worker job from concourse/7.8.3

The 'worker' nodes are what actually run Concourse workloads (builds, resource checking, etc). They register with Concourse via the SSH worker gateway running on the 'web' nodes.

Github source: 21e7301 or master branch

Properties¶

baggageclaim¶

bind_ip¶

IP on which Baggageclaim should listen for HTTP traffic. When p2p is enabled this needs to be set to 0.0.0.0

Default

127.0.0.1

bind_port¶

Port on which Baggageclaim should listen for HTTP traffic.

Default

7788

disable_user_namespaces¶

Disable remapping of user/group IDs in unprivileged volumes.

For use in combination with ‘runtime.type=houdini’.

Default

false

driver¶

Driver to use for the volume store. One of detect, overlay, btrfs, or naive.

Default

detect

p2p¶

interface_family¶

Interface family to use for peer-to-peer volume streaming.

Set 4 for IPv4 or 6 for IPv6.

Example

4

interface_name_pattern¶

Regex for determining the network interface to use for peer-to-peer volume streaming.

Example

eth0

certs_path¶

A path to a directory on the instance to create the resource certificates volume from.

Default

/etc/ssl/certs

connection_drain_timeout¶

Duration after which a worker should give up draining forwarded connections on shutdown.

Default

1h

container_sweeper_max_in_flight¶

Maximum number of containers which can be swept in parallel.

containerd¶

allow_host_access¶

Allows containers to reach host network

bin¶

Path to a containerd executable (non-absolute names get resolved from $PATH).

cni_bin¶

Path to CNI network plugins. For BOSH this defaults to /var/vcap/packages/concourse/bin when containerd is selected as the runtime.

config¶

Path to a config file to use for the Containerd daemon.

dns_proxy_enable¶

Enable a proxy DNS server for Garden. Note: this implicitly turns on container access to host network.

dns_servers¶

List of DNS server IP addresses to use instead of automatically determined servers.

external_ip¶

IP address to use to reach container’s mapped ports. Autodetected if not specified.

init_bin¶

Path to an init executable. For BOSH this defaults to /var/vcap/packages/concourse/bin/init when containerd is selected as the runtime.

max_containers¶

Maximum container capacity. 0 means no limit. Defaults to 250.

mtu¶

MTU size for container network interfaces. Defaults to the MTU of the interface used for outbound access by the host.

network_pool¶

Network range to use for dynamically allocated container subnets. Defaults to “10.80.0.0/16”.

request_timeout¶

Time to wait for requests to Containerd to complete. 0 means no timeout.

restricted_networks¶

List of network ranges to which traffic from containers will be restricted.

debug¶

bind_ip¶

IP address on which to listen for the pprof debugger endpoints.

Default

127.0.0.1

bind_port¶

Port on which to listen for the pprof debugger endpoints.

Default

7776

drain_timeout¶

Maximum wait time in Go duration format (1m = 1 minute) for worker drain to be finished. Only applies when worker is getting shutdown.

Default

1h

ephemeral¶

If set, the worker will immediately disappear upon stalling.

Default

false

external_garden_url¶

API endpoint of an externally managed Garden server to use instead of running the embedded Garden server.

garden¶

allow_host_access¶

Allow containers to reach the worker VM’s network.

config_ini¶

Contents of the Garden configuration. Use to customize the container runtime. This may over-ride any other environment variables specified. See: https://concourse-ci.org/concourse-worker.html#configuring-gdn-server

deny_networks¶

Network ranges to which traffic from containers will be denied.

Example

[]

dns_servers¶

DNS servers IP addresses to use instead of automatically propagating the host’s DNS configuration.

Example

[]

max_containers¶

Maximum container capacity to advertise. 0 means no limit. Defaults to 250.

network_pool¶

Network range to use for dynamically allocated container subnets. Defaults to “10.80.0.0/16”.

request_timeout¶

How long to wait for requests to Garden to complete, in Go duration format (48h = 48 hours). 0 means no timeout.

Example

5m

healthcheck¶

bind_ip¶

IP address on which to listen for health checking requests.

bind_port¶

Port on which to listen for health checking requests.

timeout¶

HTTP timeout for the full duration of health checking.

http_proxy_url¶

Proxy to use for outgoing http requests from containers.

https_proxy_url¶

Proxy to use for outgoing https requests from containers.

log_level¶

The log level for the worker. When set to debug, you’ll see a lot more information.

Default

info

no_proxy¶

A list domains and IPs with optional port for which the proxy should be bypassed.

Example

- localhost
- 127.0.0.1
- example.com
- domain.com:8080

runtime¶

Container runtime for worker. Possible values are “guardian”, “containerd”, and “houdini”. Please note that Houdini is insecure and does not run tasks in containers.

Example

guardian

sweep_interval¶

Interval on which to destroy containers and volumes marked for garbage collection.

Default

30s

tags¶

An array of tags to advertise for each worker.

Example

- special

team¶

Register the worker for a single team.

If not specified, the worker will be shared across all teams.

tracing¶

attributes¶

Attributes to attach to traces as metadata.

Example

environment: ci

honeycomb_api_key¶

Honeycomb.io API Key.

honeycomb_dataset¶

Name of dataset.

Example

web

jaeger_endpoint¶

jaeger HTTP-based Thrift collector.

Example

http://jaeger:14268/api/traces

jaeger_service¶

Name of the service being traced.

Example

web

jaeger_tags¶

Tags to include in components.

Example

foo:bar,caz:zaz

otlp_address¶

OTLP address to send traces to.

Example

otel-collector:55860

otlp_headers¶

Headers to attach to each tracing message.

Example

lightstep-access-token: mysecrettoken

otlp_use_tls¶

Whether to use TLS for the OTLP connection.

service_name¶

Service name to attach to traces as metadata.

Example

concourse-web

stackdriver_projectid¶

GCP’s Project ID

Example

my-projectid

volume_sweeper_max_in_flight¶

Maximum number of volumes which can be swept in parallel.

worker_gateway¶

host_public_key¶

Public key to verify for the TSA server. If not specified, the web link is used.

Example

ssh-rsa ...

hosts¶

Addresses (host:port) of TSA servers to register with.

If not specified, the web link is used.

rebalance_interval¶

The interval on which the worker will connect to a new SSH gateway and drain the old connection. This has the effect of rebalancing the forwarded workers across the SSH gateways over time.

Example

4h

worker_key¶

SSH key to use when authenticating with the TSA.

Example

private_key: |+
  -----BEGIN RSA PRIVATE KEY-----
  ...
  -----END RSA PRIVATE KEY-----
public_key: ssh-rsa ...

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/worker/ directory (learn more).

• bin/concourse_start (from concourse_start.erb)
• bin/concourse_stop (from concourse_stop.erb)
• bin/ctl (from ctl.erb)
• bin/drain (from drain.erb)
• bin/pre_start (from pre_start.erb)
• config/concourse.service (from concourse.service)
• config/env.sh (from env.sh.erb)
• config/garden.ini (from garden.ini.erb)
• config/worker_gateway_host_key.pub (from worker_gateway_host_key.pub.erb)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• btrfs_tools
• concourse