Date   

[aws] How to run t2.micro?

Danny Berger <dpb587@...>
 

Although unrelated to instance type, I don't see an availability zone
listed for the resource pool - perhaps that's something to check? And
double check subnet, IP ranges, and AZ are all correctly affiliated.

Also should configure an ephemeral disk for t2's, like others have
suggested.

The only other t2-specific issue I've run into is that AWS doesn't support
mounting encrypted persistent disks on some of them.

Danny


On Thursday, August 20, 2015, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

Hmm, tried t2.small and it failed too as above.

My manifest is https://gist.github.com/drnic/0ee3335b0c0d435861e6 -
anything you can spot I'm missing? Thanks for the help.

On Thu, Aug 20, 2015 at 9:02 AM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

t2.micro was what I tried and it failed


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic

--
Danny Berger
http://dpb587.me


Re: Any downsides to ELB 443 running in Secure TCP mode?

Dr Nic Williams
 

Unfortunately the employees are behind a firewall that only allows egress 80 and 443; they don't have a particular dislike to 4443. They dislike all of the ports :)

On Thu, Aug 20, 2015 at 4:50 PM, Mike Jacobi <sushiandbeer(a)outlook.com>
wrote:

Point being: If you want or need to keep 443 as HTTPS, perhaps you can find another allowed egress port and move wss there.
From: sushiandbeer(a)outlook.com
To: cf-bosh(a)lists.cloudfoundry.org
Date: Thu, 20 Aug 2015 16:45:44 -0700
Subject: [cf-bosh] Re: Any downsides to ELB 443 running in Secure TCP mode?
I ran into the same issue. My solution was to run wss on 8080. Yes, it's weird to run SSL on 8080, but it was allowed out the firewall.
Date: Wed, 19 Aug 2015 22:30:03 -0700
From: drnic(a)starkandwayne.com
To: cf-bosh(a)lists.cloudfoundry.org
Subject: [cf-bosh] Any downsides to ELB 443 running in Secure TCP mode?
Pivotal WS runs behind ELBs that pipe websockets traffic through port 4443 in Secure TCP mode - because ELBs in HTTPS mode do not respect the websocket handshake upgrade.
We tried running port 443 in Secure TCP and avoid the additional port 4443 (which cannot be accessed from inside client company's network - they only allow outbound access to :80 and :443).
And it works.
What are the downsides to running :443 as Secure TCP rather than HTTPS?
Nic


Re: [aws] How to run t2.micro?

Brian Cunnie <bcunnie@...>
 

I use t2.micro stemcells all the time, but I only deploy with bosh-init,
not bosh.

here's a snippet from
https://github.com/APShirley/sslxip-release/blob/master/examples/bosh-init-manifest-sslip.yml

- name: sslip_pool
network: default
cloud_properties:
instance_type: t2.micro
ephemeral_disk:
size: 4000
type: gp2
availability_zone: us-east-1a
stemcell:
url:
https://bosh.io/d/stemcells/bosh-aws-xen-hvm-centos-7-go_agent?v=3042
sha1: 082b4eee247bb199138ec6163fb4ea92f6b7fcc4

On Thu, Aug 20, 2015 at 12:35 PM, Stevo Slavić <sslavic(a)gmail.com> wrote:

Why not try with latest version of that stemcell?
https://bosh.io/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent ( 3048 )

In list of versions, no release notes...

I wonder why it has "light" in its name.

On Thu, Aug 20, 2015 at 6:08 PM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

Hmm, tried t2.small and it failed too as above.

My manifest is https://gist.github.com/drnic/0ee3335b0c0d435861e6 -
anything you can spot I'm missing? Thanks for the help.

On Thu, Aug 20, 2015 at 9:02 AM, Dr Nic Williams <drnicwilliams(a)gmail.com
wrote:
t2.micro was what I tried and it failed


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


Re: Any downsides to ELB 443 running in Secure TCP mode?

Mike Jacobi
 

Point being: If you want or need to keep 443 as HTTPS, perhaps you can find another allowed egress port and move wss there.

From: sushiandbeer(a)outlook.com
To: cf-bosh(a)lists.cloudfoundry.org
Date: Thu, 20 Aug 2015 16:45:44 -0700
Subject: [cf-bosh] Re: Any downsides to ELB 443 running in Secure TCP mode?




I ran into the same issue. My solution was to run wss on 8080. Yes, it's weird to run SSL on 8080, but it was allowed out the firewall.

Date: Wed, 19 Aug 2015 22:30:03 -0700
From: drnic(a)starkandwayne.com
To: cf-bosh(a)lists.cloudfoundry.org
Subject: [cf-bosh] Any downsides to ELB 443 running in Secure TCP mode?



Pivotal WS runs behind ELBs that pipe websockets traffic through port 4443 in Secure TCP mode - because ELBs in HTTPS mode do not respect the websocket handshake upgrade.


We tried running port 443 in Secure TCP and avoid the additional port 4443 (which cannot be accessed from inside client company's network - they only allow outbound access to :80 and :443).


And it works.


What are the downsides to running :443 as Secure TCP rather than HTTPS?


Nic


Re: Any downsides to ELB 443 running in Secure TCP mode?

Mike Jacobi
 

I ran into the same issue. My solution was to run wss on 8080. Yes, it's weird to run SSL on 8080, but it was allowed out the firewall.

Date: Wed, 19 Aug 2015 22:30:03 -0700
From: drnic(a)starkandwayne.com
To: cf-bosh(a)lists.cloudfoundry.org
Subject: [cf-bosh] Any downsides to ELB 443 running in Secure TCP mode?



Pivotal WS runs behind ELBs that pipe websockets traffic through port 4443 in Secure TCP mode - because ELBs in HTTPS mode do not respect the websocket handshake upgrade.


We tried running port 443 in Secure TCP and avoid the additional port 4443 (which cannot be accessed from inside client company's network - they only allow outbound access to :80 and :443).


And it works.


What are the downsides to running :443 as Secure TCP rather than HTTPS?


Nic


Re: [aws] How to run t2.micro?

Stevo Slavić <sslavic at gmail.com...>
 

Why not try with latest version of that stemcell?
https://bosh.io/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent ( 3048 )

In list of versions, no release notes...

I wonder why it has "light" in its name.

On Thu, Aug 20, 2015 at 6:08 PM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

Hmm, tried t2.small and it failed too as above.

My manifest is https://gist.github.com/drnic/0ee3335b0c0d435861e6 -
anything you can spot I'm missing? Thanks for the help.

On Thu, Aug 20, 2015 at 9:02 AM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

t2.micro was what I tried and it failed


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


Re: [aws] How to run t2.micro?

Dmitriy Kalinin
 

Right. t2 series do not have ephemeral disks and that's why you have to add
ephemeral disk configuration in cloud_properties, but DrNic's error seems
to happen earlier than creation of a VM.

On Thu, Aug 20, 2015 at 9:44 AM, Diego Lapiduz <diego(a)lapiduz.com> wrote:

Can you try adding an ephemeral disk? We had issues before with HVM
instances that have no default ephemeral disk...

Here is our manifest:
https://github.com/18F/cloud-foundry-manifests/blob/master/cf/cf-infrastructure-aws.yml#L66-L72

On Thu, Aug 20, 2015 at 11:08 AM, Dr Nic Williams <drnicwilliams(a)gmail.com
wrote:
Hmm, tried t2.small and it failed too as above.

My manifest is https://gist.github.com/drnic/0ee3335b0c0d435861e6 -
anything you can spot I'm missing? Thanks for the help.

On Thu, Aug 20, 2015 at 9:02 AM, Dr Nic Williams <drnicwilliams(a)gmail.com
wrote:
t2.micro was what I tried and it failed


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


Re: [aws] How to run t2.micro?

Diego Lapiduz
 

Can you try adding an ephemeral disk? We had issues before with HVM
instances that have no default ephemeral disk...

Here is our manifest:
https://github.com/18F/cloud-foundry-manifests/blob/master/cf/cf-infrastructure-aws.yml#L66-L72

On Thu, Aug 20, 2015 at 11:08 AM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

Hmm, tried t2.small and it failed too as above.

My manifest is https://gist.github.com/drnic/0ee3335b0c0d435861e6 -
anything you can spot I'm missing? Thanks for the help.

On Thu, Aug 20, 2015 at 9:02 AM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

t2.micro was what I tried and it failed


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


Re: [aws] How to run t2.micro?

Dr Nic Williams
 

Hmm, tried t2.small and it failed too as above.

My manifest is https://gist.github.com/drnic/0ee3335b0c0d435861e6 -
anything you can spot I'm missing? Thanks for the help.

On Thu, Aug 20, 2015 at 9:02 AM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

t2.micro was what I tried and it failed


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


Re: [aws] How to run t2.micro?

Dr Nic Williams
 

t2.micro was what I tried and it failed


Re: [aws] How to run t2.micro?

Diego Lapiduz
 

We are deploying to t2.smalls and it works fine.... Is it just in t2.micros
that it fails?

On Thu, Aug 20, 2015 at 10:58 AM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

I wanted a cheap AWS vm for our VPC so I tried using t2.micro. I was using
HVM stemcell. But I get the following AWS error:

Started creating bound missing vms > small_z1/0. Failed: The requested
configuration is currently not supported. Please check the documentation
for supported configurations. (00:00:01)

From googling, the only constraints I can find are: use VPC, use HVM AMIs.

Anyone have a protip on deploying t2.micros?

Nic

--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


[aws] How to run t2.micro?

Dr Nic Williams
 

I wanted a cheap AWS vm for our VPC so I tried using t2.micro. I was using
HVM stemcell. But I get the following AWS error:

Started creating bound missing vms > small_z1/0. Failed: The requested
configuration is currently not supported. Please check the documentation
for supported configurations. (00:00:01)

From googling, the only constraints I can find are: use VPC, use HVM AMIs.

Anyone have a protip on deploying t2.micros?

Nic

--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


Re: Any downsides to ELB 443 running in Secure TCP mode?

James Bayer
 

the x-forwarded-proto header is pretty important for large public clouds as
most of them enable http and https that i'm aware of. in this situation,
i'm not sure how we forego the header when it's also important to allow
plain http traffic on port 80.

On Wed, Aug 19, 2015 at 10:47 PM, aaron_huber <aaron.m.huber(a)intel.com>
wrote:

With SSL instead of HTTPS you lose the X-Forwarded headers which would be
needed for the apps to know if the traffic came in as secure, which would
only be an issue if you're allowing both 80 and 443 and the apps need to be
able to tell the difference. Otherwise it would be identical as far as I'm
aware. Using HTTPS allows them to inject the headers into the protocol.


http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/using-elb-listenerconfig-quickref.html

Aaron




--
View this message in context:
http://cf-bosh.70367.x6.nabble.com/cf-bosh-Any-downsides-to-ELB-443-running-in-Secure-TCP-mode-tp590p591.html
Sent from the CF BOSH mailing list archive at Nabble.com.


--
Thank you,

James Bayer


Re: Any downsides to ELB 443 running in Secure TCP mode?

Aaron Huber
 

With SSL instead of HTTPS you lose the X-Forwarded headers which would be
needed for the apps to know if the traffic came in as secure, which would
only be an issue if you're allowing both 80 and 443 and the apps need to be
able to tell the difference. Otherwise it would be identical as far as I'm
aware. Using HTTPS allows them to inject the headers into the protocol.

http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/using-elb-listenerconfig-quickref.html

Aaron




--
View this message in context: http://cf-bosh.70367.x6.nabble.com/cf-bosh-Any-downsides-to-ELB-443-running-in-Secure-TCP-mode-tp590p591.html
Sent from the CF BOSH mailing list archive at Nabble.com.


Any downsides to ELB 443 running in Secure TCP mode?

Dr Nic Williams
 

Pivotal WS runs behind ELBs that pipe websockets traffic through port 4443 in Secure TCP mode - because ELBs in HTTPS mode do not respect the websocket handshake upgrade.


We tried running port 443 in Secure TCP and avoid the additional port 4443 (which cannot be accessed from inside client company's network - they only allow outbound access to :80 and :443).


And it works.


What are the downsides to running :443 as Secure TCP rather than HTTPS?


Nic


Re: cf-mysql-release Acceptance test failing

Shetty, Daya <Daya.Shetty@...>
 

Hi Marco,

Yes, I did run the provision_cf script hence did not have the security
group defined for mysql. Once I added that the acceptance-tests did pass.

Thanks again,
Daya

On 8/19/15, 10:14 AM, "Marco N." <mnicosia(a)pivotal.io> wrote:

Hi there,

There are two ways to install CF on a bosh-lite. Depending on how you've
installed CF, we may be able to help you.

If you've used bosh-lite's provision_cf script
(https://github.com/cloudfoundry/bosh-lite/blob/master/docs/deploy-cf.md#s
ingle-command-deploy), it may be an issue with your security groups. This
is a known issue, and you can fix the security groups by following these
instructions:
https://gist.github.com/menicosia/2e9c414430138064f945#file-sg-steps-md

We're likely to send a PR about this to bosh-lite soon.

However, if you've used the manual deploy steps
(https://github.com/cloudfoundry/bosh-lite/blob/master/docs/deploy-cf.md#m
anual-deploy), you shouldn't have this problem. Please let us know which
method you've used to install CF, and hopefully we can help you from
there.

--
Marco Nicosia
Product Manager
Pivotal Software, Inc.
mnicosia(a)pivotal.io
The information contained in this e-mail, and any attachment, is confidential and is intended solely for the use of the intended recipient. Access, copying or re-use of the e-mail or any attachment, or any information contained therein, by any other person is not authorized. If you are not the intended recipient please return the e-mail to the sender and delete it from your computer. Although we attempt to sweep e-mail and attachments for viruses, we do not guarantee that either are virus-free and accept no liability for any damage sustained as a result of viruses.

Please refer to http://disclaimer.bnymellon.com/eu.htm for certain disclosures relating to European legal entities.


Re: cf-mysql-release Acceptance test failing

Marco Nicosia
 

Hi there,

There are two ways to install CF on a bosh-lite. Depending on how you've installed CF, we may be able to help you.

If you've used bosh-lite's provision_cf script (https://github.com/cloudfoundry/bosh-lite/blob/master/docs/deploy-cf.md#single-command-deploy), it may be an issue with your security groups. This is a known issue, and you can fix the security groups by following these instructions:
https://gist.github.com/menicosia/2e9c414430138064f945#file-sg-steps-md

We're likely to send a PR about this to bosh-lite soon.

However, if you've used the manual deploy steps (https://github.com/cloudfoundry/bosh-lite/blob/master/docs/deploy-cf.md#manual-deploy), you shouldn't have this problem. Please let us know which method you've used to install CF, and hopefully we can help you from there.

--
Marco Nicosia
Product Manager
Pivotal Software, Inc.
mnicosia(a)pivotal.io


Problem with using cf_cliV6 on cf v 206

Bharath posa
 

Hi guys I am unable to login into my cf deployment having v206. It is giving error saying unable to find route to uaa.172.24.4.2.xip.io . I tried to download v5 binaries on github cloudounfry cli but they are not there . I am posting my cf-deployment.yml below.

https://gist.github.com/bha123/20885c7eee58544c3e90

can any body what are the changes I have to make so that it can work

regards
bharath


Problem with using cf_cliV6 on cf v 206

Bharath posa
 

Hi all

I am using cf-206 cloudfoudry on openstack. Recently I downloaded the binaries of cf_cli206. It is failing to login saying unable to route to uaa.172.24.4.2.xip.io. I am providing my cf-deployment.yml below .

https://gist.github.com/bha123/20885c7eee58544c3e90

I also tried to find cf_cli v5 . I couldn't able to find the binaries download

can any body help me out in this

regards
bharath


cf-mysql-release Acceptance test failing

Daya Shetty <daya.shetty@...>
 

Deployed bosh-lite version of cf-mysql-release version 22 successfully , but the acceptance test is failing with the following error:

[2015-08-12 05:24:04.76 (UTC)]> curl -s -d myvalue http://2f9a9ccf-818d-4c3a-7e70-f34f46c1b9d8.10.244.0.34.xip.io/service/mysql/e8cfc2c1-5301-4907-522f-ab6d23215c37/mykey
Error: Can't connect to MySQL server on '10.244.7.6' (111)

• Failure [87.711 seconds]
P-MySQL Lifecycle Tests
/var/vcap/packages/acceptance-tests/src/github.com/cloudfoundry-incubator/cf-mysql-acceptance-tests/cf-mysql-service/lifecycle/lifecycle_test.go:55
Allows users to create, bind, write to, read from, unbind, and destroy a service instance for the each plan [It]
/var/vcap/packages/acceptance-tests/src/github.com/cloudfoundry-incubator/cf-mysql-acceptance-tests/cf-mysql-service/lifecycle/lifecycle_test.go:54

Got stuck at:
Error: Can't connect to MySQL server on '10.244.7.6' (111)

The VM’s are running fine..

Deployment `cf-warden-mysql'

Director task 706

Task 706 done

+----------------------+---------+--------------------+--------------+
| Job/index | State | Resource Pool | IPs |
+----------------------+---------+--------------------+--------------+
| cf-mysql-broker_z1/0 | running | cf-mysql-broker_z1 | 10.244.7.130 |
| cf-mysql-broker_z2/0 | running | cf-mysql-broker_z2 | 10.244.8.130 |
| mysql_z1/0 | running | mysql_z1 | 10.244.7.2 |
| mysql_z2/0 | running | mysql_z2 | 10.244.8.2 |
| mysql_z3/0 | running | mysql_z3 | 10.244.9.2 |
| proxy_z1/0 | running | proxy_z1 | 10.244.7.6 |
| proxy_z2/0 | running | proxy_z2 | 10.244.8.6 |
+----------------------+---------+--------------------+--------------+

VMs total: 7

Any reason why the client is getting Connection Refused error while trying to connect to proxy_z1?

Thanks
Daya

2101 - 2120 of 2757