rep job from diego/1.33.0
Github source:
e63e3ff
or
master branch
Properties¶
admin_api
¶
require_tls
¶Whether to require mutual TLS for communication to the rep’s administrative API. Requires
tls.ca_cert
,tls.cert
, andtls.key
to be configured.
- Default
false
bpm
¶
enabled
¶Experimental: use the BOSH Process Manager to manage the cell rep process.
- Default
false
containers
¶
graceful_shutdown_interval_in_seconds
¶EXPERIMENTAL: time in seconds between signalling a container to shutdown gracefully and stopping it forcefully. Should not be less than 10.
- Default
10
proxy
¶
additional_memory_allocation_mb
¶EXPERIMENTAL: Additional memory allocated to each container for the envoy proxy. This value must not be negative
- Default
18
enabled
¶EXPERIMENTAL: Enable envoy proxy on garden containers. Requires valid TLS credentials in diego.executor.instance_identity_ca_cert and diego.executor.instance_identity_key.
- Default
false
trusted_ca_certificates
¶List of PEM-encoded CA certificates to make available inside containers in a conventional location
- Example
- |+ ----- BEGIN CERTIFICATE ----- CONTENTS OF CERTIFICATE #1 ----- END CERTIFICATE ----- - |+ ----- BEGIN CERTIFICATE ----- CONTENTS OF CERTIFICATE #2 ----- END CERTIFICATE -----
diego
¶
executor
¶
auto_disk_capacity_overhead_mb
¶the amount of overhead that should be subtracted from the container disk capacity, this only applies when disk_capacity_mb is set to auto
- Default
0
ca_certs_for_downloads
¶Concatenation of trusted CA certificates to be used when downloading assets. Deprecated in favor of tls.ca_cert.
container_inode_limit
¶the inode limit enforced on each garden container.
- Default
200000
container_max_cpu_shares
¶the maximum number of cpu shares for a container.
- Default
1024
container_metrics_report_interval
¶the frequency for emitting container metrics; should be a string that can be parsed by time.ParseDuration, such as 15s
create_work_pool_size
¶Maximum number of concurrent create container operations.
- Default
32
delete_work_pool_size
¶Maximum number of concurrent delete container operations.
- Default
32
disk_capacity_mb
¶the container disk capacity the executor should manage. this should not be greater than the actual disk quota on the VM
- Default
auto
export_network_env_vars
¶Export network environment variables into container (e.g. CF_INSTANCE_IP, CF_INSTANCE_PORT).
- Default
true
garden
¶
address
¶Garden server listening address.
- Default
/var/vcap/data/garden/garden.sock
network
¶Network type for the garden server connection (tcp or unix).
- Default
unix
garden_healthcheck
¶
command_retry_pause
¶Time to wait between retrying garden commands
- Default
1s
interval
¶Frequency for healtchecking garden
- Default
10m
process
¶args
¶List of command line args to pass to the garden health check process
- Default
-c, ls > /tmp/testdir
¶Directory to run the healthcheck process from
env
¶Environment variables to use when running the garden health check
path
¶Path of the command to run to perform a container healthcheck
- Default
/bin/shuser
¶User to use while performing a container healthcheck
- Default
vcap
timeout
¶Maximum allowed time for garden healthcheck
- Default
10m
healthcheck_work_pool_size
¶Maximum number of concurrent health check operations.
- Default
64
healthy_monitoring_interval_in_seconds
¶Interval to check healthy containers in seconds.
- Default
30
instance_identity_ca_cert
¶Experimental: PEM-encoded CA used to sign instance identity credentials. Enables instance identity if set along with instance_identity_key
instance_identity_key
¶Experimental: PEM-encoded key used to sign instance identity credentials. Enables instance identity if set along with instance_identity_ca_cert
instance_identity_validity_period_in_hours
¶Experimental: Validity period for the generated instance identity certificate
- Default
24
max_cache_size_in_bytes
¶maximum size of the cache in bytes - this should leave a healthy overhead for temporary items, etc.
- Default
1e+10
max_concurrent_downloads
¶the max concurrent download steps that can be active
- Default
5
memory_capacity_mb
¶the memory capacity the executor should manage. this should not be greater than the actual memory on the VM
- Default
auto
metrics_work_pool_size
¶Maximum number of concurrent get container metrics operations.
- Default
8
post_setup_hook
¶Experimental: arbitrary command to run after setup action
post_setup_user
¶Experimental: user to run post setup hook command
read_work_pool_size
¶Maximum number of concurrent get container info operations.
- Default
64
unhealthy_monitoring_interval_in_seconds
¶Interval to check unhealthy containers in seconds.
- Default
2
volman
¶
driver_paths
¶Experimental: OS style path string containing the directories volman will look in for voldriver specs (delimited by : or ; depending on the OS)
- Default
/var/vcap/data/voldrivers
rep
¶
advertise_domain
¶base domain at which the rep should advertise its secure API
- Default
cell.service.cf.internal
bbs
¶
api_location
¶Address to the BBS Server
- Default
bbs.service.cf.internal:8889
ca_cert
¶PEM-encoded CA certificate
client_cert
¶PEM-encoded client certificate
client_key
¶PEM-encoded client key
client_session_cache_size
¶capacity of the tls client cache
max_idle_conns_per_host
¶maximum number of idle http connections
require_ssl
¶enable ssl for all communication with the bbs
- Default
true
ca_cert
¶PEM-encoded CA certificate
consul
¶
ca_cert
¶PEM-encoded CA certificate
client_cert
¶PEM-encoded client certificate
client_key
¶PEM-encoded client key
require_tls
¶Require mutual TLS to talk to the local consul API
- Default
false
debug_addr
¶address at which to serve debug info
- Default
127.0.0.1:17008
dropsonde_port
¶local metron agent’s port
- Default
3457
enable_legacy_api_endpoints
¶Whether to enable the auction, LRP, and Task endpoints on the legacy, insecurable API server
- Default
true
evacuation_polling_interval_in_seconds
¶The interval to look for completed tasks and LRPs during evacuation in seconds
- Default
10
evacuation_timeout_in_seconds
¶The time to wait for evacuation to complete in seconds
- Default
600
job_name
¶The name of the Diego job referenced by this spec (DO NOT override)
- Default
rep
listen_addr
¶address to serve auction and LRP stop requests on
- Default
0.0.0.0:1800
listen_addr_admin
¶When enable_legacy_api_endpoints is set to false, serve (insecure) ping and evacuate requests on this address and port
- Default
127.0.0.1:1800
listen_addr_securable
¶address where rep listens for LRP and task start auction requests
- Default
0.0.0.0:1801
locket
¶
api_location
¶Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API instead of in the Consul key-value store.
log_level
¶Log level
- Default
info
optional_placement_tags
¶Array of optional tags used for scheduling Tasks and LRPs
- Default
[]
placement_tags
¶Array of tags used for scheduling Tasks and LRPs
- Default
[]
polling_interval_in_seconds
¶The interval to look for completed tasks and LRPs in seconds
- Default
30
preloaded_rootfses
¶Array of name:absolute_path pairs representing root filesystems preloaded onto the underlying garden
require_tls
¶Whether to require mutual TLS for communication to the securable rep API server
- Default
false
rootfs_providers
¶Array of schemes for which the underlying garden can support arbitrary root filesystems
- Default
- docker
server_cert
¶PEM-encoded server certificate
server_key
¶PEM-encoded server key
trusted_certs
¶Concatenation of trusted CA certificates to be made available inside the rootfses. Deprecated in favor of containers.trusted_ca_certificates.
use_azure_fault_domains
¶Use Azure Fault-Domains to determine the value of the zone. The value of the zone will be z. e.g. z0, z1, etc.
- Default
false
zone
¶The zone associated with the rep. This will override the BOSH-provided spec.az property if present.
ssl
¶
skip_cert_verify
¶when connecting over https, ignore bad ssl certificates
- Default
false
enable_consul_service_registration
¶
Enable the cell rep to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery.
- Default
true
enable_declarative_healthcheck
¶
EXPERIMENTAL: When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action. Requires Garden-Runc v1.10.0+
- Default
false
loggregator
¶
ca_cert
¶CA Cert used to communicate with local metron agent over gRPC
cert
¶Cert used to communicate with local metron agent over gRPC
key
¶Key used to communicate with local metron agent over gRPC
use_v2_api
¶True to use local metron agent gRPC v2 api. False, to use UDP v1 api
- Default
false
v2_api_port
¶Local metron agent gRPC port
- Default
3458
tls
¶
ca_cert
¶PEM-encoded tls client CA certificate for asset upload/download
cert
¶PEM-encoded tls certificate that can be used for client or server auth
key
¶PEM-encoded tls client key
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/rep/
directory
(learn more).
bin/bpm-pre-start
(frombpm-pre-start.erb
)bin/drain
(fromdrain.erb
)bin/mount_instance_identity
(frommount_instance_identity.erb
)bin/post-start
(frompost-start.erb
)bin/pre-start
(frompre-start.erb
)bin/rep
(fromrep.erb
)bin/rep_as_vcap
(fromrep_as_vcap.erb
)bin/rep_ctl
(fromrep_ctl.erb
)config/bpm.yml
(frombpm.yml.erb
)config/certs/bbs/ca.crt
(frombbs_ca.crt.erb
)config/certs/bbs/client.crt
(frombbs_client.crt.erb
)config/certs/bbs/client.key
(frombbs_client.key.erb
)config/certs/ca.crt
(fromrep_ca.crt.erb
)config/certs/consul/ca.crt
(fromconsul_ca.crt.erb
)config/certs/consul/client.crt
(fromconsul_client.crt.erb
)config/certs/consul/client.key
(fromconsul_client.key.erb
)config/certs/loggregator/ca.crt
(fromloggregator_ca.crt.erb
)config/certs/loggregator/client.crt
(fromloggregator_client.crt.erb
)config/certs/loggregator/client.key
(fromloggregator_client.key.erb
)config/certs/rep/ca_certs_for_downloads.crt
(fromca_certs_for_downloads.crt.erb
)config/certs/rep/instance_identity.crt
(frominstance_identity.crt.erb
)config/certs/rep/instance_identity.key
(frominstance_identity.key.erb
)config/certs/rep/trusted_ca_certificates.json
(fromtrusted_ca_certificates.json.erb
)config/certs/rep/trusted_certs.crt
(fromtrusted_certs.crt.erb
)config/certs/server.crt
(fromrep_server.crt.erb
)config/certs/server.key
(fromrep_server.key.erb
)config/certs/tls.crt
(fromtls.crt.erb
)config/certs/tls.key
(fromtls.key.erb
)config/certs/tls_ca.crt
(fromtls_ca.crt.erb
)config/rep.json
(fromrep.json.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.