core job from shield/8.0.19

Github source: 424d694 or master branch

Properties¶

agent¶

key¶

RSA private key used for securing communications between SHIELD Agents and the SHIELD Core.

core¶

authentication¶

A list of SHIELD Authentication Provider configurations, to be emitted into the shieldd.conf configuration file as-is (under the auth: key).

color¶

What color should the SHIELD Web UI render the environment tag in.

Default

yellow

env¶

A short tag describing this environment (i.e. ‘prod’, ‘staging’, etc.).

Default

sandbox

fast-loop¶

How frequently should SHIELD check for and execute scheduled jobs.

Default

5s

motd¶

A (perhaps long-form) message of the day, to display on login forms.

Default

Welcome to SHIELD!

session-timeout¶

How long should sessions be valid for.

Default

8h

slow-loop¶

How frequently should SHIELD perform janitorial tasks.

Default

1h

task-timeout¶

How long after start of execution before timing out a running task.

Default

12h

workers¶

Maximum allowable number of running, concurrent tasks.

Default

5

domain¶

Fully-qualified domain name (or IP address) of your SHIELD installation

failsafe¶

password¶

A password for the failsafe user.

Default

shield

username¶

A fallback username for initially accessiong your SHIELD instance.

Default

admin

log-level¶

Log level for the SHIELD Core. One of ‘error’, ‘warning’, or ‘info’.

Default

error

migrate-from¶

dsn¶

The full datasource name of a legacy (pre-v8) database to migrate from.

type¶

What type of legacy (pre-v8) database to migrate from (optional).

nginx¶

connections¶

Number of nginx connections per worker

Default

8192

keepalive¶

Timeout for keep-alive connections

Default

75 20

workers¶

Number of nginx workers

Default

2

port¶

Incoming port to bind for HTTPS API and Web UI

Default

443

tls¶

certificate¶

TLS Certificate (PEM encoded), used for the HTTPS API and Web UI

ciphers¶

Which SSL/TLS ciphers to allow, used for the HTTPS API and Web UI

Default

ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH

key¶

TLS private key (PEM encoded), used for the HTTPS API and Web UI

protocols¶

Which SSL/TLS protocols to allow, used for the HTTPS API and Web UI

Default

TLSv1 TLSv1.1 TLSv1.2

reuse-after¶

How long (in hours) before rotating cryptographic parameters

Default

2

vault¶

tls¶

ca¶

The PEM-encoded certificate of the CA that signed the Vault Certificate. The SHIELD core needs this so that it can trust the Vault certificate.

certificate¶

The PEM-encoded certificate of the Vault itself. This certificate should be issued for the IP SAN 127.0.0.1.

key¶

The PEM-encoded private key for the Vault certificate.

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/core/ directory (learn more).

• bin/nginx (from bin/nginx)
• bin/shieldd (from bin/shieldd)
• bin/vault (from bin/vault)
• config/agent.key (from config/agent.key)
• config/nginx.conf (from config/nginx.conf)
• config/shieldd.conf (from config/shieldd.conf)
• config/tls/nginx.key (from config/tls/nginx.key)
• config/tls/nginx.pub (from config/tls/nginx.pub)
• config/tls/vault.ca (from config/tls/vault.ca)
• config/tls/vault.key (from config/tls/vault.key)
• config/tls/vault.pub (from config/tls/vault.pub)
• config/vault.conf (from config/vault.conf)
• envrc (from envrc)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• nginx
• shield
• sqlite3
• vault