Template Uploader Errand Properties
The template-uploader errand has different properties based on each service. In the first section you can find the general properties, valid for all services. Additionally you can find the properties for each service in the sections below.
Property | Description |
---|---|
/backup_manager_api | API-Endpoint for the Backup Manager |
/backup_manager_username | Username for the Backup Manager |
/backup_manager_password | Password for the Backup Manager |
/cdns_encrypt | TBD |
/cdns_ssl.ca | TBD |
/cdns_ssl.certificate | TBD |
/cdns_ssl.private_key | TBD |
stemcell_os | The operating system of the BOSH stemcell |
stemcell_alias | Stemcell alias configured in the IaaS configuration |
stemcell_version | Current version of the stemcell |
service_network | TBD |
consul_domain | Domain name for Consul DNS |
consul_ips | TBD |
add_consul_to_bosh_dns_resolvers | Add Consul DNS to BOSH DNS resolvers. true or false |
global_graphite_endpoint | Endpoint for the Graphite API, see Metrics |
global_syslog_endpoint | Endpoint for the Syslog API |
use_metrics_prefix_level_2 | If true, CF org will be sent with the Graphite metrics, see Metrics. |
use_metrics_prefix_level_3 | If true, CF space will be sent with the Graphite metrics, see Metrics. |
KeyValue
Property | Description |
---|---|
/a9s_private_components_ca | The root CA certificate which is used to sign the client certificates used by the framework components to communicate via mTLS with each other |
backup_manager_api_endpoint | The API endpoint (schema://hostname:port ) used by the a9s Backup Agent to communicate with the a9s Backup Manager |
LogMe2
Property | Description |
---|---|
/a9s_private_components_ca | The root CA certificate which is used to sign the client certificates used by the framework components to communicate via mTLS with each other |
/logme2_service_dashboard_secret | TBD |
/cf_nats_ips | IPs of each cluster member of the NATS server deployment |
/cf_nats_credentials.username | Username for the NATS-TLS user used by the Route Registrar |
/cf_nats_credentials.password | Password for the NATS-TLS user used by the Route Registrar |
/cf_nats_tls_client_cert.certificate | Client certificate for the NATS-TLS connection used by the Route Registrar |
/cf_nats_tls_client_cert.private_key | Client Key for the NATS-TLS conncection used by the Route Registrar |
/cf_nats_tls_client_cert.ca | Certificate authority for the NATS-TLS connection used by the Route Registrar |
cf_system_domain | TBD |
dashboard_client_id | TBD |
backup_manager_api_endpoint | The API endpoint (schema://hostname:port ) used by the a9s Backup Agent to communicate with the a9s Backup Manager |
MongoDB
Property | Description |
---|---|
/a9s_private_components_ca | The root CA certificate which is used to sign the client certificates used by the framework components to communicate via mTLS with each other |
backup_manager_api_endpoint | The API endpoint (schema://hostname:port ) used by the a9s Backup Agent to communicate with the a9s Backup Manager |
MariaDB
Property | Description |
---|---|
/a9s_private_components_ca | The root CA certificate which is used to sign the client certificates used by the framework components to communicate via mTLS with each other |
backup_manager_api_endpoint | The API endpoint (schema://hostname:port ) used by the a9s Backup Agent to communicate with the a9s Backup Manager |
PostgreSQL
Property | Description |
---|---|
/a9s_private_components_ca | The root CA certificate which is used to sign the client certificates used by the framework components to communicate via mTLS with each other |
backup_manager_api_endpoint | The API endpoint (schema://hostname:port ) used by the a9s Backup Agent to communicate with the a9s Backup Manager |
Prometheus
Property | Description |
---|---|
/prometheus_service_dashboard_secret | TBD |
/cf_nats_ips | IPs of each cluster member of the NATS server deployment |
/cf_nats_credentials.username | Username for the NATS-TLS user used by the Route Registrar |
/cf_nats_credentials.password | Password for the NATS-TLS user used by the Route Registrar |
/cf_nats_tls_client_cert.certificate | Client certificate for the NATS-TLS connection used by the Route Registrar |
/cf_nats_tls_client_cert.private_key | Client Key for the NATS-TLS conncection used by the Route Registrar |
/cf_nats_tls_client_cert.ca | Certificate authority for the NATS-TLS connection used by the Route Registrar |
RabbitMQ
Property | Description |
---|---|
/a9s_private_components_ca | The root CA certificate which is used to sign the client certificates used by the framework components to communicate via mTLS with each other |
/cf_nats_ips | IPs of each cluster member of the NATS server deployment |
/cf_nats_credentials.username | Username for the NATS-TLS user used by the Route Registrar |
/cf_nats_credentials.password | Password for the NATS-TLS user used by the Route Registrar |
/cf_nats_tls_client_cert.certificate | Client certificate for the NATS-TLS connection used by the Route Registrar |
/cf_nats_tls_client_cert.private_key | Client Key for the NATS-TLS conncection used by the Route Registrar |
/cf_nats_tls_client_cert.ca | Certificate authority for the NATS-TLS connection used by the Route Registrar |
backup_manager_api_endpoint | The API endpoint (schema://hostname:port ) used by the a9s Backup Agent to communicate with the a9s Backup Manager |
info
For RabbitMQ the NATS-related properties are needed only if the RabbitMQ Management UI has been enabled.
Redis
Property | Description |
---|---|
/a9s_private_components_ca | The root CA certificate which is used to sign the client certificates used by the framework components to communicate via mTLS with each other |
backup_manager_api_endpoint | The API endpoint (schema://hostname:port ) used by the a9s Backup Agent to communicate with the a9s Backup Manager |
Search
Property | Description |
---|---|
/search_service_backup_agent_username | Username for the Search Backup Agent |
/search_service_backup_agent_password | Password for the Search Backup Agent |
global_syslog_endpoints | Endpoints for the Syslog API. In contrast to global_syslog_endpoint , this parameter supports multiple endpoints, with optional TLS configuration, which must be specified in the following format: Syslog endpoints configuration with TLS support |
Syslog Endpoints Configuration With TLS Support
# Example for host without TLS
- host: ndd79a54f-fluentd.service.dc1.dsf2.a9ssvc
port: 514
protocol: udp
rfc: rfc5424
# Example for host with TLS
- host: ndd79a54f-fluentd.service.dc1.dsf2.a9ssvc
port: 6514
protocol: ssl-tcp
rfc: rfc5424
ssl_cacert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
ssl_cert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
ssl_key: |
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
TLS Configuration
The Template Uploader Errand communicates with the a9s Deployer via a TLS protected connection.
This is configurable via the property anynines_service_broker.bosh_deployer
.
For more details on this property, please refer to the TLS General Configuration documentation.