tsuru.conf reference

tsuru uses a configuration file in YAML format. Thisdocument describes what each option means, and how it should look.

Notation

tsuru uses a colon to represent nesting in YAML. So, whenever this document sayssomething like key1:key2, it refers to the value of the key2 that isnested in the block that is the value of key1. For example,database:url means:

database:
  url: <value>

tsuru configuration

This section describes tsuru’s core configuration. Other sections will includeconfiguration of optional components, and finally, a full sample file.

HTTP server

tsuru provides a REST API, that supports HTTP and HTTP/TLS (a.k.a. HTTPS). Hereare the options that affect how tsuru’s API behaves:

listen

listen defines in which address tsuru webserver will listen. It has theform <host>:<port>. You may omit the host (example: :8080). This settinghas no default value.

shutdown-timeout

shutdown-timeout defines how many seconds to wait when performing an apishutdown (by sending SIGTERM or SIGQUIT). Defaults to 600 seconds.

use-tls

use-tls indicates whether tsuru should use TLS or not. This setting isoptional, and defaults to “false”.

tls:listen

If both this and listen keys are set (following the same rules as listenkey), tsuru will start two webserver instances: one with HTTP on listenaddress, and the other one with HTTPS on tls:listen address.If only one of listen and tls:listen keys is set (and use-tls istrue), tsuru will only run the TLS supporting webserver. This setting isoptional, unless use-tls is true.

tls:cert-file

tls:cert-file is the path to the X.509 certificate file configured to servethe domain. This setting is optional, unless use-tls is true.

tls:key-file

tls:key-file is the path to private key file configured to serve thedomain. This setting is optional, unless use-tls is true.

server:read-timeout

server:read-timeout is the timeout of reading requests in the server. Thisis the maximum duration of any request to the tsuru server.

This is useful to avoid leaking connections, in case clients drop theconnection before end sending the request. The default value is 0, meaning notimeout.

server:write-timeout

server:write-timeout is the timeout of writing responses in the server.

This is useful to avoid leaking connections, in case clients drop theconnection before reading the response from tsuru. The default value is 0,meaning no timeout.

server:app-log-buffer-size

The maximum number of received log messages from applications to hold in memorywaiting to be sent to the log database. The default value is 500000.

disable-index-page

tsuru API serves an index page with some basic instructions on how to use thecurrent target. It’s possible to disable this page by setting thedisable-index-page flag to true. It’s also possible to customize whichtemplate will be used in the index page, see the next configuration entry formore details.

This setting is optional, and defaults to false.

index-page-template

index-page-template is the template that will be used for the index page.It must use the Go template syntax,and tsuru will provide the following variables in the context of the template:

- tsuruTarget: the target URL of the tsuru API serving the index page- userCreate: a boolean indicating whether user registration is enabledor disabled- nativeLogin: a boolean indicating whether the API is configured touse the native authentication scheme- keysEnabled: a boolean indicating whether the API is configured tomanage SSH keys

It will also include a function used for querying configuration values, namedgetConfig. Here is an example of the function usage:

<body>
    {{if getConfig "use-tls"}}
    <p>we're safe</p>
    {{else}}
    <p>we're not safe</p>
    {{end}}
</body>

This setting is optional. When index-page-template is not defined, tsuruwill use the default template.

reset-password-template

reset-password-template is the template that will be used to “password reset” email.It must use the Go template syntax,and tsuru will provide the following variables in the context of the template:

- Token: a string, the id of password reset request- UserEmail: a string, the user email- Creation: a time, when password reset was requested- Used: a boolean, reset-password was done or not

This setting is optional. When reset-password-template is not defined, tsuruwill use the default template.

reset-password-successfully-template

reset-password-successfully-template is the template that will be used to email with new password, after reset.It must use the Go template syntax,and tsuru will provide the following variables in the context of the template:

- password: a string, the new password- email: a string, the user email

This setting is optional. When reset-password-template is not defined, tsuruwill use the default template.

Database access

tsuru uses MongoDB as a database manager to store information like users,machines, containers, etc. You need to describe how tsuru will connect to yourdatabase server. Therefore, it’s necessary to provide a MongoDB connectionstring.Database related options are listed below:

database:url

database:url is the database connection string. It is a mandatory settingand it has no default value. Examples of strings include basic 127.0.0.1 andmore advanced mongodb://user:password@127.0.0.1:27017/database. Please referto MongoDB documentation for more detailsand examples of connection strings.

database:name

database:name is the name of the database that tsuru uses. It is amandatory setting and has no default value. An example of value is “tsuru”.

database:driver

database:driver is the name of the database driver that tsuru uses.Currently, the only value supported is “mongodb”.

database:logdb-url

This setting is optional. If database:logdb-url is specified, tsuru will useit as the connection string to the MongoDB server responsible for storingapplication logs. If this value is not set, tsuru will use database:urlinstead.

This setting is useful because tsuru may have to process a very large number oflog messages depending on the number of units deployed and applicationsbehavior. Every log message will trigger a insertion in MongoDB and this maynegatively impact the database performance. Other measures will be implementedin the future to improve this, but for now, having the ability to use anexclusive database server for logs will help mitigate the negative impact of logwriting.

database:logdb-name

This setting is optional. If database:logdb-name is specified, tsuru willuse it as the database name for storing application logs. If this value is notset, tsuru will use database:name instead.

Email configuration

tsuru sends email to users when they request password recovery. In order to sendthose emails, tsuru needs to be configured with some SMTP settings. Omittingthese settings won’t break tsuru, but users will not be able to reset theirpassword.

smtp:server

The SMTP server to connect to. It must be in the form <host>:<port>. Example:“smtp.gmail.com:587”.

smtp:user

The user to authenticate with the SMTP sever. Currently, tsuru requiresauthenticated sessions.

smtp:password

The password for authentication within the SMTP server.

Repository configuration

tsuru optionally uses Gandalf to managegit repositories. Gandalf exposes a REST API for repositories management andtsuru needs information about the Gandalf HTTP server endpoint.

repo-manager

repo-manager represents the repository manager that tsuru-server should use.For backward compatibility reasons, the default value is “gandalf”. Users candisable repository and SSH key management by setting “repo-manager” to “none”.For more details, please refer to the repository management page in the documentation.

git:api-server

git:api-server is the address of the Gandalf API. It should define theentire address, including protocol and port. Examples of value:http://localhost:9090 and https://gandalf.tsuru.io:9595.

Authentication configuration

tsuru has support for native, oauth and saml authentication schemes.

The default scheme is native and it supports the creation of users intsuru’s internal database. It hashes passwords brcypt. Tokens are generatedduring authentication and are hashed using SHA512.

The auth section also controls whether user registration is on or off. Whenuser registration is off, only admin users are able to create new users.

auth:scheme

The authentication scheme to be used. The default value is native, the othersupported value is oauth.

auth:user-registration

This flag indicates whether user registration is enabled. This setting isoptional, and defaults to false.

auth:hash-cost

Required only with native chosen as auth:scheme.

This number indicates how many CPU time you’re willing to give to hashingcalculation. It is an absolute number, between 4 and 31, where 4 is faster andless secure, while 31 is very secure and very slow.

auth:token-expire-days

Required only with native chosen as auth:scheme.

Whenever a user logs in, tsuru generates a token for him/her, and the user maystore the token. auth:token-expire-days setting defines the amount of daysthat the token will be valid. This setting is optional, and defaults to “7”.

auth:max-simultaneous-sessions

tsuru can limit the number of simultaneous sessions per user. This setting isoptional, and defaults to “unlimited”.

auth:oauth

Every config entry inside auth:oauth are used when the auth:scheme isset to “oauth”. Please check rfc6749 formore details.

authclient-id

The client id provided by your OAuth server.

authclient-secret

The client secret provided by your OAuth server.

authscope

The scope for your authentication request.

authauth-url

The URL used in the authorization step of the OAuth flow. tsuru CLI will receivethis URL and trigger the opening a browser on this URL with the necessaryparameters.

During the authorization step, tsuru CLI will start a server locally and set thecallback to http://localhost:<port>, if authcallback-port is settsuru CLI will use its value as <port>. If authcallback-port isn’tpresent tsuru CLI will automatically choose an open port.

The callback URL should be registered on your OAuth server.

If the chosen server requires the callback URL to match the same host and portas the registered one you should register “http://localhost:<chosen port>” andset the authcallback-port accordingly.

If the chosen server is more lenient and allows a different port to be used youshould register simply “http://localhost” and leave authcallback-portempty.

authtoken-url

The URL used in the exchange token step of the OAuth flow.

authinfo-url

The URL used to fetch information about the authenticated user. tsuru expects ajson response containing a field called email.

tsuru will also make call this URL on every request to the API to make sure thetoken is still valid and hasn’t been revoked.

authcollection

The database collection used to store valid access tokens. Defaults to“oauth_tokens”.

authcallback-port

The port used in the callback URL during the authorization step. Check docs forauthauth-url for more details.

auth:saml

Every config entry inside auth:saml are used when the auth:scheme isset to “saml”. Please check SAML V2.0 specification formore details.

authsp-publiccert

Service provider public certificate path.

authsp-privatekey

Service provider private key path.

authidp-ssourl

Identity provider url.

authsp-display-name

Service provider display name. The default value is Tsuru.

authsp-description

Service provider description. The default values is Tsuru Platform as a Service software.

authidp-publiccert

Identity provider public certificate.

authsp-entityid

Service provider entitiy id.

authsp-sign-request

Boolean value that indicates to service provider signs the request.The default value is false.

authidp-sign-response

Boolean value that indicates to identity provider signs the response.The default value is false.

authidp-deflate-encoding

Boolean value that indicates to identity provider to enable deflate encoding.The default value is false.

Queue configuration

tsuru uses a work queue for asynchronous tasks.

queue:* groups configuration settings for a MongoDB server that will be usedas storage for delayed execution of queued jobs.

This queue is used to manage creation and destruction of IaaS machines, buttsuru may start using it in more places in the future.

It’s not mandatory to configure the queue, however creating and removingmachines using a IaaS provider will not be possible.

queue:mongo-url

Connection url for MongoDB server used to store task information.

queue:mongo-database

Database name used in MongoDB. This value will take precedence over any databasename already specified in the connection url.

pubsub

Deprecated: These settings are obsolete and are ignored as of tsuru 1.3.0.

Quota management

tsuru can, optionally, manage quotas. Currently, there are two availablequotas: apps per user and units per app.

tsuru administrators can control the default quota for new users and new appsin the configuration file, and use tsuru command to change quotas forusers or apps. Quota management is disabled by default, to enable it, just setthe desired quota to a positive integer.

quota:units-per-app

quota:units-per-app is the default value for units per-app quota. All newapps will have at most the number of units specified by this setting. Thissetting is optional, and defaults to “unlimited”.

quota:apps-per-user

quota:apps-per-user is the default value for apps per-user quota. All newusers will have at most the number of apps specified by this setting. Thissetting is optional, and defaults to “unlimited”.

Logging

Tsuru supports three logging flavors, that can be enabled or disabledaltogether. The default behavior of tsuru is to send all logs to syslog, but itcan also send logs to the standard error stream or a file. It’s is possible touse any combination of the three flavors at any time in tsuru configuration(e.g.: write logs both to stderr and syslog, or a file and stderr, or to all ofthe flavors simultaneously).

There’s also the possibility to enable or disable debugging log, via the debugflag.

debug

false is the default value, so you won’t see anynoises on logs, to turn it on set it to true, e.g.: debug: true

log:file

Use this to specify a path to a log file. If no file is specified, tsuru-serverwon’t write logs to any file.

log:disable-syslog

log:disable-syslog indicates whether tsuru-server should disable the use ofsyslog. false is the default value. If it’s true, tsuru-server won’tsend any logs to syslog.

log:syslog-tag

log:syslog-tag is the tag that will be attached to every log line. Thedefault value is “tsr”.

log:use-stderr

log:use-stderr indicates whether tsuru-server should write logs to standarderror stream. The default value is false.

Routers

As of 0.10.0, all your router configuration should live under entries with theformat routers:<router name>.

routers:<router name>:type (type: hipache, galeb, vulcand, api)

Indicates the type of this router configuration. The standard router supportedby tsuru is hipache. There is alsoexperimental support for galeb, vulcand) and a generic api router.

routers:<router name>:default

Boolean value that indicates if this router is to be used when an app is createdwith no specific router. Defaults to false.

Depending on the type, there are some specific configuration options available.

routers:<router name>:domain (type: hipache, galeb, vulcand)

The domain of the server running your router. Applications created withtsuru will have a address of http://<app-name>.<domain&gt;

routers:<router name>:redis-* (type: hipache)

Redis server used by Hipache router. This same server (or a redis slave of it),must be configured in your hipache.conf file. For details on all availableoptions for connecting to redis check common redis configuration

routers:<router name>:api-url (type: galeb, vulcand, api)

The URL for the router manager API.

routers:<router name>:debug (type galeb, api)

Enables debug mode, logging additional information.

routers:<router name>:username (type: galeb)

Galeb manager username.

routers:<router name>:password (type: galeb)

Galeb manager password.

routers:<router name>:environment (type: galeb)

Galeb manager environment used to create virtual hosts and backend pools.

routers:<router name>:farm-type (type: galeb)

Galeb manager farm type used to create virtual hosts and backend pools.

routers:<router name>:plan (type: galeb)

Galeb manager plan used to create virtual hosts and backend pools.

routers:<router name>:project (type: galeb)

Galeb manager project used to create virtual hosts, backend pools and pools.

routers:<router name>:load-balance-policy (type: galeb)

Galeb manager load balancing policy used to create backend pools.

routers:<router name>:rule-type (type: galeb)

Galeb manager rule type used to create rules.

routers:<router name>:use-token (type: galeb)

If true, tsuru will get an authentication token by calling the /token route andreuse it until it expires. (Defaults to false)

routers:<router name>:max-requests (type: galeb)

Maximum number of parallel requests to the Galeb API when adding or removingroutes. (Defaults to unlimited)

routers:<router name>:headers (type: api)

Headers to be added to the request to the api responsible for mananing the router. Example:

headers:
  - X-CUSTOM-HEADER: my-value

Hipache

hipache:redis-server

Redis server used by Hipache router. This same server (or a redis slave of it),must be configured in your hipache.conf file.

This setting is deprecated in favor of routers:<router name>:type = hipacheand routers:<router name>:redis-server.

hipache:domain

The domain of the server running your hipache server. Applications created withtsuru will have a address of http://<app-name>.<hipache:domain&gt;.

This setting is deprecated in favor of routers:<router name>:type = hipacheand routers:<router name>:domain

Defining the provisioner

tsuru has extensible support for provisioners. A provisioner is a Go type thatsatisfies the provision.Provisioner interface. By default, tsuru will useDockerProvisioner (identified by the string “docker”). Other provisionersare available as experiments and may be removed in future versions:swarm and kubernetes.

provisioner

provisioner is the string the name of the default provisioner that willbe used by tsuru. This setting is optional and defaults to docker.

Docker provisioner configuration

docker:collection

Database collection name used to store containers information.

docker:port-allocator

Deprecated. Currently, when using Docker as provisioner, tsuru trusts itto allocate ports. Meaning thatwhenever a container restarts, the port mightchange (usually, it changes).

docker:registry

For tsuru to work with multiple docker nodes, you will need a docker-registry.This should be in the form of hostname:port, the scheme cannot be present.

docker:registry-max-try

Number of times tsuru will try to send a image to registry.

dockerusername

The username used for registry authentication. This setting is optional, forregistries with authentication disabled, it can be omitted.

dockerpassword

The password used for registry authentication. This setting is optional, forregistries with authentication disabled, it can be omitted.

dockeremail

The email used for registry authentication. This setting is optional, forregistries with authentication disabled, it can be omitted.

docker:repository-namespace

Docker repository namespace to be used for application and platform images. Imageswill be tagged in docker as <docker:repository-namespace>/<platform-name> and<docker:repository-namespace>/<app-name>. The default value is ‘tsuru’.

docker:max-layers

The maximum number of layers in Docker images. This number represents thenumber of times that Tsuru will reuse the previous image on applicationdeployment. The default value is 10.

dockerimage

This setting is deprecated in favor of dynamically configuring withtsuru node-container-update big-sibling —image <image>.

dockersocket

This setting is deprecated in favor of dynamically configuring withtsuru node-container-update big-sibling —volume <local>:<remote> —env
DOCKER_ENDPOINT=<remote>.

dockersyslog-port

dockersyslog-port is the port in the Docker node that will be used bythe bs container for collecting logs. The default value is 1514.

If this value is changed bs node containers must be update with tsuru
node-container-update big-sibling —env
SYSLOG_LISTEN_ADDRESS=udp://0.0.0.0:<port>.

docker:max-workers

Maximum amount of threads to be created when starting new containers, so tsurudoesn’t start too much threads in the process of starting 1000 units, forinstance. Defaults to 0 which means unlimited.

dockermax-workers

Same as docker:max-workers but applies only to when starting new node containers.Defaults to 0 which means unlimited.

docker:router

Default router to be used to distribute requests to units. This should be thename of a router configured under the routers:<name> key, see routers.

For backward compatibility reasons, the value hipache is also supported, andit will use either configuration available under router orhipache:, in this order.

The router defined in docker:router will only be used if there is no routerwith router:<my-router>:default set to true.

docker:deploy-cmd

The command that will be called in your platform when a new deploy happens. Thedefault value for platforms supported in tsuru’s basebuilder repository is/var/lib/tsuru/deploy.

docker:security-opts

This setting describes a list of security options that will be passed tocontainers. This setting must be a list, and has no default value. If one wantsto specify just one value, it’s still needed to use the list notation:

docker:
  ...
  security-opts:
    - apparmor:PROFILE

For more details on the available options, please refer to the Dockerdocumentation: <https://docs.docker.com/reference/run/#security-configuration>.

docker:segregate

Deprecated. As of tsuru 0.11.1, using segregate scheduler is the defaultsetting. See Segregate Scheduler for details.

dockertotal-memory-metadata

This value describes which metadata key will describe the total amount ofmemory, in bytes, available to a docker node.

dockermax-used-memory

This should be a value between 0.0 and 1.0 which describes which fraction of thetotal amount of memory available to a server should be reserved for app units.

The amount of memory available is found based on the node metadata described bydockertotal-memory-metadata config setting.

If this value is set, tsuru will try to find a node with enough unreservedmemory to fit the creation of new units, based on how much memory is required bythe plan used to create the application. If no node with enough unreservedmemory is found, tsuru will ignore memory restrictions and let the schedulerchoose any node.

This setting, along with dockertotal-memory-metadata, are alsoused by node auto scaling. See node auto scaling for more details.

dockerstorage

This setting has been removed. You shouldn’t define it anymore, the only storageavailable for the docker cluster is now mongodb.

dockermongo-url

Connection URL to the mongodb server used to store information about the dockercluster.

dockermongo-database

Database name to be used to store information about the docker cluster.

dockerbin

The command that will be called on the application image to start theapplication. The default value for platforms supported in tsuru’s basebuilderrepository is /var/lib/tsuru/start.

dockerport

The tcp port that will be exported by the container to the node network. Thedefault value expected by platforms defined in tsuru’s basebuilder repository is8888.

docker:user

The user tsuru will use to start the container. The default value isubuntu, which is the expected value for default tsuru platforms. An emptyfor this will make tsuru use the platform image user.

docker:uid

The user ID tsuru will use to start the container in provisioners that do notsupport docker:user. The default value is 1000, which is the expectedvalue for default tsuru platforms. The value -1 can be used to make tsuruuse the platform image user.

dockerheal-nodes

Boolean value that indicates whether tsuru should try to heal nodes that havefailed a specified number of times. Healing nodes is only available if the nodewas created by tsuru itself using the IaaS configuration. Defaults to false.

dockeractive-monitoring-interval

Number of seconds between calls to <server>/_ping in each one of the dockernodes. If this value is 0 or unset tsuru will never call the ping URL. Defaultsto 0.

dockerdisabled-time

Number of seconds tsuru disables a node after a failure. This setting is onlyvalid if heal-nodes is set to true. Defaults to 30 seconds.

dockermax-failures

Number of consecutive failures a node should have before triggering a healingoperation. Only valid if heal-nodes is set to true. Defaults to 5.

dockerwait-new-time

Number of seconds tsuru should wait for the creation of a new node during thehealing process. Only valid if heal-nodes is set to true. Defaults to300 seconds (5 minutes).

dockerheal-containers-timeout

Number of seconds a container should be unresponsive before triggering therecreation of the container. A container is deemed unresponsive if it doesn’tcall the set unit status URL (/apps/{app}/units/{unit}) with a startedstatus. If this value is 0 or unset tsuru will never try to heal unresponsivecontainers. Defaults to 0.

dockerevents_collection

Collection name in mongodb used to store information about triggered healingevents. Defaults to healing_events.

dockermax-time

Maximum time in seconds to wait for deployment time health check to besuccessful. Defaults to 120 seconds.

docker:image-history-size

Number of images available for rollback using tsuru app-deploy-rollback.tsuru will try to delete older images, but it may not be able to due to it beingused as a layer to a newer image. tsuru will keep trying to remove these oldimages until they are not used as layers anymore. Defaults to 10 images.

dockerenabled

Enable node auto scaling. See node auto scaling for more details. Defaults to false. Used as fallbackfor pools without rules set by tsuru node autoscale rule set.

dockerwait-new-time

Number of seconds tsuru should wait for the creation of a new node during thescaling up process. Defaults to 300 seconds (5 minutes).

dockergroup-by-metadata

Deprecated. The pool is used to group nodes.

dockermetadata-filter

The name of a pool where auto scale will be enabled. Leave unset to allowdynamically configuring with tsuru node-autoscale-rule-set.

dockermax-container-count

Maximum number of containers per node, for count based scaling. See nodeauto scaling for more details. Leave unset toallow dynamically configuring with tsuru docker-autoscale-rule-set.

dockerprevent-rebalance

Prevent rebalancing from happening when adding new nodes, or if a rebalance isneeded. See node auto scaling for moredetails. Leave unset to allow dynamically configuring with tsuru docker-autoscale-rule-set.

dockerrun-interval

Number of seconds between two periodic runs of the auto scaling algorithm.Defaults to 3600 seconds (1 hour).

dockerscale-down-ratio

Ratio used when scaling down. Must be greater than 1.0. See node autoscaling for more details. Defaults to 1.33.Leave unset to allow dynamically configuring with tsuru
docker-autoscale-rule-set.

dockeractions-per-host

The maximum number of simultaneous actions to run on a docker node. When thenumber of running actions is greater then the limit further actions will blockuntil another action has finished. Setting this limit may help the stability ofdocker nodes with limited resources. If this value is set to 0 the limit isdisabled. Default value is 0.

dockermode

The way tsuru will ensure dockeractions-per-host limit is beingrespected. Possible values are local and global. Defaults to local.In local mode tsuru will only limit simultaneous actions from the currenttsurud process. global mode uses MongoDB to ensure all tsurud servers usingrespects the same limit.

docker:sharedfs

Used to create shared volumes for apps.

dockerhostdir

Directory on host machine to access shared data with instaled apps.

dockermountpoint

Directory inside the container that point to hostdir directory configuredabove.

dockerapp-isolation

If true, the hostdir will have subdirectories for each app. All apps will still have access to a shared mount point, however they will be in completely isolated subdirectories.

IaaS configuration

tsuru uses IaaS configuration to automatically create new docker nodes andadding them to your cluster when using docker-node-add command. Seeadding nodes for more details about how to usethis command.

Attention

You should configure queue to be able to use IaaS.

General settings

iaas:default

The default IaaS tsuru will use when calling docker-node-add withoutspecifying iaas=<iaas_name> as a metadata. Defaults to ec2.

iaas:node-protocol

Which protocol to use when accessing the docker api in the created node.Defaults to http.

iaas:node-port

In which port the docker API will be accessible in the created node. Defaults to2375.

iaas:collection

Collection name on database containing information about created machines.Defaults to iaas_machines.

EC2 IaaS

iaaskey-id

Your AWS key id.

iaassecret-key

Your AWS secret key.

iaasuser-data

A url for which the response body will be sent to ec2 as user-data.Defaults to a script which will run tsuru now installation.

iaaswait-timeout

Number of seconds to wait for the machine to be created. Defaults to 300 (5minutes).

CloudStack IaaS

iaasapi-key

Your api key.

iaassecret-key

Your secret key.

iaasurl

The url for the cloudstack api.

iaasuser-data

A url for which the response body will be sent to cloudstack as user-data.Defaults to a script which will run tsuru now installation.

iaaswait-timeout

Number of seconds to wait for the machine to be created. Defaults to 300 (5minutes).

DigitalOcean IaaS

iaastoken

The access token used for communication with the DigitalOcean API.

iaasurl

The URL of the DigitalOcean API. This is optional, and defaults to“https://api.digitalocean.com/”.

iaasuser-data

A URL for which the response body will be sent to DigitalOcean as user-data.Defaults to a script which will run tsuru now installation.

Docker Machine IaaS

iaasca-path

Path to a directory containing ca.pem and ca-key.pem files to be used forsigning the certificates used by docker engine.

iaasdriver:name

The name of the docker machine driver to be used for machine provisioning. Can beany of the core drivers or a 3rd party driver (available on the $PATH).

iaasdriver:user-data-file-param

The name of the driver parameter that accepts a local file to be used as userdata. The remote file providedas iaasuser-data will be copied to a local file and feeded into the driver as the value ofthe provided parameter.

iaasdriver:options

Any parameter to be sent to the driver. For example:iaasdriveramazonec2-access-key: ABCDE.

iaasdocker-install-url

Remote script to be used for docker installation. Defaults to: http://get.docker.com.

iaasdocker-storage-driver

Docker engine storage driver

iaasinsecure-registry

Registry to be added as insecure registry to the docker engine.

iaasdocker-flags

Additional flags to be set on the docker engine.

Custom IaaS

You can define a custom IaaS based on an existing provider. Any configurationkeys with the format iaas<name> will create a new IaaS withname.

iaas<name>:provider

The base provider name, it can be any of the supported providers: cloudstack,ec2, digitalocean or dockermachine.

iaas<name>:<any_other_option>

This will overwrite the value of iaas:<provider>:<any_other_option> for thisIaaS. As an example, having the configuration below would allow you to calltsuru node-add iaas=region1_cloudstack …:

iaas:
    custom:
        region1_cloudstack:
            provider: cloudstack
            url: http://region1.url/
            secret-key: mysecretkey
    cloudstack:
        api-key: myapikey

Event throttling configuration

event:throttling

Event throttling is a list of throttling settings that will match events basedon their target and kind. Each list entry has the config options describedbelow.

event[]:target-type

The target type this throttling config will match. This option is mandatory forevery throttling entry.

event[]:kind-name

The event kind name this throttling config will match. If not set thisthrottling config will match all events based on ther target-type regardless ofthe kind name.

event[]:limit

Positive integer representing maximum number of events in event[]:windowtime. Use 0 to disable throttling.

event[]:window

Number of seconds for the rolling window for events in which event[]:limitwill be considered.

event[]:wait-finish

Boolean value describing whether tsuru will only execute a new event afterprevious ones were completed or not, even if the time window already allows theexecution of a new event.

event[]:all-targets

Boolean value describing whether the throttling will apply to all events targetvalues or to individual values.

Volume plans configuration

volume-plans:<plan-name>:<provisioner>

Provisioner specific configuration entries for the volume plan. Seemanaging volumes.

Common redis configuration options

<prefix>:redis-server

Connect to a single redis server. The redis server address should be in theformat host:port. This parameter is mutually exclusive with<prefix>:redis-sentinel-addrs and <prefix>:redis-cluster-addrs.

<prefix>:redis-host

Alternative way to specify a single redis server to connect. Only the hostname should be informed.

<prefix>:redis-port

The port used when <prefix>:redis-host is defined.

<prefix>:redis-sentinel-addrs

Connect to a farm of redis sentinel servers. It’s a comma separated list ofhost:port pairs. e.g.: 10.0.0.1:26379,10.0.0.2:26379. This parameter ismutually exclusive with <prefix>:redis-server and<prefix>:redis-cluster-addrs.

<prefix>:redis-sentinel-master

The master name for a sentinel farm. This parameter is mandatory when<prefix>:redis-sentinel-addrs is defined.

<prefix>:redis-cluster-addrs

Connect to a farm of redis cluster servers. It’s a comma separated list ofhost:port pairs. e.g.: 10.0.0.1:6379,10.0.0.2:6379. This parameter ismutually exclusive with <prefix>:redis-server and<prefix>:redis-sentinel-addrs.

<prefix>:redis-db

The db number selected when connecting to redis.

<prefix>:redis-password

The password used when connecting to redis.

<prefix>:redis-pool-size

The maximum number of simultaneously open connections to a redis server.

<prefix>:redis-max-retries

The number of times an unsuccessful command will be sent to redis again.

<prefix>:redis-pool-timeout

Duration in seconds to wait for a free redis connection once the maximum poolsize defined in <prefix>:redis-pool-size is reached.

<prefix>:redis-pool-idle-timeout

Duration in seconds after which an idle connection will be discarded from thepool.

<prefix>:redis-dial-timeout

Duration in seconds after which an error will be returned if a connection toredis cannot be established.

<prefix>:redis-read-timeout

Duration in seconds after which an error will be returned if tsuru is stillwaiting for the response for an issued command.

<prefix>:redis-write-timeout

Duration in seconds after which an error will be returned if tsuru is stillsending a command to redis.

Kubernetes specific configuration options

kubernetes:use-pool-namespaces

If set to true, tsuru will create a Kubernetes namespace for each pool.Defaults to false (using a single namespace).

Sample file

Here is a complete example:

listen: "0.0.0.0:8080"
debug: true
host: http://<machine-public-addr>:8080 # This port must be the same as in the "listen" conf
auth:
    user-registration: true
    scheme: native
database:
    url: <your-mongodb-server>:27017
    name: tsurudb
queue:
    mongo-url: <your-mongodb-server>:27017
    mongo-database: queuedb
git:
    api-server: http://<your-gandalf-server>:8000
provisioner: docker
docker:
    router: hipache
    collection: docker_containers
    repository-namespace: tsuru
    deploy-cmd: /var/lib/tsuru/deploy
    cluster:
        storage: mongodb
        mongo-url: <your-mongodb-server>:27017
        mongo-database: cluster
    run-cmd:
        bin: /var/lib/tsuru/start
        port: "8888"
routers:
    hipache:
        type: hipache
        domain: <your-hipache-server-ip>.xip.io
        redis-server: <your-redis-server-with-port>

原文: https://docs.tsuru.io/1.6/reference/config.html