worker job from concourse/6.7.5

The 'worker' nodes are what actually run Concourse workloads (builds, resource checking, etc). They register with Concourse via the SSH worker gateway running on the 'web' nodes.

Github source: 881a117 or master branch

Properties¶

baggageclaim¶

bind_port¶

Port on which Baggageclaim should listen for HTTP traffic.

Default

7788

disable_user_namespaces¶

Disable remapping of user/group IDs in unprivileged volumes.

For use in combination with ‘runtime.type=houdini’.

Default

false

driver¶

Driver to use for the volume store. One of detect, overlay, btrfs, or naive.

Default

detect

certs_path¶

A path to a directory on the instance to create the resource certificates volume from.

Default

/etc/ssl/certs

connection_drain_timeout¶

Duration after which a worker should give up draining forwarded connections on shutdown.

Default

1h

container_sweeper_max_in_flight¶

Maximum number of containers which can be swept in parallel.

containerd¶

bin¶

Path to a containerd executable (non-absolute names get resolved from $PATH).

config¶

Path to a config file to use for the Containerd daemon.

dns_proxy_enable¶

Enable a proxy DNS server for Garden

dns_servers¶

List of DNS server IP addresses to use instead of automatically determined servers.

max_containers¶

Maximum container capacity. 0 means no limit. Defaults to 250.

network_pool¶

Network range to use for dynamically allocated container subnets. Defaults to “10.80.0.0/16”.

request_timeout¶

Time to wait for requests to Containerd to complete. 0 means no timeout.

restricted_networks¶

List of network ranges to which traffic from containers will be restricted.

debug¶

bind_ip¶

IP address on which to listen for the pprof debugger endpoints.

Default

127.0.0.1

bind_port¶

Port on which to listen for the pprof debugger endpoints.

Default

7776

drain_timeout¶

Maximum wait time in Go duration format (1m = 1 minute) for worker drain to be finished. Only applies when worker is getting shutdown.

Default

1h

ephemeral¶

If set, the worker will immediately disappear upon stalling.

Default

false

external_garden_url¶

API endpoint of an externally managed Garden server to use instead of running the embedded Garden server.

garden¶

allow_host_access¶

Allow containers to reach the worker VM’s network.

config_ini¶

Contents of the Garden configuration. Use to customize the container runtime. This may over-ride any other environment variables specified. See: https://concourse-ci.org/concourse-worker.html#configuring-gdn-server

deny_networks¶

Network ranges to which traffic from containers will be denied.

Example

[]

dns_servers¶

DNS servers IP addresses to use instead of automatically propagating the host’s DNS configuration.

Example

[]

max_containers¶

Maximum container capacity to advertise. 0 means no limit. Defaults to 250.

network_pool¶

Network range to use for dynamically allocated container subnets. Defaults to “10.80.0.0/16”.

request_timeout¶

How long to wait for requests to Garden to complete, in Go duration format (48h = 48 hours). 0 means no timeout.

Example

5m

healthcheck¶

bind_ip¶

IP address on which to listen for health checking requests.

bind_port¶

Port on which to listen for health checking requests.

timeout¶

HTTP timeout for the full duration of health checking.

http_proxy_url¶

Proxy to use for outgoing http requests from containers.

https_proxy_url¶

Proxy to use for outgoing https requests from containers.

log_level¶

The log level for the worker. When set to debug, you’ll see a lot more information.

Default

info

no_proxy¶

A list domains and IPs with optional port for which the proxy should be bypassed.

Example

- localhost
- 127.0.0.1
- example.com
- domain.com:8080

runtime¶

Container runtime for worker. Possible values are “guardian”, “containerd”, and “houdini”. Please note that Houdini is insecure and does not run tasks in containers.

Example

guardian

sweep_interval¶

Interval on which to destroy containers and volumes marked for garbage collection.

Default

30s

tags¶

An array of tags to advertise for each worker.

Example

- special

team¶

Register the worker for a single team.

If not specified, the worker will be shared across all teams.

volume_sweeper_max_in_flight¶

Maximum number of volumes which can be swept in parallel.

worker_gateway¶

host_public_key¶

Public key to verify for the TSA server. If not specified, the web link is used.

Example

ssh-rsa ...

hosts¶

Addresses (host:port) of TSA servers to register with.

If not specified, the web link is used.

rebalance_interval¶

The interval on which the worker will connect to a new SSH gateway and drain the old connection. This has the effect of rebalancing the forwarded workers across the SSH gateways over time.

Example

4h

worker_key¶

SSH key to use when authenticating with the TSA.

Example

private_key: |+
  -----BEGIN RSA PRIVATE KEY-----
  ...
  -----END RSA PRIVATE KEY-----
public_key: ssh-rsa ...

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/worker/ directory (learn more).

• bin/concourse_start (from concourse_start.erb)
• bin/concourse_stop (from concourse_stop.erb)
• bin/ctl (from ctl.erb)
• bin/drain (from drain.erb)
• bin/pre_start (from pre_start.erb)
• config/concourse.service (from concourse.service)
• config/env.sh (from env.sh.erb)
• config/garden.ini (from garden.ini.erb)
• config/worker_gateway_host_key.pub (from worker_gateway_host_key.pub.erb)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• btrfs_tools
• concourse