Skip to content

cloud_controller_clock job from capi/1.151.0

The Cloud Controller Clock runs the Diego Sync job to keep the actual state of running processes in Diego in sync with Cloud Controller's desired state. Additionally, the Clock schedules periodic clean up jobs to prune app usage events, audit events, failed jobs, and more.

Github source: 4ffaf3d1 or master branch

Properties

cc

allow_app_ssh_access

Allow users to change the value of the app-level allow_ssh attribute

Default
true

app_usage_events

cutoff_age_in_days

How old an app usage event should stay in cloud controller database before being cleaned up

Default
31

audit_events

cutoff_age_in_days

The age at which audit events are pruned from the Cloud Controller database

Default
31

buildpacks

blobstore_type

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]

Default
fog
buildpack_directory_key

Directory (bucket) used store buildpacks. It does not have be pre-created.

Default
cc-buildpacks
cdn
key_pair_id

Key pair name for signed download URIs

Default
""
private_key

Private key for signing download URIs

Default
""
uri

URI for a CDN to used for buildpack downloads

Default
""
fog_aws_storage_options

Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].

fog_connection

Fog connection hash

webdav_config
blobstore_timeout

The timeout in seconds for requests to the blobstore

Default
5
ca_cert

The ca cert to use when communicating with webdav

Default
""
password

The basic auth password that CC uses to connect to the admin endpoint on webdav

Default
""
private_endpoint

The location of the webdav server eg: https://blobstore.internal

Default
https://blobstore.service.cf.internal:4443
public_endpoint

The location of the webdav server eg: https://blobstore.com

Default
""
username

The basic auth user that CC uses to connect to the admin endpoint on webdav

Default
""

completed_tasks

cutoff_age_in_days

The age at which completed tasks are pruned from the Cloud Controller database

Default
31

credential_references

interpolate_service_bindings

Controls whether CredHub credentials are automatically interpolated in VCAP_SERVICES

Default
true

database_encryption

current_key_label

current key label for encrypting values in the CC database

Default
""
keys

label-key pairs for encrypting sensitive values in the CC database; labels must be < 256 characters long

Default
{}

db_encryption_key

key for encrypting sensitive values in the CC database

Default
""

db_logging_level

Level at which cc database operations will be logged if cc.log_db_queries is set to true.

Default
debug2

default_app_disk_in_mb

The default disk space an app gets

Default
1024

default_app_log_rate_limit_in_bytes_per_second

Default application log rate limit

Default
-1

default_app_memory

How much memory given to an app if not specified

Default
1024

default_app_ssh_access

When ssh is allowed and not explicitly set in the application, new applications will start with ssh service enabled

Default
true

default_health_check_timeout

Default health check timeout (in seconds) that can be set for the app

Default
60

diego

bbs
connect_timeout

Connect timeout (in seconds) when talking to BBS Server

Default
10
receive_timeout

Receive timeout (in seconds) when talking to BBS Server

Default
10
send_timeout

Send timeout (in seconds) when talking to BBS Server

Default
10
url

URL of the BBS Server

Default
https://bbs.service.cf.internal:8889
cc_uploader_url

URL of cc uploader

Default
http://cc-uploader.service.cf.internal:9090
droplet_destinations

List of destination directories for different stacks

Default
  cflinuxfs3: /home/vcap
  cflinuxfs4: /home/vcap
  windows: /Users/vcap
  windows2012R2: /
  windows2016: /Users/vcap
enable_declarative_asset_downloads

Enable specifying task and app asset downloads as declarative resources

Default
false
file_server_url

URL of file server

Default
http://file-server.service.cf.internal:8080
lifecycle_bundles

List of lifecycle bundles arguments for different stacks

Default
  buildpack/cflinuxfs3: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz
  buildpack/cflinuxfs4: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz
  buildpack/windows: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz
  buildpack/windows2012R2: windows_app_lifecycle/windows_app_lifecycle.tgz
  buildpack/windows2016: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz
  docker: docker_app_lifecycle/docker_app_lifecycle.tgz
pid_limit

Maximum pid limit for containerized work running user-provided code

Default
1024
temporary_oci_buildpack_mode

Temporary flag to enable OCI buildpack flow. Valid values: ‘oci-phase-1’

use_privileged_containers_for_running

Whether or not to use privileged containers for running buildpack apps and tasks.

Default
false
use_privileged_containers_for_staging

Whether or not to use privileged containers for staging tasks.

Default
false

diego_sync

frequency_in_seconds

How often to synchronize CC’s database with Diego’s

Default
30

droplets

blobstore_type

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]

Default
fog
cdn
key_pair_id

Key pair name for signed download URIs

Default
""
private_key

Private key for signing download URIs

Default
""
uri

URI for a CDN to used for droplet downloads

Default
""
droplet_directory_key

Directory (bucket) used store droplets. It does not have be pre-created.

Default
cc-droplets
fog_aws_storage_options

Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].

fog_connection

Fog connection hash

webdav_config
blobstore_timeout

The timeout in seconds for requests to the blobstore

Default
5
ca_cert

The ca cert to use when communicating with webdav

Default
""
password

The basic auth password that CC uses to connect to the admin endpoint on webdav

Default
""
private_endpoint

The location of the webdav server eg: https://blobstore.internal

Default
https://blobstore.service.cf.internal:4443
public_endpoint

The location of the webdav server eg: https://blobstore.com

Default
""
username

The basic auth user that CC uses to connect to the admin endpoint on webdav

Default
""

external_host

Host part of the cloud_controller api URI, will be joined with value of ‘domain’

Default
api

external_port

External Cloud Controller port

Default
9022

external_protocol

The protocol used to access the CC API from an external entity

Default
https

failed_jobs

cutoff_age_in_days

How old a failed job should stay in cloud controller database before being cleaned up

Default
31

instance_file_descriptor_limit

The file descriptors made available to each app instance

Default
16384

internal_service_hostname

Internal hostname used to resolve the address of the Cloud Controller

Default
cloud-controller-ng.service.cf.internal

jobs

app_usage_events_cleanup
timeout_in_seconds

The longest this job can take before it is cancelled

blobstore_delete
timeout_in_seconds

The longest this job can take before it is cancelled

diego_sync
timeout_in_seconds

The longest the diego sync job can take before another is enqueued

Default
600
global
timeout_in_seconds

The longest any job can take before it is cancelled unless overriden per job

Default
14400
priorities

List of hashes containing delayed jobs ‘display_name’ and its desired priority. This will overwrite the default priority of ccng

log_audit_events

Log audit events

Default
false

log_db_queries

Log database queries. WARNING: Setting this to true with cc.db_logging_level >= cc.logging_level will log all field values, including encrypted secrets.

Default
false

logging_level

Log level for cc. Valid levels are listed here: https://github.com/cloudfoundry/steno#log-levels.

Default
info

logging_max_retries

Passthru value for Steno logger

Default
1

max_retained_builds_per_app

The number of inactive builds to keep for each app

Default
100

max_retained_deployments_per_app

The number of inactive deployments to keep for each app

Default
100

max_retained_revisions_per_app

The number of associated revisions to keep for each app

Default
100

maximum_app_disk_in_mb

The maximum amount of disk a user can request

Default
2048

mutual_tls

ca_cert

PEM-encoded CA certificate for secure, mutually authenticated TLS communication

private_key

PEM-encoded key for secure, mutually authenticated TLS communication

public_cert

PEM-encoded certificate for secure, mutually authenticated TLS communication

newrelic

capture_params

Capture and send query params to NewRelic

Default
false
developer_mode

Activate NewRelic developer mode

Default
false
environment_name

The environment name used by NewRelic

Default
development
license_key

The api key for NewRelic

log_file_path

The location for NewRelic to log to

Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode

Activate NewRelic monitor mode

Default
false
transaction_tracer
enabled

Enable transaction tracing in NewRelic

Default
false
record_sql

NewRelic’s SQL statement recording mode: [off | obfuscated | raw]

Default
"off"

packages

app_package_directory_key

Directory (bucket) used store app packages. It does not have be pre-created.

Default
cc-packages
blobstore_type

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]

Default
fog
cdn
key_pair_id

Key pair name for signed download URIs

Default
""
private_key

Private key for signing download URIs

Default
""
uri

URI for a CDN to used for app package downloads

Default
""
fog_aws_storage_options

Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].

fog_connection

Fog connection hash

max_package_size

Maximum size of application package

Default
1.073741824e+09
webdav_config
blobstore_timeout

The timeout in seconds for requests to the blobstore

Default
5
ca_cert

The ca cert to use when communicating with webdav

Default
""
password

The basic auth password that CC uses to connect to the admin endpoint on webdav

Default
""
private_endpoint

The location of the webdav server eg: https://blobstore.internal

Default
https://blobstore.service.cf.internal:4443
public_endpoint

The location of the webdav server eg: https://blobstore.com

Default
""
username

The basic auth user that CC uses to connect to the admin endpoint on webdav

Default
""

pending_builds

frequency_in_seconds

How often the pending builds cleanup job runs

Default
300

pending_droplets

frequency_in_seconds

How often the pending droplets cleanup job runs

Default
300

readiness_port

clock

Readiness port used in k8s to check that db migrations are complete before component update

Default
-1

resource_pool

blobstore_type

The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]

Default
fog
cdn
key_pair_id

Key pair name for signed download URIs

Default
""
private_key

Private key for signing download URIs

Default
""
uri

URI for a CDN to used for resource pool downloads

Default
""
fog_aws_storage_options

Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].

fog_connection

Fog connection hash

maximum_size

Maximum size of a resource to add to the pool

Default
5.36870912e+08
minimum_size

Minimum size of a resource to add to the pool

Default
65536
resource_directory_key

Directory (bucket) used store app resources. It does not have be pre-created.

Default
cc-resources
webdav_config
blobstore_timeout

The timeout in seconds for requests to the blobstore

Default
5
ca_cert

The ca cert to use when communicating with webdav

Default
""
password

The basic auth password that CC uses to connect to the admin endpoint on webdav

Default
""
private_endpoint

The location of the webdav server eg: https://blobstore.internal

Default
https://blobstore.service.cf.internal:4443
public_endpoint

The location of the webdav server eg: https://blobstore.com

Default
""
username

The basic auth user that CC uses to connect to the admin endpoint on webdav

Default
""

service_usage_events

cutoff_age_in_days

How old a service usage event should stay in cloud controller database before being cleaned up

Default
31

staging_timeout_in_seconds

Timeout for staging a droplet

Default
900

staging_upload_password

User’s password used to access internal endpoints of Cloud Controller to upload files when staging

staging_upload_user

User name used to access internal endpoints of Cloud Controller to upload files when staging

thresholds

api
alert_if_above_mb

The cc will alert if memory remains above this threshold for 3 monit cycles

Default
3500
restart_if_above_mb

The cc will restart if memory remains above this threshold for 3 monit cycles

Default
3750
restart_if_consistently_above_mb

The cc will restart if memory remains above this threshold for 15 monit cycles

Default
3500

tls_port

External Cloud Controller port

Default
9023

uaa

internal_url

The internal URL used by UAA

Default
uaa.service.cf.internal

ccdb

address

The address of the database server

ca_cert

The ca cert to use when communicating with the database over SSL

connection_expiration_random_delay

The random delay in seconds to the expiration timeout (to prevent all connections being recreated simultaneously), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details

connection_expiration_timeout

The period in seconds after which connections are expired (omit to never expire connections), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details

connection_validation_timeout

The period in seconds after which idle connections are validated, passed directly to the Sequel gem - see http://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_validator_rb.html for details. Note that setting this to -1 results in an additional query whenever connections are checked out from the pool, which can have performance implications

Default
3600

databases

Contains the name of the database on the database server

db_scheme

The type of database being used. mysql or postgres

Default
postgres

max_connections

Maximum connections for Sequel

Default
25

max_migration_duration_in_minutes

the maximum time migrations should be allowed to run before job startup should error

Default
20160

pool_timeout

The timeout for Sequel pooled connections

Default
10

port

The port of the database server

read_timeout

The read timeout in seconds for query responses, passed directly to the Sequel gem - see https://github.com/jeremyevans/sequel/blob/master/doc/opening_databases.rdoc for details

Default
3600

roles

Users to create on the database when seeding

ssl_verify_hostname

Verify that the database SSL certificate matches the host to which the connection is attempted

Default
true

credhub_api

ca_cert

The certificate authority being used by CredHub

hostname

Hostname used to resolve the address of CredHub

Default
credhub.service.cf.internal

metron_endpoint

host

The host used to emit messages to the Metron agent

Default
127.0.0.1

port

The port used to emit messages to the Metron agent

Default
3457

release_level_backup

Include cloud_controller jobs in backup and restore operations

Default
true

routing_api

enabled

Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API

Default
false

ssl

skip_cert_verify

specifies that the job is allowed to skip ssl cert verification

Default
false

system_domain

Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen

uaa

ca_cert

The certificate authority being used by UAA

clients

cc-service-dashboards
scope

Used to grant scope for SSO clients for service brokers

Default
openid,cloud_controller_service_permissions.read
secret

Used for generating SSO clients for service brokers.

cc_routing
secret

Used for fetching routing information from the Routing API

cc_service_broker_client
scope

(DEPRECATED) - Used to grant scope for SSO clients for service brokers

Default
openid,cloud_controller_service_permissions.read
secret

(DEPRECATED) - Used for generating SSO clients for service brokers.

port

The port used by UAA for non-ssl connections

ssl

port

The port used by UAA for ssl connections

Default
8443

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/cloud_controller_clock/ directory (learn more).

  • bin/bbr/post-backup-unlock (from post-backup-unlock.sh.erb)
  • bin/bbr/post-restore-unlock (from post-restore-unlock.sh.erb)
  • bin/bbr/pre-backup-lock (from pre-backup-lock.sh.erb)
  • bin/bbr/pre-restore-lock (from pre-restore-lock.sh.erb)
  • bin/cloud_controller_clock (from bin/cloud_controller_clock.erb)
  • bin/console (from console.erb)
  • bin/drain (from drain.sh.erb)
  • bin/post-start (from post-start.sh.erb)
  • bin/pre-start (from pre-start.sh.erb)
  • bin/ruby_version.sh (from ruby_version.sh.erb)
  • config/bpm.yml (from bpm.yml.erb)
  • config/certs/credhub_ca.crt (from credhub_ca.crt.erb)
  • config/certs/db_ca.crt (from db_ca.crt.erb)
  • config/certs/mutual_tls.crt (from mutual_tls.crt.erb)
  • config/certs/mutual_tls.key (from mutual_tls.key.erb)
  • config/certs/mutual_tls_ca.crt (from mutual_tls_ca.crt.erb)
  • config/certs/opi_tls.crt (from opi_tls.crt.erb)
  • config/certs/opi_tls.key (from opi_tls.key.erb)
  • config/certs/opi_tls_ca.crt (from opi_tls_ca.crt.erb)
  • config/certs/uaa_ca.crt (from uaa_ca.crt.erb)
  • config/cloud_controller_ng.yml (from cloud_controller_ng.yml.erb)
  • config/newrelic.yml (from newrelic.yml.erb)
  • config/stacks.yml (from stacks.yml.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.