Skip to content

director job from bosh/273.1.0

Github source: 8c190264c or master branch

Properties

agent

env

bosh

Base env for agent

Default
{}

nats

address

Address for agent to connect to nats

blobstore

access_key_id

AWS access_key_id used by s3 blobstore plugin

address

Address of blobstore server used by simple blobstore plugin

bucket_name

AWS S3 or GCP GCS Bucket used by external blobstore plugin

credentials_source

AWS or GCP Credential Source (static / env_or_profile / none)

Default
static

director

password

Password director uses to connect to blobstore used by simple blobstore plugin

user

Username director uses to connect to blobstore used by simple blobstore plugin

enable_signed_urls

Use pre-signed urls for blobstore so that deployed VMs do not require blobstore credentials

Default
false

encryption_key

Customer-Supplied Encryption key used when storing blobs in GCS (Optional - Base64 encoded 32 byte key)

host

Host of blobstore server used by simple blobstore plugin

json_key

Contents of a GCP JSON service account file used for static credentials_source (optional)

port

Port of blobstore server used by simple blobstore plugin

Default
25250

provider

Provider of the blobstore used by director and agent (dav|simple|s3|gcs)

Default
dav

s3_host_style

Whether to use host-style urls instead of path-style urls

Default
false

s3_port

Port of blobstore server used by s3 blobstore plugin

Default
443

s3_region

Region of the blobstore used by s3 blobstore plugin

s3_signature_version

Signature version of the blobstore used by s3 blobstore plugin (optional, if not provided the s3 client decides which version to use)

secret

Secret used for HMAC signature for pre-signed urls

secret_access_key

AWS secret_access_key used by s3 blobstore plugin

server_side_encryption

Server-side encryption algorithm used when storing blobs in S3 (Optional - “AES256”|“aws:kms”)

sse_kms_key_id

AWS KMS key ID to use for object encryption. All GET and PUT requests for an object protected by AWS KMS will fail if not made via SSL or using SigV4.

ssl_verify_peer

Verify the SSL certificate used on the blobstore?

Default
true

storage_class

Storage Class used when storing blobs in GCS (optional, if not provided uses bucket default)

tls

cert
ca

CA Cert for TLS communcation with blobstore

use_ssl

Whether the simple blobstore plugin should use SSL to connect to the blobstore server

Default
true

director

allow_errands_on_stopped_instances

When true, bosh will not error out when running errands on stopped instances

Default
false

auto_fix_stateful_nodes

Enable/Disable auto resolution for stateful nodes for scan_and_fix (true|false)

Default
true

backend_port

Port that the director listens on

Default
25556

config_server

ca_cert

CA cert to trust when communicating with Config Server

enabled

When true, replace substitution values in manifest with values from Config Server

Default
false
uaa
ca_cert

CA cert to trust when communicating with UAA

client_id

UAA client id to access Config Server

client_secret

UAA client secret to access Config Server

url

URL for the UAA server used for authenticating access to Config Server

url

URL for the Config Server

cpi

preferred_api_version

The preferred api version to use when communicating with the CPI. If specified greater than the max supported version it will only communicate via the highest available api version.

cpi_job

Name of cpi job (null to use bundled cpi gems)

db

adapter

The type of database used (mysql2|postgres|sqlite)

Default
postgres
connection_options

Additional options for the database The below default applies to postgres databases. For config options for mysql dbs, refer to the mysql2 gem options.

Default
  max_connections: 32
  pool_timeout: 10
database

Name of the director database

Default
bosh
host

Address of the director database, for example, in the case of AWS RDS: rds-instance-name.coqxxxxxxxxx.us-east-1.rds.amazonaws.com

Default
127.0.0.1
password

Password used for the director database

port

Port of the director database (e.g, msyql2 adapter would generally use 3306)

Default
5432
tls
cert
ca

Database CA certificate

certificate

Client certificate for mutual TLS connections to DB

private_key

Client private key for mutual TLS connections to DB

enabled

Flag for enabling tls for database

Default
false
skip_host_verify

Skip host verification for Server CA certificate. Must be true if database is hosted on GCP.

Default
false
user

Username used for the director database

Default
bosh

debug

keep_unreachable_vms

When a bosh deploy fails, the failed VM will be kept instead of destroyed

Default
false

default_ssh_options

gateway_host

Default host to use as ssh gateway with bosh ssh command

gateway_user

Default user to use with bosh ssh command

Default
vcap

disks

cleanup_schedule

RufusScheduler cron formatted schedule for cleanup of orphaned disks and orphaned snapshots

Default
0 0,30 * * * * UTC
max_orphaned_age_in_days

Days to keep orphaned disks and orphaned snapshots before cleanup

Default
5

enable_cpi_resize_disk

Enable/Disable native CPI disk resizing (true|false)

Default
false

enable_dedicated_status_worker

Separate worker for ‘bosh vms’ and ‘bosh ssh’

Default
false

enable_nats_delivered_templates

When true, rendered templates will be sent over NATs

Default
false

enable_post_deploy

When true, all templates will run their post_deploy script once deployment is complete

Default
true

enable_snapshots

Enable/Disable snapshots for persistent disks (true|false)

Default
false

enable_virtual_delete_vms

When true, bosh will not delete vm from cloud when instance update, just destroy vm record in db

Default
false

events

cleanup_schedule

RufusScheduler cron formatted schedule for cleanup of events

Default
0 * * * * UTC
max_events

Max number of events to keep

Default
10000
record_events

Enable recording of events to the database and audit logs

Default
false

flush_arp

Clear up arp entries when machines are recreated

Default
false

generate_vm_passwords

When true, a random unique password will be used for each vm if user has not specified a password

Default
false

ignore_missing_gateway

Allow gateway to be omitted from subnet configuration. Boshlite vms(containers) do not require gateway.

Default
false

ipv6_listen

Enable binding to IPv6 addresses

Default
false

local_dns

enabled

Enables local DNS, i.e., sending sync_dns messages with all names/IPs to all agents managed by this director

Default
false
include_index

If local DNS is enabled, then include_index will cause director to propagate dns records with instance index number as well as dns records with instance ID

Default
false
use_dns_addresses

When true, address references in rendered templates will evaluate to DNS entries rather than IP addresses

Default
false

log_access_events

Access to api is logged in CEF format

Default
false

log_access_events_to_syslog

Removed. Please use director.log_access_events instead.

log_level

Log level

Default
debug

max_tasks

Max number of tasks per each type to keep in disk

Default
2000

max_threads

Max number of director concurrent threads

Default
32

max_upload_size

Max allowed file size for upload

Default
10000m

max_vm_create_tries

Max retries when creating VMs

Default
5

metrics_server

backend_port

Internal port for metrics server to listen to

Default
9092
enabled

Enables the metrics server on the director

Default
false
listen_on_external_interface

Exposes the directors metrics server on an external interface. Requires the use of mutual auth TLS

Default
true
port

External Port for nginx to listen for metrics server

Default
9091
tls
ca

CA certificate for mutual TLS connections to an external metrics server

certificate

Client certificate for mutual TLS connections to an external metrics server

private_key

Client private key for mutual TLS connections to an external metrics server

name

Name of the director

networks

cleanup_schedule

RufusScheduler cron formatted schedule for cleanup of orphaned networks

Default
0 0,30 * * * * UTC
enable_cpi_management

Enables bosh managed networks

Default
false
max_orphaned_age_in_days

Days to keep orphaned networks before cleanup

Default
1

nginx

enable_metrics_endpoint

Expose basic nginx metrics on localhost:/stats endpoint. Uses the ngx_http_stub_status_module (see http://nginx.org/en/docs/http/ngx_http_stub_status_module.html).

Default
false
ssl_ciphers

List of SSL ciphers to allow (format: https://www.openssl.org/docs/manmaster/man1/ciphers.html - CIPHER LIST FORMAT section)

Default
DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
ssl_prefer_server_ciphers

Prefer server’s cipher priority instead of client’s (true for On, false for Off)

Default
true
ssl_protocols

SSL/TLS protocols to allow

Default
TLSv1.2
workers

Number of nginx workers for director

Default
2

parallel_problem_resolution

When true, problems (e.g. resurrection, disk reattaching) are resolved in parallel

Default
true

port

Port that the director nginx listens on

Default
25555

proxy_timeout

Timeout for proxy connection from nginx to director

Default
900

puma_workers

Number of puma workers

Default
3

remove_dev_tools

When true, remove dev tool packages from non-compilation VMs

Default
false

self_snapshot_schedule

RufusScheduler cron formatted schedule for self snapshots

Default
0 0 6 * * * UTC

snapshot_schedule

RufusScheduler cron formatted schedule for snapshots

Default
0 0 7 * * * UTC

ssl

cert

SSL Certificate for director (PEM encoded)

key

SSL private key for director (PEM encoded)

tasks_cleanup_schedule

Schedule cleanup of tasks and their log files, keeping max_tasks

Default
0 0 0 */7 * * UTC

timeout

Timeout for connection from bosh CLI to nginx

Default
7200

trusted_certs

Cerfiticates that VMs created by this director should trust in addition to those packaged with the stemcell (PEM encoded; zero or more certs allowed)

Default
""

user_management

local
users

List of users that can authenticate with director in non-Uaa mode

provider

User management implementation (local|uaa)

Default
local
uaa
public_key

Public key to verify Uaa token when token is encoded with asymmetric encryption

symmetric_key

Symmetric key to verify Uaa token

url

Uaa URL, specify either the url or the urls attribute

urls

List of Uaa URLs, specify either the url or the urls attribute

vms

cleanup_schedule

RufusScheduler cron formatted schedule for cleanup of orphaned vms

Default
'*/5 * * * * UTC'

workers

Number of director workers

Default
3

dns

address

Address of the powerdns server

db

adapter

DNS Database adapter

Default
postgres
connection_options

Additional options for the powerdns database. The below default applies to postgres databases. For config options for mysql dbs, refer to the mysql2 gem options.

Default
  max_connections: 32
  pool_timeout: 10
database

Name of the powerdns database

Default
bosh
host

DNS Database host

Default
127.0.0.1
password

DNS Database password

port

Port that the powerdns database listens on

Default
5432
user

DNS Database user

Default
bosh

domain_name

TLD of the dns zone used by bosh

Default
bosh

env

http_proxy

HTTP proxy that the director, scheduler and workers should use

https_proxy

HTTPS proxy that the director, scheduler and workers should use

no_proxy

List of comma-separated hosts that should skip connecting to the proxy in the director, scheduler and workers

hm

http

port

TCP where health monitor is

Default
25923

indicators

queued_tasks_threshold

Amount of tasks queued for a certain time before alerts are sent

Default
10

nats

address

Address of the nats server

port

Port that the nats server listens on

Default
4222

tls

ca

CA cert to trust when communicating with NATS server

client_ca
certificate

Certificate for NATs mutual TLS (Director uses to generate Agent cert)

private_key

Private Key for NATs mutual TLS (Director uses to generate Agent cert)

director
certificate

Certificate for NATs mutual TLS client (Director client). The Common-Name for this certificate should be “default.director.bosh-internal”

private_key

Private Key for NATs mutual TLS client (Director client)

registry

address

Address of the Registry to connect to

password

Password to access the Registry

port

Port of the Registry to connect to

Default
25777

username

User to access the Registry

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/director/ directory (learn more).

  • bin/bbr/backup (from bbr_backup)
  • bin/bbr/restore (from bbr_restore)
  • bin/console (from console)
  • bin/director (from director)
  • bin/drain (from drain)
  • bin/metrics-server (from metrics-server)
  • bin/post-start (from post-start.erb)
  • bin/pre-start (from pre-start.erb)
  • bin/ps_utils.sh (from ps_utils.sh)
  • bin/scheduler (from scheduler)
  • bin/sync-dns (from sync-dns)
  • bin/task_logrotate (from task_logrotate.sh)
  • bin/trigger-one-time-sync-dns (from trigger-one-time-sync-dns)
  • bin/worker_ctl (from worker_ctl.erb)
  • config/bbr.json (from bbr_config.json.erb)
  • config/bpm.yml (from bpm.yml)
  • config/certificate_expiry.json (from certificate_expiry.json.erb)
  • config/config_server_ca.cert (from config_server_ca.cert.erb)
  • config/db/ca.pem (from db_ca.pem.erb)
  • config/db/client_certificate.pem (from db_client_certificate.pem.erb)
  • config/db/client_private_key.key (from db_client_private_key.key.erb)
  • config/director.yml (from director.yml.erb)
  • config/indicator.yml (from indicator.yml.erb)
  • config/metrics_server/ca.pem (from metrics_server_ca.pem.erb)
  • config/metrics_server/certificate.pem (from metrics_server_certificate.pem.erb)
  • config/metrics_server/private_key.key (from metrics_server_private_key.key.erb)
  • config/mime.types (from mime.types)
  • config/nats_client_ca_certificate.pem (from nats_client_ca_certificate.pem.erb)
  • config/nats_client_ca_private_key (from nats_client_ca_private_key.erb)
  • config/nats_client_certificate.pem (from nats_client_certificate.pem.erb)
  • config/nats_client_private_key (from nats_client_private_key.erb)
  • config/nats_server_ca.pem (from nats_server_ca.pem.erb)
  • config/nginx.conf (from nginx.conf.erb)
  • config/ssl/director.key (from director.key.erb)
  • config/ssl/director.pem (from director.pem.erb)
  • config/task_logrotate.cron (from task_logrotate.cron)
  • config/uaa_server_ca.cert (from uaa_server_ca.cert.erb)
  • env (from env.erb)
  • helpers/utils.sh (from utils.sh)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.