Try adding your SSH key to your key-chain before doing bosh ssh: "ssh-add
/path/to/private/key". The private key will be the one listed in your
microbosh manifest.
toggle quoted message
Show quoted text
On Tue, Dec 8, 2015 at 9:15 AM, Kinjal Doshi <kindoshi(a)gmail.com> wrote: Hi,
I was able to deploy CF successfully after removing '@' symbol from
password as suggested by Amit.
As a last step I am trying to bosh ssh into vms but this is failing. Below
is my command:
*bosh ssh api_z1/0 --gateway_host 52.20.104.199 --gateway_user vcap*
and this results to:
*Acting as user 'admin' on deployment 'cf' on 'microbosh'*
*Target deployment is `cf'*
*Setting up ssh artifacts*
*Director task 8*
*Task 8 done*
*Cleaning up ssh artifacts*
*Director task 9*
*Task 9 queued*
*Authentication failed with gateway 52.20.104.199 and user vcap.*
I am not sure if I have done something wrong with the deployment manifest.
I put a custom password for all placeholder 'PASSWORD' in the
minimal-aws.yml. Is it required to use the standard password instead
'c1oudc0w'? Am using the release 226 and stem cell version 3149. Had the
same issue with 3147 this morning.
Also tried doing ssh vcap(a)ip but that also times out.
Would be great if somebody can please guide with this. Below is the
manifest:
# The following line helps maintain current documentation at
http://docs.cloudfoundry.org.
# code_snippet cf-minimal-aws start
---
name: cf
director_uuid: d5acd624-f5ee-4be3-ae42-a098e1bb315c
releases:
- {name: cf, version: latest}
networks:
- name: cf_private
type: manual
subnets:
- range: 10.0.16.0/24
gateway: 10.0.16.1
dns: [10.0.0.2]
reserved: ["10.0.16.2 - 10.0.16.3"]
static: ["10.0.16.100 - 10.0.16.105"]
cloud_properties:
subnet: subnet-29a7685f
- name: cf_public
type: manual
subnets:
- range: 10.0.0.0/24
gateway: 10.0.0.1
dns: [10.0.0.2]
reserved: ["10.0.0.2 - 10.0.0.10"]
cloud_properties:
subnet: subnet-06965970
security_groups:
- cf-public
- bosh
- name: elastic
type: vip
cloud_properties: {}
resource_pools:
- name: small_z1
network: cf_private
stemcell:
name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
version: 3149
cloud_properties:
availability_zone: us-east-1c
instance_type: c3.large
compilation:
workers: 6
network: cf_private
reuse_compilation_vms: true
cloud_properties:
availability_zone: us-east-1c
instance_type: c3.large
update:
canaries: 1
max_in_flight: 1
serial: false
canary_watch_time: 30000-600000
update_watch_time: 5000-600000
jobs:
- name: nats_z1
instances: 1
resource_pool: small_z1
templates:
- {name: nats, release: cf}
- {name: nats_stream_forwarder, release: cf}
- {name: metron_agent, release: cf}
networks:
- name: cf_private
static_ips: [10.0.16.103]
- name: etcd_z1
instances: 1
resource_pool: small_z1
persistent_disk: 102400
templates:
- {name: etcd, release: cf}
- {name: etcd_metrics_server, release: cf}
- {name: metron_agent, release: cf}
networks:
- name: cf_private
static_ips: [10.0.16.104]
properties:
etcd_metrics_server:
nats:
machines: [10.0.16.103]
password: Oro1602
username: nats
- name: nfs_z1
instances: 1
persistent_disk: 102400
resource_pool: small_z1
templates:
- {name: debian_nfs_server, release: cf}
- {name: metron_agent, release: cf}
networks:
- name: cf_private
static_ips: [10.0.16.105]
- name: postgres_z1
instances: 1
persistent_disk: 1024
resource_pool: small_z1
templates:
- {name: postgres, release: cf}
- {name: metron_agent, release: cf}
networks:
- name: cf_private
static_ips: [10.0.16.101]
update:
serial: true
- name: api_z1
instances: 1
resource_pool: small_z1
templates:
- {name: cloud_controller_ng, release: cf}
- {name: cloud_controller_worker, release: cf}
- {name: cloud_controller_clock, release: cf}
- {name: metron_agent, release: cf}
- {name: nfs_mounter, release: cf}
- {name: route_registrar, release: cf}
networks:
- name: cf_private
properties:
nfs_server:
address: 10.0.16.105
allow_from_entries: [10.0.16.0/24]
route_registrar:
routes:
- name: api
port: 9022
uris:
- "api.52.20.104.199.xip.io"
- name: ha_proxy_z1
instances: 1
resource_pool: small_z1
templates:
- {name: haproxy, release: cf}
- {name: metron_agent, release: cf}
networks:
- name: elastic
static_ips: [52.20.104.199]
- name: cf_public
default: [gateway, dns]
properties:
ha_proxy:
ssl_pem: |
-----BEGIN CERTIFICATE-----
MIICozCCAgwCCQCCK7S6lnxzATANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UEBhMC
SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMRIwEAYD
VQQKDAlBY2NlbnR1cmUxDDAKBgNVBAsMA0lEQzERMA8GA1UEAwwIKi54aXAuaW8x
KTAnBgkqhkiG9w0BCQEWGmtpbmphbC5kb3NoaUBhY2NlbnR1cmUuY29tMB4XDTE1
MTIwODE2MDk1NFoXDTE2MDEwNzE2MDk1NFowgZUxCzAJBgNVBAYTAklOMRIwEAYD
VQQIDAlLYXJuYXRha2ExEjAQBgNVBAcMCUJhbmdhbG9yZTESMBAGA1UECgwJQWNj
ZW50dXJlMQwwCgYDVQQLDANJREMxETAPBgNVBAMMCCoueGlwLmlvMSkwJwYJKoZI
hvcNAQkBFhpraW5qYWwuZG9zaGlAYWNjZW50dXJlLmNvbTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAnOM1PNZn0YP0lzc36MLQ73uiJ1/LR6BMB+kKO4mW9YCF
FDGCeijSxwGtqM2PldMUyOGRN4jvjQsWRjl+9M/XoOk/tdlycgxGSP8oYm8NIaqR
rCKUnbegOvpOsAWjw0ojTAK9loUPSs8J0AS2WpcpCcpv5Sc8bh8j9bKw7wLD7c0C
AwEAATANBgkqhkiG9w0BAQsFAAOBgQAd3wtd2uwwB+sC17IKdFEfrKZt7yQY0GJp
TusARTimYTvyH9gHb6Qy1xOIrwoawkmvO+SuAtUjRuBse1JOWnKaLrOzrsToaCam
kzY6G5mf9VpgdCaj2+oNXYDl/IO3jf6KyRhZo9sZ/OMao7CRVn9mNJkHxOW1ELo0
Uc/rvH2mxg==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCc4zU81mfRg/SXNzfowtDve6InX8tHoEwH6Qo7iZb1gIUUMYJ6
KNLHAa2ozY+V0xTI4ZE3iO+NCxZGOX70z9eg6T+12XJyDEZI/yhibw0hqpGsIpSd
t6A6+k6wBaPDSiNMAr2WhQ9KzwnQBLZalykJym/lJzxuHyP1srDvAsPtzQIDAQAB
AoGAZwZ5pnrx8E9kJo03ZN3SUQHyaULp/h5Q73zkoFZpUMzWF32vvkLir5b1kH11
BiF4a7ZdI4gEL64RMYp+SYvXgCdwKMwQTur85PGwo+ljCdanCA1rxG8/zOc8hMJa
+65PffQ9uFk8DKJr8E3BYysadB1TlTp6xzomOYaie8nDM60CQQDPNivf3z56e2fk
jZh0uGqhDAx7dE6ii10KuRFFY602DNY4TExZx/0Km4TgCgdv+yV4IQ2SEcGWs2ZO
8fXL3XHzAkEAwdO3eoXsvxcn2bFLRX6sZ0HU8pIJYpx1iSs6RBLd1DUIfbdpW0wf
a7ajpRmslXhhzDi8E7ljlSSJMr5GZ61RPwJBAMYoBuMrqaMV+q+t3TrZ1Va3oAQ7
oKt+3PZRLzwNa2qB8iaaiHVfdBQ9z181GBG1ugpciY7Dnj8Qxuj+KNHRrpMCQD34
C4w/ry51H8eI2JDya/pjYMrhB+EgNq/RQ0KqaYPEJN/UuPl4f/83GGDbsYLkRxg8
91yzA/SWBstTbD0Pe48CQDRcstoomvsRbUFTNcowQKsAWNdPN2sTUYYIBcNfOlql
Yo8/FSWzX5poKw16NHMGawUQ11ykX6p/Qnrh5wyniZc=
-----END RSA PRIVATE KEY-----
router:
servers:
z1: [10.0.16.102]
- name: hm9000_z1
instances: 1
resource_pool: small_z1
templates:
- {name: hm9000, release: cf}
- {name: metron_agent, release: cf}
- {name: route_registrar, release: cf}
networks:
- name: cf_private
properties:
route_registrar:
routes:
- name: hm9000
port: 5155
uris:
- "hm9000.52.20.104.199.xip.io"
- name: doppler_z1
instances: 1
resource_pool: small_z1
templates:
- {name: doppler, release: cf}
networks:
- name: cf_private
properties:
doppler: {zone: z1}
doppler_endpoint:
shared_secret: Oro1602
- name: loggregator_trafficcontroller_z1
instances: 1
resource_pool: small_z1
templates:
- {name: loggregator_trafficcontroller, release: cf}
- {name: metron_agent, release: cf}
- {name: route_registrar, release: cf}
networks:
- name: cf_private
properties:
traffic_controller: {zone: z1}
route_registrar:
routes:
- name: doppler
port: 8081
uris:
- "doppler.52.20.104.199.xip.io"
- name: loggregator
port: 8080
uris:
- "loggregator.52.20.104.199.xip.io"
- name: uaa_z1
instances: 1
resource_pool: small_z1
templates:
- {name: uaa, release: cf}
- {name: metron_agent, release: cf}
- {name: route_registrar, release: cf}
networks:
- name: cf_private
properties:
login:
catalina_opts: -Xmx768m -XX:MaxPermSize=256m
route_registrar:
routes:
- name: uaa
port: 8080
uris:
- "uaa.52.20.104.199.xip.io"
- "*.uaa.52.20.104.199.xip.io"
- "login.52.20.104.199.xip.io"
- "*.login.52.20.104.199.xip.io
uaa:
admin:
client_secret: Oro1602
batch:
password: Oro1602
username: batch_user
cc:
client_secret: Oro1602
scim:
userids_enabled: true
users:
-
admin|Oro1602|scim.write,scim.read,openid,cloud_controller.admin,doppler.firehose,routing.router_groups.read
uaadb:
address: 10.0.16.101
databases:
- {name: uaadb, tag: uaa}
db_scheme: postgresql
port: 5524
roles:
- {name: uaaadmin, password: Oro1602, tag: admin}
- name: router_z1
instances: 1
resource_pool: small_z1
templates:
- {name: gorouter, release: cf}
- {name: metron_agent, release: cf}
networks:
- name: cf_private
static_ips: [10.0.16.102]
properties:
dropsonde: {enabled: true}
- name: runner_z1
instances: 1
resource_pool: small_z1
templates:
- {name: dea_next, release: cf}
- {name: dea_logging_agent, release: cf}
- {name: metron_agent, release: cf}
networks:
- name: cf_private
properties:
dea_next: {zone: z1}
properties:
networks: {apps: cf_private}
app_domains: [52.20.104.199.xip.io]
cc:
allow_app_ssh_access: false
bulk_api_password: Oro1602
db_encryption_key: Oro1602
default_running_security_groups: [public_networks, dns]
default_staging_security_groups: [public_networks, dns]
install_buildpacks:
- {name: java_buildpack, package: buildpack_java}
- {name: ruby_buildpack, package: buildpack_ruby}
- {name: nodejs_buildpack, package: buildpack_nodejs}
- {name: go_buildpack, package: buildpack_go}
- {name: python_buildpack, package: buildpack_python}
- {name: php_buildpack, package: buildpack_php}
- {name: staticfile_buildpack, package: buildpack_staticfile}
- {name: binary_buildpack, package: buildpack_binary}
internal_api_password: Oro1602
quota_definitions:
default:
memory_limit: 102400
non_basic_services_allowed: true
total_routes: 1000
total_services: -1
security_group_definitions:
- name: public_networks
rules:
- {destination: 0.0.0.0-9.255.255.255, protocol: all}
- {destination: 11.0.0.0-169.253.255.255, protocol: all}
- {destination: 169.255.0.0-172.15.255.255, protocol: all}
- {destination: 172.32.0.0-192.167.255.255, protocol: all}
- {destination: 192.169.0.0-255.255.255.255, protocol: all}
- name: dns
rules:
- {destination: 0.0.0.0/0, ports: '53', protocol: tcp}
- {destination: 0.0.0.0/0, ports: '53', protocol: udp}
srv_api_uri: http://api.52.20.104.199.xip.io
staging_upload_password: Oro1602
staging_upload_user: staging_upload_user
ccdb:
address: 10.0.16.101
databases:
- {name: ccdb, tag: cc}
db_scheme: postgres
port: 5524
roles:
- {name: ccadmin, password: Oro1602, tag: admin}
databases:
databases:
- {name: ccdb, tag: cc, citext: true}
- {name: uaadb, tag: uaa, citext: true}
port: 5524
roles:
- {name: ccadmin, password: Oro1602, tag: admin}
- {name: uaaadmin, password: Oro1602, tag: admin}
dea_next:
advertise_interval_in_seconds: 5
heartbeat_interval_in_seconds: 10
memory_mb: 33996
description: Cloud Foundry sponsored by Pivotal
domain: 52.20.104.199.xip.io
etcd:
machines: [10.0.16.104]
peer_require_ssl: false
require_ssl: false
hm9000:
url: http://hm9000.52.20.104.199.xip.io
logger_endpoint:
port: 4443
loggregator:
etcd:
machines: [10.0.16.104]
loggregator_endpoint:
shared_secret: Oro1602
login:
protocol: http
metron_agent:
zone: z1
deployment: minimal-aws
metron_endpoint:
shared_secret: Oro1602
nats:
machines: [10.0.16.103]
password: Oro1602
port: 4222
user: nats
nfs_server:
address: 10.0.16.105
allow_from_entries: [10.0.16.0/24]
ssl:
skip_cert_verify: true
system_domain: 52.20.104.199.xip.io
system_domain_organization: default_organization
uaa:
clients:
cc-service-dashboards:
authorities: clients.read,clients.write,clients.admin
authorized-grant-types: client_credentials
scope: openid,cloud_controller_service_permissions.read
secret: Oro1602
cloud_controller_username_lookup:
authorities: scim.userids
authorized-grant-types: client_credentials
secret: Oro1602
cc_routing:
authorities: routing.router_groups.read
secret: Oro1602
authorized-grant-types: client_credentials
gorouter:
authorities:
clients.read,clients.write,clients.admin,routing.routes.write,routing.routes.read
authorized-grant-types: client_credentials,refresh_token
scope: openid,cloud_controller_service_permissions.read
secret: Oro1602
doppler:
authorities: uaa.resource
secret: Oro1602
login:
authorities:
oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write
authorized-grant-types:
authorization_code,client_credentials,refresh_token
redirect-uri: http://login.52.20.104.199.xip.io
scope: openid,oauth.approvals
secret: Oro1602
servicesmgmt:
authorities:
uaa.resource,oauth.service,clients.read,clients.write,clients.secret
authorized-grant-types:
authorization_code,client_credentials,password,implicit
autoapprove: true
redirect-uri:
http://servicesmgmt.52.20.104.199.xip.io/auth/cloudfoundry/callback
scope: openid,cloud_controller.read,cloud_controller.write
secret: Oro1602
jwt:
signing_key: |
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDHFr+KICms+tuT1OXJwhCUmR2dKVy7psa8xzElSyzqx7oJyfJ1
JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMXqHxf+ZH9BL1gk9Y6kCnbM5R6
0gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBugspULZVNRxq7veq/fzwIDAQAB
AoGBAJ8dRTQFhIllbHx4GLbpTQsWXJ6w4hZvskJKCLM/o8R4n+0W45pQ1xEiYKdA
Z/DRcnjltylRImBD8XuLL8iYOQSZXNMb1h3g5/UGbUXLmCgQLOUUlnYt34QOQm+0
KvUqfMSFBbKMsYBAoQmNdTHBaz3dZa8ON9hh/f5TT8u0OWNRAkEA5opzsIXv+52J
duc1VGyX3SwlxiE2dStW8wZqGiuLH142n6MKnkLU4ctNLiclw6BZePXFZYIK+AkE
xQ+k16je5QJBAN0TIKMPWIbbHVr5rkdUqOyezlFFWYOwnMmw/BKa1d3zp54VP/P8
+5aQ2d4sMoKEOfdWH7UqMe3FszfYFvSu5KMCQFMYeFaaEEP7Jn8rGzfQ5HQd44ek
lQJqmq6CE2BXbY/i34FuvPcKU70HEEygY6Y9d8J3o6zQ0K9SYNu+pcXt4lkCQA3h
jJQQe5uEGJTExqed7jllQ0khFJzLMx0K6tj0NeeIzAaGCQz13oo2sCdeGRHO4aDh
HH6Qlq/6UOV5wP8+GAcCQFgRCcB+hrje8hfEEefHcFpyKH+5g1Eu1k0mLrxK2zd+
4SlotYRHgPCEubokb2S1zfZDWIXW3HmggnGgM949TlY=
-----END RSA PRIVATE KEY-----
verification_key: |
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHFr+KICms+tuT1OXJwhCUmR2d
KVy7psa8xzElSyzqx7oJyfJ1JZyOzToj9T5SfTIq396agbHJWVfYphNahvZ/7uMX
qHxf+ZH9BL1gk9Y6kCnbM5R60gfwjyW1/dQPjOzn9N394zd2FJoFHwdq9Qs0wBug
spULZVNRxq7veq/fzwIDAQAB
-----END PUBLIC KEY-----
no_ssl: true
url: http://uaa.52.20.104.199.xip.io
# code_snippet cf-minimal-aws end
# The previous line helps maintain current documentation at
http://docs.cloudfoundry.org.
Thanks,
Kinjal
On Tue, Dec 8, 2015 at 7:32 AM, Kinjal Doshi <kindoshi(a)gmail.com> wrote:
Hi Amit,
Thanks a lot for your response.
I too agree with what Gwenn and you have said. In my own hurry to meet a
dead line, I did not think through well before putting in 'Urgent' on the
email subject.
Will refrain from this going forward Apologies for the inconvenience.
Am removing the '@' symbol from the credentials and retrying, hopefully
it will work with that.
Thanks a lot for your inputs.
Regards,
Kinjal
On Tue, Dec 8, 2015 at 7:25 AM, Amit Gupta <agupta(a)pivotal.io> wrote:
Hi Kinjal,
+1 to everything Gwenn said. The OSS mailing lists cannot do special
things for "Urgent" subjects. Contact a private vendor if you require that
kind of support.
My guess is your problem is you have an '@' symbol in the user component
of one of your basic auth credentials. Ruby doesn't deal with that. See
this previous issue:
https://github.com/cloudfoundry/cf-release/issues/493
Best,
Amit
On Mon, Dec 7, 2015 at 4:58 PM, Gwenn Etourneau <getourneau(a)pivotal.io>
wrote:
Hi,
Please give your manifest and so on...
No magic here we need to check this kind of things.
Btw no need to put Urgent here, it's a community based support, if you
need commercial support you can ask to Pivotal, IBM and so on..
Thanks
On Tue, Dec 8, 2015 at 2:17 AM, Kinjal Doshi <kindoshi(a)gmail.com>
wrote:
Hi,
I am trying to deploy cloud foundry with the
stemcell light-bosh-stemcell-3147-aws-xen-hvm-ubuntu-trusty-go_agent.tgz
and cloud foundry release manifest cf-226yml
I am also using the minimal-aws.yml for configuration data.
During 'bosh deploy' command, I run into the following deployment
error:
Started preparing deployment
Started preparing deployment > Binding releases. Done (00:00:00)
Started preparing deployment > Binding existing deployment. Done
(00:00:01)
Started preparing deployment > Binding resource pools. Done
(00:00:00)
Started preparing deployment > Binding stemcells. Done (00:00:00)
Started preparing deployment > Binding templates. Done (00:00:00)
Started preparing deployment > Binding properties. Done (00:00:00)
Started preparing deployment > Binding unallocated VMs. Done
(00:00:00)
Started preparing deployment > Binding instance networks. Done
(00:00:00)
Started preparing package compilation > Finding packages to compile.
Done (00:00:00)
Started preparing dns > Binding DNS. Done (00:00:00)
Started preparing configuration > Binding configuration. Failed:
Error filling in template `dea.yml.erb' for `runner_z1/0' (line 86: bad
component(expected user component): Oro(a)1602) (00:00:01)
Error 100: Error filling in template `dea.yml.erb' for `runner_z1/0'
(line 86: bad component(expected user component): Oro(a)1602)
I noticed that the property cc.internal_api_user is missing from the
global properties and have added the same to minimal-aws.yml but the
deployment still fails.
I need to have the CF deployment up and running tonight. Would be
great if some one can please help me with this on priority?
Regards,
Kinjal
|
