director job from bosh/280.1.14
Github source:
bca6c81882
or
master branch
Properties¶
agent
¶
agent_wait_timeout
¶optional agent wait timeout setting, default 600s
- Default
600
env
¶
bosh
¶Base env for agent
- Default
{}
nats
¶
address
¶Address for agent to connect to nats
blobstore
¶
access_key_id
¶AWS access_key_id used by s3 blobstore plugin
account_key
¶account_key of azure storage account
account_name
¶account_name of azure storage account
address
¶Address of blobstore server used by simple blobstore plugin
assume_role_arn
¶Assume role arn used by s3 blobstore plugin
azure_cloud_name
¶Name of the Azure Cloud
- Default
AzureCloud
bucket_name
¶AWS S3 or GCP GCS Bucket used by external blobstore plugin
container_name
¶container_name of azure storage account
credentials_source
¶AWS or GCP Credential Source (static / env_or_profile / none)
- Default
static
director
¶
password
¶Password director uses to connect to blobstore used by simple blobstore plugin
user
¶Username director uses to connect to blobstore used by simple blobstore plugin
enable_signed_urls
¶Use pre-signed urls for blobstore so that deployed VMs do not require blobstore credentials
- Default
false
encryption_key
¶Customer-Supplied Encryption key used when storing blobs in GCS (Optional - Base64 encoded 32 byte key)
host
¶Host of blobstore server used by simple blobstore plugin
json_key
¶Contents of a GCP JSON service account file used for static credentials_source (optional)
port
¶Port of blobstore server used by simple blobstore plugin
- Default
25250
provider
¶Provider of the blobstore used by director and agent (dav|simple|s3|gcs|azure-storage)
- Default
dav
s3_host_style
¶Whether to use host-style urls instead of path-style urls
- Default
false
s3_port
¶Port of blobstore server used by s3 blobstore plugin
- Default
443
s3_region
¶Region of the blobstore used by s3 blobstore plugin
s3_signature_version
¶Signature version of the blobstore used by s3 blobstore plugin (optional, if not provided the s3 client decides which version to use)
secret
¶Secret used for HMAC signature for pre-signed urls
secret_access_key
¶AWS secret_access_key used by s3 blobstore plugin
server_side_encryption
¶Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)
sse_kms_key_id
¶AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.
ssl_verify_peer
¶Verify the SSL certificate used on the blobstore?
- Default
true
storage_class
¶Storage Class used when storing blobs in GCS (optional, if not provided uses bucket default)
swift_auth_account
¶swift_auth_account of swift storage account
swift_temp_url_key
¶swift_temp_url_key of swift storage account
tls
¶
cert
¶
ca
¶CA Cert for TLS communication with blobstore
use_ssl
¶Whether the simple blobstore plugin should use SSL to connect to the blobstore server
- Default
true
director
¶
allow_errands_on_stopped_instances
¶When true, bosh will not error out when running errands on stopped instances
- Default
false
auto_fix_stateful_nodes
¶Enable/Disable auto resolution for stateful nodes for scan_and_fix (true|false)
- Default
true
backend_port
¶Port that the director listens on
- Default
25556
config_server
¶
ca_cert
¶CA cert to trust when communicating with Config Server
enabled
¶When true, replace substitution values in manifest with values from Config Server
- Default
false
uaa
¶
ca_cert
¶CA cert to trust when communicating with UAA
client_id
¶UAA client id to access Config Server
client_secret
¶UAA client secret to access Config Server
url
¶URL for the UAA server used for authenticating access to Config Server
url
¶URL for the Config Server
cpi
¶
preferred_api_version
¶The preferred api version to use when communicating with the CPI. If specified greater than the max supported version it will only communicate via the highest available api version.
cpi_job
¶Name of cpi job (null to use bundled cpi gems)
db
¶
adapter
¶The type of database used (mysql2|postgres|sqlite)
- Default
postgres
connection_options
¶Additional options for the database The below default applies to postgres databases. For config options for mysql dbs, refer to the mysql2 gem options.
- Default
max_connections: 32 pool_timeout: 10
database
¶Name of the director database
- Default
bosh
host
¶Address of the director database, for example, in the case of AWS RDS: fake-rds-instance-name.fake-rds-subdomain.us-east-1.rds.amazonaws.com
- Default
127.0.0.1
password
¶Password used for the director database
port
¶Port of the director database (e.g, mysql2 adapter would generally use 3306)
- Default
5432
tls
¶
cert
¶ca
¶Database CA certificate
certificate
¶Client certificate for mutual TLS connections to DB
private_key
¶Client private key for mutual TLS connections to DB
enabled
¶Flag for enabling tls for database
- Default
false
skip_host_verify
¶Skip host verification for Server CA certificate. Must be true if database is hosted on GCP.
- Default
false
user
¶Username used for the director database
- Default
bosh
debug
¶
keep_unreachable_vms
¶When a bosh deploy fails, the failed VM will be kept instead of destroyed
- Default
false
default_ssh_options
¶
gateway_host
¶Default host to use as ssh gateway with bosh ssh command
gateway_user
¶Default user to use with bosh ssh command
- Default
vcap
disks
¶
cleanup_schedule
¶RufusScheduler cron formatted schedule for cleanup of orphaned disks and orphaned snapshots
- Default
0 0,30 * * * * UTC
max_orphaned_age_in_days
¶Days to keep orphaned disks and orphaned snapshots before cleanup
- Default
5
enable_cpi_resize_disk
¶Enable/Disable native CPI disk resizing (true|false)
- Default
false
enable_cpi_update_disk
¶Enable/Disable native CPI disk update (true|false)
- Default
false
enable_dedicated_status_worker
¶Separate worker for ‘bosh vms’ and ‘bosh ssh’
- Default
false
enable_nats_delivered_templates
¶When true, rendered templates will be sent over NATs
- Default
false
enable_pre_ruby_3_2_equal_tilde_behavior
¶When true, Kernel will be patched to enable Pre-Ruby 3.2 =~ behavior. This is needed for release templates incorrectly using =~.
- Default
false
enable_short_lived_nats_bootstrap_credentials
¶When true, NATS bootstrap credentials will be short lived on new VMs
- Default
true
enable_short_lived_nats_bootstrap_credentials_compilation_vms
¶When true, NATS bootstrap credentials will be short lived on new compilation VMs
- Default
false
enable_snapshots
¶Enable/Disable snapshots for persistent disks (true|false)
- Default
false
enable_virtual_delete_vms
¶When true, bosh will not delete vm from cloud when instance update, just destroy vm record in db
- Default
false
events
¶
cleanup_schedule
¶RufusScheduler cron formatted schedule for cleanup of events
- Default
0 * * * * UTC
max_events
¶Max number of events to keep
- Default
10000
record_events
¶Enable recording of events to the database and audit logs
- Default
false
flush_arp
¶Clear up arp entries when machines are recreated
- Default
false
generate_vm_passwords
¶When true, a random unique password will be used for each vm if user has not specified a password
- Default
false
ignore_missing_gateway
¶Allow gateway to be omitted from subnet configuration. Bosh lite vms(containers) do not require gateway.
- Default
false
ipv6_listen
¶Enable binding to IPv6 addresses
- Default
false
local_dns
¶
enabled
¶Enables local DNS, i.e., sending sync_dns messages with all names/IPs to all agents managed by this director
- Default
false
include_index
¶If local DNS is enabled, then include_index will cause director to propagate dns records with instance index number as well as dns records with instance ID
- Default
false
use_dns_addresses
¶When true, address references in rendered templates will evaluate to DNS entries rather than IP addresses
- Default
false
log_access_events
¶Access to api is logged in CEF format
- Default
false
log_access_events_to_syslog
¶Removed. Please use director.log_access_events instead.
log_level
¶Log level
- Default
debug
max_tasks
¶Max number of tasks per each type to keep in disk
- Default
2000
max_threads
¶Max number of director concurrent threads
- Default
32
max_upload_size
¶Max allowed file size for upload
- Default
10000m
max_vm_create_tries
¶Max retries when creating VMs
- Default
5
metrics_server
¶
backend_port
¶Internal port for metrics server to listen to
- Default
9092
enabled
¶Enables the metrics server on the director
- Default
false
listen_on_external_interface
¶Exposes the directors metrics server on an external interface. Requires the use of mutual auth TLS
- Default
true
port
¶External Port for nginx to listen for metrics server
- Default
9091
tls
¶
ca
¶CA certificate for mutual TLS connections to an external metrics server
certificate
¶Client certificate for mutual TLS connections to an external metrics server
private_key
¶Client private key for mutual TLS connections to an external metrics server
name
¶Name of the director
networks
¶
cleanup_schedule
¶RufusScheduler cron formatted schedule for cleanup of orphaned networks
- Default
0 0,30 * * * * UTC
enable_cpi_management
¶Enables bosh managed networks
- Default
false
max_orphaned_age_in_days
¶Days to keep orphaned networks before cleanup
- Default
1
nginx
¶
enable_metrics_endpoint
¶Expose basic nginx metrics on localhost:/stats endpoint. Uses the ngx_http_stub_status_module (see http://nginx.org/en/docs/http/ngx_http_stub_status_module.html).
- Default
false
ssl_ciphers
¶List of SSL ciphers to allow (format: https://www.openssl.org/docs/manmaster/man1/ciphers.html - CIPHER LIST FORMAT section)
- Default
DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
ssl_prefer_server_ciphers
¶Prefer server’s cipher priority instead of client’s (true for On, false for Off)
- Default
true
ssl_protocols
¶SSL/TLS protocols to allow
- Default
TLSv1.2
workers
¶Number of nginx workers for director
- Default
2
parallel_problem_resolution
¶When true, problems (e.g. resurrection, disk reattaching) are resolved in parallel
- Default
true
port
¶Port that the director nginx listens on
- Default
25555
proxy_timeout
¶Timeout for proxy connection from nginx to director
- Default
900
puma_workers
¶Number of puma workers
- Default
3
remove_dev_tools
¶When true, remove dev tool packages from non-compilation VMs
- Default
false
self_snapshot_schedule
¶RufusScheduler cron formatted schedule for self snapshots
- Default
0 0 6 * * * UTC
snapshot_schedule
¶RufusScheduler cron formatted schedule for snapshots
- Default
0 0 7 * * * UTC
ssl
¶
cert
¶SSL Certificate for director (PEM encoded)
key
¶SSL private key for director (PEM encoded)
tasks_cleanup_schedule
¶Schedule cleanup of tasks and their log files, keeping
max_tasks
- Default
0 0 0 */7 * * UTC
tasks_deployments_retention_period
¶the retention period for tasks and their log files of specific deployments (days)
- Example
|+ - deployment_name: "deployment-name" retention_period: 14
tasks_retention_period
¶the retention period for tasks and their log files (days)
timeout
¶Timeout for connection from bosh CLI to nginx
- Default
7200
trusted_certs
¶Certificates that VMs created by this director should trust in addition to those packaged with the stemcell (PEM encoded; zero or more certs allowed)
- Default
""
user_management
¶
local
¶
users
¶List of users that can authenticate with director in non-Uaa mode
provider
¶User management implementation (local|uaa)
- Default
local
uaa
¶
public_key
¶Public key to verify Uaa token when token is encoded with asymmetric encryption
symmetric_key
¶Symmetric key to verify Uaa token
url
¶Uaa URL, specify either the url or the urls attribute
urls
¶List of Uaa URLs, specify either the url or the urls attribute
vms
¶
cleanup_schedule
¶RufusScheduler cron formatted schedule for cleanup of orphaned vms
- Default
'*/5 * * * * UTC'
workers
¶Number of director workers
- Default
3
dns
¶
domain_name
¶TLD of the dns zone used by bosh
- Default
bosh
env
¶
http_proxy
¶HTTP proxy that the director, scheduler and workers should use
https_proxy
¶HTTPS proxy that the director, scheduler and workers should use
no_proxy
¶List of comma-separated hosts that should skip connecting to the proxy in the director, scheduler and workers
hm
¶
http
¶
port
¶TCP where health monitor is
- Default
25923
indicators
¶
queued_tasks_threshold
¶Amount of tasks queued for a certain time before alerts are sent
- Default
10
nats
¶
address
¶Address of the nats server
port
¶Port that the nats server listens on
- Default
4222
tls
¶
ca
¶CA cert to trust when communicating with NATS server
client_ca
¶
certificate
¶Certificate for NATs mutual TLS (Director uses to generate Agent cert)
private_key
¶Private Key for NATs mutual TLS (Director uses to generate Agent cert)
director
¶
certificate
¶Certificate for NATs mutual TLS client (Director client). The Common-Name for this certificate should be “default.director.bosh-internal”
private_key
¶Private Key for NATs mutual TLS client (Director client)
registry
¶
address
¶Address of the Registry to connect to
password
¶Password to access the Registry
port
¶Port of the Registry to connect to
- Default
25777
username
¶User to access the Registry
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/director/
directory
(learn more).
bin/bbr/backup
(frombbr_backup
)bin/bbr/restore
(frombbr_restore
)bin/console
(fromconsole
)bin/director
(fromdirector
)bin/drain
(fromdrain
)bin/metrics-server
(frommetrics-server
)bin/post-start
(frompost-start.erb
)bin/pre-start
(frompre-start.erb
)bin/ps_utils.sh
(fromps_utils.sh
)bin/scheduler
(fromscheduler
)bin/sync-dns
(fromsync-dns
)bin/task_logrotate
(fromtask_logrotate.sh
)bin/trigger-one-time-sync-dns
(fromtrigger-one-time-sync-dns
)bin/worker_ctl
(fromworker_ctl.erb
)config/bbr.json
(frombbr_config.json.erb
)config/bpm.yml
(frombpm.yml
)config/certificate_expiry.json
(fromcertificate_expiry.json.erb
)config/config_server_ca.cert
(fromconfig_server_ca.cert.erb
)config/db/ca.pem
(fromdb_ca.pem.erb
)config/db/client_certificate.pem
(fromdb_client_certificate.pem.erb
)config/db/client_private_key.key
(fromdb_client_private_key.key.erb
)config/director.yml
(fromdirector.yml.erb
)config/indicator.yml
(fromindicator.yml.erb
)config/metrics_server/ca.pem
(frommetrics_server_ca.pem.erb
)config/metrics_server/certificate.pem
(frommetrics_server_certificate.pem.erb
)config/metrics_server/private_key.key
(frommetrics_server_private_key.key.erb
)config/mime.types
(frommime.types
)config/nats_client_ca_certificate.pem
(fromnats_client_ca_certificate.pem.erb
)config/nats_client_ca_private_key
(fromnats_client_ca_private_key.erb
)config/nats_client_certificate.pem
(fromnats_client_certificate.pem.erb
)config/nats_client_private_key
(fromnats_client_private_key.erb
)config/nats_server_ca.pem
(fromnats_server_ca.pem.erb
)config/nginx.conf
(fromnginx.conf.erb
)config/ssl/director.key
(fromdirector.key.erb
)config/ssl/director.pem
(fromdirector.pem.erb
)config/task_logrotate.cron
(fromtask_logrotate.cron
)config/uaa_server_ca.cert
(fromuaa_server_ca.cert.erb
)env
(fromenv.erb
)helpers/utils.sh
(fromutils.sh
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.