-
Notifications
You must be signed in to change notification settings - Fork 100
/
spec
512 lines (466 loc) · 20.2 KB
/
spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
---
name: cloud_controller_clock
description: "The Cloud Controller clock periodically schedules Cloud Controller clean up tasks for app usage events, audit events, failed jobs, and more. Only single instance of this job is necessary."
templates:
cloud_controller_clock.yml.erb: config/cloud_controller_ng.yml
cloud_controller_clock_ctl.erb: bin/cloud_controller_clock_ctl
newrelic.yml.erb: config/newrelic.yml
stacks.yml.erb: config/stacks.yml
ruby_version.sh.erb: bin/ruby_version.sh
console.erb: bin/console
packages:
- capi_utils
- cloud_controller_ng
- nginx
- nginx_newrelic_plugin
- libpq
- libmariadb
- ruby-2.2.4
properties:
ssl.skip_cert_verify:
description: "specifies that the job is allowed to skip ssl cert verification"
default: false
domain:
description: "domain where cloud_controller will listen (api.domain) often the same as the system domain"
system_domain:
description: "Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen"
system_domain_organization:
description: "The User Org that owns the system_domain, required if system_domain is defined"
default: ""
app_domains:
description: "Array of domains for user apps (example: 'user.app.space.foo', a user app called 'neat' will listen at 'http://neat.user.app.space.foo')"
nats.user:
description: "Username for cc client to connect to NATS"
nats.password:
description: "Password for cc client to connect to NATS"
nats.port:
description: "IP port of Cloud Foundry NATS server"
nats.machines:
description: "IP of each NATS cluster member."
request_timeout_in_seconds:
description: "Timeout for requests in seconds."
default: 900
name:
description: "'name' attribute in the /v2/info endpoint"
default: ""
build:
description: "'build' attribute in the /v2/info endpoint"
default: ""
version:
description: "'version' attribute in the /v2/info endpoint"
default: 0
support_address:
description: "'support' attribute in the /v2/info endpoint"
default: ""
description:
description: "'description' attribute in the /v2/info endpoint"
default: ""
cc.external_port:
description: "External Cloud Controller port"
default: 9022
cc.internal_service_hostname:
description: "Internal hostname used to resolve the address of the Cloud Controller"
default: "cloud-controller-ng.service.cf.internal"
cc.jobs.global.timeout_in_seconds:
description: "The longest any job can take before it is cancelled unless overriden per job"
default: 14400 # 4 hours
cc.jobs.app_bits_packer.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.jobs.app_events_cleanup.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.jobs.app_usage_events_cleanup.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.jobs.blobstore_delete.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.jobs.blobstore_upload.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.jobs.droplet_deletion.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.jobs.droplet_upload.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.app_events.cutoff_age_in_days:
description: "How old an app event should stay in cloud controller database before being cleaned up"
default: 31
cc.app_usage_events.cutoff_age_in_days:
description: "How old an app usage event should stay in cloud controller database before being cleaned up"
default: 31
cc.service_usage_events.cutoff_age_in_days:
description: "How old a service usage event should stay in cloud controller database before being cleaned up"
default: 31
cc.audit_events.cutoff_age_in_days:
description: "How old an audit event should stay in cloud controller database before being cleaned up"
default: 31
cc.failed_jobs.cutoff_age_in_days:
description: "How old a failed job should stay in cloud controller database before being cleaned up"
default: 31
cc.completed_tasks.cutoff_age_in_days:
description: "How long a completed task will stay in cloud controller database before being cleaned up based on last updated time with success or failure."
default: 31
cc.pending_packages.frequency_in_seconds:
description: "How often the package pending cleanup job runs"
default: 300
cc.pending_packages.expiration_in_seconds:
description: "How long packages can remain in pending state before being cleaned up"
default: 1200
cc.external_protocol:
default: "https"
description: "The protocol used to access the CC API from an external entity"
cc.external_host:
default: "api"
description: "Host part of the cloud_controller api URI, will be joined with value of 'domain'"
cc.cc_partition:
default: "default"
description: "Deprecated. Defines a 'partition' for the health_manager job"
cc.bulk_api_user:
default: "bulk_api"
description: "User used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS"
cc.bulk_api_password:
description: "Password used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS"
cc.internal_api_user:
default: "internal_user"
description: "User name used by Diego to access internal endpoints"
cc.internal_api_password:
description: "Password used by Diego to access internal endpoints"
cc.diego.nsync_url:
default: http://nsync.service.cf.internal:8787
description: "URL of the Diego nsync service"
cc.diego.stager_url:
default: http://stager.service.cf.internal:8888
description: "URL of the Diego stager service"
cc.diego.tps_url:
default: http://tps.service.cf.internal:1518
description: "URL of the Diego tps service"
cc.uaa_resource_id:
default: "cloud_controller,cloud_controller_service_permissions"
description: "Name of service to register to UAA"
cc.db_logging_level:
default: "debug2"
description: "Log level for cc database operations"
cc.logging_level:
default: "debug2"
description: "Log level for cc"
cc.logging_max_retries:
default: 1
description: "Passthru value for Steno logger"
cc.staging_timeout_in_seconds:
default: 900
description: "Timeout for staging a droplet"
cc.default_health_check_timeout:
default: 60
description: "Default health check timeout (in seconds) that can be set for the app"
cc.maximum_health_check_timeout:
default: 180
description: "Maximum health check timeout (in seconds) that can be set for the app"
cc.stacks:
default:
- name: "cflinuxfs2"
description: "Cloud Foundry Linux-based filesystem"
description: "Tag used by the DEA to describe capabilities (i.e. 'Windows7', 'python-linux'). DEA and CC must agree."
cc.default_stack:
default: "cflinuxfs2"
description: "The default stack to use if no custom stack is specified by an app."
cc.staging_upload_user:
default: ""
description: "User name used to access internal endpoints of Cloud Controller to upload files when staging"
cc.staging_upload_password:
default: ""
description: "User's password used to access internal endpoints of Cloud Controller to upload files when staging"
cc.quota_definitions:
description: "Hash of default quota definitions. Overriden by custom quota definitions."
cc.default_quota_definition:
default: default
description: "Local to use a local (NFS) file system. AWS to use AWS."
cc.resource_pool.blobstore_type:
description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
default: "fog"
cc.resource_pool.webdav_config.public_endpoint:
description: "The location of the webdav server eg: https://blobstore.com"
default: ""
cc.resource_pool.webdav_config.private_endpoint:
description: "The location of the webdav server eg: https://blobstore.internal"
default: "https://blobstore.service.cf.internal"
cc.resource_pool.webdav_config.username:
description: "The basic auth user that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.resource_pool.webdav_config.password:
description: "The basic auth password that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.resource_pool.webdav_config.ca_cert:
description: "The ca cert to use when communicating with webdav"
default: ""
cc.resource_pool.minimum_size:
description: "Minimum size of a resource to add to the pool"
default: 65536
cc.resource_pool.maximum_size:
description: "Maximum size of a resource to add to the pool"
default: 536870912
cc.resource_pool.resource_directory_key:
description: "Directory (bucket) used store app resources. It does not have be pre-created."
default: "cc-resources"
cc.resource_pool.fog_connection:
description: "Fog connection hash"
cc.resource_pool.cdn.uri:
description: "URI for a CDN to used for resource pool downloads"
default: ""
cc.resource_pool.cdn.private_key:
description: "Private key for signing download URIs"
default: ""
cc.resource_pool.cdn.key_pair_id:
description: "Key pair name for signed download URIs"
default: ""
cc.packages.blobstore_type:
description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
default: "fog"
cc.packages.webdav_config.public_endpoint:
description: "The location of the webdav server eg: https://blobstore.com"
default: ""
cc.packages.webdav_config.private_endpoint:
description: "The location of the webdav server eg: https://blobstore.internal"
default: "https://blobstore.service.cf.internal"
cc.packages.webdav_config.username:
description: "The basic auth user that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.packages.webdav_config.password:
description: "The basic auth password that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.packages.webdav_config.ca_cert:
description: "The ca cert to use when communicating with webdav"
default: ""
cc.packages.app_package_directory_key:
description: "Directory (bucket) used store app packages. It does not have be pre-created."
default: "cc-packages"
cc.packages.max_package_size:
description: "Maximum size of application package"
default: 1073741824
cc.packages.fog_connection:
description: "Fog connection hash"
cc.packages.cdn.uri:
description: "URI for a CDN to used for app package downloads"
default: ""
cc.packages.cdn.private_key:
description: "Private key for signing download URIs"
default: ""
cc.packages.cdn.key_pair_id:
description: "Key pair name for signed download URIs"
default: ""
cc.droplets.blobstore_type:
description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
default: "fog"
cc.droplets.webdav_config.public_endpoint:
description: "The location of the webdav server eg: https://blobstore.com"
default: ""
cc.droplets.webdav_config.private_endpoint:
description: "The location of the webdav server eg: https://blobstore.internal"
default: "https://blobstore.service.cf.internal"
cc.droplets.webdav_config.username:
description: "The basic auth user that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.droplets.webdav_config.password:
description: "The basic auth password that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.droplets.webdav_config.ca_cert:
description: "The ca cert to use when communicating with webdav"
default: ""
cc.droplets.droplet_directory_key:
description: "Directory (bucket) used store droplets. It does not have be pre-created."
default: "cc-droplets"
cc.droplets.fog_connection:
description: "Fog connection hash"
cc.droplets.cdn.uri:
description: "URI for a CDN to used for droplet downloads"
default: ""
cc.droplets.cdn.private_key:
description: "Private key for signing download URIs"
default: ""
cc.droplets.cdn.key_pair_id:
description: "Key pair name for signed download URIs"
default: ""
cc.buildpacks.blobstore_type:
description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
default: "fog"
cc.buildpacks.webdav_config.public_endpoint:
description: "The location of the webdav server eg: https://blobstore.com"
default: ""
cc.buildpacks.webdav_config.private_endpoint:
description: "The location of the webdav server eg: https://blobstore.internal"
default: "https://blobstore.service.cf.internal"
cc.buildpacks.webdav_config.username:
description: "The basic auth user that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.buildpacks.webdav_config.password:
description: "The basic auth password that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.buildpacks.webdav_config.ca_cert:
description: "The ca cert to use when communicating with webdav"
default: ""
cc.buildpacks.buildpack_directory_key:
description: "Directory (bucket) used store buildpacks. It does not have be pre-created."
default: "cc-buildpacks"
cc.buildpacks.fog_connection:
description: "Fog connection hash"
cc.buildpacks.cdn.uri:
description: "URI for a CDN to used for buildpack downloads"
default: ""
cc.buildpacks.cdn.private_key:
description: "Private key for signing download URIs"
default: ""
cc.buildpacks.cdn.key_pair_id:
description: "Key pair name for signed download URIs"
default: ""
ccdb.databases:
description: "Contains the name of the database on the database server"
ccdb.roles:
description: "Users to create on the database when seeding"
ccdb.db_scheme:
description: "The type of database being used. mysql or postgres"
default: postgres
ccdb.address:
description: "The address of the database server"
ccdb.port:
description: "The port of the database server"
ccdb.max_connections:
default: 25
description: "Maximum connections for Sequel"
ccdb.pool_timeout:
default: 10
description: "The timeout for Sequel pooled connections"
uaa.cc.token_secret:
description: "Symmetric secret used to decode uaa tokens. Used for testing."
uaa.url:
description: "URL of the UAA server"
login.protocol:
description: "http or https"
default: "https"
login.url:
description: "URL of the login server"
hm9000.url:
description: "URL of the hm9000 server"
uaa.jwt.verification_key:
default: ""
description: "ssl cert defined in the manifest by the UAA, required by the cc to communicate with UAA"
login.enabled:
default: true
description: "whether use login as the authorization endpoint or not"
metron_endpoint.host:
description: "The host used to emit messages to the Metron agent"
default: "127.0.0.1"
metron_endpoint.port:
description: "The port used to emit messages to the Metron agent"
default: 3457
logger_endpoint.use_ssl:
description: "Whether to use ssl for logger endpoint listed at /v2/info"
default: true
logger_endpoint.port:
description: "Port for logger endpoint listed at /v2/info"
default: 443
cc.db_encryption_key:
default: ""
description: "key for encrypting sensitive values in the CC database"
cc.default_app_memory:
default: 1024
description: "How much memory given to an app if not specified"
cc.default_app_disk_in_mb:
default: 1024
description: "The default disk space an app gets"
cc.maximum_app_disk_in_mb:
default: 2048
description: "The maximum amount of disk a user can request"
cc.users_can_select_backend:
default: true
description: "Allow non-admin users to switch their apps between DEA and Diego backends"
cc.default_to_diego_backend:
default: false
description: "Use Diego backend by default for new apps"
cc.allow_app_ssh_access:
default: true
description: "Allow users to change the value of the app-level allow_ssh attribute"
cc.flapping_crash_count_threshold:
default: 3
description: "The threshold of crashes after which the app is marked as flapping"
cc.client_max_body_size:
default: "1536M"
description: "Maximum body size for nginx"
cc.disable_custom_buildpacks:
default: false
description: "Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)"
cc.broker_client_timeout_seconds:
default: 60
description: "For requests to service brokers, this is the HTTP (open and read) timeout setting."
cc.newrelic.license_key:
default: ~
description: "The api key for NewRelic"
cc.newrelic.environment_name:
default: "development"
description: "The environment name used by NewRelic"
cc.newrelic.developer_mode:
default: false
description: "Activate NewRelic developer mode"
cc.newrelic.monitor_mode:
default: false
description: "Activate NewRelic monitor mode"
cc.newrelic.log_file_path:
default: "/var/vcap/sys/log/cloud_controller_ng/newrelic"
description: "The location for NewRelic to log to"
cc.newrelic.capture_params:
default: false
description: "Capture and send query params to NewRelic"
cc.newrelic.transaction_tracer.enabled:
default: false
description: "Enable transaction tracing in NewRelic"
cc.newrelic.transaction_tracer.record_sql:
default: "off"
description: "NewRelic's SQL statement recording mode: [off | obfuscated | raw]"
dea_next.staging_memory_limit_mb:
description: "Memory limit in mb for staging tasks"
default: 1024
dea_next.staging_disk_limit_mb:
description: "Disk limit in mb for staging tasks"
default: 6144
cc.staging_file_descriptor_limit:
description: "File descriptor limit for staging tasks"
default: 16384
cc.renderer.max_results_per_page:
description: "Maximum number of results returned per page"
default: 100
cc.renderer.default_results_per_page:
description: "Default number of results returned per page if user does not specify"
default: 50
cc.renderer.max_inline_relations_depth:
description: "Maximum depth of inlined relationships in the result"
default: 2
cc.app_bits_upload_grace_period_in_seconds:
description: "Extra token expiry time while uploading big apps."
default: 1200
uaa.clients.cc_service_broker_client.secret:
description: "(DEPRECATED) - Used for generating SSO clients for service brokers."
uaa.clients.cc_service_broker_client.scope:
description: "(DEPRECATED) - Used to grant scope for SSO clients for service brokers"
default: "openid,cloud_controller_service_permissions.read"
uaa.clients.cc-service-dashboards.secret:
description: "Used for generating SSO clients for service brokers."
uaa.clients.cc-service-dashboards.scope:
description: "Used to grant scope for SSO clients for service brokers"
default: "openid,cloud_controller_service_permissions.read"
cc.install_buildpacks:
description: "Set of buildpacks to install during deploy"
cc.security_group_definitions:
description: "Array of security groups that will be seeded into CloudController."
cc.default_running_security_groups:
description: "The default running security groups that will be seeded in CloudController."
cc.default_staging_security_groups:
description: "The default staging security groups that will be seeded in CloudController."
cc.thresholds.api.alert_if_above_mb:
description: "The cc will alert if memory remains above this threshold for 3 monit cycles"
default: 3500
cc.thresholds.api.restart_if_consistently_above_mb:
description: "The cc will restart if memory remains above this threshold for 15 monit cycles"
default: 3500
cc.thresholds.api.restart_if_above_mb:
description: "The cc will restart if memory remains above this threshold for 3 monit cycles"
default: 3750
cc.instance_file_descriptor_limit:
description: "The file descriptors made available to each app instance"
default: 16384
cc.reserved_private_domains:
description: "File location of a list of reserved private domains (for file format, see https://publicsuffix.org/)"
default: ~