cloud_controller_worker job from capi/1.199.0
Cloud Controller worker processes background tasks submitted via the.
Github source:
7a80a99b
or
master branch
Properties¶
cc
¶
allow_app_ssh_access
¶Allow users to change the value of the app-level allow_ssh attribute
- Default
true
broker_client_async_poll_exponential_backoff_rate
¶Exponential backoff for service related polling jobs. Default is 1.0, which means there is no exponential backoff.
- Default
1
broker_client_default_async_poll_interval_seconds
¶Specifies interval on which the CC will poll a service broker for asynchronous actions
- Default
60
broker_client_max_async_poll_duration_minutes
¶The max duration the CC will fetch service instance state from a service broker. Default is 1 week
- Default
10080
broker_client_response_parser
¶
log_errors
¶Log errors happening when parsing service broker responses.
- Default
false
log_response_fields
¶Specify service broker response fields to be logged. This configuration is a hash, where the key indicates the request type and the value is a list of fields in the response JSON that should be logged. The following request types exist: catalog, provision, update, deprovision, bind, unbind, fetch_service_instance_last_operation, fetch_service_binding_last_operation, fetch_service_instance, fetch_service_binding. The corresponding response fields can be taken from the Open Service Broker API Specification.
- Default
{}
log_validators
¶Log the stack of validators used to process the service broker response, e.g. for a 202 response to a ‘provision’ request, the following is logged: [“CommonErrorValidator”, “JsonSchemaValidator[provision_response_schema]“, “SuccessValidator[in progress]“]
- Default
false
broker_client_timeout_seconds
¶For requests to service brokers, this is the HTTP (open and read) timeout setting.
- Default
60
buildpacks
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
buildpack_directory_key
¶Directory (bucket) used store buildpacks. It does not have be pre-created.
- Default
cc-buildpacks
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for buildpack downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
fog_gcp_storage_options
¶Storage options passed to fog for gcp blobstores
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The CA certificate to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
credential_references
¶
interpolate_service_bindings
¶Controls whether CredHub credentials are automatically interpolated in VCAP_SERVICES
- Default
true
database_encryption
¶
current_key_label
¶current key label for encrypting values in the CC database
- Default
""
keys
¶label-key pairs for encrypting sensitive values in the CC database, labels must be < 256 characters long
- Default
{}
db_encryption_key
¶key for encrypting sensitive values in the CC database
- Default
""
db_logging_level
¶Level at which cc database operations will be logged if cc.log_db_queries is set to true.
- Default
debug2
default_app_disk_in_mb
¶The default disk space an app gets
- Default
1024
default_app_log_rate_limit_in_bytes_per_second
¶Default application log rate limit
- Default
-1
default_app_memory
¶How much memory given to an app if not specified
- Default
1024
default_app_ssh_access
¶When ssh is allowed and not explicitly set in the application, new applications will start with ssh service enabled
- Default
true
default_health_check_timeout
¶Default health check timeout (in seconds) that can be set for the app
- Default
60
development_mode
¶Enable development features for monitoring and insight
- Default
false
diego
¶
bbs
¶
connect_timeout
¶Connect timeout (in seconds) when talking to BBS Server
- Default
10
receive_timeout
¶Receive timeout (in seconds) when talking to BBS Server
- Default
10
send_timeout
¶Send timeout (in seconds) when talking to BBS Server
- Default
10
url
¶URL of the BBS Server
- Default
https://bbs.service.cf.internal:8889
cc_uploader_url
¶URL of cc uploader
- Default
http://cc-uploader.service.cf.internal:9090
droplet_destinations
¶List of destination directories for different stacks
- Default
cflinuxfs4: /home/vcap windows: /Users/vcap windows2012R2: / windows2016: /Users/vcap
enable_declarative_asset_downloads
¶Enable specifying task and app asset downloads as declarative resources
- Default
false
file_server_url
¶URL of file server
- Default
http://file-server.service.cf.internal:8080
lifecycle_bundles
¶List of lifecycle bundles arguments for different stacks
- Default
buildpack/cflinuxfs4: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows2012R2: windows_app_lifecycle/windows_app_lifecycle.tgz buildpack/windows2016: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz docker: docker_app_lifecycle/docker_app_lifecycle.tgz
pid_limit
¶Maximum PID limit for containerized work running user-provided code
- Default
1024
temporary_oci_buildpack_mode
¶Temporary flag to enable OCI buildpack flow. Valid values: ‘oci-phase-1’
use_privileged_containers_for_running
¶Whether or not to use privileged containers for running buildpack apps and tasks.
- Default
false
use_privileged_containers_for_staging
¶Whether or not to use privileged containers for staging tasks.
- Default
false
disable_custom_buildpacks
¶Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)
- Default
false
droplets
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for droplet downloads
- Default
""
droplet_directory_key
¶Directory (bucket) used store droplets. It does not have be pre-created.
- Default
cc-droplets
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
fog_gcp_storage_options
¶Storage options passed to fog for gcp blobstores
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The CA certificate to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
external_host
¶Host part of the cloud_controller api URI, will be joined with value of ‘domain’
- Default
api
external_port
¶External Cloud Controller port
- Default
9022
external_protocol
¶The protocol used to access the CC API from an external entity
- Default
https
instance_file_descriptor_limit
¶The file descriptors made available to each app instance
- Default
16384
internal_route_vip_range
¶The IPv4 CIDR range of virtual IP addresses to be assigned to routes on internal domains. WARNING: Changing this range is not supported, and has undefined behaviors. It is recommended to leave this value as the default. If this range is changed, it is likely the routes on the internal service mesh domain will need to be recreated.
- Default
127.128.0.0/9
internal_service_hostname
¶Internal hostname used to resolve the address of the Cloud Controller
- Default
cloud-controller-ng.service.cf.internal
jobs
¶
blobstore_delete
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
generic
¶
number_of_worker_threads
¶Optional. Number of worker threads to start for each generic cloud_controller_worker worker process
number_of_workers
¶Number of generic cloud_controller_worker workers
- Default
1
worker_grace_period_seconds
¶The number of seconds to wait for each generic cloud_controller_worker worker process to finish processing jobs before forcefully shutting it down
- Default
15
global
¶
timeout_in_seconds
¶The longest any job can take before it is cancelled unless overriden per job
- Default
14400
priorities
¶List of hashes containing delayed jobs ‘display_name’ and its desired priority. This will overwrite the default priority of ccng
log_audit_events
¶Log audit events
- Default
true
log_db_queries
¶Log database queries. WARNING: Setting this to true with cc.db_logging_level >= cc.logging_level will log all field values, including encrypted secrets.
- Default
false
log_fog_requests
¶Log fog requests and responses.
- Default
false
logging_level
¶Log level for cc. Valid levels are listed here: https://github.com/cloudfoundry/steno#log-levels.
- Default
info
logging_max_retries
¶Passthru value for Steno logger
- Default
1
loggregator
¶
internal_url
¶Internal URL used to communicate with traffic_controller
- Default
http://loggregator-trafficcontroller.service.cf.internal:8081
max_manifest_service_binding_poll_duration_in_seconds
¶Max time in seconds to wait for individual asynchronous service binding creation when applying manifests. If a service broker fails to complete a service binding request before the specified duration, the manifest job will fail.
- Default
60
maximum_app_disk_in_mb
¶The maximum amount of disk a user can request
- Default
2048
maximum_health_check_timeout
¶Maximum health check timeout (in seconds) that can be set for the app
- Default
180
mutual_tls
¶
ca_cert
¶PEM-encoded CA certificate for secure, mutually authenticated TLS communication
private_key
¶PEM-encoded key for secure, mutually authenticated TLS communication
public_cert
¶PEM-encoded certificate for secure, mutually authenticated TLS communication
newrelic
¶
capture_params
¶Capture and send query params to NewRelic
- Default
false
developer_mode
¶Activate NewRelic developer mode
- Default
false
environment_name
¶The environment name used by NewRelic
- Default
development
license_key
¶The api key for NewRelic
log_file_path
¶The location for NewRelic to log to
- Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode
¶Activate NewRelic monitor mode
- Default
false
transaction_tracer
¶
enabled
¶Enable transaction tracing in NewRelic
- Default
false
record_sql
¶NewRelic’s SQL statement recording mode: [off | obfuscated | raw]
- Default
"off"
packages
¶
app_package_directory_key
¶Directory (bucket) used store app packages. It does not have be pre-created.
- Default
cc-packages
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for app package downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
fog_gcp_storage_options
¶Storage options passed to fog for gcp blobstores
max_package_size
¶Maximum size of application package
- Default
1.073741824e+09
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The CA certificate to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
perform_blob_cleanup
¶Whether or not to perform the blob cleanup job
- Default
true
readiness_port
¶
cloud_controller_worker
¶Readiness port used in k8s to check that db migrations are complete before component update
- Default
9025
resource_pool
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for resource pool downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
fog_gcp_storage_options
¶Storage options passed to fog for gcp blobstores
maximum_size
¶Maximum size of a resource to add to the pool
- Default
5.36870912e+08
minimum_size
¶Minimum size of a resource to add to the pool
- Default
65536
resource_directory_key
¶Directory (bucket) used store app resources. It does not have be pre-created.
- Default
cc-resources
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The CA certificate to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
staging_timeout_in_seconds
¶Timeout for staging a droplet
- Default
900
staging_upload_password
¶User’s password used to access internal endpoints of Cloud Controller to upload files when staging
staging_upload_user
¶User name used to access internal endpoints of Cloud Controller to upload files when staging
thresholds
¶
worker
¶
alert_if_above_mb
¶The CC will alert if memory remains above this threshold for 3 monit cycles
- Default
384
alert_if_above_memory_percent
¶The CC will alert if memory remains above this percent threshold for 3 monit cycles. If specified, this threshold is used over
cc.thresholds.worker.alert_if_above_mb
. Value must be percent integer, e.g. ‘80’.
restart_if_above_mb
¶The CC will restart if memory remains above this threshold for 3 monit cycles
- Default
512
restart_if_consistently_above_mb
¶The CC will restart if memory remains above this threshold for 15 monit cycles
- Default
384
restart_if_consistently_above_memory_percent
¶The CC will restart if memory remains above this percent threshold for 15 monit cycles. If specified, this threshold is used over
cc.thresholds.worker.restart_if_consistently_above_mb
andrestart_if_above_mb
. Value must be percent integer, e.g. ‘80’.
tls_port
¶External Cloud Controller port
- Default
9023
uaa
¶
internal_url
¶The internal URL used by UAA
- Default
uaa.service.cf.internal
ccdb
¶
address
¶The address of the database server
ca_cert
¶The CA certificate to use when communicating with the database over SSL
connection_expiration_random_delay
¶The random delay in seconds to the expiration timeout (to prevent all connections being recreated simultaneously), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details
connection_expiration_timeout
¶The period in seconds after which connections are expired (omit to never expire connections), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details
connection_validation_timeout
¶The period in seconds after which idle connections are validated, passed directly to the Sequel gem - see http://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_validator_rb.html for details. Note that setting this to -1 results in an additional query whenever connections are checked out from the pool, which can have performance implications
- Default
3600
databases
¶Contains the name of the database on the database server
db_scheme
¶The type of database being used. mysql or postgres
- Default
postgres
max_connections
¶Maximum connections for Sequel
- Default
25
max_migration_duration_in_minutes
¶the maximum time migrations should be allowed to run before job startup should error
- Default
20160
pool_timeout
¶The timeout for Sequel pooled connections
- Default
10
port
¶The port of the database server
read_timeout
¶The read timeout in seconds for query responses, passed directly to the Sequel gem - see https://github.com/jeremyevans/sequel/blob/master/doc/opening_databases.rdoc for details
- Default
3600
roles
¶Users to create on the database when seeding
ssl_verify_hostname
¶Verify that the database SSL certificate matches the host to which the connection is attempted
- Default
true
credhub_api
¶
hostname
¶Hostname used to resolve the address of CredHub
- Default
credhub.service.cf.internal
metron_endpoint
¶
host
¶The host used to emit messages to the Metron agent
- Default
127.0.0.1
port
¶The port used to emit messages to the Metron agent
- Default
3457
nfs_server
¶
address
¶NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)
release_level_backup
¶
Include cloud_controller jobs in backup and restore operations
- Default
true
routing_api
¶
enabled
¶Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API
- Default
false
ssl
¶
skip_cert_verify
¶specifies that the job is allowed to skip ssl cert verification
- Default
false
system_domain
¶
Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen
uaa
¶
ca_cert
¶The certificate authority being used by UAA
clients
¶
cc-service-dashboards
¶
scope
¶Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶Used for generating SSO clients for service brokers.
cc_routing
¶
secret
¶Used for fetching routing information from the Routing API
port
¶The port used by UAA for non-ssl connections
ssl
¶
port
¶The port used by UAA for ssl connections
- Default
8443
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/cloud_controller_worker/
directory
(learn more).
bin/bbr/post-backup-unlock
(frompost-backup-unlock.sh.erb
)bin/bbr/post-restore-unlock
(frompost-restore-unlock.sh.erb
)bin/bbr/pre-backup-lock
(frompre-backup-lock.sh.erb
)bin/bbr/pre-restore-lock
(frompre-restore-lock.sh.erb
)bin/blobstore_waiter.sh
(fromblobstore_waiter.sh.erb
)bin/cloud_controller_worker
(frombin/cloud_controller_worker.erb
)bin/console
(fromconsole.erb
)bin/drain
(fromdrain.sh.erb
)bin/post-start
(frompost-start.sh.erb
)bin/pre-start
(frompre-start.sh.erb
)bin/ruby_version.sh
(fromruby_version.sh.erb
)bin/setup_local_blobstore.sh
(fromsetup_local_blobstore.sh.erb
)bin/shutdown_drain
(fromshutdown_drain.rb.erb
)config/bpm.yml
(frombpm.yml.erb
)config/certs/buildpacks_ca_cert.pem
(frombuildpacks_ca_cert.pem.erb
)config/certs/db_ca.crt
(fromdb_ca.crt.erb
)config/certs/droplets_ca_cert.pem
(fromdroplets_ca_cert.pem.erb
)config/certs/mutual_tls.crt
(frommutual_tls.crt.erb
)config/certs/mutual_tls.key
(frommutual_tls.key.erb
)config/certs/mutual_tls_ca.crt
(frommutual_tls_ca.crt.erb
)config/certs/packages_ca_cert.pem
(frompackages_ca_cert.pem.erb
)config/certs/resource_pool_ca_cert.pem
(fromresource_pool_ca_cert.pem.erb
)config/certs/uaa_ca.crt
(fromuaa_ca.crt.erb
)config/cloud_controller_ng.yml
(fromcloud_controller_ng.yml.erb
)config/newrelic.yml
(fromnewrelic.yml.erb
)config/stacks.yml
(fromstacks.yml.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.