cloud_controller_worker job from cf/284
Cloud Controller worker processes background tasks submitted via the.
              Github source:
              9cbd8a1d or
              master branch
            
Properties¶
bpm¶
  
  
    
enabled¶Experimental feature flag: Enable Bosh Process Manager
- Default
false
cc¶
  
  
    
allow_app_ssh_access¶Allow users to change the value of the app-level allow_ssh attribute
- Default
true
bits_service¶
ca_cert¶The ca cert to use when communicating with bits-service endpoints
- Default
""
enabled¶Enable integration of the bits-service incubator (experimental)
- Default
false
password¶Password for the bits-service
- Default
""
private_endpoint¶Private url for the bits-service service
- Default
""
public_endpoint¶Public url for the bits-service service
- Default
""
username¶Username for the bits-service
- Default
""
broker_client_default_async_poll_interval_seconds¶Specifies interval on which the CC will poll a service broker for asynchronous actions
- Default
60
broker_client_max_async_poll_duration_minutes¶The max duration the CC will fetch service instance state from a service broker. Default is 1 week
- Default
10080
broker_client_timeout_seconds¶For requests to service brokers, this is the HTTP (open and read) timeout setting.
- Default
60
buildpacks¶
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
buildpack_directory_key¶Directory (bucket) used store buildpacks. It does not have be pre-created.
- Default
cc-buildpacks
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
""
private_key¶Private key for signing download URIs
- Default
""
uri¶URI for a CDN to used for buildpack downloads
- Default
""
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection¶Fog connection hash
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert¶The ca cert to use when communicating with webdav
- Default
""
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
""
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
db_encryption_key¶key for encrypting sensitive values in the CC database
- Default
""
db_logging_level¶Level at which cc database operations will be logged if cc.log_db_queries is set to true.
- Default
debug2
default_app_disk_in_mb¶The default disk space an app gets
- Default
1024
default_app_memory¶How much memory given to an app if not specified
- Default
1024
default_app_ssh_access¶When ssh is allowed and not explicitly set in the application, new applications will start with ssh service enabled
- Default
true
default_health_check_timeout¶Default health check timeout (in seconds) that can be set for the app
- Default
60
default_stack¶The default stack to use if no custom stack is specified by an app.
- Default
cflinuxfs2
development_mode¶Enable development features for monitoring and insight
- Default
false
diego¶
bbs¶
url¶URL of the BBS Server
- Default
https://bbs.service.cf.internal:8889
cc_uploader_url¶URL of cc uploader
- Default
http://cc-uploader.service.cf.internal:9090
file_server_url¶URL of file server
- Default
http://file-server.service.cf.internal:8080
lifecycle_bundles¶List of lifecycle bundles arguments for different stacks
- Default
buildpack/cflinuxfs2: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows2012R2: windows_app_lifecycle/windows_app_lifecycle.tgz buildpack/windows2016: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz docker: docker_app_lifecycle/docker_app_lifecycle.tgz
nsync_url¶URL of the Diego nsync service
- Default
http://nsync.service.cf.internal:8787
pid_limit¶Maximum pid limit for containerized work running user-provided code
- Default
1024
stager_url¶URL of the Diego stager service
- Default
http://stager.service.cf.internal:8888
temporary_cc_uploader_mtls¶Temporary flag to ensure droplet upload callback endpoints require mTLS
- Default
true
temporary_droplet_download_mtls¶Temporary flag to enable mTLS droplet download to the bbs from cc
- Default
true
temporary_local_apps¶Temporary flag to manage app state directly to the bbs from cc
- Default
true
temporary_local_staging¶Temporary flag to enable staging directly to the bbs from cc
- Default
true
temporary_local_sync¶Temporary flag to run sync job between cc and bbs
- Default
true
temporary_local_tasks¶Temporary flag to run tasks directly to the bbs from cc
- Default
true
temporary_local_tps¶Temporary flag to manage app state directly to the bbs from cc
- Default
true
temporary_oci_buildpack_mode¶Temporary flag to enable OCI buildpack flow. Valid values: ‘oci-phase-1’
tps_url¶URL of the Diego tps service
- Default
http://tps.service.cf.internal:1518
use_privileged_containers_for_running¶Whether or not to use privileged containers for running buildpack apps and tasks.
- Default
false
use_privileged_containers_for_staging¶Whether or not to use privileged containers for staging tasks.
- Default
false
droplets¶
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
""
private_key¶Private key for signing download URIs
- Default
""
uri¶URI for a CDN to used for droplet downloads
- Default
""
droplet_directory_key¶Directory (bucket) used store droplets. It does not have be pre-created.
- Default
cc-droplets
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection¶Fog connection hash
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert¶The ca cert to use when communicating with webdav
- Default
""
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
""
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
external_host¶Host part of the cloud_controller api URI, will be joined with value of ‘domain’
- Default
api
external_port¶External Cloud Controller port
- Default
9022
external_protocol¶The protocol used to access the CC API from an external entity
- Default
https
instance_file_descriptor_limit¶The file descriptors made available to each app instance
- Default
16384
internal_api_password¶Password used by Diego to access internal endpoints
internal_api_user¶User name used by Diego to access internal endpoints
- Default
internal_user
internal_service_hostname¶Internal hostname used to resolve the address of the Cloud Controller
- Default
cloud-controller-ng.service.cf.internal
jobs¶
blobstore_delete¶
timeout_in_seconds¶The longest this job can take before it is cancelled
generic¶
number_of_workers¶Number of generic cloud_controller_worker workers
- Default
1
global¶
timeout_in_seconds¶The longest any job can take before it is cancelled unless overriden per job
- Default
14400
log_db_queries¶Log database queries. WARNING: Setting this to true with cc.db_logging_level >= cc.logging_level will log all field values, including encrypted secrets.
- Default
false
logging_level¶Log level for cc. Valid levels are listed here: https://github.com/cloudfoundry/steno#log-levels.
- Default
info
logging_max_retries¶Passthru value for Steno logger
- Default
1
loggregator¶
internal_url¶Internal url used to communicate with traffic_controller
- Default
http://loggregator-trafficcontroller.service.cf.internal:8081
maximum_app_disk_in_mb¶The maximum amount of disk a user can request
- Default
2048
mutual_tls¶
ca_cert¶PEM-encoded CA certificate for secure, mutually authenticated TLS communication
private_key¶PEM-encoded key for secure, mutually authenticated TLS communication
public_cert¶PEM-encoded certificate for secure, mutually authenticated TLS communication
newrelic¶
capture_params¶Capture and send query params to NewRelic
- Default
false
developer_mode¶Activate NewRelic developer mode
- Default
false
environment_name¶The environment name used by NewRelic
- Default
development
license_key¶The api key for NewRelic
log_file_path¶The location for NewRelic to log to
- Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode¶Activate NewRelic monitor mode
- Default
false
transaction_tracer¶
enabled¶Enable transaction tracing in NewRelic
- Default
false
record_sql¶NewRelic’s SQL statement recording mode: [off | obfuscated | raw]
- Default
"off"
packages¶
app_package_directory_key¶Directory (bucket) used store app packages. It does not have be pre-created.
- Default
cc-packages
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
""
private_key¶Private key for signing download URIs
- Default
""
uri¶URI for a CDN to used for app package downloads
- Default
""
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection¶Fog connection hash
max_package_size¶Maximum size of application package
- Default
1.073741824e+09
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert¶The ca cert to use when communicating with webdav
- Default
""
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
""
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
perform_blob_cleanup¶Whether or not to perform the blob cleanup job
- Default
true
resource_pool¶
blobstore_type¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn¶
key_pair_id¶Key pair name for signed download URIs
- Default
""
private_key¶Private key for signing download URIs
- Default
""
uri¶URI for a CDN to used for resource pool downloads
- Default
""
fog_aws_storage_options¶Storage options passed to fog for aws blobstores. Valid keys: [‘encryption’].
fog_connection¶Fog connection hash
maximum_size¶Maximum size of a resource to add to the pool
- Default
5.36870912e+08
minimum_size¶Minimum size of a resource to add to the pool
- Default
65536
resource_directory_key¶Directory (bucket) used store app resources. It does not have be pre-created.
- Default
cc-resources
webdav_config¶
blobstore_timeout¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert¶The ca cert to use when communicating with webdav
- Default
""
password¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint¶The location of the webdav server eg: https://blobstore.com
- Default
""
username¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
stacks¶Tag used by the DEA to describe capabilities (i.e. ‘Windows7’, ‘python-linux’). DEA and CC must agree.
- Default
- description: Cloud Foundry Linux-based filesystem name: cflinuxfs2
staging_timeout_in_seconds¶Timeout for staging a droplet
- Default
900
staging_upload_password¶User’s password used to access internal endpoints of Cloud Controller to upload files when staging
staging_upload_user¶User name used to access internal endpoints of Cloud Controller to upload files when staging
thresholds¶
worker¶
alert_if_above_mb¶The cc will alert if memory remains above this threshold for 3 monit cycles
- Default
384
restart_if_above_mb¶The cc will restart if memory remains above this threshold for 3 monit cycles
- Default
512
restart_if_consistently_above_mb¶The cc will restart if memory remains above this threshold for 15 monit cycles
- Default
384
tls_port¶External Cloud Controller port
- Default
9023
uaa¶
internal_url¶The internal url used by UAA
- Default
uaa.service.cf.internal
ccdb¶
  
  
    
address¶The address of the database server
ca_cert¶The ca cert to use when communicating with the database over SSL
databases¶Contains the name of the database on the database server
db_scheme¶The type of database being used. mysql or postgres
- Default
postgres
max_connections¶Maximum connections for Sequel
- Default
25
pool_timeout¶The timeout for Sequel pooled connections
- Default
10
port¶The port of the database server
roles¶Users to create on the database when seeding
ssl_verify_hostname¶Verify that the database SSL certificate matches the host to which the connection is attempted
- Default
true
metron_endpoint¶
  
  
    
host¶The host used to emit messages to the Metron agent
- Default
127.0.0.1
port¶The port used to emit messages to the Metron agent
- Default
3457
nfs_server¶
  
  
    
address¶NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)
share_path¶The location at which to mount the nfs share
- Default
/var/vcap/nfs
release_level_backup¶
  
    
      Include cloud_controller jobs in backup and restore operations
- Default
- true 
routing_api¶
  
  
    
enabled¶Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API
- Default
false
ssl¶
  
  
    
skip_cert_verify¶specifies that the job is allowed to skip ssl cert verification
- Default
false
system_domain¶
  
    
      Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen
uaa¶
  
  
    
ca_cert¶The certificate authority being used by UAA
clients¶
cc-service-dashboards¶
scope¶Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret¶Used for generating SSO clients for service brokers.
cc_routing¶
secret¶Used for fetching routing information from the Routing API
cc_service_broker_client¶
scope¶(DEPRECATED) - Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret¶(DEPRECATED) - Used for generating SSO clients for service brokers.
port¶The port used by UAA for non-ssl connections
ssl¶
port¶The port used by UAA for ssl connections
- Default
8443
Templates¶
            Templates are rendered and placed onto corresponding
            instances during the deployment process. This job's templates
            will be placed into /var/vcap/jobs/cloud_controller_worker/ directory
            (learn more).
          
- bin/bbr/post-backup-unlock(from- post-backup-unlock.sh.erb)
- bin/bbr/post-restore-unlock(from- post-restore-unlock.sh.erb)
- bin/bbr/pre-backup-lock(from- pre-backup-lock.sh.erb)
- bin/bbr/pre-restore-lock(from- pre-restore-lock.sh.erb)
- bin/blobstore_waiter.sh(from- blobstore_waiter.sh.erb)
- bin/cloud_controller_worker(from- bin/cloud_controller_worker.erb)
- bin/cloud_controller_worker_ctl(from- cloud_controller_worker_ctl.erb)
- bin/console(from- console.erb)
- bin/drain(from- drain.sh.erb)
- bin/pre-start(from- pre-start.sh.erb)
- bin/ruby_version.sh(from- ruby_version.sh.erb)
- bin/setup_local_blobstore.sh(from- setup_local_blobstore.sh.erb)
- config/bpm.yml(from- bpm.yml.erb)
- config/certs/bits_service_ca.crt(from- bits_service_ca.crt.erb)
- config/certs/buildpacks_ca_cert.pem(from- buildpacks_ca_cert.pem.erb)
- config/certs/db_ca.crt(from- db_ca.crt.erb)
- config/certs/droplets_ca_cert.pem(from- droplets_ca_cert.pem.erb)
- config/certs/mutual_tls.crt(from- mutual_tls.crt.erb)
- config/certs/mutual_tls.key(from- mutual_tls.key.erb)
- config/certs/mutual_tls_ca.crt(from- mutual_tls_ca.crt.erb)
- config/certs/packages_ca_cert.pem(from- packages_ca_cert.pem.erb)
- config/certs/resource_pool_ca_cert.pem(from- resource_pool_ca_cert.pem.erb)
- config/certs/uaa_ca.crt(from- uaa_ca.crt.erb)
- config/cloud_controller_ng.yml(from- cloud_controller_ng.yml.erb)
- config/newrelic.yml(from- newrelic.yml.erb)
- config/stacks.yml(from- stacks.yml.erb)
Packages¶
            Packages are compiled and placed onto corresponding
            instances during the deployment process. Packages will be
            placed into /var/vcap/packages/ directory.