DEFAULT

alt_names

scopable

True

required

False

default

None

scope order

specific > generic

convert

list

Certificate Signing Request Alternative Domain Names.

bits

scopable

True

required

False

default

4096

scope order

specific > generic

convert

size

Certificate Private Key Length.

c

scopable

True

required

False

default

None

scope order

specific > generic

Certificate Signing Request Country.

ca

scopable

True

required

False

default

None

scope order

specific > generic

The name of secret containing a certificate to use as a Certificate Authority. This secret must be in the same namespace.

cn

scopable

True

required

False

default

None

scope order

specific > generic

Certificate Signing Request Common Name.

comment

scopable

False

required

False

default

scope order

specific > generic

Helps users understand the role of the service and resources, which is nice to on-call support people having to operate on a service they are not usually responsible for.

disable

scopable

True

required

False

default

False

scope order

specific > generic

candidates

True | False

convert

boolean

A disabled resource will be ignored on service startup and shutdown. Its status is always reported n/a.

Set in DEFAULT, the whole service is disabled. A disabled service does not honor start and stop actions. These actions immediately return success.

om <path> disable only sets DEFAULT.disable. As resources disabled state is not changed, om <path> enable does not enable disabled resources.

drpnodes

scopable

True

required

False

default

scope order

specific > generic

convert

list_lower

Alternate backup nodes, where the service could be activated in a DRP situation if the “drpnode” is not available. These nodes are also data synchronization targets for sync resources.

email

scopable

True

required

False

default

None

scope order

specific > generic

Certificate Signing Request Email.

env

scopable

False

required

False

default

<same as node env>

scope order

specific > generic

candidates

CERT | DEV | DRP | FOR | INT | MUS | POC | PRA | PRD | PRJ | PPR | PPRD | QUAL | RCT | REC | STG | TMP | TST | UAT

A non-PRD service can not be brought up on a PRD node, but a PRD service can be startup on a non-PRD node (in a DRP situation). The default value is the node env.

id

scopable

False

required

False

default

<random uuid>

scope order

specific > generic

A RFC 4122 random uuid generated by the agent. To use as reference in resources definitions instead of the service name, so the service can be renamed without affecting the resources.

l

scopable

True

required

False

default

None

scope order

specific > generic

Certificate Signing Request Location.

lock_timeout

scopable

False

required

False

default

60

scope order

specific > generic

convert

duration

A duration expression, like 1m30s. The maximum wait time for the action lock acquire. The –waitlock option overrides this parameter.

nodes

scopable

True

required

False

default

<hostname of the current node>

scope order

specific > generic

convert

nodes_selector

A node selector expression specifying the list of cluster nodes hosting service instances.

o

scopable

True

required

False

default

None

scope order

specific > generic

Certificate Signing Request Organization.

ou

scopable

True

required

False

default

None

scope order

specific > generic

Certificate Signing Request Organizational Unit.

st

scopable

True

required

False

default

None

scope order

specific > generic

Certificate Signing Request State.

validity

scopable

True

required

False

default

365d

scope order

specific > generic

convert

duration_to_day

Certificate Validity duration.