Skip to content

rep job from diego/1.33.0

Github source: e63e3ff or master branch

Properties

admin_api

require_tls

Whether to require mutual TLS for communication to the rep’s administrative API. Requires tls.ca_cert, tls.cert, and tls.key to be configured.

Default
false

bpm

enabled

Experimental: use the BOSH Process Manager to manage the cell rep process.

Default
false

containers

graceful_shutdown_interval_in_seconds

EXPERIMENTAL: time in seconds between signalling a container to shutdown gracefully and stopping it forcefully. Should not be less than 10.

Default
10

proxy

additional_memory_allocation_mb

EXPERIMENTAL: Additional memory allocated to each container for the envoy proxy. This value must not be negative

Default
18
enabled

EXPERIMENTAL: Enable envoy proxy on garden containers. Requires valid TLS credentials in diego.executor.instance_identity_ca_cert and diego.executor.instance_identity_key.

Default
false

trusted_ca_certificates

List of PEM-encoded CA certificates to make available inside containers in a conventional location

Example
- |+
  ----- BEGIN CERTIFICATE -----
  CONTENTS OF CERTIFICATE #1
  ----- END CERTIFICATE -----
- |+
  ----- BEGIN CERTIFICATE -----
  CONTENTS OF CERTIFICATE #2
  ----- END CERTIFICATE -----

diego

executor

auto_disk_capacity_overhead_mb

the amount of overhead that should be subtracted from the container disk capacity, this only applies when disk_capacity_mb is set to auto

Default
0
ca_certs_for_downloads

Concatenation of trusted CA certificates to be used when downloading assets. Deprecated in favor of tls.ca_cert.

container_inode_limit

the inode limit enforced on each garden container.

Default
200000
container_max_cpu_shares

the maximum number of cpu shares for a container.

Default
1024
container_metrics_report_interval

the frequency for emitting container metrics; should be a string that can be parsed by time.ParseDuration, such as 15s

create_work_pool_size

Maximum number of concurrent create container operations.

Default
32
delete_work_pool_size

Maximum number of concurrent delete container operations.

Default
32
disk_capacity_mb

the container disk capacity the executor should manage. this should not be greater than the actual disk quota on the VM

Default
auto
export_network_env_vars

Export network environment variables into container (e.g. CF_INSTANCE_IP, CF_INSTANCE_PORT).

Default
true
garden
address

Garden server listening address.

Default
/var/vcap/data/garden/garden.sock
network

Network type for the garden server connection (tcp or unix).

Default
unix
garden_healthcheck
command_retry_pause

Time to wait between retrying garden commands

Default
1s
interval

Frequency for healtchecking garden

Default
10m
process
args

List of command line args to pass to the garden health check process

Default
-c, ls > /tmp/test
dir

Directory to run the healthcheck process from

env

Environment variables to use when running the garden health check

path

Path of the command to run to perform a container healthcheck

Default
/bin/sh
user

User to use while performing a container healthcheck

Default
vcap
timeout

Maximum allowed time for garden healthcheck

Default
10m
healthcheck_work_pool_size

Maximum number of concurrent health check operations.

Default
64
healthy_monitoring_interval_in_seconds

Interval to check healthy containers in seconds.

Default
30
instance_identity_ca_cert

Experimental: PEM-encoded CA used to sign instance identity credentials. Enables instance identity if set along with instance_identity_key

instance_identity_key

Experimental: PEM-encoded key used to sign instance identity credentials. Enables instance identity if set along with instance_identity_ca_cert

instance_identity_validity_period_in_hours

Experimental: Validity period for the generated instance identity certificate

Default
24
max_cache_size_in_bytes

maximum size of the cache in bytes - this should leave a healthy overhead for temporary items, etc.

Default
1e+10
max_concurrent_downloads

the max concurrent download steps that can be active

Default
5
memory_capacity_mb

the memory capacity the executor should manage. this should not be greater than the actual memory on the VM

Default
auto
metrics_work_pool_size

Maximum number of concurrent get container metrics operations.

Default
8
post_setup_hook

Experimental: arbitrary command to run after setup action

post_setup_user

Experimental: user to run post setup hook command

read_work_pool_size

Maximum number of concurrent get container info operations.

Default
64
unhealthy_monitoring_interval_in_seconds

Interval to check unhealthy containers in seconds.

Default
2
volman
driver_paths

Experimental: OS style path string containing the directories volman will look in for voldriver specs (delimited by : or ; depending on the OS)

Default
/var/vcap/data/voldrivers

rep

advertise_domain

base domain at which the rep should advertise its secure API

Default
cell.service.cf.internal
bbs
api_location

Address to the BBS Server

Default
bbs.service.cf.internal:8889
ca_cert

PEM-encoded CA certificate

client_cert

PEM-encoded client certificate

client_key

PEM-encoded client key

client_session_cache_size

capacity of the tls client cache

max_idle_conns_per_host

maximum number of idle http connections

require_ssl

enable ssl for all communication with the bbs

Default
true
ca_cert

PEM-encoded CA certificate

consul
ca_cert

PEM-encoded CA certificate

client_cert

PEM-encoded client certificate

client_key

PEM-encoded client key

require_tls

Require mutual TLS to talk to the local consul API

Default
false
debug_addr

address at which to serve debug info

Default
127.0.0.1:17008
dropsonde_port

local metron agent’s port

Default
3457
enable_legacy_api_endpoints

Whether to enable the auction, LRP, and Task endpoints on the legacy, insecurable API server

Default
true
evacuation_polling_interval_in_seconds

The interval to look for completed tasks and LRPs during evacuation in seconds

Default
10
evacuation_timeout_in_seconds

The time to wait for evacuation to complete in seconds

Default
600
job_name

The name of the Diego job referenced by this spec (DO NOT override)

Default
rep
listen_addr

address to serve auction and LRP stop requests on

Default
0.0.0.0:1800
listen_addr_admin

When enable_legacy_api_endpoints is set to false, serve (insecure) ping and evacuate requests on this address and port

Default
127.0.0.1:1800
listen_addr_securable

address where rep listens for LRP and task start auction requests

Default
0.0.0.0:1801
locket
api_location

Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API instead of in the Consul key-value store.

log_level

Log level

Default
info
optional_placement_tags

Array of optional tags used for scheduling Tasks and LRPs

Default
[]
placement_tags

Array of tags used for scheduling Tasks and LRPs

Default
[]
polling_interval_in_seconds

The interval to look for completed tasks and LRPs in seconds

Default
30
preloaded_rootfses

Array of name:absolute_path pairs representing root filesystems preloaded onto the underlying garden

require_tls

Whether to require mutual TLS for communication to the securable rep API server

Default
false
rootfs_providers

Array of schemes for which the underlying garden can support arbitrary root filesystems

Default
- docker
server_cert

PEM-encoded server certificate

server_key

PEM-encoded server key

trusted_certs

Concatenation of trusted CA certificates to be made available inside the rootfses. Deprecated in favor of containers.trusted_ca_certificates.

use_azure_fault_domains

Use Azure Fault-Domains to determine the value of the zone. The value of the zone will be z. e.g. z0, z1, etc.

Default
false
zone

The zone associated with the rep. This will override the BOSH-provided spec.az property if present.

ssl

skip_cert_verify

when connecting over https, ignore bad ssl certificates

Default
false

enable_consul_service_registration

Enable the cell rep to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery.

Default
true

enable_declarative_healthcheck

EXPERIMENTAL: When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action. Requires Garden-Runc v1.10.0+

Default
false

loggregator

ca_cert

CA Cert used to communicate with local metron agent over gRPC

cert

Cert used to communicate with local metron agent over gRPC

key

Key used to communicate with local metron agent over gRPC

use_v2_api

True to use local metron agent gRPC v2 api. False, to use UDP v1 api

Default
false

v2_api_port

Local metron agent gRPC port

Default
3458

tls

ca_cert

PEM-encoded tls client CA certificate for asset upload/download

cert

PEM-encoded tls certificate that can be used for client or server auth

key

PEM-encoded tls client key

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/rep/ directory (learn more).

  • bin/bpm-pre-start (from bpm-pre-start.erb)
  • bin/drain (from drain.erb)
  • bin/mount_instance_identity (from mount_instance_identity.erb)
  • bin/post-start (from post-start.erb)
  • bin/pre-start (from pre-start.erb)
  • bin/rep (from rep.erb)
  • bin/rep_as_vcap (from rep_as_vcap.erb)
  • bin/rep_ctl (from rep_ctl.erb)
  • config/bpm.yml (from bpm.yml.erb)
  • config/certs/bbs/ca.crt (from bbs_ca.crt.erb)
  • config/certs/bbs/client.crt (from bbs_client.crt.erb)
  • config/certs/bbs/client.key (from bbs_client.key.erb)
  • config/certs/ca.crt (from rep_ca.crt.erb)
  • config/certs/consul/ca.crt (from consul_ca.crt.erb)
  • config/certs/consul/client.crt (from consul_client.crt.erb)
  • config/certs/consul/client.key (from consul_client.key.erb)
  • config/certs/loggregator/ca.crt (from loggregator_ca.crt.erb)
  • config/certs/loggregator/client.crt (from loggregator_client.crt.erb)
  • config/certs/loggregator/client.key (from loggregator_client.key.erb)
  • config/certs/rep/ca_certs_for_downloads.crt (from ca_certs_for_downloads.crt.erb)
  • config/certs/rep/instance_identity.crt (from instance_identity.crt.erb)
  • config/certs/rep/instance_identity.key (from instance_identity.key.erb)
  • config/certs/rep/trusted_ca_certificates.json (from trusted_ca_certificates.json.erb)
  • config/certs/rep/trusted_certs.crt (from trusted_certs.crt.erb)
  • config/certs/server.crt (from rep_server.crt.erb)
  • config/certs/server.key (from rep_server.key.erb)
  • config/certs/tls.crt (from tls.crt.erb)
  • config/certs/tls.key (from tls.key.erb)
  • config/certs/tls_ca.crt (from tls_ca.crt.erb)
  • config/rep.json (from rep.json.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.