobstore.sh
(fromhandle_local_blobstore.sh.erb
)bin/nginx_ctl
(fromnginx_ctl.erb
)bin/nginx_newrelic_plugin_ctl
(fromnginx_newrelic_plugin_ctl.erb
)bin/restart_drain
(fromrestart_drain.rb
)bin/ruby_version.sh
(fromruby_version.sh.erb
)config/cloud_controller_ng.yml
(fromcloud_controller_api.yml.erb
)config/mime.types
(frommime.types
)config/newrelic.yml
(fromnewrelic.yml.erb
)config/newrelic_plugin.yml
(fromnewrelic_plugin.yml.erb
)config/nginx.conf
(fromnginx.conf.erb
)config/stacks.yml
(fromstacks.yml.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.