|
Any downsides to ELB 443 running in Secure TCP mode?
Dr Nic Williams
Pivotal WS runs behind ELBs that pipe websockets traffic through port 4443 in Secure TCP mode - because ELBs in HTTPS mode do not respect the websocket handshake upgrade.
We tried running port 443 in Secure TCP and avoid the additional port 4443 (which cannot be accessed from inside client company's network - they only allow outbound access to :80 and :443). And it works. What are the downsides to running :443 as Secure TCP rather than HTTPS? Nic |
|
|
|
Re: cf-mysql-release Acceptance test failing
Shetty, Daya <Daya.Shetty@...>
Hi Marco,
Yes, I did run the provision_cf script hence did not have the security group defined for mysql. Once I added that the acceptance-tests did pass. Thanks again, Daya On 8/19/15, 10:14 AM, "Marco N." <mnicosia(a)pivotal.io> wrote: Hi there,The information contained in this e-mail, and any attachment, is confidential and is intended solely for the use of the intended recipient. Access, copying or re-use of the e-mail or any attachment, or any information contained therein, by any other person is not authorized. If you are not the intended recipient please return the e-mail to the sender and delete it from your computer. Although we attempt to sweep e-mail and attachments for viruses, we do not guarantee that either are virus-free and accept no liability for any damage sustained as a result of viruses. Please refer to http://disclaimer.bnymellon.com/eu.htm for certain disclosures relating to European legal entities. |
|
|
|
Re: cf-mysql-release Acceptance test failing
Marco Nicosia
Hi there,
There are two ways to install CF on a bosh-lite. Depending on how you've installed CF, we may be able to help you. If you've used bosh-lite's provision_cf script (https://github.com/cloudfoundry/bosh-lite/blob/master/docs/deploy-cf.md#single-command-deploy), it may be an issue with your security groups. This is a known issue, and you can fix the security groups by following these instructions: https://gist.github.com/menicosia/2e9c414430138064f945#file-sg-steps-md We're likely to send a PR about this to bosh-lite soon. However, if you've used the manual deploy steps (https://github.com/cloudfoundry/bosh-lite/blob/master/docs/deploy-cf.md#manual-deploy), you shouldn't have this problem. Please let us know which method you've used to install CF, and hopefully we can help you from there. -- Marco Nicosia Product Manager Pivotal Software, Inc. mnicosia(a)pivotal.io |
|
|
|
Problem with using cf_cliV6 on cf v 206
Bharath posa
Hi guys I am unable to login into my cf deployment having v206. It is giving error saying unable to find route to uaa.172.24.4.2.xip.io . I tried to download v5 binaries on github cloudounfry cli but they are not there . I am posting my cf-deployment.yml below.
https://gist.github.com/bha123/20885c7eee58544c3e90 can any body what are the changes I have to make so that it can work regards bharath |
|
|
|
Problem with using cf_cliV6 on cf v 206
Bharath posa
Hi all
I am using cf-206 cloudfoudry on openstack. Recently I downloaded the binaries of cf_cli206. It is failing to login saying unable to route to uaa.172.24.4.2.xip.io. I am providing my cf-deployment.yml below . https://gist.github.com/bha123/20885c7eee58544c3e90 I also tried to find cf_cli v5 . I couldn't able to find the binaries download can any body help me out in this regards bharath |
|
|
|
cf-mysql-release Acceptance test failing
Daya Shetty <daya.shetty@...>
Deployed bosh-lite version of cf-mysql-release version 22 successfully , but the acceptance test is failing with the following error:
[2015-08-12 05:24:04.76 (UTC)]> curl -s -d myvalue http://2f9a9ccf-818d-4c3a-7e70-f34f46c1b9d8.10.244.0.34.xip.io/service/mysql/e8cfc2c1-5301-4907-522f-ab6d23215c37/mykey Error: Can't connect to MySQL server on '10.244.7.6' (111) • Failure [87.711 seconds] P-MySQL Lifecycle Tests /var/vcap/packages/acceptance-tests/src/github.com/cloudfoundry-incubator/cf-mysql-acceptance-tests/cf-mysql-service/lifecycle/lifecycle_test.go:55 Allows users to create, bind, write to, read from, unbind, and destroy a service instance for the each plan [It] /var/vcap/packages/acceptance-tests/src/github.com/cloudfoundry-incubator/cf-mysql-acceptance-tests/cf-mysql-service/lifecycle/lifecycle_test.go:54 Got stuck at: Error: Can't connect to MySQL server on '10.244.7.6' (111) The VM’s are running fine.. Deployment `cf-warden-mysql' Director task 706 Task 706 done +----------------------+---------+--------------------+--------------+ | Job/index | State | Resource Pool | IPs | +----------------------+---------+--------------------+--------------+ | cf-mysql-broker_z1/0 | running | cf-mysql-broker_z1 | 10.244.7.130 | | cf-mysql-broker_z2/0 | running | cf-mysql-broker_z2 | 10.244.8.130 | | mysql_z1/0 | running | mysql_z1 | 10.244.7.2 | | mysql_z2/0 | running | mysql_z2 | 10.244.8.2 | | mysql_z3/0 | running | mysql_z3 | 10.244.9.2 | | proxy_z1/0 | running | proxy_z1 | 10.244.7.6 | | proxy_z2/0 | running | proxy_z2 | 10.244.8.6 | +----------------------+---------+--------------------+--------------+ VMs total: 7 Any reason why the client is getting Connection Refused error while trying to connect to proxy_z1? Thanks Daya |
|
|
|
Re: Running scheduled bash script with bosh.
Dmitriy Kalinin
It's probably something that would written specifically for the bosh-agent
to take advantage to different BOSH conventions. On Tue, Aug 11, 2015 at 11:06 PM, Gerhard Lazu <gerhard(a)cloudcredo.com> wrote: A simpler supervisor is great news! Do you have a specific one in mind? |
|
|
|
Re: Running scheduled bash script with bosh.
Gerhard
A simpler supervisor is great news! Do you have a specific one in mind?
toggle quoted message
Show quoted text
On Wednesday, 12 August 2015, Dmitriy Kalinin <dkalinin(a)pivotal.io> wrote:
I would recommend using cron for this. Have your ctl script add it to the |
|
|
|
Re: Postgres-backup-boshrelease
Gwenn Etourneau
Nice Ronak :)
On Wed, Aug 12, 2015 at 2:09 PM, ronak banka <ronakbanka.cse(a)gmail.com> wrote: Hi all, |
|
|
|
Postgres-backup-boshrelease
Ronak Banka
Hi all,
We just open sourced one of our bosh releases , can be used for creating postgres backups of jobs shipped along with bosh and cf-release. https://github.com/rakutentech/postgres-backup-boshrelease It creates a dump file for the db by running a script injected in cronjob. Will be working more on it to support external db and other fancy restore db errand jobs. Thanks Ronak Banka Rakuten, Inc. -- View this message in context: http://cf-bosh.70367.x6.nabble.com/Postgres-backup-boshrelease-tp581.html Sent from the CF BOSH mailing list archive at Nabble.com. |
|
|
|
Re: Running scheduled bash script with bosh.
Dmitriy Kalinin
I would recommend using cron for this. Have your ctl script add it to the
crontab when it's started and remove it when it stopped. Regarding monit: we are planning to upgrade it once more ( https://github.com/cloudfoundry/bosh/pull/743) but I would not recommend relying on its features. eventually we will replace it with a simpler job supervisor. On Tue, Aug 11, 2015 at 6:54 PM, Dr Nic Williams <drnicwilliams(a)gmail.com> wrote: You could try building a new stemcell with an upgraded monit. |
|
|
|
Re: Running scheduled bash script with bosh.
Dr Nic Williams
You could try building a new stemcell with an upgraded monit.
On Tue, Aug 11, 2015 at 6:26 PM, Gwenn Etourneau <getourneau(a)pivotal.io> wrote: Hi, -- Dr Nic Williams Stark & Wayne LLC - consultancy for Cloud Foundry users http://drnicwilliams.com http://starkandwayne.com cell +1 (415) 860-2185 twitter @drnic |
|
|
|
Re: Upgrading CF to 214 Release Fails During Configuration
Tom Sherrod <tom.sherrod@...>
The gist indicates you're using the terraform aws cloud foundry project:
toggle quoted message
Show quoted text
https://github.com/cloudfoundry-community/terraform-aws-cf-install I'm not sure it(or cf-boshworkspace) has been updated for the later versions of cloud foundry release. Some of the cf release templates have changed with the latest versions. Check /home/ubuntu/workspace/deployments/cf-boshworkspace/.releases/cf for the templates there. In addition, checkout /home/ubuntu/workspace/deployments/cf-boshworkspace/.deployments/ for the final manifest. Tom On Tue, Aug 11, 2015 at 5:16 PM, Michael Minges <mminges(a)ecsteam.com> wrote:
As far as I am aware the cf-secrets.yml is pulled in from the templates |
|
|
|
Re: Running scheduled bash script with bosh.
Gwenn Etourneau
Hi,
toggle quoted message
Show quoted text
I am curious about what do you try to achieve by running bash script with bosh ? Thanks On Wed, Aug 12, 2015 at 3:56 AM, Alan Moran <moranalan90(a)gmail.com> wrote:
|
|
|
|
Re: Upgrading CF to 214 Release Fails During Configuration
Michael Minges
As far as I am aware the cf-secrets.yml is pulled in from the templates section within cf-aws-tiny.yml. See Gist<https://gist.github.com/mminges/c69cdbcaac33aa94b4bf>. Then spiff merge would combine the templates into a .stub cf-aws-tiny.yml, is that correct?
Thanks, Michael Minges From: Amit Gupta [mailto:agupta(a)pivotal.io] Sent: Tuesday, August 11, 2015 3:01 PM To: Discussions about the Cloud Foundry BOSH project. <cf-bosh(a)lists.cloudfoundry.org> Subject: [cf-bosh] Re: Upgrading CF to 214 Release Fails During Configuration Does your deployment manifest (deployments/cf-was-tiny.yml) have the required property? What's in that gist is not guaranteed to be in your manifest unless we know how you use that gist in your manifest generation. On Tuesday, August 11, 2015, Michael Minges <mminges(a)ecsteam.com<mailto:mminges(a)ecsteam.com>> wrote: Hello, We had deployed CloudFoundry, release 208, on AWS using Terraform. Since then, we had successfully upgraded to release 210 and subsequently to release 212. Currently, we are working through upgrading from release 212 to the latest 214 release. After updating the deployment manifest to use the 214 release as well as to use the latest stemcell, bosh-aws-xen-hvm-ubuntu-trusty-go_agent version 3033, we used the following bosh commands to deploy: bosh deployment deployments/cf-aws-tiny.yml (target the correct deployment) bosh prepare deployment (resolve deployment requirements) bosh deploy The deploy ran for about twenty minutes then failed with the following: Started preparing configuration > Binding configuration. Failed: Error filling in template `gorouter.yml.erb' for `api/0' (line 50: Can't find property `["uaa.clients.gorouter.secret"]') (00:00:03) Error 100: Error filling in template `gorouter.yml.erb' for `api/0' (line 50: Can't find property `["uaa.clients.gorouter.secret"]') Within the director VM, /home/ubuntu/workspace/deployments/cf-boshworkspace/templates/cf-secrets.yml shows that the property, uaa.clients.gorouter.secret, does exist. See Gist<https://gist.github.com/mminges/0525c8d87c176e31f0fe>. Any suggestions on where to start with troubleshooting? Michael Minges Associate Consultant 303.815.6471 m mminges(a)ECSTeam.com<mailto:mminges(a)ECSTeam.com> ECS Team Technology Solutions Delivered ECSTeam.com<http://www.ecsteam.com/> LinkedIn<http://www.linkedin.com/company/ecsteam> | Twitter<https://twitter.com/ecsteam> |
|
|
|
Re: Upgrading CF to 214 Release Fails During Configuration
Amit Kumar Gupta
Does your deployment manifest (deployments/cf-was-tiny.yml) have the
toggle quoted message
Show quoted text
required property? What's in that gist is not guaranteed to be in your manifest unless we know how you use that gist in your manifest generation. On Tuesday, August 11, 2015, Michael Minges <mminges(a)ecsteam.com> wrote:
Hello, |
|
|
|
Upgrading CF to 214 Release Fails During Configuration
Michael Minges
Hello,
We had deployed CloudFoundry, release 208, on AWS using Terraform. Since then, we had successfully upgraded to release 210 and subsequently to release 212. Currently, we are working through upgrading from release 212 to the latest 214 release. After updating the deployment manifest to use the 214 release as well as to use the latest stemcell, bosh-aws-xen-hvm-ubuntu-trusty-go_agent version 3033, we used the following bosh commands to deploy: bosh deployment deployments/cf-aws-tiny.yml (target the correct deployment) bosh prepare deployment (resolve deployment requirements) bosh deploy The deploy ran for about twenty minutes then failed with the following: Started preparing configuration > Binding configuration. Failed: Error filling in template `gorouter.yml.erb' for `api/0' (line 50: Can't find property `["uaa.clients.gorouter.secret"]') (00:00:03) Error 100: Error filling in template `gorouter.yml.erb' for `api/0' (line 50: Can't find property `["uaa.clients.gorouter.secret"]') Within the director VM, /home/ubuntu/workspace/deployments/cf-boshworkspace/templates/cf-secrets.yml shows that the property, uaa.clients.gorouter.secret, does exist. See Gist<https://gist.github.com/mminges/0525c8d87c176e31f0fe>. Any suggestions on where to start with troubleshooting? Michael Minges Associate Consultant 303.815.6471 m mminges(a)ECSTeam.com ECS Team Technology Solutions Delivered ECSTeam.com<http://www.ecsteam.com/> LinkedIn<http://www.linkedin.com/company/ecsteam> | Twitter<https://twitter.com/ecsteam> |
|
|
|
Running scheduled bash script with bosh.
Alan moran <moranalan90@...>
Hello,
We have been working to try and run a bash script at a specified interval with bosh. Our initial approach was to create a job and use the “check program” feature within Monit. However, this requires Monit 5.3+ [1,2]. The version of Monit included in Stemcell is 5.2.4. This makes us ask a couple of questions: 1- Is there a reason Monit is not being updated? 2- Is there an alternative approach that we can take besides using “check program”? Links: 1- https://lists.nongnu.org/archive/html/monit-general/2013-06/msg00063.html <https://lists.nongnu.org/archive/html/monit-general/2013-06/msg00063.html> 2- http://lists.nongnu.org/archive/html/monit-general/2011-09/msg00018.html <http://lists.nongnu.org/archive/html/monit-general/2011-09/msg00018.html> Thanks, David Brock && Alan Morán |
|
|
|
Mailing list service disruption
Eric Searcy <eric@...>
During continued work on the new Mailman 3 list server, a configuration change caused mail to get stuck and eventually bounce. If you sent a message between Aug 8 17:50 UTC and Aug 11 10:35 UTC and received a bounce message, you will need to resend the email. We apologize for the delay in discovering and fixing the problem.
-- Eric Searcy, Infrastructure Manager The Linux Foundation |
|
|
|
Re: AWS IAM Roles
James Bayer
sean,
toggle quoted message
Show quoted text
i think you'll find the approach being implemented by david takes us down the path that enables a IAM roles best-practice recommended by amazon. IAM credentials can be provided by the AWS metadata service inside the bosh director instance [1] and the credentials rotated transparently to the bosh configuration since the AWS SDK knows to use the metadata service to retrieve credentials. [1] http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories On Fri, Aug 7, 2015 at 11:53 AM, Sean Keery <skeery(a)pivotal.io> wrote:
I would like to see the use of the valet key pattern in this case instead --
Thank you, James Bayer |
|
|