Date   

Re: updating microbosh question

James Bayer
 

perhaps this makes sense as a github issue?

On Fri, Aug 21, 2015 at 7:43 AM, Wayne E. Seguin <
wayneeseguin(a)starkandwayne.com> wrote:

bump

On Mon, Jul 20, 2015 at 5:58 PM, Long Nguyen <long.nguyen11288(a)gmail.com>
wrote:

Hmm should director do this? Seems kinda scary that it just doesn’t care
about deploys and updates


On July 20, 2015 at 5:38:39 PM, Dmitriy Kalinin (dkalinin(a)pivotal.io)
wrote:

I do not believe director currently waits for deploys to finish.

Sent from my iPhone

On Jul 20, 2015, at 8:35 AM, Long Nguyen <long.nguyen11288(a)gmail.com>
wrote:

Is it intended when updating microbosh that currently running deploys are
just killed? Will it resume after microbosh is updated?

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


--
Thank you,

James Bayer


I'd like to add you to my professional network on LinkedIn

Sean Keery <messages-noreply@...>
 

Hi Discussions,

I'd like to add you to my professional network on LinkedIn.

- Sean

Confirm that you know Sean: https://www.linkedin.com/e/v2?e=hi6guv-idmn6741-1j&;t=ssuw&amp;tracking=eml-guest-invite-cta&amp;ek=invite_guest&amp;sharedKey=yson-gqy&amp;invitationId=6040730129385160704


You received an invitation to connect. LinkedIn will use your email address to make suggestions to our members in features like People You May Know. Unsubscribe here: https://www.linkedin.com/e/v2?e=hi6guv-idmn6741-1j&t=lun&midToken=AQFmrFVhGEd36Q&ek=invite_guest&loid=AQGM62abUW4t_QAAAU9T8GDq-eQfILQGHF4UooXp087RtqEsXWdNyKUE5fJ7cKrtQlPnMGEOe5zfLJxNcs4eIqRX68kHJg&eid=hi6guv-idmn6741-1jThis email was intended for Discussions project.. Learn why we included this at the following link: https://www.linkedin.com/e/v2?e=hi6guv-idmn6741-1j&a=customerServiceUrl&ek=invite_guest&articleId=4788
&copy; 2015, LinkedIn Corporation. 2029 Stierlin Ct. Mountain View, CA 94043, USA


Re: updating microbosh question

Wayne E. Seguin
 

bump

On Mon, Jul 20, 2015 at 5:58 PM, Long Nguyen <long.nguyen11288(a)gmail.com>
wrote:

Hmm should director do this? Seems kinda scary that it just doesn’t care
about deploys and updates


On July 20, 2015 at 5:38:39 PM, Dmitriy Kalinin (dkalinin(a)pivotal.io)
wrote:

I do not believe director currently waits for deploys to finish.

Sent from my iPhone

On Jul 20, 2015, at 8:35 AM, Long Nguyen <long.nguyen11288(a)gmail.com>
wrote:

Is it intended when updating microbosh that currently running deploys are
just killed? Will it resume after microbosh is updated?

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh

_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


_______________________________________________
cf-bosh mailing list
cf-bosh(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-bosh


ERROR_HTTP_500

Parthiban Annadurai <senjiparthi@...>
 

Hi All,
I have installed the Cloud Foundry v202 on vSphere. Now, if I try to see the VMs list it gives the HTTP 500 Error.. Is there any problem with CF Version or I need to make a change somewhere?? Thanks in Advance..

Regards

Parthiban A


[aws] How to run t2.micro?

Danny Berger <dpb587@...>
 

Although unrelated to instance type, I don't see an availability zone
listed for the resource pool - perhaps that's something to check? And
double check subnet, IP ranges, and AZ are all correctly affiliated.

Also should configure an ephemeral disk for t2's, like others have
suggested.

The only other t2-specific issue I've run into is that AWS doesn't support
mounting encrypted persistent disks on some of them.

Danny


On Thursday, August 20, 2015, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

Hmm, tried t2.small and it failed too as above.

My manifest is https://gist.github.com/drnic/0ee3335b0c0d435861e6 -
anything you can spot I'm missing? Thanks for the help.

On Thu, Aug 20, 2015 at 9:02 AM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

t2.micro was what I tried and it failed


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic

--
Danny Berger
http://dpb587.me


Re: Any downsides to ELB 443 running in Secure TCP mode?

Dr Nic Williams
 

Unfortunately the employees are behind a firewall that only allows egress 80 and 443; they don't have a particular dislike to 4443. They dislike all of the ports :)

On Thu, Aug 20, 2015 at 4:50 PM, Mike Jacobi <sushiandbeer(a)outlook.com>
wrote:

Point being: If you want or need to keep 443 as HTTPS, perhaps you can find another allowed egress port and move wss there.
From: sushiandbeer(a)outlook.com
To: cf-bosh(a)lists.cloudfoundry.org
Date: Thu, 20 Aug 2015 16:45:44 -0700
Subject: [cf-bosh] Re: Any downsides to ELB 443 running in Secure TCP mode?
I ran into the same issue. My solution was to run wss on 8080. Yes, it's weird to run SSL on 8080, but it was allowed out the firewall.
Date: Wed, 19 Aug 2015 22:30:03 -0700
From: drnic(a)starkandwayne.com
To: cf-bosh(a)lists.cloudfoundry.org
Subject: [cf-bosh] Any downsides to ELB 443 running in Secure TCP mode?
Pivotal WS runs behind ELBs that pipe websockets traffic through port 4443 in Secure TCP mode - because ELBs in HTTPS mode do not respect the websocket handshake upgrade.
We tried running port 443 in Secure TCP and avoid the additional port 4443 (which cannot be accessed from inside client company's network - they only allow outbound access to :80 and :443).
And it works.
What are the downsides to running :443 as Secure TCP rather than HTTPS?
Nic


Re: [aws] How to run t2.micro?

Brian Cunnie <bcunnie@...>
 

I use t2.micro stemcells all the time, but I only deploy with bosh-init,
not bosh.

here's a snippet from
https://github.com/APShirley/sslxip-release/blob/master/examples/bosh-init-manifest-sslip.yml

- name: sslip_pool
network: default
cloud_properties:
instance_type: t2.micro
ephemeral_disk:
size: 4000
type: gp2
availability_zone: us-east-1a
stemcell:
url:
https://bosh.io/d/stemcells/bosh-aws-xen-hvm-centos-7-go_agent?v=3042
sha1: 082b4eee247bb199138ec6163fb4ea92f6b7fcc4

On Thu, Aug 20, 2015 at 12:35 PM, Stevo Slavić <sslavic(a)gmail.com> wrote:

Why not try with latest version of that stemcell?
https://bosh.io/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent ( 3048 )

In list of versions, no release notes...

I wonder why it has "light" in its name.

On Thu, Aug 20, 2015 at 6:08 PM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

Hmm, tried t2.small and it failed too as above.

My manifest is https://gist.github.com/drnic/0ee3335b0c0d435861e6 -
anything you can spot I'm missing? Thanks for the help.

On Thu, Aug 20, 2015 at 9:02 AM, Dr Nic Williams <drnicwilliams(a)gmail.com
wrote:
t2.micro was what I tried and it failed


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


Re: Any downsides to ELB 443 running in Secure TCP mode?

Mike Jacobi
 

Point being: If you want or need to keep 443 as HTTPS, perhaps you can find another allowed egress port and move wss there.

From: sushiandbeer(a)outlook.com
To: cf-bosh(a)lists.cloudfoundry.org
Date: Thu, 20 Aug 2015 16:45:44 -0700
Subject: [cf-bosh] Re: Any downsides to ELB 443 running in Secure TCP mode?




I ran into the same issue. My solution was to run wss on 8080. Yes, it's weird to run SSL on 8080, but it was allowed out the firewall.

Date: Wed, 19 Aug 2015 22:30:03 -0700
From: drnic(a)starkandwayne.com
To: cf-bosh(a)lists.cloudfoundry.org
Subject: [cf-bosh] Any downsides to ELB 443 running in Secure TCP mode?



Pivotal WS runs behind ELBs that pipe websockets traffic through port 4443 in Secure TCP mode - because ELBs in HTTPS mode do not respect the websocket handshake upgrade.


We tried running port 443 in Secure TCP and avoid the additional port 4443 (which cannot be accessed from inside client company's network - they only allow outbound access to :80 and :443).


And it works.


What are the downsides to running :443 as Secure TCP rather than HTTPS?


Nic


Re: Any downsides to ELB 443 running in Secure TCP mode?

Mike Jacobi
 

I ran into the same issue. My solution was to run wss on 8080. Yes, it's weird to run SSL on 8080, but it was allowed out the firewall.

Date: Wed, 19 Aug 2015 22:30:03 -0700
From: drnic(a)starkandwayne.com
To: cf-bosh(a)lists.cloudfoundry.org
Subject: [cf-bosh] Any downsides to ELB 443 running in Secure TCP mode?



Pivotal WS runs behind ELBs that pipe websockets traffic through port 4443 in Secure TCP mode - because ELBs in HTTPS mode do not respect the websocket handshake upgrade.


We tried running port 443 in Secure TCP and avoid the additional port 4443 (which cannot be accessed from inside client company's network - they only allow outbound access to :80 and :443).


And it works.


What are the downsides to running :443 as Secure TCP rather than HTTPS?


Nic


Re: [aws] How to run t2.micro?

Stevo Slavić <sslavic at gmail.com...>
 

Why not try with latest version of that stemcell?
https://bosh.io/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent ( 3048 )

In list of versions, no release notes...

I wonder why it has "light" in its name.

On Thu, Aug 20, 2015 at 6:08 PM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

Hmm, tried t2.small and it failed too as above.

My manifest is https://gist.github.com/drnic/0ee3335b0c0d435861e6 -
anything you can spot I'm missing? Thanks for the help.

On Thu, Aug 20, 2015 at 9:02 AM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

t2.micro was what I tried and it failed


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


Re: [aws] How to run t2.micro?

Dmitriy Kalinin
 

Right. t2 series do not have ephemeral disks and that's why you have to add
ephemeral disk configuration in cloud_properties, but DrNic's error seems
to happen earlier than creation of a VM.

On Thu, Aug 20, 2015 at 9:44 AM, Diego Lapiduz <diego(a)lapiduz.com> wrote:

Can you try adding an ephemeral disk? We had issues before with HVM
instances that have no default ephemeral disk...

Here is our manifest:
https://github.com/18F/cloud-foundry-manifests/blob/master/cf/cf-infrastructure-aws.yml#L66-L72

On Thu, Aug 20, 2015 at 11:08 AM, Dr Nic Williams <drnicwilliams(a)gmail.com
wrote:
Hmm, tried t2.small and it failed too as above.

My manifest is https://gist.github.com/drnic/0ee3335b0c0d435861e6 -
anything you can spot I'm missing? Thanks for the help.

On Thu, Aug 20, 2015 at 9:02 AM, Dr Nic Williams <drnicwilliams(a)gmail.com
wrote:
t2.micro was what I tried and it failed


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


Re: [aws] How to run t2.micro?

Diego Lapiduz
 

Can you try adding an ephemeral disk? We had issues before with HVM
instances that have no default ephemeral disk...

Here is our manifest:
https://github.com/18F/cloud-foundry-manifests/blob/master/cf/cf-infrastructure-aws.yml#L66-L72

On Thu, Aug 20, 2015 at 11:08 AM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

Hmm, tried t2.small and it failed too as above.

My manifest is https://gist.github.com/drnic/0ee3335b0c0d435861e6 -
anything you can spot I'm missing? Thanks for the help.

On Thu, Aug 20, 2015 at 9:02 AM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

t2.micro was what I tried and it failed


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


Re: [aws] How to run t2.micro?

Dr Nic Williams
 

Hmm, tried t2.small and it failed too as above.

My manifest is https://gist.github.com/drnic/0ee3335b0c0d435861e6 -
anything you can spot I'm missing? Thanks for the help.

On Thu, Aug 20, 2015 at 9:02 AM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

t2.micro was what I tried and it failed


--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


Re: [aws] How to run t2.micro?

Dr Nic Williams
 

t2.micro was what I tried and it failed


Re: [aws] How to run t2.micro?

Diego Lapiduz
 

We are deploying to t2.smalls and it works fine.... Is it just in t2.micros
that it fails?

On Thu, Aug 20, 2015 at 10:58 AM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

I wanted a cheap AWS vm for our VPC so I tried using t2.micro. I was using
HVM stemcell. But I get the following AWS error:

Started creating bound missing vms > small_z1/0. Failed: The requested
configuration is currently not supported. Please check the documentation
for supported configurations. (00:00:01)

From googling, the only constraints I can find are: use VPC, use HVM AMIs.

Anyone have a protip on deploying t2.micros?

Nic

--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


[aws] How to run t2.micro?

Dr Nic Williams
 

I wanted a cheap AWS vm for our VPC so I tried using t2.micro. I was using
HVM stemcell. But I get the following AWS error:

Started creating bound missing vms > small_z1/0. Failed: The requested
configuration is currently not supported. Please check the documentation
for supported configurations. (00:00:01)

From googling, the only constraints I can find are: use VPC, use HVM AMIs.

Anyone have a protip on deploying t2.micros?

Nic

--
Dr Nic Williams
Stark & Wayne LLC - consultancy for Cloud Foundry users
http://drnicwilliams.com
http://starkandwayne.com
cell +1 (415) 860-2185
twitter @drnic


Re: Any downsides to ELB 443 running in Secure TCP mode?

James Bayer
 

the x-forwarded-proto header is pretty important for large public clouds as
most of them enable http and https that i'm aware of. in this situation,
i'm not sure how we forego the header when it's also important to allow
plain http traffic on port 80.

On Wed, Aug 19, 2015 at 10:47 PM, aaron_huber <aaron.m.huber(a)intel.com>
wrote:

With SSL instead of HTTPS you lose the X-Forwarded headers which would be
needed for the apps to know if the traffic came in as secure, which would
only be an issue if you're allowing both 80 and 443 and the apps need to be
able to tell the difference. Otherwise it would be identical as far as I'm
aware. Using HTTPS allows them to inject the headers into the protocol.


http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/using-elb-listenerconfig-quickref.html

Aaron




--
View this message in context:
http://cf-bosh.70367.x6.nabble.com/cf-bosh-Any-downsides-to-ELB-443-running-in-Secure-TCP-mode-tp590p591.html
Sent from the CF BOSH mailing list archive at Nabble.com.


--
Thank you,

James Bayer


Re: Any downsides to ELB 443 running in Secure TCP mode?

Aaron Huber
 

With SSL instead of HTTPS you lose the X-Forwarded headers which would be
needed for the apps to know if the traffic came in as secure, which would
only be an issue if you're allowing both 80 and 443 and the apps need to be
able to tell the difference. Otherwise it would be identical as far as I'm
aware. Using HTTPS allows them to inject the headers into the protocol.

http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/using-elb-listenerconfig-quickref.html

Aaron




--
View this message in context: http://cf-bosh.70367.x6.nabble.com/cf-bosh-Any-downsides-to-ELB-443-running-in-Secure-TCP-mode-tp590p591.html
Sent from the CF BOSH mailing list archive at Nabble.com.


Any downsides to ELB 443 running in Secure TCP mode?

Dr Nic Williams
 

Pivotal WS runs behind ELBs that pipe websockets traffic through port 4443 in Secure TCP mode - because ELBs in HTTPS mode do not respect the websocket handshake upgrade.


We tried running port 443 in Secure TCP and avoid the additional port 4443 (which cannot be accessed from inside client company's network - they only allow outbound access to :80 and :443).


And it works.


What are the downsides to running :443 as Secure TCP rather than HTTPS?


Nic


Re: cf-mysql-release Acceptance test failing

Shetty, Daya <Daya.Shetty@...>
 

Hi Marco,

Yes, I did run the provision_cf script hence did not have the security
group defined for mysql. Once I added that the acceptance-tests did pass.

Thanks again,
Daya

On 8/19/15, 10:14 AM, "Marco N." <mnicosia(a)pivotal.io> wrote:

Hi there,

There are two ways to install CF on a bosh-lite. Depending on how you've
installed CF, we may be able to help you.

If you've used bosh-lite's provision_cf script
(https://github.com/cloudfoundry/bosh-lite/blob/master/docs/deploy-cf.md#s
ingle-command-deploy), it may be an issue with your security groups. This
is a known issue, and you can fix the security groups by following these
instructions:
https://gist.github.com/menicosia/2e9c414430138064f945#file-sg-steps-md

We're likely to send a PR about this to bosh-lite soon.

However, if you've used the manual deploy steps
(https://github.com/cloudfoundry/bosh-lite/blob/master/docs/deploy-cf.md#m
anual-deploy), you shouldn't have this problem. Please let us know which
method you've used to install CF, and hopefully we can help you from
there.

--
Marco Nicosia
Product Manager
Pivotal Software, Inc.
mnicosia(a)pivotal.io
The information contained in this e-mail, and any attachment, is confidential and is intended solely for the use of the intended recipient. Access, copying or re-use of the e-mail or any attachment, or any information contained therein, by any other person is not authorized. If you are not the intended recipient please return the e-mail to the sender and delete it from your computer. Although we attempt to sweep e-mail and attachments for viruses, we do not guarantee that either are virus-free and accept no liability for any damage sustained as a result of viruses.

Please refer to http://disclaimer.bnymellon.com/eu.htm for certain disclosures relating to European legal entities.

2101 - 2120 of 2761