tsuru.conf reference
tsuru uses a configuration file in YAML format. This document describes what each option means, and how it should look.
Notation
tsuru uses a colon to represent nesting in YAML. So, whenever this document says
something like key1:key2, it refers to the value of the key2 that is
nested in the block that is the value of key1. For example,
database:url means:
database:
url: <value>
tsuru configuration
This section describes tsuru’s core configuration. Other sections will include configuration of optional components, and finally, a full sample file.
HTTP server
tsuru provides a REST API, that supports HTTP and HTTP/TLS (a.k.a. HTTPS). Here are the options that affect how tsuru’s API behaves:
listen
listen defines in which address tsuru webserver will listen. It has the
form <host>:<port>. You may omit the host (example: :8080). This setting
has no default value.
use-tls
use-tls indicates whether tsuru should use TLS or not. This setting is
optional, and defaults to “false”.
tls:cert-file
tls:cert-file is the path to the X.509 certificate file configured to serve
the domain. This setting is optional, unless use-tls is true.
tls:key-file
tls:key-file is the path to private key file configured to serve the
domain. This setting is optional, unless use-tls is true.
server:read-timeout
server:read-timeout is the timeout of reading requests in the server. This
is the maximum duration of any request to the tsuru server.
This is useful to avoid leaking connections, in case clients drop the connection before end sending the request. The default value is 0, meaning no timeout.
server:write-timeout
server:write-timeout is the timeout of writing responses in the server.
This is useful to avoid leaking connections, in case clients drop the connection before reading the response from tsuru. The default value is 0, meaning no timeout.
server:app-log-buffer-size
The maximum number of received log messages from applications to hold in memory waiting to be sent to the log database. The default value is 500000.
disable-index-page
tsuru API serves an index page with some basic instructions on how to use the
current target. It’s possible to disable this page by setting the
disable-index-page flag to true. It’s also possible to customize which
template will be used in the index page, see the next configuration entry for
more details.
This setting is optional, and defaults to false.
index-page-template
index-page-template is the template that will be used for the index page.
It must use the Go template syntax,
and tsuru will provide the following variables in the context of the template:
tsuruTarget: the target URL of the tsuru API serving the index page
userCreate: a boolean indicating whether user registration is enabled or disabled
nativeLogin: a boolean indicating whether the API is configured to use the native authentication scheme
keysEnabled: a boolean indicating whether the API is configured to manage SSH keys
It will also include a function used for querying configuration values, named
getConfig. Here is an example of the function usage:
<body>
{{if getConfig "use-tls"}}
<p>we're safe</p>
{{else}}
<p>we're not safe</p>
{{end}}
</body>
This setting is optional. When index-page-template is not defined, tsuru
will use the default template.
reset-password-template
reset-password-template is the template that will be used to “password reset” email.
It must use the Go template syntax,
and tsuru will provide the following variables in the context of the template:
Token: a string, the id of password reset request
UserEmail: a string, the user email
Creation: a time, when password reset was requested
Used: a boolean, reset-password was done or not
This setting is optional. When reset-password-template is not defined, tsuru
will use the default template.
reset-password-successfully-template
reset-password-successfully-template is the template that will be used to email with new password, after reset.
It must use the Go template syntax,
and tsuru will provide the following variables in the context of the template:
password: a string, the new password
This setting is optional. When reset-password-template is not defined, tsuru
will use the default template.
Database access
tsuru uses MongoDB as a database manager to store information like users, machines, containers, etc. You need to describe how tsuru will connect to your database server. Therefore, it’s necessary to provide a MongoDB connection string. Database related options are listed below:
database:url
database:url is the database connection string. It is a mandatory setting
and it has no default value. Examples of strings include basic 127.0.0.1 and
more advanced mongodb://user:password@127.0.0.1:27017/database. Please refer
to MongoDB documentation for more details
and examples of connection strings.
database:name
database:name is the name of the database that tsuru uses. It is a
mandatory setting and has no default value. An example of value is “tsuru”.
database:logdb-url
This setting is optional. If database:logdb-url is specified, tsuru will use
it as the connection string to the MongoDB server responsible for storing
application logs. If this value is not set, tsuru will use database:url
instead.
This setting is useful because tsuru may have to process a very large number of log messages depending on the number of units deployed and applications behavior. Every log message will trigger a insertion in MongoDB and this may negatively impact the database performance. Other measures will be implemented in the future to improve this, but for now, having the ability to use an exclusive database server for logs will help mitigate the negative impact of log writing.
database:logdb-name
This setting is optional. If database:logdb-name is specified, tsuru will
use it as the database name for storing application logs. If this value is not
set, tsuru will use database:name instead.
Email configuration
tsuru sends email to users when they request password recovery. In order to send those emails, tsuru needs to be configured with some SMTP settings. Omitting these settings won’t break tsuru, but users will not be able to reset their password.
smtp:server
The SMTP server to connect to. It must be in the form <host>:<port>. Example: “smtp.gmail.com:587”.
smtp:user
The user to authenticate with the SMTP sever. Currently, tsuru requires authenticated sessions.
smtp:password
The password for authentication within the SMTP server.
Repository configuration
tsuru optionally uses Gandalf to manage git repositories. Gandalf exposes a REST API for repositories management and tsuru needs information about the Gandalf HTTP server endpoint.
repo-manager
repo-manager represents the repository manager that tsuru-server should use.
For backward compatibility reasons, the default value is “gandalf”. Users can
disable repository and SSH key management by setting “repo-manager” to “none”.
For more details, please refer to the repository management page in the documentation.
git:api-server
git:api-server is the address of the Gandalf API. It should define the
entire address, including protocol and port. Examples of value:
http://localhost:9090 and https://gandalf.tsuru.io:9595.
Authentication configuration
tsuru has support for native, oauth and saml authentication schemes.
The default scheme is native and it supports the creation of users in
tsuru’s internal database. It hashes passwords brcypt. Tokens are generated
during authentication and are hashed using SHA512.
The auth section also controls whether user registration is on or off. When
user registration is off, only admin users are able to create new users.
auth:scheme
The authentication scheme to be used. The default value is native, the other
supported value is oauth.
auth:user-registration
This flag indicates whether user registration is enabled. This setting is optional, and defaults to false.
auth:hash-cost
Required only with native chosen as auth:scheme.
This number indicates how many CPU time you’re willing to give to hashing calculation. It is an absolute number, between 4 and 31, where 4 is faster and less secure, while 31 is very secure and very slow.
auth:token-expire-days
Required only with native chosen as auth:scheme.
Whenever a user logs in, tsuru generates a token for him/her, and the user may
store the token. auth:token-expire-days setting defines the amount of days
that the token will be valid. This setting is optional, and defaults to “7”.
auth:max-simultaneous-sessions
tsuru can limit the number of simultaneous sessions per user. This setting is optional, and defaults to “unlimited”.
auth:oauth
Every config entry inside auth:oauth are used when the auth:scheme is
set to “oauth”. Please check rfc6749 for
more details.
auth:oauth:client-id
The client id provided by your OAuth server.
auth:oauth:client-secret
The client secret provided by your OAuth server.
auth:oauth:scope
The scope for your authentication request.
auth:oauth:auth-url
The URL used in the authorization step of the OAuth flow. tsuru CLI will receive this URL and trigger the opening a browser on this URL with the necessary parameters.
During the authorization step, tsuru CLI will start a server locally and set the
callback to http://localhost:<port>, if auth:oauth:callback-port is set
tsuru CLI will use its value as <port>. If auth:oauth:callback-port isn’t
present tsuru CLI will automatically choose an open port.
The callback URL should be registered on your OAuth server.
If the chosen server requires the callback URL to match the same host and port
as the registered one you should register “http://localhost:<chosen port>” and
set the auth:oauth:callback-port accordingly.
If the chosen server is more lenient and allows a different port to be used you
should register simply “http://localhost” and leave auth:oauth:callback-port
empty.
auth:oauth:token-url
The URL used in the exchange token step of the OAuth flow.
auth:oauth:info-url
The URL used to fetch information about the authenticated user. tsuru expects a
json response containing a field called email.
tsuru will also make call this URL on every request to the API to make sure the token is still valid and hasn’t been revoked.
auth:oauth:collection
The database collection used to store valid access tokens. Defaults to “oauth_tokens”.
auth:oauth:callback-port
The port used in the callback URL during the authorization step. Check docs for
auth:oauth:auth-url for more details.
auth:saml
Every config entry inside auth:saml are used when the auth:scheme is
set to “saml”. Please check SAML V2.0 specification for
more details.
auth:saml:sp-publiccert
Service provider public certificate path.
auth:saml:sp-privatekey
Service provider private key path.
auth:saml:idp-ssourl
Identity provider url.
auth:saml:sp-display-name
Service provider display name. The default value is Tsuru.
auth:saml:sp-description
Service provider description. The default values is Tsuru Platform as a Service software.
auth:saml:idp-publiccert
Identity provider public certificate.
auth:saml:sp-entityid
Service provider entitiy id.
auth:saml:sp-sign-request
Boolean value that indicates to service provider signs the request. The default value is false.
auth:saml:idp-sign-response
Boolean value that indicates to identity provider signs the response. The default value is false.
auth:saml:idp-deflate-encoding
Boolean value that indicates to identity provider to enable deflate encoding. The default value is false.
Queue configuration
tsuru uses a work queue for asynchronous tasks.
queue:* groups configuration settings for a MongoDB server that will be used
as storage for delayed execution of queued jobs.
This queue is used to manage creation and destruction of IaaS machines, but tsuru may start using it in more places in the future.
It’s not mandatory to configure the queue, however creating and removing machines using a IaaS provider will not be possible.
queue:mongo-url
Connection url for MongoDB server used to store task information.
queue:mongo-database
Database name used in MongoDB. This value will take precedence over any database name already specified in the connection url.
pubsub
pubsub configuration is optional and depends on a redis server instance.
It’s used only for following application logs (running tsuru app-log -f). If
this is not configured tsuru will fail when running tsuru app-log -f.
Previously the configuration for this redis server was inside redis-queue:*
keys shown below. Using these keys is deprecated and tsuru will start ignoring
them before 1.0 release.
pubsub:redis-*
The Redis server to be used for pub/sub. For details on all available options for connecting to redis check common redis configuration
redis-queue:host
Deprecated. See pubsub:redis-*.
redis-queue:port
Deprecated. See pubsub:redis-*.
redis-queue:password
Deprecated. See pubsub:redis-*.
redis-queue:db
Deprecated. See pubsub:redis-*.
Quota management
tsuru can, optionally, manage quotas. Currently, there are two available quotas: apps per user and units per app.
tsuru administrators can control the default quota for new users and new apps
in the configuration file, and use tsuru command to change quotas for
users or apps. Quota management is disabled by default, to enable it, just set
the desired quota to a positive integer.
quota:units-per-app
quota:units-per-app is the default value for units per-app quota. All new
apps will have at most the number of units specified by this setting. This
setting is optional, and defaults to “unlimited”.
quota:apps-per-user
quota:apps-per-user is the default value for apps per-user quota. All new
users will have at most the number of apps specified by this setting. This
setting is optional, and defaults to “unlimited”.
Logging
Tsuru supports three logging flavors, that can be enabled or disabled altogether. The default behavior of tsuru is to send all logs to syslog, but it can also send logs to the standard error stream or a file. It’s is possible to use any combination of the three flavors at any time in tsuru configuration (e.g.: write logs both to stderr and syslog, or a file and stderr, or to all of the flavors simultaneously).
There’s also the possibility to enable or disable debugging log, via the debug flag.
debug
false is the default value, so you won’t see any
noises on logs, to turn it on set it to true, e.g.: debug: true
log:file
Use this to specify a path to a log file. If no file is specified, tsuru-server won’t write logs to any file.
log:disable-syslog
log:disable-syslog indicates whether tsuru-server should disable the use of
syslog. false is the default value. If it’s true, tsuru-server won’t
send any logs to syslog.
log:syslog-tag
log:syslog-tag is the tag that will be attached to every log line. The
default value is “tsr”.
log:use-stderr
log:use-stderr indicates whether tsuru-server should write logs to standard
error stream. The default value is false.
Routers
As of 0.10.0, all your router configuration should live under entries with the
format routers:<router name>.
routers:<router name>:type (type: hipache, galeb, vulcand)
Indicates the type of this router configuration. The standard router supported by tsuru is hipache. There is also experimental support for galeb and vulcand).
Depending on the type, there are some specific configuration options available.
routers:<router name>:domain (type: hipache, galeb, vulcand)
The domain of the server running your router. Applications created with
tsuru will have a address of http://<app-name>.<domain>
routers:<router name>:redis-* (type: hipache)
Redis server used by Hipache router. This same server (or a redis slave of it), must be configured in your hipache.conf file. For details on all available options for connecting to redis check common redis configuration
routers:<router name>:api-url (type: galeb, vulcand)
The URL for the Galeb or vulcand manager API.
routers:<router name>:username (type: galeb)
Galeb manager username.
routers:<router name>:password (type: galeb)
Galeb manager password.
routers:<router name>:environment (type: galeb)
Galeb manager environment used to create virtual hosts and backend pools.
routers:<router name>:farm-type (type: galeb)
Galeb manager farm type used to create virtual hosts and backend pools.
routers:<router name>:plan (type: galeb)
Galeb manager plan used to create virtual hosts and backend pools.
routers:<router name>:project (type: galeb)
Galeb manager project used to create virtual hosts, backend pools and pools.
routers:<router name>:load-balance-policy (type: galeb)
Galeb manager load balancing policy used to create backend pools.
routers:<router name>:rule-type (type: galeb)
Galeb manager rule type used to create rules.
Hipache
hipache:redis-server
Redis server used by Hipache router. This same server (or a redis slave of it), must be configured in your hipache.conf file.
This setting is deprecated in favor of routers:<router name>:type = hipache
and routers:<router name>:redis-server.
hipache:domain
The domain of the server running your hipache server. Applications created with
tsuru will have a address of http://<app-name>.<hipache:domain>.
This setting is deprecated in favor of routers:<router name>:type = hipache
and routers:<router name>:domain
Defining the provisioner
tsuru has extensible support for provisioners. A provisioner is a Go type that
satisfies the provision.Provisioner interface. By default, tsuru will use
DockerProvisioner (identified by the string “docker”). Other provisioners
are available as experiments and may be removed in future versions:
swarm, mesos and kubernetes.
provisioner
provisioner is the string the name of the default provisioner that will
be used by tsuru. This setting is optional and defaults to docker.
Docker provisioner configuration
docker:collection
Database collection name used to store containers information.
docker:port-allocator
The choice of port allocator. There are two possible values:
docker: trust Docker to allocate ports. Meaning that whenever a container restarts, the port might change (usually, it changes).
tsuru: leverage port allocation to tsuru, so ports mapped to containers never change.
The default value is “docker”.
docker:registry
For tsuru to work with multiple docker nodes, you will need a docker-registry.
This should be in the form of hostname:port, the scheme cannot be present.
docker:registry-max-try
Number of times tsuru will try to send a image to registry.
docker:registry-auth:username
The username used for registry authentication. This setting is optional, for registries with authentication disabled, it can be omitted.
docker:registry-auth:password
The password used for registry authentication. This setting is optional, for registries with authentication disabled, it can be omitted.
docker:registry-auth:email
The email used for registry authentication. This setting is optional, for registries with authentication disabled, it can be omitted.
docker:repository-namespace
Docker repository namespace to be used for application and platform images. Images will be tagged in docker as <docker:repository-namespace>/<platform-name> and <docker:repository-namespace>/<app-name>
docker:max-layers
The maximum number of layers in Docker images. This number represents the number of times that Tsuru will reuse the previous image on application deployment. The default value is 10.
docker:bs:image
This setting is deprecated in favor of dynamically configuring with
tsuru node-container-update big-sibling --image <image>.
docker:bs:socket
This setting is deprecated in favor of dynamically configuring with
tsuru node-container-update big-sibling --volume <local>:<remote> --env
DOCKER_ENDPOINT=<remote>.
docker:bs:syslog-port
docker:bs:syslog-port is the port in the Docker node that will be used by
the bs container for collecting logs. The default value is 1514.
If this value is changed bs node containers must be update with tsuru
node-container-update big-sibling --env
SYSLOG_LISTEN_ADDRESS=udp://0.0.0.0:<port>.
docker:max-workers
Maximum amount of threads to be created when starting new containers, so tsuru doesn’t start too much threads in the process of starting 1000 units, for instance. Defaults to 0 which means unlimited.
docker:router
Default router to be used to distribute requests to units. This should be the
name of a router configured under the routers:<name> key, see routers.
For backward compatibility reasons, the value hipache is also supported, and
it will use either configuration available under router:hipache:* or
hipache:*, in this order.
Note that as of 0.10.0, routers may be associated to plans, if when creating an
application the chosen plan has a router value it will be used instead of the
value set in docker:router.
The router defined in docker:router will only be used if the chosen plan
doesn’t specify one.
docker:deploy-cmd
The command that will be called in your platform when a new deploy happens. The
default value for platforms supported in tsuru’s basebuilder repository is
/var/lib/tsuru/deploy.
docker:security-opts
This setting describes a list of security options that will be passed to containers. This setting must be a list, and has no default value. If one wants to specify just one value, it’s still needed to use the list notation:
docker:
...
security-opts:
- apparmor:PROFILE
For more details on the available options, please refer to the Docker documentation: <https://docs.docker.com/reference/run/#security-configuration>.
docker:segregate
Deprecated. As of tsuru 0.11.1, using segregate scheduler is the default setting. See Segregate Scheduler for details.
docker:scheduler:total-memory-metadata
This value describes which metadata key will describe the total amount of memory, in bytes, available to a docker node.
docker:scheduler:max-used-memory
This should be a value between 0.0 and 1.0 which describes which fraction of the total amount of memory available to a server should be reserved for app units.
The amount of memory available is found based on the node metadata described by
docker:scheduler:total-memory-metadata config setting.
If this value is set, tsuru will try to find a node with enough unreserved memory to fit the creation of new units, based on how much memory is required by the plan used to create the application. If no node with enough unreserved memory is found, tsuru will ignore memory restrictions and let the scheduler choose any node.
This setting, along with docker:scheduler:total-memory-metadata, are also
used by node auto scaling. See node auto scaling for more details.
docker:cluster:storage
This setting has been removed. You shouldn’t define it anymore, the only storage
available for the docker cluster is now mongodb.
docker:cluster:mongo-url
Connection URL to the mongodb server used to store information about the docker cluster.
docker:cluster:mongo-database
Database name to be used to store information about the docker cluster.
docker:run-cmd:bin
The command that will be called on the application image to start the
application. The default value for platforms supported in tsuru’s basebuilder
repository is /var/lib/tsuru/start.
docker:run-cmd:port
The tcp port that will be exported by the container to the node network. The
default value expected by platforms defined in tsuru’s basebuilder repository is
8888.
docker:user
The user tsuru will use to start the container. The value expected for
basebuilder platforms is ubuntu.
docker:healing:heal-nodes
Boolean value that indicates whether tsuru should try to heal nodes that have
failed a specified number of times. Healing nodes is only available if the node
was created by tsuru itself using the IaaS configuration. Defaults to false.
docker:healing:active-monitoring-interval
Number of seconds between calls to <server>/_ping in each one of the docker nodes. If this value is 0 or unset tsuru will never call the ping URL. Defaults to 0.
docker:healing:disabled-time
Number of seconds tsuru disables a node after a failure. This setting is only
valid if heal-nodes is set to true. Defaults to 30 seconds.
docker:healing:max-failures
Number of consecutive failures a node should have before triggering a healing
operation. Only valid if heal-nodes is set to true. Defaults to 5.
docker:healing:wait-new-time
Number of seconds tsuru should wait for the creation of a new node during the
healing process. Only valid if heal-nodes is set to true. Defaults to
300 seconds (5 minutes).
docker:healing:heal-containers-timeout
Number of seconds a container should be unresponsive before triggering the
recreation of the container. A container is deemed unresponsive if it doesn’t
call the set unit status URL (/apps/{app}/units/{unit}) with a started
status. If this value is 0 or unset tsuru will never try to heal unresponsive
containers. Defaults to 0.
docker:healing:events_collection
Collection name in mongodb used to store information about triggered healing
events. Defaults to healing_events.
docker:healthcheck:max-time
Maximum time in seconds to wait for deployment time health check to be successful. Defaults to 120 seconds.
docker:image-history-size
Number of images available for rollback using tsuru app-deploy-rollback.
tsuru will try to delete older images, but it may not be able to due to it being
used as a layer to a newer image. tsuru will keep trying to remove these old
images until they are not used as layers anymore. Defaults to 10 images.
docker:auto-scale:enabled
Enable node auto scaling. See node auto scaling for more details. Defaults to false.
docker:auto-scale:wait-new-time
Number of seconds tsuru should wait for the creation of a new node during the scaling up process. Defaults to 300 seconds (5 minutes).
docker:auto-scale:group-by-metadata
Deprecated. The pool is used to group nodes.
docker:auto-scale:metadata-filter
The name of a pool where auto scale will be enabled. Leave unset to allow
dynamically configuring with tsuru docker-autoscale-rule-set.
docker:auto-scale:max-container-count
Maximum number of containers per node, for count based scaling. See node
auto scaling for more details. Leave unset to
allow dynamically configuring with tsuru docker-autoscale-rule-set.
docker:auto-scale:prevent-rebalance
Prevent rebalancing from happening when adding new nodes, or if a rebalance is
needed. See node auto scaling for more
details. Leave unset to allow dynamically configuring with tsuru docker-autoscale-rule-set.
docker:auto-scale:run-interval
Number of seconds between two periodic runs of the auto scaling algorithm. Defaults to 3600 seconds (1 hour).
docker:auto-scale:scale-down-ratio
Ratio used when scaling down. Must be greater than 1.0. See node auto
scaling for more details. Defaults to 1.33.
Leave unset to allow dynamically configuring with tsuru
docker-autoscale-rule-set.
docker:limit:actions-per-host
The maximum number of simultaneous actions to run on a docker node. When the
number of running actions is greater then the limit further actions will block
until another action has finished. Setting this limit may help the stability of
docker nodes with limited resources. If this value is set to 0 the limit is
disabled. Default value is 0.
docker:limit:mode
The way tsuru will ensure docker:limit:actions-per-host limit is being
respected. Possible values are local and global. Defaults to local.
In local mode tsuru will only limit simultaneous actions from the current
tsurud process. global mode uses MongoDB to ensure all tsurud servers using
respects the same limit.
IaaS configuration
tsuru uses IaaS configuration to automatically create new docker nodes and
adding them to your cluster when using docker-node-add command. See
adding nodes for more details about how to use
this command.
Attention
You should configure queue to be able to use IaaS.
General settings
iaas:default
The default IaaS tsuru will use when calling docker-node-add without
specifying iaas=<iaas_name> as a metadata. Defaults to ec2.
iaas:node-protocol
Which protocol to use when accessing the docker api in the created node.
Defaults to http.
iaas:node-port
In which port the docker API will be accessible in the created node. Defaults to
2375.
iaas:collection
Collection name on database containing information about created machines.
Defaults to iaas_machines.
EC2 IaaS
iaas:ec2:key-id
Your AWS key id.
iaas:ec2:secret-key
Your AWS secret key.
iaas:ec2:user-data
A url for which the response body will be sent to ec2 as user-data. Defaults to a script which will run tsuru now installation.
iaas:ec2:wait-timeout
Number of seconds to wait for the machine to be created. Defaults to 300 (5 minutes).
CloudStack IaaS
iaas:cloudstack:api-key
Your api key.
iaas:cloudstack:secret-key
Your secret key.
iaas:cloudstack:url
The url for the cloudstack api.
iaas:cloudstack:user-data
A url for which the response body will be sent to cloudstack as user-data. Defaults to a script which will run tsuru now installation.
iaas:cloudstack:wait-timeout
Number of seconds to wait for the machine to be created. Defaults to 300 (5 minutes).
DigitalOcean IaaS
iaas:digitalocean:token
The access token used for communication with the DigitalOcean API.
iaas:digitalocean:url
The URL of the DigitalOcean API. This is optional, and defaults to “https://api.digitalocean.com/”.
iaas:digitalocean:user-data
A URL for which the response body will be sent to DigitalOcean as user-data. Defaults to a script which will run tsuru now installation.
Docker Machine IaaS
iaas:dockermachine:ca-path
Path to a directory containing ca.pem and ca-key.pem files to be used for
signing the certificates used by docker engine.
iaas:dockermachine:driver:name
The name of the docker machine driver to be used for machine provisioning. Can be any of the core drivers or a 3rd party driver (available on the $PATH).
iaas:dockermachine:driver:user-data-file-param
The name of the driver parameter that accepts a local file to be used as userdata. The remote file provided as iaas:dockermachine:user-data will be copied to a local file and feeded into the driver as the value of the provided parameter.
iaas:dockermachine:driver:options
Any parameter to be sent to the driver. For example:
iaas:dockermachine:driver:options:amazonec2-access-key: ABCDE.
iaas:dockermachine:docker-install-url
Remote script to be used for docker installation. Defaults to: http://get.docker.com.
iaas:dockermachine:insecure-registry
Registry to be added as insecure registry to the docker engine.
iaas:dockermachine:docker-flags
Additional flags to be set on the docker engine.
Custom IaaS
You can define a custom IaaS based on an existing provider. Any configuration
keys with the format iaas:custom:<name> will create a new IaaS with
name.
iaas:custom:<name>:provider
The base provider name, it can be any of the supported providers: cloudstack,
ec2, digitalocean or dockermachine.
iaas:custom:<name>:<any_other_option>
This will overwrite the value of iaas:<provider>:<any_other_option> for this
IaaS. As an example, having the configuration below would allow you to call
tsuru node-add iaas=region1_cloudstack ...:
iaas:
custom:
region1_cloudstack:
provider: cloudstack
url: http://region1.url/
secret-key: mysecretkey
cloudstack:
api-key: myapikey
Common redis configuration options
<prefix>:redis-server
Connect to a single redis server. The redis server address should be in the
format host:port. This parameter is mutually exclusive with
<prefix>:redis-sentinel-addrs and <prefix>:redis-cluster-addrs.
<prefix>:redis-host
Alternative way to specify a single redis server to connect. Only the host
name should be informed.
<prefix>:redis-port
The port used when <prefix>:redis-host is defined.
<prefix>:redis-sentinel-addrs
Connect to a farm of redis sentinel servers. It’s a comma separated list of
host:port pairs. e.g.: 10.0.0.1:26379,10.0.0.2:26379. This parameter is
mutually exclusive with <prefix>:redis-server and
<prefix>:redis-cluster-addrs.
<prefix>:redis-sentinel-master
The master name for a sentinel farm. This parameter is mandatory when
<prefix>:redis-sentinel-addrs is defined.
<prefix>:redis-cluster-addrs
Connect to a farm of redis cluster servers. It’s a comma separated list of
host:port pairs. e.g.: 10.0.0.1:6379,10.0.0.2:6379. This parameter is
mutually exclusive with <prefix>:redis-server and
<prefix>:redis-sentinel-addrs.
<prefix>:redis-db
The db number selected when connecting to redis.
<prefix>:redis-password
The password used when connecting to redis.
<prefix>:redis-pool-size
The maximum number of simultaneously open connections to a redis server.
<prefix>:redis-max-retries
The number of times an unsuccessful command will be sent to redis again.
<prefix>:redis-pool-timeout
Duration in seconds to wait for a free redis connection once the maximum pool
size defined in <prefix>:redis-pool-size is reached.
<prefix>:redis-pool-idle-timeout
Duration in seconds after which an idle connection will be discarded from the pool.
<prefix>:redis-dial-timeout
Duration in seconds after which an error will be returned if a connection to redis cannot be established.
<prefix>:redis-read-timeout
Duration in seconds after which an error will be returned if tsuru is still waiting for the response for an issued command.
<prefix>:redis-write-timeout
Duration in seconds after which an error will be returned if tsuru is still sending a command to redis.
Sample file
Here is a complete example:
listen: "0.0.0.0:8080"
debug: true
host: http://<machine-public-addr>:8080 # This port must be the same as in the "listen" conf
auth:
user-registration: true
scheme: native
database:
url: <your-mongodb-server>:27017
name: tsurudb
pubsub:
redis-host: <your-redis-server>
redis-port: 6379
queue:
mongo-url: <your-mongodb-server>:27017
mongo-database: queuedb
git:
api-server: http://<your-gandalf-server>:8000
provisioner: docker
docker:
router: hipache
collection: docker_containers
repository-namespace: tsuru
deploy-cmd: /var/lib/tsuru/deploy
cluster:
storage: mongodb
mongo-url: <your-mongodb-server>:27017
mongo-database: cluster
run-cmd:
bin: /var/lib/tsuru/start
port: "8888"
routers:
hipache:
type: hipache
domain: <your-hipache-server-ip>.xip.io
redis-server: <your-redis-server-with-port>