Skip to content

core job from shield/8.0.19

Github source: 424d694 or master branch

Properties

agent

key

RSA private key used for securing communications between SHIELD Agents and the SHIELD Core.

core

authentication

A list of SHIELD Authentication Provider configurations, to be emitted into the shieldd.conf configuration file as-is (under the auth: key).

color

What color should the SHIELD Web UI render the environment tag in.

Default
yellow

env

A short tag describing this environment (i.e. ‘prod’, ‘staging’, etc.).

Default
sandbox

fast-loop

How frequently should SHIELD check for and execute scheduled jobs.

Default
5s

motd

A (perhaps long-form) message of the day, to display on login forms.

Default
Welcome to SHIELD!

session-timeout

How long should sessions be valid for.

Default
8h

slow-loop

How frequently should SHIELD perform janitorial tasks.

Default
1h

task-timeout

How long after start of execution before timing out a running task.

Default
12h

workers

Maximum allowable number of running, concurrent tasks.

Default
5

domain

Fully-qualified domain name (or IP address) of your SHIELD installation

failsafe

password

A password for the failsafe user.

Default
shield

username

A fallback username for initially accessiong your SHIELD instance.

Default
admin

log-level

Log level for the SHIELD Core. One of ‘error’, ‘warning’, or ‘info’.

Default
error

migrate-from

dsn

The full datasource name of a legacy (pre-v8) database to migrate from.

type

What type of legacy (pre-v8) database to migrate from (optional).

nginx

connections

Number of nginx connections per worker

Default
8192

keepalive

Timeout for keep-alive connections

Default
75 20

workers

Number of nginx workers

Default
2

port

Incoming port to bind for HTTPS API and Web UI

Default
443

tls

certificate

TLS Certificate (PEM encoded), used for the HTTPS API and Web UI

ciphers

Which SSL/TLS ciphers to allow, used for the HTTPS API and Web UI

Default
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH

key

TLS private key (PEM encoded), used for the HTTPS API and Web UI

protocols

Which SSL/TLS protocols to allow, used for the HTTPS API and Web UI

Default
TLSv1 TLSv1.1 TLSv1.2

reuse-after

How long (in hours) before rotating cryptographic parameters

Default
2

vault

tls

ca

The PEM-encoded certificate of the CA that signed the Vault Certificate. The SHIELD core needs this so that it can trust the Vault certificate.

certificate

The PEM-encoded certificate of the Vault itself. This certificate should be issued for the IP SAN 127.0.0.1.

key

The PEM-encoded private key for the Vault certificate.

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/core/ directory (learn more).

  • bin/nginx (from bin/nginx)
  • bin/shieldd (from bin/shieldd)
  • bin/vault (from bin/vault)
  • config/agent.key (from config/agent.key)
  • config/nginx.conf (from config/nginx.conf)
  • config/shieldd.conf (from config/shieldd.conf)
  • config/tls/nginx.key (from config/tls/nginx.key)
  • config/tls/nginx.pub (from config/tls/nginx.pub)
  • config/tls/vault.ca (from config/tls/vault.ca)
  • config/tls/vault.key (from config/tls/vault.key)
  • config/tls/vault.pub (from config/tls/vault.pub)
  • config/vault.conf (from config/vault.conf)
  • envrc (from envrc)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.