The broker can be configured though environment variables or configuration files or a combo of both.
A configuration file can be provided at run time to the broker.
cloud-service-broker serve --config <config file name>A configuration file can be YAML or JSON. Config file values that are . delimited represent hierarchy in the config file.
Example:
db:
host: hostname
represents a config file value of db.host
Connection details for the backing database for the service broker.
You can configure the following values:
| Environment Variable | Config File Value | Type | Description |
|---|---|---|---|
| DB_HOST * | db.host | string | Database host |
| DB_USERNAME | db.user | string | Database username |
| DB_PASSWORD | db.password | secret | Database password |
| DB_PORT * | db.port | string | Database port (defaults to 3306) Default: |
| DB_NAME * | db.name | string | Database name Default: |
| CA_CERT | db.ca.cert | text | Server CA cert |
| CLIENT_CERT | db.client.cert | text | Client cert |
| CLIENT_KEY | db.client.key | text | Client key |
Broker service configuration values:
| Environment Variable | Config File Value | Type | Description |
|---|---|---|---|
| SECURITY_USER_NAME * | api.user | string | Broker authentication username |
| SECURITY_USER_PASSWORD * | api.password | string | Broker authentication password |
| PORT | api.port | string | Port to bind broker to |
The broker supports passing credentials to apps via credhub references, thus keeping them private to the application (they won't show up in cf env app_name output.)
| Environment Variable | Config File Value | Type | Description |
|---|---|---|---|
| CH_CRED_HUB_URL | credhub.url | URL | credhub service URL - usually https://credhub.service.cf.internal:8844 |
| CH_UAA_URL | credhub.uaa_url | URL | uaa service URL - usually https://uaa.service.cf.internal:8443 |
| CH_UAA_CLIENT_NAME | credhub.uaa_client_name | string | uaa username - usually credhub_admin_client |
| CH_UAA_CLIENT_SECRET | credhub.uaa_client_secret | string | uaa client secret - "Credhub Admin Client Credentials" from Operations Manager > PAS > Credentials tab. |
| CH_SKIP_SSL_VALIDATION | credhub.skip_ssl_validation | boolean | skip SSL validation if true |
| CH_CA_CERT_FILE | credhub.ca_cert_file | path | path to cert file |
Brokerpak configuration values:
| Environment Variable | Config File Value | Type | Description |
|---|---|---|---|
| GSB_BROKERPAK_BUILTIN_PATH | brokerpak.builtin.path | string | Path to search for .brokerpak files, default: |
| GSB_BROKERPAK_CONFIG | brokerpak.config | string | JSON global config for broker pak services |
| service.service-name.provision.defaults | string | JSON provision defaults override for service-name | |
| services.service-name.plans | string | JSON plan collection to augment plans for service-name |
The Azure brokerpak supports default values for tenant, subscription and service principal credentials.
| Environment Variable | Config File Value | Type | Description |
|---|---|---|---|
| ARM_TENANT_ID | azure.tenant_id | string | ID for tenant that resources will be created in |
| ARM_SUBSCRIPTION_ID | azure.subscription_id | string | ID for subscription that resources will be created in |
| ARM_CLIENT_ID | azure.client_id | string | service principal client ID |
| ARM_CLIENT_SECRET | azure.client_secret | string | service principal secret |
Services for a given IaaS should have common parameter names for service wide platform resources (like regions)
Azure services support global region and resource group parameters:
provision:
defaults: '{
"region": "eastus2",
"resource_group": "sb-acceptance-test-rg"
}'The Azure MS SQL DB service (azure-mssql-db) provisions databases on an existing MS SQL server. Configuring the server credentials looks like this:
service:
azure-mssql-db:
provision:
defaults: '{
"server_name": "vsb-azsql-svr-52539613-83bc-4f57-9ed8-8a98ebc394e5",
"admin_username": "KlpWlZCYHEyqdwuf",
"admin_password": "KZe-.-rTuhK2ucDCx5UYQJyjsbum65SlC8_LTZg~Klr.2.1Yut-1weBdF1Xk-uo.",
"resource_group": "vsb-azsql-svr-52539613-83bc-4f57-9ed8-8a98ebc394e5"
}' The Azure MS SQL DB service (azure-mssql-db) can also have its plans augmented to support more than one existing DB server:
service:
azure-mssql-db:
plans: '[
{
"id":"881de5d9-e078-44e7-bed5-26faadabda3c",
"name":"small",
"description":"2cores, 10GB storage DB on server vsb-azsql-test-db4",
"pricing_tier":"GP",
"cores":"2",
"storage_gb":"10",
"server_name":"vsb-azsql-test-db4",
"admin_username":"eqVrU6vcTBvgfiqj",
"admin_password":"BI@G9a9nCnXIV4CV",
"resource_group":"vsb-azsql-test-db4"
},
{
"id":"1a1de5d9-e078-44e7-bed5-266aadabdaa6",
"name":"small",
"description":"2cores, 10GB storage DB on server vsb-azsql-svr-52539613-83bc-4f57-9ed8-8a98ebc394e5",
"pricing_tier":"GP",
"cores":"2",
"storage_gb":"10",
"server_name": "vsb-azsql-svr-52539613-83bc-4f57-9ed8-8a98ebc394e5",
"admin_username": "KlpWlZCYHEyqdwuf",
"admin_password": "KZe-.-rTuhK2ucDCx5UYQJyjsbum65SlC8_LTZg~Klr.2.1Yut-1weBdF1Xk-uo.",
"resource_group": "vsb-azsql-svr-52539613-83bc-4f57-9ed8-8a98ebc394e5"
}
]'