ssh_proxy job from diego/1.35.0
Github source:
6b470cc
or
master branch
Properties¶
bpm
¶
enabled
¶Experimental: use the BOSH Process Manager to manage the ssh-proxy process.
- Default
false
connect_to_instance_address
¶
Connect directly to container IP instead of to the host IP and external port. Suitable only for deployments in which the gorouters and TCP routers can route directly to the container IP of instances.
- Default
false
diego
¶
ssh_proxy
¶
allowed_ciphers
¶Comma separated list of allowed cipher algorithms
allowed_keyexchanges
¶Comma separated list of allowed key exchange algorithms
allowed_macs
¶Comma separated list of allowed MAC algorithms
bbs
¶
api_location
¶Address to the BBS Server
- Default
bbs.service.cf.internal:8889
ca_cert
¶PEM-encoded CA certificate
client_cert
¶PEM-encoded client certificate
client_key
¶PEM-encoded client key
client_session_cache_size
¶capacity of the tls client cache
max_idle_conns_per_host
¶maximum number of idle http connections
require_ssl
¶require ssl for all communication with the bbs. Deprecated, TLS will be required for the bbs in Diego v2.0+.
- Default
true
cc
¶
external_port
¶External port of the Cloud Controller API
- Default
9022
internal_service_hostname
¶Internal service hostname of Cloud Controller API
- Default
cloud-controller-ng.service.cf.internal
debug_addr
¶address at which to serve debug info
- Default
127.0.0.1:17016
diego_credentials
¶Diego Credentials to be used with the Diego authenitcation method
dropsonde_port
¶local metron agent’s port. Deprecated, will be removed when loggregator API v1 support is removed.
- Default
3457
enable_cf_auth
¶Allow ssh access for cf applications
- Default
false
enable_diego_auth
¶Allow ssh access for diego applications
- Default
false
healthcheck_listen_addr
¶address for the ssh proxy healthcheck server
- Default
0.0.0.0:2223
host_key
¶PEM encoded RSA private key used to identify host
idle_connection_timeout_in_seconds
¶Idle timeout for incoming connections
listen_addr
¶address for the proxy to listen on
- Default
0.0.0.0:2222
log_level
¶Log level
- Default
info
uaa
¶
ca_cert
¶The CA certificate of the UAA
port
¶The port to contact UAA on
url
¶The domain name of the UAA
- Default
https://uaa.service.cf.internal
uaa_secret
¶The oauth client secret used to authenticate the ssh-proxy with the uaa
uaa_token_url
¶URL of the UAA token endpoint. Deprecated in favor of diego.ssh_proxy.uaa.url.
ssl
¶
skip_cert_verify
¶when connecting over https, ignore bad ssl certificates
- Default
false
enable_consul_service_registration
¶
Enable the ssh-proxy to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery.
- Default
true
loggregator
¶
ca_cert
¶CA Cert used to communicate with local metron agent over gRPC
cert
¶Cert used to communicate with local metron agent over gRPC
key
¶Key used to communicate with local metron agent over gRPC
use_v2_api
¶True to use local metron agent gRPC v2 API. False to use UDP v1 API.
- Default
false
v2_api_port
¶Local metron agent gRPC port
- Default
3458
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/ssh_proxy/
directory
(learn more).
bin/ssh_proxy_as_vcap
(fromssh_proxy_as_vcap.erb
)bin/ssh_proxy_ctl
(fromssh_proxy_ctl.erb
)config/bpm.yml
(frombpm.yml.erb
)config/certs/bbs/ca.crt
(frombbs_ca.crt.erb
)config/certs/bbs/client.crt
(frombbs_client.crt.erb
)config/certs/bbs/client.key
(frombbs_client.key.erb
)config/certs/loggregator/ca.crt
(fromloggregator_ca.crt.erb
)config/certs/loggregator/client.crt
(fromloggregator_client.crt.erb
)config/certs/loggregator/client.key
(fromloggregator_client.key.erb
)config/certs/uaa/ca.crt
(fromuaa_ca.crt.erb
)config/ssh_proxy.json
(fromssh_proxy.json.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.