---
name: bbs

templates:
  bbs_ctl.erb: bin/bbs_ctl
  bbs_as_vcap.erb: bin/bbs_as_vcap
  bbs.json.erb: config/bbs.json
  bpm.yml.erb: config/bpm.yml
  drain.erb: bin/drain
  etcd_ca.crt.erb: config/certs/etcd/ca.crt
  etcd_client.crt.erb: config/certs/etcd/client.crt
  etcd_client.key.erb: config/certs/etcd/client.key
  bbs_ca.crt.erb: config/certs/ca.crt
  bbs_server.crt.erb: config/certs/server.crt
  bbs_server.key.erb: config/certs/server.key
  sql_ca.crt.erb: config/certs/sql/ca.crt
  pre-start.erb: bin/pre-start
  post-start.erb: bin/post-start
  rep_ca.crt.erb: config/certs/rep/ca.crt
  rep_client.crt.erb: config/certs/rep/client.crt
  rep_client.key.erb: config/certs/rep/client.key
  auctioneer_ca.crt.erb: config/certs/auctioneer/ca.crt
  auctioneer_client.crt.erb: config/certs/auctioneer/client.crt
  auctioneer_client.key.erb: config/certs/auctioneer/client.key
  loggregator_ca.crt.erb: config/certs/loggregator/ca.crt
  loggregator_client.crt.erb: config/certs/loggregator/client.crt
  loggregator_client.key.erb: config/certs/loggregator/client.key

packages:
  - pid_utils
  - bbs

properties:
  bpm.enabled:
    description: "Experimental: use the BOSH Process Manager to manage the BBS process."
    default: false
  diego.bbs.auctioneer.api_url:
    description: "URL of the auctioneer API. Deprecated in favor of api_location, but in use through Diego v1."
    default: "http://auctioneer.service.cf.internal:9016"
  diego.bbs.auctioneer.api_location:
    description: "Hostname and port of the auctioneer API, without URI scheme. Recommended in favor of api_url."
    example: "auctioneer.service.cf.internal:9016"
  diego.bbs.auctioneer.ca_cert:
    description: "CA cert for communication to the auctioneer."
  diego.bbs.auctioneer.client_cert:
    description: "Client cert for communication to the auctioneer."
  diego.bbs.auctioneer.client_key:
    description: "Client key for communication to the auctioneer."
  diego.bbs.auctioneer.require_tls:
    description: "Whether to use mutual TLS for communication with the auctioneer API."
    default: false

  diego.bbs.debug_addr:
    description: "address at which to serve debug info"
    default: "127.0.0.1:17017"
  diego.bbs.listen_addr:
    description: "address at which to serve API requests"
    default: "0.0.0.0:8889"
  diego.bbs.health_addr:
    description: "address at which BBS serves '/ping' health-check endpoint"
    default: "127.0.0.1:8890"
  diego.bbs.log_level:
    description: "Log level"
    default: "info"
  diego.bbs.enable_access_log:
    description: "Enable access log, i.e. log every request made to the bbs"
    default: false
  diego.bbs.dropsonde_port:
    description: "local metron agent's port. Deprecated, will be removed when loggregator API v1 support is removed."
    default: 3457
  diego.bbs.advertisement_base_hostname:
    description: "Suffix for the BBS advertised hostname"
    default: "bbs.service.cf.internal"
  diego.bbs.active_key_label:
    description: "Label of the encryption key to be used when writing to the database"
  diego.bbs.encryption_keys:
    description: "List of encryption keys to be used"
    default: []
  diego.bbs.require_ssl:
    description: "require ssl for all communication with the bbs. Deprecated, TLS will be required for the bbs in Diego v2.0+."
    default: true
  diego.bbs.ca_cert:
    description: "PEM-encoded CA certificate"
  diego.bbs.server_cert:
    description: "PEM-encoded client certificate"
  diego.bbs.server_key:
    description: "PEM-encoded client key"
  diego.bbs.desired_lrp_creation_timeout:
    description: "expected maximum time to create all components of a desired LRP (golang duration formatted string). Deprecated since this only applies to etcd serialization, which will be removed entirely in Diego v2.0."

  diego.bbs.etcd.machines:
    description: "Addresses pointing to the ETCD cluster. Deprecated: etcd will no longer be supported in Diego v2.0."
    default: ["etcd.service.cf.internal"]
  diego.bbs.etcd.require_ssl:
    description: "enable ssl for all communication with etcd. Deprecated, etcd will no longer be supported in Diego v2.0."
    default: true
  diego.bbs.etcd.ca_cert:
    description: "PEM-encoded CA certificate. Deprecated, etcd will no longer be supported in Diego v2.0."
  diego.bbs.etcd.client_cert:
    description: "PEM-encoded client certificate. Deprecated, etcd will no longer be supported in Diego v2.0."
  diego.bbs.etcd.client_key:
    description: "PEM-encoded client key. Deprecated, etcd will no longer be supported in Diego v2.0."
  diego.bbs.etcd.client_session_cache_size:
    description: "capacity of the tls client cache. Deprecated, etcd will no longer be supported in Diego v2.0."
  diego.bbs.etcd.max_idle_conns_per_host:
    description: "maximum number of idle http connections. Deprecated, etcd will no longer be supported in Diego v2.0."

  diego.bbs.sql.db_host:
    description: "Host for SQL backend"
    default: ""
  diego.bbs.sql.db_port:
    description: "Port for SQL backend"
    default: ""
  diego.bbs.sql.db_schema:
    description: "Database name to use for connecting to SQL backend"
    default: ""
  diego.bbs.sql.db_username:
    description: "Username to use for connecting to SQL backend"
    default: ""
  diego.bbs.sql.db_password:
    description: "Password to use for connecting to SQL backend"
    default: ""
  diego.bbs.sql.db_driver:
    description: "Database driver to use for SQL backend (for example: mysql,postgres)"
    default: mysql
  diego.bbs.sql.db_connection_string:
    description: "Connection string to use for SQL backend. DEPRECATED, use db_{host,port,schema,username,password} instead"
    default: ""
  diego.bbs.sql.max_open_connections:
    description: "Maximum number of open connections to the SQL database"
  diego.bbs.sql.max_idle_connections:
    description: "Maximum number of idle connections to the SQL database"
  diego.bbs.sql.require_ssl:
    description: "Whether to require SSL for BBS communication to the SQL backend"
    default: false
  diego.bbs.sql.ca_cert:
    description: "Bundle of CA certificates for the BBS to verify the SQL server SSL certificate when connecting via SSL"

  diego.bbs.convergence.repeat_interval_in_seconds:
    description: "the interval between runs of the converge process"
    default: 30
  diego.bbs.convergence.kick_task_duration_in_seconds:
    description: "the interval, in seconds, between kicks to tasks in seconds"
    default: 30
  diego.bbs.convergence.expire_completed_task_duration_in_seconds:
    description: "completed, unresolved tasks are deleted after this duration in seconds"
    default: 120
  diego.bbs.convergence.expire_pending_task_duration_in_seconds:
    description: "unclaimed tasks are marked as failed, after this duration in seconds"
    default: 1800

  diego.bbs.rep.require_tls:
    description: "Whether to require TLS for communication to the securable rep API server"
    default: false
  diego.bbs.rep.ca_cert:
    description: "CA cert for communication to the rep."
  diego.bbs.rep.client_cert:
    description: "Client cert for communication to the rep."
  diego.bbs.rep.client_key:
    description: "Client key for communication to the rep."
  diego.bbs.rep.client_session_cache_size:
    description: "capacity of the tls client cache"
    default: 0

  diego.bbs.locket.api_location:
    description: "Hostname and port of the Locket server. When set, the BBS attempts to claim a lock from the Locket API and will detect Diego cells registered with the Locket API."
  diego.bbs.skip_consul_lock:
    default: false
    description: "Set to 'true' for the BBS to skip acquiring a Consul lock. Requires 'diego.bbs.locket.api_location' to be set."
  diego.bbs.detect_consul_cell_registrations:
    default: true
    description: "Whether the BBS should detect Diego cell registrations present in the Consul key-value store. To prevent unexpected loss of capacity, set to 'false' only when the BBS uses Locket and when all Diego cells in the cluster maintain their registrations via Locket."

  enable_consul_service_registration:
    description: "Enable the BBS to register itself as a service with Consul, for client discovery via Consul DNS. Do not disable without arranging alternate service discovery."
    default: true

  limits.open_files:
    description: Maximum number of files (including sockets) the BBS process may have open.
    default: 100000

  loggregator.use_v2_api:
    description: "True to use local metron agent gRPC v2 API. False to use UDP v1 API."
    default: false
  loggregator.v2_api_port:
    description: "Local metron agent gRPC port"
    default: 3458
  loggregator.ca_cert:
    description: "CA Cert used to communicate with local metron agent over gRPC"
  loggregator.cert:
    description: "Cert used to communicate with local metron agent over gRPC"
  loggregator.key:
    description: "Key used to communicate with local metron agent over gRPC"
