cloud_controller_worker job from capi/1.217.0
Cloud Controller worker processes background tasks submitted via the.
Github source:
e228eeb9 or
master branch
Properties¶
cc¶
additional_allowed_process_users¶Allow-list of users that a Process/Task may use in addition to ‘vcap’. The ‘vcap’ user is always permitted.
- Default
allow_app_ssh_access¶Allow users to change the value of the app-level allow_ssh attribute
- Default
allow_docker_root_user¶Whether to allow the use of the ‘root’ and ‘0’ user for a Process/Task of a docker lifecycle App.
- Default
broker_client_async_poll_exponential_backoff_rate¶Exponential backoff for service related polling jobs. Default is 1.0, which means there is no exponential backoff.
- Default
broker_client_default_async_poll_interval_seconds¶Specifies interval on which the CC will poll a service broker for asynchronous actions
- Default
broker_client_max_async_poll_duration_minutes¶The max duration the CC will fetch service instance state from a service broker. Default is 1 week
- Default
broker_client_max_async_poll_interval_seconds¶Maximum polling interval for service related polling jobs. If the retry-after header or the calculated next polling interval exceeds this value, CC will use this value instead. Default is 24 hours.
- Default
broker_client_response_parser¶
log_errors¶Log errors happening when parsing service broker responses.
- Default
log_response_fields¶Specify service broker response fields to be logged. This configuration is a hash, where the key indicates the request type and the value is a list of fields in the response JSON that should be logged. The following request types exist: catalog, provision, update, deprovision, bind, unbind, fetch_service_instance_last_operation, fetch_service_binding_last_operation, fetch_service_instance, fetch_service_binding. The corresponding response fields can be taken from the Open Service Broker API Specification.
- Default
{}
log_validators¶Log the stack of validators used to process the service broker response, e.g. for a 202 response to a ‘provision’ request, the following is logged: [“CommonErrorValidator”, “JsonSchemaValidator[provision_response_schema]“, “SuccessValidator[in progress]“]
- Default
broker_client_timeout_seconds¶For requests to service brokers, this is the HTTP (open and read) timeout setting.
- Default
buildpacks¶
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
buildpack_directory_key¶Directory (bucket) used store buildpacks. It does not have be pre-created.
- Default
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
private_key¶Private key for signing download URIs
- Default
uri¶URI for a CDN to used for buildpack downloads
- Default
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection¶Fog connection hash
fog_gcp_storage_options¶Storage options passed to fog for gcp blobstores
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
ca_cert¶The CA certificate to use when communicating with webdav
- Default
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
credential_references¶
interpolate_service_bindings¶Controls whether CredHub credentials are automatically interpolated in VCAP_SERVICES
- Default
database_encryption¶
current_key_label¶current key label for encrypting values in the CC database
- Default
keys¶label-key pairs for encrypting sensitive values in the CC database, labels must be < 256 characters long
- Default
{}
db_encryption_key¶key for encrypting sensitive values in the CC database
- Default
db_logging_level¶Level at which cc database operations will be logged if cc.log_db_queries is set to true.
- Default
default_app_disk_in_mb¶The default disk space an app gets
- Default
default_app_log_rate_limit_in_bytes_per_second¶Default application log rate limit
- Default
default_app_memory¶How much memory given to an app if not specified
- Default
default_app_ssh_access¶When ssh is allowed and not explicitly set in the application, new applications will start with ssh service enabled
- Default
default_health_check_timeout¶Default health check timeout (in seconds) that can be set for the app
- Default
development_mode¶Enable development features for monitoring and insight
- Default
diego¶
bbs¶
connect_timeout¶Connect timeout (in seconds) when talking to BBS Server
- Default
receive_timeout¶Receive timeout (in seconds) when talking to BBS Server
- Default
send_timeout¶Send timeout (in seconds) when talking to BBS Server
- Default
url¶URL of the BBS Server
- Default
cc_uploader_url¶URL of cc uploader
- Default
droplet_destinations¶List of destination directories for different stacks
- Default
enable_declarative_asset_downloads¶Enable specifying task and app asset downloads as declarative resources
- Default
file_server_url¶URL of file server
- Default
lifecycle_bundles¶List of lifecycle bundles arguments for different stacks
- Default
pid_limit¶Maximum PID limit for containerized work running user-provided code
- Default
temporary_oci_buildpack_mode¶Temporary flag to enable OCI buildpack flow. Valid values: ‘oci-phase-1’
use_privileged_containers_for_running¶Whether or not to use privileged containers for running buildpack apps and tasks.
- Default
use_privileged_containers_for_staging¶Whether or not to use privileged containers for staging tasks.
- Default
directories¶
tmpdir¶The directory to use for temporary files
- Default
disable_custom_buildpacks¶Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)
- Default
droplets¶
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
private_key¶Private key for signing download URIs
- Default
uri¶URI for a CDN to used for droplet downloads
- Default
droplet_directory_key¶Directory (bucket) used store droplets. It does not have be pre-created.
- Default
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection¶Fog connection hash
fog_gcp_storage_options¶Storage options passed to fog for gcp blobstores
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
ca_cert¶The CA certificate to use when communicating with webdav
- Default
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
external_host¶Host part of the cloud_controller api URI, will be joined with value of ‘domain’
- Default
external_port¶External Cloud Controller port
- Default
external_protocol¶The protocol used to access the CC API from an external entity
- Default
instance_file_descriptor_limit¶The file descriptors made available to each app instance
- Default
internal_service_hostname¶Internal hostname used to resolve the address of the Cloud Controller
- Default
jobs¶
blobstore_delete¶
timeout_in_seconds¶The longest this job can take before it is cancelled
generic¶
number_of_worker_threads¶Optional. Number of worker threads to start for each generic cloud_controller_worker worker process
number_of_workers¶Number of generic cloud_controller_worker workers
- Default
worker_grace_period_seconds¶The number of seconds to wait for each generic cloud_controller_worker worker process to finish processing jobs before forcefully shutting it down
- Default
global¶
timeout_in_seconds¶The longest any job can take before it is cancelled unless overriden per job
- Default
worker_sleep_delay_in_seconds¶The amount of time in seconds delayed workers sleep when no jobs are found
- Default
priorities¶List of hashes containing delayed jobs ‘display_name’ and its desired priority. This will overwrite the default priority of ccng
read_ahead¶The number of jobs to read ahead from the delayed job queue. Defaults to 5 for MySql and 0 for PostgreSQL (= use SELECT FOR UPDATE instead of read-ahead).
log_audit_events¶Log audit events
- Default
log_db_queries¶Log database queries. WARNING: Setting this to true with cc.db_logging_level >= cc.logging_level will log all field values, including encrypted secrets.
- Default
log_fog_requests¶Log fog requests and responses.
- Default
logging_level¶Log level for cc. Valid levels are listed here: https://github.com/cloudfoundry/steno#log-levels.
- Default
logging_max_retries¶Passthru value for Steno logger
- Default
loggregator¶
internal_url¶Internal URL used to communicate with traffic_controller
- Default
max_manifest_service_binding_poll_duration_in_seconds¶Max time in seconds to wait for individual asynchronous service binding creation when applying manifests. If a service broker fails to complete a service binding request before the specified duration, the manifest job will fail.
- Default
maximum_app_disk_in_mb¶The maximum amount of disk a user can request
- Default
maximum_health_check_timeout¶Maximum health check timeout (in seconds) that can be set for the app
- Default
mutual_tls¶
ca_cert¶PEM-encoded CA certificate for secure, mutually authenticated TLS communication
private_key¶PEM-encoded key for secure, mutually authenticated TLS communication
public_cert¶PEM-encoded certificate for secure, mutually authenticated TLS communication
newrelic¶
capture_params¶Capture and send query params to NewRelic
- Default
developer_mode¶Activate NewRelic developer mode
- Default
environment_name¶The environment name used by NewRelic
- Default
license_key¶The api key for NewRelic
log_file_path¶The location for NewRelic to log to
- Default
monitor_mode¶Activate NewRelic monitor mode
- Default
transaction_tracer¶
enabled¶Enable transaction tracing in NewRelic
- Default
record_sql¶NewRelic’s SQL statement recording mode: [off | obfuscated | raw]
- Default
packages¶
app_package_directory_key¶Directory (bucket) used store app packages. It does not have be pre-created.
- Default
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
private_key¶Private key for signing download URIs
- Default
uri¶URI for a CDN to used for app package downloads
- Default
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection¶Fog connection hash
fog_gcp_storage_options¶Storage options passed to fog for gcp blobstores
max_package_size¶Maximum size of application package
- Default
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
ca_cert¶The CA certificate to use when communicating with webdav
- Default
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
perform_blob_cleanup¶Whether or not to perform the blob cleanup job
- Default
prom_scraper¶
disabled¶When ‘cc.publish_metrics’ is enabled, a prom_scraper_config will be automatically generated. If you want to use another component for scraping, you can disable scraping by prom_scraper for cc-worker metrics with this.
- Default
prom_scraper_tls¶
ca_cert¶PEM-encoded CA certificate for secure, mutually authenticated TLS communication with prom_scraper
private_key¶PEM-encoded key for secure, mutually authenticated TLS communication with prom_scraper
public_cert¶PEM-encoded certificate for secure, mutually authenticated TLS communication with prom_scraper
prometheus_port¶When ‘cc.publish_metrics’ is set to true, the webserver, which publishes the metrics, will listen on this port.
- Default
publish_metrics¶When set to true a small webserver will be started in a seperate thread within the first worker’s process. This webserver will publish prometheus metrics of the workers under ‘/metrics’. The webserver will listen on the port defined in ‘cc.prometheus_port’.
- Default
readiness_port¶
cloud_controller_worker¶Readiness port used in k8s to check that db migrations are complete before component update
- Default
resource_pool¶
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
private_key¶Private key for signing download URIs
- Default
uri¶URI for a CDN to used for resource pool downloads
- Default
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection¶Fog connection hash
fog_gcp_storage_options¶Storage options passed to fog for gcp blobstores
maximum_size¶Maximum size of a resource to add to the pool
- Default
minimum_size¶Minimum size of a resource to add to the pool
- Default
resource_directory_key¶Directory (bucket) used store app resources. It does not have be pre-created.
- Default
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
ca_cert¶The CA certificate to use when communicating with webdav
- Default
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
staging_timeout_in_seconds¶Timeout for staging a droplet
- Default
staging_upload_password¶User’s password used to access internal endpoints of Cloud Controller to upload files when staging
staging_upload_user¶User name used to access internal endpoints of Cloud Controller to upload files when staging
thresholds¶
worker¶
alert_if_above_mb¶The CC will alert if memory remains above this threshold for 3 monit cycles
- Default
alert_if_above_memory_percent¶The CC will alert if memory remains above this percent threshold for 3 monit cycles. If specified, this threshold is used over
cc.thresholds.worker.alert_if_above_mb. Value must be percent integer, e.g. ‘80’.
restart_if_above_mb¶The CC will restart if memory remains above this threshold for 3 monit cycles
- Default
restart_if_consistently_above_mb¶The CC will restart if memory remains above this threshold for 15 monit cycles
- Default
restart_if_consistently_above_memory_percent¶The CC will restart if memory remains above this percent threshold for 15 monit cycles. If specified, this threshold is used over
cc.thresholds.worker.restart_if_consistently_above_mbandrestart_if_above_mb. Value must be percent integer, e.g. ‘80’.
tls_port¶External Cloud Controller port
- Default
uaa¶
internal_url¶The internal URL used by UAA
- Default
ccdb¶
address¶The address of the database server
ca_cert¶The CA certificate to use when communicating with the database over SSL
connection_expiration_random_delay¶The random delay in seconds to the expiration timeout (to prevent all connections being recreated simultaneously), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details
connection_expiration_timeout¶The period in seconds after which connections are expired (omit to never expire connections), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details
connection_validation_timeout¶The period in seconds after which idle connections are validated, passed directly to the Sequel gem - see http://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_validator_rb.html for details. Note that setting this to -1 results in an additional query whenever connections are checked out from the pool, which can have performance implications
- Default
databases¶Contains the name of the database on the database server
db_scheme¶The type of database being used. mysql or postgres
- Default
max_connections¶Maximum connections for Sequel
- Default
max_migration_duration_in_minutes¶the maximum time migrations should be allowed to run before job startup should error
- Default
pool_timeout¶The timeout for Sequel pooled connections
- Default
port¶The port of the database server
read_timeout¶The read timeout in seconds for query responses, passed directly to the Sequel gem - see https://github.com/jeremyevans/sequel/blob/master/doc/opening_databases.rdoc for details
- Default
roles¶Users to create on the database when seeding
ssl_verify_hostname¶Verify that the database SSL certificate matches the host to which the connection is attempted
- Default
credhub_api¶
hostname¶Hostname used to resolve the address of CredHub
- Default
metron_endpoint¶
host¶The host used to emit messages to the Metron agent
- Default
port¶The port used to emit messages to the Metron agent
- Default
nfs_server¶
address¶NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)
release_level_backup¶
Include cloud_controller jobs in backup and restore operations
- Default
true
routing_api¶
enabled¶Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API
- Default
ssl¶
skip_cert_verify¶specifies that the job is allowed to skip ssl cert verification
- Default
system_domain¶
Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen
uaa¶
ca_cert¶The certificate authority being used by UAA
clients¶
cc-service-dashboards¶
scope¶Used to grant scope for SSO clients for service brokers
- Default
secret¶Used for generating SSO clients for service brokers.
cc_routing¶
secret¶Used for fetching routing information from the Routing API
port¶The port used by UAA for non-ssl connections
ssl¶
port¶The port used by UAA for ssl connections
- Default
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/cloud_controller_worker/ directory
(learn more).
bin/bbr/post-backup-unlock(frompost-backup-unlock.sh.erb)bin/bbr/post-restore-unlock(frompost-restore-unlock.sh.erb)bin/bbr/pre-backup-lock(frompre-backup-lock.sh.erb)bin/bbr/pre-restore-lock(frompre-restore-lock.sh.erb)bin/blobstore_waiter.sh(fromblobstore_waiter.sh.erb)bin/cloud_controller_worker(frombin/cloud_controller_worker.erb)bin/console(fromconsole.erb)bin/drain(fromdrain.sh.erb)bin/post-start(frompost-start.sh.erb)bin/pre-start(frompre-start.sh.erb)bin/ruby_version.sh(fromruby_version.sh.erb)bin/setup_local_blobstore.sh(fromsetup_local_blobstore.sh.erb)bin/shutdown_drain(fromshutdown_drain.rb.erb)config/bpm.yml(frombpm.yml.erb)config/certs/buildpacks_ca_cert.pem(frombuildpacks_ca_cert.pem.erb)config/certs/db_ca.crt(fromdb_ca.crt.erb)config/certs/droplets_ca_cert.pem(fromdroplets_ca_cert.pem.erb)config/certs/mutual_tls.crt(frommutual_tls.crt.erb)config/certs/mutual_tls.key(frommutual_tls.key.erb)config/certs/mutual_tls_ca.crt(frommutual_tls_ca.crt.erb)config/certs/packages_ca_cert.pem(frompackages_ca_cert.pem.erb)config/certs/resource_pool_ca_cert.pem(fromresource_pool_ca_cert.pem.erb)config/certs/scrape.crt(fromscrape.crt.erb)config/certs/scrape.key(fromscrape.key.erb)config/certs/scrape_ca.crt(fromscrape_ca.crt.erb)config/certs/uaa_ca.crt(fromuaa_ca.crt.erb)config/cloud_controller_ng.yml(fromcloud_controller_ng.yml.erb)config/newrelic.yml(fromnewrelic.yml.erb)config/prom_scraper_config.yml(fromprom_scraper_config.yml.erb)config/stacks.yml(fromstacks.yml.erb)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/ directory.