Date   
restoring bosh deployment state failing

nshrest6@...
 

Hi ... i had a bosh director running which i updated with current vsphere cpi release 48, which failed due to the issue with ruby2.4, i tried reverting it back with old versions now i am running into issues .... 
```
Started deploying
  Waiting for the agent on VM 'vm-c3e42263-5167-467d-bda5-04e8762f63ec'... Failed (00:00:09)
  Deleting VM 'vm-c3e42263-5167-467d-bda5-04e8762f63ec'... Finished (00:00:08)
  Creating VM for instance 'bosh/0' from stemcell 'sc-5eae3672-c5cb-4351-8bf8-7972b464d0b4'... Finished (00:01:07)
  Waiting for the agent on VM 'vm-dc84d899-5444-483d-aeb6-1a247a04a56d' to be ready... Finished (00:00:27)
  Attaching disk 'disk-22e02c8a-b143-4534-a640-85705067887c' to VM 'vm-dc84d899-5444-483d-aeb6-1a247a04a56d'... Finished (00:00:18)
  Creating disk... Finished (00:00:07)
  Attaching disk 'disk-a8e62197-dfed-4596-b07e-4cf9686e852e' to VM 'vm-dc84d899-5444-483d-aeb6-1a247a04a56d'... Finished (00:00:18)
  Migrating disk content from 'disk-22e02c8a-b143-4534-a640-85705067887c' to 'disk-a8e62197-dfed-4596-b07e-4cf9686e852e'... Finished (00:01:57)
  Detaching disk 'disk-22e02c8a-b143-4534-a640-85705067887c'... Finished (00:00:10)
  Deleting disk 'disk-22e02c8a-b143-4534-a640-85705067887c'... Finished (00:00:04)
  Rendering job templates... Finished (00:00:06)
  Compiling package 'openjdk_1.8.0/a6b85c1cd75382025bbfa49abb737015575aec44'... Skipped [Package already compiled] (00:00:01)
  Compiling package 'ruby/c1086875b047d112e46756dcb63d8f19e63b3ac4'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'mysql/b7e73acc0bfe05f1c6cbfd97bf92d39b0d3155d5'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'libpq/826813f983d38b4b4a95bb8a3df1a2d0efab14b0'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'vsphere_cpi_ruby/14067294a0cd16a61646eedc3de4e9ed22d46076'... Finished (00:02:20)
  Compiling package 'credhub/c113daadcde5f2add56fb8f62313a96c6e98697e'... Skipped [Package already compiled] (00:00:01)
  Compiling package 'vsphere_cpi_mkisofs/72aac8fb0c0089065a00ef38a4e30d7d0e5a16ea'... Finished (00:02:44)
  Compiling package 'verify_multidigest/8fc5d654cebad7725c34bb08b3f60b912db7094a'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'lunaclient/b922e045db5246ec742f0c4d1496844942d6167a'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'bosh-gcscli/83d331c7b6d04de64cd5257a47e1e92021cb4c8a'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'postgres/3b1089109c074984577a0bac1b38018d7a2890ef'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'uaa_utils/20557445bf996af17995a5f13bf5f87000600f2e'... Skipped [Package already compiled] (00:00:00)
  Compiling package 's3cli/bb1c1976d221fdadf13a6bc873896cd5e2433580'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'pg_utils_9.4/dbd00a0758a5e6225e1121bfd444db6ec59204ee'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'davcli/5f08f8d5ab3addd0e11171f739f072b107b30b8c'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'director/ea00c83b4558293b1956564a4532e1af562ea6e0'... Skipped [Package already compiled] (00:00:01)
  Compiling package 'postgres-9.4/1da82648840de67015d379264846a447118261a7'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'nats/63ae42eb73527625307ff522fb402832b407321d'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'vsphere_cpi/e6c27f384060c8d0260f6f0310853d1a886b1128'... Finished (00:00:57)
  Compiling package 'nginx/57ca1d048957399c500e0f5fd3275ed4c6d4f762'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'mariadb_10.1.23/6ab14e132241110cff0dc160137b71a967d29d53'... Skipped [Package already compiled] (00:00:00)
  Compiling package 'uaa/33da697bb3343793c762f06970868565a71d053a'... Skipped [Package already compiled] (00:00:03)
  Compiling package 'health_monitor/aa43dacd332bda1131b141aada0ca45b4302273c'... Skipped [Package already compiled] (00:00:00)
  Updating instance 'bosh/0'... Finished (00:01:18)
  Waiting for instance 'bosh/0' to be running... Failed (00:06:00)
Failed deploying (00:18:44)
 
Stopping registry... Finished (00:00:00)
Cleaning up rendered CPI jobs... Finished (00:00:00)
```
 
i logged to bosh director and monit process shows 
```
/:/var/vcap/sys/log# monit summary 
The Monit daemon 5.2.5 uptime: 5m 
 
Process 'nats'                      running
Process 'postgres'                  running
Process 'blobstore_nginx'           running
Process 'director'                  not monitored
Process 'worker_1'                  not monitored
Process 'worker_2'                  not monitored
Process 'worker_3'                  not monitored
Process 'director_scheduler'        running
Process 'director_nginx'            running
Process 'health_monitor'            running
Process 'uaa'                       running
Process 'credhub'                   Does not exist
System 'system_localhost'           running
```
 
i am confused where do i start troubleshooting ... any idea if someone encountered similar issue during the bosh director restore ?

Re: [feedback requested] BOSH network lifecycle management proposal

Dr Nic Williams
 

Very exciting to see the reach of bosh expanding to managing networking!

Nic


From: cf-bosh@... <cf-bosh@...> on behalf of Ferrran Rodenas <frodenas@...>
Sent: Thursday, May 10, 2018 12:09:32 PM
To: cf-bosh@...
Subject: [cf-bosh] [feedback requested] BOSH network lifecycle management proposal
 
Hi BOSH community,
 
On behalf the VMware team, I want to propose a new feature to add network lifecycle management capabilities to BOSH. By implementing this new feature, BOSH will be able to dynamically manage (create, update, delete) deployment's network resources.
 
The feature proposal can be found here [1]. Although we have already started working on a spike to demonstrate the feasibility of the proposal, we would like to ask the community to review and comment it.
 
The proposal is articulated as an MVP, it will NOT cover the management of all networking related resources, we want to start with subnetworks, and add more resources (like load balancers, firewalls, ...) in the future.
 

Best,
- Ferran

[feedback requested] BOSH network lifecycle management proposal

Ferrran Rodenas <frodenas@...>
 

Hi BOSH community,
 
On behalf the VMware team, I want to propose a new feature to add network lifecycle management capabilities to BOSH. By implementing this new feature, BOSH will be able to dynamically manage (create, update, delete) deployment's network resources.
 
The feature proposal can be found here [1]. Although we have already started working on a spike to demonstrate the feasibility of the proposal, we would like to ask the community to review and comment it.
 
The proposal is articulated as an MVP, it will NOT cover the management of all networking related resources, we want to start with subnetworks, and add more resources (like load balancers, firewalls, ...) in the future.
 

Best,
- Ferran

Re: Using Bosh in "AWS Multiple Account Security Strategy" possible?

Dmitriy Kalinin
 

On Tue, May 8, 2018 at 11:03 AM, Dmitriy Kalinin <dkalinin@...> wrote:
i imagine you would want to provision access key pair in the subaccount (not in the main account) and use that to provision resources in the subaccount.

Also I miss the possibility to use Multi-Factor Authentication on AWS. 

multi-factor typically applies to interactive uses (ie human).

On Tue, May 8, 2018 at 8:29 AM, Heiko Cane <heiko.cane@...> wrote:
Hello,

I would like to setup bosh in a multi account setup (as described here: https://aws.amazon.com/de/answers/account-management/aws-multi-account-security-strategy/). I only have direct access to the "main" account and have switch to another account where I can setup the vpc, ec2 instances and so on. 
Using bosh or bosh bootloader I only have the possibilities to add the access key and the secret access key but I can't trigger the "switch account". Also I miss the possibility to use Multi-Factor Authentication on AWS. 

Are there any possibilities to trigger the switch account and use multi factor?

Thank you for your help!

Heiko



Re: Using Bosh in "AWS Multiple Account Security Strategy" possible?

Dmitriy Kalinin
 

i imagine you would want to provision access key pair in the subaccount (not in the main account) and use that to provision resources in the subaccount.

Also I miss the possibility to use Multi-Factor Authentication on AWS. 

multi-factor typically applies to interactive uses (ie human).

On Tue, May 8, 2018 at 8:29 AM, Heiko Cane <heiko.cane@...> wrote:
Hello,

I would like to setup bosh in a multi account setup (as described here: https://aws.amazon.com/de/answers/account-management/aws-multi-account-security-strategy/). I only have direct access to the "main" account and have switch to another account where I can setup the vpc, ec2 instances and so on. 
Using bosh or bosh bootloader I only have the possibilities to add the access key and the secret access key but I can't trigger the "switch account". Also I miss the possibility to use Multi-Factor Authentication on AWS. 

Are there any possibilities to trigger the switch account and use multi factor?

Thank you for your help!

Heiko


Using Bosh in "AWS Multiple Account Security Strategy" possible?

Heiko Cane <heiko.cane@...>
 

Hello,

I would like to setup bosh in a multi account setup (as described here: https://aws.amazon.com/de/answers/account-management/aws-multi-account-security-strategy/). I only have direct access to the "main" account and have switch to another account where I can setup the vpc, ec2 instances and so on. 
Using bosh or bosh bootloader I only have the possibilities to add the access key and the secret access key but I can't trigger the "switch account". Also I miss the possibility to use Multi-Factor Authentication on AWS. 

Are there any possibilities to trigger the switch account and use multi factor?

Thank you for your help!

Heiko

Using Bosh in "AWS Multiple Account Security Strategy" possible?

heiko.cane@...
 

Hello,

I would like to setup bosh in a multi account setup (as described here: https://aws.amazon.com/de/answers/account-management/aws-multi-account-security-strategy/). I only have direct access to the "main" account and have switch to another account where I can setup the vpc, ec2 instances and so on. 
Using bosh or bosh bootloader I only have the possibilities to add the access key and the secret access key but I can't trigger the "switch account". Also I miss the possibility to use Multi-Factor Authentication on AWS. 

Are there any possibilities to trigger the switch account and use multi factor?

Thank you for your help!

Heiko

Announcing BOSH Kube CPI

Michael Maximilien
 

fyi...

As the cool kids do it these days, see:


The gist are in these links:


PDF of presentation: https://bit.ly/bosh-kube-cpi

We'd love to hear your feedback.

Best,

Dmitriy and Max

Re: CF Summit EU contributor reg code

Swarna Podila
 

Which means…y’all should plan on joining the Day Zero activities - Cert Exams, User Day (if you’re at an end user organization), unconference, trainings, etc.

-- ​Swarna Podila
​Senior
 Director
​, Community​
 | Cloud Foundry Foundation

On Mon, Apr 30, 2018 at 5:31 PM, Chip Childers <cchilders@...> wrote:
Sorry... one correction. The event is Oct 10 and 11, with lots of pre-event activities on the 9th. Sorry about that. :)

On Mon, Apr 30, 2018 at 11:14 AM Chip Childers <cchilders@...> wrote:
Hey all,

Whew... we just got done with CF Summit NA in Boston, but it's time to turn towards Europe! For those that don'e know, we'll be headed back to Basel Switzerland again this year, October 10 to 12.

Contributors (those that have contributed docs, code, bug reports) are welcome to use the following code to register: CFEU18CONT

More info on the website here: https://www.cloudfoundry.org/event/eusummit2018/ 

See you all there!

-chip
--
Chip Childers
CTO, Cloud Foundry Foundation
1.267.250.0815
--
Chip Childers
CTO, Cloud Foundry Foundation
1.267.250.0815


Re: CF Summit EU contributor reg code

Chip Childers
 

Sorry... one correction. The event is Oct 10 and 11, with lots of pre-event activities on the 9th. Sorry about that. :)


On Mon, Apr 30, 2018 at 11:14 AM Chip Childers <cchilders@...> wrote:
Hey all,

Whew... we just got done with CF Summit NA in Boston, but it's time to turn towards Europe! For those that don'e know, we'll be headed back to Basel Switzerland again this year, October 10 to 12.

Contributors (those that have contributed docs, code, bug reports) are welcome to use the following code to register: CFEU18CONT

More info on the website here: https://www.cloudfoundry.org/event/eusummit2018/ 

See you all there!

-chip
--
Chip Childers
CTO, Cloud Foundry Foundation
1.267.250.0815
--
Chip Childers
CTO, Cloud Foundry Foundation
1.267.250.0815

CF Summit EU contributor reg code

Chip Childers
 

Hey all,

Whew... we just got done with CF Summit NA in Boston, but it's time to turn towards Europe! For those that don'e know, we'll be headed back to Basel Switzerland again this year, October 10 to 12.

Contributors (those that have contributed docs, code, bug reports) are welcome to use the following code to register: CFEU18CONT

More info on the website here: https://www.cloudfoundry.org/event/eusummit2018/ 

See you all there!

-chip
--
Chip Childers
CTO, Cloud Foundry Foundation
1.267.250.0815

rabbitmq LDAP authentication issues

svue3@...
 

I am having an issue with getting my ldap config to work on rabbitmq cluster. We are authenticating against the internal server first then ldap. Heres a copy of our current config:

[

    {rabbit, [ {collect_statistics_interval, 60000}] },

    {rabbitmq_management, [ {rates_mode, basic}] },

    {rabbit,

        [ {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_ldap]},

          {auth_mechanisms, ['PLAIN','AMQPLAIN']}

        ]

    },

    {rabbitmq_auth_backend_ldap,

        [ {servers, ["ourcompany.com.us"]},

          {dn_lookup_attribute, "cn"},

          {dn_lookup_base, "DC=com,DC=us"},

          {use_ssl, false},

          {port, 636},

          {log, true},

 

          {tag_queries,

                [ {administrator, {in_group, "CN=team,OU=IT,OU=Engineering,OU=Global,DC=ourcompany,DC=com,DC=us"}},

                {administrator, {constant, true}}

                ]

          }

        ]

    }

].

I've checked the logs and saw error messages that LDAP plugin was not installed or is not part of the list in auth_backends but then I confirmed in same log file that it is there and ran rabbitmq-plugins to verify:

home dir       : /var/vcap/store/rabbitmq

config file(s) : /var/vcap/jobs/rabbitmq-server/bin/../etc/rabbitmq.config

log            : /var/vcap/sys/log/rabbitmq-server/rabbit@...

sasl log       : /var/vcap/sys/log/rabbitmq-server/rabbit@...



=WARNING REPORT==== 10-Apr-2018::14:36:54 ===

 

LDAP plugin loaded, but rabbit_auth_backend_ldap is not in the list of auth_backends. LDAP auth will not work.

=INFO REPORT==== 10-Apr-2018::14:36:54 ===

Server startup complete; 9 plugins started.

 * rabbitmq_shovel_management

 * rabbitmq_management

 * rabbitmq_management_agent

 * rabbitmq_web_dispatch

 * cowboy

 * rabbitmq_auth_backend_ldap

 * rabbitmq_shovel

 * cowlib

 

 * amqp_client

Any feedback or suggestions is appreciated!

-Steve

How to config use-haproxy when your deploy cloudfoundry using bosh

jun zhong
 

bosh -e bosh-1 -d cf deploy cf-deployment/cf-deployment.yml \
--vars-store cf-vars.yml \
-v system_domain=cloudfoundry.com \
-v haproxy_public_ip=xxx.xxx.xxx.xxx  \
-v haproxy_public_network_name= bosh \
-v haproxy_ssl.private_key=./bosh.pem \
-o cf-deployment/operations/openstack.yml \
-o cf-deployment/operations/use-haproxy.yml \
-o cf-deployment/operations/use-haproxy-public-network.yml \

I am a new guy to deploy the cf.
When I run the above command, I got error about  "cf-haproxy-network-properties" doesn't config.

1. Do you know how to config the cf-haproxy-network-properties in use-haproxy-public-network.yml. Is there an example?

2.  Do we have a simplest yml file to deploy the cf in openstack. I don't want to support loadbalancer or something else. I just want to deploy a simplest cloudfoundry in openstack and this cloudfoundry just need to push a simplest application.

Thanks!!!!


Re: Creating vm with stemcell failed.... No valid host was found. There are not enough hosts available..Filter ImagePropertiesFilter returned 0 hosts

sunjingying@...
 

I met the same problem as you, my colleague told me it was instance_type inappropriate, but I changed it and still had that problem.

Re: Building verify_multidigest on s390x

Tyler Schultz
 

On Tue, Feb 27, 2018 at 2:13 PM, R M <rishi.investigate@...> wrote:
Hi there - I am trying to create verify-multidigest-0.0.29-linux-amd64 on s390x but unable to to locate source code for verify-mutidigest.  I understand that x86 comes from S3 blob but I would like create a local one for s390x - bosh/packages/verify_multidigest/[packaging/spec] does not provide much hint.  Please let me know where can I find it.

Thanks.


Building verify_multidigest on s390x

R M
 

Hi there - I am trying to create verify-multidigest-0.0.29-linux-amd64 on s390x but unable to to locate source code for verify-mutidigest.  I understand that x86 comes from S3 blob but I would like create a local one for s390x - bosh/packages/verify_multidigest/[packaging/spec] does not provide much hint.  Please let me know where can I find it.

Thanks.

Re: Building BOSH release for s390x platform

Rob Day-Reynolds <rdayreynolds@...>
 

You can package a bosh release by cloning the bosh repo from github.com/cloudfoundry/bosh and running `bosh create-release --tarball <path/to/bosh/release/tarball.tgz>` inside the repo.

Then, you can use that local bosh release when using bosh-deployment by adding a `-o bosh-deployment/local-bosh-release-tarball.yml -v local_bosh_release=<path/to/bosh/release/tarball.tgz`.

If you're seeing errors when trying to deploy at that point that's when you would have to make changes in the bosh repo to the jobs/packages/etc.

On Wed, Feb 21, 2018 at 11:59 AM, R M <rishi.investigate@...> wrote:
Hi there,

I am looking for some directions on building BOSH release for s390x arch.  I have successfully built CLI V2 on this platform and trying to create-env bosh-deployment/bosh.yml but yml file refers to pre-built bosh release from from S3.

I would like to build BOSH release for my platform by replacing x86 packages with s390x equivalent.  It seems that I will need to make major changes to jobs/config/packages etc. and then create a bosh release out of it.

Any pointers greatly appreciated. Tx.




--
Thanks,
RDR

Building BOSH release for s390x platform

R M
 

Hi there,

I am looking for some directions on building BOSH release for s390x arch.  I have successfully built CLI V2 on this platform and trying to create-env bosh-deployment/bosh.yml but yml file refers to pre-built bosh release from from S3.

I would like to build BOSH release for my platform by replacing x86 packages with s390x equivalent.  It seems that I will need to make major changes to jobs/config/packages etc. and then create a bosh release out of it.

Any pointers greatly appreciated. Tx.

Re: Canary Node Update

Tyler Schultz
 

Hi Ponraj,

Although it is likely to be the same instance, there is no guarantee that the same instance will be always chosen as the canary. There are many reasons BOSH director would choose a different instance to update first.

You may be interested to know about the `spec.bootstrap` property made available during template rendering. Before making deployment changes BOSH director will select a bootstrap instance and update that instance first. The `spec.bootstrap` property will be true for the given instance. If the bootstrap instance were to go away (eg. scaling the instance count down or switching AZs), director will select a new bootstrap instance.


--Tyler

On Wed, Feb 14, 2018 at 7:59 PM, Ponraj E <ponraj.e@...> wrote:
Hi Colleagues,

Is the canary node chosen by BOSH always the same on every update? Like for example, if we have a three node cluster in a deployment and our update section looks like this:
update:
    canaries: 1
    max_in_flight: 1
 
 i.e., one node at a time. 
 
We see that on every update, the canary node chosen, is always the same. Is there any chance that this behaviour can change, maybe in case, if the canary node is in "stopped" or "failing", will the other VM be picked up for update?


Canary Node Update

Ponraj E <ponraj.e@...>
 

Hi Colleagues,

Is the canary node chosen by BOSH always the same on every update? Like for example, if we have a three node cluster in a deployment and our update section looks like this:
update:
    canaries: 1
    max_in_flight: 1
 
 i.e., one node at a time. 
 
We see that on every update, the canary node chosen, is always the same. Is there any chance that this behaviour can change, maybe in case, if the canary node is in "stopped" or "failing", will the other VM be picked up for update?