cloud_controller_ng job from cf/243
The Cloud Controller provides primary Cloud Foundry API that is by the CF CLI. The Cloud Controller uses a database to keep tables for organizations, spaces, apps, services, service instances, user roles, and more. Typically multiple instances of Cloud Controller are load balanced.
              Github source:
              ee7d0088 or
              master branch
            
Properties¶
app_domains¶
  
    
      Array of domains for user apps (example: ‘user.app.space.foo’, a user app called ‘neat’ will listen at ‘http://neat.user.app.space.foo')
- Example
- 
            
            |+ - name: example.com - name: tcp.example.com router_group_name: default-tcp
app_ssh¶
  
  
    
host_key_fingerprint¶MD5 fingerprint of the host key of the SSH proxy that brokers connections to application instances
oauth_client_id¶The oauth client ID of the SSH proxy
- Default
ssh-proxy
port¶External port for SSH access to application instances
- Default
2222
build¶
  
    
      ‘build’ attribute in the /v2/info endpoint
- Default
- "" 
cc¶
  
  
    
allow_app_ssh_access¶Allow users to change the value of the app-level allow_ssh attribute
- Default
true
allowed_cors_domains¶List of domains (including scheme) from which Cross-Origin requests will be accepted, a * can be used as a wildcard for any part of a domain
- Default
[]
app_bits_max_body_size¶Maximum body size for nginx bits uploads
- Default
1536M
app_bits_upload_grace_period_in_seconds¶Extra token expiry time while uploading big apps.
- Default
1200
app_events¶
cutoff_age_in_days¶How old an app event should stay in cloud controller database before being cleaned up
- Default
31
app_usage_events¶
cutoff_age_in_days¶How old an app usage event should stay in cloud controller database before being cleaned up
- Default
31
audit_events¶
cutoff_age_in_days¶How old an audit event should stay in cloud controller database before being cleaned up
- Default
31
bits_service¶
enabled¶Enable integration of the bits-service incubator (experimental)
- Default
false
private_endpoint¶Private url for the bits-service service
- Default
""
public_endpoint¶Public url for the bits-service service
- Default
""
broker_client_default_async_poll_interval_seconds¶Specifies interval on which the CC will poll a service broker for asynchronous actions. If the service broker provides a value, this value is the minimum accepted value the broker can provide.
- Default
60
broker_client_max_async_poll_duration_minutes¶The max duration the CC will fetch service instance state from a service broker (in minutes). Default is 1 week
- Default
10080
broker_client_timeout_seconds¶For requests to service brokers, this is the HTTP (open and read) timeout setting.
- Default
60
buildpacks¶
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
buildpack_directory_key¶Directory (bucket) used store buildpacks. It does not have be pre-created.
- Default
cc-buildpacks
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
""
private_key¶Private key for signing download URIs
- Default
""
uri¶URI for a CDN to used for buildpack downloads
- Default
""
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.
- Default
{}
fog_connection¶Fog connection hash
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert¶The ca cert to use when communicating with webdav
- Default
""
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
""
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
bulk_api_password¶Password used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS
bulk_api_user¶User used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS
- Default
bulk_api
cc_partition¶Deprecated. Defines a ‘partition’ for the health_manager job
- Default
default
client_max_body_size¶Maximum body size for nginx
- Default
15M
completed_tasks¶
cutoff_age_in_days¶How long a completed task will stay in cloud controller database before being cleaned up based on last updated time with success or failure.
- Default
31
core_file_pattern¶Filename template for core dump files. Use an empty string if you don’t want core files saved.
- Default
/var/vcap/sys/cores/core-%e-%s-%p-%t
db_encryption_key¶key for encrypting sensitive values in the CC database
- Default
""
db_logging_level¶Log level for cc database operations
- Default
debug2
dea_use_https¶enable ssl for communication with DEAs
- Default
false
default_app_disk_in_mb¶The default disk space an app gets
- Default
1024
default_app_memory¶How much memory given to an app if not specified
- Default
1024
default_health_check_timeout¶Default health check timeout (in seconds) that can be set for the app
- Default
60
default_quota_definition¶The name of the quota definition CC will fallback on for org and space limits from the list of quota definitions.
- Default
default
default_running_security_groups¶The default running security groups that will be seeded in CloudController.
default_stack¶The default stack to use if no custom stack is specified by an app.
- Default
cflinuxfs2
default_staging_security_groups¶The default staging security groups that will be seeded in CloudController.
default_to_diego_backend¶Use Diego backend by default for new apps
- Default
false
development_mode¶Enable development features for monitoring and insight
- Default
false
diego¶
nsync_url¶URL of the Diego nsync service
- Default
http://nsync.service.cf.internal:8787
stager_url¶URL of the Diego stager service
- Default
http://stager.service.cf.internal:8888
tps_url¶URL of the Diego tps service
- Default
http://tps.service.cf.internal:1518
directories¶
diagnostics¶The directory where operator requested diagnostic files should be placed
- Default
/var/vcap/data/cloud_controller_ng/diagnostics
tmpdir¶The directory to use for temporary files
- Default
/var/vcap/data/cloud_controller_ng/tmp
disable_custom_buildpacks¶Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)
- Default
false
droplets¶
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
""
private_key¶Private key for signing download URIs
- Default
""
uri¶URI for a CDN to used for droplet downloads
- Default
""
droplet_directory_key¶Directory (bucket) used store droplets. It does not have be pre-created.
- Default
cc-droplets
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.
- Default
{}
fog_connection¶Fog connection hash
max_staged_droplets_stored¶Number of recent, staged droplets stored per app (not including current droplet)
- Default
5
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert¶The ca cert to use when communicating with webdav
- Default
""
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
""
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
external_host¶Host part of the cloud_controller api URI, will be joined with value of ‘domain’
- Default
api
external_port¶External Cloud Controller port
- Default
9022
external_protocol¶The protocol used to access the CC API from an external entity
- Default
https
failed_jobs¶
cutoff_age_in_days¶How old a failed job should stay in cloud controller database before being cleaned up
- Default
31
feature_disabled_message¶Custom message to use for a disabled feature.
flapping_crash_count_threshold¶The threshold of crashes after which the app is marked as flapping
- Default
3
info¶
custom¶Custom attribute keys and values for /v2/info endpoint
install_buildpacks¶Set of buildpacks to install during deploy
instance_file_descriptor_limit¶The file descriptors made available to each app instance
- Default
16384
internal_api_password¶Password used by Diego to access internal endpoints
internal_api_user¶User name used by Diego to access internal endpoints
- Default
internal_user
internal_service_hostname¶Internal hostname used to resolve the address of the Cloud Controller
- Default
cloud-controller-ng.service.cf.internal
jobs¶
app_bits_packer¶
timeout_in_seconds¶The longest this job can take before it is cancelled
app_events_cleanup¶
timeout_in_seconds¶The longest this job can take before it is cancelled
app_usage_events_cleanup¶
timeout_in_seconds¶The longest this job can take before it is cancelled
blobstore_delete¶
timeout_in_seconds¶The longest this job can take before it is cancelled
blobstore_upload¶
timeout_in_seconds¶The longest this job can take before it is cancelled
droplet_deletion¶
timeout_in_seconds¶The longest this job can take before it is cancelled
droplet_upload¶
timeout_in_seconds¶The longest this job can take before it is cancelled
global¶
timeout_in_seconds¶The longest any job can take before it is cancelled unless overriden per job
- Default
14400
local¶
number_of_workers¶Number of local cloud_controller_worker workers
- Default
2
logging_level¶Log level for cc
- Default
info
logging_max_retries¶Passthru value for Steno logger
- Default
1
maximum_app_disk_in_mb¶The maximum amount of disk a user can request
- Default
2048
maximum_health_check_timeout¶Maximum health check timeout (in seconds) that can be set for the app
- Default
180
min_cli_version¶Minimum version of the CF CLI to work with the API.
min_recommended_cli_version¶Minimum recommended version of the CF CLI.
minimum_candidate_stagers¶Minimum number of candidate deas for staging. Defaults to 5, should be fewer than the total DEAs in the deployment.
- Default
5
newrelic¶
capture_params¶Capture and send query params to NewRelic
- Default
false
developer_mode¶Activate NewRelic developer mode
- Default
false
environment_name¶The environment name used by NewRelic
- Default
development
license_key¶The api key for NewRelic
log_file_path¶The location for NewRelic to log to
- Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode¶Activate NewRelic monitor mode
- Default
false
transaction_tracer¶
enabled¶Enable transaction tracing in NewRelic
- Default
false
record_sql¶NewRelic’s SQL statement recording mode: [off | obfuscated | raw]
- Default
"off"
nginx_access_log_destination¶The nginx access log destination. This can be used to route access logs to a file, syslog, or a memory buffer.
- Default
/var/vcap/sys/log/nginx_cc/nginx.access.log
nginx_access_log_format¶The nginx log format string to use when writing to the access log.
- Default
|+ $host - [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" $proxy_add_x_forwarded_for vcap_request_id:$upstream_http_x_vcap_request_id response_time:$upstream_response_time
nginx_error_log_destination¶The nginx error log destination. This can be used to route error logs to a file, syslog, or a memory buffer.
- Default
/var/vcap/sys/log/nginx_cc/nginx.error.log
nginx_error_log_level¶The lowest severity nginx log level to capture in the error log.
- Default
error
nginx_rate_limit_general¶The rate limiting and burst value to use for ‘/’
- Example
|+ limit: 100r/s burst: 500
nginx_rate_limit_zones¶Array of zones to do rate limiting for.
- Example
|+ - name: apps location: /v2/apps limit: 10r/s burst: 50 - name: spaces location: ~ ^/v2/spaces/(.*) limit: 10r/s burst: 100
packages¶
app_package_directory_key¶Directory (bucket) used store app packages. It does not have be pre-created.
- Default
cc-packages
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
""
private_key¶Private key for signing download URIs
- Default
""
uri¶URI for a CDN to used for app package downloads
- Default
""
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.
- Default
{}
fog_connection¶Fog connection hash
max_package_size¶Maximum size of application package
- Default
1.073741824e+09
max_valid_packages_stored¶Number of recent, valid packages stored per app (not including package for current droplet)
- Default
5
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert¶The ca cert to use when communicating with webdav
- Default
""
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
""
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
placement_top_stager_percentage¶The percentage of top stagers considered when choosing a stager
- Default
10
quota_definitions¶Hash of default quota definitions to be seeded. This property can be used to add quotas with subsequent deploys, but not to update existing ones.
- Example
|+ - example-quota: memory_limit: 10240 non_basic_services_allowed: true total_routes: 1000 total_service_keys: 1000 total_services: 100 total_reserved_route_ports: 10
renderer¶
default_results_per_page¶Default number of results returned per page if user does not specify
- Default
50
max_inline_relations_depth¶Maximum depth of inlined relationships in the result
- Default
2
max_results_per_page¶Maximum number of results returned per page
- Default
100
reserved_private_domains¶File location of a list of reserved private domains (for file format, see https://publicsuffix.org/)
resource_pool¶
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
""
private_key¶Private key for signing download URIs
- Default
""
uri¶URI for a CDN to used for resource pool downloads
- Default
""
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.
- Default
{}
fog_connection¶Fog connection hash
maximum_size¶Maximum size of a resource to add to the pool
- Default
5.36870912e+08
minimum_size¶Minimum size of a resource to add to the pool
- Default
65536
resource_directory_key¶Directory (bucket) used store app resources. It does not have be pre-created.
- Default
cc-resources
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert¶The ca cert to use when communicating with webdav
- Default
""
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
""
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
run_prestart_migrations¶Run Cloud Controller DB migrations in BOSH pre-start script. Should be changed to false for deployments where the PostgreSQL job is deployed to the same VM as Cloud Controller. Otherwise, the default of true is preferable.
- Default
true
security_event_logging¶
enabled¶Enable logging of all requests made to the Cloud Controller in CEF format.
- Default
false
security_group_definitions¶Array of security groups that will be seeded into CloudController.
service_usage_events¶
cutoff_age_in_days¶How old a service usage event should stay in cloud controller database before being cleaned up
- Default
31
stacks¶Tag used by the DEA to describe capabilities (i.e. ‘Windows7’, ‘python-linux’). DEA and CC must agree.
- Default
- description: Cloud Foundry Linux-based filesystem name: cflinuxfs2
staging_file_descriptor_limit¶File descriptor limit for staging tasks
- Default
16384
staging_timeout_in_seconds¶Timeout for staging a droplet
- Default
900
staging_upload_password¶User’s password used to access internal endpoints of Cloud Controller to upload files when staging
- Default
""
staging_upload_user¶User name used to access internal endpoints of Cloud Controller to upload files when staging
- Default
""
statsd_host¶The host for the statsd server, defaults to the local metron agent
- Default
127.0.0.1
statsd_port¶The port for the statsd server, defaults to the local metron agent
- Default
8125
system_hostnames¶List of hostnames for which routes cannot be created on the system domain.
- Default
- api - uaa - login - doppler - loggregator - hm9000
thresholds¶
api¶
alert_if_above_mb¶The cc will alert if memory remains above this threshold for 3 monit cycles
- Default
3500
restart_if_above_mb¶The cc will restart if memory remains above this threshold for 3 monit cycles
- Default
3750
restart_if_consistently_above_mb¶The cc will restart if memory remains above this threshold for 15 monit cycles
- Default
3500
uaa_resource_id¶Name of service to register to UAA
- Default
cloud_controller,cloud_controller_service_permissions
users_can_select_backend¶Allow non-admin users to switch their apps between DEA and Diego backends
- Default
true
volume_services_enabled¶Enable binding to services that provide volume_mount information.
- Default
false
ccdb¶
  
  
    
address¶The address of the database server
databases¶Contains the name of the database on the database server
db_scheme¶The type of database being used. mysql or postgres
- Default
postgres
max_connections¶Maximum connections for Sequel
- Default
25
pool_timeout¶The timeout for Sequel pooled connections
- Default
10
port¶The port of the database server
roles¶Users to create on the database when seeding
dea_next¶
  
  
    
advertise_interval_in_seconds¶Advertise interval for DEAs
- Default
5
ca_cert¶PEM-encoded CA certificate
client_cert¶PEM-encoded server certificate
client_key¶PEM-encoded server key
staging_disk_limit_mb¶Disk limit in mb for staging tasks
- Default
6144
staging_memory_limit_mb¶Memory limit in mb for staging tasks
- Default
1024
description¶
  
    
      ‘description’ attribute in the /v2/info endpoint
- Default
- "" 
domain¶
  
    
      Deprecated in favor of system_domain. Domain where cloud_controller will listen (api.domain)
doppler¶
  
  
    
enabled¶Whether to expose the doppler_logging_endpoint listed at /v2/info
- Default
true
port¶Port for doppler_logging_endpoint listed at /v2/info
- Default
443
use_ssl¶Whether to use ssl for the doppler_logging_endpoint listed at /v2/info
- Default
true
hm9000¶
  
  
    
port¶Port of the hm9000 Api Server
- Default
5155
url¶URL of the hm9000 server
logger_endpoint¶
  
  
    
port¶Port for logger endpoint listed at /v2/info
- Default
443
use_ssl¶Whether to use ssl for logger endpoint listed at /v2/info
- Default
true
login¶
  
  
    
enabled¶whether use login as the authorization endpoint or not
- Default
true
protocol¶http or https
- Default
https
url¶URL of the login server
metron_endpoint¶
  
  
    
host¶The host used to emit messages to the Metron agent
- Default
127.0.0.1
port¶The port used to emit messages to the Metron agent
- Default
3457
name¶
  
    
      ‘name’ attribute in the /v2/info endpoint
- Default
- "" 
nats¶
  
  
    
machines¶IP of each NATS cluster member.
password¶Password for cc client to connect to NATS
port¶IP port of Cloud Foundry NATS server
user¶Username for cc client to connect to NATS
nfs_server¶
  
  
    
address¶NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)
share_path¶The location at which to mount the nfs share
- Default
/var/vcap/nfs
request_timeout_in_seconds¶
  
    
      Timeout for requests in seconds.
- Default
- 900 
router¶
  
  
    
route_services_secret¶Support for route services is disabled when no value is configured.
- Default
""
routing_api¶
  
  
    
enabled¶Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API
- Default
false
ssl¶
  
  
    
skip_cert_verify¶specifies that the job is allowed to skip ssl cert verification
- Default
false
support_address¶
  
    
      ‘support’ attribute in the /v2/info endpoint
- Default
- "" 
system_domain¶
  
    
      Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen
system_domain_organization¶
  
    
      An organization that will be created as part of the seeding process. When the system_domain is not shared with (in the list of) app_domains, this is required as the system_domain will be created as a PrivateDomain in this organization.
- Default
- "" 
uaa¶
  
  
    
cc¶
token_secret¶Symmetric secret used to decode uaa tokens. Used for testing.
clients¶
cc-service-dashboards¶
scope¶Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret¶Used for generating SSO clients for service brokers.
cc_routing¶
secret¶Used for fetching routing information from the Routing API
cc_service_broker_client¶
scope¶(DEPRECATED) - Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret¶(DEPRECATED) - Used for generating SSO clients for service brokers.
cloud_controller_username_lookup¶
secret¶Used for fetching usernames from UAA.
jwt¶
verification_key¶ssl cert defined in the manifest by the UAA, required by the cc to communicate with UAA
- Default
""
url¶URL of the UAA server
version¶
  
    
      ‘version’ attribute in the /v2/info endpoint
- Default
- 0 
Templates¶
            Templates are rendered and placed onto corresponding
            instances during the deployment process. This job's templates
            will be placed into /var/vcap/jobs/cloud_controller_ng/ directory
            (learn more).
          
- bin/blobstore_waiter.sh(from- blobstore_waiter.sh.erb)
- bin/cloud_controller_ng_ctl(from- cloud_controller_api_ctl.erb)
- bin/cloud_controller_worker_ctl(from- cloud_controller_api_worker_ctl.erb)
- bin/console(from- console.erb)
- bin/dns_health_check(from- dns_health_check.erb)
- bin/drain(from- drain.rb)
- bin/handle_local_blobstore.sh(from- handle_local_blobstore.sh.erb)
- bin/migrate_db(from- migrate_db.sh.erb)
- bin/nginx_ctl(from- nginx_ctl.erb)
- bin/nginx_newrelic_plugin_ctl(from- nginx_newrelic_plugin_ctl.erb)
- bin/post-start(from- post-start.sh.erb)
- bin/pre-start(from- pre-start.sh.erb)
- bin/restart_drain(from- restart_drain.rb)
- bin/ruby_version.sh(from- ruby_version.sh.erb)
- bin/seed_db(from- seed_db.sh.erb)
- config/certs/buildpacks_ca_cert.pem(from- buildpacks_ca_cert.pem.erb)
- config/certs/dea_ca.crt(from- dea_ca.crt.erb)
- config/certs/dea_client.crt(from- dea_client.crt.erb)
- config/certs/dea_client.key(from- dea_client.key.erb)
- config/certs/droplets_ca_cert.pem(from- droplets_ca_cert.pem.erb)
- config/certs/packages_ca_cert.pem(from- packages_ca_cert.pem.erb)
- config/certs/resource_pool_ca_cert.pem(from- resource_pool_ca_cert.pem.erb)
- config/cloud_controller_ng.yml(from- cloud_controller_api.yml.erb)
- config/mime.types(from- mime.types)
- config/newrelic.yml(from- newrelic.yml.erb)
- config/newrelic_plugin.yml(from- newrelic_plugin.yml.erb)
- config/nginx.conf(from- nginx.conf.erb)
- config/stacks.yml(from- stacks.yml.erb)
Packages¶
            Packages are compiled and placed onto corresponding
            instances during the deployment process. Packages will be
            placed into /var/vcap/packages/ directory.