cloud_controller_worker job from cf/271
Cloud Controller worker processes background tasks submitted via the.
Github source:
c3d10276
or
master branch
Properties¶
app_domains
¶
Array of domains for user apps (example: ‘user.app.space.foo’, a user app called ‘neat’ will listen at ‘http://neat.user.app.space.foo')
- Example
-
|+ - name: example.com - name: tcp.example.com router_group_name: default-tcp
build
¶
‘build’ attribute in the /v2/info endpoint
- Default
""
cc
¶
allow_app_ssh_access
¶Allow users to change the value of the app-level allow_ssh attribute
- Default
true
app_bits_upload_grace_period_in_seconds
¶Extra token expiry time while uploading big apps.
- Default
1200
app_events
¶
cutoff_age_in_days
¶How old an app event should stay in cloud controller database before being cleaned up
- Default
31
app_usage_events
¶
cutoff_age_in_days
¶How old an app usage event should stay in cloud controller database before being cleaned up
- Default
31
audit_events
¶
cutoff_age_in_days
¶How old an audit event should stay in cloud controller database before being cleaned up
- Default
31
bits_service
¶
enabled
¶Enable integration of the bits-service incubator (experimental)
- Default
false
password
¶Password for the bits-service
- Default
""
private_endpoint
¶Private url for the bits-service service
- Default
""
public_endpoint
¶Public url for the bits-service service
- Default
""
username
¶Username for the bits-service
- Default
""
broker_client_default_async_poll_interval_seconds
¶Specifies interval on which the CC will poll a service broker for asynchronous actions
- Default
60
broker_client_max_async_poll_duration_minutes
¶The max duration the CC will fetch service instance state from a service broker. Default is 1 week
- Default
10080
broker_client_timeout_seconds
¶For requests to service brokers, this is the HTTP (open and read) timeout setting.
- Default
60
buildpacks
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
buildpack_directory_key
¶Directory (bucket) used store buildpacks. It does not have be pre-created.
- Default
cc-buildpacks
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for buildpack downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
bulk_api_password
¶Password used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS
bulk_api_user
¶User used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS
- Default
bulk_api
cc_partition
¶Deprecated. Defines a ‘partition’ for the health_manager job
- Default
default
client_max_body_size
¶Maximum body size for nginx
- Default
1536M
completed_tasks
¶
cutoff_age_in_days
¶How long a completed task will stay in cloud controller database before being cleaned up based on last updated time with success or failure.
- Default
31
db_encryption_key
¶key for encrypting sensitive values in the CC database
- Default
""
db_logging_level
¶Log level for cc database operations
- Default
debug2
default_app_disk_in_mb
¶The default disk space an app gets
- Default
1024
default_app_memory
¶How much memory given to an app if not specified
- Default
1024
default_app_ssh_access
¶When ssh is allowed and not explicitly set in the application, new applications will start with ssh service enabled
- Default
true
default_health_check_timeout
¶Default health check timeout (in seconds) that can be set for the app
- Default
60
default_quota_definition
¶Local to use a local (NFS) file system. AWS to use AWS.
- Default
default
default_running_security_groups
¶The default running security groups that will be seeded in CloudController.
default_stack
¶The default stack to use if no custom stack is specified by an app.
- Default
cflinuxfs2
default_staging_security_groups
¶The default staging security groups that will be seeded in CloudController.
development_mode
¶Enable development features for monitoring and insight
- Default
false
diego
¶
bbs
¶
url
¶URL of the BBS Server
- Default
https://bbs.service.cf.internal:8889
cc_uploader_url
¶URL of cc uploader
- Default
http://cc-uploader.service.cf.internal:9090
file_server_url
¶URL of file server
- Default
http://file-server.service.cf.internal:8080
lifecycle_bundles
¶List of lifecycle bundles arguments for different stacks
- Default
buildpack/cflinuxfs2: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows2012R2: windows_app_lifecycle/windows_app_lifecycle.tgz docker: docker_app_lifecycle/docker_app_lifecycle.tgz
nsync_url
¶URL of the Diego nsync service
- Default
http://nsync.service.cf.internal:8787
pid_limit
¶Maximum pid limit for containerized work running user-provided code
- Default
1024
stager_url
¶URL of the Diego stager service
- Default
http://stager.service.cf.internal:8888
temporary_cc_uploader_mtls
¶Temporary flag to ensure droplet upload callback endpoints require mTLS
- Default
false
temporary_droplet_download_mtls
¶Temporary flag to enable mTLS droplet download to the bbs from cc
- Default
false
temporary_local_apps
¶Temporary flag to manage app state directly to the bbs from cc
- Default
false
temporary_local_staging
¶Temporary flag to enable staging directly to the bbs from cc
- Default
false
temporary_local_sync
¶Temporary flag to run sync job between cc and bbs
- Default
false
temporary_local_tasks
¶Temporary flag to run tasks directly to the bbs from cc
- Default
false
temporary_local_tps
¶Temporary flag to manage app state directly to the bbs from cc
- Default
false
temporary_oci_buildpack_mode
¶Temporary flag to enable OCI buildpack flow. Valid values: ‘oci-phase-1’
tps_url
¶URL of the Diego tps service
- Default
http://tps.service.cf.internal:1518
use_privileged_containers_for_running
¶Whether or not to use privileged containers for running buildpack apps and tasks.
- Default
false
use_privileged_containers_for_staging
¶Whether or not to use privileged containers for staging tasks.
- Default
false
disable_custom_buildpacks
¶Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)
- Default
false
droplets
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for droplet downloads
- Default
""
droplet_directory_key
¶Directory (bucket) used store droplets. It does not have be pre-created.
- Default
cc-droplets
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
external_host
¶Host part of the cloud_controller api URI, will be joined with value of ‘domain’
- Default
api
external_port
¶External Cloud Controller port
- Default
9022
external_protocol
¶The protocol used to access the CC API from an external entity
- Default
https
failed_jobs
¶
cutoff_age_in_days
¶How old a failed job should stay in cloud controller database before being cleaned up
- Default
31
flapping_crash_count_threshold
¶The threshold of crashes after which the app is marked as flapping
- Default
3
install_buildpacks
¶Set of buildpacks to install during deploy
instance_file_descriptor_limit
¶The file descriptors made available to each app instance
- Default
16384
internal_api_password
¶Password used by Diego to access internal endpoints
internal_api_user
¶User name used by Diego to access internal endpoints
- Default
internal_user
internal_service_hostname
¶Internal hostname used to resolve the address of the Cloud Controller
- Default
cloud-controller-ng.service.cf.internal
jobs
¶
app_bits_packer
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
app_usage_events_cleanup
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
blobstore_delete
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
blobstore_upload
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
droplet_deletion
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
droplet_upload
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
generic
¶
number_of_workers
¶Number of generic cloud_controller_worker workers
- Default
1
global
¶
timeout_in_seconds
¶The longest any job can take before it is cancelled unless overriden per job
- Default
14400
logging_level
¶Log level for cc
- Default
info
logging_max_retries
¶Passthru value for Steno logger
- Default
1
loggregator
¶
internal_url
¶Internal url used to communicate with traffic_controller
- Default
http://loggregator-trafficcontroller.service.cf.internal:8081
maximum_app_disk_in_mb
¶The maximum amount of disk a user can request
- Default
2048
maximum_health_check_timeout
¶Maximum health check timeout (in seconds) that can be set for the app
- Default
180
mutual_tls
¶
ca_cert
¶PEM-encoded CA certificate for secure, mutually authenticated TLS communication
private_key
¶PEM-encoded key for secure, mutually authenticated TLS communication
public_cert
¶PEM-encoded certificate for secure, mutually authenticated TLS communication
newrelic
¶
capture_params
¶Capture and send query params to NewRelic
- Default
false
developer_mode
¶Activate NewRelic developer mode
- Default
false
environment_name
¶The environment name used by NewRelic
- Default
development
license_key
¶The api key for NewRelic
log_file_path
¶The location for NewRelic to log to
- Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode
¶Activate NewRelic monitor mode
- Default
false
transaction_tracer
¶
enabled
¶Enable transaction tracing in NewRelic
- Default
false
record_sql
¶NewRelic’s SQL statement recording mode: [off | obfuscated | raw]
- Default
"off"
packages
¶
app_package_directory_key
¶Directory (bucket) used store app packages. It does not have be pre-created.
- Default
cc-packages
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for app package downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
max_package_size
¶Maximum size of application package
- Default
1.073741824e+09
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
perform_blob_cleanup
¶Whether or not to perform the blob cleanup job
- Default
false
quota_definitions
¶Hash of default quota definitions. Overriden by custom quota definitions.
renderer
¶
default_results_per_page
¶Default number of results returned per page if user does not specify
- Default
50
max_inline_relations_depth
¶Maximum depth of inlined relationships in the result
- Default
2
max_results_per_page
¶Maximum number of results returned per page
- Default
100
reserved_private_domains
¶File location of a list of reserved private domains (for file format, see https://publicsuffix.org/)
resource_pool
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for resource pool downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection
¶Fog connection hash
maximum_size
¶Maximum size of a resource to add to the pool
- Default
5.36870912e+08
minimum_size
¶Minimum size of a resource to add to the pool
- Default
65536
resource_directory_key
¶Directory (bucket) used store app resources. It does not have be pre-created.
- Default
cc-resources
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
security_group_definitions
¶Array of security groups that will be seeded into CloudController.
service_usage_events
¶
cutoff_age_in_days
¶How old a service usage event should stay in cloud controller database before being cleaned up
- Default
31
shared_isolation_segment_name
¶Name of the shared isolation segment created at startup. This field can be updated, but subject to the following caveat: Using the name of an existing IS will cause a deployment to fail. To recover, redeploy using the last valid Shared Isolation Segment name.
- Default
shared
stacks
¶Tag used by the DEA to describe capabilities (i.e. ‘Windows7’, ‘python-linux’). DEA and CC must agree.
- Default
- description: Cloud Foundry Linux-based filesystem name: cflinuxfs2
staging_file_descriptor_limit
¶File descriptor limit for staging tasks
- Default
16384
staging_timeout_in_seconds
¶Timeout for staging a droplet
- Default
900
staging_upload_password
¶User’s password used to access internal endpoints of Cloud Controller to upload files when staging
- Default
""
staging_upload_user
¶User name used to access internal endpoints of Cloud Controller to upload files when staging
- Default
""
system_hostnames
¶List of hostnames for which routes cannot be created on the system domain.
- Default
- api - uaa - login - doppler - loggregator - hm9000
thresholds
¶
worker
¶
alert_if_above_mb
¶The cc will alert if memory remains above this threshold for 3 monit cycles
- Default
384
restart_if_above_mb
¶The cc will restart if memory remains above this threshold for 3 monit cycles
- Default
512
restart_if_consistently_above_mb
¶The cc will restart if memory remains above this threshold for 15 monit cycles
- Default
384
tls_port
¶External Cloud Controller port
- Default
9023
uaa
¶
internal_url
¶The internal url used by UAA
- Default
uaa.service.cf.internal
uaa_resource_id
¶Name of service to register to UAA
- Default
cloud_controller,cloud_controller_service_permissions
users_can_select_backend
¶Allow non-admin users to switch their apps between DEA and Diego backends
- Default
true
ccdb
¶
address
¶The address of the database server
ca_cert
¶The ca cert to use when communicating with the database over SSL
databases
¶Contains the name of the database on the database server
db_scheme
¶The type of database being used. mysql or postgres
- Default
postgres
max_connections
¶Maximum connections for Sequel
- Default
25
pool_timeout
¶The timeout for Sequel pooled connections
- Default
10
port
¶The port of the database server
roles
¶Users to create on the database when seeding
ssl_verify_hostname
¶Verify that the database SSL certificate matches the host to which the connection is attempted
- Default
false
dea_next
¶
staging_disk_limit_mb
¶Disk limit in mb for staging tasks
- Default
6144
staging_memory_limit_mb
¶Memory limit in mb for staging tasks
- Default
1024
description
¶
‘description’ attribute in the /v2/info endpoint
- Default
""
domain
¶
Deprecated in favor of system_domain. Domain where cloud_controller will listen (api.domain)
doppler
¶
port
¶Port for doppler_logging_endpoint listed at /v2/info
- Default
443
use_ssl
¶Whether to use ssl for the doppler_logging_endpoint listed at /v2/info
- Default
true
hm9000
¶
port
¶Port of the hm9000 Api Server
- Default
5155
url
¶URL of the hm9000 server
login
¶
enabled
¶whether use login as the authorization endpoint or not
- Default
true
protocol
¶http or https
- Default
https
url
¶URL of the login server
metron_endpoint
¶
host
¶The host used to emit messages to the Metron agent
- Default
127.0.0.1
port
¶The port used to emit messages to the Metron agent
- Default
3457
name
¶
‘name’ attribute in the /v2/info endpoint
- Default
""
nfs_server
¶
address
¶NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)
share_path
¶The location at which to mount the nfs share
- Default
/var/vcap/nfs
request_timeout_in_seconds
¶
Timeout for requests in seconds.
- Default
900
routing_api
¶
enabled
¶Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API
- Default
false
ssl
¶
skip_cert_verify
¶specifies that the job is allowed to skip ssl cert verification
- Default
false
support_address
¶
‘support’ attribute in the /v2/info endpoint
- Default
""
system_domain
¶
Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen
system_domain_organization
¶
An organization that will be created as part of the seeding process. When the system_domain is not shared with (in the list of) app_domains, this is required as the system_domain will be created as a PrivateDomain in this organization.
- Default
system
uaa
¶
ca_cert
¶The certificate authority being used by UAA
cc
¶
token_secret
¶Symmetric secret used to decode uaa tokens. Used for testing.
clients
¶
cc-service-dashboards
¶
scope
¶Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶Used for generating SSO clients for service brokers.
cc_routing
¶
secret
¶Used for fetching routing information from the Routing API
cc_service_broker_client
¶
scope
¶(DEPRECATED) - Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶(DEPRECATED) - Used for generating SSO clients for service brokers.
port
¶The port used by UAA for non-ssl connections
ssl
¶
port
¶The port used by UAA for ssl connections
- Default
8443
url
¶URL of the UAA server
version
¶
‘version’ attribute in the /v2/info endpoint
- Default
0
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/cloud_controller_worker/
directory
(learn more).
bin/blobstore_waiter.sh
(fromblobstore_waiter.sh.erb
)bin/cloud_controller_worker_ctl
(fromcloud_controller_worker_ctl.erb
)bin/console
(fromconsole.erb
)bin/drain
(fromdrain.sh.erb
)bin/pre-start
(frompre-start.sh.erb
)bin/ruby_version.sh
(fromruby_version.sh.erb
)bin/setup_local_blobstore.sh
(fromsetup_local_blobstore.sh.erb
)config/certs/buildpacks_ca_cert.pem
(frombuildpacks_ca_cert.pem.erb
)config/certs/db_ca.crt
(fromdb_ca.crt.erb
)config/certs/droplets_ca_cert.pem
(fromdroplets_ca_cert.pem.erb
)config/certs/mutual_tls.crt
(frommutual_tls.crt.erb
)config/certs/mutual_tls.key
(frommutual_tls.key.erb
)config/certs/mutual_tls_ca.crt
(frommutual_tls_ca.crt.erb
)config/certs/packages_ca_cert.pem
(frompackages_ca_cert.pem.erb
)config/certs/resource_pool_ca_cert.pem
(fromresource_pool_ca_cert.pem.erb
)config/certs/uaa_ca.crt
(fromuaa_ca.crt.erb
)config/cloud_controller_ng.yml
(fromcloud_controller_worker.yml.erb
)config/newrelic.yml
(fromnewrelic.yml.erb
)config/stacks.yml
(fromstacks.yml.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.