Skip to content

Instantly share code, notes, and snippets.

@Jonty

Jonty/cf_215_spec_properties.yml

Created December 14, 2015 14:09
Show Gist options
  • Save Jonty/22efe3658bdf85f261e3 to your computer and use it in GitHub Desktop.
Save Jonty/22efe3658bdf85f261e3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cf_215_spec_properties.yml
properties:
# The domain name for this CloudFoundry deploy
domain: ~
acceptance_tests:
# The Elastic Runtime Application Domain
apps_domain: ~
# The name of the binary buildpack to use in acceptance tests that specify a
# buildpack.
binary_buildpack_name: ~
# Whether to pass the -v flag to cf-acceptance-tests
verbose: False
# Enable colorized output on ginkgo.
enable_color: True
# The Elastic Runtime API endpoint URL
api: ~
# Flag to include the security groups test suite.
include_security_groups: False
# Flag for using HTTP when making api and application requests rather than the
# default HTTPS
use_http: False
# Flag to include the v3 API test suite.
include_v3: False
# The username of an existing user. If set, the acceptance-tests will push apps
# and perform other actions as this user, otherwise its default behaviour is to
# create a temporary user for such actions.
existing_user: ~
# The system domain for your CF release
system_domain: ~
# Timeout for broker starts
broker_start_timeout: ~
# Flag to include the operator tests which may modify the global state of an
# Elastic Runtime deployment.
include_operator: False
# The Elastic Runtime API admin user's password
admin_password: ~
# Regex for tests that should be skipped
skip_regex: ~
# The name of the go buildpack to use in acceptance tests that specify a
# buildpack.
go_buildpack_name: ~
# The password of the existing user. Only required if the existing user property
# is also being set.
existing_user_password: ~
# Flag to include the route services tests. Diego must be deployed for these tests
# to pass.
include_route_services: False
# Flag to include the services tests that integrate with SSO.
include_sso: False
# Default Timeout
default_timeout: ~
# The name of the php buildpack to use in acceptance tests that specify a
# buildpack.
php_buildpack_name: ~
# The name of the ruby buildpack to use in acceptance tests that specify a
# buildpack.
ruby_buildpack_name: ~
# The name of the python buildpack to use in acceptance tests that specify a
# buildpack.
python_buildpack_name: ~
# Flag to include the services API test suite.
include_services: False
# Flag to include the logging test suite.
include_logging: False
# The number of parallel test executors to spawn. The larger the number the higher
# the stress on the system.
nodes: 2
# Toggles cli verification of the Elastic Runtime API SSL certificate
skip_ssl_validation: False
# App tests push their apps using diego if enabled. Route service tests require
# this flag to run.
use_diego: False
# The Elastic Runtime API admin user
admin_user: ~
# Timeout for cf push
cf_push_timeout: ~
# Flag to include the routing test suite.
include_routing: False
# The name of the staticfile buildpack to use in acceptance tests that specify a
# buildpack.
staticfile_buildpack_name: ~
# The name of the java buildpack to use in acceptance tests that specify a
# buildpack.
java_buildpack_name: ~
# Timeout for long curls
long_curl_timeout: ~
# The client secret for the uaa gorouter client
client_secret: ~
# Flag to include the internet dependent test suite.
include_internet_dependent: False
# The name of the nodejs buildpack to use in acceptance tests that specify a
# buildpack.
nodejs_buildpack_name: ~
# Skip tests that are known to not be supported by Diego. Set to true if your
# deployment defaults to Diego as its runtime.
skip_diego_unsupported_tests: False
support_address: http://support.cloudfoundry.com
app_ssh:
# The oauth client ID of the SSH proxy
oauth_client_id: ssh-proxy
# Fingerprint of the host key of the SSH proxy that brokers connections to
# application instances
host_key_fingerprint: None
# External port for SSH access to application instances
port: 2222
cc:
default_fog_connection:
# Local root when fog provider is not overridden (should be an NFS mount if using
# more than one cloud controller)
local_root: /var/vcap/nfs/shared
# Local fog provider (should always be 'Local'), used if fog_connection hash is
# not provided in the manifest
provider: Local
# The percentage of top stagers considered when choosing a stager
placement_top_stager_percentage: 10
# The host for the statsd server, defaults to the local metron agent
statsd_host: 127.0.0.1
# Set of buildpacks to install during deploy
install_buildpacks: ~
# File descriptor limit for staging tasks
staging_file_descriptor_limit: 16384
# Minimum version of the CF CLI to work with the API.
min_cli_version: ~
thresholds:
api:
# The cc will restart if memory remains above this threshold for 3 monit cycles
restart_if_above_mb: 2450
# The cc will restart if memory remains above this threshold for 15 monit cycles
restart_if_consistently_above_mb: 2250
# The cc will alert if memory remains above this threshold for 3 monit cycles
alert_if_above_mb: 2250
worker:
# The cc will restart if memory remains above this threshold for 3 monit cycles
restart_if_above_mb: 512
# The cc will restart if memory remains above this threshold for 15 monit cycles
restart_if_consistently_above_mb: 384
# The cc will alert if memory remains above this threshold for 3 monit cycles
alert_if_above_mb: 384
# The nginx access log destination. This can be used to route access logs to a
# file, syslog, or a memory buffer.
nginx_access_log_destination: /var/vcap/sys/log/nginx_cc/nginx.access.log
# Timeout for staging a droplet
staging_timeout_in_seconds: 900
# The default running security groups that will be seeded in CloudController.
default_running_security_groups: ~
renderer:
# Maximum depth of inlined relationships in the result
max_inline_relations_depth: 2
# Maximum number of results returned per page
max_results_per_page: 100
# Default number of results returned per page if user does not specify
default_results_per_page: 50
# API URI of cloud controller
srv_api_uri: ~
newrelic:
# The location for NewRelic to log to
log_file_path: /var/vcap/sys/log/cloud_controller_ng/newrelic
# Capture and send query params to NewRelic
capture_params: False
# The environment name used by NewRelic
environment_name: development
transaction_tracer:
# NewRelic's SQL statement recording mode: [off | obfuscated | raw]
record_sql: off
# Enable transaction tracing in NewRelic
enabled: False
# Activate NewRelic monitor mode
monitor_mode: False
# The api key for NewRelic
license_key: None
# Activate NewRelic developer mode
developer_mode: False
# Custom message to use for a disabled feature.
feature_disabled_message: ~
# User name used to access internal endpoints of Cloud Controller to upload files
# when staging
staging_upload_user:
# key for encrypting sensitive values in the CC database
db_encryption_key:
# Maximum body size for nginx bits uploads
app_bits_max_body_size: 1536M
app_events:
# How old an app event should stay in cloud controller database before being
# cleaned up
cutoff_age_in_days: 31
diego:
# URL of the Diego nsync service
nsync_url: http://nsync.service.cf.internal:8787
# URL of the Diego tps service
tps_url: http://tps.service.cf.internal:1518
# URL of the Diego stager service
stager_url: http://stager.service.cf.internal:8888
# Array of security groups that will be seeded into CloudController.
security_group_definitions: ~
pending_packages:
# How long packages can remain in pending state before being cleaned up
expiration_in_seconds: 1200
# How often the package pending cleanup job runs
frequency_in_seconds: 300
# The maximum amount of disk a user can request
maximum_app_disk_in_mb: 2048
# Minimum recommended version of the CF CLI.
min_recommended_cli_version: ~
# The default staging security groups that will be seeded in CloudController.
default_staging_security_groups: ~
audit_events:
# How old an audit event should stay in cloud controller database before being
# cleaned up
cutoff_age_in_days: 31
# Username for hm9000 API
internal_api_user: internal_user
# Hash of default quota definitions. Overriden by custom quota definitions.
quota_definitions: ~
# Password for hm9000 API
internal_api_password: ~
# How much memory given to an app if not specified
default_app_memory: 1024
# Specifies interval on which the CC will poll a service broker for asynchronous
# actions
broker_client_default_async_poll_interval_seconds: 60
# Log level for cc
logging_level: debug2
# Tag used by the DEA to describe capabilities (i.e. 'Windows7', 'python-linux').
# DEA and CC must agree.
stacks: [{'description': 'Cloud Foundry Linux-based filesystem', 'name': 'cflinuxfs2'}]
nginx_error_log_level: error
app_usage_events:
# How old an app usage event should stay in cloud controller database before being
# cleaned up
cutoff_age_in_days: 31
resource_pool:
cdn:
# Private key for signing download URIs
private_key:
# URI for a CDN to used for resource pool downloads
uri:
# Key pair name for signed download URIs
key_pair_id:
# Minimum size of a resource to add to the pool
minimum_size: 65536
# Maximum size of a resource to add to the pool
maximum_size: 536870912
# Directory (bucket) used store app resources. It does not have be pre-created.
resource_directory_key: cc-resources
# Fog connection hash
fog_connection: ~
# Name of service to register to UAA
uaa_resource_id: cloud_controller,cloud_controller_service_permissions
# Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks
# only.)
disable_custom_buildpacks: False
# Allow non-admin users to switch their apps between DEA and Diego backends
users_can_select_backend: True
jobs:
blobstore_upload:
# The longest this job can take before it is cancelled
timeout_in_seconds: ~
app_events_cleanup:
# The longest this job can take before it is cancelled
timeout_in_seconds: ~
blobstore_delete:
# The longest this job can take before it is cancelled
timeout_in_seconds: ~
global:
# The longest any job can take before it is cancelled unless overriden per job
timeout_in_seconds: 14400
droplet_upload:
# The longest this job can take before it is cancelled
timeout_in_seconds: ~
generic:
# Number of generic cloud_controller_worker workers
number_of_workers: 1
droplet_deletion:
# The longest this job can take before it is cancelled
timeout_in_seconds: ~
app_usage_events_cleanup:
# The longest this job can take before it is cancelled
timeout_in_seconds: ~
local:
# Number of local cloud_controller_worker workers
number_of_workers: 2
app_bits_packer:
# The longest this job can take before it is cancelled
timeout_in_seconds: ~
# The protocol used to access the CC API from an external entity
external_protocol: https
# Log level for cc database operations
db_logging_level: debug2
# Passthru value for Steno logger
logging_max_retries: 1
droplets:
cdn:
# Private key for signing download URIs
private_key:
# URI for a CDN to used for droplet downloads
uri:
# Key pair name for signed download URIs
key_pair_id:
# Directory (bucket) used store droplets. It does not have be pre-created.
droplet_directory_key: cc-droplets
# Number of recent, staged droplets stored per app (not including current droplet)
max_staged_droplets_stored: 5
# Fog connection hash
fog_connection: ~
# List of domains (including scheme) from which Cross-Origin requests will be
# accepted, a * can be used as a wildcard for any part of a domain
allowed_cors_domains: []
# Host part of the cloud_controller api URI, will be joined with value of 'domain'
external_host: api
# Use Diego backend by default for new apps
default_to_diego_backend: False
# password for the bulk api
bulk_api_password: ~
buildpacks:
cdn:
# Private key for signing download URIs
private_key:
# URI for a CDN to used for buildpack downloads
uri:
# Key pair name for signed download URIs
key_pair_id:
# Directory (bucket) used store buildpacks. It does not have be pre-created.
buildpack_directory_key: cc-buildpacks
# Fog connection hash
fog_connection: ~
failed_jobs:
# How old a failed job should stay in cloud controller database before being
# cleaned up
cutoff_age_in_days: 31
packages:
# Maximum size of application package
max_package_size: 1073741824
cdn:
# Private key for signing download URIs
private_key:
# URI for a CDN to used for app package downloads
uri:
# Key pair name for signed download URIs
key_pair_id:
# Fog connection hash
fog_connection: ~
# Number of recent, valid packages stored per app (not including package for
# current droplet)
max_valid_packages_stored: 5
# Directory (bucket) used store app packages. It does not have be pre-created.
app_package_directory_key: cc-packages
# The default stack to use if no custom stack is specified by an app.
default_stack: cflinuxfs2
info:
# Custom values for /v2/info endpoint
custom: ~
# free form description for attribute in the /info endpoint
description: ~
# version attribute in the /info endpoint
version: ~
# name attribute in the /info endpoint
name: ~
# build attribute in the /info endpoint
build: ~
# External Cloud Controller port
external_port: 9022
# The threshold of crashes after which the app is marked as flapping
flapping_crash_count_threshold: 3
# For requests to service brokers, this is the HTTP (open and read) timeout
# setting.
broker_client_timeout_seconds: 60
# Maximum health check timeout (in seconds) that can be set for the app
maximum_health_check_timeout: 180
# The default disk space an app gets
default_app_disk_in_mb: 1024
# The port for the statsd server, defaults to the local metron agent
statsd_port: 8125
# Extra token expiry time while uploading big apps.
app_bits_upload_grace_period_in_seconds: 1200
# The max duration the CC will fetch service instance state from a service broker.
# Default is 1 week
broker_client_max_async_poll_duration_minutes: 10080
# User's password used to access internal endpoints of Cloud Controller to upload
# files when staging
staging_upload_password:
# The nginx log format string to use when writing to the access log.
nginx_access_log_format: $host - [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" $proxy_add_x_forwarded_for vcap_request_id:$upstream_http_x_vcap_request_id response_time:$upstream_response_time
# User used to access the bulk_api, health_manager uses it to connect to the cc,
# announced over NATS
bulk_api_user: bulk_api
# Deprecated. Defines a 'partition' for the health_manager job
cc_partition: default
# Local to use a local (NFS) file system. AWS to use AWS.
default_quota_definition: default
# Maximum body size for nginx
client_max_body_size: 1536M
# The file descriptors made available to each app instance
instance_file_descriptor_limit: 16384
# Allow users to change the value of the app-level allow_ssh attribute
allow_app_ssh_access: True
# Default health check timeout (in seconds) that can be set for the app
default_health_check_timeout: 60
# The nginx error log destination. This can be used to route error logs to a file,
# syslog, or a memory buffer.
nginx_error_log_destination: /var/vcap/sys/log/nginx_cc/nginx.error.log
# Enable development features for monitoring and insight
development_mode: False
directories:
# The directory to use for temporary files
tmpdir: /var/vcap/data/cloud_controller_ng/tmp
# The directory where operator requested diagnostic files should be placed
diagnostics: /var/vcap/data/cloud_controller_ng/diagnostics
consul:
# PEM-encoded server certificate
server_cert: ~
# PEM-encoded server key
server_key: ~
# PEM-encoded agent certificate
agent_cert: ~
# PEM-encoded CA certificate
ca_cert: ~
# enable ssl for all communication with consul
require_ssl: True
agent:
# Time to wait for a consul node to finish syncing with the cluster in seconds
sync_timeout_in_seconds: 60
# Name of the agent's datacenter.
datacenter: dc1
# Agent log level.
log_level: info
servers:
# WAN server addresses to join.
wan: []
# LAN server addresses to join on start.
lan: []
# Mode to run the agent in. (client or server)
mode: client
# Map of consul service definitions.
services: {}
# The Consul protocol to use.
protocol_version: 2
# PEM-encoded client key
agent_key: ~
# A list of passphrases that will be converted into encryption keys, the first key
# in the list is the active one
encrypt_keys: ~
dea_logging_agent:
status:
# password used to log into varz endpoint
password:
# username used to log into varz endpoint
user:
# port used to run the varz endpoint
port: 0
# boolean value to turn on verbose mode
debug: False
syslog_drain_binder:
# boolean value to turn on verbose logging for syslog_drain_binder
debug: False
# Interval on which to poll cloud controller in seconds
update_interval_seconds: 15
# Batch size for the poll from cloud controller
polling_batch_size: 1000
# Time to live for drain urls in seconds
drain_url_ttl_seconds: 60
doppler_endpoint:
# Shared secret used to verify cryptographically signed doppler messages
shared_secret: ~
loggregator:
tls:
# CA root required for key/cert verification
ca:
# Port for outgoing dropsonde messages
outgoing_dropsonde_port: 8081
# Port for outgoing doppler messages
doppler_port: 8081
# Port where loggregator listens for dropsonde log messages
dropsonde_incoming_port: 3457
etcd:
# Number of concurrent requests to ETCD
maxconcurrentrequests: 10
# IPs pointing to the ETCD cluster
machines: ~
dea_next:
# Disk limit in mb for staging tasks
staging_disk_limit_mb: 6144
staging_bandwidth_limit:
# Network bandwidth limit for staging tasks in bytes per second
rate: ~
# Network bandwidth burst limit for staging tasks in bytes
burst: ~
# The protocol to use when communicating with the directory server ("http" or
# "https")
directory_server_protocol: https
# Maximum size of core file in bytes. 0 represents no core dump files can be
# created, and -1 represents no size limits.
rlimit_core: 0
disk_mb: 32000
# The Availability Zone
zone: default
# frequency of staging & DEA advertisments in seconds.
advertise_interval_in_seconds: 5
# CPU limit in shares for staging tasks cgroup
staging_cpu_limit_shares: 512
# Memory limit in mb for staging tasks
staging_memory_limit_mb: 1024
# The minimum number of CPU shares that can be given to an app
instance_min_cpu_share_limit: 1
deny_networks: ~
# Limit on inodes for a staging container
staging_disk_inode_limit: 200000
streaming_timeout: 60
# Controls the relationship between app memory and cpu shares. app_cpu_shares =
# app_memory / cpu_share_factor
instance_memory_to_cpu_share_ratio: 8
# Log level for DEA.
logging_level: debug
# with latest kernel version, no kernel network tunings allowed with in warden cpi
# containers
kernel_network_tuning_enabled: True
max_staging_duration: 900
# Crashed app lifetime in seconds
crash_lifetime_secs: 3600
allow_networks: ~
disk_overcommit_factor: 1
# Duration to wait before shutting down, in seconds.
evacuation_bail_out_time_in_seconds: 115
instance_bandwidth_limit:
# Network bandwidth limit for running instances in bytes per second
rate: ~
# Network bandwidth burst limit for running instances in bytes
burst: ~
memory_overcommit_factor: 1
# The maximum number of CPU shares that can be given to an app
instance_max_cpu_share_limit: 256
# Allows warden containers to access the DEA host via its IP
allow_host_access: False
# Heartbeat interval for DEAs
heartbeat_interval_in_seconds: 10
# Interface MTU size
mtu: 1500
memory_mb: 8000
# Default timeout for application to start
default_health_check_timeout: 60
# Limit on inodes for an instance container
instance_disk_inode_limit: 200000
# An array of stacks, specifying the name and package path.
stacks: [{'name': 'cflinuxfs2', 'package_path': '/var/vcap/packages/rootfs_cflinuxfs2/rootfs'}]
# Server and client timeouts in seconds
request_timeout_in_seconds: 900
uaa:
# [Not Currently Used] A pipe delimited set of regular expressions of IP addresses
# that can reach the listening HTTP port of the server.
restricted_ips_regex: None
cc:
client_secret: ~
token_secret: ~
zones:
internal:
# A list of hostnames that are routed to the UAA, specifically the default zone in
# the UAA. The UAA will reject any Host headers that it doesn't recognize. By
# default the UAA recognizes uaa.<domain> - the default UAA route login.<domain> -
# the login-server route that the UAA now also serves. localhost - in order to
# accept health checks Any hostnames added as a list are additive to the default
# hostnames allowed. Example uaa: zones: internal: hostnames:
# - hostname1 - hostname2.localhost - hostname3.example.com
hostnames: ['uaa.service.cf.internal']
# To enable newrelic monitoring, the sub element of this property will be placed
# in a configuration file called newrelic.yml in the jobs config directory. The
# syntax that must adhere to documentation in
# https://docs.newrelic.com/docs/agents/java-agent/configuration/java-agent-
# configuration-config-file The JVM option -javaagent:/path/to/newrelic.jar will
# be added to Apache Tomcat's startup script The enablement of the NewRelic agent
# in the UAA is triggered by the property uaa.newrelic.common.license_key The
# property uaa.newrelic.common.license_key must be set!
newrelic: ~
# Sets the time format for log messages to be rfc3339 compatible.
logging_use_rfc3339: False
# Port that uaa will accept connections on
port: 8080
# The url to use as the issuer URI
issuer: ~
# A pipe delimited set of regular expressions of IP addresses that are considered
# reverse proxies. When a request from these IP addresses come in, the x
# -forwarded-for and x-forwarded-proto headers will be respected. If the
# uaa.restricted_ips_regex is set, it will be appended to this list for backwards
# compatibility purposes If spiff has been used and includes templates/cf-jobs.yml
# to generate the manifest. This list will automatically contain the Router IP
# addresses
proxy_ips_regex: 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
authentication:
policy:
# Number of seconds in which lockoutAfterFailures failures must occur in order for
# account to be locked
countFailuresWithinSeconds: ~
# Number of seconds to lock out an account when lockoutAfterFailures failures is
# exceeded
lockoutPeriodSeconds: ~
# Number of allowed failures before account is locked
lockoutAfterFailures: ~
catalina_opts: -Xmx768m -XX:MaxPermSize=256m
# Deprecated. Use 'uaa.ldap.enabled'. Sets the Spring profiles on the UAA web
# application. This gets combined with the 'uaadb.db_scheme' property if and only
# if the value is exactly 'ldap' in order to setup the database, for example
# 'ldap,mysql'. If spring_profiles contains more than just 'ldap' it will be used
# to overwrite spring_profiles and db_scheme ignored. See uaa.yml.erb.
spring_profiles: ~
scim:
# A list of external group mappings. Pipe delimited. A value may look as '-
# internal.read|cn=developers,ou=scopes,dc=test,dc=com'
external_groups: ~
userids_enabled: True
users: ~
# Comma separated list of groups that should be added to the UAA db, but not
# assigned to a user by default.
groups: ~
user: ~
# Set UAA logging level. (e.g. TRACE, DEBUG, INFO)
logging_level: DEBUG
require_https: ~
id_token:
# When set to true, requests to /oauth/authorize will ignore the
# response_type=id_token parameter
disable: True
ldap:
# Used with simple-bind only. A semi-colon separated lists of DN patterns to
# construct a DN direct from the user ID without performing a search.
userDNPattern: ~
# Defines an email pattern containing a {0} to generate an email address for an
# LDAP user during authentication
mailSubstitute:
# Set to true if you wish to override an LDAP user email address with a generated
# one
mailSubstituteOverridesLdap: False
# Used with search-and-bind and search-and-compare. Search filter used. Takes one
# parameter, user ID defined as {0}
searchFilter: cn={0}
# The file to be used for configuring the LDAP authentication. options are simple-
# bind, search-and-bind and search-and-compare
profile_type: search-and-bind
# The URL to the ldap server, must start with ldap:// or ldaps://
url: ~
# Used with search-and-bind and search-and-compare. Password for the LDAP ID that
# performs a search of the LDAP tree for user information.
userPassword: ~
# Set to true to enable LDAP
enabled: False
# Used with search-and-compare only. The name of the password attribute in the
# LDAP directory
passwordAttributeName: userPassword
# Used with search-and-compare only. The encoder used to properly encode user
# password to match the one in the LDAP directory.
passwordEncoder: org.cloudfoundry.identity.uaa.ldap.DynamicPasswordComparator
# Used with search-and-bind and search-and-compare. A valid LDAP ID that has read
# permissions to perform a search of the LDAP tree for user information.
userDN: ~
# The delimiter character in between user DN patterns for simple bind
# authentication
userDNPatternDelimiter: ;
# Used with ldaps:// URLs. The certificate alias, to be trusted by this connection
# and stored in the keystore.
sslCertificateAlias: ~
# Used with ldaps:// URLs. The certificate, if self signed, to be trusted by this
# connection.
sslCertificate: ~
groups:
# Set to true when profile_type=groups_as_scopes to auto create scopes for a user.
# Ignored for other profiles.
autoAdd: true
# Search query filter to find groups a user belongs to, or for a nested search,
# groups that a group belongs to
groupSearchFilter: member={0}
# What type of group integration should be used. Values are no-groups, groups-as-
# scopes and groups-map-to-scopes
profile_type: no-groups
# Set to number of levels a nested group search should go. Set to 1 to disable
# nested groups (default)
maxSearchDepth: 1
# Search start point for a user group membership search
searchBase:
# Boolean value, set to true to search below the search base
searchSubtree: true
# Used with groups-as-scopes, defines the attribute that holds the scope name(s).
groupRoleAttribute: ~
# Sets the whitelist of emails domains that the LDAP identity provider handles
emailDomain: ~
# Used with search-and-bind and search-and-compare. Define a base where the search
# starts at.
searchBase:
# The name of the LDAP attribute that contains the users email address
mailAttributeName: mail
# Specifies how UAA user attributes map to LDAP attributes
attributeMappings: ~
# Used with search-and-compare only. Set to true if passwords are retrieved by the
# search, and should be compared in the login server.
localPasswordCompare: true
user:
# Contains a list of the default authorities/scopes assigned to a user.
authorities: ['openid', 'scim.me', 'cloud_controller.read', 'cloud_controller.write', 'cloud_controller_service_permissions.read', 'password.write', 'uaa.user', 'approvals.me', 'oauth.approvals', 'notification_preferences.read', 'notification_preferences.write', 'profile', 'roles', 'user_attributes']
# Disables internal user authentication
disableInternalAuth: False
dump_requests: ~
password:
policy:
# Number of months after which current password expires
expirePasswordInMonths: 0
# Minimum number of special characters required for password to be considered
# valid
requireSpecialCharacter: 0
# Minimum number of digits required for password to be considered valid
requireDigit: 0
# Maximum number of characters required for password to be considered valid
maxLength: 255
# Minimum number of uppercase characters required for password to be considered
# valid
requireUpperCaseCharacter: 0
# Minimum number of lowercase characters required for password to be considered
# valid
requireLowerCaseCharacter: 0
# Minimum number of characters required for password to be considered valid
minLength: 0
# Disables UI and API for internal user management
disableInternalUserManagement: False
# Do not use SSL to connect to UAA (used in case uaa.url is not set)
no_ssl: False
database:
# Timeout in seconds for the longest running queries. Take into DB migrations for
# this timeout as they may run during a long period of time.
abandoned_timeout: 300
# Should connections that are forcibly closed be logged.
log_abandoned: True
# True if connections that are left open longer then abandoned_timeout seconds
# during a session(time between borrow and return from pool) should be forcibly
# closed
remove_abandoned: False
# The max number of open idle connections to the DB from a running UAA instance
max_idle_connections: 10
# Set to true if you don't want to be using LOWER() SQL functions in search
# queries/filters, because you know that your DB is case insensitive. If this
# property is null, then it will be set to true if the UAA DB is MySQL and false
# otherwise, but even on MySQL you can override it by setting it explicitly to
# false
case_insensitive: ~
# The max number of open connections to the DB from a running UAA instance
max_connections: 100
# URL of UAA
url: ~
clients:
cc_routing:
# Used for fetching routing information from the Routing API
secret: ~
jwt:
# The verification key for UAA
verification_key:
signing_key: ~
admin:
# Secret of the admin client - a client named admin with uaa.admin as an authority
client_secret: ~
client:
autoapprove: ~
login:
# Deprecated. Default login client secret if no login client is defined
client_secret: ~
proxy:
# Array of the router IPs acting as the first group of HTTP/TCP backends. These
# will be added to the proxy_ips_regex as exact matches. When using spiff, these
# will be router_z1 and router_z2 static IPs from cf-jobs.yml
servers: []
syslog_daemon_config:
# Custom rule for syslog forward daemon
custom_rule:
# maximum message size to be sent
max_message_size: 4k
# Addresses of fallback servers to be used if the primary syslog server is down.
# Only tcp or relp are supported. Each list entry should consist of "address",
# "transport" and "port" keys.
fallback_addresses: []
# IP address for syslog aggregator
address: ~
# TCP port of syslog aggregator
port: ~
# Transport to be used when forwarding logs (tcp|udp|relp).
transport: tcp
collector:
# enable CloudWatch plugin
use_aws_cloudwatch: False
datadog:
# Datadog application key
application_key: ~
# Datadog API key
api_key: ~
# name for this bosh deployment. All metrics will be tagged with deployment:XXX
# when sending them to CloudWatch, Datadog and Graphite
deployment_name: ~
aws:
# AWS secret for CloudWatch access
secret_access_key: ~
# AWS access key for CloudWatch access
access_key_id: ~
# enable Graphite plugin
use_graphite: False
# Memory threshold for collector restart (Mb)
memory_threshold: 800
# the logging level for the collector
logging_level: info
intervals:
# the interval in seconds that the collector attempts to prune unresponsive
# components
prune: 300
# the interval in seconds that local_metrics are checked
local_metrics: 30
# the interval in seconds that healthz is checked
healthz: 30
# the interval in seconds that the collector attempts to discover components
discover: 60
# the interval in seconds that varz is checked
varz: 30
# the interval in seconds that the collector pings nats to record latency
nats_ping: 30
graphite:
# TCP port of Graphite
port: ~
# IP address of Graphite
address: ~
opentsdb:
# TCP port of OpenTsdb
port: ~
# IP address of OpenTsdb
address: ~
# enable Datadog plugin
use_datadog: False
# enable OpenTsdb plugin
use_tsdb: False
description: Cloud Foundry sponsored by Pivotal
# Array of domains for user apps (example: 'user.app.space.foo', a user app called
# 'neat' will listen at 'http://neat.user.app.space.foo')
app_domains: ~
routing-api:
# Buffered statsd client flush interval
statsd_client_flush_interval: 300ms
# Address at which to serve debug info
debug_address: 0.0.0.0:17002
# String representing interval for reporting metrics. Units: ms, s, m h
metrics_reporting_interval: 30s
# The maximum ttl
max_ttl: 60
# Maximum number of concurrent ETCD requests
max_concurrent_etcd_requests: 25
# Disables UAA authentication
auth_disabled: False
# The port to run the routing api on
port: 3000
# The endpoint for the statsd server, defaults to the local metron agent
statsd_endpoint: localhost:8125
# Domain reserved for CF operator, base URL where the login, uaa, and other non-
# user apps listen
system_domain: ~
statsd_injector:
# The port on which metron is running
metron_port: 3457
# The port on which the injector should listen for statsd messages
statsd_port: 8125
# The log level for the statsd injector
log_level: info
nats:
# Port for varz and connz monitoring. 0 means disabled.
monitor_port: 0
# After accepting a connection, wait up to this many seconds for credentials.
authorization_timeout: 15
# Enable trace logging output.
trace: False
# Port for pprof. 0 means disabled.
prof_port: 0
user:
# Enable debug logging output.
debug: False
password:
# IP port of Cloud Foundry NATS server
port: 4222
machines:
route_registrar:
routes:
# The delay in seconds between routing updates
update_frequency_in_seconds: 20
ccdb:
roles: ~
address: ~
port: ~
pool_timeout: 10
databases: ~
db_scheme: postgres
# Maximum connections for Sequel
max_connections: 25
version: 2
hm9000:
url: ~
# The maximum number of messages the sender should send per invocation.
sender_message_limit: 60
# Each API call to the CC must succeed within this timeout.
fetcher_network_timeout_in_seconds: 30
# The batch size when fetching desired state information from the CC.
desired_state_batch_size: 5000
build: 2222
env:
# Set No_Proxy accross the VMs
no_proxy: ~
# The https_proxy accross the VMs
https_proxy: ~
# The http_proxy accross the VMs
http_proxy: ~
etcd_metrics_server:
nats:
# NATS server username
username: ~
# NATS server password
password: ~
# NATS server port
port: 4222
# array of NATS addresses
machines: ~
status:
# basic auth username for metrics server (leave empty for generated)
username:
# basic auth password for metrics server (leave empty for generated)
password:
# listening port for metrics server
port: 5678
etcd:
# address of ETCD server to instrument
machine: 127.0.0.1
# port of ETCD server to instrument
port: 4001
smoke_tests:
# The Elastic Runtime Application Domain
apps_domain: ~
# Toggles setup and cleanup of the Elastic Runtime space
use_existing_space: False
# The Elastic Runtime space name to use when running tests
space: ~
# Toggles setup and cleanup of the Elastic Runtime organization
use_existing_org: False
# Ginkgo options for the smoke tests
ginkgo_opts:
# The Elastic Runtime app name to use when running runtime tests
runtime_app:
# The Elastic Runtime app name to use when running logging tests
logging_app:
# The Elastic Runtime API endpoint URL
api: ~
# A token used by the tests when creating Apps / Spaces
suite_name: CF_SMOKE_TESTS
# The Elastic Runtime API user
user: ~
# The Elastic Runtime organization name to use when running tests
org: ~
# The Elastic Runtime API user's password
password: ~
# Toggles cli verification of the Elastic Runtime API SSL certificate
skip_ssl_validation: False
traffic_controller:
status:
# password used to log into varz endpoint
password:
# port used to run the varz endpoint
port: 0
# username used to log into varz endpoint
user:
# boolean value to turn on verbose logging for loggregator system (dea agent &
# loggregator server)
debug: False
# Zone of the loggregator_trafficcontroller
zone: ~
# Port on which the traffic controller listens to for requests
outgoing_port: 8080
nfs_server:
# Exports /var/vcap/store with no_root_squash when set to true
no_root_squash: False
# Location to mount the nfs share
share_path: /var/vcap/nfs
# An array of Hosts, Domains, Wildcard Domains, CIDR Networks and/or IPs from
# which /var/vcap/store is accessible
allow_from_entries: ~
# bool to use NFS4 (not used in an AWS deploy, use s3 instead)
nfsv4: ~
# Pipefs directory for NFS idmapd
pipefs_directory: /var/lib/nfs/rpc_pipefs
# Path to share from the remote NFS server (not used in an AWS deploy, use s3
# instead)
share: ~
# Domain name for NFS idmapd
idmapd_domain: localdomain
# NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)
address: ~
doppler:
status:
# password used to log into varz endpoint
password:
# port used to run the varz endpoint
port: 0
# username used to log into varz endpoint
user:
# Interval before removing a sink due to inactivity
sink_inactivity_timeout_seconds: 3600
# Enable TLS listener on doppler so that it can receive dropsonde envelopes over
# TLS transport. If enabled, Cert and Key files must be specified.
enable_tls_transport: False
# Zone of the doppler server
zone: ~
# Number of parallel unmarshallers to run within Doppler
unmarshaller_count: 5
# Port for outgoing log messages
outgoing_port: 8081
# number of log messages to retain per application
maxRetainedLogMessages: 100
# Whether to expose the doppler_logging_endpoint listed at /v2/info
enabled: True
# Size of the internal buffer used by doppler to store messages. If the buffer
# gets full doppler will drop the messages.
message_drain_buffer_size: 100
# Port for doppler_logging_endpoint listed at /v2/info
port: 443
# Port for incoming messages in the dropsonde format
dropsonde_incoming_port: 3457
# Doppler's client id to connect to UAA
uaa_client_id: doppler
# Blacklist for IPs that should not be used as syslog drains, e.g. internal ip
# addresses.
blacklisted_syslog_ranges: ~
# TTL (in seconds) for container usage metrics
container_metric_ttl_seconds: 120
# I/O Timeout on sinks
sink_io_timeout_seconds: 0
# boolean value to turn on verbose logging for doppler system (dea agent & doppler
# server)
debug: False
# Whether to use ssl for the doppler_logging_endpoint listed at /v2/info
use_ssl: True
# Port for incoming log messages in the legacy format
incoming_port: 3456
# Dial timeout for sinks
sink_dial_timeout_seconds: 1
tls_server:
# TLS server certificate
cert:
# Port for incoming messages in the dropsonde format over tls listener
port: 3458
# TLS server key
key:
etcd:
# PEM-encoded peer key
peer_key: ~
# enable ssl for all communication with etcd
require_ssl: True
# PEM-encoded server key
server_key: ~
# Interval between heartbeats in milliseconds. See https://coreos.com/docs
# /cluster-management/debugging/etcd-tuning
heartbeat_interval_in_milliseconds: 50
# PEM-encoded CA certificate
ca_cert: ~
# enable ssl between etcd peers
peer_require_ssl: True
# PEM-encoded peer certificate
peer_cert: ~
# PEM-encoded server certificate
server_cert: ~
# Information about etcd cluster
cluster: ~
# PEM-encoded peer CA certificate
peer_ca_cert: ~
# Time without recieving a heartbeat before peer should attempt to become leader
# in milliseconds. See https://coreos.com/docs/cluster-management/debugging/etcd-
# tuning
election_timeout_in_milliseconds: 1000
# Time to wait for a joining node to finish syncing logs with the existing cluster
# in seconds
log_sync_timeout_in_seconds: 30
# PEM-encoded client certificate
client_cert: ~
# Addresses of etcd machines
machines: ~
# PEM-encoded client key
client_key: ~
ha_proxy:
# SSL certificate (PEM file)
ssl_pem: None
# Whether to send logs to a file instead of the default syslog
log_to_file: False
# Whether to disable logging of requests with no traffic (usually load-balancer
# TCP checks)
dontlognull: False
# Buffer size to use for requests, any requests larger than this (large cookies or
# query strings) will result in a gateway error
buffer_size_bytes: 16384
# Disable port 80 traffic
disable_http: False
# List of SSL Ciphers that are passed to HAProxy
ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-CBC-SHA256:ECDHE-RSA-AES256-CBC-SHA384:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-AES256-CBC-SHA:AES128-SHA256:AES128-SHA:RC4-SHA
# Whether to enable a socket that can be used to query errors and status
enable_stats_socket: False
ssl:
# when connecting over https, ignore bad ssl certificates
skip_cert_verify: False
logger_endpoint:
# Whether to use ssl for logger endpoint listed at /v2/info
use_ssl: True
# Port for logger endpoint listed at /v2/info
port: 443
loggregator_acceptance_tests:
login_required: ~
admin_user: ~
admin_password: ~
# disk quota must be disabled to use warden-inside-warden with the warden cpi
disk_quota_enabled: True
name: vcap
# The User Org that owns the system_domain, required if system_domain is defined
system_domain_organization:
dropsonde:
# Enable the dropsonde emitter library
enabled: False
loggregator_endpoint:
# Shared secret used to verify cryptographically signed loggregator messages
shared_secret: ~
metron_agent:
tls_client:
# TLS client certificate
cert:
# TLS client key
key:
# Availability zone where this agent is running
zone: ~
# Incoming port for dropsonde log messages
dropsonde_incoming_port: 3457
logrotate:
# The frequency in minutes which logrotate will rotate VM logs
freq_min: 5
# The number of files that logrotate will keep around on the VM
rotate: 7
# The size at which logrotate will decide to rotate the log file
size: 50M
# Name of deployment (added as tag on all outgoing metrics)
deployment: ~
# boolean value to turn on verbose mode
debug: False
# Preferred protocol to droppler (udp|tls)
preferred_protocol: udp
databases:
# A list of database roles and associated properties to create
roles: ~
# The postgres `printf` style string that is output at the beginning of each log
# line
log_line_prefix: %m:
# A list of databases and associated properties to create
databases: ~
# The database port
port: ~
# The database address
address: ~
# The database scheme
db_scheme: ~
# Enable the `pg_stat_statements` extension and collect statement execution
# statistics
collect_statement_statistics: False
# Maximum number of database connections
max_connections: ~
uaadb:
# Database scheme for UAA DB
db_scheme: ~
# The UAA database IP address
address: ~
# The UAA database Port
port: ~
# The list of database Roles used in UAA database including tag/name/password
roles: ~
# The list of databases used in UAA database including tag/name
databases: ~
router:
# The private ssl key for ssl termination
ssl_key:
acceptance_tests:
# Whether to pass the -v flag to router acceptance tests
verbose: False
# Port on which UAA is running.
uaa_port: 8080
# Router API IP Address
router_api_addresses: ['10.244.8.2']
# The number of parallel test executors to spawn. The larger the number the higher
# the stress on the system.
nodes: 4
# Password for UAA client for the gorouter.
gorouter_secret: ~
bbs:
# enable ssl for all communication with the bbs
require_ssl: True
# PEM-encoded client key
client_key: ~
# PEM-encoded client certificate
client_cert: ~
# PEM-encoded CA certificate
ca_cert: ~
# Diego BBS Server endpoint url
api_location: https://bbs.service.cf.internal:8889
# (Optional) ELB Address to check connectivity through load balancer
elb_address:
# Router API IP Port
router_api_port: 9999
router_configurer:
# Address at which to serve debug info
debug_addr: 0.0.0.0:17014
# Log level
log_level: info
# Base Config file of underlying tcp proxy
tcp_config_file_template: /var/vcap/jobs/haproxy/config/haproxy.conf.template
# auth disabled setting of routing api
routing_api_auth_disabled: False
# Port on which UAA is running.
uaa_port: 8080
# Config file of underlying tcp proxy
tcp_config_file: /var/vcap/jobs/haproxy/config/haproxy.conf
# Password for UAA client for the gorouter.
gorouter_secret: ~
# Port of routing api
routing_api_port: 3000
servers:
# Array of the router IPs acting as the first group of HTTP/TCP backends
z1: []
# Array of the router IPs acting as the second group of HTTP/TCP backends
z2: []
# Enable the GoRouter to receive routes from the Routing API
enable_routing_api: True
logrotate:
# The frequency in minutes which logrotate will rotate VM logs
freq_min: 5
# The number of files that logrotate will keep around on the VM
rotate: 7
# The size at which logrotate will decide to rotate the log file
size: 2M
# Support for route services is disabled when no value is configured.
route_services_secret:
# Listening port for Router
port: 80
# Skip SSL client cert validation
ssl_skip_validation: False
# An ordered list of supported SSL cipher suites containing golang tls constants
# separated by colons The cipher suite will be chosen according to this order
# during SSL handshake For example,
# TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
cipher_suites:
# A list of headers that log events will be annotated with
extra_headers_to_log: []
# Log level for router
logging_level: info
# To rotate keys, add your new key here and deploy. Then swap this key with the
# value of route_services_secret and deploy again.
route_services_secret_decrypt_only:
status:
# Password for HTTP basic auth to the varz/status endpoint.
password: ~
# Username for HTTP basic auth to the varz/status endpoint.
user: ~
# Port for the Router varz/status endpoint.
port: 8080
# Address at which to serve debug info
debug_addr: 0.0.0.0:17001
# Enable ssl termination on the router
enable_ssl: False
offset: 0
haproxy:
# Port that is used to check the health of HA-proxy
health_check_port: 80
# Server and client timeouts in seconds
request_timeout_in_seconds: 300
# The public ssl cert for ssl termination
ssl_cert:
tcp_emitter:
# Address at which to serve debug info
debug_addr: 0.0.0.0:17016
# TTL for service lock
lock_ttl: 10s
# comma-separated list of consul server URLs (scheme://ip:port)
consul_cluster: http://127.0.0.1:8500
# Log level
log_level: info
# auth disabled setting of routing api
routing_api_auth_disabled: False
# Port on which UAA is running.
uaa_port: 8080
# interval to wait before retrying a failed lock acquisition
lock_retry_interval: 5s
# consul session name
session_name: tcp-emitter
# Password for UAA client for the gorouter.
gorouter_secret: ~
bbs:
# enable ssl for all communication with the bbs
require_ssl: True
# PEM-encoded client key
client_key: ~
# PEM-encoded client certificate
client_cert: ~
# PEM-encoded CA certificate
ca_cert: ~
# Diego BBS Server endpoint url
api_location: http://bbs.service.cf.internal:8889
# Port of routing api
routing_api_port: 3000
# Interval at which the router requests routes to be registered.
requested_route_registration_interval_in_seconds: 20
# Number of CPUs to utilize, the default (-1) will equal the number of available
# CPUs
number_of_cpus: -1
# Expiry time of a route service signature in seconds
route_service_timeout: 60
# Set secure flag on http cookies
secure_cookies: False
# If the X-Vcap-Trace request header is set and has this value, trace headers are
# added to the response.
trace_key: 22
login:
# Deprecated: Use login.saml.entityid
entity_id: ~
prompt:
username:
# The text used to prompt for a username during login
text: Email
password:
# The text used to prompt for a password during login
text: Password
links:
# URL for requesting password reset
passwd: ~
# URL for requesting to signup/register for an account
signup: ~
# Certificate to import if the UAA is using self-signed certificates
uaa_certificate: ~
# A nested or flat hash of messages that the login server uses to display UI
# message This will be flattened into a java.util.Properties file. The example
# below will lead to four properties, where the key is the concatenated value
# delimited by dot, for example scope.tokens.read=message Nested example:
# messages: scope: tokens: read: View details of your approvals you
# have granted to this and other applications write: Cancel the approvals
# like this one that you have granted to this and other applications
# cloud_controller: read: View details of your applications and services
# write: Push applications to your account and create and bind services Flat
# example: messages: scope.tokens.read: View details of your approvals you have
# granted to this and other applications scope.tokens.write: Cancel the
# approvals like this one that you have granted to this and other applications
# scope.cloud_controller.read: View details of your applications and services
# scope.cloud_controller.write: Push applications to your account and create and
# bind services
messages: ~
# SMTP server configuration, for password reset emails etc.
smtp: ~
analytics:
# Analytics domain
domain: ~
# Analytics code
code: ~
# Enable account creation flow in the login server. Enabled by default.
signups_enabled: ~
# Scheme to use for HTTP communication (http/https)
protocol: https
# Base url for static assets, allows custom styling of the login server.
asset_base_url: ~
port: 8080
# Enable self-service account creation and password resets links.
self_service_links_enabled: ~
saml:
# Private key for the service provider certificate.
serviceProviderKey: ~
socket:
# Read timeout in milliseconds for SAML metadata HTTP requests
soTimeout: ~
# Timeout in milliseconds for connection pooling for SAML metadata HTTP requests
connectionManagerTimeout: ~
# Password to protect the service provider private key.
serviceProviderKeyPassword: ~
# Contains a hash of SAML Identity Providers, the key is the IDP Alias, followed
# by key/value pairs for idpMetadata, nameID, assertionConsumerIndex,
# metadataTrustCheck, showSamlLoginLink, linkText, iconUrl
providers: ~
# Key name of the SAML login server keystore.
keystore_key: selfsigned
# Set to true, if you wish the that the UAA signs all its SAML auth requests
signRequest: True
# Deprecated: Use login.saml.providers list objects
metadataTrustCheck: True
# Set to true, if you wish that the UAA signs its SAML metadata
signMetaData: True
# Deprecated: Use login.saml.providers list objects
idp_metadata_file: ~
# Deprecated: Use login.saml.providers list objects
nameidFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
# Service provider certificate.
serviceProviderCertificate: ~
# The URL for which SAML identity providers will post assertions to. If set it
# overrides the default of login.<domain>. This URL should NOT have the schema
# (http:// or https:// prefix in it) instead just the hostname. The schema is
# derived by login.protocol property. The default value is
# #{protocol}://login.#{properties.domain}
entity_base_url: ~
# Key password to the SAML login server keystore.
keystore_password: password
# Deprecated: Use login.saml.providers list objects
idpEntityAlias: ~
# Deprecated: Use login.saml.providers list objects
idpMetadataURL: ~
# The ID to represent this server
entityid: ~
# Deprecated: Use login.saml.providers list objects
assertion_consumer_index: 1
# Name of the SAML login server keystore.
keystore_name: samlKeystore.jks
catalina_opts: ~
ldap:
# See uaa.ldap.userDNPattern - login.ldap prefix is used for backwards
# compatibility to enable ldap from login config
userDNPattern: ~
# See uaa.ldap.searchFilter - login.ldap prefix is used for backwards
# compatibility to enable ldap from login config
searchFilter: cn={0}
# See uaa.ldap.profile_type - login.ldap prefix is used for backwards
# compatibility to enable ldap from login config
profile_type: ~
# See uaa.ldap.url - login.ldap prefix is used for backwards compatibility to
# enable ldap from login config
url: ~
# See uaa.ldap.userPassword - login.ldap prefix is used for backwards
# compatibility to enable ldap from login config
userPassword: ~
# See uaa.ldap.userDN - login.ldap prefix is used for backwards compatibility to
# enable ldap from login config
userDN: ~
# See uaa.ldap.passwordEncoder - login.ldap prefix is used for backwards
# compatibility to enable ldap from login config
passwordEncoder: org.cloudfoundry.identity.uaa.login.ldap.DynamicPasswordComparator
# See uaa.ldap.passwordAttributeName - login.ldap prefix is used for backwards
# compatibility to enable ldap from login config
passwordAttributeName: userPassword
# See uaa.ldap.sslCertificateAlias - login.ldap prefix is used for backwards
# compatibility to enable ldap from login config
sslCertificateAlias: ~
# See uaa.ldap.sslCertificate - login.ldap prefix is used for backwards
# compatibility to enable ldap from login config
sslCertificate: ~
# See uaa.ldap.searchBase - login.ldap prefix is used for backwards compatibility
# to enable ldap from login config
searchBase:
# See uaa.ldap.localPasswordCompare - login.ldap prefix is used for backwards
# compatibility to enable ldap from login config
localPasswordCompare: true
# A list of links to other services to show on the landing page after logging in
# and/or signing up, depending on whether login-link and/or signup-link is
# specified.
tiles: ~
# Allows users to send invitations to email addresses outside the system and
# invite them to create an account. Disabled by default.
invitations_enabled: ~
# The branding style to use with the web interface, account confirmation, and
# password reset emails.
brand: oss
# See uaa.spring_profiles - login.spring_profiles is used for backwards
# compatibility to enable ldap from login config
spring_profiles: ~
notifications:
# The url for the notifications service (configure to use Notifications Service
# instead of SMTP server)
url: ~
logout:
redirect:
# The Location of the redirect header following a logout of the the UAA
# (/logout.do). Default value is back to login page (/login)
url: ~
parameter:
# A list of URLs. When this list is non null, including empty, and disable=false,
# logout redirects are allowed, but limited to the whitelist URLs. If a redirect
# parameter value is not white listed, redirect will be to the default URL.
whitelist: ~
# When set to false, this allows an operator to leverage an open redirect on the
# UAA (/logout.do?redirect=google.com). Default value is true. No open redirect
# enabled
disable: ~
# Location of the UAA.
uaa_base: ~
url: ~
# whether use login as the authorization endpoint or not
enabled: True
metron_endpoint:
# The host used to emit messages to the Metron agent
host: 127.0.0.1
# The port used to emit dropsonde messages to the Metron agent
dropsonde_port: 3457
# The port used to emit legacy messages to the Metron agent.
port: 3456
# The key used to sign log messages
shared_secret: ~
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment