policy-server-asg-syncer job from cf-networking/3.19.0
Github source:
022fcc4c or
master branch
Properties¶
asg_poll_interval_seconds¶
Interval in seconds that policy-server will poll CAPI for ASG data. Requires asg_sync_enabled. Must be > 0
- Default
60
cc_hostname¶
Host name for the Cloud Controller server for connecting to the non-secure api endpoint.
If this value is not provided, policy-server-asg-syncer will obtain the secure api endpoint by consuming
the cloud_controller_https_endpoint link.
The value supplied to this property must match the value supplied to the Cloud Controller
property cc.internal_service_hostname.
- Example
-
cloud-controller-ng.service.cf.internal
cc_internal¶
client_cert¶Client certificate for cloud controller
client_key¶Client private key for cloud controller
cc_port¶
External port of Cloud Controller server for connecting to the non-secure api endpoint.
If this value is not provided, policy-server will obtain the secure api port by consuming
the cloud_controller_https_endpoint link.
The value supplied to this property must match the value supplied to the Cloud Controller
property cc.external_port.
- Example
-
9022
database¶
connect_timeout_seconds¶Connection timeout between the policy server and its database.
- Default
disable¶
Disable syncing application security groups for dynamic security group updates
- Default
false
locket¶
address¶Hostname and port of the Locket server. Must be set when asg_sync_enabled is set to true.
- Default
ca_cert¶The CA certificiate for the CA for Locket.
client_cert¶The client certificate for Locket.
client_key¶The private key for Locket.
log_level¶
Logging level (debug, info, warn, error).
- Default
info
metron_port¶
Port of metron agent on localhost. This is used to forward metrics.
- Default
3457
retry_deadline_seconds¶
Maximum amount of time that policy-server-asg-syncer will retry CAPI for when detecting unstable ASG lists
- Default
300
skip_ssl_validation¶
Skip verifying ssl certs when speaking to UAA or Cloud Controller.
- Default
false
uaa_ca¶
Trusted CA for UAA server.
uaa_client¶
UAA client name. Must match the name of a UAA client with the following properties:
authorities: uaa.resource,cloud_controller.admin_read_only,
authorities: uaa.resource,cloud_controller.admin_read_only.
- Default
network-policy
uaa_client_secret¶
UAA client secret. Must match the secret of the above UAA client.
uaa_hostname¶
Host name for the UAA server. E.g. the service advertised via Consul DNS. Must match common name in the UAA server cert. Must be listed in uaa.zones.internal.hostnames.
- Default
uaa.service.cf.internal
uaa_port¶
Port of the UAA server. Must match uaa.ssl.port.
- Default
8443
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/policy-server-asg-syncer/ directory
(learn more).
config/bpm.yml(frombpm.yml.erb)config/certs/cc_ca.crt(fromcc_ca.crt.erb)config/certs/cc_internal_ca.crt(fromcc_internal_ca.crt.erb)config/certs/cc_internal_client.crt(fromcc_internal_client.crt.erb)config/certs/cc_internal_client.key(fromcc_internal_client.key.erb)config/certs/database_ca.crt(fromdatabase_ca.crt.erb)config/certs/locket.crt(fromlocket.crt.erb)config/certs/locket.key(fromlocket.key.erb)config/certs/locket_ca.crt(fromlocket_ca.crt.erb)config/certs/uaa_ca.crt(fromuaa_ca.crt.erb)config/policy-server-asg-syncer.json(frompolicy-server-asg-syncer.json.erb)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/ directory.