Skip to content

cloud_controller_ng job from cf/277

The Cloud Controller provides primary Cloud Foundry API that is by the CF CLI. The Cloud Controller uses a database to keep tables for organizations, spaces, apps, services, service instances, user roles, and more. Typically multiple instances of Cloud Controller are load balanced.

Github source: c1df2417 or master branch

Properties

app_domains

Array of domains for user apps (example: ‘user.app.space.foo’, a user app called ‘neat’ will listen at ‘http://neat.user.app.space.foo')

Example
|+
  - name: example.com
  - name: tcp.example.com
    router_group_name: default-tcp

app_ssh

host_key_fingerprint

Fingerprint of the host key of the SSH proxy that brokers connections to application instances. Supported fingerprint formats: SHA256 (recommended), SHA1 and MD5 Example fingerprints by format: SHA256: 0KmvfcwFCnwQRviOJEwZtnz5qoi76BVb8dm3/vgilCI SHA1: b8:80:2c:8c:d7:25:ad:2a:b4:8c:02:34:52:06:f7:ba:1f:0d:02:de MD5: d2:d6:b9:d7:f9:c4:15:70:de:af:c7:36:88:3a:60:12

oauth_client_id

The oauth client ID of the SSH proxy

Default
ssh-proxy

port

External port for SSH access to application instances

Default
2222

bpm

enabled

Experimental feature flag: Enable Bosh Process Manager

Default
false

build

‘build’ attribute in the /v2/info endpoint

Default
""

cc

allow_app_ssh_access

Allow users to change the value of the app-level allow_ssh attribute

Default
true

allowed_cors_domains

List of domains (including scheme) from which Cross-Origin requests will be accepted, a * can be used as a wildcard for any part of a domain

Default
[]

app_bits_max_body_size

Maximum body size for nginx bits uploads

Default
1536M

app_bits_upload_grace_period_in_seconds

Extra token expiry time while uploading big apps

Default
1200

bits_service

enabled

Enable integration of the bits-service incubator (experimental)

Default
false
password

Password for the bits-service

Default
""
private_endpoint

Private url for the bits-service service

Default
""
public_endpoint

Public url for the bits-service service

Default
""
username

Username for the bits-service

Default
""

broker_client_default_async_poll_interval_seconds

Specifies interval on which the CC will poll a service broker for asynchronous actions. If the service broker provides a value, this value is the minimum accepted value the broker can provide.

Default
60

broker_client_max_async_poll_duration_minutes

The max duration the CC will fetch service instance state from a service broker (in minutes). Default is 1 week

Default
10080

broker_client_timeout_seconds

For requests to service brokers, this is the HTTP (open and read) timeout setting.

Default
60

buildpacks

blobstore_type

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]

Default
fog
buildpack_directory_key

Directory (bucket) used store buildpacks. It does not have be pre-created. Should contain only alphanumeric characters, ‘-’, ‘_‘, and ‘.’

Default
cc-buildpacks
cdn
key_pair_id

Key pair name for signed download URIs

Default
""
private_key

Private key for signing download URIs

Default
""
uri

URI for a CDN to used for buildpack downloads

Default
""
fog_aws_storage_options

Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.

Default
{}
fog_connection

Fog connection hash

webdav_config
blobstore_timeout

The timeout in seconds for requests to the blobstore

Default
5
ca_cert

The ca cert to use when communicating with webdav

Default
""
password

The basic auth password that CC uses to connect to the admin endpoint on webdav

Default
""
private_endpoint

The location of the webdav server eg: https://blobstore.internal

Default
https://blobstore.service.cf.internal:4443
public_endpoint

The location of the webdav server eg: https://blobstore.com

Default
""
username

The basic auth user that CC uses to connect to the admin endpoint on webdav

Default
""

bulk_api_password

Password used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS

bulk_api_user

User used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS

Default
bulk_api

client_max_body_size

Maximum body size for nginx

Default
15M

core_file_pattern

Filename template for core dump files. Use an empty string if you don’t want core files saved.

Default
/var/vcap/sys/cores/core-%e-%s-%p-%t

db_encryption_key

key for encrypting sensitive values in the CC database

Default
""

db_logging_level

Level at which cc database operations will be logged

Default
debug2

default_app_disk_in_mb

The default disk space an app gets

Default
1024

default_app_memory

How much memory given to an app if not specified

Default
1024

default_app_ssh_access

When ssh is allowed and not explicitly set in the application, new applications will start with ssh service enabled

Default
true

default_health_check_timeout

Default health check timeout (in seconds) that can be set for the app

Default
60

default_quota_definition

The name of the quota definition CC will fallback on for org and space limits from the list of quota definitions.

Default
default

default_running_security_groups

The default running security groups that will be seeded in CloudController. Note: security groups are only seeded on the first deploy, after which they should be managed via the API

default_stack

The default stack to use if no custom stack is specified by an app.

Default
cflinuxfs2

default_staging_security_groups

The default staging security groups that will be seeded in CloudController. Note: security groups are only seeded on the first deploy, after which they should be managed via the API

development_mode

Enable development features for monitoring and insight

Default
false

diego

bbs
url

URL of the BBS Server

Default
https://bbs.service.cf.internal:8889
cc_uploader_https_url

URL of cc uploader. Not used if BOSH link ‘cc_uploader’ is present.

Default
https://cc-uploader.service.cf.internal:9091
cc_uploader_url

URL of cc uploader. Not used if BOSH link ‘cc_uploader’ is present.

Default
http://cc-uploader.service.cf.internal:9090
docker_staging_stack

stack to use for staging Docker applications

Default
cflinuxfs2
file_server_url

URL of file server

Default
http://file-server.service.cf.internal:8080
insecure_docker_registry_list

An array of insecure Docker registries in the form of :PORT

Default
[]
lifecycle_bundles

List of lifecycle bundles arguments for different stacks

Default
  buildpack/cflinuxfs2: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz
  buildpack/windows2012R2: windows_app_lifecycle/windows_app_lifecycle.tgz
  buildpack/windows2016: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz
  docker: docker_app_lifecycle/docker_app_lifecycle.tgz
nsync_url

URL of the Diego nsync service

Default
http://nsync.service.cf.internal:8787
pid_limit

Maximum pid limit for containerized work running user-provided code

Default
1024
stager_url

URL of the Diego stager service

Default
http://stager.service.cf.internal:8888
temporary_cc_uploader_mtls

Temporary flag to ensure droplet upload callback endpoints require mTLS

Default
false
temporary_droplet_download_mtls

Temporary flag to enable mTLS droplet download to the bbs from cc

Default
false
temporary_local_apps

Temporary flag to manage app state directly to the bbs from cc

Default
false
temporary_local_staging

Temporary flag to enable staging directly to the bbs from cc

Default
false
temporary_local_sync

Temporary flag to run sync job between cc and bbs

Default
false
temporary_local_tasks

Temporary flag to run tasks directly to the bbs from cc

Default
false
temporary_local_tps

Temporary flag to fetch app instances directly to the bbs from cc

Default
false
temporary_oci_buildpack_mode

Temporary flag to enable OCI buildpack flow. Valid values: ‘oci-phase-1’

tps_url

URL of the Diego tps service

Default
http://tps.service.cf.internal:1518
use_privileged_containers_for_running

Whether or not to use privileged containers for running buildpack apps and tasks.

Default
false
use_privileged_containers_for_staging

Whether or not to use privileged containers for staging tasks.

Default
false

directories

diagnostics

The directory where operator requested diagnostic files should be placed

Default
/var/vcap/data/cloud_controller_ng/diagnostics
tmpdir

The directory to use for temporary files

Default
/var/vcap/data/cloud_controller_ng/tmp

disable_custom_buildpacks

Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)

Default
false

droplets

blobstore_type

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]

Default
fog
cdn
key_pair_id

Key pair name for signed download URIs

Default
""
private_key

Private key for signing download URIs

Default
""
uri

URI for a CDN to used for droplet downloads

Default
""
droplet_directory_key

Directory (bucket) used store droplets. It does not have be pre-created. Should contain only alphanumeric characters, ‘-’, ‘_‘, and ‘.’

Default
cc-droplets
fog_aws_storage_options

Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.

Default
{}
fog_connection

Fog connection hash

max_staged_droplets_stored

Number of recent, staged droplets stored per app (not including current droplet)

Default
5
webdav_config
blobstore_timeout

The timeout in seconds for requests to the blobstore

Default
5
ca_cert

The ca cert to use when communicating with webdav

Default
""
password

The basic auth password that CC uses to connect to the admin endpoint on webdav

Default
""
private_endpoint

The location of the webdav server eg: https://blobstore.internal

Default
https://blobstore.service.cf.internal:4443
public_endpoint

The location of the webdav server eg: https://blobstore.com

Default
""
username

The basic auth user that CC uses to connect to the admin endpoint on webdav

Default
""

external_host

Host part of the cloud_controller api URI, will be joined with value of ‘domain’

Default
api

external_port

External Cloud Controller port

Default
9022

external_protocol

The protocol used to access the CC API from an external entity

Default
https

info

custom

Custom attribute keys and values for /v2/info endpoint

install_buildpacks

Set of buildpacks to install during deploy

Default
[]

instance_file_descriptor_limit

The file descriptors made available to each app instance

Default
16384

internal_api_password

Password used by Diego to access internal endpoints

internal_api_user

User name used by Diego to access internal endpoints

Default
internal_user

internal_service_hostname

Internal hostname used to resolve the address of the Cloud Controller

Default
cloud-controller-ng.service.cf.internal

jobs

blobstore_delete
timeout_in_seconds

The longest this job can take before it is cancelled

droplet_upload
timeout_in_seconds

The longest this job can take before it is cancelled

global
timeout_in_seconds

The longest any job can take before it is cancelled unless overridden per job

Default
14400
local
number_of_workers

Number of local cloud_controller_worker workers

Default
2

logging_level

Log level for cc. If you want to print database logs, set to the same level as cc.db_logging_level.

Default
info

logging_max_retries

Passthru value for Steno logger

Default
1

loggregator

internal_url

Internal url used to communicate with traffic_controller

Default
http://loggregator-trafficcontroller.service.cf.internal:8081

maximum_app_disk_in_mb

The maximum amount of disk a user can request

Default
2048

maximum_health_check_timeout

Maximum health check timeout (in seconds) that can be set for the app

Default
180

min_cli_version

Minimum version of the CF CLI to work with the API.

Minimum recommended version of the CF CLI.

mutual_tls

ca_cert

PEM-encoded CA certificate for secure, mutually authenticated TLS communication

private_key

PEM-encoded key for secure, mutually authenticated TLS communication

public_cert

PEM-encoded certificate for secure, mutually authenticated TLS communication

newrelic

capture_params

Capture and send query params to NewRelic

Default
false
developer_mode

Activate NewRelic developer mode

Default
false
environment_name

The environment name used by NewRelic

Default
development
license_key

The api key for NewRelic

log_file_path

The location for NewRelic to log to

Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode

Activate NewRelic monitor mode

Default
false
transaction_tracer
enabled

Enable transaction tracing in NewRelic

Default
false
record_sql

NewRelic’s SQL statement recording mode: [off | obfuscated | raw]

Default
"off"

nginx

ip

IP for nginx

Default
""

nginx_access_log_destination

The nginx access log destination. This can be used to route access logs to a file, syslog, or a memory buffer.

Default
/var/vcap/sys/log/nginx_cc/nginx.access.log

nginx_access_log_format

The nginx log format string to use when writing to the access log.

Default
  |+
    $host - [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" $proxy_add_x_forwarded_for vcap_request_id:$upstream_http_x_vcap_request_id response_time:$upstream_response_time

nginx_error_log_destination

The nginx error log destination. This can be used to route error logs to a file, syslog, or a memory buffer.

Default
/var/vcap/sys/log/nginx_cc/nginx.error.log

nginx_error_log_level

The lowest severity nginx log level to capture in the error log.

Default
error

nginx_rate_limit_general

The rate limiting and burst value to use for ‘/’

Example
|+
  limit: 100r/s
  burst: 500

nginx_rate_limit_zones

Array of zones to do rate limiting for.

Example
|+
  - name: apps
    location: /v2/apps
    limit: 10r/s
    burst: 50
  - name: spaces
    location: ~ ^/v2/spaces/(.*)
    limit: 10r/s
    burst: 100

packages

app_package_directory_key

Directory (bucket) used store app packages. It does not have be pre-created. Should contain only alphanumeric characters, ‘-’, ‘_‘, and ‘.’

Default
cc-packages
blobstore_type

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]

Default
fog
cdn
key_pair_id

Key pair name for signed download URIs

Default
""
private_key

Private key for signing download URIs

Default
""
uri

URI for a CDN to used for app package downloads

Default
""
fog_aws_storage_options

Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.

Default
{}
fog_connection

Fog connection hash

max_package_size

Maximum size of application package

Default
1.073741824e+09
max_valid_packages_stored

Number of recent, valid packages stored per app (not including package for current droplet)

Default
5
webdav_config
blobstore_timeout

The timeout in seconds for requests to the blobstore

Default
5
ca_cert

The ca cert to use when communicating with webdav

Default
""
password

The basic auth password that CC uses to connect to the admin endpoint on webdav

Default
""
private_endpoint

The location of the webdav server eg: https://blobstore.internal

Default
https://blobstore.service.cf.internal:4443
public_endpoint

The location of the webdav server eg: https://blobstore.com

Default
""
username

The basic auth user that CC uses to connect to the admin endpoint on webdav

Default
""

quota_definitions

Hash of default quota definitions to be seeded. This property can be used to add quotas with subsequent deploys, but not to update existing ones.

Example
|+
  - example-quota:
      memory_limit: 10240
      non_basic_services_allowed: true
      total_routes: 1000
      total_service_keys: 1000
      total_services: 100
      total_reserved_route_ports: 10

rate_limiter

enabled

Enable rate limiting for UAA-authenticated endpoints per user or client

Default
false
general_limit

The number of requests a user or client is allowed to make for all endpoints that do not have a custom limit over the configured interval

Default
2000
reset_interval_in_minutes

The interval in minutes, after which, a user’s available api requests will be reset

Default
60
unauthenticated_limit

The number of requests an unauthenticated client is allowed to make over the configured interval

Default
100

renderer

default_results_per_page

Default number of results returned per page if user does not specify

Default
50
max_inline_relations_depth

Maximum depth of inlined relationships in the result

Default
2
max_results_per_page

Maximum number of results returned per page

Default
100

reserved_private_domains

File location of a list of reserved private domains (for file format, see https://publicsuffix.org/)

resource_pool

blobstore_type

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]

Default
fog
cdn
key_pair_id

Key pair name for signed download URIs

Default
""
private_key

Private key for signing download URIs

Default
""
uri

URI for a CDN to used for resource pool downloads

Default
""
fog_aws_storage_options

Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.

Default
{}
fog_connection

Fog connection hash

maximum_size

Maximum size of a resource to add to the pool

Default
5.36870912e+08
minimum_size

Minimum size of a resource to add to the pool

Default
65536
resource_directory_key

Directory (bucket) used store app resources. It does not have be pre-created.

Default
cc-resources
webdav_config
blobstore_timeout

The timeout in seconds for requests to the blobstore

Default
5
ca_cert

The ca cert to use when communicating with webdav

Default
""
password

The basic auth password that CC uses to connect to the admin endpoint on webdav

Default
""
private_endpoint

The location of the webdav server eg: https://blobstore.internal

Default
https://blobstore.service.cf.internal:4443
public_endpoint

The location of the webdav server eg: https://blobstore.com

Default
""
username

The basic auth user that CC uses to connect to the admin endpoint on webdav

Default
""

run_prestart_migrations

Run Cloud Controller DB migrations in BOSH pre-start script. Should be changed to false for deployments where the PostgreSQL job is deployed to the same VM as Cloud Controller. Otherwise, the default of true is preferable.

Default
true

security_event_logging

enabled

Enable logging of all requests made to the Cloud Controller in CEF format.

Default
false

security_group_definitions

Array of security groups that will be seeded into CloudController. Note: security groups are only seeded on the first deploy, after which they should be managed via the API

server_keepalive_timeout

Configure keep alive timeout for connections to cloud controller. This is a temporary field used for testing.

Default
75

shared_isolation_segment_name

Name of the shared isolation segment created at startup. This field can be updated, but subject to the following caveat: Using the name of an existing IS will cause a deployment to fail. To recover, redeploy using the last valid Shared Isolation Segment name.

Default
shared

stacks

Tag used by the DEA to describe capabilities (i.e. ‘Windows7’, ‘python-linux’). DEA and CC must agree.

Default
  - description: Cloud Foundry Linux-based filesystem
    name: cflinuxfs2

staging_file_descriptor_limit

File descriptor limit for staging tasks

Default
16384

staging_timeout_in_seconds

Timeout for staging a droplet

Default
900

staging_upload_password

User’s password used to access internal endpoints of Cloud Controller to upload files when staging

Default
""

staging_upload_user

User name used to access internal endpoints of Cloud Controller to upload files when staging

Default
""

statsd_host

The host for the statsd server, defaults to the local metron agent

Default
127.0.0.1

statsd_port

The port for the statsd server, defaults to the local metron agent

Default
8125

system_hostnames

List of hostnames for which routes cannot be created on the system domain.

Default
  - api
  - uaa
  - login
  - doppler
  - loggregator
  - hm9000
  - credhub

thresholds

api
alert_if_above_mb

The cc will alert if memory remains above this threshold for 3 monit cycles

Default
3500
restart_if_above_mb

The cc will restart if memory remains above this threshold for 3 monit cycles

Default
3750
restart_if_consistently_above_mb

The cc will restart if memory remains above this threshold for 15 monit cycles

Default
3500

tls_port

Port for internal TLS communication

Default
9023

uaa

internal_url

The internal url used by UAA

Default
uaa.service.cf.internal

uaa_resource_id

Name of service to register to UAA

Default
cloud_controller,cloud_controller_service_permissions

users_can_select_backend

Allow non-admin users to switch their apps between DEA and Diego backends

Default
true

volume_services_enabled

Enable binding to services that provide volume_mount information.

Default
false

ccdb

address

The address of the database server

ca_cert

The ca cert to use when communicating with the database over SSL

databases

Contains the name of the database on the database server

db_scheme

The type of database being used. mysql or postgres

Default
postgres

max_connections

Maximum connections for Sequel

Default
25

pool_timeout

The timeout for Sequel pooled connections

Default
10

port

The port of the database server

roles

Users to create on the database when seeding

ssl_verify_hostname

Verify that the database SSL certificate matches the host to which the connection is attempted

Default
true

cloud_controller

release_level_backup

Include cloud_controller jobs in backup and restore operations

Default
false

credhub_api

ca_cert

The certificate authority being used by CredHub

hostname

Hostname used to resolve the address of CredHub

Default
credhub.service.cf.internal

dea_next

advertise_interval_in_seconds

Advertise interval for DEAs

Default
5

staging_disk_limit_mb

Disk limit in mb for staging tasks

Default
4096

staging_memory_limit_mb

Memory limit in mb for staging tasks

Default
1024

description

‘description’ attribute in the /v2/info endpoint

Default
""

doppler

port

Port for doppler_logging_endpoint listed at /v2/info

Default
443

use_ssl

Whether to use ssl for the doppler_logging_endpoint listed at /v2/info

Default
true

login

enabled

whether use login as the authorization endpoint or not

Default
true

protocol

http or https

Default
https

url

URL of the login server

metron_endpoint

host

The host used to emit messages to the Metron agent

Default
127.0.0.1

port

The port used to emit messages to the Metron agent

Default
3457

name

‘name’ attribute in the /v2/info endpoint

Default
""

nfs_server

address

NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)

share_path

The location at which to mount the nfs share

Default
/var/vcap/nfs

perm

enabled

Enable CF Permissions external service. Requires perm link to take effect

Default
false

request_timeout_in_seconds

Timeout for requests in seconds.

Default
900

router

route_services_secret

Support for route services is disabled when no value is configured.

Default
""

routing_api

enabled

Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API

Default
false

ssl

skip_cert_verify

specifies that the job is allowed to skip ssl cert verification

Default
false

support_address

‘support’ attribute in the /v2/info endpoint

Default
""

system_domain

Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen

system_domain_organization

An organization that will be created as part of the seeding process. When the system_domain is not shared with (in the list of) app_domains, this is required as the system_domain will be created as a PrivateDomain in this organization.

Default
system

uaa

ca_cert

The certificate authority being used by UAA

cc

token_secret

Symmetric secret used to decode uaa tokens. Used for testing.

clients

cc-service-dashboards
scope

Used to grant scope for SSO clients for service brokers

Default
openid,cloud_controller_service_permissions.read
secret

Used for generating SSO clients for service brokers.

cc_routing
secret

Used for fetching routing information from the Routing API

cc_service_broker_client
scope

(DEPRECATED) - Used to grant scope for SSO clients for service brokers

Default
openid,cloud_controller_service_permissions.read
secret

(DEPRECATED) - Used for generating SSO clients for service brokers

cc_service_key_client
secret

Used for fetching service key values from CredHub

cloud_controller_username_lookup
secret

Used for fetching usernames from UAA

port

The port used by UAA for non-ssl connections

ssl

port

The port used by UAA for ssl connections

Default
8443

url

URL of the UAA server

version

‘version’ attribute in the /v2/info endpoint

Default
0

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/cloud_controller_ng/ directory (learn more).

  • bin/bbr/post-backup-unlock (from post-backup-unlock.sh.erb)
  • bin/bbr/post-restore-unlock (from post-restore-unlock.sh.erb)
  • bin/bbr/pre-backup-lock (from pre-backup-lock.sh.erb)
  • bin/bbr/pre-restore-lock (from pre-restore-lock.sh.erb)
  • bin/blobstore_waiter.sh (from blobstore_waiter.sh.erb)
  • bin/cc-drain (from cc-drain.rb)
  • bin/cloud_controller_ng (from bin/cloud_controller_ng.erb)
  • bin/cloud_controller_ng_ctl (from cloud_controller_api_ctl.erb)
  • bin/cloud_controller_ng_health_check (from cloud_controller_api_health_check.erb)
  • bin/cloud_controller_worker_ctl (from cloud_controller_api_worker_ctl.erb)
  • bin/console (from console.erb)
  • bin/dns_health_check (from dns_health_check.erb)
  • bin/drain (from drain.sh.erb)
  • bin/local_worker (from bin/local_worker.erb)
  • bin/migrate_db (from migrate_db.sh.erb)
  • bin/nginx_ctl (from nginx_ctl.erb)
  • bin/nginx_newrelic_plugin (from bin/nginx_newrelic_plugin.erb)
  • bin/nginx_newrelic_plugin_ctl (from nginx_newrelic_plugin_ctl.erb)
  • bin/post-start (from post-start.sh.erb)
  • bin/pre-start (from pre-start.sh.erb)
  • bin/restart_drain (from restart_drain.rb)
  • bin/ruby_version.sh (from ruby_version.sh.erb)
  • bin/seed_db (from seed_db.sh.erb)
  • bin/setup_local_blobstore.sh (from setup_local_blobstore.sh.erb)
  • config/bpm.yml (from bpm.yml.erb)
  • config/certs/buildpacks_ca_cert.pem (from buildpacks_ca_cert.pem.erb)
  • config/certs/credhub_ca.crt (from credhub_ca.crt.erb)
  • config/certs/db_ca.crt (from db_ca.crt.erb)
  • config/certs/droplets_ca_cert.pem (from droplets_ca_cert.pem.erb)
  • config/certs/mutual_tls.crt (from mutual_tls.crt.erb)
  • config/certs/mutual_tls.key (from mutual_tls.key.erb)
  • config/certs/mutual_tls_ca.crt (from mutual_tls_ca.crt.erb)
  • config/certs/packages_ca_cert.pem (from packages_ca_cert.pem.erb)
  • config/certs/resource_pool_ca_cert.pem (from resource_pool_ca_cert.pem.erb)
  • config/certs/uaa_ca.crt (from uaa_ca.crt.erb)
  • config/cloud_controller_ng.yml (from cloud_controller_ng.yml.erb)
  • config/local_blobstore_downloads.conf (from local_blobstore_downloads.conf.erb)
  • config/mime.types (from mime.types)
  • config/newrelic.yml (from newrelic.yml.erb)
  • config/newrelic_plugin.yml (from newrelic_plugin.yml.erb)
  • config/nginx.conf (from nginx.conf.erb)
  • config/public_upload.conf (from public_upload.conf.erb)
  • config/stacks.yml (from stacks.yml.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.