cloud_controller_ng job from cf/256
The Cloud Controller provides primary Cloud Foundry API that is by the CF CLI. The Cloud Controller uses a database to keep tables for organizations, spaces, apps, services, service instances, user roles, and more. Typically multiple instances of Cloud Controller are load balanced.
Github source:
b6343b5a
or
master branch
Properties¶
app_domains
¶
Array of domains for user apps (example: ‘user.app.space.foo’, a user app called ‘neat’ will listen at ‘http://neat.user.app.space.foo')
- Example
-
|+ - name: example.com - name: tcp.example.com router_group_name: default-tcp
app_ssh
¶
host_key_fingerprint
¶Fingerprint of the host key of the SSH proxy that brokers connections to application instances. Supported fingerprint formats: SHA256 (recommended), SHA1 and MD5 Example fingerprints by format: SHA256: 0KmvfcwFCnwQRviOJEwZtnz5qoi76BVb8dm3/vgilCI SHA1: b8:80:2c:8c:d7:25:ad:2a:b4:8c:02:34:52:06:f7:ba:1f:0d:02:de MD5: d2:d6:b9:d7:f9:c4:15:70:de:af:c7:36:88:3a:60:12
oauth_client_id
¶The oauth client ID of the SSH proxy
- Default
ssh-proxy
port
¶External port for SSH access to application instances
- Default
2222
build
¶
‘build’ attribute in the /v2/info endpoint
- Default
""
cc
¶
allow_app_ssh_access
¶Allow users to change the value of the app-level allow_ssh attribute
- Default
true
allowed_cors_domains
¶List of domains (including scheme) from which Cross-Origin requests will be accepted, a * can be used as a wildcard for any part of a domain
- Default
[]
app_bits_max_body_size
¶Maximum body size for nginx bits uploads
- Default
1536M
app_bits_upload_grace_period_in_seconds
¶Extra token expiry time while uploading big apps.
- Default
1200
app_events
¶
cutoff_age_in_days
¶How old an app event should stay in cloud controller database before being cleaned up
- Default
31
app_usage_events
¶
cutoff_age_in_days
¶How old an app usage event should stay in cloud controller database before being cleaned up
- Default
31
audit_events
¶
cutoff_age_in_days
¶How old an audit event should stay in cloud controller database before being cleaned up
- Default
31
bits_service
¶
enabled
¶Enable integration of the bits-service incubator (experimental)
- Default
false
password
¶Password for the bits-service
- Default
""
private_endpoint
¶Private url for the bits-service service
- Default
""
public_endpoint
¶Public url for the bits-service service
- Default
""
username
¶Username for the bits-service
- Default
""
broker_client_default_async_poll_interval_seconds
¶Specifies interval on which the CC will poll a service broker for asynchronous actions. If the service broker provides a value, this value is the minimum accepted value the broker can provide.
- Default
60
broker_client_max_async_poll_duration_minutes
¶The max duration the CC will fetch service instance state from a service broker (in minutes). Default is 1 week
- Default
10080
broker_client_timeout_seconds
¶For requests to service brokers, this is the HTTP (open and read) timeout setting.
- Default
60
buildpacks
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
buildpack_directory_key
¶Directory (bucket) used store buildpacks. It does not have be pre-created.
- Default
cc-buildpacks
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for buildpack downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.
- Default
{}
fog_connection
¶Fog connection hash
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
bulk_api_password
¶Password used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS
bulk_api_user
¶User used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS
- Default
bulk_api
cc_partition
¶Deprecated. Defines a ‘partition’ for the health_manager job
- Default
default
client_max_body_size
¶Maximum body size for nginx
- Default
15M
completed_tasks
¶
cutoff_age_in_days
¶How long a completed task will stay in cloud controller database before being cleaned up based on last updated time with success or failure.
- Default
31
core_file_pattern
¶Filename template for core dump files. Use an empty string if you don’t want core files saved.
- Default
/var/vcap/sys/cores/core-%e-%s-%p-%t
db_encryption_key
¶key for encrypting sensitive values in the CC database
- Default
""
db_logging_level
¶Log level for cc database operations
- Default
debug2
dea_use_https
¶enable ssl for communication with DEAs
- Default
false
default_app_disk_in_mb
¶The default disk space an app gets
- Default
1024
default_app_memory
¶How much memory given to an app if not specified
- Default
1024
default_app_ssh_access
¶When ssh is allowed and not explicitly set in the application, new applications will start with ssh service enabled
- Default
true
default_health_check_timeout
¶Default health check timeout (in seconds) that can be set for the app
- Default
60
default_quota_definition
¶The name of the quota definition CC will fallback on for org and space limits from the list of quota definitions.
- Default
default
default_running_security_groups
¶The default running security groups that will be seeded in CloudController. Note: security groups are only seeded on the first deploy, after which they should be managed via the API
default_stack
¶The default stack to use if no custom stack is specified by an app.
- Default
cflinuxfs2
default_staging_security_groups
¶The default staging security groups that will be seeded in CloudController. Note: security groups are only seeded on the first deploy, after which they should be managed via the API
default_to_diego_backend
¶Use Diego backend by default for new apps
- Default
false
development_mode
¶Enable development features for monitoring and insight
- Default
false
diego
¶
bbs
¶
url
¶URL of the BBS Server
- Default
https://bbs.service.cf.internal:8889
cc_uploader_url
¶URL of cc uploader
- Default
http://cc-uploader.service.cf.internal:9090
docker_staging_stack
¶stack to use for staging Docker applications
- Default
cflinuxfs2
file_server_url
¶URL of file server
- Default
http://file-server.service.cf.internal:8080
insecure_docker_registry_list
¶An array of insecure Docker registries in the form of :PORT
- Default
[]
lifecycle_bundles
¶List of lifecycle bundles arguments for different stacks
- Default
buildpack/cflinuxfs2: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows2012R2: windows_app_lifecycle/windows_app_lifecycle.tgz docker: docker_app_lifecycle/docker_app_lifecycle.tgz
nsync_url
¶URL of the Diego nsync service
- Default
http://nsync.service.cf.internal:8787
pid_limit
¶Maximum pid limit for containerized work running user-provided code
- Default
1024
stager_url
¶URL of the Diego stager service
- Default
http://stager.service.cf.internal:8888
temporary_local_apps
¶Temporary flag to manage app state directly to the bbs from cc
- Default
false
temporary_local_staging
¶Temporary flag to enable staging directly to the bbs from cc
- Default
false
temporary_local_sync
¶Temporary flag to run sync job between cc and bbs
- Default
false
temporary_local_tasks
¶Temporary flag to run tasks directly to the bbs from cc
- Default
false
temporary_local_tps
¶Temporary flag to fetch app instances directly to the bbs from cc
- Default
false
tps_url
¶URL of the Diego tps service
- Default
http://tps.service.cf.internal:1518
use_privileged_containers_for_running
¶Whether or not to use privileged containers for running buildpack apps and tasks.
- Default
false
use_privileged_containers_for_staging
¶Whether or not to use privileged containers for staging tasks.
- Default
false
directories
¶
diagnostics
¶The directory where operator requested diagnostic files should be placed
- Default
/var/vcap/data/cloud_controller_ng/diagnostics
tmpdir
¶The directory to use for temporary files
- Default
/var/vcap/data/cloud_controller_ng/tmp
disable_custom_buildpacks
¶Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)
- Default
false
droplets
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for droplet downloads
- Default
""
droplet_directory_key
¶Directory (bucket) used store droplets. It does not have be pre-created.
- Default
cc-droplets
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.
- Default
{}
fog_connection
¶Fog connection hash
max_staged_droplets_stored
¶Number of recent, staged droplets stored per app (not including current droplet)
- Default
5
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
external_host
¶Host part of the cloud_controller api URI, will be joined with value of ‘domain’
- Default
api
external_port
¶External Cloud Controller port
- Default
9022
external_protocol
¶The protocol used to access the CC API from an external entity
- Default
https
failed_jobs
¶
cutoff_age_in_days
¶How old a failed job should stay in cloud controller database before being cleaned up
- Default
31
feature_disabled_message
¶Custom message to use for a disabled feature.
flapping_crash_count_threshold
¶The threshold of crashes after which the app is marked as flapping
- Default
3
info
¶
custom
¶Custom attribute keys and values for /v2/info endpoint
install_buildpacks
¶Set of buildpacks to install during deploy
instance_file_descriptor_limit
¶The file descriptors made available to each app instance
- Default
16384
internal_api_password
¶Password used by Diego to access internal endpoints
internal_api_user
¶User name used by Diego to access internal endpoints
- Default
internal_user
internal_service_hostname
¶Internal hostname used to resolve the address of the Cloud Controller
- Default
cloud-controller-ng.service.cf.internal
jobs
¶
app_bits_packer
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
app_events_cleanup
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
app_usage_events_cleanup
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
blobstore_delete
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
blobstore_upload
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
droplet_deletion
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
droplet_upload
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
global
¶
timeout_in_seconds
¶The longest any job can take before it is cancelled unless overridden per job
- Default
14400
local
¶
number_of_workers
¶Number of local cloud_controller_worker workers
- Default
2
logging_level
¶Log level for cc
- Default
info
logging_max_retries
¶Passthru value for Steno logger
- Default
1
loggregator
¶
internal_url
¶Internal url used to communicate with traffic_controller
- Default
http://loggregator-trafficcontroller.service.cf.internal:8081
maximum_app_disk_in_mb
¶The maximum amount of disk a user can request
- Default
2048
maximum_health_check_timeout
¶Maximum health check timeout (in seconds) that can be set for the app
- Default
180
min_cli_version
¶Minimum version of the CF CLI to work with the API.
min_recommended_cli_version
¶Minimum recommended version of the CF CLI.
minimum_candidate_stagers
¶Minimum number of candidate deas for staging. Defaults to 5, should be fewer than the total DEAs in the deployment.
- Default
5
mutual_tls
¶
ca_cert
¶PEM-encoded CA certificate for secure, mutually authenticated TLS communication
private_key
¶PEM-encoded key for secure, mutually authenticated TLS communication
public_cert
¶PEM-encoded certificate for secure, mutually authenticated TLS communication
newrelic
¶
capture_params
¶Capture and send query params to NewRelic
- Default
false
developer_mode
¶Activate NewRelic developer mode
- Default
false
environment_name
¶The environment name used by NewRelic
- Default
development
license_key
¶The api key for NewRelic
log_file_path
¶The location for NewRelic to log to
- Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode
¶Activate NewRelic monitor mode
- Default
false
transaction_tracer
¶
enabled
¶Enable transaction tracing in NewRelic
- Default
false
record_sql
¶NewRelic’s SQL statement recording mode: [off | obfuscated | raw]
- Default
"off"
nginx
¶
ip
¶IP for nginx
- Default
""
nginx_access_log_destination
¶The nginx access log destination. This can be used to route access logs to a file, syslog, or a memory buffer.
- Default
/var/vcap/sys/log/nginx_cc/nginx.access.log
nginx_access_log_format
¶The nginx log format string to use when writing to the access log.
- Default
|+ $host - [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" $proxy_add_x_forwarded_for vcap_request_id:$upstream_http_x_vcap_request_id response_time:$upstream_response_time
nginx_error_log_destination
¶The nginx error log destination. This can be used to route error logs to a file, syslog, or a memory buffer.
- Default
/var/vcap/sys/log/nginx_cc/nginx.error.log
nginx_error_log_level
¶The lowest severity nginx log level to capture in the error log.
- Default
error
nginx_rate_limit_general
¶The rate limiting and burst value to use for ‘/’
- Example
|+ limit: 100r/s burst: 500
nginx_rate_limit_zones
¶Array of zones to do rate limiting for.
- Example
|+ - name: apps location: /v2/apps limit: 10r/s burst: 50 - name: spaces location: ~ ^/v2/spaces/(.*) limit: 10r/s burst: 100
packages
¶
app_package_directory_key
¶Directory (bucket) used store app packages. It does not have be pre-created.
- Default
cc-packages
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for app package downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.
- Default
{}
fog_connection
¶Fog connection hash
max_package_size
¶Maximum size of application package
- Default
1.073741824e+09
max_valid_packages_stored
¶Number of recent, valid packages stored per app (not including package for current droplet)
- Default
5
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
placement_top_stager_percentage
¶The percentage of top stagers considered when choosing a stager
- Default
10
quota_definitions
¶Hash of default quota definitions to be seeded. This property can be used to add quotas with subsequent deploys, but not to update existing ones.
- Example
|+ - example-quota: memory_limit: 10240 non_basic_services_allowed: true total_routes: 1000 total_service_keys: 1000 total_services: 100 total_reserved_route_ports: 10
rate_limiter
¶
enabled
¶Enable rate limiting for UAA-authenticated endpoints per user or client
- Default
false
general_limit
¶The number of requests a user or client is allowed to make for all endpoints that do not have a custom limit over the configured interval
- Default
2000
reset_interval_in_minutes
¶The interval in minutes, after which, a user’s available api requests will be reset
- Default
60
unauthenticated_limit
¶The number of requests an unauthenticated client is allowed to make over the configured interval
- Default
100
renderer
¶
default_results_per_page
¶Default number of results returned per page if user does not specify
- Default
50
max_inline_relations_depth
¶Maximum depth of inlined relationships in the result
- Default
2
max_results_per_page
¶Maximum number of results returned per page
- Default
100
reserved_private_domains
¶File location of a list of reserved private domains (for file format, see https://publicsuffix.org/)
resource_pool
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for resource pool downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.
- Default
{}
fog_connection
¶Fog connection hash
maximum_size
¶Maximum size of a resource to add to the pool
- Default
5.36870912e+08
minimum_size
¶Minimum size of a resource to add to the pool
- Default
65536
resource_directory_key
¶Directory (bucket) used store app resources. It does not have be pre-created.
- Default
cc-resources
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
run_prestart_migrations
¶Run Cloud Controller DB migrations in BOSH pre-start script. Should be changed to false for deployments where the PostgreSQL job is deployed to the same VM as Cloud Controller. Otherwise, the default of true is preferable.
- Default
true
security_event_logging
¶
enabled
¶Enable logging of all requests made to the Cloud Controller in CEF format.
- Default
false
security_group_definitions
¶Array of security groups that will be seeded into CloudController. Note: security groups are only seeded on the first deploy, after which they should be managed via the API
service_usage_events
¶
cutoff_age_in_days
¶How old a service usage event should stay in cloud controller database before being cleaned up
- Default
31
shared_isolation_segment_name
¶Name of the shared isolation segment created at startup. This field can be updated, but subject to the following caveat: Using the name of an existing IS will cause a deployment to fail. To recover, redeploy using the last valid Shared Isolation Segment name.
- Default
shared
stacks
¶Tag used by the DEA to describe capabilities (i.e. ‘Windows7’, ‘python-linux’). DEA and CC must agree.
- Default
- description: Cloud Foundry Linux-based filesystem name: cflinuxfs2
staging_file_descriptor_limit
¶File descriptor limit for staging tasks
- Default
16384
staging_timeout_in_seconds
¶Timeout for staging a droplet
- Default
900
staging_upload_password
¶User’s password used to access internal endpoints of Cloud Controller to upload files when staging
- Default
""
staging_upload_user
¶User name used to access internal endpoints of Cloud Controller to upload files when staging
- Default
""
statsd_host
¶The host for the statsd server, defaults to the local metron agent
- Default
127.0.0.1
statsd_port
¶The port for the statsd server, defaults to the local metron agent
- Default
8125
system_hostnames
¶List of hostnames for which routes cannot be created on the system domain.
- Default
- api - uaa - login - doppler - loggregator - hm9000
thresholds
¶
api
¶
alert_if_above_mb
¶The cc will alert if memory remains above this threshold for 3 monit cycles
- Default
3500
restart_if_above_mb
¶The cc will restart if memory remains above this threshold for 3 monit cycles
- Default
3750
restart_if_consistently_above_mb
¶The cc will restart if memory remains above this threshold for 15 monit cycles
- Default
3500
tls_port
¶Port for internal TLS communication
- Default
9023
uaa
¶
internal_url
¶The internal url used by UAA
- Default
uaa.service.cf.internal
uaa_resource_id
¶Name of service to register to UAA
- Default
cloud_controller,cloud_controller_service_permissions
users_can_select_backend
¶Allow non-admin users to switch their apps between DEA and Diego backends
- Default
true
volume_services_enabled
¶Enable binding to services that provide volume_mount information.
- Default
false
ccdb
¶
address
¶The address of the database server
databases
¶Contains the name of the database on the database server
db_scheme
¶The type of database being used. mysql or postgres
- Default
postgres
max_connections
¶Maximum connections for Sequel
- Default
25
pool_timeout
¶The timeout for Sequel pooled connections
- Default
10
port
¶The port of the database server
roles
¶Users to create on the database when seeding
dea_next
¶
advertise_interval_in_seconds
¶Advertise interval for DEAs
- Default
5
ca_cert
¶PEM-encoded CA certificate
client_cert
¶PEM-encoded server certificate
client_key
¶PEM-encoded server key
staging_disk_limit_mb
¶Disk limit in mb for staging tasks
- Default
4096
staging_memory_limit_mb
¶Memory limit in mb for staging tasks
- Default
1024
description
¶
‘description’ attribute in the /v2/info endpoint
- Default
""
domain
¶
Deprecated in favor of system_domain. Domain where cloud_controller will listen (api.domain)
doppler
¶
enabled
¶Whether to expose the doppler_logging_endpoint listed at /v2/info
- Default
true
port
¶Port for doppler_logging_endpoint listed at /v2/info
- Default
443
use_ssl
¶Whether to use ssl for the doppler_logging_endpoint listed at /v2/info
- Default
true
hm9000
¶
port
¶Port of the hm9000 Api Server
- Default
5155
url
¶URL of the hm9000 server
logger_endpoint
¶
port
¶Port for logger endpoint listed at /v2/info
- Default
443
use_ssl
¶Whether to use ssl for logger endpoint listed at /v2/info
- Default
true
login
¶
enabled
¶whether use login as the authorization endpoint or not
- Default
true
protocol
¶http or https
- Default
https
url
¶URL of the login server
metron_endpoint
¶
host
¶The host used to emit messages to the Metron agent
- Default
127.0.0.1
port
¶The port used to emit messages to the Metron agent
- Default
3457
name
¶
‘name’ attribute in the /v2/info endpoint
- Default
""
nats
¶
machines
¶IP of each NATS cluster member. Deprecated in favor of nats link, which will be used if this is not provided.
password
¶Password for cc client to connect to NATS. Deprecated in favor of nats link.
port
¶IP port of Cloud Foundry NATS server. Deprecated in favor of nats link.
user
¶Username for cc client to connect to NATS. Deprecated in favor of nats link.
nfs_server
¶
address
¶NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)
share_path
¶The location at which to mount the nfs share
- Default
/var/vcap/nfs
request_timeout_in_seconds
¶
Timeout for requests in seconds.
- Default
900
router
¶
route_services_secret
¶Support for route services is disabled when no value is configured.
- Default
""
routing_api
¶
enabled
¶Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API
- Default
false
ssl
¶
skip_cert_verify
¶specifies that the job is allowed to skip ssl cert verification
- Default
false
support_address
¶
‘support’ attribute in the /v2/info endpoint
- Default
""
system_domain
¶
Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen
system_domain_organization
¶
An organization that will be created as part of the seeding process. When the system_domain is not shared with (in the list of) app_domains, this is required as the system_domain will be created as a PrivateDomain in this organization.
- Default
system
uaa
¶
ca_cert
¶The certificate authority being used by UAA
cc
¶
token_secret
¶Symmetric secret used to decode uaa tokens. Used for testing.
clients
¶
cc-service-dashboards
¶
scope
¶Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶Used for generating SSO clients for service brokers.
cc_routing
¶
secret
¶Used for fetching routing information from the Routing API
cc_service_broker_client
¶
scope
¶(DEPRECATED) - Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶(DEPRECATED) - Used for generating SSO clients for service brokers.
cloud_controller_username_lookup
¶
secret
¶Used for fetching usernames from UAA.
port
¶The port used by UAA for non-ssl connections
ssl
¶
port
¶The port used by UAA for ssl connections
- Default
8443
url
¶URL of the UAA server
version
¶
‘version’ attribute in the /v2/info endpoint
- Default
0
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/cloud_controller_ng/
directory
(learn more).
bin/blobstore_waiter.sh
(fromblobstore_waiter.sh.erb
)bin/cloud_controller_ng_ctl
(fromcloud_controller_api_ctl.erb
)bin/cloud_controller_worker_ctl
(fromcloud_controller_api_worker_ctl.erb
)bin/console
(fromconsole.erb
)bin/dns_health_check
(fromdns_health_check.erb
)bin/drain
(fromdrain.rb
)bin/migrate_db
(frommigrate_db.sh.erb
)bin/nginx_ctl
(fromnginx_ctl.erb
)bin/nginx_newrelic_plugin_ctl
(fromnginx_newrelic_plugin_ctl.erb
)bin/post-start
(frompost-start.sh.erb
)bin/pre-start
(frompre-start.sh.erb
)bin/restart_drain
(fromrestart_drain.rb
)bin/ruby_version.sh
(fromruby_version.sh.erb
)bin/seed_db
(fromseed_db.sh.erb
)bin/setup_local_blobstore.sh
(fromsetup_local_blobstore.sh.erb
)config/certs/buildpacks_ca_cert.pem
(frombuildpacks_ca_cert.pem.erb
)config/certs/dea_ca.crt
(fromdea_ca.crt.erb
)config/certs/dea_client.crt
(fromdea_client.crt.erb
)config/certs/dea_client.key
(fromdea_client.key.erb
)config/certs/droplets_ca_cert.pem
(fromdroplets_ca_cert.pem.erb
)config/certs/mutual_tls.crt
(frommutual_tls.crt.erb
)config/certs/mutual_tls.key
(frommutual_tls.key.erb
)config/certs/mutual_tls_ca.crt
(frommutual_tls_ca.crt.erb
)config/certs/packages_ca_cert.pem
(frompackages_ca_cert.pem.erb
)config/certs/resource_pool_ca_cert.pem
(fromresource_pool_ca_cert.pem.erb
)config/certs/uaa_ca.crt
(fromuaa_ca.crt.erb
)config/cloud_controller_ng.yml
(fromcloud_controller_api.yml.erb
)config/mime.types
(frommime.types
)config/newrelic.yml
(fromnewrelic.yml.erb
)config/newrelic_plugin.yml
(fromnewrelic_plugin.yml.erb
)config/nginx.conf
(fromnginx.conf.erb
)config/stacks.yml
(fromstacks.yml.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.