Date   

Re: Resuming UAA work

Alberto A. Flores
 

Thanks Dmitriy!

Alberto
Twitter: albertoaflores

On May 28, 2015, at 8:32 PM, Dmitriy Kalinin <dkalinin(a)pivotal.io> wrote:

Sure feel free to leave comments on the issue (https://github.com/cloudfoundry/bosh-notes/issues/8) or file a PR against that document and I will try to incorporate it.

On Thu, May 28, 2015 at 5:26 PM, Alberto A. Flores <aaflores(a)gmail.com> wrote:
Thanks for the response!

+1 on the "bosh-director.DIRECTOR-UUID.admin" scope. I assume this means that in the event of multiple directors, users will have to have multiple scopes associated to their credentials (either through uaa or local). That would be a great start.

Is there anyway i can follow/vote on the items regarding authz? I like the proposed scope schemes to create some ACL control. I'm hoping to use BOSH as a viable tool to empower datacenter operators. As this is defined, the idea or different roles is essential. (Are pull request welcomed?)

Alberto
Twitter: albertoaflores

On May 28, 2015, at 7:20 PM, Dmitriy Kalinin <dkalinin(a)pivotal.io> wrote:

bosh-director.DIRECTOR-UUID.admin
_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh
_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


Re: Create bosh stemcell failed in AWS region cn-north-1

支雷 <lzhi3937 at gmail.com...>
 

I have been blocked by this issue for two weeks, and have no progress. I am
looking forward to you to solve this problem. Thanks a lot.

2015-05-27 9:11 GMT+08:00 Dmitriy Kalinin <dkalinin(a)pivotal.io>:

It seems like this method cannot find appropriate AKIs:
https://github.com/cloudfoundry/bosh/blob/master/bosh_aws_cpi/lib/cloud/aws/aki_picker.rb#L48-L59

I just requested account from AWS to access China region and try to
reproduce the problem.

On Wed, May 20, 2015 at 8:37 PM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

There are two issues - the second is that bosh-bootstrap uses a project
"cyoi" (choose your own infrastructure) and underneath it uses "fog" - its
quite possible that either or both do not yet support China (its harder to
get accounts to do testing).

The former is failing inside AWS SDK for Ruby.

BOSH calls into this library here:
https://github.com/cloudfoundry/bosh/blob/develop/bosh_aws_cpi/lib/cloud/aws/aki_picker.rb#L25

We are using aws-sdk (= 1.60.2)
https://github.com/cloudfoundry/bosh/blob/114b3cf107672cfebf444fe7db4703dd804c72cc/Gemfile.lock#L19

The latest version is 2.0.42
https://rubygems.org/gems/aws-sdk/versions/2.0.42

So perhaps China support was added more recently and we need to bump to
newer aws-sdk version.

Try bumping this version in the Gemfile of bosh and using that.

Avoid bosh-bootstrap until you've at least confimed you can get
underlying bosh_cli to work.


On Wed, May 20, 2015 at 8:17 PM, 支雷 <lzhi3937(a)gmail.com> wrote:

I have tried full stemcell
bosh-stemcell-2972-aws-xen-ubuntu-trusty-go_agent.tgz, but failed, error
"create stemcell failed: unable to find AKI:" was thrown (please find
details in my first email). And when I tried to "bosh-bootstrap deploy"
command, I got `validate_aws_region': Unknown region: "cn-north-1"
(ArgumentError). Seems cn-north-1 is not supported by bosh aws plugin. Any
suggestions on this issue? Thanks!

2015-05-19 23:58 GMT+08:00 Wayne E. Seguin <
wayneeseguin(a)starkandwayne.com>:

The issue is that there appear to not be any light stemcells in your
region, there is another recent question on the list to this effect. In
order to make progress you might want to build your own stemcell to use for
now or try to find and download a full aws hvm stemcell image to upload.

On Mon, May 18, 2015 at 6:12 AM, 支雷 <lzhi3937(a)gmail.com> wrote:

Hello,

I tried to deploy micro bosh in AWS region cn-north-1 in several ways,
but all failed. Any suggestions on how to deploy micro bosh in AWS region
cn-north-1? Thanks!

I created a EC2 instance (ubuntu) in the cn-north-1 region with an
public ip, ssh'd into it and installed bosh-cli, bosh_cli_plugin_micro and
bosh_cli_plugin_aws. After that I downloaded stemcell
bosh-stemcell-2972-aws-xen-ubuntu-trusty-go_agent.tgz, and tried " bosh
micro deploy ./bosh-stemcell-2972-aws-xen-ubuntu-trusty-go_agent.tgz" which
resulted in "create stemcell failed: getaddrinfo: Name or service not
known:"

I checked the failed URL, it's "ec2.cn-north-1.amazonaws.com" which
is not accessable. I updated the http.rb and changed the url to "
ec2.cn-north-1.amazonaws.com.cn" and escape the ssl validation and
tried again, another error was thrown:

Stemcell info
-------------
Name: bosh-aws-xen-ubuntu-trusty-go_agent
Version: 2972

Started deploy micro bosh
Started deploy micro bosh > Unpacking stemcell. Done (00:00:08)
Started deploy micro bosh > Uploading stemcell"
create stemcell failed: unable to find AKI:
/var/lib/gems/1.9.1/gems/bosh_aws_cpi-1.2972.0/lib/cloud/aws/aki_picker.rb:15:in
`pick'
/var/lib/gems/1.9.1/gems/bosh_aws_cpi-1.2972.0/lib/cloud/aws/stemcell_creator.rb:100:in
`image_params'
/var/lib/gems/1.9.1/gems/bosh_aws_cpi-1.2972.0/lib/cloud/aws/stemcell_creator.rb:24:in
`create'
/var/lib/gems/1.9.1/gems/bosh_aws_cpi-1.2972.0/lib/cloud/aws/cloud.rb:465:in
`block in create_stemcell'
/var/lib/gems/1.9.1/gems/bosh_common-1.2972.0/lib/common/thread_formatter.rb:49:in
`with_thread_name'
/var/lib/gems/1.9.1/gems/bosh_aws_cpi-1.2972.0/lib/cloud/aws/cloud.rb:445:in
`create_stemcell'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:228:in
`block (2 levels) in create_stemcell'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:85:in
`step'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:227:in
`block in create_stemcell'
/usr/lib/ruby/1.9.1/tmpdir.rb:83:in `mktmpdir'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:213:in
`create_stemcell'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:118:in
`create'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:98:in
`block in create_deployment'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:92:in
`with_lifecycle'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:98:in
`create_deployment'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/cli/commands/micro.rb:179:in
`perform'
/var/lib/gems/1.9.1/gems/bosh_cli-1.2972.0/lib/cli/command_handler.rb:57:in
`run'
/var/lib/gems/1.9.1/gems/bosh_cli-1.2972.0/lib/cli/runner.rb:56:in
`run'
/var/lib/gems/1.9.1/gems/bosh_cli-1.2972.0/bin/bosh:16:in `<top
(required)>'
/usr/local/bin/bosh:23:in `load'
/usr/local/bin/bosh:23:in `<main>'

After that I installed bosh-bootstrap and executed following command:

bosh-bootstrap deploy

and I selected AWS provider and region 10 (China (Beijing) Region
(cn-north-1)), an error was thrown :

Confirming: Using AWS EC2/cn-north-1
/var/lib/gems/1.9.1/gems/fog-aws-0.1.1/lib/fog/aws/region_methods.rb:6:in
`validate_aws_region': Unknown region: "cn-north-1" (ArgumentError)
from
/var/lib/gems/1.9.1/gems/fog-aws-0.1.1/lib/fog/aws/compute.rb:482:in
`initialize'
from
/var/lib/gems/1.9.1/gems/fog-core-1.30.0/lib/fog/core/service.rb:115:in
`new'
from
/var/lib/gems/1.9.1/gems/fog-core-1.30.0/lib/fog/core/service.rb:115:in
`new'
from
/var/lib/gems/1.9.1/gems/fog-core-1.30.0/lib/fog/compute.rb:60:in `new'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/providers/clients/aws_provider_client.rb:257:in
`setup_fog_connection'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/providers/clients/fog_provider_client.rb:13:in
`initialize'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/providers.rb:17:in `new'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/providers.rb:17:in
`provider_client'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/cli/helpers/provider.rb:6:in
`provider_client'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/cli/address.rb:41:in
`address_cli'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/cli/address.rb:56:in
`valid_address?'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/cli/address.rb:19:in
`execute!'
from
/var/lib/gems/1.9.1/gems/bosh-bootstrap-0.17.0/lib/bosh-bootstrap/cli/commands/deploy.rb:41:in
`select_or_provision_public_networking'
from
/var/lib/gems/1.9.1/gems/bosh-bootstrap-0.17.0/lib/bosh-bootstrap/cli/commands/deploy.rb:21:in
`perform'
from
/var/lib/gems/1.9.1/gems/bosh-bootstrap-0.17.0/lib/bosh-bootstrap/thor_cli.rb:11:in
`deploy'
from
/var/lib/gems/1.9.1/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
from
/var/lib/gems/1.9.1/gems/thor-0.19.1/lib/thor/invocation.rb:126:in
`invoke_command'
from /var/lib/gems/1.9.1/gems/thor-0.19.1/lib/thor.rb:359:in
`dispatch'
from /var/lib/gems/1.9.1/gems/thor-0.19.1/lib/thor/base.rb:440:in
`start'
from
/var/lib/gems/1.9.1/gems/bosh-bootstrap-0.17.0/bin/bosh-bootstrap:13:in
`<top (required)>'
from /usr/local/bin/bosh-bootstrap:23:in `load'
from /usr/local/bin/bosh-bootstrap:23:in `<main>'


_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


Re: Resuming UAA work

Alberto A. Flores
 

Filip,

Does the uaa have a cli? It seems like uaac is a "cloudfoundry" thing. Sound like cli interactions are expected through curl.

PS: wasn't sure where to ask this question since the UAA is a project of it's own. Maybe it's too early to have a mailing list for it. Do you inow where we can post questions for it? Cf mailing list?

Alberto
Twitter: albertoaflores

On May 28, 2015, at 6:53 PM, Filip Hanik <fhanik(a)pivotal.io> wrote:

The UAA doesn't depend on CF, it can be leveraged as a stand alone product.


On Thu, May 28, 2015 at 4:52 PM, Aristoteles Neto <aristoteles.neto(a)webdrive.co.nz> wrote:
From the perspective of using BOSH without CF, moving the users to the manifest is actually an improvement, as it allows you to list the actual users without logging in to the DB.

Are there any plans to split out UAA from Cloud Foundry? More specifically I’d love to be able to have groups / permissions scheme for deployments / commands without needing to install CF.

-- Neto



On 29/05/2015, at 10:33, Dmitriy Kalinin <dkalinin(a)pivotal.io> wrote:

Hey all,

We have resumed BOSH & UAA integration work: https://www.pivotaltracker.com/n/projects/1285490 to be worked on by a single pair.

As part of this work we are going to provide two options how to configure the Director auth:
- without UAA [default] (already exists, but we want to simplify it)
- with UAA (currently being worked on)

Currently Director only works without UAA and has its own user management functionality. There is the users table in the DB and CLI provides create/delete user commands. I would like to simplify this functionality as much as possible. Users would be configured statically in the manifest for the Director so that we can delete users table and associated commands.

Here is how the Director manifest would look like for 'Director without UAA' configuration:

properties:
director:
users:
- {name: admin, hashed_password: $1$0497b6da$8/0owfq5zblA3o7kXQgGy} # crypted 'password'
- {name: admin2, hashed_password: $1$0497b6da$8/0owfq5zblA3o7kXQgGy} # crypted 'password'
...

For more complex use cases, we will encourage people to use Director auth via UAA once that becomes available so that LDAP, password, lockout policies, etc. can be configured.

Thoughts?

Dmitriy
_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh
_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


Re: Resuming UAA work

Gwenn Etourneau
 

https://github.com/cloudfoundry/cf-uaac Is a ruby client and should be able
to help you, even if the name is "cf-"

I think even if uaac is not really cloudfoundry this mailling list is ok.


On Fri, May 29, 2015 at 6:22 PM, Alberto A. Flores <aaflores(a)gmail.com>
wrote:

Filip,

Does the uaa have a cli? It seems like uaac is a "cloudfoundry" thing.
Sound like cli interactions are expected through curl.

PS: wasn't sure where to ask this question since the UAA is a project of
it's own. Maybe it's too early to have a mailing list for it. Do you inow
where we can post questions for it? Cf mailing list?

Alberto
Twitter: albertoaflores

On May 28, 2015, at 6:53 PM, Filip Hanik <fhanik(a)pivotal.io> wrote:

The UAA doesn't depend on CF, it can be leveraged as a stand alone product.


On Thu, May 28, 2015 at 4:52 PM, Aristoteles Neto <
aristoteles.neto(a)webdrive.co.nz> wrote:

From the perspective of using BOSH without CF, moving the users to the
manifest is actually an improvement, as it allows you to list the actual
users without logging in to the DB.

Are there any plans to split out UAA from Cloud Foundry? More
specifically I’d love to be able to have groups / permissions scheme for
deployments / commands without needing to install CF.

-- Neto



On 29/05/2015, at 10:33, Dmitriy Kalinin <dkalinin(a)pivotal.io> wrote:

Hey all,

We have resumed BOSH & UAA integration work:
https://www.pivotaltracker.com/n/projects/1285490 to be worked on by a
single pair.

As part of this work we are going to provide two options how to configure
the Director auth:
- without UAA [default] (already exists, but we want to simplify it)
- with UAA (currently being worked on)

Currently Director only works without UAA and has its own user management
functionality. There is the users table in the DB and CLI provides
create/delete user commands. I would like to simplify this functionality as
much as possible. Users would be configured statically in the manifest for
the Director so that we can delete users table and associated commands.

Here is how the Director manifest would look like for 'Director without
UAA' configuration:

properties:
director:
users:
- {name: admin, hashed_password: $1$0497b6da$8/0owfq5zblA3o7kXQgGy} #
crypted 'password'
- {name: admin2, hashed_password: $1$0497b6da$8/0owfq5zblA3o7kXQgGy}
# crypted 'password'
...

For more complex use cases, we will encourage people to use Director auth
via UAA once that becomes available so that LDAP, password, lockout
policies, etc. can be configured.

Thoughts?

Dmitriy
_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh



_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


Re: Resuming UAA work

Alberto A. Flores
 

Thanks Gween,

so just to be clear, I should be able to install UAA standalone and the
cf-uaac to interact with it. No need to install CloudFoundry.

Alberto Flores
http://www.linkedin.com/in/aflores

“A war against standards leads logically and inevitably to hostility to
religion, because it is religious faith that provides the ultimate basis
for all standards.” - Michael Medved

"(T)he foundation of our national policy will be laid in the pure and
immutable principles of private morality; ...the propitious smiles of
Heaven can never be expected on a nation that disregards the eternal rules
of order and right which Heaven itself has ordained..." George Washington,
First Inaugural, April 30 1789



On Fri, May 29, 2015 at 5:55 AM, Gwenn Etourneau <getourneau(a)pivotal.io>
wrote:

https://github.com/cloudfoundry/cf-uaac Is a ruby client and should be
able to help you, even if the name is "cf-"

I think even if uaac is not really cloudfoundry this mailling list is ok.


On Fri, May 29, 2015 at 6:22 PM, Alberto A. Flores <aaflores(a)gmail.com>
wrote:

Filip,

Does the uaa have a cli? It seems like uaac is a "cloudfoundry" thing.
Sound like cli interactions are expected through curl.

PS: wasn't sure where to ask this question since the UAA is a project of
it's own. Maybe it's too early to have a mailing list for it. Do you inow
where we can post questions for it? Cf mailing list?

Alberto
Twitter: albertoaflores

On May 28, 2015, at 6:53 PM, Filip Hanik <fhanik(a)pivotal.io> wrote:

The UAA doesn't depend on CF, it can be leveraged as a stand alone
product.


On Thu, May 28, 2015 at 4:52 PM, Aristoteles Neto <
aristoteles.neto(a)webdrive.co.nz> wrote:

From the perspective of using BOSH without CF, moving the users to the
manifest is actually an improvement, as it allows you to list the actual
users without logging in to the DB.

Are there any plans to split out UAA from Cloud Foundry? More
specifically I’d love to be able to have groups / permissions scheme for
deployments / commands without needing to install CF.

-- Neto



On 29/05/2015, at 10:33, Dmitriy Kalinin <dkalinin(a)pivotal.io> wrote:

Hey all,

We have resumed BOSH & UAA integration work:
https://www.pivotaltracker.com/n/projects/1285490 to be worked on by a
single pair.

As part of this work we are going to provide two options how to
configure the Director auth:
- without UAA [default] (already exists, but we want to simplify it)
- with UAA (currently being worked on)

Currently Director only works without UAA and has its own user
management functionality. There is the users table in the DB and CLI
provides create/delete user commands. I would like to simplify this
functionality as much as possible. Users would be configured statically in
the manifest for the Director so that we can delete users table and
associated commands.

Here is how the Director manifest would look like for 'Director without
UAA' configuration:

properties:
director:
users:
- {name: admin, hashed_password: $1$0497b6da$8/0owfq5zblA3o7kXQgGy}
# crypted 'password'
- {name: admin2, hashed_password: $1$0497b6da$8/0owfq5zblA3o7kXQgGy}
# crypted 'password'
...

For more complex use cases, we will encourage people to use Director
auth via UAA once that becomes available so that LDAP, password, lockout
policies, etc. can be configured.

Thoughts?

Dmitriy
_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh



_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


Re: Resuming UAA work

Gwenn Etourneau
 

Yes should be ok.

By the way the best way to use the Uaa is by the provided api.

thanks

On Fri, May 29, 2015 at 7:16 PM, Alberto A. Flores <aaflores(a)gmail.com>
wrote:

Thanks Gween,

so just to be clear, I should be able to install UAA standalone and the
cf-uaac to interact with it. No need to install CloudFoundry.

Alberto Flores
http://www.linkedin.com/in/aflores

“A war against standards leads logically and inevitably to hostility to
religion, because it is religious faith that provides the ultimate basis
for all standards.” - Michael Medved

"(T)he foundation of our national policy will be laid in the pure and
immutable principles of private morality; ...the propitious smiles of
Heaven can never be expected on a nation that disregards the eternal rules
of order and right which Heaven itself has ordained..." George Washington,
First Inaugural, April 30 1789



On Fri, May 29, 2015 at 5:55 AM, Gwenn Etourneau <getourneau(a)pivotal.io>
wrote:

https://github.com/cloudfoundry/cf-uaac Is a ruby client and should be
able to help you, even if the name is "cf-"

I think even if uaac is not really cloudfoundry this mailling list is ok.


On Fri, May 29, 2015 at 6:22 PM, Alberto A. Flores <aaflores(a)gmail.com>
wrote:

Filip,

Does the uaa have a cli? It seems like uaac is a "cloudfoundry" thing.
Sound like cli interactions are expected through curl.

PS: wasn't sure where to ask this question since the UAA is a project of
it's own. Maybe it's too early to have a mailing list for it. Do you inow
where we can post questions for it? Cf mailing list?

Alberto
Twitter: albertoaflores

On May 28, 2015, at 6:53 PM, Filip Hanik <fhanik(a)pivotal.io> wrote:

The UAA doesn't depend on CF, it can be leveraged as a stand alone
product.


On Thu, May 28, 2015 at 4:52 PM, Aristoteles Neto <
aristoteles.neto(a)webdrive.co.nz> wrote:

From the perspective of using BOSH without CF, moving the users to the
manifest is actually an improvement, as it allows you to list the actual
users without logging in to the DB.

Are there any plans to split out UAA from Cloud Foundry? More
specifically I’d love to be able to have groups / permissions scheme for
deployments / commands without needing to install CF.

-- Neto



On 29/05/2015, at 10:33, Dmitriy Kalinin <dkalinin(a)pivotal.io> wrote:

Hey all,

We have resumed BOSH & UAA integration work:
https://www.pivotaltracker.com/n/projects/1285490 to be worked on by a
single pair.

As part of this work we are going to provide two options how to
configure the Director auth:
- without UAA [default] (already exists, but we want to simplify it)
- with UAA (currently being worked on)

Currently Director only works without UAA and has its own user
management functionality. There is the users table in the DB and CLI
provides create/delete user commands. I would like to simplify this
functionality as much as possible. Users would be configured statically in
the manifest for the Director so that we can delete users table and
associated commands.

Here is how the Director manifest would look like for 'Director without
UAA' configuration:

properties:
director:
users:
- {name: admin, hashed_password: $1$0497b6da$8/0owfq5zblA3o7kXQgGy}
# crypted 'password'
- {name: admin2, hashed_password:
$1$0497b6da$8/0owfq5zblA3o7kXQgGy} # crypted 'password'
...

For more complex use cases, we will encourage people to use Director
auth via UAA once that becomes available so that LDAP, password, lockout
policies, etc. can be configured.

Thoughts?

Dmitriy
_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh



_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


Re: Resuming UAA work

Alberto A. Flores
 

cool, thanks Gwenn!

Alberto Flores
http://www.linkedin.com/in/aflores

“A war against standards leads logically and inevitably to hostility to
religion, because it is religious faith that provides the ultimate basis
for all standards.” - Michael Medved

"(T)he foundation of our national policy will be laid in the pure and
immutable principles of private morality; ...the propitious smiles of
Heaven can never be expected on a nation that disregards the eternal rules
of order and right which Heaven itself has ordained..." George Washington,
First Inaugural, April 30 1789



On Fri, May 29, 2015 at 6:22 AM, Gwenn Etourneau <getourneau(a)pivotal.io>
wrote:

Yes should be ok.

By the way the best way to use the Uaa is by the provided api.

thanks

On Fri, May 29, 2015 at 7:16 PM, Alberto A. Flores <aaflores(a)gmail.com>
wrote:

Thanks Gween,

so just to be clear, I should be able to install UAA standalone and the
cf-uaac to interact with it. No need to install CloudFoundry.

Alberto Flores
http://www.linkedin.com/in/aflores

“A war against standards leads logically and inevitably to hostility to
religion, because it is religious faith that provides the ultimate basis
for all standards.” - Michael Medved

"(T)he foundation of our national policy will be laid in the pure and
immutable principles of private morality; ...the propitious smiles of
Heaven can never be expected on a nation that disregards the eternal rules
of order and right which Heaven itself has ordained..." George
Washington, First Inaugural, April 30 1789



On Fri, May 29, 2015 at 5:55 AM, Gwenn Etourneau <getourneau(a)pivotal.io>
wrote:

https://github.com/cloudfoundry/cf-uaac Is a ruby client and should be
able to help you, even if the name is "cf-"

I think even if uaac is not really cloudfoundry this mailling list is ok.


On Fri, May 29, 2015 at 6:22 PM, Alberto A. Flores <aaflores(a)gmail.com>
wrote:

Filip,

Does the uaa have a cli? It seems like uaac is a "cloudfoundry" thing.
Sound like cli interactions are expected through curl.

PS: wasn't sure where to ask this question since the UAA is a project
of it's own. Maybe it's too early to have a mailing list for it. Do you
inow where we can post questions for it? Cf mailing list?

Alberto
Twitter: albertoaflores

On May 28, 2015, at 6:53 PM, Filip Hanik <fhanik(a)pivotal.io> wrote:

The UAA doesn't depend on CF, it can be leveraged as a stand alone
product.


On Thu, May 28, 2015 at 4:52 PM, Aristoteles Neto <
aristoteles.neto(a)webdrive.co.nz> wrote:

From the perspective of using BOSH without CF, moving the users to the
manifest is actually an improvement, as it allows you to list the actual
users without logging in to the DB.

Are there any plans to split out UAA from Cloud Foundry? More
specifically I’d love to be able to have groups / permissions scheme for
deployments / commands without needing to install CF.

-- Neto



On 29/05/2015, at 10:33, Dmitriy Kalinin <dkalinin(a)pivotal.io> wrote:

Hey all,

We have resumed BOSH & UAA integration work:
https://www.pivotaltracker.com/n/projects/1285490 to be worked on by
a single pair.

As part of this work we are going to provide two options how to
configure the Director auth:
- without UAA [default] (already exists, but we want to simplify it)
- with UAA (currently being worked on)

Currently Director only works without UAA and has its own user
management functionality. There is the users table in the DB and CLI
provides create/delete user commands. I would like to simplify this
functionality as much as possible. Users would be configured statically in
the manifest for the Director so that we can delete users table and
associated commands.

Here is how the Director manifest would look like for 'Director
without UAA' configuration:

properties:
director:
users:
- {name: admin, hashed_password:
$1$0497b6da$8/0owfq5zblA3o7kXQgGy} # crypted 'password'
- {name: admin2, hashed_password:
$1$0497b6da$8/0owfq5zblA3o7kXQgGy} # crypted 'password'
...

For more complex use cases, we will encourage people to use Director
auth via UAA once that becomes available so that LDAP, password, lockout
policies, etc. can be configured.

Thoughts?

Dmitriy
_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh



_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


Director HTTP API

Vinicius Carvalho <viniciusccarvalho@...>
 

Is there any docs with all API endpoints described? I'm looking at the code
at the moment, it really would help if something like that exists.

Thanks


--
The intuitive mind is a sacred gift and the
rational mind is a faithful servant. We have
created a society that honors the servant and
has forgotten the gift.


Re: Director HTTP API

Dr Nic Williams
 

Perhaps look at gogobosh which is a golang client for much of the API

On Fri, May 29, 2015 at 6:23 AM, Vinicius Carvalho
<viniciusccarvalho(a)gmail.com> wrote:

Is there any docs with all API endpoints described? I'm looking at the code
at the moment, it really would help if something like that exists.
Thanks
--
The intuitive mind is a sacred gift and the
rational mind is a faithful servant. We have
created a society that honors the servant and
has forgotten the gift.


sslproxy-boshrelease v6

Geoff Franks <geoff@...>
 

Hi All,

sslproxy-boshrelease has now hit v6. The main feature of the release is adding support for blacklisting a list of domains from the reverse-proxy. Primary use case would be for preventing Host header spoofing to internal-only services hosted on something being reverse-proxied (https://blog.starkandwayne.com/2014/10/31/public-and-private-microservices-on-the-same-cloud-foundry/ <https://blog.starkandwayne.com/2014/10/31/public-and-private-microservices-on-the-same-cloud-foundry/>).

For more info: https://bosh.io/releases/github.com/cloudfoundry-community/sslproxy-boshrelease <https://bosh.io/releases/github.com/cloudfoundry-community/sslproxy-boshrelease>

Happy Proxying!

Geoff Franks


Re: sslproxy-boshrelease v6

Dmitriy Kalinin
 

Might be useful to add this info into release notes for github releases. It
will automatically show up on bosh.io in each release.

On Fri, May 29, 2015 at 12:10 PM, Geoff Franks <geoff(a)starkandwayne.com>
wrote:

Hi All,

sslproxy-boshrelease has now hit v6. The main feature of the release is
adding support for blacklisting a list of domains from the reverse-proxy.
Primary use case would be for preventing Host header spoofing to
internal-only services hosted on something being reverse-proxied (
https://blog.starkandwayne.com/2014/10/31/public-and-private-microservices-on-the-same-cloud-foundry/
).

For more info:
https://bosh.io/releases/github.com/cloudfoundry-community/sslproxy-boshrelease

Happy Proxying!

Geoff Franks

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


Re: sslproxy-boshrelease v6

Wayne E. Seguin
 

WOHOO!!!

On Fri, May 29, 2015 at 3:21 PM, Dmitriy Kalinin <dkalinin(a)pivotal.io>
wrote:

Might be useful to add this info into release notes for github releases.
It will automatically show up on bosh.io in each release.

On Fri, May 29, 2015 at 12:10 PM, Geoff Franks <geoff(a)starkandwayne.com>
wrote:

Hi All,

sslproxy-boshrelease has now hit v6. The main feature of the release is
adding support for blacklisting a list of domains from the reverse-proxy.
Primary use case would be for preventing Host header spoofing to
internal-only services hosted on something being reverse-proxied (
https://blog.starkandwayne.com/2014/10/31/public-and-private-microservices-on-the-same-cloud-foundry/
).

For more info:
https://bosh.io/releases/github.com/cloudfoundry-community/sslproxy-boshrelease

Happy Proxying!

Geoff Franks

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


--
~Wayne

Wayne E. Seguin
wayneeseguin(a)gmail.com
wayneeseguin on irc.freenode.net
http://twitter.com/wayneeseguin/
https://github.com/wayneeseguin/


Re: sslproxy-boshrelease v6

Geoff Franks <geoff@...>
 

Notes added, thanks!

On May 29, 2015, at 3:21 PM, Dmitriy Kalinin <dkalinin(a)pivotal.io> wrote:

Might be useful to add this info into release notes for github releases. It will automatically show up on bosh.io <http://bosh.io/> in each release.

On Fri, May 29, 2015 at 12:10 PM, Geoff Franks <geoff(a)starkandwayne.com <mailto:geoff(a)starkandwayne.com>> wrote:
Hi All,

sslproxy-boshrelease has now hit v6. The main feature of the release is adding support for blacklisting a list of domains from the reverse-proxy. Primary use case would be for preventing Host header spoofing to internal-only services hosted on something being reverse-proxied (https://blog.starkandwayne.com/2014/10/31/public-and-private-microservices-on-the-same-cloud-foundry/ <https://blog.starkandwayne.com/2014/10/31/public-and-private-microservices-on-the-same-cloud-foundry/>).

For more info: https://bosh.io/releases/github.com/cloudfoundry-community/sslproxy-boshrelease <https://bosh.io/releases/github.com/cloudfoundry-community/sslproxy-boshrelease>

Happy Proxying!

Geoff Franks

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org <mailto:cf-bosh(a)lists.cloudfoundry.org>
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh <https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh>


_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


setting up a CF sandbox

Tim Dunphy
 

Hey all,

I've started using Pivotal CF at work. And now I want to setup an Open
Source cloud foundry instance on AWS, for my own personal use so I can
learn more about CF. There's also a slight chance my job could go with open
source cloud foundry at some point in the distant future.


So I spun up a new CentOS 7 host on the amazon free tier. I know that CF
will spin up a bunch of new hosts. But one thing I'd like to know is, will
a t2-micro be enough to use CF? I'd like to avoid paying for my sandbox if
at all possible :)

Secondly, is I'm getting an error when I try to initialize the environment:

[cloud:~] bluethundr% bosh aws install

[WARNING] Loading the cli took 14.7 seconds, consider cleaning your gem
environment

Failed to load plugin
/home/bluethundr/.gem/ruby/gems/bosh_cli_plugin_micro-1.2977.0/lib/bosh/cli/commands/micro.rb:
cannot load such file -- rake/file_utils_ext

I notice if I list the file I can see that it's there and has the right
ownership:

bluethundr% ls -l
/home/bluethundr/.gem/ruby/gems/bosh_cli_plugin_micro-1.2977.0/lib/bosh/cli/commands/micro.rb
-rw-rw-r--. 1 bluethundr bluethundr 11406 May 31 15:08
/home/bluethundr/.gem/ruby/gems/bosh_cli_plugin_micro-1.2977.0/lib/bosh/cli/commands/micro.rb

Can someone please tell me what the problem here is and how to get around
it?

Thanks,
Tim
--
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B


Re: setting up a CF sandbox

James Bayer
 

the oss aws docs show a larger deploy with many instances.

there is an in-flight project that sets up a single VM bosh-lite with cf on
AWS here, although it may not be stable yet as dmitriy was stilling working
on CI if i recall:
https://github.com/cloudfoundry/cf-lite

stark and wayne used to have a simple getting started experience for OSS cf
using bosh-lite called try-cf, but it doesn't look to be available right
now: https://trycf.starkandwayne.com/

this project from stark and wayne shows an alternative terraform
installation with fewer vms than the aws templates in cf-release:
https://github.com/cloudfoundry-community/terraform-aws-cf-install

On Sun, May 31, 2015 at 8:52 AM, Tim Dunphy <bluethundr(a)gmail.com> wrote:

Hey all,

I've started using Pivotal CF at work. And now I want to setup an Open
Source cloud foundry instance on AWS, for my own personal use so I can
learn more about CF. There's also a slight chance my job could go with open
source cloud foundry at some point in the distant future.


So I spun up a new CentOS 7 host on the amazon free tier. I know that CF
will spin up a bunch of new hosts. But one thing I'd like to know is, will
a t2-micro be enough to use CF? I'd like to avoid paying for my sandbox if
at all possible :)

Secondly, is I'm getting an error when I try to initialize the environment:

[cloud:~] bluethundr% bosh aws install

[WARNING] Loading the cli took 14.7 seconds, consider cleaning your gem
environment

Failed to load plugin
/home/bluethundr/.gem/ruby/gems/bosh_cli_plugin_micro-1.2977.0/lib/bosh/cli/commands/micro.rb:
cannot load such file -- rake/file_utils_ext

I notice if I list the file I can see that it's there and has the right
ownership:

bluethundr% ls -l
/home/bluethundr/.gem/ruby/gems/bosh_cli_plugin_micro-1.2977.0/lib/bosh/cli/commands/micro.rb
-rw-rw-r--. 1 bluethundr bluethundr 11406 May 31 15:08
/home/bluethundr/.gem/ruby/gems/bosh_cli_plugin_micro-1.2977.0/lib/bosh/cli/commands/micro.rb

Can someone please tell me what the problem here is and how to get around
it?

Thanks,
Tim
--
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B


_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

--
Thank you,

James Bayer


Re: setting up a CF sandbox

Tim Dunphy
 


the oss aws docs show a larger deploy with many instances.
there is an in-flight project that sets up a single VM bosh-lite with cf
on AWS here, although it may not be stable yet as dmitriy was stilling
working on CI if i recall:
https://github.com/cloudfoundry/cf-lite
stark and wayne used to have a simple getting started experience for OSS
cf using bosh-lite called try-cf, but it doesn't look to be available right
now: https://trycf.starkandwayne.com/
this project from stark and wayne shows an alternative terraform
installation with fewer vms than the aws templates in cf-release:
https://github.com/cloudfoundry-community/terraform-aws-cf-install


Cool, James! Thanks for the response! I'll check out that last link I
think. It might be what I was looking for.

Thanks,
Tim


On Sun, May 31, 2015 at 1:40 PM, James Bayer <jbayer(a)pivotal.io> wrote:

the oss aws docs show a larger deploy with many instances.

there is an in-flight project that sets up a single VM bosh-lite with cf
on AWS here, although it may not be stable yet as dmitriy was stilling
working on CI if i recall:
https://github.com/cloudfoundry/cf-lite

stark and wayne used to have a simple getting started experience for OSS
cf using bosh-lite called try-cf, but it doesn't look to be available right
now: https://trycf.starkandwayne.com/

this project from stark and wayne shows an alternative terraform
installation with fewer vms than the aws templates in cf-release:
https://github.com/cloudfoundry-community/terraform-aws-cf-install

On Sun, May 31, 2015 at 8:52 AM, Tim Dunphy <bluethundr(a)gmail.com> wrote:

Hey all,

I've started using Pivotal CF at work. And now I want to setup an Open
Source cloud foundry instance on AWS, for my own personal use so I can
learn more about CF. There's also a slight chance my job could go with open
source cloud foundry at some point in the distant future.


So I spun up a new CentOS 7 host on the amazon free tier. I know that CF
will spin up a bunch of new hosts. But one thing I'd like to know is, will
a t2-micro be enough to use CF? I'd like to avoid paying for my sandbox if
at all possible :)

Secondly, is I'm getting an error when I try to initialize the
environment:

[cloud:~] bluethundr% bosh aws install

[WARNING] Loading the cli took 14.7 seconds, consider cleaning your gem
environment

Failed to load plugin
/home/bluethundr/.gem/ruby/gems/bosh_cli_plugin_micro-1.2977.0/lib/bosh/cli/commands/micro.rb:
cannot load such file -- rake/file_utils_ext

I notice if I list the file I can see that it's there and has the right
ownership:

bluethundr% ls -l
/home/bluethundr/.gem/ruby/gems/bosh_cli_plugin_micro-1.2977.0/lib/bosh/cli/commands/micro.rb
-rw-rw-r--. 1 bluethundr bluethundr 11406 May 31 15:08
/home/bluethundr/.gem/ruby/gems/bosh_cli_plugin_micro-1.2977.0/lib/bosh/cli/commands/micro.rb

Can someone please tell me what the problem here is and how to get around
it?

Thanks,
Tim
--
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B


_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


--
Thank you,

James Bayer

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


--
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B


Re: setting up a CF sandbox

Mark Carlson <mcarlson at ecsteam.com...>
 

We have had success with the Terraform CF install.

On May 31, 2015, at 11:41 AM, James Bayer <jbayer(a)pivotal.io<mailto:jbayer(a)pivotal.io>> wrote:

the oss aws docs show a larger deploy with many instances.

there is an in-flight project that sets up a single VM bosh-lite with cf on AWS here, although it may not be stable yet as dmitriy was stilling working on CI if i recall:
https://github.com/cloudfoundry/cf-lite

stark and wayne used to have a simple getting started experience for OSS cf using bosh-lite called try-cf, but it doesn't look to be available right now: https://trycf.starkandwayne.com/

this project from stark and wayne shows an alternative terraform installation with fewer vms than the aws templates in cf-release:
https://github.com/cloudfoundry-community/terraform-aws-cf-install

On Sun, May 31, 2015 at 8:52 AM, Tim Dunphy <bluethundr(a)gmail.com<mailto:bluethundr(a)gmail.com>> wrote:
Hey all,

I've started using Pivotal CF at work. And now I want to setup an Open Source cloud foundry instance on AWS, for my own personal use so I can learn more about CF. There's also a slight chance my job could go with open source cloud foundry at some point in the distant future.


So I spun up a new CentOS 7 host on the amazon free tier. I know that CF will spin up a bunch of new hosts. But one thing I'd like to know is, will a t2-micro be enough to use CF? I'd like to avoid paying for my sandbox if at all possible :)

Secondly, is I'm getting an error when I try to initialize the environment:

[cloud:~] bluethundr% bosh aws install

[WARNING] Loading the cli took 14.7 seconds, consider cleaning your gem environment

Failed to load plugin /home/bluethundr/.gem/ruby/gems/bosh_cli_plugin_micro-1.2977.0/lib/bosh/cli/commands/micro.rb: cannot load such file -- rake/file_utils_ext

I notice if I list the file I can see that it's there and has the right ownership:

bluethundr% ls -l /home/bluethundr/.gem/ruby/gems/bosh_cli_plugin_micro-1.2977.0/lib/bosh/cli/commands/micro.rb
-rw-rw-r--. 1 bluethundr bluethundr 11406 May 31 15:08 /home/bluethundr/.gem/ruby/gems/bosh_cli_plugin_micro-1.2977.0/lib/bosh/cli/commands/micro.rb

Can someone please tell me what the problem here is and how to get around it?

Thanks,
Tim
--
GPG me!!

gpg --keyserver pool.sks-keyservers.net<http://pool.sks-keyservers.net> --recv-keys F186197B


_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org<mailto:cf-bosh(a)lists.cloudfoundry.org>
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh




--
Thank you,

James Bayer
_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org<mailto:cf-bosh(a)lists.cloudfoundry.org>
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


Bosh deploy failed on AWS-Failed loading settings via fetcher

Mark Wong <mark.wong@...>
 

Trying to deploy Cloud Foundry in AWS. Followed instructions from:
http://bosh.io/docs/deploy-microbosh-to-aws.html
http://docs.cloudfoundry.org/deploying/ec2/configure_aws_cf.html
http://docs.cloudfoundry.org/deploying/ec2/deploy_aws_cf.html

What I found it every VM that BOSH deploy into the public subnet, it failed to response. I end up tried the compilation part of the deploy using VM in public subnet.

The actual deploy of each components failed and I checked the non-responding log in /var/vcap/bosh/log/current and found the following.

2015-06-01_09:01:10.28857 [File System] 2015/06/01 09:01:10 DEBUG - Checking if file exists /sys/class/net/lo/device
2015-06-01_09:01:10.28857 [Cmd Runner] 2015/06/01 09:01:10 DEBUG - Running command: ifup --no-act eth0
2015-06-01_09:01:10.28945 [Cmd Runner] 2015/06/01 09:01:10 DEBUG - Stdout:
2015-06-01_09:01:10.28946 [Cmd Runner] 2015/06/01 09:01:10 DEBUG - Stderr: ifup: interface eth0 already configured
2015-06-01_09:01:10.28946 [Cmd Runner] 2015/06/01 09:01:10 DEBUG - Successful: true (0)
2015-06-01_09:01:12.93269 [settingsService] 2015/06/01 09:01:12 ERROR - Failed loading settings via fetcher: Unmarshalling settings wrapper: invalid character 'I' looking for beginning of value
2015-06-01_09:01:12.93271 [File System] 2015/06/01 09:01:12 DEBUG - Reading file /var/vcap/bosh/settings.json
2015-06-01_09:01:12.93274 [settingsService] 2015/06/01 09:01:12 ERROR - Failed reading settings from file Opening file /var/vcap/bosh/settings.json: open /var/vcap/bosh/settings.json: no such file or directory


I have checked the NAT from private subnet is working and can ping the bosh director host and outside.

Any idea on how to troubleshoot this further?
This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Citihub Consulting. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error.


Re: Create bosh stemcell failed in AWS region cn-north-1

Wayne E. Seguin
 

支雷,

Have you tried creating your own custom stemcell yet while you wait?

~Wayne

On Fri, May 29, 2015 at 5:18 AM, 支雷 <lzhi3937(a)gmail.com> wrote:

I have been blocked by this issue for two weeks, and have no progress. I
am looking forward to you to solve this problem. Thanks a lot.

2015-05-27 9:11 GMT+08:00 Dmitriy Kalinin <dkalinin(a)pivotal.io>:

It seems like this method cannot find appropriate AKIs:
https://github.com/cloudfoundry/bosh/blob/master/bosh_aws_cpi/lib/cloud/aws/aki_picker.rb#L48-L59

I just requested account from AWS to access China region and try to
reproduce the problem.

On Wed, May 20, 2015 at 8:37 PM, Dr Nic Williams <drnicwilliams(a)gmail.com
wrote:
There are two issues - the second is that bosh-bootstrap uses a project
"cyoi" (choose your own infrastructure) and underneath it uses "fog" - its
quite possible that either or both do not yet support China (its harder to
get accounts to do testing).

The former is failing inside AWS SDK for Ruby.

BOSH calls into this library here:
https://github.com/cloudfoundry/bosh/blob/develop/bosh_aws_cpi/lib/cloud/aws/aki_picker.rb#L25

We are using aws-sdk (= 1.60.2)
https://github.com/cloudfoundry/bosh/blob/114b3cf107672cfebf444fe7db4703dd804c72cc/Gemfile.lock#L19

The latest version is 2.0.42
https://rubygems.org/gems/aws-sdk/versions/2.0.42

So perhaps China support was added more recently and we need to bump to
newer aws-sdk version.

Try bumping this version in the Gemfile of bosh and using that.

Avoid bosh-bootstrap until you've at least confimed you can get
underlying bosh_cli to work.


On Wed, May 20, 2015 at 8:17 PM, 支雷 <lzhi3937(a)gmail.com> wrote:

I have tried full stemcell
bosh-stemcell-2972-aws-xen-ubuntu-trusty-go_agent.tgz, but failed, error
"create stemcell failed: unable to find AKI:" was thrown (please find
details in my first email). And when I tried to "bosh-bootstrap deploy"
command, I got `validate_aws_region': Unknown region: "cn-north-1"
(ArgumentError). Seems cn-north-1 is not supported by bosh aws plugin. Any
suggestions on this issue? Thanks!

2015-05-19 23:58 GMT+08:00 Wayne E. Seguin <
wayneeseguin(a)starkandwayne.com>:

The issue is that there appear to not be any light stemcells in your
region, there is another recent question on the list to this effect. In
order to make progress you might want to build your own stemcell to use for
now or try to find and download a full aws hvm stemcell image to upload.

On Mon, May 18, 2015 at 6:12 AM, 支雷 <lzhi3937(a)gmail.com> wrote:

Hello,

I tried to deploy micro bosh in AWS region cn-north-1 in several
ways, but all failed. Any suggestions on how to deploy micro bosh in AWS
region cn-north-1? Thanks!

I created a EC2 instance (ubuntu) in the cn-north-1 region with an
public ip, ssh'd into it and installed bosh-cli, bosh_cli_plugin_micro and
bosh_cli_plugin_aws. After that I downloaded stemcell
bosh-stemcell-2972-aws-xen-ubuntu-trusty-go_agent.tgz, and tried " bosh
micro deploy ./bosh-stemcell-2972-aws-xen-ubuntu-trusty-go_agent.tgz" which
resulted in "create stemcell failed: getaddrinfo: Name or service not
known:"

I checked the failed URL, it's "ec2.cn-north-1.amazonaws.com" which
is not accessable. I updated the http.rb and changed the url to "
ec2.cn-north-1.amazonaws.com.cn" and escape the ssl validation and
tried again, another error was thrown:

Stemcell info
-------------
Name: bosh-aws-xen-ubuntu-trusty-go_agent
Version: 2972

Started deploy micro bosh
Started deploy micro bosh > Unpacking stemcell. Done (00:00:08)
Started deploy micro bosh > Uploading stemcell"
create stemcell failed: unable to find AKI:
/var/lib/gems/1.9.1/gems/bosh_aws_cpi-1.2972.0/lib/cloud/aws/aki_picker.rb:15:in
`pick'
/var/lib/gems/1.9.1/gems/bosh_aws_cpi-1.2972.0/lib/cloud/aws/stemcell_creator.rb:100:in
`image_params'
/var/lib/gems/1.9.1/gems/bosh_aws_cpi-1.2972.0/lib/cloud/aws/stemcell_creator.rb:24:in
`create'
/var/lib/gems/1.9.1/gems/bosh_aws_cpi-1.2972.0/lib/cloud/aws/cloud.rb:465:in
`block in create_stemcell'
/var/lib/gems/1.9.1/gems/bosh_common-1.2972.0/lib/common/thread_formatter.rb:49:in
`with_thread_name'
/var/lib/gems/1.9.1/gems/bosh_aws_cpi-1.2972.0/lib/cloud/aws/cloud.rb:445:in
`create_stemcell'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:228:in
`block (2 levels) in create_stemcell'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:85:in
`step'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:227:in
`block in create_stemcell'
/usr/lib/ruby/1.9.1/tmpdir.rb:83:in `mktmpdir'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:213:in
`create_stemcell'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:118:in
`create'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:98:in
`block in create_deployment'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:92:in
`with_lifecycle'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/deployer/instance_manager.rb:98:in
`create_deployment'
/var/lib/gems/1.9.1/gems/bosh_cli_plugin_micro-1.2972.0/lib/bosh/cli/commands/micro.rb:179:in
`perform'
/var/lib/gems/1.9.1/gems/bosh_cli-1.2972.0/lib/cli/command_handler.rb:57:in
`run'
/var/lib/gems/1.9.1/gems/bosh_cli-1.2972.0/lib/cli/runner.rb:56:in
`run'
/var/lib/gems/1.9.1/gems/bosh_cli-1.2972.0/bin/bosh:16:in `<top
(required)>'
/usr/local/bin/bosh:23:in `load'
/usr/local/bin/bosh:23:in `<main>'

After that I installed bosh-bootstrap and executed following command:

bosh-bootstrap deploy

and I selected AWS provider and region 10 (China (Beijing) Region
(cn-north-1)), an error was thrown :

Confirming: Using AWS EC2/cn-north-1
/var/lib/gems/1.9.1/gems/fog-aws-0.1.1/lib/fog/aws/region_methods.rb:6:in
`validate_aws_region': Unknown region: "cn-north-1" (ArgumentError)
from
/var/lib/gems/1.9.1/gems/fog-aws-0.1.1/lib/fog/aws/compute.rb:482:in
`initialize'
from
/var/lib/gems/1.9.1/gems/fog-core-1.30.0/lib/fog/core/service.rb:115:in
`new'
from
/var/lib/gems/1.9.1/gems/fog-core-1.30.0/lib/fog/core/service.rb:115:in
`new'
from
/var/lib/gems/1.9.1/gems/fog-core-1.30.0/lib/fog/compute.rb:60:in `new'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/providers/clients/aws_provider_client.rb:257:in
`setup_fog_connection'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/providers/clients/fog_provider_client.rb:13:in
`initialize'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/providers.rb:17:in `new'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/providers.rb:17:in
`provider_client'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/cli/helpers/provider.rb:6:in
`provider_client'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/cli/address.rb:41:in
`address_cli'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/cli/address.rb:56:in
`valid_address?'
from
/var/lib/gems/1.9.1/gems/cyoi-0.11.3/lib/cyoi/cli/address.rb:19:in
`execute!'
from
/var/lib/gems/1.9.1/gems/bosh-bootstrap-0.17.0/lib/bosh-bootstrap/cli/commands/deploy.rb:41:in
`select_or_provision_public_networking'
from
/var/lib/gems/1.9.1/gems/bosh-bootstrap-0.17.0/lib/bosh-bootstrap/cli/commands/deploy.rb:21:in
`perform'
from
/var/lib/gems/1.9.1/gems/bosh-bootstrap-0.17.0/lib/bosh-bootstrap/thor_cli.rb:11:in
`deploy'
from
/var/lib/gems/1.9.1/gems/thor-0.19.1/lib/thor/command.rb:27:in `run'
from
/var/lib/gems/1.9.1/gems/thor-0.19.1/lib/thor/invocation.rb:126:in
`invoke_command'
from /var/lib/gems/1.9.1/gems/thor-0.19.1/lib/thor.rb:359:in
`dispatch'
from /var/lib/gems/1.9.1/gems/thor-0.19.1/lib/thor/base.rb:440:in
`start'
from
/var/lib/gems/1.9.1/gems/bosh-bootstrap-0.17.0/bin/bosh-bootstrap:13:in
`<top (required)>'
from /usr/local/bin/bosh-bootstrap:23:in `load'
from /usr/local/bin/bosh-bootstrap:23:in `<main>'


_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


Re: Bosh deploy failed on AWS-Failed loading settings via fetcher

Dmitriy Kalinin
 

This is not a networking issue but rather some kind of problem with
bootstrapping.

"Failed loading settings via fetcher: Unmarshalling settings wrapper:
invalid character 'I' looking for beginning of value"

It seems that agent fails to retrieve bootstrapping metadata from the
registry:
https://github.com/cloudfoundry/bosh-agent/blob/3dad053a960a677d9fe0e8ee7c58438700a9838a/infrastructure/http_registry.go#L88

Any errors show up in the registry logs on the Director VM?

On Mon, Jun 1, 2015 at 2:27 AM, Mark Wong <mark.wong(a)citihub.com> wrote:

Trying to deploy Cloud Foundry in AWS. Followed instructions from:

http://bosh.io/docs/deploy-microbosh-to-aws.html

http://docs.cloudfoundry.org/deploying/ec2/configure_aws_cf.html

http://docs.cloudfoundry.org/deploying/ec2/deploy_aws_cf.html



What I found it every VM that BOSH deploy into the public subnet, it
failed to response. I end up tried the compilation part of the deploy using
VM in public subnet.



The actual deploy of each components failed and I checked the
non-responding log in /var/vcap/bosh/log/current and found the following.



2015-06-01_09:01:10.28857 [File System] 2015/06/01 09:01:10 DEBUG -
Checking if file exists /sys/class/net/lo/device

2015-06-01_09:01:10.28857 [Cmd Runner] 2015/06/01 09:01:10 DEBUG - Running
command: ifup --no-act eth0

2015-06-01_09:01:10.28945 [Cmd Runner] 2015/06/01 09:01:10 DEBUG - Stdout:

2015-06-01_09:01:10.28946 [Cmd Runner] 2015/06/01 09:01:10 DEBUG - Stderr:
ifup: interface eth0 already configured

2015-06-01_09:01:10.28946 [Cmd Runner] 2015/06/01 09:01:10 DEBUG -
Successful: true (0)

2015-06-01_09:01:12.93269 [settingsService] 2015/06/01 09:01:12 ERROR -
Failed loading settings via fetcher: Unmarshalling settings wrapper:
invalid character 'I' looking for beginning of value

2015-06-01_09:01:12.93271 [File System] 2015/06/01 09:01:12 DEBUG -
Reading file /var/vcap/bosh/settings.json

2015-06-01_09:01:12.93274 [settingsService] 2015/06/01 09:01:12 ERROR -
Failed reading settings from file Opening file
/var/vcap/bosh/settings.json: open /var/vcap/bosh/settings.json: no such
file or directory





I have checked the NAT from private subnet is working and can ping the
bosh director host and outside.



Any idea on how to troubleshoot this further?
This email and any attachments to it may be confidential and are intended
solely for the use of the individual to whom it is addressed. Any views or
opinions expressed are solely those of the author and do not necessarily
represent those of Citihub Consulting. If you are not the intended
recipient of this email, you must neither take any action based upon its
contents, nor copy or show it to anyone. Please contact the sender if you
believe you have received this email in error.

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

141 - 160 of 2757